commit samba for openSUSE:Factory
Hello community, here is the log from the commit of package samba for openSUSE:Factory checked in at Thu Feb 11 19:28:09 CET 2010. -------- --- samba/samba.changes 2010-01-19 12:32:56.000000000 +0100 +++ /mounts/work_src_done/STABLE/samba/samba.changes 2010-02-09 23:29:01.000000000 +0100 @@ -1,0 +2,34 @@ +Tue Feb 9 22:10:44 UTC 2010 - lmuelle@suse.de + +- Take extra care that a mount point of mount.cifs isn't changed during mount + and don't allow it to be run as setuid root program; CVE-2009-3638; + (bnc#550002). + +------------------------------------------------------------------- +Tue Feb 9 17:10:55 UTC 2010 - lmuelle@suse.de + +- Check in mount.cifs for invalid characters in device name and mountpoint; + CVE-2010-0547; (brc#562156); (bnc#577925). + +------------------------------------------------------------------- +Mon Feb 8 11:44:54 UTC 2010 - lmuelle@suse.de + +- Change parameter "wide links" to default to "no"; it's also incompatible + with "unix extensions"; (bso#7104); (bnc#577868). + +------------------------------------------------------------------- +Sun Feb 7 08:35:14 CET 2010 - boyang@suse.de + +- Fix enumerate domain local groups for primary domain; (bnc#573813). + +------------------------------------------------------------------- +Sun Feb 7 07:48:06 CET 2010 - boyang@suse.de + +- Fix malformed require_membership_of_sid; (bnc#525123); (bso#7106). + +------------------------------------------------------------------- +Fri Feb 5 17:12:24 UTC 2010 - lmuelle@suse.de + +- Normalize "Changing password for" msg IDs and STRs; (bnc#499233). + +------------------------------------------------------------------- @@ -5 +39 @@ - + Fix memory in leak in smbd (bug #7020). + + Fix memory leak in smbd (bug #7020). @@ -58,0 +93,6 @@ + +------------------------------------------------------------------- +Wed Jan 6 17:17:58 UTC 2010 - lmuelle@suse.de + +- Readjust the _libdir/cups/backend/smb sym link only on uninstall of the + samba-krb-printing package; (bnc#568603). calling whatdependson for head-i586 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ samba-doc.spec ++++++ --- /var/tmp/diff_new_pack.VaFh0n/_old 2010-02-11 19:18:34.000000000 +0100 +++ /var/tmp/diff_new_pack.VaFh0n/_new 2010-02-11 19:18:34.000000000 +0100 @@ -58,7 +58,7 @@ %endif Url: http://www.samba.org/ Version: 3.4.5 -Release: 1 +Release: 2 License: GPLv3+ Summary: Samba Documentation Group: Documentation/Other @@ -370,10 +370,10 @@ -------- The Samba Team <samba@samba.org> -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %changelog ++++++ samba.spec ++++++ --- /var/tmp/diff_new_pack.VaFh0n/_old 2010-02-11 19:18:34.000000000 +0100 +++ /var/tmp/diff_new_pack.VaFh0n/_new 2010-02-11 19:18:34.000000000 +0100 @@ -63,7 +63,7 @@ Url: http://www.samba.org/ AutoReqProv: on Version: 3.4.5 -Release: 1 +Release: 2 %ifarch ppc64 Obsoletes: samba-64bit %endif @@ -158,10 +158,10 @@ The Samba Team <samba@samba.org> -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %package client @@ -201,10 +201,10 @@ -------- The Samba Team <samba@samba.org> -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %if 0%{?suse_version} == 0 || 0%{?suse_version} > 1020 @@ -229,10 +229,10 @@ The Samba Team <samba@samba.org> -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %endif @@ -260,10 +260,10 @@ -------- The Samba Team <samba@samba.org> -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %endif @@ -290,10 +290,10 @@ -------- Jeremy Allison <jra at samba dot org> -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %if %{make_utils} @@ -342,10 +342,10 @@ -------- The Samba Team <samba@samba.org> -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %if 0%{?suse_version} && 0%{?suse_version} < 1031 @@ -369,10 +369,10 @@ %if 0%{?suse_version} && 0%{?suse_version} < 1031 %description -n libsmbclient -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %else @@ -414,10 +414,10 @@ -------- The Samba Team <samba@samba.org> -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %package -n libnetapi0 @@ -436,10 +436,10 @@ -------- The Samba Team <samba@samba.org> -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %package -n libnetapi-devel @@ -459,10 +459,10 @@ -------- The Samba Team <samba@samba.org> -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %if 0%{?suse_version} && 0%{?suse_version} < 1031 @@ -481,10 +481,10 @@ %if 0%{?suse_version} && 0%{?suse_version} < 1031 %description -n libsmbsharemodes -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %else @@ -518,10 +518,10 @@ -------- The Samba Team <samba@samba.org> -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %if %{make_ldapsmb} @@ -542,10 +542,10 @@ -------- The Samba Team <samba@samba.org> -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %package -n libtalloc-devel @@ -565,10 +565,10 @@ -------- The Samba Team <samba@samba.org> -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %package -n libtdb1 @@ -587,10 +587,10 @@ -------- The Samba Team <samba@samba.org> -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %package -n libtdb-devel @@ -610,10 +610,10 @@ -------- The Samba Team <samba@samba.org> -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %package -n libwbclient0 @@ -632,10 +632,10 @@ -------- The Samba Team <samba@samba.org> -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %package -n libwbclient-devel @@ -655,10 +655,10 @@ -------- The Samba Team <samba@samba.org> -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %package -n ldapsmb @@ -667,7 +667,7 @@ Group: Productivity/Networking/Samba AutoReqProv: on Version: 1.34b -Release: 276 +Release: 277 Requires: perl-ldap %description -n ldapsmb @@ -680,10 +680,10 @@ -------- Guenther Deschner <guenther at deschner dot de> -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %endif @@ -706,10 +706,10 @@ -------- Steve French <sfrench at Samba dot org> -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 -Source Timestamp: 2280 +Source Timestamp: 2306 Branch : 3.4.5 %endif @@ -1308,7 +1308,7 @@ %{?run_permissions:%{run_permissions}} %postun krb-printing -if test -e %{_bindir}/smbspool -a -d %{_libdir}/cups/backend; then +if test ${1:-0} -eq 0 -a -e %{_bindir}/smbspool -a -d %{_libdir}/cups/backend; then ln -fs %{_bindir}/smbspool %{_libdir}/cups/backend/smb fi %if 0%{?suse_version} == 0 || 0%{?suse_version} > 1000 ++++++ build-source-timestamp ++++++ --- /var/tmp/diff_new_pack.VaFh0n/_old 2010-02-11 19:18:34.000000000 +0100 +++ /var/tmp/diff_new_pack.VaFh0n/_new 2010-02-11 19:18:34.000000000 +0100 @@ -1,2 +1,2 @@ -2280 +2306 Branch : 3.4.5 ++++++ patches.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/381593a6cb1ff0ccbc560ee9329b0d2e59938264 new/patches/samba.org/381593a6cb1ff0ccbc560ee9329b0d2e59938264 --- old/patches/samba.org/381593a6cb1ff0ccbc560ee9329b0d2e59938264 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/381593a6cb1ff0ccbc560ee9329b0d2e59938264 2010-02-07 20:41:41.000000000 +0100 @@ -0,0 +1,41 @@ +From 381593a6cb1ff0ccbc560ee9329b0d2e59938264 Mon Sep 17 00:00:00 2001 +From: Bo Yang <boyang@samba.org> +Date: Sun, 7 Feb 2010 14:45:42 +0800 +Subject: [PATCH] s3: Fix malformed require_membership_of_sid. + +Signed-off-by: Bo Yang <boyang@samba.org> +(cherry picked from commit 913a9f4e420c7a4177e6a7874e8ec2703f447918) +--- + nsswitch/pam_winbind.c | 12 ++++++++++++ + 1 files changed, 12 insertions(+), 0 deletions(-) + +Index: nsswitch/pam_winbind.c +=================================================================== +--- nsswitch/pam_winbind.c.orig ++++ nsswitch/pam_winbind.c +@@ -1133,6 +1133,7 @@ static bool winbind_name_list_to_sid_str + char *current_name = NULL; + const char *search_location; + const char *comma; ++ int len; + + if (sid_list_buffer_size > 0) { + sid_list_buffer[0] = 0; +@@ -1188,6 +1189,17 @@ static bool winbind_name_list_to_sid_str + _make_remark_format(ctx, PAM_TEXT_INFO, _("Cannot convert group %s " + "to sid, please contact your administrator to see " + "if group %s is valid."), search_location, search_location); ++ /* ++ * The lookup of the last name failed.. ++ * It results in require_member_of_sid ends with ',' ++ * It is malformated parameter here, overwrite the last ','. ++ */ ++ len = strlen(sid_list_buffer); ++ if (len) { ++ if (sid_list_buffer[len - 1] == ',') { ++ sid_list_buffer[len - 1] = '\0'; ++ } ++ } + } + + result = true; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/3ae5dac462c4ed0fb2cd94553583c56fce2f9d80 new/patches/samba.org/3ae5dac462c4ed0fb2cd94553583c56fce2f9d80 --- old/patches/samba.org/3ae5dac462c4ed0fb2cd94553583c56fce2f9d80 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/3ae5dac462c4ed0fb2cd94553583c56fce2f9d80 2010-02-09 22:59:45.000000000 +0100 @@ -0,0 +1,83 @@ +commit 3ae5dac462c4ed0fb2cd94553583c56fce2f9d80 +Author: Jeff Layton <jlayton@redhat.com> +Date: Tue Jan 26 08:15:41 2010 -0500 + + mount.cifs: take extra care that mountpoint isn't changed during mount + + It's possible to trick mount.cifs into mounting onto the wrong directory + by replacing the mountpoint with a symlink to a directory. mount.cifs + attempts to check the validity of the mountpoint, but there's still a + possible race between those checks and the mount(2) syscall. + + To guard against this, chdir to the mountpoint very early, and only deal + with it as "." from then on out. + + Signed-off-by: Jeff Layton <jlayton@redhat.com> + +Index: source3/client/mount.cifs.c +=================================================================== +--- source3/client/mount.cifs.c.orig ++++ source3/client/mount.cifs.c +@@ -179,7 +179,7 @@ check_mountpoint(const char *progname, c + struct stat statbuf; + + /* does mountpoint exist and is it a directory? */ +- err = stat(mountpoint, &statbuf); ++ err = stat(".", &statbuf); + if (err) { + fprintf(stderr, "%s: failed to stat %s: %s\n", progname, + mountpoint, strerror(errno)); +@@ -1383,6 +1383,14 @@ int main(int argc, char ** argv) + } + + /* make sure mountpoint is legit */ ++ rc = chdir(mountpoint); ++ if (rc) { ++ fprintf(stderr, "Couldn't chdir to %s: %s\n", mountpoint, ++ strerror(errno)); ++ rc = EX_USAGE; ++ goto mount_exit; ++ } ++ + rc = check_mountpoint(thisprogram, mountpoint); + if (rc) + goto mount_exit; +@@ -1445,13 +1453,23 @@ int main(int argc, char ** argv) + + /* BB save off path and pop after mount returns? */ + resolved_path = (char *)malloc(PATH_MAX+1); +- if(resolved_path) { +- /* Note that if we can not canonicalize the name, we get +- another chance to see if it is valid when we chdir to it */ +- if (realpath(mountpoint, resolved_path)) { +- mountpoint = resolved_path; +- } ++ if (!resolved_path) { ++ fprintf(stderr, "Unable to allocate memory.\n"); ++ rc = EX_SYSERR; ++ goto mount_exit; + } ++ ++ /* Note that if we can not canonicalize the name, we get ++ another chance to see if it is valid when we chdir to it */ ++ if(!realpath(".", resolved_path)) { ++ fprintf(stderr, "Unable to resolve %s to canonical path: %s\n", ++ mountpoint, strerror(errno)); ++ rc = EX_SYSERR; ++ goto mount_exit; ++ } ++ ++ mountpoint = resolved_path; ++ + if(got_user == 0) { + /* Note that the password will not be retrieved from the + USER env variable (ie user%password form) as there is +@@ -1585,7 +1603,7 @@ mount_retry: + if (verboseflag) + fprintf(stderr, "\n"); + +- if (!fakemnt && mount(dev_name, mountpoint, "cifs", flags, options)) { ++ if (!fakemnt && mount(dev_name, ".", "cifs", flags, options)) { + switch (errno) { + case ECONNREFUSED: + case EHOSTUNREACH: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/a065c177dfc8f968775593ba00dffafeebb2e054 new/patches/samba.org/a065c177dfc8f968775593ba00dffafeebb2e054 --- old/patches/samba.org/a065c177dfc8f968775593ba00dffafeebb2e054 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/a065c177dfc8f968775593ba00dffafeebb2e054 2010-02-09 23:02:19.000000000 +0100 @@ -0,0 +1,68 @@ +commit a065c177dfc8f968775593ba00dffafeebb2e054 +Author: Jeff Layton <jlayton@redhat.com> +Date: Tue Jan 26 08:15:41 2010 -0500 + + mount.cifs: check for invalid characters in device name and mountpoint + + It's apparently possible to corrupt the mtab if you pass embedded + newlines to addmntent. Apparently tabs are also a problem with certain + earlier glibc versions. Backslashes are also a minor issue apparently, + but we can't reasonably filter those. + + Make sure that neither the devname or mountpoint contain any problematic + characters before allowing the mount to proceed. + + Signed-off-by: Jeff Layton <jlayton@redhat.com> + +Index: source3/client/mount.cifs.c +=================================================================== +--- source3/client/mount.cifs.c.orig ++++ source3/client/mount.cifs.c +@@ -1160,6 +1160,36 @@ static void print_cifs_mount_version(voi + MOUNT_CIFS_VENDOR_SUFFIX); + } + ++/* ++ * This function borrowed from fuse-utils... ++ * ++ * glibc's addmntent (at least as of 2.10 or so) doesn't properly encode ++ * newlines embedded within the text fields. To make sure no one corrupts ++ * the mtab, fail the mount if there are embedded newlines. ++ */ ++static int check_newline(const char *progname, const char *name) ++{ ++ char *s; ++ for (s = "\n"; *s; s++) { ++ if (strchr(name, *s)) { ++ fprintf(stderr, "%s: illegal character 0x%02x in mount entry\n", ++ progname, *s); ++ return EX_USAGE; ++ } ++ } ++ return 0; ++} ++ ++static int check_mtab(const char *progname, const char *devname, ++ const char *dir) ++{ ++ if (check_newline(progname, devname) == -1 || ++ check_newline(progname, dir) == -1) ++ return EX_USAGE; ++ return 0; ++} ++ ++ + int main(int argc, char ** argv) + { + int c; +@@ -1603,6 +1633,10 @@ mount_retry: + if (verboseflag) + fprintf(stderr, "\n"); + ++ rc = check_mtab(thisprogram, dev_name, mountpoint); ++ if (rc) ++ goto mount_exit; ++ + if (!fakemnt && mount(dev_name, ".", "cifs", flags, options)) { + switch (errno) { + case ECONNREFUSED: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/a0c31ec1c8d1220a5884e40d9ba6b191a04a24d5 new/patches/samba.org/a0c31ec1c8d1220a5884e40d9ba6b191a04a24d5 --- old/patches/samba.org/a0c31ec1c8d1220a5884e40d9ba6b191a04a24d5 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/a0c31ec1c8d1220a5884e40d9ba6b191a04a24d5 2010-02-09 23:03:29.000000000 +0100 @@ -0,0 +1,92 @@ +commit a0c31ec1c8d1220a5884e40d9ba6b191a04a24d5 +Author: Jeff Layton <jlayton@redhat.com> +Date: Tue Jan 26 08:15:41 2010 -0500 + + mount.cifs: don't allow it to be run as setuid root program + + mount.cifs has been the subject of several "security" fire drills due to + distributions installing it as a setuid root program. This program has + not been properly audited for security and the Samba team highly + recommends that it not be installed as a setuid root program at this + time. + + To make that abundantly clear, this patch forcibly disables the ability + for mount.cifs to run as a setuid root program. People are welcome to + trivially patch this out, but they do so at their own peril. + + A security audit and redesign of this program is in progress and we hope + that we'll be able to remove this in the near future. + + Signed-off-by: Jeff Layton <jlayton@redhat.com> + +Index: source3/client/mount.cifs.c +=================================================================== +--- source3/client/mount.cifs.c.orig ++++ source3/client/mount.cifs.c +@@ -43,7 +43,7 @@ + #include "mount.h" + + #define MOUNT_CIFS_VERSION_MAJOR "1" +-#define MOUNT_CIFS_VERSION_MINOR "13" ++#define MOUNT_CIFS_VERSION_MINOR "14" + + #ifndef MOUNT_CIFS_VENDOR_SUFFIX + #ifdef _SAMBA_BUILD_ +@@ -89,6 +89,17 @@ + #define MAX_ADDRESS_LEN INET6_ADDRSTRLEN + + /* ++ * mount.cifs has been the subject of many "security" bugs that have arisen ++ * because of users and distributions installing it as a setuid root program. ++ * mount.cifs has not been audited for security. Thus, we strongly recommend ++ * that it not be installed setuid root. To make that abundantly clear, ++ * mount.cifs now check whether it's running setuid root and exit with an ++ * error if it is. If you wish to disable this check, then set the following ++ * #define to 1, but please realize that you do so at your own peril. ++ */ ++#define CIFS_DISABLE_SETUID_CHECK 0 ++ ++/* + * By default, mount.cifs follows the conventions set forth by /bin/mount + * for user mounts. That is, it requires that the mount be listed in + * /etc/fstab with the "user" option when run as an unprivileged user and +@@ -213,6 +224,29 @@ check_mountpoint(const char *progname, c + return 0; + } + ++#if CIFS_DISABLE_SETUID_CHECK ++static int ++check_setuid(void) ++{ ++ return 0; ++} ++#else /* CIFS_DISABLE_SETUID_CHECK */ ++static int ++check_setuid(void) ++{ ++ if (getuid() && !geteuid()) { ++ printf("This mount.cifs program has been built with the " ++ "ability to run as a setuid root program disabled.\n" ++ "mount.cifs has not been well audited for security " ++ "holes. Therefore the Samba team does not recommend " ++ "installing it as a setuid root program.\n"); ++ return 1; ++ } ++ ++ return 0; ++} ++#endif /* CIFS_DISABLE_SETUID_CHECK */ ++ + #if CIFS_LEGACY_SETUID_CHECK + static int + check_fstab(const char *progname, char *mountpoint, char *devname, +@@ -1222,6 +1256,9 @@ int main(int argc, char ** argv) + struct sockaddr_in6 *addr6; + FILE * pmntfile; + ++ if (check_setuid()) ++ return EX_USAGE; ++ + /* setlocale(LC_ALL, ""); + bindtextdomain(PACKAGE, LOCALEDIR); + textdomain(PACKAGE); */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/bd269443e311d96ef495a9db47d1b95eb83bb8f4 new/patches/samba.org/bd269443e311d96ef495a9db47d1b95eb83bb8f4 --- old/patches/samba.org/bd269443e311d96ef495a9db47d1b95eb83bb8f4 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/bd269443e311d96ef495a9db47d1b95eb83bb8f4 2010-02-08 19:30:09.000000000 +0100 @@ -0,0 +1,149 @@ +commit bd269443e311d96ef495a9db47d1b95eb83bb8f4 +Author: Jeremy Allison <jra@samba.org> +Date: Fri Feb 5 15:20:18 2010 -0800 + + Fix bug 7104 - "wide links" and "unix extensions" are incompatible. + + Change parameter "wide links" to default to "no". + Ensure "wide links = no" if "unix extensions = yes" on a share. + Fix man pages to refect this. + + Remove "within share" checks for a UNIX symlink set - even if + widelinks = no. The server will not follow that link anyway. + + Correct DEBUG message in check_reduced_name() to add missing "\n" + so it's really clear when a path is being denied as it's outside + the enclosing share path. + + Jeremy. + +Index: docs-xml/smbdotconf/misc/widelinks.xml +=================================================================== +--- docs-xml/smbdotconf/misc/widelinks.xml.orig ++++ docs-xml/smbdotconf/misc/widelinks.xml +@@ -9,10 +9,15 @@ + server are always allowed; this parameter controls access only + to areas that are outside the directory tree being exported.</para> + +- <para>Note that setting this parameter can have a negative +- effect on your server performance due to the extra system calls +- that Samba has to do in order to perform the link checks.</para> ++ <para>Note: Turning this parameter on when UNIX extensions are enabled ++ will allow UNIX clients to create symbolic links on the share that ++ can point to files or directories outside restricted path exported ++ by the share definition. This can cause access to areas outside of ++ the share. Due to this problem, this parameter will be automatically ++ disabled (with a message in the log file) if the ++ <smbconfoption name="unix extensions"/> option is on. ++ </para> + </description> + +-<value type="default">yes</value> ++<value type="default">no</value> + </samba:parameter> +Index: docs-xml/smbdotconf/protocol/unixextensions.xml +=================================================================== +--- docs-xml/smbdotconf/protocol/unixextensions.xml.orig ++++ docs-xml/smbdotconf/protocol/unixextensions.xml +@@ -10,6 +10,9 @@ + by supporting features such as symbolic links, hard links, etc... + These extensions require a similarly enabled client, and are of + no current use to Windows clients.</para> ++ <para> ++ Note if this parameter is turned on, the <smbconfoption name="wide links"/> ++ parameter will automatically be disabled. + </description> + + <value type="default">yes</value> +Index: source3/param/loadparm.c +=================================================================== +--- source3/param/loadparm.c.orig ++++ source3/param/loadparm.c +@@ -598,7 +598,7 @@ static struct service sDefault = { + True, /* bLevel2OpLocks */ + False, /* bOnlyUser */ + True, /* bMangledNames */ +- True, /* bWidelinks */ ++ false, /* bWidelinks */ + True, /* bSymlinks */ + False, /* bSyncAlways */ + False, /* bStrictAllocate */ +Index: source3/smbd/service.c +=================================================================== +--- source3/smbd/service.c.orig ++++ source3/smbd/service.c +@@ -1031,6 +1031,14 @@ static connection_struct *make_connectio + } + #endif + ++ if (lp_unix_extensions() && lp_widelinks(snum)) { ++ DEBUG(0,("Share '%s' has wide links and unix extensions enabled. " ++ "These parameters are incompatible. " ++ "Disabling wide links for this share.\n", ++ lp_servicename(snum) )); ++ lp_do_parameter(snum, "wide links", "False"); ++ } ++ + /* Figure out the characteristics of the underlying filesystem. This + * assumes that all the filesystem mounted withing a share path have + * the same characteristics, which is likely but not guaranteed. +Index: source3/smbd/trans2.c +=================================================================== +--- source3/smbd/trans2.c.orig ++++ source3/smbd/trans2.c +@@ -5292,42 +5292,6 @@ static NTSTATUS smb_set_file_unix_link(c + return NT_STATUS_INVALID_PARAMETER; + } + +- /* !widelinks forces the target path to be within the share. */ +- /* This means we can interpret the target as a pathname. */ +- if (!lp_widelinks(SNUM(conn))) { +- char *rel_name = NULL; +- char *last_dirp = NULL; +- +- if (*link_target == '/') { +- /* No absolute paths allowed. */ +- return NT_STATUS_ACCESS_DENIED; +- } +- rel_name = talloc_strdup(ctx,newname); +- if (!rel_name) { +- return NT_STATUS_NO_MEMORY; +- } +- last_dirp = strrchr_m(rel_name, '/'); +- if (last_dirp) { +- last_dirp[1] = '\0'; +- } else { +- rel_name = talloc_strdup(ctx,"./"); +- if (!rel_name) { +- return NT_STATUS_NO_MEMORY; +- } +- } +- rel_name = talloc_asprintf_append(rel_name, +- "%s", +- link_target); +- if (!rel_name) { +- return NT_STATUS_NO_MEMORY; +- } +- +- status = check_name(conn, rel_name); +- if (!NT_STATUS_IS_OK(status)) { +- return status; +- } +- } +- + DEBUG(10,("smb_set_file_unix_link: SMB_SET_FILE_UNIX_LINK doing symlink %s -> %s\n", + newname, link_target )); + +Index: source3/smbd/vfs.c +=================================================================== +--- source3/smbd/vfs.c.orig ++++ source3/smbd/vfs.c +@@ -946,7 +946,7 @@ NTSTATUS check_reduced_name(connection_s + + /* Check for widelinks allowed. */ + if (!lp_widelinks(SNUM(conn)) && (strncmp(conn->connectpath, resolved_name, con_path_len) != 0)) { +- DEBUG(2, ("reduce_name: Bad access attempt: %s is a symlink outside the share path", fname)); ++ DEBUG(2, ("reduce_name: Bad access attempt: %s is a symlink outside the share path\n", fname)); + if (free_resolved_name) { + SAFE_FREE(resolved_name); + } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/cc7b62269e4a90859dd93b8d6896390857ba17d7 new/patches/samba.org/cc7b62269e4a90859dd93b8d6896390857ba17d7 --- old/patches/samba.org/cc7b62269e4a90859dd93b8d6896390857ba17d7 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/cc7b62269e4a90859dd93b8d6896390857ba17d7 2010-02-09 22:59:40.000000000 +0100 @@ -0,0 +1,336 @@ +commit cc7b62269e4a90859dd93b8d6896390857ba17d7 +Author: Jeff Layton <jlayton@redhat.com> +Date: Sat Jun 6 19:46:24 2009 -0400 + + mount.cifs: properly check for mount being in fstab when running setuid root (try#3) + + This is the third attempt to clean up the checks when a setuid + mount.cifs is run by an unprivileged user. The main difference in this + patch from the last one is that it fixes a bug where the mount might + have failed if unnecessarily if CIFS_LEGACY_SETUID_CHECK was set. + + When mount.cifs is installed setuid root and run as an unprivileged + user, it does some checks to limit how the mount is used. It checks that + the mountpoint is owned by the user doing the mount. + + These checks however do not match those that /bin/mount does when it is + called by an unprivileged user. When /bin/mount is called by an + unprivileged user to do a mount, it checks that the mount in question is + in /etc/fstab, that it has the "user" option set, etc. + + This means that it's currently not possible to set up user mounts the + standard way (by the admin, in /etc/fstab) and simultaneously protect + from an unprivileged user calling mount.cifs directly to mount a share + on any directory that that user owns. + + Fix this by making the checks in mount.cifs match those of /bin/mount + itself. This is a necessary step to make mount.cifs safe to be installed + as a setuid binary, but not sufficient. For that, we'd need to give + mount.cifs a proper security audit. + + Since some users may be depending on the legacy behavior, this patch + also adds the ability to build mount.cifs with the older behavior. + + Signed-off-by: Jeff Layton <jlayton@redhat.com> + +Index: source3/client/mount.cifs.c +=================================================================== +--- source3/client/mount.cifs.c.orig ++++ source3/client/mount.cifs.c +@@ -39,10 +39,11 @@ + #include <mntent.h> + #include <fcntl.h> + #include <limits.h> ++#include <fstab.h> + #include "mount.h" + + #define MOUNT_CIFS_VERSION_MAJOR "1" +-#define MOUNT_CIFS_VERSION_MINOR "12" ++#define MOUNT_CIFS_VERSION_MINOR "13" + + #ifndef MOUNT_CIFS_VENDOR_SUFFIX + #ifdef _SAMBA_BUILD_ +@@ -69,6 +70,10 @@ + #define MS_BIND 4096 + #endif + ++/* private flags - clear these before passing to kernel */ ++#define MS_USERS 0x40000000 ++#define MS_USER 0x80000000 ++ + #define MAX_UNC_LEN 1024 + + #define CONST_DISCARD(type, ptr) ((type) ((void *) (ptr))) +@@ -83,6 +88,27 @@ + /* currently maximum length of IPv6 address string */ + #define MAX_ADDRESS_LEN INET6_ADDRSTRLEN + ++/* ++ * By default, mount.cifs follows the conventions set forth by /bin/mount ++ * for user mounts. That is, it requires that the mount be listed in ++ * /etc/fstab with the "user" option when run as an unprivileged user and ++ * mount.cifs is setuid root. ++ * ++ * Older versions of mount.cifs however were "looser" in this regard. When ++ * made setuid root, a user could run mount.cifs directly and mount any share ++ * on a directory owned by that user. ++ * ++ * The legacy behavior is now disabled by default. To reenable it, set the ++ * following #define to true. ++ */ ++#define CIFS_LEGACY_SETUID_CHECK 0 ++ ++/* ++ * When an unprivileged user runs a setuid mount.cifs, we set certain mount ++ * flags by default. These defaults can be changed here. ++ */ ++#define CIFS_SETUID_FLAGS (MS_NOSUID|MS_NODEV) ++ + const char *thisprogram; + int verboseflag = 0; + int fakemnt = 0; +@@ -142,6 +168,99 @@ static size_t strlcat(char *d, const cha + } + #endif + ++/* ++ * If an unprivileged user is doing the mounting then we need to ensure ++ * that the entry is in /etc/fstab. ++ */ ++static int ++check_mountpoint(const char *progname, char *mountpoint) ++{ ++ int err; ++ struct stat statbuf; ++ ++ /* does mountpoint exist and is it a directory? */ ++ err = stat(mountpoint, &statbuf); ++ if (err) { ++ fprintf(stderr, "%s: failed to stat %s: %s\n", progname, ++ mountpoint, strerror(errno)); ++ return EX_USAGE; ++ } ++ ++ if (!S_ISDIR(statbuf.st_mode)) { ++ fprintf(stderr, "%s: %s is not a directory!", progname, ++ mountpoint); ++ return EX_USAGE; ++ } ++ ++#if CIFS_LEGACY_SETUID_CHECK ++ /* do extra checks on mountpoint for legacy setuid behavior */ ++ if (!getuid() || geteuid()) ++ return 0; ++ ++ if (statbuf.st_uid != getuid()) { ++ fprintf(stderr, "%s: %s is not owned by user\n", progname, ++ mountpoint); ++ return EX_USAGE; ++ } ++ ++ if ((statbuf.st_mode & S_IRWXU) != S_IRWXU) { ++ fprintf(stderr, "%s: invalid permissions on %s\n", progname, ++ mountpoint); ++ return EX_USAGE; ++ } ++#endif /* CIFS_LEGACY_SETUID_CHECK */ ++ ++ return 0; ++} ++ ++#if CIFS_LEGACY_SETUID_CHECK ++static int ++check_fstab(const char *progname, char *mountpoint, char *devname, ++ char **options) ++{ ++ return 0; ++} ++#else /* CIFS_LEGACY_SETUID_CHECK */ ++static int ++check_fstab(const char *progname, char *mountpoint, char *devname, ++ char **options) ++{ ++ FILE *fstab; ++ struct mntent *mnt; ++ ++ /* make sure this mount is listed in /etc/fstab */ ++ fstab = setmntent(_PATH_FSTAB, "r"); ++ if (!fstab) { ++ fprintf(stderr, "Couldn't open %s for reading!\n", ++ _PATH_FSTAB); ++ return EX_FILEIO; ++ } ++ ++ while((mnt = getmntent(fstab))) { ++ if (!strcmp(mountpoint, mnt->mnt_dir)) ++ break; ++ } ++ endmntent(fstab); ++ ++ if (mnt == NULL || strcmp(mnt->mnt_fsname, devname)) { ++ fprintf(stderr, "%s: permission denied: no match for " ++ "%s found in %s\n", progname, mountpoint, ++ _PATH_FSTAB); ++ return EX_USAGE; ++ } ++ ++ /* ++ * 'mount' munges the options from fstab before passing them ++ * to us. It is non-trivial to test that we have the correct ++ * set of options. We don't want to trust what the user ++ * gave us, so just take whatever is in /etc/fstab. ++ */ ++ free(*options); ++ *options = strdup(mnt->mnt_opts); ++ return 0; ++} ++#endif /* CIFS_LEGACY_SETUID_CHECK */ ++ + /* BB finish BB + + cifs_umount +@@ -373,7 +492,7 @@ static int get_password_from_file(int fi + return rc; + } + +-static int parse_options(char ** optionsp, int * filesys_flags) ++static int parse_options(char ** optionsp, unsigned long * filesys_flags) + { + const char * data; + char * percent_char = NULL; +@@ -423,6 +542,7 @@ static int parse_options(char ** options + + if (strncmp(data, "users",5) == 0) { + if(!value || !*value) { ++ *filesys_flags |= MS_USERS; + goto nocopy; + } + } else if (strncmp(data, "user_xattr",10) == 0) { +@@ -431,10 +551,7 @@ static int parse_options(char ** options + + if (!value || !*value) { + if(data[4] == '\0') { +- if(verboseflag) +- printf("\nskipping empty user mount parameter\n"); +- /* remove the parm since it would otherwise be confusing +- to the kernel code which would think it was a real username */ ++ *filesys_flags |= MS_USER; + goto nocopy; + } else { + printf("username specified with no parameter\n"); +@@ -1046,7 +1163,7 @@ static void print_cifs_mount_version(voi + int main(int argc, char ** argv) + { + int c; +- int flags = MS_MANDLOCK; /* no need to set legacy MS_MGC_VAL */ ++ unsigned long flags = MS_MANDLOCK; + char * orgoptions = NULL; + char * share_name = NULL; + const char * ipaddr = NULL; +@@ -1069,7 +1186,6 @@ int main(int argc, char ** argv) + size_t current_len; + int retry = 0; /* set when we have to retry mount with uppercase */ + struct addrinfo *addrhead = NULL, *addr; +- struct stat statbuf; + struct utsname sysinfo; + struct mntent mountent; + struct sockaddr_in *addr4; +@@ -1127,8 +1243,8 @@ int main(int argc, char ** argv) + exit(EX_USAGE); + } + +- /* add sharename in opts string as unc= parm */ + ++ /* add sharename in opts string as unc= parm */ + while ((c = getopt_long (argc, argv, "afFhilL:no:O:rsSU:vVwt:", + longopts, NULL)) != -1) { + switch (c) { +@@ -1266,6 +1382,22 @@ int main(int argc, char ** argv) + exit(EX_USAGE); + } + ++ /* make sure mountpoint is legit */ ++ rc = check_mountpoint(thisprogram, mountpoint); ++ if (rc) ++ goto mount_exit; ++ ++ /* sanity check for unprivileged mounts */ ++ if (getuid()) { ++ rc = check_fstab(thisprogram, mountpoint, dev_name, ++ &orgoptions); ++ if (rc) ++ goto mount_exit; ++ ++ /* enable any default user mount flags */ ++ flags |= CIFS_SETUID_FLAGS; ++ } ++ + if (getenv("PASSWD")) { + if(mountpassword == NULL) + mountpassword = (char *)calloc(MOUNT_PASSWD_SIZE+1,1); +@@ -1283,6 +1415,27 @@ int main(int argc, char ** argv) + rc = EX_USAGE; + goto mount_exit; + } ++ ++ if (getuid()) { ++#if !CIFS_LEGACY_SETUID_CHECK ++ if (!(flags & (MS_USERS|MS_USER))) { ++ fprintf(stderr, "%s: permission denied\n", thisprogram); ++ rc = EX_USAGE; ++ goto mount_exit; ++ } ++#endif /* !CIFS_LEGACY_SETUID_CHECK */ ++ ++ if (geteuid()) { ++ fprintf(stderr, "%s: not installed setuid - \"user\" " ++ "CIFS mounts not supported.", ++ thisprogram); ++ rc = EX_FAIL; ++ goto mount_exit; ++ } ++ } ++ ++ flags &= ~(MS_USERS|MS_USER); ++ + addrhead = addr = parse_server(&share_name); + if((addrhead == NULL) && (got_ip == 0)) { + printf("No ip address specified and hostname not found\n"); +@@ -1299,37 +1452,6 @@ int main(int argc, char ** argv) + mountpoint = resolved_path; + } + } +- if(chdir(mountpoint)) { +- printf("mount error: can not change directory into mount target %s\n",mountpoint); +- rc = EX_USAGE; +- goto mount_exit; +- } +- +- if(stat (".", &statbuf)) { +- printf("mount error: mount point %s does not exist\n",mountpoint); +- rc = EX_USAGE; +- goto mount_exit; +- } +- +- if (S_ISDIR(statbuf.st_mode) == 0) { +- printf("mount error: mount point %s is not a directory\n",mountpoint); +- rc = EX_USAGE; +- goto mount_exit; +- } +- +- if((getuid() != 0) && (geteuid() == 0)) { +- if((statbuf.st_uid == getuid()) && (S_IRWXU == (statbuf.st_mode & S_IRWXU))) { +-#ifndef CIFS_ALLOW_USR_SUID +- /* Do not allow user mounts to control suid flag +- for mount unless explicitly built that way */ +- flags |= MS_NOSUID | MS_NODEV; +-#endif +- } else { +- printf("mount error: permission denied or not superuser and mount.cifs not installed SUID\n"); +- exit(EX_USAGE); +- } +- } +- + if(got_user == 0) { + /* Note that the password will not be retrieved from the + USER env variable (ie user%password form) as there is diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/f9f1db18834648da73b7b1f6d9472523941e8277 new/patches/samba.org/f9f1db18834648da73b7b1f6d9472523941e8277 --- old/patches/samba.org/f9f1db18834648da73b7b1f6d9472523941e8277 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/f9f1db18834648da73b7b1f6d9472523941e8277 2010-02-05 18:24:55.000000000 +0100 @@ -0,0 +1,267 @@ +commit f9f1db18834648da73b7b1f6d9472523941e8277 +Author: Lars Müller <lars@samba.org> +Date: Fri Feb 5 17:38:04 2010 +0100 + + s3: normalize "Changing password for" msg IDs and STRs + + An additional space at the end of the "Changing password for" msgid lead + to untranslated pam_winnind messages. + +Index: source3/locale/pam_winbind/ar.po +=================================================================== +--- source3/locale/pam_winbind/ar.po.orig ++++ source3/locale/pam_winbind/ar.po +@@ -136,8 +136,8 @@ msgid "Password: " + msgstr "كلمة السر: " + + #: pam_winbind.c:2013 +-msgid "Changing password for " +-msgstr "تغيير كلمة السر لـ " ++msgid "Changing password for" ++msgstr "تغيير كلمة السر لـ" + + #: pam_winbind.c:2027 + msgid "(current) NT password: " +Index: source3/locale/pam_winbind/cs.po +=================================================================== +--- source3/locale/pam_winbind/cs.po.orig ++++ source3/locale/pam_winbind/cs.po +@@ -136,7 +136,7 @@ msgid "Password: " + msgstr "Heslo:" + + #: pam_winbind.c:2013 +-msgid "Changing password for " ++msgid "Changing password for" + msgstr "Měním heslo pro" + + #: pam_winbind.c:2027 +Index: source3/locale/pam_winbind/da.po +=================================================================== +--- source3/locale/pam_winbind/da.po.orig ++++ source3/locale/pam_winbind/da.po +@@ -153,7 +153,7 @@ msgstr "Brugernavn: " + + #. instruct user what is happening + #: ../../nsswitch/pam_winbind.c:2589 +-msgid "Changing password for " ++msgid "Changing password for" + msgstr "Ændrer adgangskode for" + + #: ../../nsswitch/pam_winbind.c:2604 +Index: source3/locale/pam_winbind/es.po +=================================================================== +--- source3/locale/pam_winbind/es.po.orig ++++ source3/locale/pam_winbind/es.po +@@ -136,8 +136,8 @@ msgid "Password: " + msgstr "Contraseña:" + + #: pam_winbind.c:2013 +-msgid "Changing password for " +-msgstr "Cambiando la contraseña para " ++msgid "Changing password for" ++msgstr "Cambiando la contraseña para" + + #: pam_winbind.c:2027 + msgid "(current) NT password: " +Index: source3/locale/pam_winbind/fi.po +=================================================================== +--- source3/locale/pam_winbind/fi.po.orig ++++ source3/locale/pam_winbind/fi.po +@@ -156,8 +156,8 @@ msgstr "Käyttäjänimi: " + + #. instruct user what is happening + #: ../../nsswitch/pam_winbind.c:2589 +-msgid "Changing password for " +-msgstr "Vaihdetaan salasana käyttäjälle " ++msgid "Changing password for" ++msgstr "Vaihdetaan salasana käyttäjälle" + + #: ../../nsswitch/pam_winbind.c:2604 + msgid "(current) NT password: " +Index: source3/locale/pam_winbind/fr.po +=================================================================== +--- source3/locale/pam_winbind/fr.po.orig ++++ source3/locale/pam_winbind/fr.po +@@ -136,8 +136,8 @@ msgid "Password: " + msgstr "Mot de passe : " + + #: pam_winbind.c:2013 +-msgid "Changing password for " +-msgstr "Changement du mot de passe pour " ++msgid "Changing password for" ++msgstr "Changement du mot de passe pour" + + #: pam_winbind.c:2027 + msgid "(current) NT password: " +Index: source3/locale/pam_winbind/hu.po +=================================================================== +--- source3/locale/pam_winbind/hu.po.orig ++++ source3/locale/pam_winbind/hu.po +@@ -150,7 +150,7 @@ msgid "Password: " + msgstr "Jelszó: " + + #: pam_winbind.c:2013 +-msgid "Changing password for " ++msgid "Changing password for" + msgstr "Jelszómódosítás" + + #: pam_winbind.c:2027 +Index: source3/locale/pam_winbind/it.po +=================================================================== +--- source3/locale/pam_winbind/it.po.orig ++++ source3/locale/pam_winbind/it.po +@@ -136,8 +136,8 @@ msgid "Password: " + msgstr "Password: " + + #: pam_winbind.c:2013 +-msgid "Changing password for " +-msgstr "Modifica la password per " ++msgid "Changing password for" ++msgstr "Modifica la password per" + + #: pam_winbind.c:2027 + msgid "(current) NT password: " +Index: source3/locale/pam_winbind/ja.po +=================================================================== +--- source3/locale/pam_winbind/ja.po.orig ++++ source3/locale/pam_winbind/ja.po +@@ -136,8 +136,8 @@ msgid "Password: " + msgstr "パスワード:" + + #: pam_winbind.c:2013 +-msgid "Changing password for " +-msgstr "下記に対するパスワードを変更しています " ++msgid "Changing password for" ++msgstr "下記に対するパスワードを変更しています" + + #: pam_winbind.c:2027 + msgid "(current) NT password: " +Index: source3/locale/pam_winbind/ko.po +=================================================================== +--- source3/locale/pam_winbind/ko.po.orig ++++ source3/locale/pam_winbind/ko.po +@@ -136,7 +136,7 @@ msgid "Password: " + msgstr "비밀번호:" + + #: pam_winbind.c:2013 +-msgid "Changing password for " ++msgid "Changing password for" + msgstr "비밀번호 변경" + + #: pam_winbind.c:2027 +Index: source3/locale/pam_winbind/nb.po +=================================================================== +--- source3/locale/pam_winbind/nb.po.orig ++++ source3/locale/pam_winbind/nb.po +@@ -158,8 +158,8 @@ msgstr "Brukernavn: " + + #. instruct user what is happening + #: ../../nsswitch/pam_winbind.c:2589 +-msgid "Changing password for " +-msgstr "Endrer passord for " ++msgid "Changing password for" ++msgstr "Endrer passord for" + + #: ../../nsswitch/pam_winbind.c:2604 + msgid "(current) NT password: " +Index: source3/locale/pam_winbind/nl.po +=================================================================== +--- source3/locale/pam_winbind/nl.po.orig ++++ source3/locale/pam_winbind/nl.po +@@ -136,8 +136,8 @@ msgid "Password: " + msgstr "Wachtwoord:" + + #: pam_winbind.c:2013 +-msgid "Changing password for " +-msgstr "Wachtwoord wijzigen voor " ++msgid "Changing password for" ++msgstr "Wachtwoord wijzigen voor" + + #: pam_winbind.c:2027 + msgid "(current) NT password: " +Index: source3/locale/pam_winbind/pl.po +=================================================================== +--- source3/locale/pam_winbind/pl.po.orig ++++ source3/locale/pam_winbind/pl.po +@@ -136,8 +136,8 @@ msgid "Password: " + msgstr "Hasło: " + + #: pam_winbind.c:2013 +-msgid "Changing password for " +-msgstr "Zmiana hasła dla " ++msgid "Changing password for" ++msgstr "Zmiana hasła dla" + + #: pam_winbind.c:2027 + msgid "(current) NT password: " +Index: source3/locale/pam_winbind/pt_BR.po +=================================================================== +--- source3/locale/pam_winbind/pt_BR.po.orig ++++ source3/locale/pam_winbind/pt_BR.po +@@ -136,7 +136,7 @@ msgid "Password: " + msgstr "Senha:" + + #: pam_winbind.c:2013 +-msgid "Changing password for " ++msgid "Changing password for" + msgstr "Alterando a senha para" + + #: pam_winbind.c:2027 +Index: source3/locale/pam_winbind/ru.po +=================================================================== +--- source3/locale/pam_winbind/ru.po.orig ++++ source3/locale/pam_winbind/ru.po +@@ -136,8 +136,8 @@ msgid "Password: " + msgstr "Пароль:" + + #: pam_winbind.c:2013 +-msgid "Changing password for " +-msgstr "Изменение пароля для " ++msgid "Changing password for" ++msgstr "Изменение пароля для" + + #: pam_winbind.c:2027 + msgid "(current) NT password: " +Index: source3/locale/pam_winbind/sv.po +=================================================================== +--- source3/locale/pam_winbind/sv.po.orig ++++ source3/locale/pam_winbind/sv.po +@@ -136,8 +136,8 @@ msgid "Password: " + msgstr "Lösenord:" + + #: pam_winbind.c:2013 +-msgid "Changing password for " +-msgstr "Ändrar lösenord för " ++msgid "Changing password for" ++msgstr "Ändrar lösenord för" + + #: pam_winbind.c:2027 + msgid "(current) NT password: " +Index: source3/locale/pam_winbind/zh_CN.po +=================================================================== +--- source3/locale/pam_winbind/zh_CN.po.orig ++++ source3/locale/pam_winbind/zh_CN.po +@@ -136,8 +136,8 @@ msgid "Password: " + msgstr "密码:" + + #: pam_winbind.c:2013 +-msgid "Changing password for " +-msgstr "更改密码 " ++msgid "Changing password for" ++msgstr "更改密码" + + #: pam_winbind.c:2027 + msgid "(current) NT password: " +Index: source3/locale/pam_winbind/zh_TW.po +=================================================================== +--- source3/locale/pam_winbind/zh_TW.po.orig ++++ source3/locale/pam_winbind/zh_TW.po +@@ -136,7 +136,7 @@ msgid "Password: " + msgstr "密碼:" + + #: pam_winbind.c:2013 +-msgid "Changing password for " ++msgid "Changing password for" + msgstr "變更密碼 -" + + #: pam_winbind.c:2027 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/series new/patches/series --- old/patches/series 2010-01-19 12:29:33.000000000 +0100 +++ new/patches/series 2010-02-09 23:05:48.000000000 +0100 @@ -9,6 +9,13 @@ samba.org/2d063d077aed01f020352e859b766415fe094fa5 -p0 # FATE 302414. Backported from 3.5.x(master). samba.org/e171c09c3bae678db68c3ded5765d602c8438e25 -p0 # FATE 302414. Backported from 3.5.x(master). samba.org/3d72c96d125a9dd048cc9c358b01aa354a5afa66 -p0 # FATE 302414. Backported from 3.5.x(master). +samba.org/f9f1db18834648da73b7b1f6d9472523941e8277 -p0 # bnc 499233 +samba.org/381593a6cb1ff0ccbc560ee9329b0d2e59938264 -p0 # bnc 525123, bso 7106 +samba.org/bd269443e311d96ef495a9db47d1b95eb83bb8f4 -p0 # bso 7104, bnc 577868 +samba.org/cc7b62269e4a90859dd93b8d6896390857ba17d7 -p0 # mount.cifs check req by bnc 550002 +samba.org/3ae5dac462c4ed0fb2cd94553583c56fce2f9d80 -p0 # bnc 550002 +samba.org/a065c177dfc8f968775593ba00dffafeebb2e054 -p0 # brc 562156, bnc 577925 +samba.org/a0c31ec1c8d1220a5884e40d9ba6b191a04a24d5 -p0 # bnc 550002 # SuSE specific changes # disabled -> WIP lmuelle diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/suse/Makefile.in-libwbclient_static.diff new/patches/suse/Makefile.in-libwbclient_static.diff --- old/patches/suse/Makefile.in-libwbclient_static.diff 2010-01-19 12:29:33.000000000 +0100 +++ new/patches/suse/Makefile.in-libwbclient_static.diff 2010-01-28 00:47:00.000000000 +0100 @@ -1,7 +1,8 @@ Author: Lars Mueller <lmuelle at suse dot de> Subject: Create a static lib too Reported upstream: no -Fixed upstream: no +Fixed upstream: yes +commit 2f9eb6bff5faa2c00c901fdf7b7c3489b473a1d3 Index: source3/Makefile.in =================================================================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/suse/testsuite_libsmbclient.diff new/patches/suse/testsuite_libsmbclient.diff --- old/patches/suse/testsuite_libsmbclient.diff 2010-01-19 12:29:33.000000000 +0100 +++ new/patches/suse/testsuite_libsmbclient.diff 2010-01-28 00:51:04.000000000 +0100 @@ -1,5 +1,7 @@ Author: Lars Mueller <lmuelle at suse dot de> Subject: link all required libs +Fixed upstream: yes +commit 97c4c63990fceb01fd1110d4fcc97b70f623b201 Index: testsuite/libsmbclient/src/Makefile =================================================================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/suse/testsuite_libsmbclient_src_Makefile.diff new/patches/suse/testsuite_libsmbclient_src_Makefile.diff --- old/patches/suse/testsuite_libsmbclient_src_Makefile.diff 2010-01-19 12:29:33.000000000 +0100 +++ new/patches/suse/testsuite_libsmbclient_src_Makefile.diff 2010-01-28 00:51:04.000000000 +0100 @@ -1,5 +1,7 @@ Author: Lars Mueller <lars at samba dot org> Subject: use source3 as sub dir name +Fixed upstream: yes +commit 8e26aa3d7cec968584283634fe3dce5553387c8c Index: testsuite/libsmbclient/src/Makefile =================================================================== ++++++ vendor-files.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/tools/package-data new/vendor-files/tools/package-data --- old/vendor-files/tools/package-data 2010-01-19 12:31:42.000000000 +0100 +++ new/vendor-files/tools/package-data 2010-02-09 23:27:31.000000000 +0100 @@ -1,2 +1,2 @@ # This is an autogenrated file. -SAMBA_PACKAGE_SVN_VERSION="2280" +SAMBA_PACKAGE_SVN_VERSION="2306" ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de