[Pkg-samba-maint] r2036 - in trunk/samba/debian: . patches

bubulle at alioth.debian.org bubulle at alioth.debian.org
Sun Jul 13 06:44:44 UTC 2008


Author: bubulle
Date: 2008-07-13 06:44:44 +0000 (Sun, 13 Jul 2008)
New Revision: 2036

Removed:
   trunk/samba/debian/patches/upstream_bug5517.patch
Modified:
   trunk/samba/debian/changelog
   trunk/samba/debian/patches/disable-weak-auth.patch
   trunk/samba/debian/patches/series
   trunk/samba/debian/patches/smbpasswd-syslog.patch
Log:
Changes for 3.0.31-1


Modified: trunk/samba/debian/changelog
===================================================================
--- trunk/samba/debian/changelog	2008-07-13 06:30:49 UTC (rev 2035)
+++ trunk/samba/debian/changelog	2008-07-13 06:44:44 UTC (rev 2036)
@@ -1,3 +1,9 @@
+samba (2:3.0.31-1) unstable; urgency=medium
+
+  * New upstream release
+
+ -- Christian Perrier <bubulle at debian.org>  Sat, 12 Jul 2008 16:57:09 +0200
+
 samba (2:3.0.30-4) unstable; urgency=low
 
   [ Christian Perrier ]

Modified: trunk/samba/debian/patches/disable-weak-auth.patch
===================================================================
--- trunk/samba/debian/patches/disable-weak-auth.patch	2008-07-13 06:30:49 UTC (rev 2035)
+++ trunk/samba/debian/patches/disable-weak-auth.patch	2008-07-13 06:44:44 UTC (rev 2036)
@@ -7,10 +7,10 @@
 Upstream status: pulled from upstream 3.2 git tree, will be superseded
 with first release of 3.2
 
-Index: samba-3.0.29/source/param/loadparm.c
+Index: samba-3.0.31/source/param/loadparm.c
 ===================================================================
---- samba-3.0.29.orig/source/param/loadparm.c
-+++ samba-3.0.29/source/param/loadparm.c
+--- samba-3.0.31.orig/source/param/loadparm.c
++++ samba-3.0.31/source/param/loadparm.c
 @@ -1572,9 +1572,9 @@
  	Globals.bStatCache = True;	/* use stat cache by default */
  	Globals.iMaxStatCacheSize = 1024; /* one Meg by default. */
@@ -24,42 +24,42 @@
  	Globals.bNTLMAuth = True;	/* Do use NTLMv1 if it is available (otherwise NTLMv2) */
  	Globals.bClientNTLMv2Auth = False; /* Client should not use NTLMv2, as we can't tell that the server supports it. */
  	/* Note, that we will use NTLM2 session security (which is different), if it is available */
-Index: samba-3.0.29/docs/htmldocs/manpages/smb.conf.5.html
+Index: samba-3.0.31/docs/htmldocs/manpages/smb.conf.5.html
 ===================================================================
---- samba-3.0.29.orig/docs/htmldocs/manpages/smb.conf.5.html
-+++ samba-3.0.29/docs/htmldocs/manpages/smb.conf.5.html
-@@ -871,7 +871,7 @@
+--- samba-3.0.31.orig/docs/htmldocs/manpages/smb.conf.5.html
++++ samba-3.0.31/docs/htmldocs/manpages/smb.conf.5.html
+@@ -879,7 +879,7 @@
      without Windows 95/98 servers are advised to disable
      this option.  </p><p>Disabling this option will also disable the <code class="literal">client plaintext auth</code> option</p><p>Likewise, if the <code class="literal">client ntlmv2
      auth</code> parameter is enabled, then only NTLMv2 logins will be
 -    attempted.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client lanman auth</code></em> = <code class="literal">yes</code>
 +    attempted.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client lanman auth</code></em> = <code class="literal">no</code>
  </em></span>
- </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id328533"></a>
+ </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id328536"></a>
  
-@@ -892,7 +892,7 @@
+@@ -900,7 +900,7 @@
  
  client plaintext auth (G)
- </h3></div></div></div><a class="indexterm" name="id328614"></a><a name="CLIENTPLAINTEXTAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether a client should send a plaintext 
+ </h3></div></div></div><a class="indexterm" name="id328617"></a><a name="CLIENTPLAINTEXTAUTH"></a><div class="variablelist"><dl><dt></dt><dd><p>Specifies whether a client should send a plaintext 
 -		password if the server does not support encrypted passwords.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client plaintext auth</code></em> = <code class="literal">yes</code>
 +		password if the server does not support encrypted passwords.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>client plaintext auth</code></em> = <code class="literal">no</code>
  </em></span>
- </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id328651"></a>
+ </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id328654"></a>
  
-@@ -2404,7 +2404,7 @@
+@@ -2447,7 +2447,7 @@
      auth</code> to disable this for Samba's clients (such as smbclient)</p><p>If this option, and <code class="literal">ntlm
      auth</code> are both disabled, then only NTLMv2 logins will be
      permited.  Not all clients support NTLMv2, and most will require
 -    special configuration to use it.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lanman auth</code></em> = <code class="literal">yes</code>
 +    special configuration to use it.</p><p>Default: <span class="emphasis"><em><em class="parameter"><code>lanman auth</code></em> = <code class="literal">no</code>
  </em></span>
- </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id335983"></a>
+ </p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id335996"></a>
  
-Index: samba-3.0.29/docs/manpages/smb.conf.5
+Index: samba-3.0.31/docs/manpages/smb.conf.5
 ===================================================================
---- samba-3.0.29.orig/docs/manpages/smb.conf.5
-+++ samba-3.0.29/docs/manpages/smb.conf.5
-@@ -1491,7 +1491,7 @@
+--- samba-3.0.31.orig/docs/manpages/smb.conf.5
++++ samba-3.0.31/docs/manpages/smb.conf.5
+@@ -1495,7 +1495,7 @@
  parameter is enabled, then only NTLMv2 logins will be attempted\.
  .sp
  Default:
@@ -68,7 +68,7 @@
  .RE
  
  client ntlmv2 auth (G)
-@@ -1524,7 +1524,7 @@
+@@ -1528,7 +1528,7 @@
  Specifies whether a client should send a plaintext password if the server does not support encrypted passwords\.
  .sp
  Default:
@@ -77,7 +77,7 @@
  .RE
  
  client schannel (G)
-@@ -3624,7 +3624,7 @@
+@@ -3651,7 +3651,7 @@
  are both disabled, then only NTLMv2 logins will be permited\. Not all clients support NTLMv2, and most will require special configuration to use it\.
  .sp
  Default:

Modified: trunk/samba/debian/patches/series
===================================================================
--- trunk/samba/debian/patches/series	2008-07-13 06:30:49 UTC (rev 2035)
+++ trunk/samba/debian/patches/series	2008-07-13 06:44:44 UTC (rev 2036)
@@ -18,4 +18,3 @@
 no-unnecessary-cups.patch
 swat-de.patch
 smbtar-bashism.patch
-upstream_bug5517.patch

Modified: trunk/samba/debian/patches/smbpasswd-syslog.patch
===================================================================
--- trunk/samba/debian/patches/smbpasswd-syslog.patch	2008-07-13 06:30:49 UTC (rev 2035)
+++ trunk/samba/debian/patches/smbpasswd-syslog.patch	2008-07-13 06:44:44 UTC (rev 2036)
@@ -4,10 +4,10 @@
 
 Upstream status: submitted as bugzilla bug #4831
 
-Index: samba-3.0.29/source/pam_smbpass/support.c
+Index: samba-3.0.31/source/pam_smbpass/support.c
 ===================================================================
---- samba-3.0.29.orig/source/pam_smbpass/support.c
-+++ samba-3.0.29/source/pam_smbpass/support.c
+--- samba-3.0.31.orig/source/pam_smbpass/support.c
++++ samba-3.0.31/source/pam_smbpass/support.c
 @@ -15,6 +15,7 @@
  	 * Mass Ave, Cambridge, MA 02139, USA.
  	 */
@@ -155,7 +155,7 @@
                                , failure->count
 @@ -327,8 +355,7 @@
  
-     if (!pdb_get_lanman_passwd(sampass))
+     if (!pdb_get_nt_passwd(sampass))
      {
 -        _log_err( LOG_DEBUG, "user %s has null SMB password"
 -                  , name );
@@ -180,10 +180,10 @@
      if (data_name == NULL) {
 -        _log_err( LOG_CRIT, "no memory for data-name" );
 +        _log_err(pamh, LOG_CRIT, "no memory for data-name");
+         return PAM_AUTH_ERR;
      }
      strncpy( data_name, FAIL_PREFIX, sizeof(FAIL_PREFIX) );
-     strncpy( data_name + sizeof(FAIL_PREFIX) - 1, name, strlen( name ) + 1 );
-@@ -392,31 +420,31 @@
+@@ -393,31 +421,31 @@
                          retval = PAM_MAXTRIES;
                      }
                  } else {
@@ -216,13 +216,13 @@
                        uidtoname(getuid()),
                        service ? service : "**unknown**", name);
              }
-         } else {
--            _log_err(LOG_NOTICE,
-+            _log_err(pamh, LOG_NOTICE,
-                       "failed auth request by %s for service %s as %s(%d)",
-                       uidtoname(getuid()),
-                       service ? service : "**unknown**", name);
-@@ -490,8 +518,8 @@
+         }
+-        _log_err(LOG_NOTICE,
++        _log_err(pamh, LOG_NOTICE,
+                   "failed auth request by %s for service %s as %s(%d)",
+                   uidtoname(getuid()),
+                   service ? service : "**unknown**", name);
+@@ -493,8 +521,8 @@
          retval = pam_get_item( pamh, authtok_flag, (const void **) &item );
          if (retval != PAM_SUCCESS) {
              /* very strange. */
@@ -233,7 +233,7 @@
              return retval;
          } else if (item != NULL) {	/* we have a password! */
              *pass = item;
-@@ -543,7 +571,7 @@
+@@ -546,7 +574,7 @@
  
          if (retval == PAM_SUCCESS) {	/* a good conversation */
  
@@ -242,7 +242,7 @@
              if (token != NULL) {
                  if (expect == 2) {
                      /* verify that password entered correctly */
-@@ -555,7 +583,8 @@
+@@ -558,7 +586,8 @@
                      }
                  }
              } else {
@@ -252,7 +252,7 @@
              }
          }
  
-@@ -568,7 +597,7 @@
+@@ -571,7 +600,7 @@
  
      if (retval != PAM_SUCCESS) {
          if (on( SMB_DEBUG, ctrl ))
@@ -261,7 +261,7 @@
          return retval;
      }
      /* 'token' is the entered password */
-@@ -583,7 +612,7 @@
+@@ -586,7 +615,7 @@
              || (retval = pam_get_item( pamh, authtok_flag
                              ,(const void **)&item )) != PAM_SUCCESS)
          {
@@ -270,7 +270,7 @@
              return retval;
          }
      } else {
-@@ -597,8 +626,8 @@
+@@ -600,8 +629,8 @@
              || (retval = pam_get_data( pamh, data_name, (const void **)&item ))
                               != PAM_SUCCESS)
          {
@@ -281,7 +281,7 @@
              _pam_delete( token );
              item = NULL;
              return retval;
-@@ -622,8 +651,8 @@
+@@ -625,8 +654,8 @@
      if (pass_new == NULL || (pass_old && !strcmp( pass_old, pass_new )))
      {
  	if (on(SMB_DEBUG, ctrl)) {
@@ -292,10 +292,10 @@
  	}
  	make_remark( pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ?
  				"No password supplied" : "Password unchanged" );
-Index: samba-3.0.29/source/pam_smbpass/pam_smb_auth.c
+Index: samba-3.0.31/source/pam_smbpass/pam_smb_auth.c
 ===================================================================
---- samba-3.0.29.orig/source/pam_smbpass/pam_smb_auth.c
-+++ samba-3.0.29/source/pam_smbpass/pam_smb_auth.c
+--- samba-3.0.31.orig/source/pam_smbpass/pam_smb_auth.c
++++ samba-3.0.31/source/pam_smbpass/pam_smb_auth.c
 @@ -75,10 +75,9 @@
  
  	/* Samba initialization. */
@@ -372,10 +372,10 @@
  	return PAM_AUTHTOK_RECOVER_ERR;
      } else if (pass == NULL) {
  	return PAM_AUTHTOK_RECOVER_ERR;
-Index: samba-3.0.29/source/pam_smbpass/pam_smb_acct.c
+Index: samba-3.0.31/source/pam_smbpass/pam_smb_acct.c
 ===================================================================
---- samba-3.0.29.orig/source/pam_smbpass/pam_smb_acct.c
-+++ samba-3.0.29/source/pam_smbpass/pam_smb_acct.c
+--- samba-3.0.31.orig/source/pam_smbpass/pam_smb_acct.c
++++ samba-3.0.31/source/pam_smbpass/pam_smb_acct.c
 @@ -52,26 +52,25 @@
  
  	/* Samba initialization. */
@@ -436,10 +436,10 @@
  		}
  		make_remark( pamh, ctrl, PAM_ERROR_MSG
  			, "Your account has been disabled; "
-Index: samba-3.0.29/source/pam_smbpass/pam_smb_passwd.c
+Index: samba-3.0.31/source/pam_smbpass/pam_smb_passwd.c
 ===================================================================
---- samba-3.0.29.orig/source/pam_smbpass/pam_smb_passwd.c
-+++ samba-3.0.29/source/pam_smbpass/pam_smb_passwd.c
+--- samba-3.0.31.orig/source/pam_smbpass/pam_smb_passwd.c
++++ samba-3.0.31/source/pam_smbpass/pam_smb_passwd.c
 @@ -104,10 +104,9 @@
  
      /* Samba initialization. */
@@ -576,10 +576,10 @@
          retval = PAM_ABORT;
  
      }
-Index: samba-3.0.29/source/pam_smbpass/support.h
+Index: samba-3.0.31/source/pam_smbpass/support.h
 ===================================================================
---- samba-3.0.29.orig/source/pam_smbpass/support.h
-+++ samba-3.0.29/source/pam_smbpass/support.h
+--- samba-3.0.31.orig/source/pam_smbpass/support.h
++++ samba-3.0.31/source/pam_smbpass/support.h
 @@ -1,8 +1,8 @@
  /* syslogging function for errors and other information */
 -extern void _log_err(int, const char *, ...);

Deleted: trunk/samba/debian/patches/upstream_bug5517.patch
===================================================================
--- trunk/samba/debian/patches/upstream_bug5517.patch	2008-07-13 06:30:49 UTC (rev 2035)
+++ trunk/samba/debian/patches/upstream_bug5517.patch	2008-07-13 06:44:44 UTC (rev 2036)
@@ -1,25 +0,0 @@
-Goal: djust cli_negprot() to properly
-    calculate buffer sizes. This bug was introduced in the fix for
-    CVE-2008-1105
-
-Fixes: #488688. 
-
-Status wrt upstream: Will be fixed in 3.0.31
-
-Index: samba-3.0.30/source/libsmb/cliconnect.c
-===================================================================
---- samba-3.0.30/source/libsmb/cliconnect.c	2008-05-28 08:41:11.000000000 -0400
-+++ samba-3.0.30.new/source/libsmb/cliconnect.c	2008-06-30 09:17:06.000000000 -0400
-@@ -1328,9 +1328,9 @@
- 		if (cli->capabilities & (CAP_LARGE_READX|CAP_LARGE_WRITEX)) {
- 			SAFE_FREE(cli->outbuf);
- 			SAFE_FREE(cli->inbuf);
--			cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN);
--			cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN);
--			cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE;
-+			cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
-+			cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
-+			cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE + LARGE_WRITEX_HDR_SIZE;
- 		}
- 
- 	} else if (cli->protocol >= PROTOCOL_LANMAN1) {




More information about the Pkg-samba-maint mailing list