Hello community, here is the log from the commit of package samba for openSUSE:11.3 checked in at Thu Jul 28 00:17:24 CEST 2011.
-------- --- old-versions/11.3/UPDATES/all/samba/samba.changes 2011-03-07 17:09:35.000000000 +0100 +++ 11.3/samba/samba.changes 2011-07-27 13:40:55.000000000 +0200 @@ -1,0 +2,41 @@ +Tue Jul 26 23:57:01 UTC 2011 - [email protected] + +- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are + affected by a cross-site scripting vulnerability; CVE-2011-2694; (bso#8289); + (bnc#708503). + +------------------------------------------------------------------- +Tue Jul 26 20:44:01 UTC 2011 - [email protected] + +- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are + affected by a cross-site request forgery; CVE-2011-2522; (bso#8290); + (bnc#705241). + +------------------------------------------------------------------- +Mon Jul 11 16:21:23 CEST 2011 - [email protected] + +- Improve ctdb vacuuming performance with use of SCHEDULE_FOR_DELETION; + (bnc#705170). + +------------------------------------------------------------------- +Mon May 16 10:23:54 CEST 2011 - [email protected] + +- Fix a 100% CPU loop when ctdbd dies during a traverse; (bnc#693945). + +------------------------------------------------------------------- +Thu Apr 7 21:38:00 CET 2011 - [email protected] + +- Fix idmap_tdb for big-endian systems such as ppc and s390; + (bso#6901); (bnc#675978). + +------------------------------------------------------------------- +Thu Mar 24 16:37:34 CET 2011 - [email protected] + +- Fix smbclient -M NT_STATUS_PIPE_BROKEN failure; (bso#7635); (bnc#681913). + +------------------------------------------------------------------- +Thu Mar 17 10:24:31 CET 2011 - [email protected] + +- Don't crash when publishing a single printer; (bnc#643119). + +------------------------------------------------------------------- @@ -8,0 +50,5 @@ +Fri Mar 4 16:30:46 CET 2011 - [email protected] + +- Fix a fd-leak in libwbclient at dlclose-time; (bso#7684); (bnc#668773). + +------------------------------------------------------------------- @@ -55,0 +102,5 @@ +Wed Nov 24 13:28:13 CET 2010 - [email protected] + +- One further fix for spoolss GetPrinter (level 2) response; (bnc#649636). + +------------------------------------------------------------------- @@ -59,0 +111,18 @@ + +------------------------------------------------------------------- +Wed Nov 10 11:53:36 CET 2010 - [email protected] + +- Fix incorrect spoolss GetPrinterData behaviour, causing user get + printer settings problems; (bnc#643787). + +------------------------------------------------------------------- +Wed Nov 10 11:50:26 CET 2010 - [email protected] + +- Fix malformed spoolss EnumPrinterKey response, causing add printer + failures on Windows 7; (bso#6883); (bnc#649526). + +------------------------------------------------------------------- +Wed Nov 10 11:47:35 CET 2010 - [email protected] + +- Fix malformed spoolss GetPrinter (level 2) response; + (bso#6727); (bnc#649636). calling whatdependson for 11.3-i586 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ samba-doc.spec ++++++ --- /var/tmp/diff_new_pack.xnlg3z/_old 2011-07-28 00:16:21.000000000 +0200 +++ /var/tmp/diff_new_pack.xnlg3z/_new 2011-07-28 00:16:21.000000000 +0200 @@ -66,7 +66,7 @@ %endif Url: http://www.samba.org/ Version: 3.5.4 -Release: 5.<RELEASE5> +Release: 5.<RELEASE11> License: GPLv3+ Summary: Samba Documentation Group: Documentation/Other @@ -389,7 +389,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %changelog ++++++ samba.spec ++++++ --- /var/tmp/diff_new_pack.xnlg3z/_old 2011-07-28 00:16:21.000000000 +0200 +++ /var/tmp/diff_new_pack.xnlg3z/_new 2011-07-28 00:16:21.000000000 +0200 @@ -71,7 +71,7 @@ Url: http://www.samba.org/ AutoReqProv: on Version: 3.5.4 -Release: 5.<RELEASE5> +Release: 5.<RELEASE11> %ifarch ppc64 Obsoletes: samba-64bit %endif @@ -171,7 +171,7 @@ The Samba Team <[email protected]> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %package client @@ -214,7 +214,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %if 0%{?suse_version} == 0 || 0%{?suse_version} > 1020 @@ -239,7 +239,7 @@ The Samba Team <[email protected]> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %endif @@ -265,7 +265,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %endif @@ -290,7 +290,7 @@ -------- Jeremy Allison <jra at samba dot org> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %if %{make_utils} @@ -337,7 +337,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %if 0%{?suse_version} && 0%{?suse_version} < 1031 @@ -347,7 +347,7 @@ %else %package -n libsmbclient0 -License: GPL v3 or later +License: GPLv3+ Provides: libsmbclient = %{version}-%{release} Obsoletes: libsmbclient %endif @@ -362,7 +362,7 @@ %if 0%{?suse_version} && 0%{?suse_version} < 1031 %description -n libsmbclient -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %else @@ -407,7 +407,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %package -n libnetapi0 @@ -426,7 +426,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %package -n libnetapi-devel @@ -446,7 +446,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %if 0%{?suse_version} && 0%{?suse_version} < 1031 @@ -456,7 +456,7 @@ %else %package -n libsmbsharemodes0 -License: GPL v3 or later +License: GPLv3+ %endif Summary: Samba smbsharemodes Library Group: System/Libraries @@ -466,7 +466,7 @@ %if 0%{?suse_version} && 0%{?suse_version} < 1031 %description -n libsmbsharemodes -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %else @@ -502,7 +502,7 @@ The Samba Team <[email protected]> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %package -n libtalloc2 @@ -521,7 +521,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %package -n libtalloc-devel @@ -541,7 +541,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %package -n libtdb1 @@ -560,7 +560,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %package -n libtdb-devel @@ -580,7 +580,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %package -n libwbclient0 @@ -599,7 +599,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %package -n libwbclient-devel @@ -619,7 +619,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %package -n libtevent0 @@ -638,7 +638,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %package -n libtevent-devel @@ -659,7 +659,7 @@ The Samba Team <[email protected]> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %package -n libldb0 @@ -679,7 +679,7 @@ The Samba Team <[email protected]> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %package -n libldb-devel @@ -699,7 +699,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %if %{make_ldapsmb} @@ -710,7 +710,7 @@ Group: Productivity/Networking/Samba AutoReqProv: on Version: 1.34b -Release: 5.<RELEASE5> +Release: 5.<RELEASE11> Requires: perl-ldap %description -n ldapsmb @@ -723,7 +723,7 @@ -------- Guenther Deschner <guenther at deschner dot de> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %endif @@ -746,14 +746,14 @@ -------- Steve French <sfrench at Samba dot org> -Source Timestamp: 2508 +Source Timestamp: 2573 Branch : 3.5.4 %endif %if %{make_vscan} %package vscan -License: GPL v2 or later +License: GPLv2+ Summary: On-Access Virus Scanning with Samba Group: Productivity/Networking/Samba AutoReqProv: on ++++++ build-source-timestamp ++++++ --- /var/tmp/diff_new_pack.xnlg3z/_old 2011-07-28 00:16:21.000000000 +0200 +++ /var/tmp/diff_new_pack.xnlg3z/_new 2011-07-28 00:16:21.000000000 +0200 @@ -1,2 +1,2 @@ -2508 +2573 Branch : 3.5.4 ++++++ patches.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/1c579318ae2d2480ee4cc998443c0d1661b39846 new/patches/samba.org/1c579318ae2d2480ee4cc998443c0d1661b39846 --- old/patches/samba.org/1c579318ae2d2480ee4cc998443c0d1661b39846 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/1c579318ae2d2480ee4cc998443c0d1661b39846 2011-04-26 18:37:00.000000000 +0200 @@ -0,0 +1,17 @@ +Fix GetPrinterData response + +When returning WERR_MORE_DATA, the GetPrinterData data type field must be +retained otherwise Windows XP/2k3 will not reissue the request. +Index: source3/rpc_server/srv_spoolss_nt.c +=================================================================== +--- source3/rpc_server/srv_spoolss_nt.c.orig ++++ source3/rpc_server/srv_spoolss_nt.c +@@ -8678,7 +8678,7 @@ WERROR _spoolss_GetPrinterDataEx(pipes_s + return result; + } + +- *r->out.type = SPOOLSS_BUFFER_OK(*r->out.type, REG_NONE); ++ /* retain type when returning WERR_MORE_DATA */ + r->out.data = SPOOLSS_BUFFER_OK(r->out.data, r->out.data); + + return SPOOLSS_BUFFER_OK(WERR_OK, WERR_MORE_DATA); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/21576e3f8c32878910460bf9575c200ad93d682a new/patches/samba.org/21576e3f8c32878910460bf9575c200ad93d682a --- old/patches/samba.org/21576e3f8c32878910460bf9575c200ad93d682a 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/21576e3f8c32878910460bf9575c200ad93d682a 2011-03-18 16:39:41.000000000 +0100 @@ -0,0 +1,24 @@ +commit 21576e3f8c32878910460bf9575c200ad93d682a +Author: Günther Deschner <[email protected]> +Date: Fri Oct 1 06:08:12 2010 +0200 + + s3-net: make sure we dont crash when publishing a single printer. + + Guenther + +Index: source3/utils/net_rpc_printer.c +=================================================================== +--- source3/utils/net_rpc_printer.c.orig ++++ source3/utils/net_rpc_printer.c +@@ -1090,6 +1090,11 @@ static bool get_printer_info(struct rpc_ + &hnd)) + return false; + ++ *info_p = talloc_zero(mem_ctx, union spoolss_PrinterInfo); ++ if (*info_p == NULL) { ++ return false; ++ } ++ + if (!net_spoolss_getprinter(pipe_hnd, mem_ctx, &hnd, level, *info_p)) { + rpccli_spoolss_ClosePrinter(pipe_hnd, mem_ctx, &hnd, NULL); + return false; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/36e736871e28665ffcbbc4d0c87e1a2b60fcf0e0 new/patches/samba.org/36e736871e28665ffcbbc4d0c87e1a2b60fcf0e0 --- old/patches/samba.org/36e736871e28665ffcbbc4d0c87e1a2b60fcf0e0 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/36e736871e28665ffcbbc4d0c87e1a2b60fcf0e0 2011-07-21 22:10:31.000000000 +0200 @@ -0,0 +1,33 @@ +commit 36e736871e28665ffcbbc4d0c87e1a2b60fcf0e0 +Author: Volker Lendecke <[email protected]> +Date: Mon May 10 11:53:03 2010 +0200 + + s3: Test for "__attribute__((destructor))" + +Index: source3/configure.in +=================================================================== +--- source3/configure.in.orig ++++ source3/configure.in +@@ -1324,6 +1324,22 @@ if test x"$samba_cv_stat_dos_flags" = x" + AC_DEFINE(HAVE_STAT_DOS_FLAGS, 1, [whether there is DOS flags support in the stat struct]) + fi + ++AC_CACHE_CHECK([whether we can compile with __attribute__((destructor))], ++ samba_cv_function_attribute_destructor, ++ [ ++ AC_COMPILE_IFELSE( ++ [ ++ __attribute__((destructor)) ++ static void cleanup(void) { } ++ ], ++ samba_cv_function_attribute_destructor=yes) ++ ]) ++ ++if test x"$samba_cv_function_attribute_destructor" = xyes ; then ++ AC_DEFINE(HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR, 1, ++ [whether we can compile with __attribute__((destructor))]) ++fi ++ + ##################################### + # needed for SRV lookups + AC_CHECK_LIB(resolv, dn_expand) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/3a3c118a7edf679d6b545df035fd8d51b00e0830 new/patches/samba.org/3a3c118a7edf679d6b545df035fd8d51b00e0830 --- old/patches/samba.org/3a3c118a7edf679d6b545df035fd8d51b00e0830 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/3a3c118a7edf679d6b545df035fd8d51b00e0830 2011-07-21 22:10:31.000000000 +0200 @@ -0,0 +1,93 @@ +commit 3a3c118a7edf679d6b545df035fd8d51b00e0830 +Author: Michael Adam <[email protected]> +Date: Wed Dec 22 14:16:07 2010 +0100 + + s3:dbwrap_ctdb: in ctdb_delete, send a SCHEDULE_FOR_DELETION control to local ctdbd + + This way, the record will be scheduled for fast vacuuming. + + This is sent with the NOREPLY flag, so ctd should not sent + a reply packet and samba does not expect one. Hence, it + is not important for the success of the db_ctdb_delete command + whether or not the ctdbd we are running against supports the + SCHEDULE_FOR_DELETION control. + +Index: source3/lib/dbwrap_ctdb.c +=================================================================== +--- source3/lib/dbwrap_ctdb.c.orig ++++ source3/lib/dbwrap_ctdb.c +@@ -879,9 +879,56 @@ static NTSTATUS db_ctdb_store(struct db_ + + + ++#ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION ++static NTSTATUS db_ctdb_send_schedule_for_deletion(struct db_record *rec) ++{ ++ NTSTATUS status; ++ struct ctdb_control_schedule_for_deletion *dd; ++ TDB_DATA indata; ++ int cstatus; ++ struct db_ctdb_rec *crec = talloc_get_type_abort( ++ rec->private_data, struct db_ctdb_rec); ++ ++ indata.dsize = offsetof(struct ctdb_control_schedule_for_deletion, key) + rec->key.dsize; ++ indata.dptr = talloc_zero_array(crec, uint8_t, indata.dsize); ++ if (indata.dptr == NULL) { ++ DEBUG(0, (__location__ " talloc failed!\n")); ++ return NT_STATUS_NO_MEMORY; ++ } ++ ++ dd = (struct ctdb_control_schedule_for_deletion *)(void *)indata.dptr; ++ dd->db_id = crec->ctdb_ctx->db_id; ++ dd->hdr = crec->header; ++ dd->keylen = rec->key.dsize; ++ memcpy(dd->key, rec->key.dptr, rec->key.dsize); ++ ++ status = ctdbd_control_local(messaging_ctdbd_connection(), ++ CTDB_CONTROL_SCHEDULE_FOR_DELETION, ++ crec->ctdb_ctx->db_id, ++ CTDB_CTRL_FLAG_NOREPLY, /* flags */ ++ indata, ++ NULL, /* outdata */ ++ NULL, /* errmsg */ ++ &cstatus); ++ talloc_free(indata.dptr); ++ ++ if (!NT_STATUS_IS_OK(status) || cstatus != 0) { ++ DEBUG(1, (__location__ " Error sending local control " ++ "SCHEDULE_FOR_DELETION: %s, cstatus = %d\n", ++ nt_errstr(status), cstatus)); ++ if (NT_STATUS_IS_OK(status)) { ++ status = NT_STATUS_UNSUCCESSFUL; ++ } ++ } ++ ++ return status; ++} ++#endif ++ + static NTSTATUS db_ctdb_delete(struct db_record *rec) + { + TDB_DATA data; ++ NTSTATUS status; + + /* + * We have to store the header with empty data. TODO: Fix the +@@ -890,8 +937,16 @@ static NTSTATUS db_ctdb_delete(struct db + + ZERO_STRUCT(data); + +- return db_ctdb_store(rec, data, 0); ++ status = db_ctdb_store(rec, data, 0); ++ if (!NT_STATUS_IS_OK(status)) { ++ return status; ++ } ++ ++#ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION ++ status = db_ctdb_send_schedule_for_deletion(rec); ++#endif + ++ return status; + } + + static int db_ctdb_record_destr(struct db_record* data) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/CVE-2011-2522.diff new/patches/samba.org/CVE-2011-2522.diff --- old/patches/samba.org/CVE-2011-2522.diff 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/CVE-2011-2522.diff 2011-07-27 01:32:23.000000000 +0200 @@ -0,0 +1,467 @@ +From 42321e69cb3b245f8cce5f85524d1f3bec780042 Mon Sep 17 00:00:00 2001 +From: Kai Blin <[email protected]> +Date: Fri, 8 Jul 2011 12:56:21 +0200 +Subject: [PATCH 02/13] s3 swat: Allow getting the user's HTTP auth password + +Signed-off-by: Kai Blin <[email protected]> + +Index: source3/web/cgi.c +=================================================================== +--- source3/web/cgi.c.orig ++++ source3/web/cgi.c +@@ -19,6 +19,8 @@ + + #include "includes.h" + #include "web/swat_proto.h" ++#include "secrets.h" ++#include "../lib/util/util.h" + + #define MAX_VARIABLES 10000 + +@@ -42,6 +44,7 @@ static char *query_string; + static const char *baseurl; + static char *pathinfo; + static char *C_user; ++static char *C_pass; + static bool inetd_server; + static bool got_request; + +@@ -320,7 +323,23 @@ static void cgi_web_auth(void) + exit(0); + } + +- setuid(0); ++ C_user = SMB_STRDUP(user); ++ ++ if (!setuid(0)) { ++ C_pass = secrets_fetch_generic("root", "SWAT"); ++ if (C_pass == NULL) { ++ char *tmp_pass = NULL; ++ tmp_pass = generate_random_str(talloc_tos(), 16); ++ if (tmp_pass == NULL) { ++ printf("%sFailed to create random nonce for " ++ "SWAT session\n<br>%s\n", head, tail); ++ exit(0); ++ } ++ secrets_store_generic("root", "SWAT", tmp_pass); ++ C_pass = SMB_STRDUP(tmp_pass); ++ TALLOC_FREE(tmp_pass); ++ } ++ } + setuid(pwd->pw_uid); + if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) { + printf("%sFailed to become user %s - uid=%d/%d<br>%s\n", +@@ -388,6 +407,7 @@ static bool cgi_handle_authorization(cha + + /* Save the users name */ + C_user = SMB_STRDUP(user); ++ C_pass = SMB_STRDUP(user_pass); + TALLOC_FREE(pass); + return True; + } +@@ -422,6 +442,13 @@ char *cgi_user_name(void) + return(C_user); + } + ++/*************************************************************************** ++return a ptr to the users password ++ ***************************************************************************/ ++char *cgi_user_pass(void) ++{ ++ return(C_pass); ++} + + /*************************************************************************** + handle a file download +Index: source3/web/statuspage.c +=================================================================== +--- source3/web/statuspage.c.orig ++++ source3/web/statuspage.c +@@ -247,9 +247,14 @@ void status_page(void) + int nr_running=0; + bool waitup = False; + TALLOC_CTX *ctx = talloc_stackframe(); ++ const char form_name[] = "status"; + + smbd_pid = pid_to_procid(pidfile_pid("smbd")); + ++ if (!verify_xsrf_token(form_name)) { ++ goto output_page; ++ } ++ + if (cgi_variable("smbd_restart") || cgi_variable("all_restart")) { + stop_smbd(); + start_smbd(); +@@ -326,9 +331,11 @@ void status_page(void) + + initPid2Machine (); + ++output_page: + printf("<H2>%s</H2>\n", _("Server Status")); + + printf("<FORM method=post>\n"); ++ print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); + + if (!autorefresh) { + printf("<input type=submit value=\"%s\" name=\"autorefresh\">\n", _("Auto Refresh")); +Index: source3/web/swat.c +=================================================================== +--- source3/web/swat.c.orig ++++ source3/web/swat.c +@@ -29,6 +29,7 @@ + + #include "includes.h" + #include "web/swat_proto.h" ++#include "../lib/crypto/md5.h" + + static int demo_mode = False; + static int passwd_only = False; +@@ -50,6 +51,9 @@ static int iNumNonAutoPrintServices = 0; + #define DISABLE_USER_FLAG "disable_user_flag" + #define ENABLE_USER_FLAG "enable_user_flag" + #define RHOST "remote_host" ++#define XSRF_TOKEN "xsrf" ++#define XSRF_TIME "xsrf_time" ++#define XSRF_TIMEOUT 300 + + #define _(x) lang_msg_rotate(talloc_tos(),x) + +@@ -138,6 +142,76 @@ static char *make_parm_name(const char * + return parmname; + } + ++void get_xsrf_token(const char *username, const char *pass, ++ const char *formname, time_t xsrf_time, char token_str[33]) ++{ ++ struct MD5Context md5_ctx; ++ uint8_t token[16]; ++ int i; ++ ++ token_str[0] = '\0'; ++ ZERO_STRUCT(md5_ctx); ++ MD5Init(&md5_ctx); ++ ++ MD5Update(&md5_ctx, (uint8_t *)formname, strlen(formname)); ++ MD5Update(&md5_ctx, (uint8_t *)&xsrf_time, sizeof(time_t)); ++ if (username != NULL) { ++ MD5Update(&md5_ctx, (uint8_t *)username, strlen(username)); ++ } ++ if (pass != NULL) { ++ MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass)); ++ } ++ ++ MD5Final(token, &md5_ctx); ++ ++ for(i = 0; i < sizeof(token); i++) { ++ char tmp[3]; ++ ++ snprintf(tmp, sizeof(tmp), "%02x", token[i]); ++ strncat(token_str, tmp, sizeof(tmp)); ++ } ++} ++ ++void print_xsrf_token(const char *username, const char *pass, ++ const char *formname) ++{ ++ char token[33]; ++ time_t xsrf_time = time(NULL); ++ ++ get_xsrf_token(username, pass, formname, xsrf_time, token); ++ printf("<input type=\"hidden\" name=\"%s\" value=\"%s\">\n", ++ XSRF_TOKEN, token); ++ printf("<input type=\"hidden\" name=\"%s\" value=\"%lld\">\n", ++ XSRF_TIME, (long long int)xsrf_time); ++} ++ ++bool verify_xsrf_token(const char *formname) ++{ ++ char expected[33]; ++ const char *username = cgi_user_name(); ++ const char *pass = cgi_user_pass(); ++ const char *token = cgi_variable_nonull(XSRF_TOKEN); ++ const char *time_str = cgi_variable_nonull(XSRF_TIME); ++ time_t xsrf_time = 0; ++ time_t now = time(NULL); ++ ++ if (sizeof(time_t) == sizeof(int)) { ++ xsrf_time = atoi(time_str); ++ } else if (sizeof(time_t) == sizeof(long)) { ++ xsrf_time = atol(time_str); ++ } else if (sizeof(time_t) == sizeof(long long)) { ++ xsrf_time = atoll(time_str); ++ } ++ ++ if (abs(now - xsrf_time) > XSRF_TIMEOUT) { ++ return false; ++ } ++ ++ get_xsrf_token(username, pass, formname, xsrf_time, expected); ++ return (strncmp(expected, token, sizeof(expected)) == 0); ++} ++ ++ + /**************************************************************************** + include a lump of html in a page + ****************************************************************************/ +@@ -611,13 +685,20 @@ static void welcome_page(void) + static void viewconfig_page(void) + { + int full_view=0; ++ const char form_name[] = "viewconfig"; ++ ++ if (!verify_xsrf_token(form_name)) { ++ goto output_page; ++ } + + if (cgi_variable("full_view")) { + full_view = 1; + } + ++output_page: + printf("<H2>%s</H2>\n", _("Current Config")); + printf("<form method=post>\n"); ++ print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); + + if (full_view) { + printf("<input type=submit name=\"normal_view\" value=\"%s\">\n", _("Normal View")); +@@ -637,18 +718,25 @@ static void viewconfig_page(void) + static void wizard_params_page(void) + { + unsigned int parm_filter = FLAG_WIZARD; ++ const char form_name[] = "wizard_params"; + + /* Here we first set and commit all the parameters that were selected + in the previous screen. */ + + printf("<H2>%s</H2>\n", _("Wizard Parameter Edit Page")); + ++ if (!verify_xsrf_token(form_name)) { ++ goto output_page; ++ } ++ + if (cgi_variable("Commit")) { + commit_parameters(GLOBAL_SECTION_SNUM); + save_reload(-1); + } + ++output_page: + printf("<form name=\"swatform\" method=post action=wizard_params>\n"); ++ print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); + + if (have_write_access) { + printf("<input type=submit name=\"Commit\" value=\"Commit Changes\">\n"); +@@ -684,6 +772,11 @@ static void wizard_page(void) + int have_home = -1; + int HomeExpo = 0; + int SerType = 0; ++ const char form_name[] = "wizard"; ++ ++ if (!verify_xsrf_token(form_name)) { ++ goto output_page; ++ } + + if (cgi_variable("Rewrite")) { + (void) rewritecfg_file(); +@@ -774,10 +867,12 @@ static void wizard_page(void) + winstype = 3; + + role = lp_server_role(); +- ++ ++output_page: + /* Here we go ... */ + printf("<H2>%s</H2>\n", _("Samba Configuration Wizard")); + printf("<form method=post action=wizard>\n"); ++ print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); + + if (have_write_access) { + printf("%s\n", _("The \"Rewrite smb.conf file\" button will clear the smb.conf file of all default values and of comments.")); +@@ -846,9 +941,14 @@ static void globals_page(void) + { + unsigned int parm_filter = FLAG_BASIC; + int mode = 0; ++ const char form_name[] = "globals"; + + printf("<H2>%s</H2>\n", _("Global Parameters")); + ++ if (!verify_xsrf_token(form_name)) { ++ goto output_page; ++ } ++ + if (cgi_variable("Commit")) { + commit_parameters(GLOBAL_SECTION_SNUM); + save_reload(-1); +@@ -861,7 +961,9 @@ static void globals_page(void) + if ( cgi_variable("AdvMode")) + mode = 1; + ++output_page: + printf("<form name=\"swatform\" method=post action=globals>\n"); ++ print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); + + ViewModeBoxes( mode ); + switch ( mode ) { +@@ -901,11 +1003,17 @@ static void shares_page(void) + int mode = 0; + unsigned int parm_filter = FLAG_BASIC; + size_t converted_size; ++ const char form_name[] = "shares"; ++ ++ printf("<H2>%s</H2>\n", _("Share Parameters")); ++ ++ if (!verify_xsrf_token(form_name)) { ++ goto output_page; ++ } + + if (share) + snum = lp_servicenumber(share); + +- printf("<H2>%s</H2>\n", _("Share Parameters")); + + if (cgi_variable("Commit") && snum >= 0) { + commit_parameters(snum); +@@ -931,10 +1039,6 @@ static void shares_page(void) + } + } + +- printf("<FORM name=\"swatform\" method=post>\n"); +- +- printf("<table>\n"); +- + if ( cgi_variable("ViewMode") ) + mode = atoi(cgi_variable_nonull("ViewMode")); + if ( cgi_variable("BasicMode")) +@@ -942,6 +1046,12 @@ static void shares_page(void) + if ( cgi_variable("AdvMode")) + mode = 1; + ++output_page: ++ printf("<FORM name=\"swatform\" method=post>\n"); ++ print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); ++ ++ printf("<table>\n"); ++ + ViewModeBoxes( mode ); + switch ( mode ) { + case 0: +@@ -1138,6 +1248,8 @@ static void chg_passwd(void) + static void passwd_page(void) + { + const char *new_name = cgi_user_name(); ++ const char passwd_form[] = "passwd"; ++ const char rpasswd_form[] = "rpasswd"; + + /* + * After the first time through here be nice. If the user +@@ -1152,6 +1264,7 @@ static void passwd_page(void) + printf("<H2>%s</H2>\n", _("Server Password Management")); + + printf("<FORM name=\"swatform\" method=post>\n"); ++ print_xsrf_token(cgi_user_name(), cgi_user_pass(), passwd_form); + + printf("<table>\n"); + +@@ -1191,14 +1304,16 @@ static void passwd_page(void) + * Do some work if change, add, disable or enable was + * requested. It could be this is the first time through this + * code, so there isn't anything to do. */ +- if ((cgi_variable(CHG_S_PASSWD_FLAG)) || (cgi_variable(ADD_USER_FLAG)) || (cgi_variable(DELETE_USER_FLAG)) || +- (cgi_variable(DISABLE_USER_FLAG)) || (cgi_variable(ENABLE_USER_FLAG))) { ++ if (verify_xsrf_token(passwd_form) && ++ ((cgi_variable(CHG_S_PASSWD_FLAG)) || (cgi_variable(ADD_USER_FLAG)) || (cgi_variable(DELETE_USER_FLAG)) || ++ (cgi_variable(DISABLE_USER_FLAG)) || (cgi_variable(ENABLE_USER_FLAG)))) { + chg_passwd(); + } + + printf("<H2>%s</H2>\n", _("Client/Server Password Management")); + + printf("<FORM name=\"swatform\" method=post>\n"); ++ print_xsrf_token(cgi_user_name(), cgi_user_pass(), rpasswd_form); + + printf("<table>\n"); + +@@ -1231,7 +1346,7 @@ static void passwd_page(void) + * password somewhere other than the server. It could be this + * is the first time through this code, so there isn't + * anything to do. */ +- if (cgi_variable(CHG_R_PASSWD_FLAG)) { ++ if (verify_xsrf_token(passwd_form) && cgi_variable(CHG_R_PASSWD_FLAG)) { + chg_passwd(); + } + +@@ -1248,18 +1363,15 @@ static void printers_page(void) + int i; + int mode = 0; + unsigned int parm_filter = FLAG_BASIC; ++ const char form_name[] = "printers"; ++ ++ if (!verify_xsrf_token(form_name)) { ++ goto output_page; ++ } + + if (share) + snum = lp_servicenumber(share); + +- printf("<H2>%s</H2>\n", _("Printer Parameters")); +- +- printf("<H3>%s</H3>\n", _("Important Note:")); +- printf("%s",_("Printer names marked with [*] in the Choose Printer drop-down box ")); +- printf("%s",_("are autoloaded printers from ")); +- printf("<A HREF=\"/swat/help/smb.conf.5.html#printcapname\" target=\"docs\">%s</A>\n", _("Printcap Name")); +- printf("%s\n", _("Attempting to delete these printers from SWAT will have no effect.")); +- + if (cgi_variable("Commit") && snum >= 0) { + commit_parameters(snum); + if (snum >= iNumNonAutoPrintServices) +@@ -1288,8 +1400,6 @@ static void printers_page(void) + } + } + +- printf("<FORM name=\"swatform\" method=post>\n"); +- + if ( cgi_variable("ViewMode") ) + mode = atoi(cgi_variable_nonull("ViewMode")); + if ( cgi_variable("BasicMode")) +@@ -1297,6 +1407,19 @@ static void printers_page(void) + if ( cgi_variable("AdvMode")) + mode = 1; + ++output_page: ++ printf("<H2>%s</H2>\n", _("Printer Parameters")); ++ ++ printf("<H3>%s</H3>\n", _("Important Note:")); ++ printf("%s",_("Printer names marked with [*] in the Choose Printer drop-down box ")); ++ printf("%s",_("are autoloaded printers from ")); ++ printf("<A HREF=\"/swat/help/smb.conf.5.html#printcapname\" target=\"docs\">%s</A>\n", _("Printcap Name")); ++ printf("%s\n", _("Attempting to delete these printers from SWAT will have no effect.")); ++ ++ ++ printf("<FORM name=\"swatform\" method=post>\n"); ++ print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); ++ + ViewModeBoxes( mode ); + switch ( mode ) { + case 0: +Index: source3/web/swat_proto.h +=================================================================== +--- source3/web/swat_proto.h.orig ++++ source3/web/swat_proto.h +@@ -31,6 +31,7 @@ const char *cgi_variable(const char *nam + const char *cgi_variable_nonull(const char *name); + bool am_root(void); + char *cgi_user_name(void); ++char *cgi_user_pass(void); + void cgi_setup(const char *rootdir, int auth_required); + const char *cgi_baseurl(void); + const char *cgi_pathinfo(void); +@@ -66,5 +67,10 @@ void status_page(void); + /* The following definitions come from web/swat.c */ + + const char *lang_msg_rotate(TALLOC_CTX *ctx, const char *msgid); ++void get_xsrf_token(const char *username, const char *pass, ++ const char *formname, time_t xsrf_time, char token_str[33]); ++void print_xsrf_token(const char *username, const char *pass, ++ const char *formname); ++bool verify_xsrf_token(const char *formname); + + #endif /* _SWAT_PROTO_H_ */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/CVE-2011-2694.diff new/patches/samba.org/CVE-2011-2694.diff --- old/patches/samba.org/CVE-2011-2694.diff 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/CVE-2011-2694.diff 2011-07-27 02:02:14.000000000 +0200 @@ -0,0 +1,47 @@ +From be65f08f70a4fdd2c58394ec4338aa175d7b8f3b Mon Sep 17 00:00:00 2001 +From: Kai Blin <[email protected]> +Date: Thu, 7 Jul 2011 10:03:33 +0200 +Subject: [PATCH 01/13] s3 swat: Fix possible XSS attack (bug #8289) + +Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack +against SWAT, the Samba Web Administration Tool. The attack uses reflection to +insert arbitrary content into the "change password" page. + +This patch fixes the reflection issue by not printing user-specified content on +the website anymore. + +Signed-off-by: Kai Blin <[email protected]> + +Index: source3/web/swat.c +=================================================================== +--- source3/web/swat.c.orig ++++ source3/web/swat.c +@@ -1231,11 +1231,9 @@ static void chg_passwd(void) + if(cgi_variable(CHG_S_PASSWD_FLAG)) { + printf("<p>"); + if (rslt == True) { +- printf(_(" The passwd for '%s' has been changed."), cgi_variable_nonull(SWAT_USER)); +- printf("\n"); ++ printf("%s\n", _(" The passwd has been changed.")); + } else { +- printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable_nonull(SWAT_USER)); +- printf("\n"); ++ printf("%s\n", _(" The passwd for has NOT been changed.")); + } + } + +@@ -1251,14 +1249,6 @@ static void passwd_page(void) + const char passwd_form[] = "passwd"; + const char rpasswd_form[] = "rpasswd"; + +- /* +- * After the first time through here be nice. If the user +- * changed the User box text to another users name, remember it. +- */ +- if (cgi_variable(SWAT_USER)) { +- new_name = cgi_variable_nonull(SWAT_USER); +- } +- + if (!new_name) new_name = ""; + + printf("<H2>%s</H2>\n", _("Server Password Management")); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/a04c47b10758b6aa8035107e816dc7efac871646 new/patches/samba.org/a04c47b10758b6aa8035107e816dc7efac871646 --- old/patches/samba.org/a04c47b10758b6aa8035107e816dc7efac871646 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/a04c47b10758b6aa8035107e816dc7efac871646 2011-07-21 22:10:31.000000000 +0200 @@ -0,0 +1,24 @@ +commit a04c47b10758b6aa8035107e816dc7efac871646 +Author: Michael Adam <[email protected]> +Date: Thu Dec 23 16:46:24 2010 +0100 + + s3:ctdb: samba can now handle the NOREPLY flag + + Revert "samba3 can't handle NOREPLY yet" + + This reverts commit 9bf211db6d7d6ef6e59508de69d6d8dfe5bae059. + +Index: source3/lib/ctdbd_conn.c +=================================================================== +--- source3/lib/ctdbd_conn.c.orig ++++ source3/lib/ctdbd_conn.c +@@ -732,9 +732,6 @@ static NTSTATUS ctdbd_control(struct ctd + struct ctdbd_connection *new_conn = NULL; + NTSTATUS status; + +- /* the samba3 ctdb code can't handle NOREPLY yet */ +- flags &= ~CTDB_CTRL_FLAG_NOREPLY; +- + if (conn == NULL) { + status = ctdbd_init_connection(NULL, &new_conn); + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/aa8d91ae8e6b4b813c0479f09be9e090aff047a9 new/patches/samba.org/aa8d91ae8e6b4b813c0479f09be9e090aff047a9 --- old/patches/samba.org/aa8d91ae8e6b4b813c0479f09be9e090aff047a9 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/aa8d91ae8e6b4b813c0479f09be9e090aff047a9 2011-04-06 14:53:00.000000000 +0200 @@ -0,0 +1,29 @@ +commit aa8d91ae8e6b4b813c0479f09be9e090aff047a9 +Author: Volker Lendecke <[email protected]> +Date: Mon May 10 12:05:01 2010 +0200 + + libwbclient: Fix a fd-leak at dlclose-time + + __attribute__((destructor)) makes winbind_close_sock() being called at + dlclose() time. + + Found while testing apache on Linux with mod_auth_pam. + + Other platforms will have to find a different fix. One possibility would be to + always close the socket after each operation, but this badly sucks + performance-wise. + +Index: nsswitch/wb_common.c +=================================================================== +--- nsswitch/wb_common.c.orig ++++ nsswitch/wb_common.c +@@ -61,6 +61,9 @@ static void init_response(struct winbind + + /* Close established socket */ + ++#if HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR ++__attribute__((destructor)) ++#endif + void winbind_close_sock(void) + { + if (winbindd_fd != -1) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/b807c58b655f1ffbf849f5de9eef66136bdb4a52 new/patches/samba.org/b807c58b655f1ffbf849f5de9eef66136bdb4a52 --- old/patches/samba.org/b807c58b655f1ffbf849f5de9eef66136bdb4a52 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/b807c58b655f1ffbf849f5de9eef66136bdb4a52 2011-07-21 22:10:31.000000000 +0200 @@ -0,0 +1,37 @@ +commit b807c58b655f1ffbf849f5de9eef66136bdb4a52 +Author: Björn Baumbach <[email protected]> +Date: Tue Jul 12 17:32:55 2011 +0200 + + s3: dbwrap_ctdb.c: fix #ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION issue (bug #8303) + + Check for HAVE_CTDB_CONTROL_SCHEDULE_FOR_DELETION_DECL instead of + CTDB_CONTROL_SCHEDULE_FOR_DELETION, which is an enum member and not a + define. + + Signed-off-by: Stefan Metzmacher <[email protected]> + + Autobuild-User: Stefan Metzmacher <[email protected]> + Autobuild-Date: Tue Jul 12 18:56:30 CEST 2011 on sn-devel-104 + +Index: source3/lib/dbwrap_ctdb.c +=================================================================== +--- source3/lib/dbwrap_ctdb.c.orig ++++ source3/lib/dbwrap_ctdb.c +@@ -879,7 +879,7 @@ static NTSTATUS db_ctdb_store(struct db_ + + + +-#ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION ++#ifdef HAVE_CTDB_CONTROL_SCHEDULE_FOR_DELETION_DECL + static NTSTATUS db_ctdb_send_schedule_for_deletion(struct db_record *rec) + { + NTSTATUS status; +@@ -942,7 +942,7 @@ static NTSTATUS db_ctdb_delete(struct db + return status; + } + +-#ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION ++#ifdef HAVE_CTDB_CONTROL_SCHEDULE_FOR_DELETION_DECL + status = db_ctdb_send_schedule_for_deletion(rec); + #endif + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/bda7d3134ecc547b9c174a04fd2d02813b06f038 new/patches/samba.org/bda7d3134ecc547b9c174a04fd2d02813b06f038 --- old/patches/samba.org/bda7d3134ecc547b9c174a04fd2d02813b06f038 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/bda7d3134ecc547b9c174a04fd2d02813b06f038 2011-07-21 22:10:31.000000000 +0200 @@ -0,0 +1,22 @@ +commit bda7d3134ecc547b9c174a04fd2d02813b06f038 +Author: Michael Adam <[email protected]> +Date: Tue Mar 8 16:26:34 2011 +0100 + + s3:ctdb: pass the ctdb control flags to the ctdb daemon when sending the control + + The only flag that is currently used is the NOREPLY flag to indicate that + the client expects no reply packet. This needs to get passed down to the + ctdb daemon so that it really does not send a reply. + +Index: source3/lib/ctdbd_conn.c +=================================================================== +--- source3/lib/ctdbd_conn.c.orig ++++ source3/lib/ctdbd_conn.c +@@ -754,6 +754,7 @@ static NTSTATUS ctdbd_control(struct ctd + req.opcode = opcode; + req.srvid = srvid; + req.datalen = data.dsize; ++ req.flags = flags; + + DEBUG(10, ("ctdbd_control: Sending ctdb packet\n")); + ctdb_packet_dump(&req.hdr); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/c7655450f4c9784b700218628568c39e3528e9df new/patches/samba.org/c7655450f4c9784b700218628568c39e3528e9df --- old/patches/samba.org/c7655450f4c9784b700218628568c39e3528e9df 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/c7655450f4c9784b700218628568c39e3528e9df 2011-07-21 22:10:31.000000000 +0200 @@ -0,0 +1,20 @@ +commit c7655450f4c9784b700218628568c39e3528e9df +Author: Michael Adam <[email protected]> +Date: Thu Dec 23 16:43:55 2010 +0100 + + s3:ctdb: correctly handle cstatus if CTDB_CTRL_FLAG_NOREPLY is set. + +Index: source3/lib/ctdbd_conn.c +=================================================================== +--- source3/lib/ctdbd_conn.c.orig ++++ source3/lib/ctdbd_conn.c +@@ -780,6 +780,9 @@ static NTSTATUS ctdbd_control(struct ctd + + if (flags & CTDB_CTRL_FLAG_NOREPLY) { + TALLOC_FREE(new_conn); ++ if (cstatus) { ++ *cstatus = 0; ++ } + return NT_STATUS_OK; + } + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/fe4dcd44ec581afb631125b1d0bade055ca97e30 new/patches/samba.org/fe4dcd44ec581afb631125b1d0bade055ca97e30 --- old/patches/samba.org/fe4dcd44ec581afb631125b1d0bade055ca97e30 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/fe4dcd44ec581afb631125b1d0bade055ca97e30 2011-07-21 22:10:31.000000000 +0200 @@ -0,0 +1,34 @@ +commit fe4dcd44ec581afb631125b1d0bade055ca97e30 +Author: Volker Lendecke <[email protected]> +Date: Sat Aug 21 11:32:58 2010 +0200 + + s3: Fix bug 7635 + + smbclient -M not sending due to NT_STATUS_PIPE_BROKEN + +Index: source3/libsmb/climessage.c +=================================================================== +--- source3/libsmb/climessage.c.orig ++++ source3/libsmb/climessage.c +@@ -63,8 +63,10 @@ static struct tevent_req *cli_message_st + + *p++ = 4; + memcpy(p, utmp, ulen); ++ p += ulen; + *p++ = 4; + memcpy(p, htmp, hlen); ++ p += hlen; + TALLOC_FREE(htmp); + TALLOC_FREE(utmp); + +@@ -163,8 +165,8 @@ static struct tevent_req *cli_message_te + TALLOC_FREE(tmp); + return tevent_req_post(req, ev); + } +- SCVAL(bytes, 0, 0); /* pad */ +- SSVAL(bytes, 1, msglen); ++ SCVAL(bytes, 0, 1); /* pad */ ++ SSVAL(bytes+1, 0, msglen); + memcpy(bytes+3, msg, msglen); + TALLOC_FREE(tmp); + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/series new/patches/series --- old/patches/series 2011-02-21 23:36:51.000000000 +0100 +++ new/patches/series 2011-07-27 02:11:44.000000000 +0200 @@ -16,6 +16,18 @@ samba.org/0afb2995a2177afa2eb7b8f99887a39cdaf23a15 -p0 # bso 7791, bnc 656112 samba.org/9c12232f1ae36e00d04114ad73edd8ba3c2c6a5c -p0 # bnc 666460 samba.org/CVE-2011-0719.diff -p0 # bnc 670431, bso 7949 +samba.org/36e736871e28665ffcbbc4d0c87e1a2b60fcf0e0 -p0 # bso 7684, bnc 668773 +samba.org/aa8d91ae8e6b4b813c0479f09be9e090aff047a9 -p0 # bso 7684, bnc 668773 +samba.org/21576e3f8c32878910460bf9575c200ad93d682a -p0 # bnc 643119 +samba.org/fe4dcd44ec581afb631125b1d0bade055ca97e30 -p0 # bso 7635, bnc 681913 +samba.org/1c579318ae2d2480ee4cc998443c0d1661b39846 -p0 # bnc 643787 +samba.org/c7655450f4c9784b700218628568c39e3528e9df -p0 # bnc 705170 +samba.org/a04c47b10758b6aa8035107e816dc7efac871646 -p0 # bnc 705170 +samba.org/bda7d3134ecc547b9c174a04fd2d02813b06f038 -p0 # bnc 705170 +samba.org/3a3c118a7edf679d6b545df035fd8d51b00e0830 -p0 # bnc 705170 +samba.org/b807c58b655f1ffbf849f5de9eef66136bdb4a52 -p0 # bnc 705170 +samba.org/CVE-2011-2522.diff -p0 # bnc 705241, bso 8290 +samba.org/CVE-2011-2694.diff -p0 # bnc 708503, bso 8289 # SuSE specific changes # disabled -> WIP lmuelle diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/suse/async_printcap_svc_update.diff new/patches/suse/async_printcap_svc_update.diff --- old/patches/suse/async_printcap_svc_update.diff 2011-02-21 23:39:29.000000000 +0100 +++ new/patches/suse/async_printcap_svc_update.diff 2011-07-27 02:16:12.000000000 +0200 @@ -217,7 +217,7 @@ =================================================================== --- source3/web/swat.c.orig +++ source3/web/swat.c -@@ -490,7 +490,7 @@ static int save_reload(int snum) +@@ -564,7 +564,7 @@ static int save_reload(int snum) return 0; } iNumNonAutoPrintServices = lp_numservices(); @@ -226,7 +226,7 @@ return 1; } -@@ -1434,7 +1434,7 @@ const char *lang_msg_rotate(TALLOC_CTX * +@@ -1547,7 +1547,7 @@ const char *lang_msg_rotate(TALLOC_CTX * load_config(True); load_interfaces(); iNumNonAutoPrintServices = lp_numservices(); ++++++ vendor-files.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/tools/package-data new/vendor-files/tools/package-data --- old/vendor-files/tools/package-data 2011-03-07 17:07:55.000000000 +0100 +++ new/vendor-files/tools/package-data 2011-07-27 13:38:54.000000000 +0200 @@ -1,2 +1,2 @@ # This is an autogenrated file. -SAMBA_PACKAGE_SVN_VERSION="2508" +SAMBA_PACKAGE_SVN_VERSION="2573" ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
