[Pkg-samba-maint] [samba] 01/01: Removing CVE-2017-7494.patch: applied upstream
Mathieu Parent
sathieu at moszumanska.debian.org
Fri Jun 9 20:01:39 UTC 2017
This is an automated email from the git hooks/post-receive script.
sathieu pushed a commit to branch master
in repository samba.
commit 0768f1553a4e9e641094e15f2338c68fab5c60bf
Author: Mathieu Parent <math.parent at gmail.com>
Date: Fri Jun 9 21:33:06 2017 +0200
Removing CVE-2017-7494.patch: applied upstream
---
VERSION | 2 +-
buildtools/wafsamba/samba_utils.py | 2 +-
buildtools/wafsamba/wafsamba.py | 3 +++
buildtools/wafsamba/wscript | 1 -
ctdb/config/ctdb.service | 1 +
debian/patches/CVE-2017-7494.patch | 33 -------------------------
debian/patches/series | 1 -
docs-xml/smbdotconf/misc/usersharemaxshares.xml | 2 +-
docs-xml/wscript_build | 2 +-
docs/manpages/net.8 | 4 +--
examples/LDAP/README | 3 +++
lib/param/loadparm.c | 2 ++
packaging/systemd/nmb.service | 6 +++--
packaging/systemd/samba.service | 5 ++--
packaging/systemd/smb.service | 5 ++--
packaging/systemd/winbind.service | 5 ++--
selftest/quick | 3 ++-
source3/include/libsmbclient.h | 10 ++++++++
source3/include/local.h | 2 +-
source3/param/loadparm.c | 2 +-
source3/script/build_env.sh | 11 ---------
source4/heimdal_build/wscript_build | 6 ++---
source4/param/wscript_build | 5 ++--
23 files changed, 48 insertions(+), 68 deletions(-)
diff --git a/VERSION b/VERSION
index 8ed646d..48dd5e8 100644
--- a/VERSION
+++ b/VERSION
@@ -123,5 +123,5 @@ SAMBA_VERSION_RELEASE_NICKNAME=
# -> "3.0.0rc2-VendorVersion" #
# #
########################################################
-SAMBA_VERSION_VENDOR_SUFFIX=
+SAMBA_VERSION_VENDOR_SUFFIX=Debian
SAMBA_VERSION_VENDOR_PATCH=
diff --git a/buildtools/wafsamba/samba_utils.py b/buildtools/wafsamba/samba_utils.py
index 49a8759..205bdc9 100644
--- a/buildtools/wafsamba/samba_utils.py
+++ b/buildtools/wafsamba/samba_utils.py
@@ -63,7 +63,7 @@ def install_rpath(target):
ret = set()
if bld.env.RPATH_ON_INSTALL:
ret.add(bld.EXPAND_VARIABLES(bld.env.LIBDIR))
- if bld.env.RPATH_ON_INSTALL_PRIVATE and needs_private_lib(bld, target):
+ if bld.env.RPATH_ON_INSTALL_PRIVATE:
ret.add(bld.EXPAND_VARIABLES(bld.env.PRIVATELIBDIR))
return list(ret)
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index 4a47dbf..4a502f2 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -232,6 +232,9 @@ def SAMBA_LIBRARY(bld, libname, source,
raise Utils.WafError("public library '%s' must have header files" %
libname)
+ if private_library and not vnum:
+ vnum = '0'
+
if bundled_name is not None:
pass
elif target_type == 'PYTHON' or realname or not private_library:
diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript
index 8802e5a..ad5bb0c 100755
--- a/buildtools/wafsamba/wscript
+++ b/buildtools/wafsamba/wscript
@@ -303,7 +303,6 @@ def configure(conf):
conf.CHECK_COMMAND(['uname', '-a'],
msg='Checking build system',
- define='BUILD_SYSTEM',
on_target=False)
conf.CHECK_UNAME()
diff --git a/ctdb/config/ctdb.service b/ctdb/config/ctdb.service
index 63cdfa9..189f2f4 100644
--- a/ctdb/config/ctdb.service
+++ b/ctdb/config/ctdb.service
@@ -1,5 +1,6 @@
[Unit]
Description=CTDB
+Documentation=man:ctdbd(1) man:ctdb(7)
After=network-online.target time-sync.target
[Service]
diff --git a/debian/patches/CVE-2017-7494.patch b/debian/patches/CVE-2017-7494.patch
deleted file mode 100644
index 0e7dd8e..0000000
--- a/debian/patches/CVE-2017-7494.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From d2bc9f3afe23ee04d237ae9f4511fbe59a27ff54 Mon Sep 17 00:00:00 2001
-From: Volker Lendecke <vl at samba.org>
-Date: Mon, 8 May 2017 21:40:40 +0200
-Subject: [PATCH] CVE-2017-7494: rpc_server3: Refuse to open pipe names with /
- inside
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780
-
-Signed-off-by: Volker Lendecke <vl at samba.org>
-Reviewed-by: Jeremy Allison <jra at samba.org>
-Reviewed-by: Stefan Metzmacher <metze at samba.org>
----
- source3/rpc_server/srv_pipe.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
-index 0633b5f..c3f0cd8 100644
---- a/source3/rpc_server/srv_pipe.c
-+++ b/source3/rpc_server/srv_pipe.c
-@@ -475,6 +475,11 @@ bool is_known_pipename(const char *pipename, struct ndr_syntax_id *syntax)
- {
- NTSTATUS status;
-
-+ if (strchr(pipename, '/')) {
-+ DEBUG(1, ("Refusing open on pipe %s\n", pipename));
-+ return false;
-+ }
-+
- if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
- DEBUG(10, ("refusing spoolss access\n"));
- return false;
---
-1.9.1
diff --git a/debian/patches/series b/debian/patches/series
index 98c29a1..3788884 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -15,4 +15,3 @@ systemd-syslog.target-is-obsolete.patch
Add-documentation-to-systemd-Unit-files.patch
fix_kill_path_in_units.patch
nmbd-requires-a-working-network.patch
-CVE-2017-7494.patch
diff --git a/docs-xml/smbdotconf/misc/usersharemaxshares.xml b/docs-xml/smbdotconf/misc/usersharemaxshares.xml
index 0d69bb8..e985857 100644
--- a/docs-xml/smbdotconf/misc/usersharemaxshares.xml
+++ b/docs-xml/smbdotconf/misc/usersharemaxshares.xml
@@ -9,5 +9,5 @@
</para>
</description>
-<value type="default">0</value>
+<value type="default">100</value>
</samba:parameter>
diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index 0b690a8..50db386 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -134,7 +134,7 @@ def SMBDOTCONF_MANPAGE(bld, target):
if ('XSLTPROC_MANPAGES' in bld.env and bld.env['XSLTPROC_MANPAGES']):
- SMBDOTCONF_MANPAGE(bld, 'manpages/smb.conf.5')
+ #SMBDOTCONF_MANPAGE(bld, 'manpages/smb.conf.5')
bld.SAMBAMANPAGES(manpages)
if bld.CONFIG_SET('WITH_PAM_MODULES') and bld.CONFIG_SET('HAVE_PAM_START'):
diff --git a/docs/manpages/net.8 b/docs/manpages/net.8
index 7e07abc..5a36754 100644
--- a/docs/manpages/net.8
+++ b/docs/manpages/net.8
@@ -1063,9 +1063,9 @@ Something we failed to parse\&. Default action is to "edit" it in interactive an
.RE
.SS "USERSHARE"
.PP
-Starting with version 3\&.0\&.23, a Samba server now supports the ability for non\-root users to add user defined shares to be exported using the "net usershare" commands\&.
+Starting with version 3\&.0\&.23, a Samba server now supports the ability for non\-root users to add user-defined shares to be exported using the "net usershare" commands\&.
.PP
-To set this up, first set up your smb\&.conf by adding to the [global] section: usershare path = /usr/local/samba/lib/usershares Next create the directory /usr/local/samba/lib/usershares, change the owner to root and set the group owner to the UNIX group who should have the ability to create usershares, for example a group called "serverops"\&. Set the permissions on /usr/local/samba/lib/usershares to 01770\&. (Owner and group all access, no access for others, plus the sticky bit, which [...]
+Members of the UNIX group "sambashare" can create user-defined shares on demand using the commands below\&.
.PP
The usershare commands are:
.RS 4
diff --git a/examples/LDAP/README b/examples/LDAP/README
index f6ce3a9..a918acf 100644
--- a/examples/LDAP/README
+++ b/examples/LDAP/README
@@ -69,6 +69,9 @@ in Samba releases.
The smbldap-tools package can be downloaded individually from
https://gna.org/projects/smbldap-tools/
+On Debian systems, the smbldap-tools exists as a separate package
+and is not included in LDAP examples.
+
!==
!== end of README
!==
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 6aa757f..de6bb5e 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2878,6 +2878,8 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "init logon delay", "100");
+ lpcfg_do_global_parameter(lp_ctx, "usershare max shares", "100");
+
lpcfg_do_global_parameter(lp_ctx, "usershare owner only", "yes");
lpcfg_do_global_parameter(lp_ctx, "-valid", "yes");
diff --git a/packaging/systemd/nmb.service b/packaging/systemd/nmb.service
index 992c0cd..71cf1c2 100644
--- a/packaging/systemd/nmb.service
+++ b/packaging/systemd/nmb.service
@@ -1,6 +1,8 @@
[Unit]
Description=Samba NMB Daemon
-After=syslog.target network.target
+Documentation=man:nmbd(8) man:samba(7) man:smb.conf(5)
+After=network-online.target
+Wants=network-online.target
[Service]
Type=notify
@@ -8,7 +10,7 @@ NotifyAccess=all
PIDFile=/run/nmbd.pid
EnvironmentFile=-/etc/sysconfig/samba
ExecStart=/usr/sbin/nmbd $NMBDOPTIONS
-ExecReload=/usr/bin/kill -HUP $MAINPID
+ExecReload=/bin/kill -HUP $MAINPID
LimitCORE=infinity
[Install]
diff --git a/packaging/systemd/samba.service b/packaging/systemd/samba.service
index 824f89c..11d2e47 100644
--- a/packaging/systemd/samba.service
+++ b/packaging/systemd/samba.service
@@ -1,6 +1,7 @@
[Unit]
Description=Samba AD Daemon
-After=syslog.target network.target
+Documentation=man:samba(8) man:samba(7) man:smb.conf(5)
+After=network.target
[Service]
Type=notify
@@ -9,7 +10,7 @@ PIDFile=/run/samba.pid
LimitNOFILE=16384
EnvironmentFile=-/etc/sysconfig/samba
ExecStart=/usr/sbin/samba $SAMBAOPTIONS
-ExecReload=/usr/bin/kill -HUP $MAINPID
+ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
diff --git a/packaging/systemd/smb.service b/packaging/systemd/smb.service
index 6053a5c..cc7831c 100644
--- a/packaging/systemd/smb.service
+++ b/packaging/systemd/smb.service
@@ -1,6 +1,7 @@
[Unit]
Description=Samba SMB Daemon
-After=syslog.target network.target nmb.service winbind.service
+Documentation=man:smbd(8) man:samba(7) man:smb.conf(5)
+After=network.target nmb.service winbind.service
[Service]
Type=notify
@@ -9,7 +10,7 @@ PIDFile=/run/smbd.pid
LimitNOFILE=16384
EnvironmentFile=-/etc/sysconfig/samba
ExecStart=/usr/sbin/smbd $SMBDOPTIONS
-ExecReload=/usr/bin/kill -HUP $MAINPID
+ExecReload=/bin/kill -HUP $MAINPID
LimitCORE=infinity
[Install]
diff --git a/packaging/systemd/winbind.service b/packaging/systemd/winbind.service
index c511488..e7f1651 100644
--- a/packaging/systemd/winbind.service
+++ b/packaging/systemd/winbind.service
@@ -1,6 +1,7 @@
[Unit]
Description=Samba Winbind Daemon
-After=syslog.target network.target nmb.service
+Documentation=man:winbindd(8) man:samba(7) man:smb.conf(5)
+After=network.target nmb.service
[Service]
Type=notify
@@ -8,7 +9,7 @@ NotifyAccess=all
PIDFile=/run/winbindd.pid
EnvironmentFile=-/etc/sysconfig/samba
ExecStart=/usr/sbin/winbindd "$WINBINDOPTIONS"
-ExecReload=/usr/bin/kill -HUP $MAINPID
+ExecReload=/bin/kill -HUP $MAINPID
LimitCORE=infinity
[Install]
diff --git a/selftest/quick b/selftest/quick
index 7605f3f..19903c6 100644
--- a/selftest/quick
+++ b/selftest/quick
@@ -14,7 +14,8 @@ raw.qfileinfo
raw.mkdir
raw.seek
raw.open
-raw.write
+# "Trying 2^32 offset" fails on 32-bit
+# raw.write
raw.read
raw.close
raw.ioctl
diff --git a/source3/include/libsmbclient.h b/source3/include/libsmbclient.h
index cf67b1d..ff9ed53 100644
--- a/source3/include/libsmbclient.h
+++ b/source3/include/libsmbclient.h
@@ -80,6 +80,16 @@ extern "C" {
#include <fcntl.h>
#include <utime.h>
+ /* Debian bug #221618 */
+#ifdef _LARGEFILE64_SOURCE
+#undef _LARGEFILE64_SOURCE
+#endif
+#define _LARGEFILE64_SOURCE 1
+#ifdef _FILE_OFFSET_BITS
+#undef _FILE_OFFSET_BITS
+#endif
+#define _FILE_OFFSET_BITS 64
+
#define SMBC_BASE_FD 10000 /* smallest file descriptor returned */
#define SMBC_WORKGROUP 1
diff --git a/source3/include/local.h b/source3/include/local.h
index 7f97d4e..60a00d1 100644
--- a/source3/include/local.h
+++ b/source3/include/local.h
@@ -88,7 +88,7 @@
/* the default pager to use for the client "more" command. Users can
override this with the PAGER environment variable */
#ifndef PAGER
-#define PAGER "more"
+#define PAGER "/usr/bin/pager"
#endif
/* the size of the uid cache used to reduce valid user checks */
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index d8da749..761d724 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -843,7 +843,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
lpcfg_string_set(Globals.ctx, &Globals.usershare_path, s);
TALLOC_FREE(s);
lpcfg_string_set(Globals.ctx, &Globals.usershare_template_share, "");
- Globals.usershare_max_shares = 0;
+ Globals.usershare_max_shares = 100;
/* By default disallow sharing of directories not owned by the sharer. */
Globals.usershare_owner_only = true;
/* By default disallow guest access to usershares. */
diff --git a/source3/script/build_env.sh b/source3/script/build_env.sh
index eb54f37..bdaa2c6 100755
--- a/source3/script/build_env.sh
+++ b/source3/script/build_env.sh
@@ -27,15 +27,4 @@ host=`hostname`
cat <<EOF
/* This file is automatically generated with "make include/build_env.h". DO NOT EDIT */
-#ifndef _BUILD_ENV_H
-#define _BUILD_ENV_H
-
-#define BUILD_ENV_UNAME "${uname}"
-#define BUILD_ENV_DATE "${date}"
-#define BUILD_ENV_SRCDIR "${srcdir}"
-#define BUILD_ENV_BUILDDIR "${builddir}"
-#define BUILD_ENV_USER "${whoami}"
-#define BUILD_ENV_HOST "${host}"
-#define BUILD_ENV_COMPILER "${compiler}"
-#endif /* _BUILD_ENV_H */
EOF
diff --git a/source4/heimdal_build/wscript_build b/source4/heimdal_build/wscript_build
index c733b8f..f3e9ab2 100644
--- a/source4/heimdal_build/wscript_build
+++ b/source4/heimdal_build/wscript_build
@@ -843,7 +843,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_WIND'):
HEIMDAL_GENERATOR(
name="HEIMDAL_ERRORLIST",
rule="${PYTHON} '${SRC[0].abspath()}' '${SRC[1].abspath()}' '${SRC[1].parent.abspath(env)}'",
- source = '../heimdal/lib/wind/gen-errorlist.py ../heimdal/lib/wind/rfc3454.txt ../heimdal/lib/wind/stringprep.py',
+ source = '../heimdal/lib/wind/gen-errorlist.py ../heimdal/lib/wind/rfc3454.txt-table ../heimdal/lib/wind/stringprep.py',
target = '../heimdal/lib/wind/errorlist_table.c ../heimdal/lib/wind/errorlist_table.h'
)
@@ -865,7 +865,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_WIND'):
HEIMDAL_GENERATOR(
name = 'HEIMDAL_BIDI_TABLE',
rule="${PYTHON} '${SRC[0].abspath()}' '${SRC[1].abspath()}' '${SRC[1].parent.abspath(env)}'",
- source = '../heimdal/lib/wind/gen-bidi.py ../heimdal/lib/wind/rfc3454.txt',
+ source = '../heimdal/lib/wind/gen-bidi.py ../heimdal/lib/wind/rfc3454.txt-table',
target = '../heimdal/lib/wind/bidi_table.h ../heimdal/lib/wind/bidi_table.c'
)
@@ -873,7 +873,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_WIND'):
HEIMDAL_GENERATOR(
name = 'HEIMDAL_MAP_TABLE',
rule="${PYTHON} '${SRC[0].abspath()}' '${SRC[2].abspath()}' '${SRC[2].parent.abspath(env)}'",
- source = '../heimdal/lib/wind/gen-map.py ../heimdal/lib/wind/stringprep.py ../heimdal/lib/wind/rfc3454.txt',
+ source = '../heimdal/lib/wind/gen-map.py ../heimdal/lib/wind/stringprep.py ../heimdal/lib/wind/rfc3454.txt-table',
target = '../heimdal/lib/wind/map_table.h ../heimdal/lib/wind/map_table.c'
)
diff --git a/source4/param/wscript_build b/source4/param/wscript_build
index 2ad753b..6fa1c4c 100644
--- a/source4/param/wscript_build
+++ b/source4/param/wscript_build
@@ -18,7 +18,7 @@ bld.SAMBA_MODULE('share_classic',
source='share_classic.c',
subsystem='share',
init_function='share_classic_init',
- deps='samba-util'
+ deps='samba-util samba-hostconfig'
)
@@ -26,7 +26,8 @@ bld.SAMBA_MODULE('share_ldb',
source='share_ldb.c',
subsystem='share',
init_function='share_ldb_init',
- deps='ldbsamba auth_system_session'
+ deps='ldbsamba auth_system_session',
+ internal_module=False,
)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git
More information about the Pkg-samba-maint
mailing list