Package: samba / 2:3.6.6-6+deb7u7
Metadata
Package | Version | Patches format |
---|---|---|
samba | 2:3.6.6-6+deb7u7 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
documentation.patch | (download) |
docs/manpages/lmhosts.5 |
6 2 + 4 - 0 ! |
remove documentation parts that do not apply to debian |
documentation2.patch | (download) |
docs-xml/manpages-3/nmbd.8.xml |
1 0 + 1 - 0 ! |
remove documentation parts that do not apply to debian |
fhs filespaths.patch | (download) |
docs/manpages/smb.conf.5 |
6 2 + 4 - 0 ! |
prepare the sources to better respect fhs This patch was historically very long but most parts have been integrated upstream. . The last remaining bit is the location of "private files We historically have them in /var/lib/samba while upstream has them in /etc/samba . We need to provide a migraiton path and go back to the "normal" file layout |
installswat.sh.patch | (download) |
source3/script/installswat.sh |
6 5 + 1 - 0 ! |
do not install the using samba book when installing swat Using Samba is packaged in samba-doc, however upstream also installs it in SWAT install dirs |
pam examples.patch | (download) |
source3/pam_smbpass/README |
2 1 + 1 - 0 ! |
fix examples directory location in pam_smbpass readme |
README_nosmbldap tools.patch | (download) |
examples/LDAP/README |
3 3 + 0 - 0 ! |
mention smbldap-tools package in examples/ldap/readme |
smbclient pager.patch | (download) |
source3/include/local.h |
2 1 + 1 - 0 ! |
use the pager alternative as pager is pager is undefined |
undefined symbols.patch | (download) |
source3/Makefile.in |
2 1 + 1 - 0 ! |
fix missing symbols Fix missing symbols in libsmbclient (and libnss_wins), and add -Wl,-z,defs to the libsmbclient link options to prevent future instances of undefined symbols. . This should be forwarded upstream once there's a configure test for it. |
VERSION.patch | (download) |
source3/VERSION |
2 1 + 1 - 0 ! |
add "debian" as vendor suffix |
usershare.patch | (download) |
docs/manpages/net.8 |
4 2 + 2 - 0 ! |
enable net usershares by default at build time Enable net usershares by default at build time, with a limit of 100, and update the corresponding documentation. |
smbtar bashism.patch | (download) |
source3/script/smbtar |
2 1 + 1 - 0 ! |
avoid using bashism in smbtar |
autoconf.patch | (download) |
source3/configure |
24 21 + 3 - 0 ! |
--- |
dont build VFS examples.patch | (download) |
source3/Makefile.in |
12 1 + 11 - 0 ! |
do not build vfs examples |
bug_221618_precise 64bit prototype.patch | (download) |
source3/include/libsmbclient.h |
4 4 + 0 - 0 ! |
64 bit fix for libsmbclient |
bug_598313_upstream_7499 nss_wins dont clobber daemons logs.patch | (download) |
lib/util/debug.c |
14 8 + 6 - 0 ! |
nss_wins stop clobbering other daemon's log |
bug_387266_upstream_4104_mention kerberos in smbspool manpage.patch | (download) |
docs-xml/manpages-3/smbspool.8.xml |
4 3 + 1 - 0 ! |
add mention about some user for user information in smbspool manpage |
bug_604768_upstream_7826_drop using samba link.patch | (download) |
docs/htmldocs/index.html |
4 0 + 4 - 0 ! |
drop using samba link in html documentation summary |
bug_604768_upstream_7826_fix WHATSNEW link.patch | (download) |
docs/htmldocs/index.html |
2 1 + 1 - 0 ! |
fix whatsnew.txt link in html documentation summary to fit debian files organization |
waf as source.patch | (download) |
buildtools/README |
12 12 + 0 - 0 ! |
include waf as an extracted source directory, rather than as a one-in-a-file script. |
smbtorture manpage.patch | (download) |
docs/manpages/smbtorture.1 |
83 83 + 0 - 0 ! |
provide a manpage for smbtorture |
libutil_drop_AI_ADDRCONFIG.patch | (download) |
lib/util/util_net.c |
16 11 + 5 - 0 ! |
[patch] libutil: use ai_addrconfig only when ai_numeric is not defined This flag prevents startup w/o ip addresses assigned to any interface. If AI_NUMERIC is passed it should be safe to avoid it. Signed-off-by: Andreas Schneider <asn@samba.org> |
shadow_copy2_backport.patch | (download) |
source3/modules/vfs_shadow_copy2.c |
1817 1212 + 605 - 0 ! |
backport new shadow_copy2 implementation from master The shadow_copy2 vfs module in samba 3.6 doesn't work if wide links is disabled. This problem is fixed by a rewrite in the master branch. This patch is a backport of this new version to samba 3.6. It is based on these commits in the upstream samba git: dc461cade5becec21f8d1f2bb74fcf1a977a5ec2 617b63658b02957422359a76fd8b8e4748d228ee |
only_export_public_symbols.patch | (download) |
source3/Makefile.in |
5 3 + 2 - 0 ! |
only export public symbols Force usage of the symbols list when linking shared libraries. Otherwise, private symbols get exported in libsmbclient and libwbclient. |
0001 ndr fix push pull DATA_BLOB with NDR_NOALIGN.patch | (download) |
librpc/ndr/ndr_basic.c |
34 22 + 12 - 0 ! |
[patch] ndr: fix push/pull data_blob with ndr_noalign This change addresses bug 9026. There are 3 use cases for DATA_BLOB marshalling/unmarshalling: 1) ndr_push_DATA_BLOB and ndr_pull_DATA_BLOB when called with LIBNDR_FLAG_ALIGN* alignment flags set, are used to push/pull padding bytes _only_. The length is determined by the alignment required and the current ndr offset. e.g. dcerpc.idl: typedef struct { ... [flag(NDR_ALIGN8)] DATA_BLOB _pad; } dcerpc_request; 2) When called with the LIBNDR_FLAG_REMAINING flag, all remaining bytes in the ndr buffer are pushed/pulled. e.g. dcerpc.idl: typedef struct { ... [flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier; } dcerpc_request; 3) When called without alignment flags, push/pull a uint32 length _and_ a corresponding byte array to/from the ndr buffer. e.g. drsblobs.idl typedef [public] struct { ... DATA_BLOB data; } DsCompressedChunk; The fix for bug 8373 changed the definition of "alignment flags", such that when called with LIBNDR_FLAG_NOALIGN ndr_push/pull_DATA_BLOB behaves as (1: padding bytes) rather than (3: uint32 length + byte array). This breaks marshalling/unmarshalling for the following structures. eventlog.idl: typedef [flag(NDR_NOALIGN|NDR_PAHEX),public] struct { ... DATA_BLOB sid; ... } eventlog_Record_tdb; ntprinting.idl: typedef [flag(NDR_NOALIGN),public] struct { ... DATA_BLOB *nt_dev_private; } ntprinting_devicemode; typedef [flag(NDR_NOALIGN),public] struct { ... DATA_BLOB data; } ntprinting_printer_data; |
security CVE 2013 0213.patch | (download) |
source3/web/swat.c |
3 2 + 1 - 0 ! |
[patch] swat: use x-frame-options header to avoid clickjacking Jann Horn reported a potential clickjacking vulnerability in SWAT where the SWAT page could be embedded into an attacker's page using a frame or iframe and then used to trick the user to change Samba settings. Avoid this by telling the browser to refuse the frame embedding via the X-Frame-Options: DENY header. Signed-off-by: Kai Blin <kai@samba.org> |
security CVE 2013 0214.patch | (download) |
source3/web/cgi.c |
40 26 + 14 - 0 ! |
[patch] swat: use additional nonce on xsrf protection If the user had a weak password on the root account of a machine running SWAT, there still was a chance of being targetted by an XSRF on a malicious web site targetting the SWAT setup. Use a random nonce stored in secrets.tdb to close this possible attack window. Thanks to Jann Horn for reporting this issue. Signed-off-by: Kai Blin <kai@samba.org> |
security CVE 2013 4124.patch | (download) |
source3/smbd/nttrans.c |
12 12 + 0 - 0 ! |
--- |
security CVE 2013 4475.patch | (download) |
source3/smbd/open.c |
61 61 + 0 - 0 ! |
[patch] fix bug #10229 - no access check verification on stream files. https://bugzilla.samba.org/show_bug.cgi?id=10229 We need to check if the requested access mask could be used to open the underlying file (if it existed), as we're passing in zero for the access mask to the base filename. Signed-off-by: Jeremy Allison <jra@samba.org> |
security CVE 2013 4408.patch | (download) |
lib/async_req/async_sock.c |
5 5 + 0 - 0 ! |
dce-rpc fragment length field is incorrectly checked. == == CVE ID#: CVE-2013-4408 == == Versions: All versions of Samba later than 3.4.0 == == Summary: Incorrect length checks on DCE-RPC fragment lengths == cause Samba client utilities including winbindd to == be vulnerable to buffer overrun exploits. == =========================================================== =========== Description =========== Samba versions 3.4.0 and above (versions 3.4.0 - 3.4.17, 3.5.0 - 3.5.22, 3.6.0 - 3.6.21, 4.0.0 - 4.0.12 and including 4.1.2) are vulnerable to buffer overrun exploits in the client processing of DCE-RPC packets. This is due to incorrect checking of the DCE-RPC fragment length in the client code. This is a critical vulnerability as the DCE-RPC client code is part of the winbindd authentication and identity mapping daemon, which is commonly configured as part of many server installations (when joined to an Active Directory Domain). A malicious Active Directory Domain Controller or man-in-the-middle attacker impersonating an Active Directory Domain Controller could achieve root-level access by compromising the winbindd process. Samba server versions 3.4.0 - 3.4.17 and versions 3.5.0 - 3.5.22 are also vulnerable to a denial of service attack (server crash) due to a similar error in the server code of those versions. Samba server versions 3.6.0 and above (including all 3.6.x versions, all 4.0.x versions and 4.1.x) are not vulnerable to this problem. In addition range checks were missing on arguments returned from calls to the DCE-RPC functions LookupSids (lsa and samr), LookupNames (lsa and samr) and LookupRids (samr) which could also cause similar problems. As this was found during an internal audit of the Samba code there are no currently known exploits for this problem (as of December 9th 2013). |
security CVE 2012 6150.patch | (download) |
nsswitch/pam_winbind.c |
6 6 + 0 - 0 ! |
[patch] fail authentication for single group name which cannot be converted to sid furthermore if more than one name is supplied and no sid is converted then also fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10300 Signed-off-by: Noel Power <noel.power@suse.com> |
security CVE 2013 4496.patch | (download) |
source3/auth/check_samsec.c |
1 1 + 0 - 0 ! |
[patch 1/3] cve-2013-4496:s3-samr: block attempts to crack passwords via repeated password changes Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> |
security CVE 2014 0178.patch | (download) |
source3/smbd/nttrans.c |
6 3 + 3 - 0 ! |
[patch 1/2] fsctl_get_shadow_copy_data: initialize output array to zero Otherwise num_volumes and the end marker can return uninitialized data to the client. Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com> |
security CVE 2014 0244.patch | (download) |
source3/lib/system.c |
7 2 + 5 - 0 ! |
[patch] s3: nmbd: fix bug 10633 - nmbd denial of service The Linux kernel has a bug in that it can give spurious wakeups on a non-blocking UDP socket for a non-deliverable packet. When nmbd was changed to use non-blocking sockets it became vulnerable to a spurious wakeup from poll/epoll. Fix sys_recvfile() to return on EWOULDBLOCK/EAGAIN. CVE-2014-0244 Signed-off-by: Jeremy Allison <jra@samba.org> |
security CVE 2014 3493.patch | (download) |
source3/lib/charcnv.c |
16 10 + 6 - 0 ! |
[patch] s3: smbd - fix processing of packets with invalid dos charset conversions. Bug 10654 - Segmentation fault in smbd_marshall_dir_entry()'s SMB_FIND_FILE_UNIX handler https://bugzilla.samba.org/show_bug.cgi?id=10654 Signed-off-by: Jeremy Allison <jra@samba.org> |
security CVE 2015 0240.patch | (download) |
libcli/auth/schannel_state_tdb.c |
4 4 + 0 - 0 ! |
[patch 1/3] cve-2015-0240: s3: netlogon: ensure we don't call talloc_free on an uninitialized pointer. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077 Signed-off-by: Jeremy Allison <jra@samba.org> |
CVE 2015 5252 v3 6 bso11395.patch | (download) |
source3/smbd/vfs.c |
7 5 + 2 - 0 ! |
[patch] cve-2015-5252: s3: smbd: fix symlink verification (file access outside the share). Ensure matching component ends in '/' or '\0'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395 Signed-off-by: Jeremy Allison <jra@samba.org> |
CVE 2015 5299 v3 6 bso11529.patch | (download) |
source3/modules/vfs_shadow_copy2.c |
47 47 + 0 - 0 ! |
[patch] cve-2015-5299: s3-shadow-copy2: fix missing access check on snapdir Fix originally from <partha@exablox.com> https://bugzilla.samba.org/show_bug.cgi?id=11529 Signed-off-by: Jeremy Allison <jra@samba.org> |
CVE 2015 5296 v3 6 bso11536.patch | (download) |
source3/libsmb/clidfs.c |
7 6 + 1 - 0 ! |
[patch 1/2] cve-2015-5296: s3:libsmb: force signing when requiring encryption in do_connect() BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 Signed-off-by: Stefan Metzmacher <metze@samba.org> |
s3 smbd fix a corner case of the symlink verificatio.patch | (download) |
source3/smbd/vfs.c |
39 27 + 12 - 0 ! |
[patch] s3:smbd: fix a corner case of the symlink verification Commit 7606c0db257b3f9d84da5b2bf5fbb4034cc8d77d fixes the path checks in check_reduced_name[_with_privilege]() to prevent unintended access via wide links. The fix fails to correctly treat a corner case where the share path is "/". This case is important for some real world scenarios, notably the use of the glusterfs VFS module: For the share path "/", the newly introduced checks deny all operations in the share. This change fixes the checks for the corner case. The point is that the assumptions on which the original checks are based are not true for the rootdir "/" case. This is the case where the rootdir starts _and ends_ with a slash. Hence a subdirectory does not continue with a slash after the rootdir, since the candidate path has been normalized. This fix just omits the string comparison and the next character checks in the case of rootdir "/", which is correct because we know that the candidate path is normalized and hence starts with a '/'. The patch is fairly minimal, but changes indentation, hence best viewed with 'git show -w'. A side effect is that the rootdir="/" case needs one strncmp less. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11647 Pair-Programmed-With: Jose A. Rivera <jarrpa@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Jose A. Rivera <jarrpa@samba.org> |
CVE 2015 7560 v3 6.patch | (download) |
source3/smbd/nttrans.c |
12 12 + 0 - 0 ! |
[patch 1/8] cve-2015-7560: s3: smbd: add refuse_symlink() function that can be used to prevent operations on a symlink. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> |