From 1267c2009c7e8a6b0880f803832f1f3fafb783808a1ef9eb6f0158f5a42163f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lars=20M=C3=BCller?= Date: Tue, 10 Apr 2012 16:26:27 +0000 Subject: [PATCH] Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe- cution as the "root" user; PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182; (bso#8815); (bnc#752797). OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=231 --- build-source-timestamp | 4 +- patches.tar.bz2 | 4 +- samba-doc.spec | 18 ++---- samba.changes | 9 ++- samba.spec | 127 +++-------------------------------------- vendor-files.tar.bz2 | 4 +- 6 files changed, 26 insertions(+), 140 deletions(-) diff --git a/build-source-timestamp b/build-source-timestamp index bd7db3a..bcb7b58 100644 --- a/build-source-timestamp +++ b/build-source-timestamp @@ -1,2 +1,2 @@ -2779 -Branch : trunk +2782 +Branch : 3.6.3.SLE11_SP2 diff --git a/patches.tar.bz2 b/patches.tar.bz2 index b0f6913..d5f8f38 100644 --- a/patches.tar.bz2 +++ b/patches.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:7aa438c68d91328e9b3adab397568f11aba4f56fb41aa8ec1ef3c53ed20d7e38 -size 51310 +oid sha256:90cb870f4596fb463403d33ea7026ec8c835870e23f9c3f09780528f47d8c0e1 +size 53260 diff --git a/samba-doc.spec b/samba-doc.spec index 88f2562..d691db1 100644 --- a/samba-doc.spec +++ b/samba-doc.spec @@ -1,7 +1,7 @@ # -# spec file for package samba-doc +# spec file for package samba-doc (Version 3.6.3) # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ # norootforbuild -Name: samba-doc +Name: samba-doc %if 0%{?suse_version} == 0 || 0%{?suse_version} > 1140 BuildRequires: autoconf %endif @@ -105,9 +105,9 @@ BuildRequires: pkgconfig %define build_make_smp_mflags %{?jobs:-j%jobs} %endif Version: 3.6.3 -Release: 1 +Release: 0 %define ldapsmb_ver 1.34b -Url: http://www.samba.org/ +Url: http://www.samba.org/ License: GPL-3.0+ Summary: Samba Documentation Group: Documentation/Other @@ -117,7 +117,7 @@ Provides: samba-gplv3-doc = %{version} Obsoletes: samba-gplv3-doc < %{version} Provides: samba-doc-gplv2 = %{version} Obsoletes: samba-doc-gplv2 < %{version} -BuildArch: noarch +BuildArch: noarch Source: http://samba.org/samba/ftp/samba-%{version}%{samba_ver_suffix}.tar.bz2 Source1: vendor-files.tar.bz2 Source2: patches.tar.bz2 @@ -186,7 +186,6 @@ BuildRequires: ccache %define cups_lib_dir %{_libdir}/cups %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build - %prep # samba-doc nowadays is part the main samba spec file %if 0%{?suse_version} && 0%{?suse_version} < 1111 @@ -434,7 +433,6 @@ fi # samba-doc nowadays is part the main samba spec file %if 0%{?suse_version} && 0%{?suse_version} < 1111 - %files -f filelist-samba-doc %defattr(-,root,root) %dir %{DOCDIR} @@ -449,7 +447,3 @@ This package contains all the Samba documentation as it is not part of the man pages. -Source Timestamp: 2779 -Branch : trunk - -%changelog diff --git a/samba.changes b/samba.changes index 31ead12..98b0b0a 100644 --- a/samba.changes +++ b/samba.changes @@ -1,11 +1,16 @@ +------------------------------------------------------------------- +Tue Apr 10 16:13:34 UTC 2012 - lmuelle@suse.com + +- Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe- + cution as the "root" user; PIDL based autogenerated code allows overwriting + beyond of allocated array; CVE-2012-1182; (bso#8815); (bnc#752797). + ------------------------------------------------------------------- Sun Mar 25 21:14:33 UTC 2012 - lmuelle@suse.de - s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys; (bso#8599). - Correctly handle DENY ACEs when privileges apply; (bso#8797). -- dcerpc_lsa_lookup_sids_noalloc() crashes when groups has more than 1000 - groups; (bso#8807). ------------------------------------------------------------------- Fri Mar 16 20:26:20 UTC 2012 - lmuelle@suse.de diff --git a/samba.spec b/samba.spec index e8c547f..73c83b2 100644 --- a/samba.spec +++ b/samba.spec @@ -1,7 +1,7 @@ # -# spec file for package samba +# spec file for package samba (Version 3.6.3) # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,7 +16,7 @@ # # norootforbuild - +# neededforbuild cracklib-devel cups-devel cups-libs e2fsprogs e2fsprogs-devel heimdal-devel heimdal-lib libacl libacl-devel libattr libattr-devel libxml2 libxml2-devel mysql-devel mysql-shared openldap2-client openldap2-devel openssl openssl-devel pam-devel pkgconfig popt popt-devel postgresql-devel postgresql-libs python python-devel readline readline-devel Name: samba %if 0%{?suse_version} == 0 || 0%{?suse_version} > 1140 @@ -105,7 +105,7 @@ BuildRequires: pkgconfig %define build_make_smp_mflags %{?jobs:-j%jobs} %endif Version: 3.6.3 -Release: 1 +Release: 0 %define ldapsmb_ver 1.34b License: GPL-3.0+ Url: http://www.samba.org/ @@ -211,9 +211,6 @@ binary packages of the most current Samba version, and a bug reporting how to. -Source Timestamp: 2779 -Branch : trunk - %package client License: GPL-3.0+ Summary: Samba Client Utilities @@ -252,11 +249,7 @@ binary packages of the most current Samba version, and a bug reporting how to. -Source Timestamp: 2779 -Branch : trunk - %if 0%{?suse_version} == 0 || 0%{?suse_version} > 1020 - %package devel License: GPL-3.0+ Summary: Libraries and Header Files to Develop Programs with Samba Support @@ -272,9 +265,6 @@ This package contains the static libraries and header files needed to develop programs which make use of Samba. -Source Timestamp: 2779 -Branch : trunk - %endif %if 0%{?suse_version} && 0%{?suse_version} < 1001 || 0%{?suse_version} > 1110 @@ -297,9 +287,6 @@ This package contains all the Samba documentation as it is not part of the man pages. -Source Timestamp: 2779 -Branch : trunk - %endif %package krb-printing @@ -319,13 +306,9 @@ Requires: samba-client >= %{version} A wrapper binary to run smbspool with the original calling UID. -Source Timestamp: 2779 -Branch : trunk - %if %{make_utils} %package utils - Summary: debug tools Group: Productivity/Networking/Samba Provides: samba-gplv3-utils = %{version} @@ -335,9 +318,6 @@ Obsoletes: samba-gplv3-utils < %{version} Some of the debug-tools for developpers. -Source Timestamp: 2779 -Branch : trunk - %endif %package winbind @@ -367,17 +347,11 @@ PreReq: coreutils This is the winbind-daemon and the wbinfo-tool. -Source Timestamp: 2779 -Branch : trunk - %if 0%{?suse_version} && 0%{?suse_version} < 1031 - %package -n libsmbclient License: GPL-3.0+ %else - %package -n libsmbclient0 - License: GPL-3.0+ Provides: libsmbclient = %{version} Obsoletes: libsmbclient @@ -390,19 +364,9 @@ Group: System/Libraries PreReq: /sbin/ldconfig %if 0%{?suse_version} && 0%{?suse_version} < 1031 - %description -n libsmbclient - -Source Timestamp: 2779 -Branch : trunk - %else - %description -n libsmbclient0 - -Source Timestamp: 2779 -Branch : trunk - %endif This package includes the libsmbclient library. @@ -412,6 +376,7 @@ This entry is required to allow a samba.spec file providing libsmbclient for SUSE version < 11.0 while versions > 10.0 will have libsmbclient0. + %package -n libsmbclient-devel License: GPL-3.0+ Summary: Libraries and Header Files to Develop Programs with smbclient Support @@ -439,9 +404,6 @@ This package contains the static libraries and header files needed to develop programs which make use of the smbclient programming interface. -Source Timestamp: 2779 -Branch : trunk - %package -n libnetapi0 License: GPL-3.0+ Summary: Samba netapi Library @@ -452,9 +414,6 @@ PreReq: /sbin/ldconfig This package includes the netapi library. -Source Timestamp: 2779 -Branch : trunk - %package -n libnetapi-devel License: GPL-3.0+ Summary: Libraries and Header Files to Develop Programs with netapi Support @@ -471,17 +430,11 @@ This package contains the static libraries and header files needed to develop programs which make use of the netapi programming interface. -Source Timestamp: 2779 -Branch : trunk - %if 0%{?suse_version} && 0%{?suse_version} < 1031 - %package -n libsmbsharemodes License: GPL-3.0+ %else - %package -n libsmbsharemodes0 - License: GPL-3.0+ %endif Summary: Samba smbsharemodes Library @@ -489,22 +442,13 @@ Group: System/Libraries PreReq: /sbin/ldconfig %if 0%{?suse_version} && 0%{?suse_version} < 1031 - %description -n libsmbsharemodes - -Source Timestamp: 2779 -Branch : trunk - %else - %description -n libsmbsharemodes0 - -Source Timestamp: 2779 -Branch : trunk - %endif This package includes the smbsharemodes library. + %package -n libsmbsharemodes-devel License: GPL-3.0+ Summary: Libraries and Header Files to Develop Programs with smbsharemodes Support @@ -525,9 +469,6 @@ This package contains the static libraries and header files needed to develop programs which make use of the smbsharemodes programming interface. -Source Timestamp: 2779 -Branch : trunk - %package -n libwbclient0 License: LGPL-3.0+ Summary: Samba libwbclient Library @@ -538,9 +479,6 @@ PreReq: /sbin/ldconfig This package includes the wbclient library. -Source Timestamp: 2779 -Branch : trunk - %package -n libwbclient-devel License: LGPL-3.0+ Summary: Libraries and Header Files to Develop Programs with wbclient Support @@ -557,12 +495,8 @@ This package contains the static libraries and header files needed to develop programs which make use of the wbclient programming interface. -Source Timestamp: 2779 -Branch : trunk - %package -n libtalloc2 Version: %{libtalloc_ver} -Release: 5 License: LGPL-3.0+ Summary: Samba talloc Library Group: System/Libraries @@ -572,12 +506,8 @@ PreReq: /sbin/ldconfig This package includes the talloc library. -Source Timestamp: 2779 -Branch : trunk - %package -n libtalloc-devel Version: %{libtalloc_ver} -Release: 5 License: LGPL-3.0+ Summary: Libraries and Header Files to Develop Programs with talloc Support Group: Development/Libraries/C and C++ @@ -593,12 +523,8 @@ This package contains the static libraries and header files needed to develop programs which make use of the talloc programming interface. -Source Timestamp: 2779 -Branch : trunk - %package -n libtdb1 Version: %{libtdb_ver} -Release: 5 License: LGPL-3.0+ Summary: Samba tdb Library Group: System/Libraries @@ -608,12 +534,8 @@ PreReq: /sbin/ldconfig This package includes the tdb library. -Source Timestamp: 2779 -Branch : trunk - %package -n libtdb-devel Version: %{libtdb_ver} -Release: 5 License: LGPL-3.0+ Summary: Libraries and Header Files to Develop Programs with tdb Support Group: Development/Libraries/C and C++ @@ -625,12 +547,8 @@ This package contains the static libraries and header files needed to develop programs which make use of the tdb programming interface. -Source Timestamp: 2779 -Branch : trunk - %package -n libtevent0 Version: %{libtevent_ver} -Release: 5 License: LGPL-3.0+ Summary: Samba tevent Library Group: System/Libraries @@ -640,12 +558,8 @@ PreReq: /sbin/ldconfig This package includes the tevent library. -Source Timestamp: 2779 -Branch : trunk - %package -n libtevent-devel Version: %{libtevent_ver} -Release: 5 License: LGPL-3.0+ Summary: Libraries and Header Files to Develop Programs with tevent Support Group: Development/Libraries/C and C++ @@ -662,12 +576,8 @@ This package contains the static libraries and header files needed to develop programs which make use of the tevent programming interface. -Source Timestamp: 2779 -Branch : trunk - %package -n libldb1 Version: %{libldb_ver} -Release: 5 License: LGPL-3.0+ Summary: Samba ldb Library Group: System/Libraries @@ -678,12 +588,8 @@ PreReq: /sbin/ldconfig This package includes the ldb library. -Source Timestamp: 2779 -Branch : trunk - %package -n libldb-devel Version: %{libldb_ver} -Release: 5 License: LGPL-3.0+ Summary: Libraries and Header Files to Develop Programs with ldb Support Group: Development/Libraries/C and C++ @@ -700,14 +606,11 @@ This package contains the static libraries and header files needed to develop programs which make use of the tevent programming interface. -Source Timestamp: 2779 -Branch : trunk - %if %{make_ldapsmb} %package -n ldapsmb Version: 1.34b -Release: 307 +Release: 0 License: GPL-2.0+ Summary: Tool to administer Samba's LDAP backend Group: Productivity/Networking/Samba @@ -718,9 +621,6 @@ This tool aims to simplify the administration of a Samba Domain Controller that uses the ldapsam passdb backend. -Source Timestamp: 2779 -Branch : trunk - %endif %prep @@ -1374,37 +1274,29 @@ fi %{?insserv_cleanup:%{insserv_cleanup}} %if 0%{?suse_version} && 0%{?suse_version} < 1031 - %post -n libsmbclient %else - %post -n libsmbclient0 %endif /sbin/ldconfig %if 0%{?suse_version} && 0%{?suse_version} < 1031 - %postun -n libsmbclient %else - %postun -n libsmbclient0 %endif /sbin/ldconfig %if 0%{?suse_version} && 0%{?suse_version} < 1031 - %post -n libsmbsharemodes %else - %post -n libsmbsharemodes0 %endif /sbin/ldconfig %if 0%{?suse_version} && 0%{?suse_version} < 1031 - %postun -n libsmbsharemodes %else - %postun -n libsmbsharemodes0 %endif /sbin/ldconfig @@ -1704,10 +1596,8 @@ fi %{_libdir}/pkgconfig/netapi.pc %if 0%{?suse_version} && 0%{?suse_version} < 1031 - %files -n libsmbclient %else - %files -n libsmbclient0 %endif %defattr(-,root,root) @@ -1724,10 +1614,8 @@ fi %{_libdir}/pkgconfig/smbclient.pc %if 0%{?suse_version} && 0%{?suse_version} < 1031 - %files -n libsmbsharemodes %else - %files -n libsmbsharemodes0 %endif %defattr(-,root,root) @@ -1816,4 +1704,3 @@ fi %{_sbindir}/ldapsmb %{_mandir}/man5/ldapsmb.5.* %endif -%changelog diff --git a/vendor-files.tar.bz2 b/vendor-files.tar.bz2 index f5daa20..4026899 100644 --- a/vendor-files.tar.bz2 +++ b/vendor-files.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:63f3eeb5767ac44c3ac04980269dc7ed28d466176168f9363eb1e8271de793dd -size 52739 +oid sha256:f03d2b91ee4ec89322cbbe2ad5c022c9f9c083ee60fc6b6aad2736894cb5fc6f +size 52553