[Pkg-samba-maint] r2908 - in branches/samba/lenny/debian: . patches
bubulle at alioth.debian.org
bubulle at alioth.debian.org
Tue Jun 23 06:38:24 UTC 2009
Author: bubulle
Date: 2009-06-23 06:38:23 +0000 (Tue, 23 Jun 2009)
New Revision: 2908
Added:
branches/samba/lenny/debian/patches/security-CVE-2009-1886.patch
Removed:
branches/samba/lenny/debian/patches/security-CVE-2009-1888.patch
Modified:
branches/samba/lenny/debian/changelog
branches/samba/lenny/debian/patches/series
Log:
Rename the security patch after the correct CVE ID
Modified: branches/samba/lenny/debian/changelog
===================================================================
--- branches/samba/lenny/debian/changelog 2009-06-22 18:46:16 UTC (rev 2907)
+++ branches/samba/lenny/debian/changelog 2009-06-23 06:38:23 UTC (rev 2908)
@@ -1,3 +1,9 @@
+samba (2:3.2.5-4lenny6) UNRELEASED; urgency=low
+
+ * CVE 2009-1886: Fix Formatstring vulnerability in smbclient
+
+ -- Christian Perrier <bubulle at debian.org> Tue, 23 Jun 2009 08:37:27 +0200
+
samba (2:3.2.5-4lenny5) stable-security; urgency=high
* Fix Formatstring vulnerability in smbclient. CVE ID
Copied: branches/samba/lenny/debian/patches/security-CVE-2009-1886.patch (from rev 2906, branches/samba/lenny/debian/patches/security-CVE-2009-1888.patch)
===================================================================
--- branches/samba/lenny/debian/patches/security-CVE-2009-1886.patch (rev 0)
+++ branches/samba/lenny/debian/patches/security-CVE-2009-1886.patch 2009-06-23 06:38:23 UTC (rev 2908)
@@ -0,0 +1,182 @@
+Goal: Fix Formatstring vulnerability in smbclient
+
+Fixes: Upstream security fix. CVE-2009-1888
+
+Status wrt upstream: Fixed in 3.2.13
+
+Author: Volker Lendecke <vl at samba.org>
+
+Note: The smbclient commands dealing with file
+ names treat user input as a format string
+ to asprintf.
+
+Index: lenny/source/client/client.c
+===================================================================
+--- lenny.orig/source/client/client.c 2009-06-19 20:03:39.198283928 +0200
++++ lenny/source/client/client.c 2009-06-19 20:03:52.398284448 +0200
+@@ -364,7 +364,7 @@
+
+ /* Ensure cur_dir ends in a DIRSEP */
+ if ((new_cd[0] != '\0') && (*(new_cd+strlen(new_cd)-1) != CLI_DIRSEP_CHAR)) {
+- new_cd = talloc_asprintf_append(new_cd, CLI_DIRSEP_STR);
++ new_cd = talloc_asprintf_append(new_cd, "%s", CLI_DIRSEP_STR);
+ if (!new_cd) {
+ goto out;
+ }
+@@ -871,7 +871,7 @@
+ if (*buf == CLI_DIRSEP_CHAR) {
+ mask = talloc_strdup(ctx, buf);
+ } else {
+- mask = talloc_asprintf_append(mask, buf);
++ mask = talloc_asprintf_append(mask, "%s", buf);
+ }
+ } else {
+ mask = talloc_asprintf_append(mask, "*");
+@@ -912,7 +912,7 @@
+ return 1;
+ }
+ if ((mask[0] != '\0') && (mask[strlen(mask)-1]!=CLI_DIRSEP_CHAR)) {
+- mask = talloc_asprintf_append(mask, CLI_DIRSEP_STR);
++ mask = talloc_asprintf_append(mask, "%s", CLI_DIRSEP_STR);
+ if (!mask) {
+ return 1;
+ }
+@@ -923,7 +923,7 @@
+ if (*buf == CLI_DIRSEP_CHAR) {
+ mask = talloc_strdup(ctx, buf);
+ } else {
+- mask = talloc_asprintf_append(mask, buf);
++ mask = talloc_asprintf_append(mask, "%s", buf);
+ }
+ } else {
+ mask = talloc_strdup(ctx, "*");
+@@ -1107,7 +1107,7 @@
+ d_printf("get <filename> [localname]\n");
+ return 1;
+ }
+- rname = talloc_asprintf_append(rname, fname);
++ rname = talloc_asprintf_append(rname, "%s", fname);
+ if (!rname) {
+ return 1;
+ }
+@@ -1266,7 +1266,7 @@
+ unlink(lname);
+ return 1;
+ }
+- rname = talloc_asprintf_append(rname, fname);
++ rname = talloc_asprintf_append(rname, "%s", fname);
+ if (!rname) {
+ return 1;
+ }
+@@ -1318,7 +1318,7 @@
+ mget_mask = talloc_strdup(ctx, buf);
+ } else {
+ mget_mask = talloc_asprintf_append(mget_mask,
+- buf);
++ "%s", buf);
+ }
+ if (!mget_mask) {
+ return 1;
+@@ -1414,7 +1414,7 @@
+ }
+ return 1;
+ }
+- mask = talloc_asprintf_append(mask, buf);
++ mask = talloc_asprintf_append(mask, "%s", buf);
+ if (!mask) {
+ return 1;
+ }
+@@ -1443,14 +1443,14 @@
+ trim_char(ddir,'.','\0');
+ p = strtok_r(ddir, "/\\", &saveptr);
+ while (p) {
+- ddir2 = talloc_asprintf_append(ddir2, p);
++ ddir2 = talloc_asprintf_append(ddir2, "%s", p);
+ if (!ddir2) {
+ return 1;
+ }
+ if (!cli_chkpath(targetcli, ddir2)) {
+ do_mkdir(ddir2);
+ }
+- ddir2 = talloc_asprintf_append(ddir2, CLI_DIRSEP_STR);
++ ddir2 = talloc_asprintf_append(ddir2, "%s", CLI_DIRSEP_STR);
+ if (!ddir2) {
+ return 1;
+ }
+@@ -1482,7 +1482,7 @@
+ d_printf("altname <file>\n");
+ return 1;
+ }
+- name = talloc_asprintf_append(name, buf);
++ name = talloc_asprintf_append(name, "%s", buf);
+ if (!name) {
+ return 1;
+ }
+@@ -1566,7 +1566,7 @@
+ d_printf("allinfo <file>\n");
+ return 1;
+ }
+- name = talloc_asprintf_append(name, buf);
++ name = talloc_asprintf_append(name, "%s", buf);
+ if (!name) {
+ return 1;
+ }
+@@ -1733,9 +1733,9 @@
+ }
+
+ if (next_token_talloc(ctx, &cmd_ptr,&buf,NULL)) {
+- rname = talloc_asprintf_append(rname, buf);
++ rname = talloc_asprintf_append(rname, "%s", buf);
+ } else {
+- rname = talloc_asprintf_append(rname, lname);
++ rname = talloc_asprintf_append(rname, "%s", lname);
+ }
+ if (!rname) {
+ return 1;
+@@ -2132,7 +2132,7 @@
+ d_printf("del <filename>\n");
+ return 1;
+ }
+- mask = talloc_asprintf_append(mask, buf);
++ mask = talloc_asprintf_append(mask, "%s", buf);
+ if (!mask) {
+ return 1;
+ }
+@@ -3524,7 +3524,7 @@
+ d_printf("reget <filename>\n");
+ return 1;
+ }
+- remote_name = talloc_asprintf_append(remote_name, fname);
++ remote_name = talloc_asprintf_append(remote_name, "%s", fname);
+ if (!remote_name) {
+ return 1;
+ }
+@@ -3571,10 +3571,10 @@
+
+ if (next_token_talloc(ctx, &cmd_ptr, &buf, NULL)) {
+ remote_name = talloc_asprintf_append(remote_name,
+- buf);
++ "%s", buf);
+ } else {
+ remote_name = talloc_asprintf_append(remote_name,
+- local_name);
++ "%s", local_name);
+ }
+ if (!remote_name) {
+ return 1;
+@@ -4107,13 +4107,13 @@
+ TALLOC_FREE(ctx);
+ return;
+ }
+- tmp = talloc_asprintf_append(tmp, f->name);
++ tmp = talloc_asprintf_append(tmp, "%s", f->name);
+ if (!tmp) {
+ TALLOC_FREE(ctx);
+ return;
+ }
+ if (f->mode & aDIR) {
+- tmp = talloc_asprintf_append(tmp, CLI_DIRSEP_STR);
++ tmp = talloc_asprintf_append(tmp, "%s", CLI_DIRSEP_STR);
+ }
+ if (!tmp) {
+ TALLOC_FREE(ctx);
Deleted: branches/samba/lenny/debian/patches/security-CVE-2009-1888.patch
===================================================================
--- branches/samba/lenny/debian/patches/security-CVE-2009-1888.patch 2009-06-22 18:46:16 UTC (rev 2907)
+++ branches/samba/lenny/debian/patches/security-CVE-2009-1888.patch 2009-06-23 06:38:23 UTC (rev 2908)
@@ -1,182 +0,0 @@
-Goal: Fix Formatstring vulnerability in smbclient
-
-Fixes: Upstream security fix. CVE-2009-1888
-
-Status wrt upstream: Fixed in 3.2.13
-
-Author: Volker Lendecke <vl at samba.org>
-
-Note: The smbclient commands dealing with file
- names treat user input as a format string
- to asprintf.
-
-Index: lenny/source/client/client.c
-===================================================================
---- lenny.orig/source/client/client.c 2009-06-19 20:03:39.198283928 +0200
-+++ lenny/source/client/client.c 2009-06-19 20:03:52.398284448 +0200
-@@ -364,7 +364,7 @@
-
- /* Ensure cur_dir ends in a DIRSEP */
- if ((new_cd[0] != '\0') && (*(new_cd+strlen(new_cd)-1) != CLI_DIRSEP_CHAR)) {
-- new_cd = talloc_asprintf_append(new_cd, CLI_DIRSEP_STR);
-+ new_cd = talloc_asprintf_append(new_cd, "%s", CLI_DIRSEP_STR);
- if (!new_cd) {
- goto out;
- }
-@@ -871,7 +871,7 @@
- if (*buf == CLI_DIRSEP_CHAR) {
- mask = talloc_strdup(ctx, buf);
- } else {
-- mask = talloc_asprintf_append(mask, buf);
-+ mask = talloc_asprintf_append(mask, "%s", buf);
- }
- } else {
- mask = talloc_asprintf_append(mask, "*");
-@@ -912,7 +912,7 @@
- return 1;
- }
- if ((mask[0] != '\0') && (mask[strlen(mask)-1]!=CLI_DIRSEP_CHAR)) {
-- mask = talloc_asprintf_append(mask, CLI_DIRSEP_STR);
-+ mask = talloc_asprintf_append(mask, "%s", CLI_DIRSEP_STR);
- if (!mask) {
- return 1;
- }
-@@ -923,7 +923,7 @@
- if (*buf == CLI_DIRSEP_CHAR) {
- mask = talloc_strdup(ctx, buf);
- } else {
-- mask = talloc_asprintf_append(mask, buf);
-+ mask = talloc_asprintf_append(mask, "%s", buf);
- }
- } else {
- mask = talloc_strdup(ctx, "*");
-@@ -1107,7 +1107,7 @@
- d_printf("get <filename> [localname]\n");
- return 1;
- }
-- rname = talloc_asprintf_append(rname, fname);
-+ rname = talloc_asprintf_append(rname, "%s", fname);
- if (!rname) {
- return 1;
- }
-@@ -1266,7 +1266,7 @@
- unlink(lname);
- return 1;
- }
-- rname = talloc_asprintf_append(rname, fname);
-+ rname = talloc_asprintf_append(rname, "%s", fname);
- if (!rname) {
- return 1;
- }
-@@ -1318,7 +1318,7 @@
- mget_mask = talloc_strdup(ctx, buf);
- } else {
- mget_mask = talloc_asprintf_append(mget_mask,
-- buf);
-+ "%s", buf);
- }
- if (!mget_mask) {
- return 1;
-@@ -1414,7 +1414,7 @@
- }
- return 1;
- }
-- mask = talloc_asprintf_append(mask, buf);
-+ mask = talloc_asprintf_append(mask, "%s", buf);
- if (!mask) {
- return 1;
- }
-@@ -1443,14 +1443,14 @@
- trim_char(ddir,'.','\0');
- p = strtok_r(ddir, "/\\", &saveptr);
- while (p) {
-- ddir2 = talloc_asprintf_append(ddir2, p);
-+ ddir2 = talloc_asprintf_append(ddir2, "%s", p);
- if (!ddir2) {
- return 1;
- }
- if (!cli_chkpath(targetcli, ddir2)) {
- do_mkdir(ddir2);
- }
-- ddir2 = talloc_asprintf_append(ddir2, CLI_DIRSEP_STR);
-+ ddir2 = talloc_asprintf_append(ddir2, "%s", CLI_DIRSEP_STR);
- if (!ddir2) {
- return 1;
- }
-@@ -1482,7 +1482,7 @@
- d_printf("altname <file>\n");
- return 1;
- }
-- name = talloc_asprintf_append(name, buf);
-+ name = talloc_asprintf_append(name, "%s", buf);
- if (!name) {
- return 1;
- }
-@@ -1566,7 +1566,7 @@
- d_printf("allinfo <file>\n");
- return 1;
- }
-- name = talloc_asprintf_append(name, buf);
-+ name = talloc_asprintf_append(name, "%s", buf);
- if (!name) {
- return 1;
- }
-@@ -1733,9 +1733,9 @@
- }
-
- if (next_token_talloc(ctx, &cmd_ptr,&buf,NULL)) {
-- rname = talloc_asprintf_append(rname, buf);
-+ rname = talloc_asprintf_append(rname, "%s", buf);
- } else {
-- rname = talloc_asprintf_append(rname, lname);
-+ rname = talloc_asprintf_append(rname, "%s", lname);
- }
- if (!rname) {
- return 1;
-@@ -2132,7 +2132,7 @@
- d_printf("del <filename>\n");
- return 1;
- }
-- mask = talloc_asprintf_append(mask, buf);
-+ mask = talloc_asprintf_append(mask, "%s", buf);
- if (!mask) {
- return 1;
- }
-@@ -3524,7 +3524,7 @@
- d_printf("reget <filename>\n");
- return 1;
- }
-- remote_name = talloc_asprintf_append(remote_name, fname);
-+ remote_name = talloc_asprintf_append(remote_name, "%s", fname);
- if (!remote_name) {
- return 1;
- }
-@@ -3571,10 +3571,10 @@
-
- if (next_token_talloc(ctx, &cmd_ptr, &buf, NULL)) {
- remote_name = talloc_asprintf_append(remote_name,
-- buf);
-+ "%s", buf);
- } else {
- remote_name = talloc_asprintf_append(remote_name,
-- local_name);
-+ "%s", local_name);
- }
- if (!remote_name) {
- return 1;
-@@ -4107,13 +4107,13 @@
- TALLOC_FREE(ctx);
- return;
- }
-- tmp = talloc_asprintf_append(tmp, f->name);
-+ tmp = talloc_asprintf_append(tmp, "%s", f->name);
- if (!tmp) {
- TALLOC_FREE(ctx);
- return;
- }
- if (f->mode & aDIR) {
-- tmp = talloc_asprintf_append(tmp, CLI_DIRSEP_STR);
-+ tmp = talloc_asprintf_append(tmp, "%s", CLI_DIRSEP_STR);
- }
- if (!tmp) {
- TALLOC_FREE(ctx);
Modified: branches/samba/lenny/debian/patches/series
===================================================================
--- branches/samba/lenny/debian/patches/series 2009-06-22 18:46:16 UTC (rev 2907)
+++ branches/samba/lenny/debian/patches/series 2009-06-23 06:38:23 UTC (rev 2908)
@@ -30,4 +30,4 @@
bug_520794.patch
bug_522907_upstream_6279.patch
bug_526229-upstream_6301.patch
-security-CVE-2009-1888.patch
+security-CVE-2009-1886.patch
More information about the Pkg-samba-maint
mailing list