[Pkg-samba-maint] Situation of current samba security issues

Nico Golde nico at ngolde.de
Thu Oct 8 23:54:43 UTC 2009 

Hi,
* Christian Perrier <bubulle at debian.org> [2009-10-08 15:59]:
> Quoting Nico Golde (nico at ngolde.de):
> 
> > http://people.debian.org/~nion/samba-3.2.14-CVE-2009-2948-2.patch
> > 
> > I did a few test and it seems to work as expected but please test as well :)
> 
> 
> Well, using it along with all other upstream patches:
> -samba-3.2.14-CVE-2009-2913.patch
> -samba-3.2.14-CVE-2009-2906.patch
> -samba-3.2.14-CVE-2009-2948-1.patch
> 
> ...gives me this when I build the package:
> 
> Compiling client/mount.cifs.c
> client/mount.cifs.c: In function 'get_password_from_file':
> client/mount.cifs.c:324: error: 'EX_SYSERR' undeclared (first use in this function)
> client/mount.cifs.c:324: error: (Each undeclared identifier is reported only once
> client/mount.cifs.c:324: error: for each function it appears in.)
> The following command failed:
> gcc -I. -I/tmp/buildd/samba-3.2.5/source  -O -D_SAMBA_BUILD_=3  -I/tmp/buildd/samba-3.2.5/source/iniparser/src -Iinclude -I./include  -I. -I. -I./lib/replace -I./lib/talloc -I./lib/tdb/include -I./libaddns -I./librpc -DHAVE_CONFIG_H  -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -Iinclude -I./include -I. -I. -I./lib/replace -I./lib/talloc -I./lib/tdb/include -I./libaddns -I./librpc -I./popt -DLDAP_DEPRECATED   -I/include -I/tmp/buildd/samba-3.2.5/source/lib -D_SAMBA_BUILD_=3 -fPIC -c client/mount.cifs.c -o client/mount.cifs.o
> 
> This EX_SYSERR appears in samba-3.0.36-CVE-2009-2948-1.patch...

But samba-3.2.14-CVE-2009-2948-2.patch is not using EX_SYSERR. I compiled 
mount.cifs.c after porting the patch so I guess this was introduced in 
samba-3.2.14-CVE-2009-2913.patch or samba-3.2.14-CVE-2009-2906.patch. Did you 
check? Do you have the source package available somewhere?

> I suspect this is something that got introduced between 3.2.5 and
> 3.2.14
> 
> ....so, yet more investigation to do for all of us.

Can't do anything unless I have all the patches :)

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20091009/a5d124b5/attachment.pgp>

More information about the Pkg-samba-maint mailing list