[Pkg-samba-maint] [Git][samba-team/samba][master] 2 commits: removed nsswitch-pam-data-time_t.patch
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Thu Dec 15 19:08:27 GMT 2022
Michael Tokarev pushed to branch master at Debian Samba Team / samba
Commits:
bd6b1563 by Michael Tokarev at 2022-12-15T22:06:22+03:00
removed nsswitch-pam-data-time_t.patch
- - - - -
b5a8d45a by Michael Tokarev at 2022-12-15T22:06:22+03:00
removed CVE-2022-42898-lib-krb5-fix-_krb5_get_int64-on-32bit.patch
- - - - -
3 changed files:
- − debian/patches/CVE-2022-42898-lib-krb5-fix-_krb5_get_int64-on-32bit.patch
- − debian/patches/nsswitch-pam-data-time_t.patch
- debian/patches/series
Changes:
=====================================
debian/patches/CVE-2022-42898-lib-krb5-fix-_krb5_get_int64-on-32bit.patch deleted
=====================================
@@ -1,30 +0,0 @@
-From 009ccbafebf2911fa5385de5e2ebded4f6b8fc58 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze at samba.org>
-Date: Wed, 16 Nov 2022 12:08:45 +0100
-Subject: [PATCH] CVE-2022-42898: HEIMDAL: lib/krb5: fix _krb5_get_int64 on
- systems where 'unsigned long' is just 32-bit
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=15203
-
-Signed-off-by: Stefan Metzmacher <metze at samba.org>
-Reviewed-by: Ralph Boehme <slow at samba.org>
----
- third_party/heimdal/lib/krb5/store-int.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/third_party/heimdal/lib/krb5/store-int.c b/third_party/heimdal/lib/krb5/store-int.c
-index 542b99abc089..6fe7eb37fc69 100644
---- a/third_party/heimdal/lib/krb5/store-int.c
-+++ b/third_party/heimdal/lib/krb5/store-int.c
-@@ -49,7 +49,7 @@ KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL
- _krb5_get_int64(void *buffer, uint64_t *value, size_t size)
- {
- unsigned char *p = buffer;
-- unsigned long v = 0;
-+ uint64_t v = 0;
- size_t i;
- for (i = 0; i < size; i++)
- v = (v << 8) + p[i];
---
-2.34.1
-
=====================================
debian/patches/nsswitch-pam-data-time_t.patch deleted
=====================================
@@ -1,86 +0,0 @@
-From 3e99fc766db69169c07c3d21b02a89de66a0cbd6 Mon Sep 17 00:00:00 2001
-From: Jeremy Allison <jra at samba.org>
-Date: Tue, 8 Nov 2022 16:16:07 -0800
-Subject: [PATCH] nsswitch: Fix pam_set_data()/pam_get_data() to use pointers
- to a time_t, not try and embedd it directly.
-
-BUG: https://bugzilla.samba.org/show_bug.cgi?id=15224
-
-Signed-off-by: Jeremy Allison <jra at samba.org>
----
- nsswitch/pam_winbind.c | 24 +++++++++++++++++-------
- 1 file changed, 17 insertions(+), 7 deletions(-)
-
-diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
-index e7ae605b341..02a8aa8df98 100644
---- a/nsswitch/pam_winbind.c
-+++ b/nsswitch/pam_winbind.c
-@@ -3226,7 +3226,15 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
- */
-
- if (flags & PAM_PRELIM_CHECK) {
-- time_t pwdlastset_prelim = 0;
-+ time_t *pwdlastset_prelim = NULL;
-+
-+ pwdlastset_prelim = talloc_array(NULL, time_t, 1);
-+ if (pwdlastset_prelim == NULL) {
-+ _pam_log(ctx, LOG_CRIT,
-+ "password - out of memory");
-+ ret = PAM_BUF_ERR;
-+ goto out;
-+ }
-
- /* instruct user what is happening */
-
-@@ -3258,7 +3266,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
- ret = winbind_auth_request(ctx, user, pass_old,
- NULL, NULL, 0,
- &error, NULL,
-- &pwdlastset_prelim, NULL);
-+ pwdlastset_prelim, NULL);
-
- if (ret != PAM_ACCT_EXPIRED &&
- ret != PAM_AUTHTOK_EXPIRED &&
-@@ -3269,7 +3277,8 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
- }
-
- pam_set_data(pamh, PAM_WINBIND_PWD_LAST_SET,
-- (void *)pwdlastset_prelim, NULL);
-+ pwdlastset_prelim,
-+ _pam_winbind_cleanup_func);
-
- ret = pam_set_item(pamh, PAM_OLDAUTHTOK,
- (const void *) pass_old);
-@@ -3280,7 +3289,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
- }
- } else if (flags & PAM_UPDATE_AUTHTOK) {
-
-- time_t pwdlastset_update = 0;
-+ time_t *pwdlastset_update = NULL;
-
- /*
- * obtain the proposed password
-@@ -3343,8 +3352,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
- * By reaching here we have approved the passwords and must now
- * rebuild the password database file.
- */
-- pam_get_data(pamh, PAM_WINBIND_PWD_LAST_SET,
-- (const void **) &pwdlastset_update);
-+ pam_get_data(pamh,
-+ PAM_WINBIND_PWD_LAST_SET,
-+ (const void **)&pwdlastset_update);
-
- /*
- * if cached creds were enabled, make sure to set the
-@@ -3356,7 +3366,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
- }
-
- ret = winbind_chauthtok_request(ctx, user, pass_old,
-- pass_new, pwdlastset_update);
-+ pass_new, *pwdlastset_update);
- if (ret != PAM_SUCCESS) {
- pass_old = pass_new = NULL;
- goto out;
---
-2.34.1
-
=====================================
debian/patches/series
=====================================
@@ -19,9 +19,7 @@ testparm-do-not-fail-if-pid-dir-does-not-exist.patch
add-missing-libs-deps.diff
spelling.patch
unwrap-getresgid-typo.patch
-nsswitch-pam-data-time_t.patch
fruit-disable-useless-size_t-overflow-check.patch
-CVE-2022-42898-lib-krb5-fix-_krb5_get_int64-on-32bit.patch
meaningful-error-if-no-samba-ad-provision.patch
meaningful-error-if-no-python3-markdown.patch
ctdb-use-run-instead-of-var-run.patch
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/32a4353b500b47ca288427a0a79b8ff7c3926551...b5a8d45ad72237178cf3443f23b7302bdf584d78
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/32a4353b500b47ca288427a0a79b8ff7c3926551...b5a8d45ad72237178cf3443f23b7302bdf584d78
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20221215/775fbacc/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list