From f6895f4c3ace787a278a220035cc9ba41fc8a93e Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 11 Sep 2007 15:00:39 +0000 Subject: [PATCH] Security and Bugfix release --- .cvsignore | 2 +- filter-requires-samba.sh | 2 +- samba-3.0.25-imdap-basedn.patch | 55 -------------------------- samba.spec | 14 +++---- samba3-glibc-open.patch | 69 --------------------------------- samba3_idmap_ldap_memleak.patch | 35 ----------------- sources | 2 +- 7 files changed, 9 insertions(+), 170 deletions(-) delete mode 100644 samba-3.0.25-imdap-basedn.patch delete mode 100644 samba3-glibc-open.patch delete mode 100644 samba3_idmap_ldap_memleak.patch diff --git a/.cvsignore b/.cvsignore index ea82edb..1749347 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -samba-3.0.25c.tar.gz +samba-3.0.26a.tar.gz diff --git a/filter-requires-samba.sh b/filter-requires-samba.sh index c3c7a6b..8f61102 100755 --- a/filter-requires-samba.sh +++ b/filter-requires-samba.sh @@ -1,3 +1,3 @@ #!/bin/sh -/usr/lib/rpm/perl.req $* | grep -E -v '(Net::LDAP|Crypt::SmbHash|CGI|Unicode::MapUTF8)' +/usr/lib/rpm/perl.req $* | grep -E -v '(Net::LDAP|Crypt::SmbHash|CGI|Unicode::MapUTF8|smbldap_tools)' diff --git a/samba-3.0.25-imdap-basedn.patch b/samba-3.0.25-imdap-basedn.patch deleted file mode 100644 index 6765728..0000000 --- a/samba-3.0.25-imdap-basedn.patch +++ /dev/null @@ -1,55 +0,0 @@ -diff --git a/source/nsswitch/idmap_ldap.c b/source/nsswitch/idmap_ldap.c -index ca7d32b..7c02779 100644 ---- a/source/nsswitch/idmap_ldap.c -+++ b/source/nsswitch/idmap_ldap.c -@@ -287,16 +287,9 @@ static NTSTATUS idmap_ldap_alloc_init(const char *params) - } - CHECK_ALLOC_DONE( idmap_alloc_ldap->url ); - -- tmp = lp_ldap_idmap_suffix(); -+ tmp = lp_parm_const_string(-1, "idmap alloc config", "ldap_base_dn", NULL); - if ( ! tmp || ! *tmp) { -- tmp = lp_parm_const_string(-1, "idmap alloc config", "ldap_base_dn", NULL); -- } -- if ( ! tmp) { -- tmp = lp_ldap_suffix(); -- if (tmp) { -- DEBUG(1, ("WARNING: Trying to use the global ldap suffix(%s)\n", tmp)); -- DEBUGADD(1, ("as suffix. This may not be what you want!\n")); -- } -+ tmp = lp_ldap_idmap_suffix(); - if ( ! tmp) { - DEBUG(1, ("ERROR: missing idmap ldap suffix\n")); - ret = NT_STATUS_UNSUCCESSFUL; -@@ -780,21 +773,16 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom) - } - CHECK_ALLOC_DONE(ctx->url); - -- tmp = lp_ldap_idmap_suffix(); -- if ( ! tmp || ! *tmp) { -- tmp = lp_parm_const_string(-1, config_option, "ldap_base_dn", NULL); -- } -- if ( ! tmp) { -- tmp = lp_ldap_suffix(); -- if (tmp) { -- DEBUG(1, ("WARNING: Trying to use the global ldap suffix(%s)\n", tmp)); -- DEBUGADD(1, ("as suffix. This may not be what you want!\n")); -- } else { -- DEBUG(1, ("ERROR: missing idmap ldap suffix\n")); -- ret = NT_STATUS_UNSUCCESSFUL; -- goto done; -- } -- } -+ tmp = lp_parm_const_string(-1, config_option, "ldap_base_dn", NULL); -+ if ( ! tmp || ! *tmp) { -+ tmp = lp_ldap_idmap_suffix(); -+ if ( ! tmp) { -+ DEBUG(1, ("ERROR: missing idmap ldap suffix\n")); -+ ret = NT_STATUS_UNSUCCESSFUL; -+ goto done; -+ } -+ } -+ - ctx->suffix = talloc_strdup(ctx, tmp); - CHECK_ALLOC_DONE(ctx->suffix); - diff --git a/samba.spec b/samba.spec index 4d3096e..af10288 100644 --- a/samba.spec +++ b/samba.spec @@ -1,8 +1,8 @@ Summary: The Samba Suite of programs Name: samba Epoch: 0 -Version: 3.0.25c -Release: 4%{?dist} +Version: 3.0.26a +Release: 0%{?dist} License: GPLv2+ and LGPLv2+ Group: System Environment/Daemons URL: http://www.samba.org/ @@ -41,9 +41,6 @@ Patch107: samba-3.0.23rc3-passwd.patch Patch110: samba-3.0.21pre1-smbspool.patch Patch111: samba-3.0.13-smbclient.patch Patch200: samba-3.0.25rc1-inotifiy.patch -Patch210: samba-3.0.25-imdap-basedn.patch -Patch211: samba3_idmap_ldap_memleak.patch -Patch300: samba3-glibc-open.patch Requires(pre): samba-common = %{epoch}:%{version}-%{release} @@ -161,9 +158,6 @@ cp %{SOURCE11} packaging/Fedora/ %patch110 -p1 -b .smbspool %patch111 -p1 -b .smbclient %patch200 -p0 -b .inotify -%patch210 -p1 -b .idmap_basedn -%patch211 -p0 -b .idmap_ldap_memleak -%patch300 -p0 -b .glibc_open # crap rm -f examples/VFS/.cvsignore @@ -646,6 +640,10 @@ exit 0 #%{_includedir}/libmsrpc.h %changelog +* Tue Sep 11 2007 Simo Sorce 3.0.26a-0.fc8 +- upgrade to the latest upstream realease +- includes security fixes released today in 3.0.26 + * Tue Aug 24 2007 Simo Sorce 3.0.25c-4.fc8 - add fix reported upstream for heavy idmap_ldap memleak diff --git a/samba3-glibc-open.patch b/samba3-glibc-open.patch deleted file mode 100644 index f6d6ae7..0000000 --- a/samba3-glibc-open.patch +++ /dev/null @@ -1,69 +0,0 @@ ---- source/include/vfs_macros.h 2007-03-20 18:25:39.000000000 -0400 -+++ source/include/vfs_macros.h.new 2007-08-21 10:53:19.000000000 -0400 -@@ -47,7 +47,7 @@ - #define SMB_VFS_CLOSEDIR(conn, dir) ((conn)->vfs.ops.closedir((conn)->vfs.handles.closedir, dir)) - - /* File operations */ --#define SMB_VFS_OPEN(conn, fname, fsp, flags, mode) ((conn)->vfs.ops.open((conn)->vfs.handles.open, (fname), (fsp), (flags), (mode))) -+#define SMB_VFS_OPEN(conn, fname, fsp, flags, mode) (((conn)->vfs.ops.open)((conn)->vfs.handles.open, (fname), (fsp), (flags), (mode))) - #define SMB_VFS_CLOSE(fsp, fd) ((fsp)->conn->vfs.ops.close_fn((fsp)->conn->vfs.handles.close_hnd, (fsp), (fd))) - #define SMB_VFS_READ(fsp, fd, data, n) ((fsp)->conn->vfs.ops.read((fsp)->conn->vfs.handles.read, (fsp), (fd), (data), (n))) - #define SMB_VFS_PREAD(fsp, fd, data, n, off) ((fsp)->conn->vfs.ops.pread((fsp)->conn->vfs.handles.pread, (fsp), (fd), (data), (n), (off))) -@@ -163,7 +163,7 @@ - #define SMB_VFS_OPAQUE_CLOSEDIR(conn, dir) ((conn)->vfs_opaque.ops.closedir((conn)->vfs_opaque.handles.closedir, dir)) - - /* File operations */ --#define SMB_VFS_OPAQUE_OPEN(conn, fname, fsp, flags, mode) ((conn)->vfs_opaque.ops.open((conn)->vfs_opaque.handles.open, (fname), (fsp), (flags), (mode))) -+#define SMB_VFS_OPAQUE_OPEN(conn, fname, fsp, flags, mode) (((conn)->vfs_opaque.ops.open)((conn)->vfs_opaque.handles.open, (fname), (fsp), (flags), (mode))) - #define SMB_VFS_OPAQUE_CLOSE(fsp, fd) ((fsp)->conn->vfs_opaque.ops.close_fn((fsp)->conn->vfs_opaque.handles.close_hnd, (fsp), (fd))) - #define SMB_VFS_OPAQUE_READ(fsp, fd, data, n) ((fsp)->conn->vfs_opaque.ops.read((fsp)->conn->vfs_opaque.handles.read, (fsp), (fd), (data), (n))) - #define SMB_VFS_OPAQUE_PREAD(fsp, fd, data, n, off) ((fsp)->conn->vfs_opaque.ops.pread((fsp)->conn->vfs_opaque.handles.pread, (fsp), (fd), (data), (n), (off))) -@@ -280,7 +280,7 @@ - #define SMB_VFS_NEXT_CLOSEDIR(handle, dir) ((handle)->vfs_next.ops.closedir((handle)->vfs_next.handles.closedir, dir)) - - /* File operations */ --#define SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode) ((handle)->vfs_next.ops.open((handle)->vfs_next.handles.open, (fname), (fsp), (flags), (mode))) -+#define SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode) (((handle)->vfs_next.ops.open)((handle)->vfs_next.handles.open, (fname), (fsp), (flags), (mode))) - #define SMB_VFS_NEXT_CLOSE(handle, fsp, fd) ((handle)->vfs_next.ops.close_fn((handle)->vfs_next.handles.close_hnd, (fsp), (fd))) - #define SMB_VFS_NEXT_READ(handle, fsp, fd, data, n) ((handle)->vfs_next.ops.read((handle)->vfs_next.handles.read, (fsp), (fd), (data), (n))) - #define SMB_VFS_NEXT_PREAD(handle, fsp, fd, data, n, off) ((handle)->vfs_next.ops.pread((handle)->vfs_next.handles.pread, (fsp), (fd), (data), (n), (off))) ---- source/libsmb/libsmbclient.c 2007-08-20 09:04:50.000000000 -0400 -+++ source/libsmb/libsmbclient.c.new 2007-08-21 12:54:57.000000000 -0400 -@@ -6002,7 +6002,7 @@ - - /* What if the path is empty, or the file exists? */ - -- return context->open(context, fname, O_WRONLY, 666); -+ return (context->open)(context, fname, O_WRONLY, 666); - - } - -@@ -6043,7 +6043,7 @@ - - /* Try to open the file for reading ... */ - -- if ((long)(fid1 = c_file->open(c_file, fname, O_RDONLY, 0666)) < 0) { -+ if ((long)(fid1 = (c_file->open)(c_file, fname, O_RDONLY, 0666)) < 0) { - - DEBUG(3, ("Error, fname=%s, errno=%i\n", fname, errno)); - return -1; /* smbc_open sets errno */ -@@ -6269,7 +6269,7 @@ - context->internal->_share_mode = SMBC_SHAREMODE_DENY_NONE; - /* backward compat */ - -- context->open = smbc_open_ctx; -+ context->open = smbc_open_ctx; - context->creat = smbc_creat_ctx; - context->read = smbc_read_ctx; - context->write = smbc_write_ctx; ---- source/libsmb/libsmb_compat.c 2006-06-23 09:16:51.000000000 -0400 -+++ source/libsmb/libsmb_compat.c.new 2007-08-21 15:40:29.000000000 -0400 -@@ -157,7 +157,7 @@ - SMBCFILE * file; - int fd; - -- file = statcont->open(statcont, furl, flags, mode); -+ file = (statcont->open)(statcont, furl, flags, mode); - if (!file) - return -1; - diff --git a/samba3_idmap_ldap_memleak.patch b/samba3_idmap_ldap_memleak.patch deleted file mode 100644 index 3ffdbde..0000000 --- a/samba3_idmap_ldap_memleak.patch +++ /dev/null @@ -1,35 +0,0 @@ -Author: vlendec -Revision: r24649 -Modified: /branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c source/nsswitch/idmap_ldap.c /branches/SAMBA_3_2_0/source/nsswitch/idmap_ldap.c -Added: -Removed: - - -Attempt to fix bug 4917. Simo, please check! - -Thanks Patrick Rynhart for reporting this. - - -Index: source/nsswitch/idmap_ldap.c -=================================================================== ---- source/nsswitch/idmap_ldap.c (revision 24648) -+++ source/nsswitch/idmap_ldap.c (revision 24649) -@@ -896,7 +896,7 @@ - uidNumber = get_attr_key2string(idpool_attr_list, LDAP_ATTR_UIDNUMBER); - gidNumber = get_attr_key2string(idpool_attr_list, LDAP_ATTR_GIDNUMBER); - -- attr_list = get_attr_list(ctx, sidmap_attr_list); -+ attr_list = get_attr_list(memctx, sidmap_attr_list); - - if ( ! ids[1]) { - /* if we are requested just one mapping use the simple filter */ -@@ -1113,7 +1113,7 @@ - uidNumber = get_attr_key2string(idpool_attr_list, LDAP_ATTR_UIDNUMBER); - gidNumber = get_attr_key2string(idpool_attr_list, LDAP_ATTR_GIDNUMBER); - -- attr_list = get_attr_list(ctx, sidmap_attr_list); -+ attr_list = get_attr_list(memctx, sidmap_attr_list); - - if ( ! ids[1]) { - /* if we are requested just one mapping use the simple filter */ - diff --git a/sources b/sources index cdad85d..468a676 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -87950694270b86cbc1b2074cb53dd1aa samba-3.0.25c.tar.gz +6511ff23d9b1d4858744778bba543c5d samba-3.0.26a.tar.gz