Security and Bugfix release

2007-09-11 15:00:39 +00:00 · 2007-09-11 15:00:39 +00:00 · f6895f4c3a
commit f6895f4c3a
parent a5fdfc5094
7 changed files with 9 additions and 170 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1 +1 @@
-samba-3.0.25c.tar.gz
+samba-3.0.26a.tar.gz
--- a/filter-requires-samba.sh
+++ b/filter-requires-samba.sh
@ -1,3 +1,3 @@
 #!/bin/sh
-/usr/lib/rpm/perl.req $* | grep -E -v '(Net::LDAP|Crypt::SmbHash|CGI|Unicode::MapUTF8)'
+/usr/lib/rpm/perl.req $* | grep -E -v '(Net::LDAP|Crypt::SmbHash|CGI|Unicode::MapUTF8|smbldap_tools)'
--- a/samba-3.0.25-imdap-basedn.patch
+++ b/samba-3.0.25-imdap-basedn.patch
@ -1,55 +0,0 @@
 diff --git a/source/nsswitch/idmap_ldap.c b/source/nsswitch/idmap_ldap.c
 index ca7d32b..7c02779 100644
 --- a/source/nsswitch/idmap_ldap.c
 +++ b/source/nsswitch/idmap_ldap.c
@@ -287,16 +287,9 @@ static NTSTATUS idmap_ldap_alloc_init(const char *params)
 	}
 	CHECK_ALLOC_DONE( idmap_alloc_ldap->url );
 -	tmp = lp_ldap_idmap_suffix();
 +	tmp = lp_parm_const_string(-1, "idmap alloc config", "ldap_base_dn", NULL);
 	if ( ! tmp || ! *tmp) {
 -		tmp = lp_parm_const_string(-1, "idmap alloc config", "ldap_base_dn", NULL);
 -	}
 -	if ( ! tmp) {
 -		tmp = lp_ldap_suffix();
 -		if (tmp) {
 -			DEBUG(1, ("WARNING: Trying to use the global ldap suffix(%s)\n", tmp));
 -			DEBUGADD(1, ("as suffix. This may not be what you want!\n"));
 -		}
 +		tmp = lp_ldap_idmap_suffix();
 		if ( ! tmp) {
 			DEBUG(1, ("ERROR: missing idmap ldap suffix\n"));
 			ret = NT_STATUS_UNSUCCESSFUL;
@@ -780,21 +773,16 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom)
 	}
 	CHECK_ALLOC_DONE(ctx->url);
 -	tmp = lp_ldap_idmap_suffix();
 -	if ( ! tmp || ! *tmp) {
 -		tmp = lp_parm_const_string(-1, config_option, "ldap_base_dn", NULL);
 -	}
 -	if ( ! tmp) {
 -		tmp = lp_ldap_suffix();
 -		if (tmp) {
 -			DEBUG(1, ("WARNING: Trying to use the global ldap suffix(%s)\n", tmp));
 -			DEBUGADD(1, ("as suffix. This may not be what you want!\n"));
 -		} else {
 -			DEBUG(1, ("ERROR: missing idmap ldap suffix\n"));
 -			ret = NT_STATUS_UNSUCCESSFUL;
 -			goto done;
 -		}		
 -	}
 +        tmp = lp_parm_const_string(-1, config_option, "ldap_base_dn", NULL);
 +        if ( ! tmp || ! *tmp) {
 +                tmp = lp_ldap_idmap_suffix();
 +                if ( ! tmp) {
 +                        DEBUG(1, ("ERROR: missing idmap ldap suffix\n"));
 +                        ret = NT_STATUS_UNSUCCESSFUL;
 +                        goto done;
 +		}
 +        }
 +
 	ctx->suffix = talloc_strdup(ctx, tmp);
 	CHECK_ALLOC_DONE(ctx->suffix);
--- a/samba.spec
+++ b/samba.spec
@ -1,8 +1,8 @@
 Summary: The Samba Suite of programs
 Name: samba
 Epoch: 0
-Version: 3.0.25c
+Version: 3.0.26a
-Release: 4%{?dist}
+Release: 0%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Daemons
 URL: http://www.samba.org/
@ -41,9 +41,6 @@ Patch107: samba-3.0.23rc3-passwd.patch
 Patch110: samba-3.0.21pre1-smbspool.patch
 Patch111: samba-3.0.13-smbclient.patch
 Patch200: samba-3.0.25rc1-inotifiy.patch
 Patch210: samba-3.0.25-imdap-basedn.patch
 Patch211: samba3_idmap_ldap_memleak.patch
 Patch300: samba3-glibc-open.patch
 Requires(pre): samba-common = %{epoch}:%{version}-%{release}
@ -161,9 +158,6 @@ cp %{SOURCE11} packaging/Fedora/
 %patch110 -p1 -b .smbspool
 %patch111 -p1 -b .smbclient
 %patch200 -p0 -b .inotify
 %patch210 -p1 -b .idmap_basedn
 %patch211 -p0 -b .idmap_ldap_memleak
 %patch300 -p0 -b .glibc_open
 # crap
 rm -f examples/VFS/.cvsignore
@ -646,6 +640,10 @@ exit 0
 #%{_includedir}/libmsrpc.h
 %changelog
 * Tue Sep 11 2007 Simo Sorce <ssorce@redhat.com> 3.0.26a-0.fc8
 - upgrade to the latest upstream realease
 - includes security fixes released today in 3.0.26
 * Tue Aug 24 2007 Simo Sorce <ssorce@redhat.com> 3.0.25c-4.fc8
 - add fix reported upstream for heavy idmap_ldap memleak
--- a/samba3-glibc-open.patch
+++ b/samba3-glibc-open.patch
@ -1,69 +0,0 @@
 --- source/include/vfs_macros.h	2007-03-20 18:25:39.000000000 -0400
 +++ source/include/vfs_macros.h.new	2007-08-21 10:53:19.000000000 -0400
@@ -47,7 +47,7 @@
 #define SMB_VFS_CLOSEDIR(conn, dir) ((conn)->vfs.ops.closedir((conn)->vfs.handles.closedir, dir))
 /* File operations */
 -#define SMB_VFS_OPEN(conn, fname, fsp, flags, mode) ((conn)->vfs.ops.open((conn)->vfs.handles.open, (fname), (fsp), (flags), (mode)))
 +#define SMB_VFS_OPEN(conn, fname, fsp, flags, mode) (((conn)->vfs.ops.open)((conn)->vfs.handles.open, (fname), (fsp), (flags), (mode)))
 #define SMB_VFS_CLOSE(fsp, fd) ((fsp)->conn->vfs.ops.close_fn((fsp)->conn->vfs.handles.close_hnd, (fsp), (fd)))
 #define SMB_VFS_READ(fsp, fd, data, n) ((fsp)->conn->vfs.ops.read((fsp)->conn->vfs.handles.read, (fsp), (fd), (data), (n)))
 #define SMB_VFS_PREAD(fsp, fd, data, n, off) ((fsp)->conn->vfs.ops.pread((fsp)->conn->vfs.handles.pread, (fsp), (fd), (data), (n), (off)))
@@ -163,7 +163,7 @@
 #define SMB_VFS_OPAQUE_CLOSEDIR(conn, dir) ((conn)->vfs_opaque.ops.closedir((conn)->vfs_opaque.handles.closedir, dir))
 /* File operations */
 -#define SMB_VFS_OPAQUE_OPEN(conn, fname, fsp, flags, mode) ((conn)->vfs_opaque.ops.open((conn)->vfs_opaque.handles.open, (fname), (fsp), (flags), (mode)))
 +#define SMB_VFS_OPAQUE_OPEN(conn, fname, fsp, flags, mode) (((conn)->vfs_opaque.ops.open)((conn)->vfs_opaque.handles.open, (fname), (fsp), (flags), (mode)))
 #define SMB_VFS_OPAQUE_CLOSE(fsp, fd) ((fsp)->conn->vfs_opaque.ops.close_fn((fsp)->conn->vfs_opaque.handles.close_hnd, (fsp), (fd)))
 #define SMB_VFS_OPAQUE_READ(fsp, fd, data, n) ((fsp)->conn->vfs_opaque.ops.read((fsp)->conn->vfs_opaque.handles.read, (fsp), (fd), (data), (n)))
 #define SMB_VFS_OPAQUE_PREAD(fsp, fd, data, n, off) ((fsp)->conn->vfs_opaque.ops.pread((fsp)->conn->vfs_opaque.handles.pread, (fsp), (fd), (data), (n), (off)))
@@ -280,7 +280,7 @@
 #define SMB_VFS_NEXT_CLOSEDIR(handle, dir) ((handle)->vfs_next.ops.closedir((handle)->vfs_next.handles.closedir, dir))
 /* File operations */
 -#define SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode) ((handle)->vfs_next.ops.open((handle)->vfs_next.handles.open, (fname), (fsp), (flags), (mode)))
 +#define SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode) (((handle)->vfs_next.ops.open)((handle)->vfs_next.handles.open, (fname), (fsp), (flags), (mode)))
 #define SMB_VFS_NEXT_CLOSE(handle, fsp, fd) ((handle)->vfs_next.ops.close_fn((handle)->vfs_next.handles.close_hnd, (fsp), (fd)))
 #define SMB_VFS_NEXT_READ(handle, fsp, fd, data, n) ((handle)->vfs_next.ops.read((handle)->vfs_next.handles.read, (fsp), (fd), (data), (n)))
 #define SMB_VFS_NEXT_PREAD(handle, fsp, fd, data, n, off) ((handle)->vfs_next.ops.pread((handle)->vfs_next.handles.pread, (fsp), (fd), (data), (n), (off)))
 --- source/libsmb/libsmbclient.c	2007-08-20 09:04:50.000000000 -0400
 +++ source/libsmb/libsmbclient.c.new	2007-08-21 12:54:57.000000000 -0400
@@ -6002,7 +6002,7 @@
         /* What if the path is empty, or the file exists? */
 -        return context->open(context, fname, O_WRONLY, 666);
 +        return (context->open)(context, fname, O_WRONLY, 666);
 }
@@ -6043,7 +6043,7 @@
         /* Try to open the file for reading ... */
 -        if ((long)(fid1 = c_file->open(c_file, fname, O_RDONLY, 0666)) < 0) {
 +        if ((long)(fid1 = (c_file->open)(c_file, fname, O_RDONLY, 0666)) < 0) {
                 DEBUG(3, ("Error, fname=%s, errno=%i\n", fname, errno));
                 return -1;  /* smbc_open sets errno */
@@ -6269,7 +6269,7 @@
         context->internal->_share_mode             = SMBC_SHAREMODE_DENY_NONE;
                                 /* backward compat */
 -        context->open                              = smbc_open_ctx;
 +        context->open                              = smbc_open_ctx;
         context->creat                             = smbc_creat_ctx;
         context->read                              = smbc_read_ctx;
         context->write                             = smbc_write_ctx;
 --- source/libsmb/libsmb_compat.c	2006-06-23 09:16:51.000000000 -0400
 +++ source/libsmb/libsmb_compat.c.new	2007-08-21 15:40:29.000000000 -0400
@@ -157,7 +157,7 @@
 	SMBCFILE * file;
 	int fd;
 -	file = statcont->open(statcont, furl, flags, mode);
 +	file = (statcont->open)(statcont, furl, flags, mode);
 	if (!file)
 		return -1;
--- a/samba3_idmap_ldap_memleak.patch
+++ b/samba3_idmap_ldap_memleak.patch
@ -1,35 +0,0 @@
 Author: vlendec
 Revision: r24649
 Modified: /branches/SAMBA_3_0_25/source/nsswitch/idmap_ldap.c source/nsswitch/idmap_ldap.c /branches/SAMBA_3_2_0/source/nsswitch/idmap_ldap.c
 Added: 
 Removed: 
 Attempt to fix bug 4917. Simo, please check!
 Thanks Patrick Rynhart for reporting this.
 Index: source/nsswitch/idmap_ldap.c
 ===================================================================
 --- source/nsswitch/idmap_ldap.c	(revision 24648)
 +++ source/nsswitch/idmap_ldap.c	(revision 24649)
@@ -896,7 +896,7 @@
 	uidNumber = get_attr_key2string(idpool_attr_list, LDAP_ATTR_UIDNUMBER);
 	gidNumber = get_attr_key2string(idpool_attr_list, LDAP_ATTR_GIDNUMBER);
 -	attr_list = get_attr_list(ctx, sidmap_attr_list);
 +	attr_list = get_attr_list(memctx, sidmap_attr_list);
 	if ( ! ids[1]) {
 		/* if we are requested just one mapping use the simple filter */
@@ -1113,7 +1113,7 @@
 	uidNumber = get_attr_key2string(idpool_attr_list, LDAP_ATTR_UIDNUMBER);
 	gidNumber = get_attr_key2string(idpool_attr_list, LDAP_ATTR_GIDNUMBER);
 -	attr_list = get_attr_list(ctx, sidmap_attr_list);
 +	attr_list = get_attr_list(memctx, sidmap_attr_list);
 	if ( ! ids[1]) {
 		/* if we are requested just one mapping use the simple filter */
--- a/2
+++ b/2
@ -1 +1 @@
-87950694270b86cbc1b2074cb53dd1aa  samba-3.0.25c.tar.gz
+6511ff23d9b1d4858744778bba543c5d  samba-3.0.26a.tar.gz
`@ -1,3 +1,3 @@`
	`#!/bin/sh`	`#!/bin/sh`

	`/usr/lib/rpm/perl.req $* \| grep -E -v '(Net::LDAP\|Crypt::SmbHash\|CGI\|Unicode::MapUTF8)'`	`/usr/lib/rpm/perl.req $* \| grep -E -v '(Net::LDAP\|Crypt::SmbHash\|CGI\|Unicode::MapUTF8\|smbldap_tools)'`
`@ -1 +1 @@`
	`87950694270b86cbc1b2074cb53dd1aa samba-3.0.25c.tar.gz`	`6511ff23d9b1d4858744778bba543c5d samba-3.0.26a.tar.gz`