[Pkg-samba-maint] r1673 - in trunk/samba: . packaging/RHEL source source/auth source/include source/lib source/libsmb source/nmbd

vorlon at alioth.debian.org vorlon at alioth.debian.org
Wed Dec 12 00:32:19 UTC 2007 

Author: vorlon
Date: 2007-12-12 00:32:19 +0000 (Wed, 12 Dec 2007)
New Revision: 1673

Added:
   trunk/samba/.gitignore
Modified:
   trunk/samba/WHATSNEW.txt
   trunk/samba/packaging/RHEL/makerpms.sh
   trunk/samba/packaging/RHEL/samba.spec
   trunk/samba/source/VERSION
   trunk/samba/source/auth/auth_util.c
   trunk/samba/source/include/version.h
   trunk/samba/source/lib/version.c
   trunk/samba/source/libsmb/clidgram.c
   trunk/samba/source/nmbd/nmbd_packets.c
Log:
merge upstream 3.0.28

Copied: trunk/samba/.gitignore (from rev 1672, tags/samba/upstream_3.0.28/.gitignore)
===================================================================
--- trunk/samba/.gitignore	                        (rev 0)
+++ trunk/samba/.gitignore	2007-12-12 00:32:19 UTC (rev 1673)
@@ -0,0 +1,31 @@
+*.o
+*.po
+source/client/client_proto.h
+source/include/build_env.h
+source/include/config.h
+source/include/config.h.in
+source/include/proto.h
+source/include/stamp-h
+source/include/version.h
+source/Makefile
+source/config.log
+source/config.status
+source/configure
+source/smbadduser
+source/bin/*
+source/script/findsmb
+source/script/gen-8bit-gap.sh
+source/script/installbin.sh
+source/script/uninstallbin.sh
+source/smbd/build_options.c
+source/utils/net_proto.h
+source/utils/ntlm_auth_proto.h
+source/web/swat_proto.h
+source/tags
+source/utils/passwd_proto.h
+source/include/includes.h.gch
+source/config.cache
+source/library-versions
+source/nsswitch/*.so
+source/proto_exists
+source/winbindd/winbindd_proto.h

Modified: trunk/samba/WHATSNEW.txt
===================================================================
--- trunk/samba/WHATSNEW.txt	2007-12-12 00:23:52 UTC (rev 1672)
+++ trunk/samba/WHATSNEW.txt	2007-12-12 00:32:19 UTC (rev 1673)
@@ -1,3 +1,38 @@
+                   ==============================
+                   Release Notes for Samba 3.0.28
+                            Dec 10, 2007
+                   ==============================
+
+Samba 3.0.28 is a security release in order to address the following
+defect:
+
+  o CVE-2007-6015
+    Boundary failure in GETDC mailslot processing can result in 
+    a buffer overrun
+
+The original security announcement for this and past advisories can 
+be found http://www.samba.org/samba/security/
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.27a
+---------------------
+
+o   Jeremy Allison <jra at samba.org>
+    * Fix for CVE-2007-6015.
+
+o   Volker Lendecke <vl at samba.org>
+    * Fix for CVE-2007-6015.
+    * Add missing unbecome_root() calls in error path processing
+      when failing to add local groups in create_local_nt_token().
+
+
+Release notes for older releases follow:
+
+      --------------------------------------------------
+
                    ===============================
                    Release Notes for Samba 3.0.27a
                              Nov 20, 2007
@@ -86,8 +121,6 @@
 
 
 
-Release notes for older releases follow:
-
       --------------------------------------------------
 
                    ==============================
@@ -98,7 +131,7 @@
 Samba 3.0.27 is a security release in order to address the following
 defects:
 
-  o CVS-2007-4572
+  o CVE-2007-4572
     Stack buffer overflow in nmbd's logon request processing.
 
   o CVE-2007-5398
@@ -116,16 +149,14 @@
 ---------------------
 
 o   Jeremy Allison <jra at samba.org>
-    * Fix for CVS-2007-4572.
+    * Fix for CVE-2007-4572.
     * Fix for CVE-2007-5398.
 
 
 o   Simo Sorce <idra at samba.org>
-    * Additional fixes for CVS-2007-4572.
+    * Additional fixes for CVE-2007-4572.
 
 
-Release notes for older releases follow:
-
       --------------------------------------------------
                    ===============================
                    Release Notes for Samba 3.0.26a

Modified: trunk/samba/packaging/RHEL/makerpms.sh
===================================================================
--- trunk/samba/packaging/RHEL/makerpms.sh	2007-12-12 00:23:52 UTC (rev 1672)
+++ trunk/samba/packaging/RHEL/makerpms.sh	2007-12-12 00:32:19 UTC (rev 1673)
@@ -20,7 +20,7 @@
 
 USERID=`id -u`
 GRPID=`id -g`
-VERSION='3.0.27a'
+VERSION='3.0.28'
 REVISION=''
 SPECFILE="samba.spec"
 RPMVER=`rpm --version | awk '{print $3}'`

Modified: trunk/samba/packaging/RHEL/samba.spec
===================================================================
--- trunk/samba/packaging/RHEL/samba.spec	2007-12-12 00:23:52 UTC (rev 1672)
+++ trunk/samba/packaging/RHEL/samba.spec	2007-12-12 00:32:19 UTC (rev 1673)
@@ -5,7 +5,7 @@
 Vendor: Samba Team
 Packager: Samba Team <samba at samba.org>
 Name:         samba
-Version:      3.0.27a
+Version:      3.0.28
 Release:      1
 Epoch:        0
 License: GNU GPL version 2

Modified: trunk/samba/source/VERSION
===================================================================
--- trunk/samba/source/VERSION	2007-12-12 00:23:52 UTC (rev 1672)
+++ trunk/samba/source/VERSION	2007-12-12 00:32:19 UTC (rev 1673)
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=3
 SAMBA_VERSION_MINOR=0
-SAMBA_VERSION_RELEASE=27
+SAMBA_VERSION_RELEASE=28
 
 ########################################################
 # Bug fix releases use a letter for the patch revision #
@@ -36,7 +36,7 @@
 # e.g. SAMBA_VERSION_REVISION=a                        #
 #  ->  "2.2.8a"                                        #
 ########################################################
-SAMBA_VERSION_REVISION=a
+SAMBA_VERSION_REVISION=
 
 ########################################################
 # For 'pre' releases the version will be               #
@@ -96,4 +96,4 @@
 #  ->  "CVS 3.0.0rc2-VendorVersion"                    #
 ########################################################
 SAMBA_VERSION_VENDOR_SUFFIX=
-SAMBA_VENDOR_PATCH=
+SAMBA_VERSION_VENDOR_PATCH=

Modified: trunk/samba/source/auth/auth_util.c
===================================================================
--- trunk/samba/source/auth/auth_util.c	2007-12-12 00:23:52 UTC (rev 1672)
+++ trunk/samba/source/auth/auth_util.c	2007-12-12 00:32:19 UTC (rev 1673)
@@ -956,6 +956,7 @@
 		status = add_aliases(get_global_sam_sid(), result);
 
 		if (!NT_STATUS_IS_OK(status)) {
+			unbecome_root();
 			TALLOC_FREE(result);
 			return NULL;
 		}
@@ -965,6 +966,7 @@
 		status = add_aliases(&global_sid_Builtin, result);
 
 		if (!NT_STATUS_IS_OK(status)) {
+			unbecome_root();
 			TALLOC_FREE(result);
 			return NULL;
 		}

Modified: trunk/samba/source/include/version.h
===================================================================
--- trunk/samba/source/include/version.h	2007-12-12 00:23:52 UTC (rev 1672)
+++ trunk/samba/source/include/version.h	2007-12-12 00:32:19 UTC (rev 1673)
@@ -1,7 +1,6 @@
 /* Autogenerated by script/mkversion.sh */
 #define SAMBA_VERSION_MAJOR 3
 #define SAMBA_VERSION_MINOR 0
-#define SAMBA_VERSION_RELEASE 27
-#define SAMBA_VERSION_REVISION "a"
-#define SAMBA_VERSION_OFFICIAL_STRING "3.0.27a"
+#define SAMBA_VERSION_RELEASE 28
+#define SAMBA_VERSION_OFFICIAL_STRING "3.0.28"
 #define SAMBA_VERSION_STRING samba_version_string()

Modified: trunk/samba/source/lib/version.c
===================================================================
--- trunk/samba/source/lib/version.c	2007-12-12 00:23:52 UTC (rev 1672)
+++ trunk/samba/source/lib/version.c	2007-12-12 00:32:19 UTC (rev 1673)
@@ -28,7 +28,7 @@
 #else
 	static fstring samba_version;
 	static BOOL init_samba_version;
-#ifdef SAMBA_VENDOR_PATCH
+#ifdef SAMBA_VERSION_VENDOR_PATCH
 	fstring tmp_version;
 	size_t remaining;
 #endif
@@ -40,9 +40,9 @@
 		SAMBA_VERSION_OFFICIAL_STRING,
 		SAMBA_VERSION_VENDOR_SUFFIX);
 
-#ifdef SAMBA_VENDOR_PATCH
+#ifdef SAMBA_VERSION_VENDOR_PATCH
 	remaining = sizeof(samba_version)-strlen(samba_version);
-	snprintf( tmp_version, sizeof(tmp_version),  "-%d", SAMBA_VENDOR_PATCH );
+	snprintf( tmp_version, sizeof(tmp_version),  "-%d", SAMBA_VERSION_VENDOR_PATCH);
 	strlcat( samba_version, tmp_version, remaining-1 );
 #endif
 

Modified: trunk/samba/source/libsmb/clidgram.c
===================================================================
--- trunk/samba/source/libsmb/clidgram.c	2007-12-12 00:23:52 UTC (rev 1672)
+++ trunk/samba/source/libsmb/clidgram.c	2007-12-12 00:32:19 UTC (rev 1673)
@@ -72,6 +72,12 @@
 	/* Setup the smb part. */
 	ptr -= 4; /* XXX Ugliness because of handling of tcp SMB length. */
 	memcpy(tmp,ptr,4);
+
+	if (smb_size + 17*2 + strlen(mailslot) + 1 + len > MAX_DGRAM_SIZE) {
+		DEBUG(0, ("cli_send_mailslot: Cannot write beyond end of packet\n"));
+		return False;
+	}
+
 	set_message(ptr,17,strlen(mailslot) + 1 + len,True);
 	memcpy(ptr,tmp,4);
 

Modified: trunk/samba/source/nmbd/nmbd_packets.c
===================================================================
--- trunk/samba/source/nmbd/nmbd_packets.c	2007-12-12 00:23:52 UTC (rev 1672)
+++ trunk/samba/source/nmbd/nmbd_packets.c	2007-12-12 00:32:19 UTC (rev 1673)
@@ -1892,6 +1892,12 @@
 	/* Setup the smb part. */
 	ptr -= 4; /* XXX Ugliness because of handling of tcp SMB length. */
 	memcpy(tmp,ptr,4);
+
+	if (smb_size + 17*2 + strlen(mailslot) + 1 + len > MAX_DGRAM_SIZE) {
+		DEBUG(0, ("send_mailslot: Cannot write beyond end of packet\n"));
+		return False;
+	}
+
 	set_message(ptr,17,strlen(mailslot) + 1 + len,True);
 	memcpy(ptr,tmp,4);

More information about the Pkg-samba-maint mailing list