rpms/samba/FC-6 samba-3.0.24-become_root.patch, NONE, 1.1 samba-3.0.24-parse_validation.patch, NONE, 1.1 samba-3.0.24-smbrun.patch, NONE, 1.1 samba.spec, 1.76, 1.77
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon May 14 14:34:46 UTC 2007
- Previous message (by thread): rpms/samba/FC-5 samba-3.0.24-become_root.patch, NONE, 1.1 samba-3.0.24-parse_validation.patch, NONE, 1.1 samba-3.0.24-smbrun.patch, NONE, 1.1 samba.spec, 1.74, 1.75
- Next message (by thread): rpms/selinux-policy/FC-6 policy-20061106.patch, 1.41, 1.42 policy-fusermount.patch, 1.2, 1.3 selinux-policy.spec, 1.364, 1.365
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: ssorce
Update of /cvs/dist/rpms/samba/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv3572
Modified Files:
samba.spec
Added Files:
samba-3.0.24-become_root.patch
samba-3.0.24-parse_validation.patch samba-3.0.24-smbrun.patch
Log Message:
Security release for 3.0.24
samba-3.0.24-become_root.patch:
lib/util_sec.c | 22 ----------------------
passdb/lookup_sid.c | 24 ++++++++++++------------
2 files changed, 12 insertions(+), 34 deletions(-)
--- NEW FILE samba-3.0.24-become_root.patch ---
diff -u -r source-orig/lib/util_sec.c source/lib/util_sec.c
--- source-orig/lib/util_sec.c 2007-02-04 10:59:17.000000000 -0800
+++ source/lib/util_sec.c 2007-04-10 12:10:57.932992000 -0700
@@ -286,28 +286,6 @@
}
/****************************************************************************
- Lightweight become root - no group change.
-****************************************************************************/
-
-void become_root_uid_only(void)
-{
- save_re_uid();
- set_effective_uid(0);
-}
-
-/****************************************************************************
- Lightweight unbecome root - no group change. Expects we are root already,
- saves errno across call boundary.
-****************************************************************************/
-
-void unbecome_root_uid_only(void)
-{
- int saved_errno = errno;
- restore_re_uid_fromroot();
- errno = saved_errno;
-}
-
-/****************************************************************************
save the real and effective gid for later restoration. Used by the
getgroups code
****************************************************************************/
diff -u -r source-orig/passdb/lookup_sid.c source/passdb/lookup_sid.c
--- source-orig/passdb/lookup_sid.c 2007-02-04 10:59:21.000000000 -0800
+++ source/passdb/lookup_sid.c 2007-04-10 12:11:28.203768000 -0700
@@ -421,10 +421,10 @@
return False;
}
- become_root_uid_only();
+ become_root();
result = pdb_lookup_rids(domain_sid, num_rids, rids,
*names, *types);
- unbecome_root_uid_only();
+ unbecome_root();
return (NT_STATUS_IS_OK(result) ||
NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) ||
@@ -1085,9 +1085,9 @@
goto done;
}
- become_root_uid_only();
+ become_root();
ret = pdb_uid_to_rid(uid, &rid);
- unbecome_root_uid_only();
+ unbecome_root();
if (ret) {
/* This is a mapped user */
@@ -1131,9 +1131,9 @@
goto done;
}
- become_root_uid_only();
+ become_root();
ret = pdb_gid_to_sid(gid, psid);
- unbecome_root_uid_only();
+ unbecome_root();
if (ret) {
/* This is a mapped group */
@@ -1179,9 +1179,9 @@
union unid_t id;
BOOL ret;
- become_root_uid_only();
+ become_root();
ret = pdb_sid_to_id(psid, &id, &type);
- unbecome_root_uid_only();
+ unbecome_root();
if (ret) {
if (type != SID_NAME_USER) {
@@ -1259,9 +1259,9 @@
sid_check_is_in_wellknown_domain(psid))) {
BOOL ret;
- become_root_uid_only();
+ become_root();
ret = pdb_getgrsid(&map, *psid);
- unbecome_root_uid_only();
+ unbecome_root();
if (ret) {
*pgid = map.gid;
@@ -1273,9 +1273,9 @@
if (sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
BOOL ret;
- become_root_uid_only();
+ become_root();
ret = pdb_sid_to_id(psid, &id, &type);
- unbecome_root_uid_only();
+ unbecome_root();
if (ret) {
if ((type != SID_NAME_DOM_GRP) &&
samba-3.0.24-parse_validation.patch:
include/smb_macros.h | 2 -
rpc_parse/parse_dfs.c | 72 ++++++++++++++++++++++++++++++++++++++++------
rpc_parse/parse_lsa.c | 22 ++++++++++----
rpc_parse/parse_prs.c | 2 -
rpc_parse/parse_sec.c | 13 +++-----
rpc_parse/parse_spoolss.c | 4 ++
6 files changed, 91 insertions(+), 24 deletions(-)
--- NEW FILE samba-3.0.24-parse_validation.patch ---
Index: source/rpc_parse/parse_prs.c
===================================================================
--- source/rpc_parse/parse_prs.c
+++ source/rpc_parse/parse_prs.c
@@ -644,7 +644,7 @@
return True;
if (UNMARSHALLING(ps)) {
- if ( !(*data = PRS_ALLOC_MEM_VOID(ps, data_size)) )
+ if ( !(*data = PRS_ALLOC_MEM(ps, char, data_size)) )
return False;
}
Index: source/rpc_parse/parse_sec.c
===================================================================
--- source/rpc_parse/parse_sec.c
+++ source/rpc_parse/parse_sec.c
@@ -165,13 +165,12 @@
return False;
if (UNMARSHALLING(ps)) {
- /*
- * Even if the num_aces is zero, allocate memory as there's a difference
- * between a non-present DACL (allow all access) and a DACL with no ACE's
- * (allow no access).
- */
- if((psa->ace = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces+1)) == NULL)
- return False;
+ if (psa->num_aces) {
+ if((psa->ace = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces)) == NULL)
+ return False;
+ } else {
+ psa->ace = NULL;
+ }
}
for (i = 0; i < psa->num_aces; i++) {
Index: source/rpc_parse/parse_dfs.c
===================================================================
--- source/rpc_parse/parse_dfs.c
+++ source/rpc_parse/parse_dfs.c
@@ -325,7 +325,14 @@
return False;
if (UNMARSHALLING(ps)) {
- v->stores = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->stores)*v->num_stores);
+ if (v->num_stores) {
+ v->stores = PRS_ALLOC_MEM(ps,NETDFS_DFS_STORAGEINFO,v->num_stores);
+ if (!v->stores) {
+ return False;
+ }
+ } else {
+ v->stores = NULL;
+ }
}
for (i_stores_1=0; i_stores_1<v->num_stores;i_stores_1++) {
if (!netdfs_io_dfs_StorageInfo_p("stores", &v->stores[i_stores_1], ps, depth))
@@ -447,7 +455,14 @@
return False;
if (UNMARSHALLING(ps)) {
- v->stores = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->stores)*v->num_stores);
+ if (v->num_stores) {
+ v->stores = PRS_ALLOC_MEM(ps,NETDFS_DFS_STORAGEINFO,v->num_stores);
+ if (!v->stores) {
+ return False;
+ }
+ } else {
+ v->stores = NULL;
+ }
}
for (i_stores_1=0; i_stores_1<v->num_stores;i_stores_1++) {
if (!netdfs_io_dfs_StorageInfo_p("stores", &v->stores[i_stores_1], ps, depth))
@@ -920,7 +936,14 @@
return False;
if (UNMARSHALLING(ps)) {
- v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count);
+ if (v->count) {
+ v->s = PRS_ALLOC_MEM(ps,NETDFS_DFS_INFO1,v->count);
+ if (!v->s) {
+ return False;
+ }
+ } else {
+ v->s = NULL;
+ }
}
for (i_s_1=0; i_s_1<v->count;i_s_1++) {
if (!netdfs_io_dfs_Info1_p("s", &v->s[i_s_1], ps, depth))
@@ -986,7 +1009,14 @@
return False;
if (UNMARSHALLING(ps)) {
- v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count);
+ if (v->count) {
+ v->s = PRS_ALLOC_MEM(ps,NETDFS_DFS_INFO2,v->count);
+ if (!v->s) {
+ return False;
+ }
+ } else {
+ v->s = NULL;
+ }
}
for (i_s_1=0; i_s_1<v->count;i_s_1++) {
if (!netdfs_io_dfs_Info2_p("s", &v->s[i_s_1], ps, depth))
@@ -1052,7 +1084,14 @@
return False;
if (UNMARSHALLING(ps)) {
- v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count);
+ if (v->count) {
+ v->s = PRS_ALLOC_MEM(ps,NETDFS_DFS_INFO3,v->count);
+ if (!v->s) {
+ return False;
+ }
+ } else {
+ v->s = NULL;
+ }
}
for (i_s_1=0; i_s_1<v->count;i_s_1++) {
if (!netdfs_io_dfs_Info3_p("s", &v->s[i_s_1], ps, depth))
@@ -1118,7 +1158,14 @@
return False;
if (UNMARSHALLING(ps)) {
- v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count);
+ if (v->count) {
+ v->s = PRS_ALLOC_MEM(ps,NETDFS_DFS_INFO4,v->count);
+ if (!v->s) {
+ return False;
+ }
+ } else {
+ v->s = NULL;
+ }
}
for (i_s_1=0; i_s_1<v->count;i_s_1++) {
if (!netdfs_io_dfs_Info4_p("s", &v->s[i_s_1], ps, depth))
@@ -1184,7 +1232,14 @@
return False;
if (UNMARSHALLING(ps)) {
- v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count);
+ if (v->count) {
+ v->s = PRS_ALLOC_MEM(ps,NETDFS_DFS_INFO200,v->count);
+ if (!v->s) {
+ return False;
+ }
+ } else {
+ v->s = NULL;
+ }
}
for (i_s_1=0; i_s_1<v->count;i_s_1++) {
if (!netdfs_io_dfs_Info200_p("s", &v->s[i_s_1], ps, depth))
@@ -1250,7 +1306,14 @@
return False;
if (UNMARSHALLING(ps)) {
- v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count);
+ if (v->count) {
+ v->s = PRS_ALLOC_MEM(ps,NETDFS_DFS_INFO300,v->count);
+ if (!v->s) {
+ return False;
+ }
+ } else {
+ v->s = NULL;
+ }
}
for (i_s_1=0; i_s_1<v->count;i_s_1++) {
if (!netdfs_io_dfs_Info300_p("s", &v->s[i_s_1], ps, depth))
Index: source/rpc_parse/parse_lsa.c
===================================================================
--- source/rpc_parse/parse_lsa.c
+++ source/rpc_parse/parse_lsa.c
@@ -1356,12 +1356,17 @@
&trn->num_entries2))
return False;
+ if (trn->num_entries2 != trn->num_entries) {
+ /* RPC fault */
+ return False;
+ }
+
if (UNMARSHALLING(ps)) {
- if ((trn->name = PRS_ALLOC_MEM(ps, LSA_TRANS_NAME, trn->num_entries)) == NULL) {
+ if ((trn->name = PRS_ALLOC_MEM(ps, LSA_TRANS_NAME, trn->num_entries2)) == NULL) {
return False;
}
- if ((trn->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, trn->num_entries)) == NULL) {
+ if ((trn->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, trn->num_entries2)) == NULL) {
return False;
}
}
@@ -1413,12 +1418,17 @@
&trn->num_entries2))
return False;
+ if (trn->num_entries2 != trn->num_entries) {
+ /* RPC fault */
+ return False;
+ }
+
if (UNMARSHALLING(ps)) {
- if ((trn->name = PRS_ALLOC_MEM(ps, LSA_TRANS_NAME2, trn->num_entries)) == NULL) {
+ if ((trn->name = PRS_ALLOC_MEM(ps, LSA_TRANS_NAME2, trn->num_entries2)) == NULL) {
return False;
}
- if ((trn->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, trn->num_entries)) == NULL) {
+ if ((trn->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, trn->num_entries2)) == NULL) {
return False;
}
}
@@ -2759,7 +2759,7 @@
static BOOL lsa_io_privilege_set(const char *desc, PRIVILEGE_SET *out, prs_struct *ps, int depth)
{
- uint32 i;
+ uint32 i, dummy;
prs_debug(ps, depth, desc, "lsa_io_privilege_set");
depth++;
@@ -2767,7 +2767,7 @@
if(!prs_align(ps))
return False;
- if(!prs_uint32("count", ps, depth, &out->count))
+ if(!prs_uint32("count", ps, depth, &dummy))
return False;
if(!prs_uint32("control", ps, depth, &out->control))
return False;
Index: source/rpc_parse/parse_spoolss.c
===================================================================
--- source/rpc_parse/parse_spoolss.c
+++ source/rpc_parse/parse_spoolss.c
@@ -230,6 +230,10 @@
if (type->count2 != type->count)
DEBUG(4,("What a mess, count was %x now is %x !\n", type->count, type->count2));
+ if (type->count2 > MAX_NOTIFY_TYPE_FOR_NOW) {
+ return False;
+ }
+
/* parse the option type data */
for(i=0;i<type->count2;i++)
if(!prs_uint16("fields",ps,depth,&type->fields[i]))
Index: source/include/smb_macros.h
===================================================================
--- source/include/smb_macros.h
+++ source/include/smb_macros.h
@@ -295,7 +295,6 @@
#if defined(PARANOID_MALLOC_CHECKER)
#define PRS_ALLOC_MEM(ps, type, count) (type *)prs_alloc_mem_((ps),sizeof(type),(count))
-#define PRS_ALLOC_MEM_VOID(ps, size) prs_alloc_mem_((ps),(size),1)
/* Get medieval on our ass about malloc.... */
@@ -334,7 +333,6 @@
#else
#define PRS_ALLOC_MEM(ps, type, count) (type *)prs_alloc_mem((ps),sizeof(type),(count))
-#define PRS_ALLOC_MEM_VOID(ps, size) prs_alloc_mem((ps),(size),1)
/* Regular malloc code. */
samba-3.0.24-smbrun.patch:
source-orig//configure |only
source/lib/charcnv.c | 2
source/lib/smbrun.c | 31 ++++++-
source/lib/util_str.c | 162 ++++++++++++++++++++++++++++++++++++++++
source/printing/print_generic.c | 2
5 files changed, 191 insertions(+), 6 deletions(-)
--- NEW FILE samba-3.0.24-smbrun.patch ---
Only in source-orig/: configure
diff -u -r source-orig/lib/charcnv.c source/lib/charcnv.c
--- source-orig/lib/charcnv.c 2006-04-19 19:29:23.000000000 -0700
+++ source/lib/charcnv.c 2007-05-10 09:59:49.023262000 -0700
@@ -1398,5 +1398,5 @@
/* We're hosed - we don't know how big this is... */
DEBUG(10,("next_mb_char_size: unknown size at string %s\n", s));
conv_silent = False;
- return 1;
+ return (size_t)-1;
}
diff -u -r source-orig/lib/smbrun.c source/lib/smbrun.c
--- source-orig/lib/smbrun.c 2006-04-19 19:29:23.000000000 -0700
+++ source/lib/smbrun.c 2007-05-10 09:57:03.305061000 -0700
@@ -55,7 +55,7 @@
outfd (or discard it if outfd is NULL).
****************************************************************************/
-int smbrun(const char *cmd, int *outfd)
+static int smbrun_internal(const char *cmd, int *outfd, BOOL sanitize)
{
pid_t pid;
uid_t uid = current_user.ut.uid;
@@ -173,13 +173,36 @@
}
#endif
- execl("/bin/sh","sh","-c",cmd,NULL);
+ {
+ const char *newcmd = sanitize ? escape_shell_string(cmd) : cmd;
+ if (!newcmd) {
+ exit(82);
+ }
+ execl("/bin/sh","sh","-c",newcmd,NULL);
+ }
/* not reached */
- exit(82);
+ exit(83);
return 1;
}
+/****************************************************************************
+ Use only in known safe shell calls (printing).
+****************************************************************************/
+
+int smbrun_no_sanitize(const char *cmd, int *outfd)
+{
+ return smbrun_internal(cmd, outfd, False);
+}
+
+/****************************************************************************
+ By default this now sanitizes shell expansion.
+****************************************************************************/
+
+int smbrun(const char *cmd, int *outfd)
+{
+ return smbrun_internal(cmd, outfd, True);
+}
/****************************************************************************
run a command being careful about uid/gid handling and putting the output in
@@ -302,7 +325,7 @@
#endif
execl("/bin/sh", "sh", "-c", cmd, NULL);
-
+
/* not reached */
exit(82);
return 1;
diff -u -r source-orig/lib/util_str.c source/lib/util_str.c
--- source-orig/lib/util_str.c 2007-02-04 10:59:17.000000000 -0800
+++ source/lib/util_str.c 2007-05-10 09:59:36.718762000 -0700
@@ -2426,3 +2426,165 @@
return True;
}
+
+/*******************************************************************
+ Add a shell escape character '\' to any character not in a known list
+ of characters. UNIX charset format.
+*******************************************************************/
+
+#define INCLUDE_LIST "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabdefghijklmnopqrstuvwxyz_/ \t.,"
+#define INSIDE_DQUOTE_LIST "$`\n\"\\"
+
+char *escape_shell_string(const char *src)
+{
+ size_t srclen = strlen(src);
+ char *ret = SMB_MALLOC((srclen * 2) + 1);
+ char *dest = ret;
+ BOOL in_s_quote = False;
+ BOOL in_d_quote = False;
+ BOOL next_escaped = False;
+
+ if (!ret) {
+ return NULL;
+ }
+
+ while (*src) {
+ size_t c_size = next_mb_char_size(src);
+
+ if (c_size == (size_t)-1) {
+ SAFE_FREE(ret);
+ return NULL;
+ }
+
+ if (c_size > 1) {
+ memcpy(dest, src, c_size);
+ src += c_size;
+ dest += c_size;
+ next_escaped = False;
+ continue;
+ }
+
+ /*
+ * Deal with backslash escaped state.
+ * This only lasts for one character.
+ */
+
+ if (next_escaped) {
+ *dest++ = *src++;
+ next_escaped = False;
+ continue;
+ }
+
+ /*
+ * Deal with single quote state. The
+ * only thing we care about is exiting
+ * this state.
+ */
+
+ if (in_s_quote) {
+ if (*src == '\'') {
+ in_s_quote = False;
+ }
+ *dest++ = *src++;
+ continue;
+ }
+
+ /*
+ * Deal with double quote state. The most
+ * complex state. We must cope with \, meaning
+ * possibly escape next char (depending what it
+ * is), ", meaning exit this state, and possibly
+ * add an \ escape to any unprotected character
+ * (listed in INSIDE_DQUOTE_LIST).
+ */
+
+ if (in_d_quote) {
+ if (*src == '\\') {
+ /*
+ * Next character might be escaped.
+ * We have to peek. Inside double
+ * quotes only INSIDE_DQUOTE_LIST
+ * characters are escaped by a \.
+ */
+
+ char nextchar;
+
+ c_size = next_mb_char_size(&src[1]);
+ if (c_size == (size_t)-1) {
+ SAFE_FREE(ret);
+ return NULL;
+ }
+ if (c_size > 1) {
+ /*
+ * Don't escape the next char.
+ * Just copy the \.
+ */
+ *dest++ = *src++;
+ continue;
+ }
+
+ nextchar = src[1];
+
+ if (nextchar && strchr(INSIDE_DQUOTE_LIST, (int)nextchar)) {
+ next_escaped = True;
+ }
+ *dest++ = *src++;
+ continue;
+ }
+
+ if (*src == '\"') {
+ /* Exit double quote state. */
+ in_d_quote = False;
+ *dest++ = *src++;
+ continue;
+ }
+
+ /*
+ * We know the character isn't \ or ",
+ * so escape it if it's any of the other
+ * possible unprotected characters.
+ */
+
+ if (strchr(INSIDE_DQUOTE_LIST, (int)*src)) {
+ *dest++ = '\\';
+ }
+ *dest++ = *src++;
+ continue;
+ }
+
+ /*
+ * From here to the end of the loop we're
+ * not in the single or double quote state.
+ */
+
+ if (*src == '\\') {
+ /* Next character must be escaped. */
+ next_escaped = True;
+ *dest++ = *src++;
+ continue;
+ }
+
+ if (*src == '\'') {
+ /* Go into single quote state. */
+ in_s_quote = True;
+ *dest++ = *src++;
+ continue;
+ }
+
+ if (*src == '\"') {
+ /* Go into double quote state. */
+ in_d_quote = True;
+ *dest++ = *src++;
+ continue;
+ }
+
+ /* Check if we need to escape the character. */
+
+ if (!strchr(INCLUDE_LIST, (int)*src)) {
+ *dest++ = '\\';
+ }
+ *dest++ = *src++;
+ }
+ *dest++ = '\0';
+ return ret;
+}
diff -u -r source-orig/printing/print_generic.c source/printing/print_generic.c
--- source-orig/printing/print_generic.c 2007-02-04 10:59:13.000000000 -0800
+++ source/printing/print_generic.c 2007-05-10 09:57:03.292061000 -0700
@@ -58,7 +58,7 @@
if ( do_sub && snum != -1 )
standard_sub_snum(snum,syscmd,sizeof(syscmd));
- ret = smbrun(syscmd,outfd);
+ ret = smbrun_no_sanitize(syscmd,outfd);
DEBUG(3,("Running the command `%s' gave %d\n",syscmd,ret));
Index: samba.spec
===================================================================
RCS file: /cvs/dist/rpms/samba/FC-6/samba.spec,v
retrieving revision 1.76
retrieving revision 1.77
diff -u -r1.76 -r1.77
--- samba.spec 5 Apr 2007 20:29:50 -0000 1.76
+++ samba.spec 14 May 2007 14:34:44 -0000 1.77
@@ -3,7 +3,7 @@
Summary: The Samba SMB server.
Name: samba
Version: 3.0.24
-Release: 4%{?dist}
+Release: 5%{?dist}
Epoch: 0
License: GNU GPL Version 2
Group: System Environment/Daemons
@@ -11,7 +11,7 @@
#TAG: change for non-pre
#Source: ftp://us2.samba.org/pub/samba/%{name}-%{version}rc3.tar.gz
-Source: ftp://us2.samba.org/pub/samba/%{name}-%{version}.tar.gz
+Source: http://www.samba.org/samba/ftp/samba/%{name}-%{version}.tar.gz
# Red Hat specific replacement-files
Source1: samba.log
@@ -52,6 +52,9 @@
Patch119: samba-3.0.24-enable_pam_nss_tests.patch
Patch120: samba-3.0.24-nss_wins.patch
Patch121: samba-3.0.24-vista_msdfs_errcodes.patch
+Patch122: samba-3.0.24-become_root.patch
+Patch123: samba-3.0.24-parse_validation.patch
+Patch124: samba-3.0.24-smbrun.patch
Requires: pam >= 0:0.64 %{auth} samba-common = %{epoch}:%{version}-%{release}
Requires: logrotate >= 0:3.4 initscripts >= 0:5.54-1
@@ -142,6 +145,9 @@
%patch119 -p0 -b .pam_nss_test
%patch120 -p0 -b .nss_wins
%patch121 -p1 -b .msdfs
+%patch122 -p0 -b .become_root
+%patch123 -p0 -b .parse_validation
+%patch124 -p0 -b .smbrun
# crap
rm -f examples/VFS/.cvsignore
@@ -284,6 +290,7 @@
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/smbsh.1*
#rm -f $RPM_BUILD_ROOT%{_mandir}/man1/smbget.1*
rm -f $RPM_BUILD_ROOT%{_mandir}/man5/smbgetrc.5*
+rm -f $RPM_BUILD_ROOT%{_mandir}/man1/vfstest.1*
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/testprns.1*
rm -f $RPM_BUILD_ROOT%{_mandir}/man8/smbmount.8*
rm -f $RPM_BUILD_ROOT%{_mandir}/man8/smbmnt.8*
@@ -302,7 +309,7 @@
%preun
if [ $1 = 0 ] ; then
/sbin/chkconfig --del smb
- rm -rf /var/log/samba/* /var/cache/samba/*
+ #rm -rf /var/log/samba/* /var/cache/samba/*
/sbin/service smb stop >/dev/null 2>&1
fi
exit 0
@@ -456,11 +463,17 @@
%{_mandir}/man1/wbinfo.1*
%{_mandir}/man8/winbindd.8*
%{_mandir}/man8/net.8*
-%{_mandir}/man1/vfstest.1*
+#%{_mandir}/man1/vfstest.1*
%{_mandir}/man7/pam_winbind.7*
%{_mandir}/man7/libsmbclient.7*
%changelog
+* Mon May 14 2007 Simo Sorce <ssorce at redhat.com> 3.0.24-5.fc6
+- Security fixes for
+ CVE-2007-2444
+ CVE-2007-2446
+ CVE-2007-2447
+
* Thu Apr 5 2007 Simo Sorce <ssorce at redhat.com> 3.0.24-4.fc6
- sync up patches from the rawhide packages
- Previous message (by thread): rpms/samba/FC-5 samba-3.0.24-become_root.patch, NONE, 1.1 samba-3.0.24-parse_validation.patch, NONE, 1.1 samba-3.0.24-smbrun.patch, NONE, 1.1 samba.spec, 1.74, 1.75
- Next message (by thread): rpms/selinux-policy/FC-6 policy-20061106.patch, 1.41, 1.42 policy-fusermount.patch, 1.2, 1.3 selinux-policy.spec, 1.364, 1.365
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list