[Pkg-samba-maint] r2908 - in branches/samba/lenny/debian: . patches

bubulle at alioth.debian.org bubulle at alioth.debian.org
Tue Jun 23 06:38:24 UTC 2009


Author: bubulle
Date: 2009-06-23 06:38:23 +0000 (Tue, 23 Jun 2009)
New Revision: 2908

Added:
   branches/samba/lenny/debian/patches/security-CVE-2009-1886.patch
Removed:
   branches/samba/lenny/debian/patches/security-CVE-2009-1888.patch
Modified:
   branches/samba/lenny/debian/changelog
   branches/samba/lenny/debian/patches/series
Log:
Rename the security patch after the correct CVE ID


Modified: branches/samba/lenny/debian/changelog
===================================================================
--- branches/samba/lenny/debian/changelog	2009-06-22 18:46:16 UTC (rev 2907)
+++ branches/samba/lenny/debian/changelog	2009-06-23 06:38:23 UTC (rev 2908)
@@ -1,3 +1,9 @@
+samba (2:3.2.5-4lenny6) UNRELEASED; urgency=low
+
+  * CVE 2009-1886: Fix Formatstring vulnerability in smbclient
+
+ -- Christian Perrier <bubulle at debian.org>  Tue, 23 Jun 2009 08:37:27 +0200
+
 samba (2:3.2.5-4lenny5) stable-security; urgency=high
 
   * Fix Formatstring vulnerability in smbclient. CVE ID

Copied: branches/samba/lenny/debian/patches/security-CVE-2009-1886.patch (from rev 2906, branches/samba/lenny/debian/patches/security-CVE-2009-1888.patch)
===================================================================
--- branches/samba/lenny/debian/patches/security-CVE-2009-1886.patch	                        (rev 0)
+++ branches/samba/lenny/debian/patches/security-CVE-2009-1886.patch	2009-06-23 06:38:23 UTC (rev 2908)
@@ -0,0 +1,182 @@
+Goal: Fix Formatstring vulnerability in smbclient
+
+Fixes: Upstream security fix. CVE-2009-1888
+
+Status wrt upstream: Fixed in 3.2.13
+
+Author: Volker Lendecke <vl at samba.org>
+
+Note: The smbclient commands dealing with file
+      names treat user input as a format string
+      to asprintf.
+
+Index: lenny/source/client/client.c
+===================================================================
+--- lenny.orig/source/client/client.c	2009-06-19 20:03:39.198283928 +0200
++++ lenny/source/client/client.c	2009-06-19 20:03:52.398284448 +0200
+@@ -364,7 +364,7 @@
+ 
+ 	/* Ensure cur_dir ends in a DIRSEP */
+ 	if ((new_cd[0] != '\0') && (*(new_cd+strlen(new_cd)-1) != CLI_DIRSEP_CHAR)) {
+-		new_cd = talloc_asprintf_append(new_cd, CLI_DIRSEP_STR);
++		new_cd = talloc_asprintf_append(new_cd, "%s", CLI_DIRSEP_STR);
+ 		if (!new_cd) {
+ 			goto out;
+ 		}
+@@ -871,7 +871,7 @@
+ 		if (*buf == CLI_DIRSEP_CHAR) {
+ 			mask = talloc_strdup(ctx, buf);
+ 		} else {
+-			mask = talloc_asprintf_append(mask, buf);
++			mask = talloc_asprintf_append(mask, "%s", buf);
+ 		}
+ 	} else {
+ 		mask = talloc_asprintf_append(mask, "*");
+@@ -912,7 +912,7 @@
+ 		return 1;
+ 	}
+ 	if ((mask[0] != '\0') && (mask[strlen(mask)-1]!=CLI_DIRSEP_CHAR)) {
+-		mask = talloc_asprintf_append(mask, CLI_DIRSEP_STR);
++		mask = talloc_asprintf_append(mask, "%s", CLI_DIRSEP_STR);
+ 		if (!mask) {
+ 			return 1;
+ 		}
+@@ -923,7 +923,7 @@
+ 		if (*buf == CLI_DIRSEP_CHAR) {
+ 			mask = talloc_strdup(ctx, buf);
+ 		} else {
+-			mask = talloc_asprintf_append(mask, buf);
++			mask = talloc_asprintf_append(mask, "%s", buf);
+ 		}
+ 	} else {
+ 		mask = talloc_strdup(ctx, "*");
+@@ -1107,7 +1107,7 @@
+ 		d_printf("get <filename> [localname]\n");
+ 		return 1;
+ 	}
+-	rname = talloc_asprintf_append(rname, fname);
++	rname = talloc_asprintf_append(rname, "%s", fname);
+ 	if (!rname) {
+ 		return 1;
+ 	}
+@@ -1266,7 +1266,7 @@
+ 		unlink(lname);
+ 		return 1;
+ 	}
+-	rname = talloc_asprintf_append(rname, fname);
++	rname = talloc_asprintf_append(rname, "%s", fname);
+ 	if (!rname) {
+ 		return 1;
+ 	}
+@@ -1318,7 +1318,7 @@
+ 			mget_mask = talloc_strdup(ctx, buf);
+ 		} else {
+ 			mget_mask = talloc_asprintf_append(mget_mask,
+-							buf);
++							"%s", buf);
+ 		}
+ 		if (!mget_mask) {
+ 			return 1;
+@@ -1414,7 +1414,7 @@
+ 		}
+ 		return 1;
+ 	}
+-	mask = talloc_asprintf_append(mask, buf);
++	mask = talloc_asprintf_append(mask, "%s", buf);
+ 	if (!mask) {
+ 		return 1;
+ 	}
+@@ -1443,14 +1443,14 @@
+ 		trim_char(ddir,'.','\0');
+ 		p = strtok_r(ddir, "/\\", &saveptr);
+ 		while (p) {
+-			ddir2 = talloc_asprintf_append(ddir2, p);
++			ddir2 = talloc_asprintf_append(ddir2, "%s", p);
+ 			if (!ddir2) {
+ 				return 1;
+ 			}
+ 			if (!cli_chkpath(targetcli, ddir2)) {
+ 				do_mkdir(ddir2);
+ 			}
+-			ddir2 = talloc_asprintf_append(ddir2, CLI_DIRSEP_STR);
++			ddir2 = talloc_asprintf_append(ddir2, "%s", CLI_DIRSEP_STR);
+ 			if (!ddir2) {
+ 				return 1;
+ 			}
+@@ -1482,7 +1482,7 @@
+ 		d_printf("altname <file>\n");
+ 		return 1;
+ 	}
+-	name = talloc_asprintf_append(name, buf);
++	name = talloc_asprintf_append(name, "%s", buf);
+ 	if (!name) {
+ 		return 1;
+ 	}
+@@ -1566,7 +1566,7 @@
+ 		d_printf("allinfo <file>\n");
+ 		return 1;
+ 	}
+-	name = talloc_asprintf_append(name, buf);
++	name = talloc_asprintf_append(name, "%s", buf);
+ 	if (!name) {
+ 		return 1;
+ 	}
+@@ -1733,9 +1733,9 @@
+ 	}
+ 
+ 	if (next_token_talloc(ctx, &cmd_ptr,&buf,NULL)) {
+-		rname = talloc_asprintf_append(rname, buf);
++		rname = talloc_asprintf_append(rname, "%s", buf);
+ 	} else {
+-		rname = talloc_asprintf_append(rname, lname);
++		rname = talloc_asprintf_append(rname, "%s", lname);
+ 	}
+ 	if (!rname) {
+ 		return 1;
+@@ -2132,7 +2132,7 @@
+ 		d_printf("del <filename>\n");
+ 		return 1;
+ 	}
+-	mask = talloc_asprintf_append(mask, buf);
++	mask = talloc_asprintf_append(mask, "%s", buf);
+ 	if (!mask) {
+ 		return 1;
+ 	}
+@@ -3524,7 +3524,7 @@
+ 		d_printf("reget <filename>\n");
+ 		return 1;
+ 	}
+-	remote_name = talloc_asprintf_append(remote_name, fname);
++	remote_name = talloc_asprintf_append(remote_name, "%s", fname);
+ 	if (!remote_name) {
+ 		return 1;
+ 	}
+@@ -3571,10 +3571,10 @@
+ 
+ 	if (next_token_talloc(ctx, &cmd_ptr, &buf, NULL)) {
+ 		remote_name = talloc_asprintf_append(remote_name,
+-						buf);
++						"%s", buf);
+ 	} else {
+ 		remote_name = talloc_asprintf_append(remote_name,
+-						local_name);
++						"%s", local_name);
+ 	}
+ 	if (!remote_name) {
+ 		return 1;
+@@ -4107,13 +4107,13 @@
+ 				TALLOC_FREE(ctx);
+ 				return;
+ 			}
+-			tmp = talloc_asprintf_append(tmp, f->name);
++			tmp = talloc_asprintf_append(tmp, "%s", f->name);
+ 			if (!tmp) {
+ 				TALLOC_FREE(ctx);
+ 				return;
+ 			}
+ 			if (f->mode & aDIR) {
+-				tmp = talloc_asprintf_append(tmp, CLI_DIRSEP_STR);
++				tmp = talloc_asprintf_append(tmp, "%s", CLI_DIRSEP_STR);
+ 			}
+ 			if (!tmp) {
+ 				TALLOC_FREE(ctx);

Deleted: branches/samba/lenny/debian/patches/security-CVE-2009-1888.patch
===================================================================
--- branches/samba/lenny/debian/patches/security-CVE-2009-1888.patch	2009-06-22 18:46:16 UTC (rev 2907)
+++ branches/samba/lenny/debian/patches/security-CVE-2009-1888.patch	2009-06-23 06:38:23 UTC (rev 2908)
@@ -1,182 +0,0 @@
-Goal: Fix Formatstring vulnerability in smbclient
-
-Fixes: Upstream security fix. CVE-2009-1888
-
-Status wrt upstream: Fixed in 3.2.13
-
-Author: Volker Lendecke <vl at samba.org>
-
-Note: The smbclient commands dealing with file
-      names treat user input as a format string
-      to asprintf.
-
-Index: lenny/source/client/client.c
-===================================================================
---- lenny.orig/source/client/client.c	2009-06-19 20:03:39.198283928 +0200
-+++ lenny/source/client/client.c	2009-06-19 20:03:52.398284448 +0200
-@@ -364,7 +364,7 @@
- 
- 	/* Ensure cur_dir ends in a DIRSEP */
- 	if ((new_cd[0] != '\0') && (*(new_cd+strlen(new_cd)-1) != CLI_DIRSEP_CHAR)) {
--		new_cd = talloc_asprintf_append(new_cd, CLI_DIRSEP_STR);
-+		new_cd = talloc_asprintf_append(new_cd, "%s", CLI_DIRSEP_STR);
- 		if (!new_cd) {
- 			goto out;
- 		}
-@@ -871,7 +871,7 @@
- 		if (*buf == CLI_DIRSEP_CHAR) {
- 			mask = talloc_strdup(ctx, buf);
- 		} else {
--			mask = talloc_asprintf_append(mask, buf);
-+			mask = talloc_asprintf_append(mask, "%s", buf);
- 		}
- 	} else {
- 		mask = talloc_asprintf_append(mask, "*");
-@@ -912,7 +912,7 @@
- 		return 1;
- 	}
- 	if ((mask[0] != '\0') && (mask[strlen(mask)-1]!=CLI_DIRSEP_CHAR)) {
--		mask = talloc_asprintf_append(mask, CLI_DIRSEP_STR);
-+		mask = talloc_asprintf_append(mask, "%s", CLI_DIRSEP_STR);
- 		if (!mask) {
- 			return 1;
- 		}
-@@ -923,7 +923,7 @@
- 		if (*buf == CLI_DIRSEP_CHAR) {
- 			mask = talloc_strdup(ctx, buf);
- 		} else {
--			mask = talloc_asprintf_append(mask, buf);
-+			mask = talloc_asprintf_append(mask, "%s", buf);
- 		}
- 	} else {
- 		mask = talloc_strdup(ctx, "*");
-@@ -1107,7 +1107,7 @@
- 		d_printf("get <filename> [localname]\n");
- 		return 1;
- 	}
--	rname = talloc_asprintf_append(rname, fname);
-+	rname = talloc_asprintf_append(rname, "%s", fname);
- 	if (!rname) {
- 		return 1;
- 	}
-@@ -1266,7 +1266,7 @@
- 		unlink(lname);
- 		return 1;
- 	}
--	rname = talloc_asprintf_append(rname, fname);
-+	rname = talloc_asprintf_append(rname, "%s", fname);
- 	if (!rname) {
- 		return 1;
- 	}
-@@ -1318,7 +1318,7 @@
- 			mget_mask = talloc_strdup(ctx, buf);
- 		} else {
- 			mget_mask = talloc_asprintf_append(mget_mask,
--							buf);
-+							"%s", buf);
- 		}
- 		if (!mget_mask) {
- 			return 1;
-@@ -1414,7 +1414,7 @@
- 		}
- 		return 1;
- 	}
--	mask = talloc_asprintf_append(mask, buf);
-+	mask = talloc_asprintf_append(mask, "%s", buf);
- 	if (!mask) {
- 		return 1;
- 	}
-@@ -1443,14 +1443,14 @@
- 		trim_char(ddir,'.','\0');
- 		p = strtok_r(ddir, "/\\", &saveptr);
- 		while (p) {
--			ddir2 = talloc_asprintf_append(ddir2, p);
-+			ddir2 = talloc_asprintf_append(ddir2, "%s", p);
- 			if (!ddir2) {
- 				return 1;
- 			}
- 			if (!cli_chkpath(targetcli, ddir2)) {
- 				do_mkdir(ddir2);
- 			}
--			ddir2 = talloc_asprintf_append(ddir2, CLI_DIRSEP_STR);
-+			ddir2 = talloc_asprintf_append(ddir2, "%s", CLI_DIRSEP_STR);
- 			if (!ddir2) {
- 				return 1;
- 			}
-@@ -1482,7 +1482,7 @@
- 		d_printf("altname <file>\n");
- 		return 1;
- 	}
--	name = talloc_asprintf_append(name, buf);
-+	name = talloc_asprintf_append(name, "%s", buf);
- 	if (!name) {
- 		return 1;
- 	}
-@@ -1566,7 +1566,7 @@
- 		d_printf("allinfo <file>\n");
- 		return 1;
- 	}
--	name = talloc_asprintf_append(name, buf);
-+	name = talloc_asprintf_append(name, "%s", buf);
- 	if (!name) {
- 		return 1;
- 	}
-@@ -1733,9 +1733,9 @@
- 	}
- 
- 	if (next_token_talloc(ctx, &cmd_ptr,&buf,NULL)) {
--		rname = talloc_asprintf_append(rname, buf);
-+		rname = talloc_asprintf_append(rname, "%s", buf);
- 	} else {
--		rname = talloc_asprintf_append(rname, lname);
-+		rname = talloc_asprintf_append(rname, "%s", lname);
- 	}
- 	if (!rname) {
- 		return 1;
-@@ -2132,7 +2132,7 @@
- 		d_printf("del <filename>\n");
- 		return 1;
- 	}
--	mask = talloc_asprintf_append(mask, buf);
-+	mask = talloc_asprintf_append(mask, "%s", buf);
- 	if (!mask) {
- 		return 1;
- 	}
-@@ -3524,7 +3524,7 @@
- 		d_printf("reget <filename>\n");
- 		return 1;
- 	}
--	remote_name = talloc_asprintf_append(remote_name, fname);
-+	remote_name = talloc_asprintf_append(remote_name, "%s", fname);
- 	if (!remote_name) {
- 		return 1;
- 	}
-@@ -3571,10 +3571,10 @@
- 
- 	if (next_token_talloc(ctx, &cmd_ptr, &buf, NULL)) {
- 		remote_name = talloc_asprintf_append(remote_name,
--						buf);
-+						"%s", buf);
- 	} else {
- 		remote_name = talloc_asprintf_append(remote_name,
--						local_name);
-+						"%s", local_name);
- 	}
- 	if (!remote_name) {
- 		return 1;
-@@ -4107,13 +4107,13 @@
- 				TALLOC_FREE(ctx);
- 				return;
- 			}
--			tmp = talloc_asprintf_append(tmp, f->name);
-+			tmp = talloc_asprintf_append(tmp, "%s", f->name);
- 			if (!tmp) {
- 				TALLOC_FREE(ctx);
- 				return;
- 			}
- 			if (f->mode & aDIR) {
--				tmp = talloc_asprintf_append(tmp, CLI_DIRSEP_STR);
-+				tmp = talloc_asprintf_append(tmp, "%s", CLI_DIRSEP_STR);
- 			}
- 			if (!tmp) {
- 				TALLOC_FREE(ctx);

Modified: branches/samba/lenny/debian/patches/series
===================================================================
--- branches/samba/lenny/debian/patches/series	2009-06-22 18:46:16 UTC (rev 2907)
+++ branches/samba/lenny/debian/patches/series	2009-06-23 06:38:23 UTC (rev 2908)
@@ -30,4 +30,4 @@
 bug_520794.patch
 bug_522907_upstream_6279.patch
 bug_526229-upstream_6301.patch
-security-CVE-2009-1888.patch
+security-CVE-2009-1886.patch




More information about the Pkg-samba-maint mailing list