* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. c0119cfb3733d2bab481dcf65880cc3f08703d61
@ 2016-04-28 15:46 git
0 siblings, 0 replies; only message in thread
From: git @ 2016-04-28 15:46 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 9039 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via c0119cfb3733d2bab481dcf65880cc3f08703d61 (commit)
from 57bf7620699743fe14591c2f4050c947d276fd40 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c0119cfb3733d2bab481dcf65880cc3f08703d61
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Apr 28 17:04:58 2016 +0200
samba: import rpc server and client fixes.
should fix: #11110
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
lfs/samba | 6 ++-
...-82fa625540abf8b8ec23d43c41e2ca906a9928a5.patch | 39 +++++++++++++++
...-0abef6992dc342d443137f8a2ac6c01f490cecee.patch | 40 +++++++++++++++
...-2d0424e7bb2c30bf9049529b207c73b55370dfc8.patch | 58 ++++++++++++++++++++++
4 files changed, 142 insertions(+), 1 deletion(-)
create mode 100644 src/patches/samba/1-samba.git-82fa625540abf8b8ec23d43c41e2ca906a9928a5.patch
create mode 100644 src/patches/samba/2-samba.git-0abef6992dc342d443137f8a2ac6c01f490cecee.patch
create mode 100644 src/patches/samba/3-samba.git-2d0424e7bb2c30bf9049529b207c73b55370dfc8.patch
Difference in files:
diff --git a/lfs/samba b/lfs/samba
index b58bf79..f771986 100644
--- a/lfs/samba
+++ b/lfs/samba
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = samba
-PAK_VER = 61
+PAK_VER = 62
DEPS = "cups krb5"
@@ -88,6 +88,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2016-2118-v3-6.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/CVE-2015-5370-v3-6.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/1-samba.git-82fa625540abf8b8ec23d43c41e2ca906a9928a5.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/2-samba.git-0abef6992dc342d443137f8a2ac6c01f490cecee.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/samba/3-samba.git-2d0424e7bb2c30bf9049529b207c73b55370dfc8.patch
+
cd $(DIR_APP)/source3 && ./autogen.sh
cd $(DIR_APP)/source3 && ./configure \
--prefix=/usr \
diff --git a/src/patches/samba/1-samba.git-82fa625540abf8b8ec23d43c41e2ca906a9928a5.patch b/src/patches/samba/1-samba.git-82fa625540abf8b8ec23d43c41e2ca906a9928a5.patch
new file mode 100644
index 0000000..ec449c3
--- /dev/null
+++ b/src/patches/samba/1-samba.git-82fa625540abf8b8ec23d43c41e2ca906a9928a5.patch
@@ -0,0 +1,39 @@
+From 82fa625540abf8b8ec23d43c41e2ca906a9928a5 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn(a)samba.org>
+Date: Fri, 15 Apr 2016 11:56:08 +0200
+Subject: [PATCH] s3:rpc_server: Fix a regression verifying the security
+ trailer
+
+We do not support header signing so we should not check verify it if a
+client sends the flag.
+
+Signed-off-by: Andreas Schneider <asn(a)samba.org>
+Reviewed-by: Guenther Deschner <gd(a)samba.org>
+---
+ source3/rpc_server/srv_pipe.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
+index d659705..fa354a6 100644
+--- a/source3/rpc_server/srv_pipe.c
++++ b/source3/rpc_server/srv_pipe.c
+@@ -1552,7 +1552,6 @@ static bool srv_pipe_check_verification_trailer(struct pipes_struct *p,
+ {
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct dcerpc_sec_verification_trailer *vt = NULL;
+- const uint32_t bitmask1 = 0;
+ const struct dcerpc_sec_vt_pcontext pcontext = {
+ .abstract_syntax = pipe_fns->syntax,
+ .transfer_syntax = ndr_transfer_syntax,
+@@ -1573,7 +1572,7 @@ static bool srv_pipe_check_verification_trailer(struct pipes_struct *p,
+ goto done;
+ }
+
+- ret = dcerpc_sec_verification_trailer_check(vt, &bitmask1,
++ ret = dcerpc_sec_verification_trailer_check(vt, NULL,
+ &pcontext, &header2);
+ done:
+ TALLOC_FREE(frame);
+--
+1.9.1
+
diff --git a/src/patches/samba/2-samba.git-0abef6992dc342d443137f8a2ac6c01f490cecee.patch b/src/patches/samba/2-samba.git-0abef6992dc342d443137f8a2ac6c01f490cecee.patch
new file mode 100644
index 0000000..074653c
--- /dev/null
+++ b/src/patches/samba/2-samba.git-0abef6992dc342d443137f8a2ac6c01f490cecee.patch
@@ -0,0 +1,40 @@
+From 0abef6992dc342d443137f8a2ac6c01f490cecee Mon Sep 17 00:00:00 2001
+From: Christian Ambach <ambi(a)samba.org>
+Date: Wed, 20 Feb 2013 16:59:05 +0100
+Subject: [PATCH] s3:rpc_client fix a crash
+
+state->cli->dc does not have to be set (e.g. when running
+net rpc join against an older Samba PDC), so check it before dereferencing it
+
+This fixes Bug 9669 - net rpc join crashes against a Samba 3.0.33 PDC
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=9669
+
+Signed-off-by: Christian Ambach <ambi(a)samba.org>
+Reviewed-by: Andreas Schneider <asn(a)samba.org>
+
+Autobuild-User(master): Christian Ambach <ambi(a)samba.org>
+Autobuild-Date(master): Wed Feb 20 19:00:52 CET 2013 on sn-devel-104
+(cherry picked from commit 3d29bb2d37b02909ecb500e864f3c13e06957a86)
+
+(cherry picked from commit ff658bb36c28c9db91fc80a68725e893ffe300aa)
+---
+ source3/rpc_client/cli_pipe.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
+index 5ddabb7..a211d92 100644
+--- a/source3/rpc_client/cli_pipe.c
++++ b/source3/rpc_client/cli_pipe.c
+@@ -2136,7 +2136,7 @@ static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq)
+ status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, talloc_tos());
+ TALLOC_FREE(subreq);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE)) {
+- if (state->cli->dc->negotiate_flags &
++ if (state->cli->dc && state->cli->dc->negotiate_flags &
+ NETLOGON_NEG_SUPPORTS_AES) {
+ DEBUG(5, ("AES is not supported and the error was %s\n",
+ nt_errstr(status)));
+--
+1.9.1
+
diff --git a/src/patches/samba/3-samba.git-2d0424e7bb2c30bf9049529b207c73b55370dfc8.patch b/src/patches/samba/3-samba.git-2d0424e7bb2c30bf9049529b207c73b55370dfc8.patch
new file mode 100644
index 0000000..75aedd8
--- /dev/null
+++ b/src/patches/samba/3-samba.git-2d0424e7bb2c30bf9049529b207c73b55370dfc8.patch
@@ -0,0 +1,58 @@
+From 2d0424e7bb2c30bf9049529b207c73b55370dfc8 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn(a)samba.org>
+Date: Tue, 10 Jan 2012 16:38:16 +0100
+Subject: [PATCH] s3-rpc_client: Fix updating netlogon credentials.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Günther Deschner <gd(a)samba.org>
+(cherry picked from commit 33206b1e240e55acedad606aed4f1952f7496b35)
+---
+ source3/rpc_client/cli_pipe.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
+index a211d92..92ca494 100644
+--- a/source3/rpc_client/cli_pipe.c
++++ b/source3/rpc_client/cli_pipe.c
+@@ -2128,9 +2128,6 @@ static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq)
+ struct rpc_pipe_bind_state *state =
+ tevent_req_data(req,
+ struct rpc_pipe_bind_state);
+- struct schannel_state *schannel_auth =
+- talloc_get_type_abort(state->cli->auth->auth_ctx,
+- struct schannel_state);
+ NTSTATUS status;
+
+ status = dcerpc_netr_LogonGetCapabilities_r_recv(subreq, talloc_tos());
+@@ -2188,8 +2185,8 @@ static void rpc_pipe_bind_step_two_done(struct tevent_req *subreq)
+ return;
+ }
+
+- TALLOC_FREE(schannel_auth->creds);
+- schannel_auth->creds = talloc_steal(state->cli, state->creds);
++ TALLOC_FREE(state->cli->dc);
++ state->cli->dc = talloc_steal(state->cli, state->creds);
+
+ if (!NT_STATUS_IS_OK(state->r.out.result)) {
+ DEBUG(0, ("dcerpc_netr_LogonGetCapabilities_r_recv failed with %s\n",
+@@ -3385,10 +3382,12 @@ NTSTATUS cli_rpc_pipe_open_schannel_with_key(struct cli_state *cli,
+ * The credentials on a new netlogon pipe are the ones we are passed
+ * in - copy them over
+ */
+- result->dc = netlogon_creds_copy(result, *pdc);
+ if (result->dc == NULL) {
+- TALLOC_FREE(result);
+- return NT_STATUS_NO_MEMORY;
++ result->dc = netlogon_creds_copy(result, *pdc);
++ if (result->dc == NULL) {
++ TALLOC_FREE(result);
++ return NT_STATUS_NO_MEMORY;
++ }
+ }
+
+ DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s "
+--
+1.9.1
+
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-04-28 15:46 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-04-28 15:46 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. c0119cfb3733d2bab481dcf65880cc3f08703d61 git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox