[Pkg-samba-maint] r4052 - in trunk/samba: . packaging/RHEL packaging/RHEL-CTDB source3 source3/include source3/rpc_server/lsa

bubulle at alioth.debian.org bubulle at alioth.debian.org
Mon Apr 30 20:23:14 UTC 2012


Author: bubulle
Date: 2012-04-30 20:23:13 +0000 (Mon, 30 Apr 2012)
New Revision: 4052

Modified:
   trunk/samba/WHATSNEW.txt
   trunk/samba/packaging/RHEL-CTDB/samba.spec
   trunk/samba/packaging/RHEL/makerpms.sh
   trunk/samba/packaging/RHEL/samba.spec
   trunk/samba/source3/VERSION
   trunk/samba/source3/include/version.h
   trunk/samba/source3/rpc_server/lsa/srv_lsa_nt.c
Log:
Merge upstream 3.6.5

Modified: trunk/samba/WHATSNEW.txt
===================================================================
--- trunk/samba/WHATSNEW.txt	2012-04-30 20:18:22 UTC (rev 4051)
+++ trunk/samba/WHATSNEW.txt	2012-04-30 20:23:13 UTC (rev 4052)
@@ -1,4 +1,51 @@
                    =============================
+                   Release Notes for Samba 3.6.5
+                          April 30, 2012
+                   =============================
+
+
+This is a security release in order to address
+CVE-2012-2111 (Incorrect permission checks when granting/removing
+privileges can compromise file server security).
+
+o  CVE-2012-2111:
+   Samba 3.4.x to 3.6.4 are affected by a
+   vulnerability that allows arbitrary users
+   to modify privileges on a file server.
+
+
+Changes since 3.6.4:
+--------------------
+
+
+o   Jeremy Allison <jra at samba.org>
+    * Fix  incorrect permission checks when granting/removing
+      privileges (CVE-2012-2111).
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 3.6 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+Release notes for older releases follow:
+----------------------------------------
+
+                   =============================
                    Release Notes for Samba 3.6.4
                           April 10, 2012
                    =============================
@@ -41,9 +88,10 @@
 == The Samba Team
 ======================================================================
 
-Release notes for older releases follow:
-----------------------------------------
 
+----------------------------------------------------------------------
+
+
                    =============================
                    Release Notes for Samba 3.6.3
                          January 29, 2012

Modified: trunk/samba/packaging/RHEL/makerpms.sh
===================================================================
--- trunk/samba/packaging/RHEL/makerpms.sh	2012-04-30 20:18:22 UTC (rev 4051)
+++ trunk/samba/packaging/RHEL/makerpms.sh	2012-04-30 20:23:13 UTC (rev 4052)
@@ -20,7 +20,7 @@
 
 USERID=`id -u`
 GRPID=`id -g`
-VERSION='3.6.4'
+VERSION='3.6.5'
 REVISION=''
 SPECFILE="samba.spec"
 RPMVER=`rpm --version | awk '{print $3}'`

Modified: trunk/samba/packaging/RHEL/samba.spec
===================================================================
--- trunk/samba/packaging/RHEL/samba.spec	2012-04-30 20:18:22 UTC (rev 4051)
+++ trunk/samba/packaging/RHEL/samba.spec	2012-04-30 20:23:13 UTC (rev 4052)
@@ -11,7 +11,7 @@
 Vendor: Samba Team
 Packager: Samba Team <samba at samba.org>
 Name:         samba
-Version:      3.6.4
+Version:      3.6.5
 Release:      1
 Epoch:        0
 License: GNU GPL version 3

Modified: trunk/samba/packaging/RHEL-CTDB/samba.spec
===================================================================
--- trunk/samba/packaging/RHEL-CTDB/samba.spec	2012-04-30 20:18:22 UTC (rev 4051)
+++ trunk/samba/packaging/RHEL-CTDB/samba.spec	2012-04-30 20:23:13 UTC (rev 4052)
@@ -5,7 +5,7 @@
 Vendor: Samba Team
 Packager: Samba Team <samba at samba.org>
 Name:         samba
-Version:      3.6.4
+Version:      3.6.5
 Release:      1GITHASH
 Epoch:        0
 License: GNU GPL version 3

Modified: trunk/samba/source3/VERSION
===================================================================
--- trunk/samba/source3/VERSION	2012-04-30 20:18:22 UTC (rev 4051)
+++ trunk/samba/source3/VERSION	2012-04-30 20:23:13 UTC (rev 4052)
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=3
 SAMBA_VERSION_MINOR=6
-SAMBA_VERSION_RELEASE=4
+SAMBA_VERSION_RELEASE=5
 
 ########################################################
 # Bug fix releases use a letter for the patch revision #

Modified: trunk/samba/source3/include/version.h
===================================================================
--- trunk/samba/source3/include/version.h	2012-04-30 20:18:22 UTC (rev 4051)
+++ trunk/samba/source3/include/version.h	2012-04-30 20:23:13 UTC (rev 4052)
@@ -1,8 +1,8 @@
 /* Autogenerated by script/mkversion.sh */
 #define SAMBA_VERSION_MAJOR 3
 #define SAMBA_VERSION_MINOR 6
-#define SAMBA_VERSION_RELEASE 4
-#define SAMBA_VERSION_OFFICIAL_STRING "3.6.4"
+#define SAMBA_VERSION_RELEASE 5
+#define SAMBA_VERSION_OFFICIAL_STRING "3.6.5"
 #ifdef SAMBA_VERSION_VENDOR_FUNCTION
 #  define SAMBA_VERSION_STRING SAMBA_VERSION_VENDOR_FUNCTION
 #else /* SAMBA_VERSION_VENDOR_FUNCTION */

Modified: trunk/samba/source3/rpc_server/lsa/srv_lsa_nt.c
===================================================================
--- trunk/samba/source3/rpc_server/lsa/srv_lsa_nt.c	2012-04-30 20:18:22 UTC (rev 4051)
+++ trunk/samba/source3/rpc_server/lsa/srv_lsa_nt.c	2012-04-30 20:23:13 UTC (rev 4052)
@@ -2448,6 +2448,10 @@
 	uint32_t acc_granted;
 	struct security_descriptor *psd;
 	size_t sd_size;
+	uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS &
+			~(LSA_ACCOUNT_ADJUST_PRIVILEGES|
+			LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
+			SEC_STD_DELETE));
 
 	/* find the connection policy handle. */
 	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
@@ -2473,7 +2477,7 @@
 
 	status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
 				    &lsa_account_mapping,
-				    r->in.sid, LSA_POLICY_ALL_ACCESS);
+				    r->in.sid, owner_access);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
@@ -2514,6 +2518,10 @@
 	size_t sd_size;
 	uint32_t des_access = r->in.access_mask;
 	uint32_t acc_granted;
+	uint32_t owner_access = (LSA_ACCOUNT_ALL_ACCESS &
+			~(LSA_ACCOUNT_ADJUST_PRIVILEGES|
+			LSA_ACCOUNT_ADJUST_SYSTEM_ACCESS|
+			SEC_STD_DELETE));
 	NTSTATUS status;
 
 	/* find the connection policy handle. */
@@ -2538,7 +2546,7 @@
 	/* get the generic lsa account SD until we store it */
 	status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
 				&lsa_account_mapping,
-				r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
+				r->in.sid, owner_access);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
@@ -2886,7 +2894,7 @@
         /* get the generic lsa account SD for this SID until we store it */
         status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
                                 &lsa_account_mapping,
-                                r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
+				NULL, 0);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
         }
@@ -2957,7 +2965,7 @@
         /* get the generic lsa account SD for this SID until we store it */
         status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size,
                                 &lsa_account_mapping,
-                                r->in.sid, LSA_ACCOUNT_ALL_ACCESS);
+				NULL, 0);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
         }





More information about the Pkg-samba-maint mailing list