[Pkg-samba-maint] [Git][samba-team/samba][master] 2 commits: removed nsswitch-pam-data-time_t.patch

Thu Dec 15 19:08:27 GMT 2022

Michael Tokarev pushed to branch master at Debian Samba Team / samba


Commits:
bd6b1563 by Michael Tokarev at 2022-12-15T22:06:22+03:00
removed nsswitch-pam-data-time_t.patch

- - - - -
b5a8d45a by Michael Tokarev at 2022-12-15T22:06:22+03:00
removed CVE-2022-42898-lib-krb5-fix-_krb5_get_int64-on-32bit.patch

- - - - -


3 changed files:

- − debian/patches/CVE-2022-42898-lib-krb5-fix-_krb5_get_int64-on-32bit.patch
- − debian/patches/nsswitch-pam-data-time_t.patch
- debian/patches/series


Changes:

=====================================
debian/patches/CVE-2022-42898-lib-krb5-fix-_krb5_get_int64-on-32bit.patch deleted
=====================================
@@ -1,30 +0,0 @@
-From 009ccbafebf2911fa5385de5e2ebded4f6b8fc58 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze at samba.org>
-Date: Wed, 16 Nov 2022 12:08:45 +0100
-Subject: [PATCH] CVE-2022-42898: HEIMDAL: lib/krb5: fix _krb5_get_int64 on
- systems where 'unsigned long' is just 32-bit
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=15203
-
-Signed-off-by: Stefan Metzmacher <metze at samba.org>
-Reviewed-by: Ralph Boehme <slow at samba.org>
----
- third_party/heimdal/lib/krb5/store-int.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/third_party/heimdal/lib/krb5/store-int.c b/third_party/heimdal/lib/krb5/store-int.c
-index 542b99abc089..6fe7eb37fc69 100644
---- a/third_party/heimdal/lib/krb5/store-int.c
-+++ b/third_party/heimdal/lib/krb5/store-int.c
-@@ -49,7 +49,7 @@ KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL
- _krb5_get_int64(void *buffer, uint64_t *value, size_t size)
- {
-     unsigned char *p = buffer;
--    unsigned long v = 0;
-+    uint64_t v = 0;
-     size_t i;
-     for (i = 0; i < size; i++)
- 	v = (v << 8) + p[i];

--- 
-2.34.1
-


=====================================
debian/patches/nsswitch-pam-data-time_t.patch deleted
=====================================
@@ -1,86 +0,0 @@
-From 3e99fc766db69169c07c3d21b02a89de66a0cbd6 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra at samba.org>
-Date: Tue, 8 Nov 2022 16:16:07 -0800
-Subject: [PATCH] nsswitch: Fix pam_set_data()/pam_get_data() to use pointers
- to a time_t, not try and embedd it directly.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=15224
-
-Signed-off-by: Jeremy Allison <jra at samba.org>
----
- nsswitch/pam_winbind.c | 24 +++++++++++++++++-------
- 1 file changed, 17 insertions(+), 7 deletions(-)
-
-diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
-index e7ae605b341..02a8aa8df98 100644
---- a/nsswitch/pam_winbind.c
-+++ b/nsswitch/pam_winbind.c
-@@ -3226,7 +3226,15 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
- 	 */
- 
- 	if (flags & PAM_PRELIM_CHECK) {
--		time_t pwdlastset_prelim = 0;
-+		time_t *pwdlastset_prelim = NULL;
-+
-+		pwdlastset_prelim = talloc_array(NULL, time_t, 1);
-+		if (pwdlastset_prelim == NULL) {
-+			_pam_log(ctx, LOG_CRIT,
-+				 "password - out of memory");
-+			ret = PAM_BUF_ERR;
-+			goto out;
-+		}
- 
- 		/* instruct user what is happening */
- 
-@@ -3258,7 +3266,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
- 		ret = winbind_auth_request(ctx, user, pass_old,
- 					   NULL, NULL, 0,
- 					   &error, NULL,
--					   &pwdlastset_prelim, NULL);
-+					   pwdlastset_prelim, NULL);
- 
- 		if (ret != PAM_ACCT_EXPIRED &&
- 		    ret != PAM_AUTHTOK_EXPIRED &&
-@@ -3269,7 +3277,8 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
- 		}
- 
- 		pam_set_data(pamh, PAM_WINBIND_PWD_LAST_SET,
--			     (void *)pwdlastset_prelim, NULL);
-+			     pwdlastset_prelim,
-+			     _pam_winbind_cleanup_func);
- 
- 		ret = pam_set_item(pamh, PAM_OLDAUTHTOK,
- 				   (const void *) pass_old);
-@@ -3280,7 +3289,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
- 		}
- 	} else if (flags & PAM_UPDATE_AUTHTOK) {
- 
--		time_t pwdlastset_update = 0;
-+		time_t *pwdlastset_update = NULL;
- 
- 		/*
- 		 * obtain the proposed password
-@@ -3343,8 +3352,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
- 		 * By reaching here we have approved the passwords and must now
- 		 * rebuild the password database file.
- 		 */
--		pam_get_data(pamh, PAM_WINBIND_PWD_LAST_SET,
--			     (const void **) &pwdlastset_update);
-+		pam_get_data(pamh,
-+			     PAM_WINBIND_PWD_LAST_SET,
-+			     (const void **)&pwdlastset_update);
- 
- 		/*
- 		 * if cached creds were enabled, make sure to set the
-@@ -3356,7 +3366,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
- 		}
- 
- 		ret = winbind_chauthtok_request(ctx, user, pass_old,
--						pass_new, pwdlastset_update);
-+						pass_new, *pwdlastset_update);
- 		if (ret != PAM_SUCCESS) {
- 			pass_old = pass_new = NULL;
- 			goto out;
--- 
-2.34.1
-


=====================================
debian/patches/series
=====================================
@@ -19,9 +19,7 @@ testparm-do-not-fail-if-pid-dir-does-not-exist.patch
 add-missing-libs-deps.diff
 spelling.patch
 unwrap-getresgid-typo.patch
-nsswitch-pam-data-time_t.patch
 fruit-disable-useless-size_t-overflow-check.patch
-CVE-2022-42898-lib-krb5-fix-_krb5_get_int64-on-32bit.patch
 meaningful-error-if-no-samba-ad-provision.patch
 meaningful-error-if-no-python3-markdown.patch
 ctdb-use-run-instead-of-var-run.patch



View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/32a4353b500b47ca288427a0a79b8ff7c3926551...b5a8d45ad72237178cf3443f23b7302bdf584d78

-- 
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/32a4353b500b47ca288427a0a79b8ff7c3926551...b5a8d45ad72237178cf3443f23b7302bdf584d78
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20221215/775fbacc/attachment-0001.htm>
