[Pkg-samba-maint] r2036 - in trunk/samba/debian: . patches
bubulle at alioth.debian.org
bubulle at alioth.debian.org
Sun Jul 13 06:44:44 UTC 2008
Author: bubulle
Date: 2008-07-13 06:44:44 +0000 (Sun, 13 Jul 2008)
New Revision: 2036
Removed:
trunk/samba/debian/patches/upstream_bug5517.patch
Modified:
trunk/samba/debian/changelog
trunk/samba/debian/patches/disable-weak-auth.patch
trunk/samba/debian/patches/series
trunk/samba/debian/patches/smbpasswd-syslog.patch
Log:
Changes for 3.0.31-1
Modified: trunk/samba/debian/changelog
===================================================================
--- trunk/samba/debian/changelog 2008-07-13 06:30:49 UTC (rev 2035)
+++ trunk/samba/debian/changelog 2008-07-13 06:44:44 UTC (rev 2036)
@@ -1,3 +1,9 @@
+samba (2:3.0.31-1) unstable; urgency=medium
+
+ * New upstream release
+
+ -- Christian Perrier <bubulle at debian.org> Sat, 12 Jul 2008 16:57:09 +0200
+
samba (2:3.0.30-4) unstable; urgency=low
[ Christian Perrier ]
Modified: trunk/samba/debian/patches/disable-weak-auth.patch
===================================================================
--- trunk/samba/debian/patches/disable-weak-auth.patch 2008-07-13 06:30:49 UTC (rev 2035)
+++ trunk/samba/debian/patches/disable-weak-auth.patch 2008-07-13 06:44:44 UTC (rev 2036)
@@ -7,10 +7,10 @@
Upstream status: pulled from upstream 3.2 git tree, will be superseded
with first release of 3.2
-Index: samba-3.0.29/source/param/loadparm.c
+Index: samba-3.0.31/source/param/loadparm.c
===================================================================
---- samba-3.0.29.orig/source/param/loadparm.c
-+++ samba-3.0.29/source/param/loadparm.c
+--- samba-3.0.31.orig/source/param/loadparm.c
++++ samba-3.0.31/source/param/loadparm.c
@@ -1572,9 +1572,9 @@
Globals.bStatCache = True; /* use stat cache by default */
Globals.iMaxStatCacheSize = 1024; /* one Meg by default. */
@@ -24,42 +24,42 @@
Globals.bNTLMAuth = True; /* Do use NTLMv1 if it is available (otherwise NTLMv2) */
Globals.bClientNTLMv2Auth = False; /* Client should not use NTLMv2, as we can't tell that the server supports it. */
/* Note, that we will use NTLM2 session security (which is different), if it is available */
-Index: samba-3.0.29/docs/htmldocs/manpages/smb.conf.5.html
+Index: samba-3.0.31/docs/htmldocs/manpages/smb.conf.5.html
===================================================================
---- samba-3.0.29.orig/docs/htmldocs/manpages/smb.conf.5.html
-+++ samba-3.0.29/docs/htmldocs/manpages/smb.conf.5.html
-@@ -871,7 +871,7 @@
+--- samba-3.0.31.orig/docs/htmldocs/manpages/smb.conf.5.html
++++ samba-3.0.31/docs/htmldocs/manpages/smb.conf.5.html
+@@ -879,7 +879,7 @@
without Windows 95/98 servers are advised to disable
this option. </p><p>Disabling this option will also disable the <code class="literal">client plaintext auth</code> option</p><p>Likewise, if the <code class="literal">client ntlmv2
auth</code> parameter is enabled, then only NTLMv2 logins will be
- attempted.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client lanman auth</code></em> = <code class="literal">yes</code>
+ attempted.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client lanman auth</code></em> = <code class="literal">no</code>
</em></span>
- </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id328533"></a>
+ </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id328536"></a>
-@@ -892,7 +892,7 @@
+@@ -900,7 +900,7 @@
client plaintext auth (G)
- </h3></div></div></div><a class="indexterm" name="id328614"></a><a name="CLIENTPLAINTEXTAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether a client should send a plaintext
+ </h3></div></div></div><a class="indexterm" name="id328617"></a><a name="CLIENTPLAINTEXTAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether a client should send a plaintext
- password if the server does not support encrypted passwords.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client plaintext auth</code></em> = <code class="literal">yes</code>
+ password if the server does not support encrypted passwords.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client plaintext auth</code></em> = <code class="literal">no</code>
</em></span>
- </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id328651"></a>
+ </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id328654"></a>
-@@ -2404,7 +2404,7 @@
+@@ -2447,7 +2447,7 @@
auth</code> to disable this for Samba's clients (such as smbclient)</p><p>If this option, and <code class="literal">ntlm
auth</code> are both disabled, then only NTLMv2 logins will be
permited. Not all clients support NTLMv2, and most will require
- special configuration to use it.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lanman auth</code></em> = <code class="literal">yes</code>
+ special configuration to use it.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lanman auth</code></em> = <code class="literal">no</code>
</em></span>
- </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id335983"></a>
+ </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id335996"></a>
-Index: samba-3.0.29/docs/manpages/smb.conf.5
+Index: samba-3.0.31/docs/manpages/smb.conf.5
===================================================================
---- samba-3.0.29.orig/docs/manpages/smb.conf.5
-+++ samba-3.0.29/docs/manpages/smb.conf.5
-@@ -1491,7 +1491,7 @@
+--- samba-3.0.31.orig/docs/manpages/smb.conf.5
++++ samba-3.0.31/docs/manpages/smb.conf.5
+@@ -1495,7 +1495,7 @@
parameter is enabled, then only NTLMv2 logins will be attempted\.
.sp
Default:
@@ -68,7 +68,7 @@
.RE
client ntlmv2 auth (G)
-@@ -1524,7 +1524,7 @@
+@@ -1528,7 +1528,7 @@
Specifies whether a client should send a plaintext password if the server does not support encrypted passwords\.
.sp
Default:
@@ -77,7 +77,7 @@
.RE
client schannel (G)
-@@ -3624,7 +3624,7 @@
+@@ -3651,7 +3651,7 @@
are both disabled, then only NTLMv2 logins will be permited\. Not all clients support NTLMv2, and most will require special configuration to use it\.
.sp
Default:
Modified: trunk/samba/debian/patches/series
===================================================================
--- trunk/samba/debian/patches/series 2008-07-13 06:30:49 UTC (rev 2035)
+++ trunk/samba/debian/patches/series 2008-07-13 06:44:44 UTC (rev 2036)
@@ -18,4 +18,3 @@
no-unnecessary-cups.patch
swat-de.patch
smbtar-bashism.patch
-upstream_bug5517.patch
Modified: trunk/samba/debian/patches/smbpasswd-syslog.patch
===================================================================
--- trunk/samba/debian/patches/smbpasswd-syslog.patch 2008-07-13 06:30:49 UTC (rev 2035)
+++ trunk/samba/debian/patches/smbpasswd-syslog.patch 2008-07-13 06:44:44 UTC (rev 2036)
@@ -4,10 +4,10 @@
Upstream status: submitted as bugzilla bug #4831
-Index: samba-3.0.29/source/pam_smbpass/support.c
+Index: samba-3.0.31/source/pam_smbpass/support.c
===================================================================
---- samba-3.0.29.orig/source/pam_smbpass/support.c
-+++ samba-3.0.29/source/pam_smbpass/support.c
+--- samba-3.0.31.orig/source/pam_smbpass/support.c
++++ samba-3.0.31/source/pam_smbpass/support.c
@@ -15,6 +15,7 @@
* Mass Ave, Cambridge, MA 02139, USA.
*/
@@ -155,7 +155,7 @@
, failure->count
@@ -327,8 +355,7 @@
- if (!pdb_get_lanman_passwd(sampass))
+ if (!pdb_get_nt_passwd(sampass))
{
- _log_err( LOG_DEBUG, "user %s has null SMB password"
- , name );
@@ -180,10 +180,10 @@
if (data_name == NULL) {
- _log_err( LOG_CRIT, "no memory for data-name" );
+ _log_err(pamh, LOG_CRIT, "no memory for data-name");
+ return PAM_AUTH_ERR;
}
strncpy( data_name, FAIL_PREFIX, sizeof(FAIL_PREFIX) );
- strncpy( data_name + sizeof(FAIL_PREFIX) - 1, name, strlen( name ) + 1 );
-@@ -392,31 +420,31 @@
+@@ -393,31 +421,31 @@
retval = PAM_MAXTRIES;
}
} else {
@@ -216,13 +216,13 @@
uidtoname(getuid()),
service ? service : "**unknown**", name);
}
- } else {
-- _log_err(LOG_NOTICE,
-+ _log_err(pamh, LOG_NOTICE,
- "failed auth request by %s for service %s as %s(%d)",
- uidtoname(getuid()),
- service ? service : "**unknown**", name);
-@@ -490,8 +518,8 @@
+ }
+- _log_err(LOG_NOTICE,
++ _log_err(pamh, LOG_NOTICE,
+ "failed auth request by %s for service %s as %s(%d)",
+ uidtoname(getuid()),
+ service ? service : "**unknown**", name);
+@@ -493,8 +521,8 @@
retval = pam_get_item( pamh, authtok_flag, (const void **) &item );
if (retval != PAM_SUCCESS) {
/* very strange. */
@@ -233,7 +233,7 @@
return retval;
} else if (item != NULL) { /* we have a password! */
*pass = item;
-@@ -543,7 +571,7 @@
+@@ -546,7 +574,7 @@
if (retval == PAM_SUCCESS) { /* a good conversation */
@@ -242,7 +242,7 @@
if (token != NULL) {
if (expect == 2) {
/* verify that password entered correctly */
-@@ -555,7 +583,8 @@
+@@ -558,7 +586,8 @@
}
}
} else {
@@ -252,7 +252,7 @@
}
}
-@@ -568,7 +597,7 @@
+@@ -571,7 +600,7 @@
if (retval != PAM_SUCCESS) {
if (on( SMB_DEBUG, ctrl ))
@@ -261,7 +261,7 @@
return retval;
}
/* 'token' is the entered password */
-@@ -583,7 +612,7 @@
+@@ -586,7 +615,7 @@
|| (retval = pam_get_item( pamh, authtok_flag
,(const void **)&item )) != PAM_SUCCESS)
{
@@ -270,7 +270,7 @@
return retval;
}
} else {
-@@ -597,8 +626,8 @@
+@@ -600,8 +629,8 @@
|| (retval = pam_get_data( pamh, data_name, (const void **)&item ))
!= PAM_SUCCESS)
{
@@ -281,7 +281,7 @@
_pam_delete( token );
item = NULL;
return retval;
-@@ -622,8 +651,8 @@
+@@ -625,8 +654,8 @@
if (pass_new == NULL || (pass_old && !strcmp( pass_old, pass_new )))
{
if (on(SMB_DEBUG, ctrl)) {
@@ -292,10 +292,10 @@
}
make_remark( pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ?
"No password supplied" : "Password unchanged" );
-Index: samba-3.0.29/source/pam_smbpass/pam_smb_auth.c
+Index: samba-3.0.31/source/pam_smbpass/pam_smb_auth.c
===================================================================
---- samba-3.0.29.orig/source/pam_smbpass/pam_smb_auth.c
-+++ samba-3.0.29/source/pam_smbpass/pam_smb_auth.c
+--- samba-3.0.31.orig/source/pam_smbpass/pam_smb_auth.c
++++ samba-3.0.31/source/pam_smbpass/pam_smb_auth.c
@@ -75,10 +75,9 @@
/* Samba initialization. */
@@ -372,10 +372,10 @@
return PAM_AUTHTOK_RECOVER_ERR;
} else if (pass == NULL) {
return PAM_AUTHTOK_RECOVER_ERR;
-Index: samba-3.0.29/source/pam_smbpass/pam_smb_acct.c
+Index: samba-3.0.31/source/pam_smbpass/pam_smb_acct.c
===================================================================
---- samba-3.0.29.orig/source/pam_smbpass/pam_smb_acct.c
-+++ samba-3.0.29/source/pam_smbpass/pam_smb_acct.c
+--- samba-3.0.31.orig/source/pam_smbpass/pam_smb_acct.c
++++ samba-3.0.31/source/pam_smbpass/pam_smb_acct.c
@@ -52,26 +52,25 @@
/* Samba initialization. */
@@ -436,10 +436,10 @@
}
make_remark( pamh, ctrl, PAM_ERROR_MSG
, "Your account has been disabled; "
-Index: samba-3.0.29/source/pam_smbpass/pam_smb_passwd.c
+Index: samba-3.0.31/source/pam_smbpass/pam_smb_passwd.c
===================================================================
---- samba-3.0.29.orig/source/pam_smbpass/pam_smb_passwd.c
-+++ samba-3.0.29/source/pam_smbpass/pam_smb_passwd.c
+--- samba-3.0.31.orig/source/pam_smbpass/pam_smb_passwd.c
++++ samba-3.0.31/source/pam_smbpass/pam_smb_passwd.c
@@ -104,10 +104,9 @@
/* Samba initialization. */
@@ -576,10 +576,10 @@
retval = PAM_ABORT;
}
-Index: samba-3.0.29/source/pam_smbpass/support.h
+Index: samba-3.0.31/source/pam_smbpass/support.h
===================================================================
---- samba-3.0.29.orig/source/pam_smbpass/support.h
-+++ samba-3.0.29/source/pam_smbpass/support.h
+--- samba-3.0.31.orig/source/pam_smbpass/support.h
++++ samba-3.0.31/source/pam_smbpass/support.h
@@ -1,8 +1,8 @@
/* syslogging function for errors and other information */
-extern void _log_err(int, const char *, ...);
Deleted: trunk/samba/debian/patches/upstream_bug5517.patch
===================================================================
--- trunk/samba/debian/patches/upstream_bug5517.patch 2008-07-13 06:30:49 UTC (rev 2035)
+++ trunk/samba/debian/patches/upstream_bug5517.patch 2008-07-13 06:44:44 UTC (rev 2036)
@@ -1,25 +0,0 @@
-Goal: djust cli_negprot() to properly
- calculate buffer sizes. This bug was introduced in the fix for
- CVE-2008-1105
-
-Fixes: #488688.
-
-Status wrt upstream: Will be fixed in 3.0.31
-
-Index: samba-3.0.30/source/libsmb/cliconnect.c
-===================================================================
---- samba-3.0.30/source/libsmb/cliconnect.c 2008-05-28 08:41:11.000000000 -0400
-+++ samba-3.0.30.new/source/libsmb/cliconnect.c 2008-06-30 09:17:06.000000000 -0400
-@@ -1328,9 +1328,9 @@
- if (cli->capabilities & (CAP_LARGE_READX|CAP_LARGE_WRITEX)) {
- SAFE_FREE(cli->outbuf);
- SAFE_FREE(cli->inbuf);
-- cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN);
-- cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN);
-- cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE;
-+ cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
-+ cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
-+ cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE + LARGE_WRITEX_HDR_SIZE;
- }
-
- } else if (cli->protocol >= PROTOCOL_LANMAN1) {
More information about the Pkg-samba-maint
mailing list