Security and Bugfix release
This commit is contained in:
Simo Sorce
parent
a5fdfc5094
commit
f6895f4c3a
@ -1 +1 @@
|
||||
samba-3.0.25c.tar.gz
|
||||
samba-3.0.26a.tar.gz
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
#!/bin/sh
|
||||
|
||||
/usr/lib/rpm/perl.req $* | grep -E -v '(Net::LDAP|Crypt::SmbHash|CGI|Unicode::MapUTF8)'
|
||||
/usr/lib/rpm/perl.req $* | grep -E -v '(Net::LDAP|Crypt::SmbHash|CGI|Unicode::MapUTF8|smbldap_tools)'
|
||||
|
||||
@ -1,55 +0,0 @@
|
||||
diff --git a/source/nsswitch/idmap_ldap.c b/source/nsswitch/idmap_ldap.c
|
||||
index ca7d32b..7c02779 100644
|
||||
--- a/source/nsswitch/idmap_ldap.c
|
||||
+++ b/source/nsswitch/idmap_ldap.c
|
||||
@@ -287,16 +287,9 @@ static NTSTATUS idmap_ldap_alloc_init(const char *params)
|
||||
}
|
||||
CHECK_ALLOC_DONE( idmap_alloc_ldap->url );
|
||||
|
||||
- tmp = lp_ldap_idmap_suffix();
|
||||
+ tmp = lp_parm_const_string(-1, "idmap alloc config", "ldap_base_dn", NULL);
|
||||
if ( ! tmp || ! *tmp) {
|
||||
- tmp = lp_parm_const_string(-1, "idmap alloc config", "ldap_base_dn", NULL);
|
||||
- }
|
||||
- if ( ! tmp) {
|
||||
- tmp = lp_ldap_suffix();
|
||||
- if (tmp) {
|
||||
- DEBUG(1, ("WARNING: Trying to use the global ldap suffix(%s)\n", tmp));
|
||||
- DEBUGADD(1, ("as suffix. This may not be what you want!\n"));
|
||||
- }
|
||||
+ tmp = lp_ldap_idmap_suffix();
|
||||
if ( ! tmp) {
|
||||
DEBUG(1, ("ERROR: missing idmap ldap suffix\n"));
|
||||
ret = NT_STATUS_UNSUCCESSFUL;
|
||||
@@ -780,21 +773,16 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom)
|
||||
}
|
||||
CHECK_ALLOC_DONE(ctx->url);
|
||||
|
||||
- tmp = lp_ldap_idmap_suffix();
|
||||
- if ( ! tmp || ! *tmp) {
|
||||
- tmp = lp_parm_const_string(-1, config_option, "ldap_base_dn", NULL);
|
||||
- }
|
||||
- if ( ! tmp) {
|
||||
- tmp = lp_ldap_suffix();
|
||||
- if (tmp) {
|
||||
- DEBUG(1, ("WARNING: Trying to use the global ldap suffix(%s)\n", tmp));
|
||||
- DEBUGADD(1, ("as suffix. This may not be what you want!\n"));
|
||||
- } else {
|
||||
- DEBUG(1, ("ERROR: missing idmap ldap suffix\n"));
|
||||
- ret = NT_STATUS_UNSUCCESSFUL;
|
||||
- goto done;
|
||||
- }
|
||||
- }
|
||||
+ tmp = lp_parm_const_string(-1, config_option, "ldap_base_dn", NULL);
|
||||
+ if ( ! tmp || ! *tmp) {
|
||||
+ tmp = lp_ldap_idmap_suffix();
|
||||
+ if ( ! tmp) {
|
||||
+ DEBUG(1, ("ERROR: missing idmap ldap suffix\n"));
|
||||
+ ret = NT_STATUS_UNSUCCESSFUL;
|
||||
+ goto done;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
ctx->suffix = talloc_strdup(ctx, tmp);
|
||||
CHECK_ALLOC_DONE(ctx->suffix);
|
||||
|
||||
14
samba.spec
14
samba.spec
@ -1,8 +1,8 @@
|
||||
Summary: The Samba Suite of programs
|
||||
Name: samba
|
||||
Epoch: 0
|
||||
Version: 3.0.25c
|
||||
Release: 4%{?dist}
|
||||
Version: 3.0.26a
|
||||
Release: 0%{?dist}
|
||||
License: GPLv2+ and LGPLv2+
|
||||
Group: System Environment/Daemons
|
||||
URL: http://www.samba.org/
|
||||
@ -41,9 +41,6 @@ Patch107: samba-3.0.23rc3-passwd.patch
|
||||
Patch110: samba-3.0.21pre1-smbspool.patch
|
||||
Patch111: samba-3.0.13-smbclient.patch
|
||||
Patch200: samba-3.0.25rc1-inotifiy.patch
|
||||
Patch210: samba-3.0.25-imdap-basedn.patch
|
||||
Patch211: samba3_idmap_ldap_memleak.patch
|
||||
Patch300: samba3-glibc-open.patch
|
||||
|
||||
|
||||
Requires(pre): samba-common = %{epoch}:%{version}-%{release}
|
||||
@ -161,9 +158,6 @@ cp %{SOURCE11} packaging/Fedora/
|
||||
%patch110 -p1 -b .smbspool
|
||||
%patch111 -p1 -b .smbclient
|
||||
%patch200 -p0 -b .inotify
|
||||
%patch210 -p1 -b .idmap_basedn
|
||||
%patch211 -p0 -b .idmap_ldap_memleak
|
||||
%patch300 -p0 -b .glibc_open
|
||||
|
||||
# crap
|
||||
rm -f examples/VFS/.cvsignore
|
||||
@ -646,6 +640,10 @@ exit 0
|
||||
#%{_includedir}/libmsrpc.h
|
||||
|
||||
%changelog
|
||||
* Tue Sep 11 2007 Simo Sorce <ssorce@redhat.com> 3.0.26a-0.fc8
|
||||
- upgrade to the latest upstream realease
|
||||
- includes security fixes released today in 3.0.26
|
||||
|
||||
* Tue Aug 24 2007 Simo Sorce <ssorce@redhat.com> 3.0.25c-4.fc8
|
||||
- add fix reported upstream for heavy idmap_ldap memleak
|
||||
|
||||
|
||||
@ -1,69 +0,0 @@
|
||||
--- source/include/vfs_macros.h 2007-03-20 18:25:39.000000000 -0400
|
||||
+++ source/include/vfs_macros.h.new 2007-08-21 10:53:19.000000000 -0400
|
||||
@@ -47,7 +47,7 @@
|
||||
#define SMB_VFS_CLOSEDIR(conn, dir) ((conn)->vfs.ops.closedir((conn)->vfs.handles.closedir, dir))
|
||||
|
||||
/* File operations */
|
||||
-#define SMB_VFS_OPEN(conn, fname, fsp, flags, mode) ((conn)->vfs.ops.open((conn)->vfs.handles.open, (fname), (fsp), (flags), (mode)))
|
||||
+#define SMB_VFS_OPEN(conn, fname, fsp, flags, mode) (((conn)->vfs.ops.open)((conn)->vfs.handles.open, (fname), (fsp), (flags), (mode)))
|
||||
#define SMB_VFS_CLOSE(fsp, fd) ((fsp)->conn->vfs.ops.close_fn((fsp)->conn->vfs.handles.close_hnd, (fsp), (fd)))
|
||||
#define SMB_VFS_READ(fsp, fd, data, n) ((fsp)->conn->vfs.ops.read((fsp)->conn->vfs.handles.read, (fsp), (fd), (data), (n)))
|
||||
#define SMB_VFS_PREAD(fsp, fd, data, n, off) ((fsp)->conn->vfs.ops.pread((fsp)->conn->vfs.handles.pread, (fsp), (fd), (data), (n), (off)))
|
||||
@@ -163,7 +163,7 @@
|
||||
#define SMB_VFS_OPAQUE_CLOSEDIR(conn, dir) ((conn)->vfs_opaque.ops.closedir((conn)->vfs_opaque.handles.closedir, dir))
|
||||
|
||||
/* File operations */
|
||||
-#define SMB_VFS_OPAQUE_OPEN(conn, fname, fsp, flags, mode) ((conn)->vfs_opaque.ops.open((conn)->vfs_opaque.handles.open, (fname), (fsp), (flags), (mode)))
|
||||
+#define SMB_VFS_OPAQUE_OPEN(conn, fname, fsp, flags, mode) (((conn)->vfs_opaque.ops.open)((conn)->vfs_opaque.handles.open, (fname), (fsp), (flags), (mode)))
|
||||
#define SMB_VFS_OPAQUE_CLOSE(fsp, fd) ((fsp)->conn->vfs_opaque.ops.close_fn((fsp)->conn->vfs_opaque.handles.close_hnd, (fsp), (fd)))
|
||||
#define SMB_VFS_OPAQUE_READ(fsp, fd, data, n) ((fsp)->conn->vfs_opaque.ops.read((fsp)->conn->vfs_opaque.handles.read, (fsp), (fd), (data), (n)))
|
||||
#define SMB_VFS_OPAQUE_PREAD(fsp, fd, data, n, off) ((fsp)->conn->vfs_opaque.ops.pread((fsp)->conn->vfs_opaque.handles.pread, (fsp), (fd), (data), (n), (off)))
|
||||
@@ -280,7 +280,7 @@
|
||||
#define SMB_VFS_NEXT_CLOSEDIR(handle, dir) ((handle)->vfs_next.ops.closedir((handle)->vfs_next.handles.closedir, dir))
|
||||
|
||||
/* File operations */
|
||||
-#define SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode) ((handle)->vfs_next.ops.open((handle)->vfs_next.handles.open, (fname), (fsp), (flags), (mode)))
|
||||
+#define SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode) (((handle)->vfs_next.ops.open)((handle)->vfs_next.handles.open, (fname), (fsp), (flags), (mode)))
|
||||
#define SMB_VFS_NEXT_CLOSE(handle, fsp, fd) ((handle)->vfs_next.ops.close_fn((handle)->vfs_next.handles.close_hnd, (fsp), (fd)))
|
||||
#define SMB_VFS_NEXT_READ(handle, fsp, fd, data, n) ((handle)->vfs_next.ops.read((handle)->vfs_next.handles.read, (fsp), (fd), (data), (n)))
|
||||
#define SMB_VFS_NEXT_PREAD(handle, fsp, fd, data, n, off) ((handle)->vfs_next.ops.pread((handle)->vfs_next.handles.pread, (fsp), (fd), (data), (n), (off)))
|
||||
--- source/libsmb/libsmbclient.c 2007-08-20 09:04:50.000000000 -0400
|
||||
+++ source/libsmb/libsmbclient.c.new 2007-08-21 12:54:57.000000000 -0400
|
||||
@@ -6002,7 +6002,7 @@
|
||||
|
||||
/* What if the path is empty, or the file exists? */
|
||||
|
||||
- return context->open(context, fname, O_WRONLY, 666);
|
||||
+ return (context->open)(context, fname, O_WRONLY, 666);
|
||||
|
||||
}
|
||||
|
||||
@@ -6043,7 +6043,7 @@
|
||||
|
||||
/* Try to open the file for reading ... */
|
||||
|
||||
- if ((long)(fid1 = c_file->open(c_file, fname, O_RDONLY, 0666)) < 0) {
|
||||
+ if ((long)(fid1 = (c_file->open)(c_file, fname, O_RDONLY, 0666)) < 0) {
|
||||
|
||||
DEBUG(3, ("Error, fname=%s, errno=%i\n", fname, errno));
|
||||
return -1; /* smbc_open sets errno */
|
||||
@@ -6269,7 +6269,7 @@
|
||||
context->internal->_share_mode = SMBC_SHAREMODE_DENY_NONE;
|
||||
/* backward compat */
|
||||
|
||||
- context->open = smbc_open_ctx;
|
||||
+ context->open = smbc_open_ctx;
|
||||
context->creat = smbc_creat_ctx;
|
||||
context->read = smbc_read_ctx;
|
||||
context->write = smbc_write_ctx;
|
||||
--- source/libsmb/libsmb_compat.c 2006-06-23 09:16:51.000000000 -0400
|
||||
+++ source/libsmb/libsmb_compat.c.new 2007-08-21 15:40:29.000000000 -0400
|
||||
@@ -157,7 +157,7 @@
|
||||
SMBCFILE * file;
|
||||
int fd;
|
||||
|
||||
- file = statcont->open(statcont, furl, flags, mode);
|
||||
+ file = (statcont->open)(statcont, furl, flags, mode);
|
||||
if (!file)
|
||||
return -1;
|
||||
|
||||
@ -1,35 +0,0 @@
|
||||
Author: vlendec
|
||||
Revision: r24649
|
||||
Modified: /branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c source/nsswitch/idmap_ldap.c /branches/SAMBA_3_2_0/source/nsswitch/idmap_ldap.c
|
||||
Added:
|
||||
Removed:
|
||||
|
||||
|
||||
Attempt to fix bug 4917. Simo, please check!
|
||||
|
||||
Thanks Patrick Rynhart for reporting this.
|
||||
|
||||
|
||||
Index: source/nsswitch/idmap_ldap.c
|
||||
===================================================================
|
||||
--- source/nsswitch/idmap_ldap.c (revision 24648)
|
||||
+++ source/nsswitch/idmap_ldap.c (revision 24649)
|
||||
@@ -896,7 +896,7 @@
|
||||
uidNumber = get_attr_key2string(idpool_attr_list, LDAP_ATTR_UIDNUMBER);
|
||||
gidNumber = get_attr_key2string(idpool_attr_list, LDAP_ATTR_GIDNUMBER);
|
||||
|
||||
- attr_list = get_attr_list(ctx, sidmap_attr_list);
|
||||
+ attr_list = get_attr_list(memctx, sidmap_attr_list);
|
||||
|
||||
if ( ! ids[1]) {
|
||||
/* if we are requested just one mapping use the simple filter */
|
||||
@@ -1113,7 +1113,7 @@
|
||||
uidNumber = get_attr_key2string(idpool_attr_list, LDAP_ATTR_UIDNUMBER);
|
||||
gidNumber = get_attr_key2string(idpool_attr_list, LDAP_ATTR_GIDNUMBER);
|
||||
|
||||
- attr_list = get_attr_list(ctx, sidmap_attr_list);
|
||||
+ attr_list = get_attr_list(memctx, sidmap_attr_list);
|
||||
|
||||
if ( ! ids[1]) {
|
||||
/* if we are requested just one mapping use the simple filter */
|
||||
|
||||
Loading…
Reference in New Issue
Block a user