[Pkg-samba-maint] r1394 - in branches/samba/etch/debian: . patches

Tue May 22 20:43:24 UTC 2007

Author: bubulle
Date: 2007-05-22 20:43:24 +0000 (Tue, 22 May 2007)
New Revision: 1394

Removed:
   branches/samba/etch/debian/patches/security-CVE-2007-2444_fixed-force-group.patch
Modified:
   branches/samba/etch/debian/changelog
   branches/samba/etch/debian/patches/series
Log:
Temporarily revert to 3.0.24-6etch1 to tag that release


Modified: branches/samba/etch/debian/changelog
===================================================================

--- branches/samba/etch/debian/changelog	2007-05-19 07:03:45 UTC (rev 1393)
+++ branches/samba/etch/debian/changelog	2007-05-22 20:43:24 UTC (rev 1394)
@@ -1,13 +1,3 @@
-samba (3.0.24-6etch2) stable-security; urgency=high
-
-  * The fix for CVE-2007-2444 broke the behaviour of "force group" when
-    for forced group is a local Unix group for domain member servers
-    Applied an upstream patch (security-CVE-2007-244_fixed-force-group.patch)
-    that is part of samba 3.0.25a.
-    Closes: #424629
-
- -- Christian Perrier <bubulle at debian.org>  Sat, 19 May 2007 07:24:19 +0200
-
 samba (3.0.24-6etch1) stable-security; urgency=high
 
   * Security fixes:

Deleted: branches/samba/etch/debian/patches/security-CVE-2007-2444_fixed-force-group.patch
===================================================================
--- branches/samba/etch/debian/patches/security-CVE-2007-2444_fixed-force-group.patch	2007-05-19 07:03:45 UTC (rev 1393)
+++ branches/samba/etch/debian/patches/security-CVE-2007-2444_fixed-force-group.patch	2007-05-22 20:43:24 UTC (rev 1394)
@@ -1,58 +0,0 @@
-=== modified file 'source/smbd/uid.c'
---- samba-3.0.24.orig/source/smbd/uid.c	2007-05-12 16:45:55 +0000
-+++ samba-3.0.24/source/smbd/uid.c	2007-05-18 17:33:11 +0000
-@@ -151,7 +151,9 @@
- 	char group_c;
- 	BOOL must_free_token = False;
- 	NT_USER_TOKEN *token = NULL;
--
-+	int num_groups = 0;
-+	gid_t *group_list = NULL;
-+	
- 	if (!conn) {
- 		DEBUG(2,("change_to_user: Connection not open\n"));
- 		return(False);
-@@ -190,14 +192,14 @@
- 	if (conn->force_user) /* security = share sets this too */ {
- 		uid = conn->uid;
- 		gid = conn->gid;
--		current_user.ut.groups = conn->groups;
--		current_user.ut.ngroups = conn->ngroups;
-+	        group_list = conn->groups;
-+		num_groups = conn->ngroups;
- 		token = conn->nt_user_token;
- 	} else if (vuser) {
- 		uid = conn->admin_user ? 0 : vuser->uid;
- 		gid = vuser->gid;
--		current_user.ut.ngroups = vuser->n_groups;
--		current_user.ut.groups  = vuser->groups;
-+		num_groups = vuser->n_groups;
-+		group_list  = vuser->groups;
- 		token = vuser->nt_user_token;
- 	} else {
- 		DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
-@@ -230,8 +232,8 @@
- 			 */
- 
- 			int i;
--			for (i = 0; i < current_user.ut.ngroups; i++) {
--				if (current_user.ut.groups[i] == conn->gid) {
-+			for (i = 0; i < num_groups; i++) {
-+				if (group_list[i] == conn->gid) {
- 					gid = conn->gid;
- 					gid_to_sid(&token->user_sids[1], gid);
- 					break;
-@@ -243,6 +245,12 @@
- 		}
- 	}
- 	
-+	/* Now set current_user since we will immediately also call
-+	   set_sec_ctx() */
-+
-+	current_user.ut.ngroups = num_groups;
-+	current_user.ut.groups  = group_list;	
-+
- 	set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
- 		    token);
- 
-

Modified: branches/samba/etch/debian/patches/series
===================================================================
--- branches/samba/etch/debian/patches/series	2007-05-19 07:03:45 UTC (rev 1393)
+++ branches/samba/etch/debian/patches/series	2007-05-22 20:43:24 UTC (rev 1394)
@@ -23,4 +23,3 @@
 security-CVE-2007-2444.patch
 security-CVE-2007-2446.patch
 security-CVE-2007-2447.patch
-security-CVE-2007-2444_fixed-force-group.patch


