Hello community,
here is the log from the commit of package samba
checked in at Sat May 31 12:13:31 CEST 2008.
--------
--- samba/samba.changes 2008-05-23 17:36:25.000000000 +0200
+++ /mounts/work_src_done/STABLE/samba/samba.changes 2008-05-30 19:20:17.000000000 +0200
@@ -1,0 +2,24 @@
+Fri May 30 19:18:17 CEST 2008 - lmuelle@suse.de
+
+- Set only CONFIGDIR and LIBDIR while make everything and install. No longer
+ set CONFIGFILE, DRIVERFILE, LMHOSTSFILE, and SMB_PASSWD_FILE; [bnc#395877].
+
+-------------------------------------------------------------------
+Wed May 28 17:49:51 CEST 2008 - lmuelle@suse.de
+
+- Update to 3.0.30.
+ + Fix for CVE-2008-1105.
+ + Remove man pages for ldb tools not included in Samba 3.0.
+
+-------------------------------------------------------------------
+Wed May 28 16:15:43 CEST 2008 - lmuelle@suse.de
+
+- Fix vulnerability that allows for the execution of arbitrary code in smbd;
+ CVE-2008-1105; SA30228; [#391168].
+
+-------------------------------------------------------------------
+Tue May 27 11:07:45 CEST 2008 - coolo@suse.de
+
+- Follow the rename of libtdb0 in baselibs.conf.
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ samba-doc.spec ++++++
--- /var/tmp/diff_new_pack.YOU389/_old 2008-05-31 12:12:31.000000000 +0200
+++ /var/tmp/diff_new_pack.YOU389/_new 2008-05-31 12:12:31.000000000 +0200
@@ -19,7 +19,7 @@
License: GPL v3 or later
Url: http://www.samba.org/
Version: 3.2.0
-Release: 17
+Release: 19
Summary: Samba Documentation
Group: Documentation/Other
AutoReqProv: on
@@ -299,7 +299,7 @@
--------
The Samba Team
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%changelog
++++++ samba.spec ++++++
--- /var/tmp/diff_new_pack.YOU389/_old 2008-05-31 12:12:31.000000000 +0200
+++ /var/tmp/diff_new_pack.YOU389/_new 2008-05-31 12:12:31.000000000 +0200
@@ -44,7 +44,7 @@
Url: http://www.samba.org/
AutoReqProv: on
Version: 3.2.0
-Release: 17
+Release: 19
Requires: samba-client >= %{version}
PreReq: /bin/cp /bin/mkdir /bin/mv /bin/rm /bin/touch /usr/bin/dirname /usr/bin/grep /usr/sbin/groupadd /usr/bin/tr
Summary: A SMB/CIFS File, Print, and Authentication Server
@@ -108,7 +108,7 @@
--------
The Samba Team
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%package client
@@ -145,7 +145,7 @@
--------
The Samba Team
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1020
@@ -166,7 +166,7 @@
--------
The Samba Team
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%endif
@@ -196,7 +196,7 @@
--------
The Samba Team
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%endif
@@ -222,7 +222,7 @@
--------
Jeremy Allison <jra at samba dot org>
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%if %{make_utils}
@@ -265,7 +265,7 @@
--------
The Samba Team
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%if 0%{?suse_version} && 0%{?suse_version} < 1031
@@ -300,7 +300,7 @@
--------
The Samba Team
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%else
@@ -314,7 +314,7 @@
--------
The Samba Team
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%endif
@@ -348,7 +348,7 @@
--------
The Samba Team
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%package -n libnetapi0
@@ -367,7 +367,7 @@
--------
The Samba Team
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%package -n libnetapi-devel
@@ -387,7 +387,7 @@
--------
The Samba Team
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%if 0%{?suse_version} && 0%{?suse_version} < 1031
@@ -414,7 +414,7 @@
--------
The Samba Team
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%else
@@ -428,7 +428,7 @@
--------
The Samba Team
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%endif
@@ -459,7 +459,7 @@
--------
The Samba Team
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%if %{make_ldapsmb}
@@ -480,7 +480,7 @@
--------
The Samba Team
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%package -n libtalloc-devel
@@ -500,7 +500,7 @@
--------
The Samba Team
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%package -n libtdb1
@@ -519,7 +519,7 @@
--------
The Samba Team
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%package -n libtdb-devel
@@ -539,7 +539,7 @@
--------
The Samba Team
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%package -n libwbclient0
@@ -558,7 +558,7 @@
--------
The Samba Team
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%package -n libwbclient-devel
@@ -578,7 +578,7 @@
--------
The Samba Team
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%package -n ldapsmb
@@ -587,7 +587,7 @@
Group: Productivity/Networking/Samba
AutoReqProv: on
Version: 1.34b
-Release: 190
+Release: 192
Requires: perl-ldap
%description -n ldapsmb
@@ -600,7 +600,7 @@
--------
Guenther Deschner <guenther at deschner dot de>
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%endif
@@ -622,7 +622,7 @@
--------
Steve French <sfrench at Samba dot org>
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%endif
@@ -652,7 +652,7 @@
--------
Rainer Link
-Source Timestamp: 1784
+Source Timestamp: 1795
Branch : trunk
%endif
@@ -799,7 +799,8 @@
%{__make} proto
%endif
%{__make} %{?jobs:-j%jobs} \
- CODEPAGEDIR=%{_libdir}/samba \
+ CONFIGDIR=%{CONFIGDIR} \
+ LIBDIR=%{_libdir}/samba \
everything
#%{__make} %{?jobs:-j%jobs} -C tdb tdbtest tdbtorture
%if %{make_vscan}
@@ -855,11 +856,8 @@
${RPM_BUILD_ROOT}/%{_datadir}/susehelp/meta/Administration/System
%{__make} -C source/ install \
DESTDIR=${RPM_BUILD_ROOT} \
- CONFIGFILE=%{CONFIGDIR}/smb.conf \
- DRIVERFILE=%{CONFIGDIR}/printers.def \
- LIBDIR=%{_libdir}/samba \
- LMHOSTSFILE=%{CONFIGDIR}/lmhosts \
- SMB_PASSWD_FILE=%{CONFIGDIR}/smbpasswd
+ CONFIGDIR=%{CONFIGDIR} \
+ LIBDIR=%{_libdir}/samba
# utility scripts
scripts="creategroup mksmbpasswd.sh"
mkdir -p examples/scripts
@@ -1596,6 +1594,18 @@
%endif
%changelog
+* Fri May 30 2008 lmuelle@suse.de
+- Set only CONFIGDIR and LIBDIR while make everything and install. No longer
+ set CONFIGFILE, DRIVERFILE, LMHOSTSFILE, and SMB_PASSWD_FILE; [bnc#395877].
+* Wed May 28 2008 lmuelle@suse.de
+- Update to 3.0.30.
+ + Fix for CVE-2008-1105.
+ + Remove man pages for ldb tools not included in Samba 3.0.
+* Wed May 28 2008 lmuelle@suse.de
+- Fix vulnerability that allows for the execution of arbitrary code in smbd;
+ CVE-2008-1105; SA30228; [#391168].
+* Tue May 27 2008 coolo@suse.de
+- Follow the rename of libtdb0 in baselibs.conf.
* Fri May 23 2008 lmuelle@suse.de
- Rename sub package libtdb0 to libtdb1.
* Fri May 23 2008 lmuelle@suse.de
++++++ baselibs.conf ++++++
--- samba/baselibs.conf 2008-05-17 23:57:14.000000000 +0200
+++ /mounts/work_src_done/STABLE/samba/baselibs.conf 2008-05-27 11:15:00.000000000 +0200
@@ -1,7 +1,7 @@
libsmbclient
libsmbclient0
libtalloc1
-libtdb0
+libtdb1
libwbclient0
samba
-/usr/lib/samba
++++++ build-source-timestamp ++++++
--- samba/build-source-timestamp 2008-05-23 18:20:58.000000000 +0200
+++ /mounts/work_src_done/STABLE/samba/build-source-timestamp 2008-05-30 19:23:39.000000000 +0200
@@ -1,2 +1,2 @@
-1784
+1795
Branch : trunk
++++++ patches.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/samba.org/CVE-2008-1105_3.2.diff new/patches/samba.org/CVE-2008-1105_3.2.diff
--- old/patches/samba.org/CVE-2008-1105_3.2.diff 1970-01-01 01:00:00.000000000 +0100
+++ new/patches/samba.org/CVE-2008-1105_3.2.diff 2008-05-28 12:47:18.000000000 +0200
@@ -0,0 +1,326 @@
+diff --git source/client/client.c source/client/client.c
+index e08fa89..d684ba8 100644
+--- source/client/client.c
++++ source/client/client.c
+@@ -4382,7 +4382,7 @@ static void readline_callback(void)
+
+ set_smb_read_error(&cli->smb_rw_error, SMB_READ_OK);
+
+- status = receive_smb_raw(cli->fd, cli->inbuf, 0, 0, &len);
++ status = receive_smb_raw(cli->fd, cli->inbuf, cli->bufsize, 0, 0, &len);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Read from server failed, maybe it closed "
+diff --git source/lib/util_sock.c source/lib/util_sock.c
+index f252377..b2a1ece 100644
+--- source/lib/util_sock.c
++++ source/lib/util_sock.c
+@@ -1151,16 +1151,15 @@ NTSTATUS read_smb_length(int fd, char *inbuf, unsigned int timeout,
+ }
+
+ /****************************************************************************
+- Read an smb from a fd. Note that the buffer *MUST* be of size
+- BUFFER_SIZE+SAFETY_MARGIN.
++ Read an smb from a fd.
+ The timeout is in milliseconds.
+ This function will return on receipt of a session keepalive packet.
+ maxlen is the max number of bytes to return, not including the 4 byte
+- length. If zero it means BUFFER_SIZE+SAFETY_MARGIN limit.
++ length. If zero it means buflen limit.
+ Doesn't check the MAC on signed packets.
+ ****************************************************************************/
+
+-NTSTATUS receive_smb_raw(int fd, char *buffer, unsigned int timeout,
++NTSTATUS receive_smb_raw(int fd, char *buffer, size_t buflen, unsigned int timeout,
+ size_t maxlen, size_t *p_len)
+ {
+ size_t len;
+@@ -1173,17 +1172,10 @@ NTSTATUS receive_smb_raw(int fd, char *buffer, unsigned int timeout,
+ return status;
+ }
+
+- /*
+- * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
+- * of header. Don't print the error if this fits.... JRA.
+- */
+-
+- if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
++ if (len > buflen) {
+ DEBUG(0,("Invalid packet length! (%lu bytes).\n",
+ (unsigned long)len));
+- if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) {
+- return NT_STATUS_INVALID_PARAMETER;
+- }
++ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if(len > 0) {
+diff --git source/libsmb/clientgen.c source/libsmb/clientgen.c
+index 6419123..2af4383 100644
+--- source/libsmb/clientgen.c
++++ source/libsmb/clientgen.c
+@@ -57,8 +57,7 @@ int cli_set_port(struct cli_state *cli, int port)
+ }
+
+ /****************************************************************************
+- Read an smb from a fd ignoring all keepalive packets. Note that the buffer
+- *MUST* be of size BUFFER_SIZE+SAFETY_MARGIN.
++ Read an smb from a fd ignoring all keepalive packets.
+ The timeout is in milliseconds
+
+ This is exactly the same as receive_smb except that it never returns
+@@ -76,8 +75,8 @@ static ssize_t client_receive_smb(struct cli_state *cli, size_t maxlen)
+
+ set_smb_read_error(&cli->smb_rw_error, SMB_READ_OK);
+
+- status = receive_smb_raw(cli->fd, cli->inbuf, cli->timeout,
+- maxlen, &len);
++ status = receive_smb_raw(cli->fd, cli->inbuf, cli->bufsize,
++ cli->timeout, maxlen, &len);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("client_receive_smb failed\n"));
+ show_msg(cli->inbuf);
+@@ -225,93 +224,6 @@ ssize_t cli_receive_smb_data(struct cli_state *cli, char *buffer, size_t len)
+ return -1;
+ }
+
+-/****************************************************************************
+- Read a smb readX header.
+- We can only use this if encryption and signing are off.
+-****************************************************************************/
+-
+-bool cli_receive_smb_readX_header(struct cli_state *cli)
+-{
+- ssize_t len, offset;
+-
+- if (cli->fd == -1)
+- return false;
+-
+- again:
+-
+- /* Read up to the size of a readX header reply. */
+- len = client_receive_smb(cli, (smb_size - 4) + 24);
+-
+- if (len > 0) {
+- /* it might be an oplock break request */
+- if (!(CVAL(cli->inbuf, smb_flg) & FLAG_REPLY) &&
+- CVAL(cli->inbuf,smb_com) == SMBlockingX &&
+- SVAL(cli->inbuf,smb_vwv6) == 0 &&
+- SVAL(cli->inbuf,smb_vwv7) == 0) {
+- ssize_t total_len = smb_len(cli->inbuf);
+-
+- if (total_len > CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN) {
+- goto read_err;
+- }
+-
+- /* Read the rest of the data. */
+- if ((total_len - len > 0) &&
+- !cli_receive_smb_data(cli,cli->inbuf+len,total_len - len)) {
+- goto read_err;
+- }
+-
+- if (cli->oplock_handler) {
+- int fnum = SVAL(cli->inbuf,smb_vwv2);
+- unsigned char level = CVAL(cli->inbuf,smb_vwv3+1);
+- if (!cli->oplock_handler(cli, fnum, level)) return false;
+- }
+- /* try to prevent loops */
+- SCVAL(cli->inbuf,smb_com,0xFF);
+- goto again;
+- }
+- }
+-
+- /* If it's not the above size it probably was an error packet. */
+-
+- if ((len == (smb_size - 4) + 24) && !cli_is_error(cli)) {
+- /* Check it's a non-chained readX reply. */
+- if (!(CVAL(cli->inbuf, smb_flg) & FLAG_REPLY) ||
+- (CVAL(cli->inbuf,smb_vwv0) != 0xFF) ||
+- (CVAL(cli->inbuf,smb_com) != SMBreadX)) {
+- /*
+- * We're not coping here with asnyc replies to
+- * other calls. Punt here - we need async client
+- * libs for this.
+- */
+- goto read_err;
+- }
+-
+- /*
+- * We know it's a readX reply - ensure we've read the
+- * padding bytes also.
+- */
+-
+- offset = SVAL(cli->inbuf,smb_vwv6);
+- if (offset > len) {
+- ssize_t ret;
+- size_t padbytes = offset - len;
+- ret = cli_receive_smb_data(cli,smb_buf(cli->inbuf),padbytes);
+- if (ret != padbytes) {
+- goto read_err;
+- }
+- }
+- }
+-
+- return true;
+-
+- read_err:
+-
+- cli->smb_rw_error = SMB_READ_ERROR;
+- close(cli->fd);
+- cli->fd = -1;
+- return false;
+-}
+-
+ static ssize_t write_socket(int fd, const char *buf, size_t len)
+ {
+ ssize_t ret=0;
+diff --git source/libsmb/clireadwrite.c source/libsmb/clireadwrite.c
+index 12ba4b7..487f446 100644
+--- source/libsmb/clireadwrite.c
++++ source/libsmb/clireadwrite.c
+@@ -472,106 +472,6 @@ ssize_t cli_read(struct cli_state *cli, int fnum, char *buf,
+ return ret;
+ }
+
+-#if 0 /* relies on client_receive_smb(), now a static in libsmb/clientgen.c */
+-
+-/* This call is INCOMPATIBLE with SMB signing. If you remove the #if 0
+- you must fix ensure you don't attempt to sign the packets - data
+- *will* be currupted */
+-
+-/****************************************************************************
+-Issue a single SMBreadraw and don't wait for a reply.
+-****************************************************************************/
+-
+-static bool cli_issue_readraw(struct cli_state *cli, int fnum, off_t offset,
+- size_t size, int i)
+-{
+-
+- if (!cli->sign_info.use_smb_signing) {
+- DEBUG(0, ("Cannot use readraw and SMB Signing\n"));
+- return False;
+- }
+-
+- memset(cli->outbuf,'\0',smb_size);
+- memset(cli->inbuf,'\0',smb_size);
+-
+- cli_set_message(cli->outbuf,10,0,True);
+-
+- SCVAL(cli->outbuf,smb_com,SMBreadbraw);
+- SSVAL(cli->outbuf,smb_tid,cli->cnum);
+- cli_setup_packet(cli);
+-
+- SSVAL(cli->outbuf,smb_vwv0,fnum);
+- SIVAL(cli->outbuf,smb_vwv1,offset);
+- SSVAL(cli->outbuf,smb_vwv2,size);
+- SSVAL(cli->outbuf,smb_vwv3,size);
+- SSVAL(cli->outbuf,smb_mid,cli->mid + i);
+-
+- return cli_send_smb(cli);
+-}
+-
+-/****************************************************************************
+- Tester for the readraw call.
+-****************************************************************************/
+-
+-ssize_t cli_readraw(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size)
+-{
+- char *p;
+- int size2;
+- size_t readsize;
+- ssize_t total = 0;
+-
+- if (size == 0)
+- return 0;
+-
+- /*
+- * Set readsize to the maximum size we can handle in one readraw.
+- */
+-
+- readsize = 0xFFFF;
+-
+- while (total < size) {
+- readsize = MIN(readsize, size-total);
+-
+- /* Issue a read and receive a reply */
+-
+- if (!cli_issue_readraw(cli, fnum, offset, readsize, 0))
+- return -1;
+-
+- if (!client_receive_smb(cli->fd, cli->inbuf, cli->timeout))
+- return -1;
+-
+- size2 = smb_len(cli->inbuf);
+-
+- if (size2 > readsize) {
+- DEBUG(5,("server returned more than we wanted!\n"));
+- return -1;
+- } else if (size2 < 0) {
+- DEBUG(5,("read return < 0!\n"));
+- return -1;
+- }
+-
+- /* Copy data into buffer */
+-
+- if (size2) {
+- p = cli->inbuf + 4;
+- memcpy(buf + total, p, size2);
+- }
+-
+- total += size2;
+- offset += size2;
+-
+- /*
+- * If the server returned less than we asked for we're at EOF.
+- */
+-
+- if (size2 < readsize)
+- break;
+- }
+-
+- return total;
+-}
+-#endif
+-
+ /****************************************************************************
+ Issue a single SMBwrite and don't wait for a reply.
+ ****************************************************************************/
+diff --git source/smbd/process.c source/smbd/process.c
+index 5946989..ed34e9b 100644
+--- source/smbd/process.c
++++ source/smbd/process.c
+@@ -120,9 +120,7 @@ static bool valid_packet_size(size_t len)
+ if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
+ DEBUG(0,("Invalid packet length! (%lu bytes).\n",
+ (unsigned long)len));
+- if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) {
+- return false;
+- }
++ return false;
+ }
+ return true;
+ }
+diff --git source/utils/smbfilter.c source/utils/smbfilter.c
+index e128e1c..d274e09 100644
+--- source/utils/smbfilter.c
++++ source/utils/smbfilter.c
+@@ -171,7 +171,8 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss)
+ if (c != -1 && FD_ISSET(c, &fds)) {
+ size_t len;
+ if (!NT_STATUS_IS_OK(receive_smb_raw(
+- c, packet, 0, 0, &len))) {
++ c, packet, sizeof(packet),
++ 0, 0, &len))) {
+ d_printf("client closed connection\n");
+ exit(0);
+ }
+@@ -184,7 +185,8 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss)
+ if (s != -1 && FD_ISSET(s, &fds)) {
+ size_t len;
+ if (!NT_STATUS_IS_OK(receive_smb_raw(
+- s, packet, 0, 0, &len))) {
++ s, packet, sizeof(packet),
++ 0, 0, &len))) {
+ d_printf("server closed connection\n");
+ exit(0);
+ }
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/series new/patches/series
--- old/patches/series 2008-05-23 16:43:35.000000000 +0200
+++ new/patches/series 2008-05-28 12:43:35.000000000 +0200
@@ -5,6 +5,7 @@
# allows quilt to work in the usual way (= outside of our RPM spec file).
# Samba patches from upstream, svnanon.Samba.org
+samba.org/CVE-2008-1105_3.2.diff -p0
# SuSE specific changes
# disabled -> WIP lmuelle
++++++ vendor-files.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vendor-files/tools/package-data new/vendor-files/tools/package-data
--- old/vendor-files/tools/package-data 2008-05-23 18:20:58.000000000 +0200
+++ new/vendor-files/tools/package-data 2008-05-30 19:23:38.000000000 +0200
@@ -1,2 +1,2 @@
# This is an autogenrated file.
-SAMBA_PACKAGE_SVN_VERSION="1784"
+SAMBA_PACKAGE_SVN_VERSION="1795"
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org