Hello community, here is the log from the commit of package samba for openSUSE:11.4 checked in at Thu Jul 28 00:25:27 CEST 2011.
-------- --- old-versions/11.4/all/samba/samba.changes 2011-02-28 17:29:13.000000000 +0100 +++ 11.4/samba/samba.changes 2011-07-27 13:41:00.000000000 +0200 @@ -1,0 +2,58 @@ +Tue Jul 26 23:57:01 UTC 2011 - [email protected] + +- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are + affected by a cross-site scripting vulnerability; CVE-2011-2694; (bso#8289); + (bnc#708503). + +------------------------------------------------------------------- +Tue Jul 26 20:44:01 UTC 2011 - [email protected] + +- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are + affected by a cross-site request forgery; CVE-2011-2522; (bso#8290); + (bnc#705241). + +------------------------------------------------------------------- +Mon Jul 11 16:21:23 CEST 2011 - [email protected] + +- Improve ctdb vacuuming performance with use of SCHEDULE_FOR_DELETION; + (bnc#705170). + +------------------------------------------------------------------- +Mon May 16 10:23:54 CEST 2011 - [email protected] + +- Fix a 100% CPU loop when ctdbd dies during a traverse; (bnc#693945). + +------------------------------------------------------------------- +Thu Apr 7 21:38:00 CET 2011 - [email protected] + +- Fix idmap_tdb for big-endian systems such as ppc and s390; + (bso#6901); (bnc#675978). + +------------------------------------------------------------------- +Thu Mar 24 16:37:34 CET 2011 - [email protected] + +- Fix smbclient -M NT_STATUS_PIPE_BROKEN failure; (bso#7635); (bnc#681913). + +------------------------------------------------------------------- +Thu Mar 17 10:24:31 CET 2011 - [email protected] + +- Don't crash when publishing a single printer; (bnc#643119). + +------------------------------------------------------------------- +Wed Mar 9 10:46:20 UTC 2011 - [email protected] + +- Define the libwbclient packages ahead of packages with a different version. + +------------------------------------------------------------------- +Fri Mar 4 20:12:24 UTC 2011 - [email protected] + +- Require a particular library version even if the major version is part of + the package name. Using the same major version does not guarantee forward + compatibility. + +------------------------------------------------------------------- +Fri Mar 4 16:30:46 CET 2011 - [email protected] + +- Fix a fd-leak in libwbclient at dlclose-time; (bso#7684); (bnc#668773). + +------------------------------------------------------------------- @@ -136,0 +195,5 @@ +Wed Nov 24 13:28:13 CET 2010 - [email protected] + +- One further fix for spoolss GetPrinter (level 2) response; (bnc#649636). + +------------------------------------------------------------------- @@ -162,0 +226,18 @@ + +------------------------------------------------------------------- +Wed Nov 10 11:53:36 CET 2010 - [email protected] + +- Fix incorrect spoolss GetPrinterData behaviour, causing user get + printer settings problems; (bnc#643787). + +------------------------------------------------------------------- +Wed Nov 10 11:50:26 CET 2010 - [email protected] + +- Fix malformed spoolss EnumPrinterKey response, causing add printer + failures on Windows 7; (bso#6883); (bnc#649526). + +------------------------------------------------------------------- +Wed Nov 10 11:47:35 CET 2010 - [email protected] + +- Fix malformed spoolss GetPrinter (level 2) response; + (bso#6727); (bnc#649636). Package does not exist at destination yet. Using Fallback old-versions/11.4/all/samba Destination is old-versions/11.4/UPDATES/all/samba calling whatdependson for 11.4-i586 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ samba-doc.spec ++++++ --- /var/tmp/diff_new_pack.2aE38T/_old 2011-07-28 00:24:54.000000000 +0200 +++ /var/tmp/diff_new_pack.2aE38T/_new 2011-07-28 00:24:54.000000000 +0200 @@ -420,7 +420,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 %changelog ++++++ samba.spec ++++++ --- /var/tmp/diff_new_pack.2aE38T/_old 2011-07-28 00:24:54.000000000 +0200 +++ /var/tmp/diff_new_pack.2aE38T/_new 2011-07-28 00:24:54.000000000 +0200 @@ -184,7 +184,7 @@ The Samba Team <[email protected]> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 %package client @@ -230,7 +230,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 %if 0%{?suse_version} == 0 || 0%{?suse_version} > 1020 @@ -257,7 +257,7 @@ The Samba Team <[email protected]> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 %endif @@ -287,7 +287,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 %endif @@ -314,7 +314,7 @@ -------- Jeremy Allison <jra at samba dot org> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 %if %{make_utils} @@ -365,7 +365,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 %if 0%{?suse_version} && 0%{?suse_version} < 1031 @@ -375,7 +375,7 @@ %else %package -n libsmbclient0 -License: GPL v3 or later +License: GPLv3+ Provides: libsmbclient = %{version}-%{release} Obsoletes: libsmbclient %endif @@ -390,7 +390,7 @@ %if 0%{?suse_version} && 0%{?suse_version} < 1031 %description -n libsmbclient -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 %else @@ -416,12 +416,12 @@ Group: Development/Libraries/C and C++ AutoReqProv: on %if 0%{?suse_version} && 0%{?suse_version} < 921 -Requires: libsmbclient heimdal-devel +Requires: libsmbclient = %{version} heimdal-devel %else %if 0%{?suse_version} && 0%{?suse_version} < 1031 -Requires: libsmbclient krb5-devel +Requires: libsmbclient = %{version} krb5-devel %else -Requires: libsmbclient0 krb5-devel +Requires: libsmbclient0 = %{version} krb5-devel %endif %endif @@ -435,7 +435,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 %package -n libnetapi0 @@ -454,7 +454,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 %package -n libnetapi-devel @@ -462,7 +462,7 @@ Summary: Libraries and Header Files to Develop Programs with netapi Support Group: Development/Libraries/C and C++ AutoReqProv: on -Requires: libnetapi0 +Requires: libnetapi0 = %{version} %description -n libnetapi-devel This package contains the static libraries and header files needed to @@ -474,7 +474,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 %if 0%{?suse_version} && 0%{?suse_version} < 1031 @@ -484,7 +484,7 @@ %else %package -n libsmbsharemodes0 -License: GPL v3 or later +License: GPLv3+ %endif Summary: Samba smbsharemodes Library Group: System/Libraries @@ -494,7 +494,7 @@ %if 0%{?suse_version} && 0%{?suse_version} < 1031 %description -n libsmbsharemodes -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 %else @@ -514,9 +514,9 @@ Group: Development/Libraries/C and C++ AutoReqProv: on %if 0%{?suse_version} && 0%{?suse_version} < 1031 -Requires: libsmbsharemodes +Requires: libsmbsharemodes = %{version} %else -Requires: libsmbsharemodes0 +Requires: libsmbsharemodes0 = %{version} %endif %description -n libsmbsharemodes-devel @@ -530,20 +530,18 @@ The Samba Team <[email protected]> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 -%package -n libtalloc2 -License: LGPLv3+ -Summary: Samba talloc Library +%package -n libwbclient0 +License: GPLv3+ +Summary: Samba libwbclient Library Group: System/Libraries AutoReqProv: on -Version: %{libtalloc_ver} -Release: 2.<RELEASE4> PreReq: /sbin/ldconfig -%description -n libtalloc2 -This package includes the talloc library. +%description -n libwbclient0 +This package includes the wbclient library. @@ -551,21 +549,19 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 -%package -n libtalloc-devel -License: LGPLv3+ -Summary: Libraries and Header Files to Develop Programs with talloc Support +%package -n libwbclient-devel +License: GPLv3+ +Summary: Libraries and Header Files to Develop Programs with wbclient Support Group: Development/Libraries/C and C++ AutoReqProv: on -Version: %{libtalloc_ver} -Release: 2.<RELEASE4> -Requires: libtalloc2 +Requires: libwbclient0 = %{version} -%description -n libtalloc-devel +%description -n libwbclient-devel This package contains the static libraries and header files needed to -develop programs which make use of the talloc programming interface. +develop programs which make use of the wbclient programming interface. @@ -573,20 +569,20 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 -%package -n libtdb1 +%package -n libtalloc2 License: LGPLv3+ -Summary: Samba tdb Library +Summary: Samba talloc Library Group: System/Libraries AutoReqProv: on -Version: %{libtdb_ver} -Release: 2.<RELEASE4> +Version: %{libtalloc_ver} +Release: 2.<RELEASE5> PreReq: /sbin/ldconfig -%description -n libtdb1 -This package includes the tdb library. +%description -n libtalloc2 +This package includes the talloc library. @@ -594,21 +590,21 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 -%package -n libtdb-devel +%package -n libtalloc-devel License: LGPLv3+ -Summary: Libraries and Header Files to Develop Programs with tdb Support +Summary: Libraries and Header Files to Develop Programs with talloc Support Group: Development/Libraries/C and C++ AutoReqProv: on -Version: %{libtdb_ver} -Release: 2.<RELEASE4> -Requires: libtdb1 +Version: %{libtalloc_ver} +Release: 2.<RELEASE5> +Requires: libtalloc2 = %{libtalloc_ver} -%description -n libtdb-devel +%description -n libtalloc-devel This package contains the static libraries and header files needed to -develop programs which make use of the tdb programming interface. +develop programs which make use of the talloc programming interface. @@ -616,18 +612,20 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 -%package -n libwbclient0 -License: GPLv3+ -Summary: Samba libwbclient Library +%package -n libtdb1 +License: LGPLv3+ +Summary: Samba tdb Library Group: System/Libraries AutoReqProv: on +Version: %{libtdb_ver} +Release: 2.<RELEASE5> PreReq: /sbin/ldconfig -%description -n libwbclient0 -This package includes the wbclient library. +%description -n libtdb1 +This package includes the tdb library. @@ -635,19 +633,21 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 -%package -n libwbclient-devel -License: GPLv3+ -Summary: Libraries and Header Files to Develop Programs with wbclient Support +%package -n libtdb-devel +License: LGPLv3+ +Summary: Libraries and Header Files to Develop Programs with tdb Support Group: Development/Libraries/C and C++ AutoReqProv: on -Requires: libwbclient0 +Version: %{libtdb_ver} +Release: 2.<RELEASE5> +Requires: libtdb1 = %{libtdb_ver} -%description -n libwbclient-devel +%description -n libtdb-devel This package contains the static libraries and header files needed to -develop programs which make use of the wbclient programming interface. +develop programs which make use of the tdb programming interface. @@ -655,7 +655,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 %package -n libtevent0 @@ -664,7 +664,7 @@ Group: System/Libraries AutoReqProv: on Version: %{libtevent_ver} -Release: 2.<RELEASE4> +Release: 2.<RELEASE5> PreReq: /sbin/ldconfig %description -n libtevent0 @@ -676,7 +676,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 %package -n libtevent-devel @@ -685,8 +685,8 @@ Group: Development/Libraries/C and C++ AutoReqProv: on Version: %{libtevent_ver} -Release: 2.<RELEASE4> -Requires: libtevent0 +Release: 2.<RELEASE5> +Requires: libtevent0 = %{libtevent_ver} %description -n libtevent-devel This package contains the static libraries and header files needed to @@ -699,7 +699,7 @@ The Samba Team <[email protected]> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 %package -n libldb0 @@ -708,7 +708,7 @@ Group: System/Libraries AutoReqProv: on Version: %{libldb_ver} -Release: 2.<RELEASE4> +Release: 2.<RELEASE5> PreReq: /sbin/ldconfig %description -n libldb0 @@ -721,7 +721,7 @@ The Samba Team <[email protected]> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 %package -n libldb-devel @@ -730,8 +730,8 @@ Group: Development/Libraries/C and C++ AutoReqProv: on Version: %{libldb_ver} -Release: 2.<RELEASE4> -Requires: libldb0 +Release: 2.<RELEASE5> +Requires: libldb0 = %{libldb_ver} %description -n libldb-devel This package contains the static libraries and header files needed to @@ -743,7 +743,7 @@ -------- The Samba Team <[email protected]> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 %if %{make_ldapsmb} @@ -754,7 +754,7 @@ Group: Productivity/Networking/Samba AutoReqProv: on Version: 1.34b -Release: 298.<RELEASE4> +Release: 298.<RELEASE5> Requires: perl-ldap %description -n ldapsmb @@ -767,7 +767,7 @@ -------- Guenther Deschner <guenther at deschner dot de> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 %endif @@ -790,14 +790,14 @@ -------- Steve French <sfrench at Samba dot org> -Source Timestamp: 2505 +Source Timestamp: 2573 Branch : 3.5.7 %endif %if %{make_vscan} %package vscan -License: GPL v2 or later +License: GPLv2+ Summary: On-Access Virus Scanning with Samba Group: Productivity/Networking/Samba AutoReqProv: on ++++++ build-source-timestamp ++++++ --- /var/tmp/diff_new_pack.2aE38T/_old 2011-07-28 00:24:54.000000000 +0200 +++ /var/tmp/diff_new_pack.2aE38T/_new 2011-07-28 00:24:54.000000000 +0200 @@ -1,2 +1,2 @@ -2505 +2573 Branch : 3.5.7 ++++++ patches.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/1c579318ae2d2480ee4cc998443c0d1661b39846 new/patches/samba.org/1c579318ae2d2480ee4cc998443c0d1661b39846 --- old/patches/samba.org/1c579318ae2d2480ee4cc998443c0d1661b39846 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/1c579318ae2d2480ee4cc998443c0d1661b39846 2011-04-26 18:37:00.000000000 +0200 @@ -0,0 +1,17 @@ +Fix GetPrinterData response + +When returning WERR_MORE_DATA, the GetPrinterData data type field must be +retained otherwise Windows XP/2k3 will not reissue the request. +Index: source3/rpc_server/srv_spoolss_nt.c +=================================================================== +--- source3/rpc_server/srv_spoolss_nt.c.orig ++++ source3/rpc_server/srv_spoolss_nt.c +@@ -8725,7 +8725,7 @@ WERROR _spoolss_GetPrinterDataEx(pipes_s + return result; + } + +- *r->out.type = SPOOLSS_BUFFER_OK(*r->out.type, REG_NONE); ++ /* retain type when returning WERR_MORE_DATA */ + r->out.data = SPOOLSS_BUFFER_OK(r->out.data, r->out.data); + + return SPOOLSS_BUFFER_OK(WERR_OK, WERR_MORE_DATA); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/21576e3f8c32878910460bf9575c200ad93d682a new/patches/samba.org/21576e3f8c32878910460bf9575c200ad93d682a --- old/patches/samba.org/21576e3f8c32878910460bf9575c200ad93d682a 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/21576e3f8c32878910460bf9575c200ad93d682a 2011-03-18 16:39:42.000000000 +0100 @@ -0,0 +1,24 @@ +commit 21576e3f8c32878910460bf9575c200ad93d682a +Author: Günther Deschner <[email protected]> +Date: Fri Oct 1 06:08:12 2010 +0200 + + s3-net: make sure we dont crash when publishing a single printer. + + Guenther + +Index: source3/utils/net_rpc_printer.c +=================================================================== +--- source3/utils/net_rpc_printer.c.orig ++++ source3/utils/net_rpc_printer.c +@@ -1091,6 +1091,11 @@ static bool get_printer_info(struct rpc_ + &hnd)) + return false; + ++ *info_p = talloc_zero(mem_ctx, union spoolss_PrinterInfo); ++ if (*info_p == NULL) { ++ return false; ++ } ++ + if (!net_spoolss_getprinter(pipe_hnd, mem_ctx, &hnd, level, *info_p)) { + rpccli_spoolss_ClosePrinter(pipe_hnd, mem_ctx, &hnd, NULL); + return false; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/3a3c118a7edf679d6b545df035fd8d51b00e0830 new/patches/samba.org/3a3c118a7edf679d6b545df035fd8d51b00e0830 --- old/patches/samba.org/3a3c118a7edf679d6b545df035fd8d51b00e0830 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/3a3c118a7edf679d6b545df035fd8d51b00e0830 2011-07-21 22:10:31.000000000 +0200 @@ -0,0 +1,93 @@ +commit 3a3c118a7edf679d6b545df035fd8d51b00e0830 +Author: Michael Adam <[email protected]> +Date: Wed Dec 22 14:16:07 2010 +0100 + + s3:dbwrap_ctdb: in ctdb_delete, send a SCHEDULE_FOR_DELETION control to local ctdbd + + This way, the record will be scheduled for fast vacuuming. + + This is sent with the NOREPLY flag, so ctd should not sent + a reply packet and samba does not expect one. Hence, it + is not important for the success of the db_ctdb_delete command + whether or not the ctdbd we are running against supports the + SCHEDULE_FOR_DELETION control. + +Index: source3/lib/dbwrap_ctdb.c +=================================================================== +--- source3/lib/dbwrap_ctdb.c.orig ++++ source3/lib/dbwrap_ctdb.c +@@ -879,9 +879,56 @@ static NTSTATUS db_ctdb_store(struct db_ + + + ++#ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION ++static NTSTATUS db_ctdb_send_schedule_for_deletion(struct db_record *rec) ++{ ++ NTSTATUS status; ++ struct ctdb_control_schedule_for_deletion *dd; ++ TDB_DATA indata; ++ int cstatus; ++ struct db_ctdb_rec *crec = talloc_get_type_abort( ++ rec->private_data, struct db_ctdb_rec); ++ ++ indata.dsize = offsetof(struct ctdb_control_schedule_for_deletion, key) + rec->key.dsize; ++ indata.dptr = talloc_zero_array(crec, uint8_t, indata.dsize); ++ if (indata.dptr == NULL) { ++ DEBUG(0, (__location__ " talloc failed!\n")); ++ return NT_STATUS_NO_MEMORY; ++ } ++ ++ dd = (struct ctdb_control_schedule_for_deletion *)(void *)indata.dptr; ++ dd->db_id = crec->ctdb_ctx->db_id; ++ dd->hdr = crec->header; ++ dd->keylen = rec->key.dsize; ++ memcpy(dd->key, rec->key.dptr, rec->key.dsize); ++ ++ status = ctdbd_control_local(messaging_ctdbd_connection(), ++ CTDB_CONTROL_SCHEDULE_FOR_DELETION, ++ crec->ctdb_ctx->db_id, ++ CTDB_CTRL_FLAG_NOREPLY, /* flags */ ++ indata, ++ NULL, /* outdata */ ++ NULL, /* errmsg */ ++ &cstatus); ++ talloc_free(indata.dptr); ++ ++ if (!NT_STATUS_IS_OK(status) || cstatus != 0) { ++ DEBUG(1, (__location__ " Error sending local control " ++ "SCHEDULE_FOR_DELETION: %s, cstatus = %d\n", ++ nt_errstr(status), cstatus)); ++ if (NT_STATUS_IS_OK(status)) { ++ status = NT_STATUS_UNSUCCESSFUL; ++ } ++ } ++ ++ return status; ++} ++#endif ++ + static NTSTATUS db_ctdb_delete(struct db_record *rec) + { + TDB_DATA data; ++ NTSTATUS status; + + /* + * We have to store the header with empty data. TODO: Fix the +@@ -890,8 +937,16 @@ static NTSTATUS db_ctdb_delete(struct db + + ZERO_STRUCT(data); + +- return db_ctdb_store(rec, data, 0); ++ status = db_ctdb_store(rec, data, 0); ++ if (!NT_STATUS_IS_OK(status)) { ++ return status; ++ } ++ ++#ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION ++ status = db_ctdb_send_schedule_for_deletion(rec); ++#endif + ++ return status; + } + + static int db_ctdb_record_destr(struct db_record* data) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/CVE-2011-2522.diff new/patches/samba.org/CVE-2011-2522.diff --- old/patches/samba.org/CVE-2011-2522.diff 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/CVE-2011-2522.diff 2011-07-27 01:32:27.000000000 +0200 @@ -0,0 +1,467 @@ +From 42321e69cb3b245f8cce5f85524d1f3bec780042 Mon Sep 17 00:00:00 2001 +From: Kai Blin <[email protected]> +Date: Fri, 8 Jul 2011 12:56:21 +0200 +Subject: [PATCH 02/13] s3 swat: Allow getting the user's HTTP auth password + +Signed-off-by: Kai Blin <[email protected]> + +Index: source3/web/cgi.c +=================================================================== +--- source3/web/cgi.c.orig ++++ source3/web/cgi.c +@@ -19,6 +19,8 @@ + + #include "includes.h" + #include "web/swat_proto.h" ++#include "secrets.h" ++#include "../lib/util/util.h" + + #define MAX_VARIABLES 10000 + +@@ -42,6 +44,7 @@ static char *query_string; + static const char *baseurl; + static char *pathinfo; + static char *C_user; ++static char *C_pass; + static bool inetd_server; + static bool got_request; + +@@ -320,7 +323,23 @@ static void cgi_web_auth(void) + exit(0); + } + +- setuid(0); ++ C_user = SMB_STRDUP(user); ++ ++ if (!setuid(0)) { ++ C_pass = secrets_fetch_generic("root", "SWAT"); ++ if (C_pass == NULL) { ++ char *tmp_pass = NULL; ++ tmp_pass = generate_random_str(talloc_tos(), 16); ++ if (tmp_pass == NULL) { ++ printf("%sFailed to create random nonce for " ++ "SWAT session\n<br>%s\n", head, tail); ++ exit(0); ++ } ++ secrets_store_generic("root", "SWAT", tmp_pass); ++ C_pass = SMB_STRDUP(tmp_pass); ++ TALLOC_FREE(tmp_pass); ++ } ++ } + setuid(pwd->pw_uid); + if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) { + printf("%sFailed to become user %s - uid=%d/%d<br>%s\n", +@@ -388,6 +407,7 @@ static bool cgi_handle_authorization(cha + + /* Save the users name */ + C_user = SMB_STRDUP(user); ++ C_pass = SMB_STRDUP(user_pass); + TALLOC_FREE(pass); + return True; + } +@@ -422,6 +442,13 @@ char *cgi_user_name(void) + return(C_user); + } + ++/*************************************************************************** ++return a ptr to the users password ++ ***************************************************************************/ ++char *cgi_user_pass(void) ++{ ++ return(C_pass); ++} + + /*************************************************************************** + handle a file download +Index: source3/web/statuspage.c +=================================================================== +--- source3/web/statuspage.c.orig ++++ source3/web/statuspage.c +@@ -247,9 +247,14 @@ void status_page(void) + int nr_running=0; + bool waitup = False; + TALLOC_CTX *ctx = talloc_stackframe(); ++ const char form_name[] = "status"; + + smbd_pid = pid_to_procid(pidfile_pid("smbd")); + ++ if (!verify_xsrf_token(form_name)) { ++ goto output_page; ++ } ++ + if (cgi_variable("smbd_restart") || cgi_variable("all_restart")) { + stop_smbd(); + start_smbd(); +@@ -326,9 +331,11 @@ void status_page(void) + + initPid2Machine (); + ++output_page: + printf("<H2>%s</H2>\n", _("Server Status")); + + printf("<FORM method=post>\n"); ++ print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); + + if (!autorefresh) { + printf("<input type=submit value=\"%s\" name=\"autorefresh\">\n", _("Auto Refresh")); +Index: source3/web/swat.c +=================================================================== +--- source3/web/swat.c.orig ++++ source3/web/swat.c +@@ -29,6 +29,7 @@ + + #include "includes.h" + #include "web/swat_proto.h" ++#include "../lib/crypto/md5.h" + + static int demo_mode = False; + static int passwd_only = False; +@@ -50,6 +51,9 @@ static int iNumNonAutoPrintServices = 0; + #define DISABLE_USER_FLAG "disable_user_flag" + #define ENABLE_USER_FLAG "enable_user_flag" + #define RHOST "remote_host" ++#define XSRF_TOKEN "xsrf" ++#define XSRF_TIME "xsrf_time" ++#define XSRF_TIMEOUT 300 + + #define _(x) lang_msg_rotate(talloc_tos(),x) + +@@ -138,6 +142,76 @@ static char *make_parm_name(const char * + return parmname; + } + ++void get_xsrf_token(const char *username, const char *pass, ++ const char *formname, time_t xsrf_time, char token_str[33]) ++{ ++ struct MD5Context md5_ctx; ++ uint8_t token[16]; ++ int i; ++ ++ token_str[0] = '\0'; ++ ZERO_STRUCT(md5_ctx); ++ MD5Init(&md5_ctx); ++ ++ MD5Update(&md5_ctx, (uint8_t *)formname, strlen(formname)); ++ MD5Update(&md5_ctx, (uint8_t *)&xsrf_time, sizeof(time_t)); ++ if (username != NULL) { ++ MD5Update(&md5_ctx, (uint8_t *)username, strlen(username)); ++ } ++ if (pass != NULL) { ++ MD5Update(&md5_ctx, (uint8_t *)pass, strlen(pass)); ++ } ++ ++ MD5Final(token, &md5_ctx); ++ ++ for(i = 0; i < sizeof(token); i++) { ++ char tmp[3]; ++ ++ snprintf(tmp, sizeof(tmp), "%02x", token[i]); ++ strncat(token_str, tmp, sizeof(tmp)); ++ } ++} ++ ++void print_xsrf_token(const char *username, const char *pass, ++ const char *formname) ++{ ++ char token[33]; ++ time_t xsrf_time = time(NULL); ++ ++ get_xsrf_token(username, pass, formname, xsrf_time, token); ++ printf("<input type=\"hidden\" name=\"%s\" value=\"%s\">\n", ++ XSRF_TOKEN, token); ++ printf("<input type=\"hidden\" name=\"%s\" value=\"%lld\">\n", ++ XSRF_TIME, (long long int)xsrf_time); ++} ++ ++bool verify_xsrf_token(const char *formname) ++{ ++ char expected[33]; ++ const char *username = cgi_user_name(); ++ const char *pass = cgi_user_pass(); ++ const char *token = cgi_variable_nonull(XSRF_TOKEN); ++ const char *time_str = cgi_variable_nonull(XSRF_TIME); ++ time_t xsrf_time = 0; ++ time_t now = time(NULL); ++ ++ if (sizeof(time_t) == sizeof(int)) { ++ xsrf_time = atoi(time_str); ++ } else if (sizeof(time_t) == sizeof(long)) { ++ xsrf_time = atol(time_str); ++ } else if (sizeof(time_t) == sizeof(long long)) { ++ xsrf_time = atoll(time_str); ++ } ++ ++ if (abs(now - xsrf_time) > XSRF_TIMEOUT) { ++ return false; ++ } ++ ++ get_xsrf_token(username, pass, formname, xsrf_time, expected); ++ return (strncmp(expected, token, sizeof(expected)) == 0); ++} ++ ++ + /**************************************************************************** + include a lump of html in a page + ****************************************************************************/ +@@ -611,13 +685,20 @@ static void welcome_page(void) + static void viewconfig_page(void) + { + int full_view=0; ++ const char form_name[] = "viewconfig"; ++ ++ if (!verify_xsrf_token(form_name)) { ++ goto output_page; ++ } + + if (cgi_variable("full_view")) { + full_view = 1; + } + ++output_page: + printf("<H2>%s</H2>\n", _("Current Config")); + printf("<form method=post>\n"); ++ print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); + + if (full_view) { + printf("<input type=submit name=\"normal_view\" value=\"%s\">\n", _("Normal View")); +@@ -637,18 +718,25 @@ static void viewconfig_page(void) + static void wizard_params_page(void) + { + unsigned int parm_filter = FLAG_WIZARD; ++ const char form_name[] = "wizard_params"; + + /* Here we first set and commit all the parameters that were selected + in the previous screen. */ + + printf("<H2>%s</H2>\n", _("Wizard Parameter Edit Page")); + ++ if (!verify_xsrf_token(form_name)) { ++ goto output_page; ++ } ++ + if (cgi_variable("Commit")) { + commit_parameters(GLOBAL_SECTION_SNUM); + save_reload(-1); + } + ++output_page: + printf("<form name=\"swatform\" method=post action=wizard_params>\n"); ++ print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); + + if (have_write_access) { + printf("<input type=submit name=\"Commit\" value=\"Commit Changes\">\n"); +@@ -684,6 +772,11 @@ static void wizard_page(void) + int have_home = -1; + int HomeExpo = 0; + int SerType = 0; ++ const char form_name[] = "wizard"; ++ ++ if (!verify_xsrf_token(form_name)) { ++ goto output_page; ++ } + + if (cgi_variable("Rewrite")) { + (void) rewritecfg_file(); +@@ -774,10 +867,12 @@ static void wizard_page(void) + winstype = 3; + + role = lp_server_role(); +- ++ ++output_page: + /* Here we go ... */ + printf("<H2>%s</H2>\n", _("Samba Configuration Wizard")); + printf("<form method=post action=wizard>\n"); ++ print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); + + if (have_write_access) { + printf("%s\n", _("The \"Rewrite smb.conf file\" button will clear the smb.conf file of all default values and of comments.")); +@@ -846,9 +941,14 @@ static void globals_page(void) + { + unsigned int parm_filter = FLAG_BASIC; + int mode = 0; ++ const char form_name[] = "globals"; + + printf("<H2>%s</H2>\n", _("Global Parameters")); + ++ if (!verify_xsrf_token(form_name)) { ++ goto output_page; ++ } ++ + if (cgi_variable("Commit")) { + commit_parameters(GLOBAL_SECTION_SNUM); + save_reload(-1); +@@ -861,7 +961,9 @@ static void globals_page(void) + if ( cgi_variable("AdvMode")) + mode = 1; + ++output_page: + printf("<form name=\"swatform\" method=post action=globals>\n"); ++ print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); + + ViewModeBoxes( mode ); + switch ( mode ) { +@@ -901,11 +1003,17 @@ static void shares_page(void) + int mode = 0; + unsigned int parm_filter = FLAG_BASIC; + size_t converted_size; ++ const char form_name[] = "shares"; ++ ++ printf("<H2>%s</H2>\n", _("Share Parameters")); ++ ++ if (!verify_xsrf_token(form_name)) { ++ goto output_page; ++ } + + if (share) + snum = lp_servicenumber(share); + +- printf("<H2>%s</H2>\n", _("Share Parameters")); + + if (cgi_variable("Commit") && snum >= 0) { + commit_parameters(snum); +@@ -931,10 +1039,6 @@ static void shares_page(void) + } + } + +- printf("<FORM name=\"swatform\" method=post>\n"); +- +- printf("<table>\n"); +- + if ( cgi_variable("ViewMode") ) + mode = atoi(cgi_variable_nonull("ViewMode")); + if ( cgi_variable("BasicMode")) +@@ -942,6 +1046,12 @@ static void shares_page(void) + if ( cgi_variable("AdvMode")) + mode = 1; + ++output_page: ++ printf("<FORM name=\"swatform\" method=post>\n"); ++ print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); ++ ++ printf("<table>\n"); ++ + ViewModeBoxes( mode ); + switch ( mode ) { + case 0: +@@ -1138,6 +1248,8 @@ static void chg_passwd(void) + static void passwd_page(void) + { + const char *new_name = cgi_user_name(); ++ const char passwd_form[] = "passwd"; ++ const char rpasswd_form[] = "rpasswd"; + + /* + * After the first time through here be nice. If the user +@@ -1152,6 +1264,7 @@ static void passwd_page(void) + printf("<H2>%s</H2>\n", _("Server Password Management")); + + printf("<FORM name=\"swatform\" method=post>\n"); ++ print_xsrf_token(cgi_user_name(), cgi_user_pass(), passwd_form); + + printf("<table>\n"); + +@@ -1191,14 +1304,16 @@ static void passwd_page(void) + * Do some work if change, add, disable or enable was + * requested. It could be this is the first time through this + * code, so there isn't anything to do. */ +- if ((cgi_variable(CHG_S_PASSWD_FLAG)) || (cgi_variable(ADD_USER_FLAG)) || (cgi_variable(DELETE_USER_FLAG)) || +- (cgi_variable(DISABLE_USER_FLAG)) || (cgi_variable(ENABLE_USER_FLAG))) { ++ if (verify_xsrf_token(passwd_form) && ++ ((cgi_variable(CHG_S_PASSWD_FLAG)) || (cgi_variable(ADD_USER_FLAG)) || (cgi_variable(DELETE_USER_FLAG)) || ++ (cgi_variable(DISABLE_USER_FLAG)) || (cgi_variable(ENABLE_USER_FLAG)))) { + chg_passwd(); + } + + printf("<H2>%s</H2>\n", _("Client/Server Password Management")); + + printf("<FORM name=\"swatform\" method=post>\n"); ++ print_xsrf_token(cgi_user_name(), cgi_user_pass(), rpasswd_form); + + printf("<table>\n"); + +@@ -1231,7 +1346,7 @@ static void passwd_page(void) + * password somewhere other than the server. It could be this + * is the first time through this code, so there isn't + * anything to do. */ +- if (cgi_variable(CHG_R_PASSWD_FLAG)) { ++ if (verify_xsrf_token(passwd_form) && cgi_variable(CHG_R_PASSWD_FLAG)) { + chg_passwd(); + } + +@@ -1248,18 +1363,15 @@ static void printers_page(void) + int i; + int mode = 0; + unsigned int parm_filter = FLAG_BASIC; ++ const char form_name[] = "printers"; ++ ++ if (!verify_xsrf_token(form_name)) { ++ goto output_page; ++ } + + if (share) + snum = lp_servicenumber(share); + +- printf("<H2>%s</H2>\n", _("Printer Parameters")); +- +- printf("<H3>%s</H3>\n", _("Important Note:")); +- printf("%s",_("Printer names marked with [*] in the Choose Printer drop-down box ")); +- printf("%s",_("are autoloaded printers from ")); +- printf("<A HREF=\"/swat/help/smb.conf.5.html#printcapname\" target=\"docs\">%s</A>\n", _("Printcap Name")); +- printf("%s\n", _("Attempting to delete these printers from SWAT will have no effect.")); +- + if (cgi_variable("Commit") && snum >= 0) { + commit_parameters(snum); + if (snum >= iNumNonAutoPrintServices) +@@ -1288,8 +1400,6 @@ static void printers_page(void) + } + } + +- printf("<FORM name=\"swatform\" method=post>\n"); +- + if ( cgi_variable("ViewMode") ) + mode = atoi(cgi_variable_nonull("ViewMode")); + if ( cgi_variable("BasicMode")) +@@ -1297,6 +1407,19 @@ static void printers_page(void) + if ( cgi_variable("AdvMode")) + mode = 1; + ++output_page: ++ printf("<H2>%s</H2>\n", _("Printer Parameters")); ++ ++ printf("<H3>%s</H3>\n", _("Important Note:")); ++ printf("%s",_("Printer names marked with [*] in the Choose Printer drop-down box ")); ++ printf("%s",_("are autoloaded printers from ")); ++ printf("<A HREF=\"/swat/help/smb.conf.5.html#printcapname\" target=\"docs\">%s</A>\n", _("Printcap Name")); ++ printf("%s\n", _("Attempting to delete these printers from SWAT will have no effect.")); ++ ++ ++ printf("<FORM name=\"swatform\" method=post>\n"); ++ print_xsrf_token(cgi_user_name(), cgi_user_pass(), form_name); ++ + ViewModeBoxes( mode ); + switch ( mode ) { + case 0: +Index: source3/web/swat_proto.h +=================================================================== +--- source3/web/swat_proto.h.orig ++++ source3/web/swat_proto.h +@@ -31,6 +31,7 @@ const char *cgi_variable(const char *nam + const char *cgi_variable_nonull(const char *name); + bool am_root(void); + char *cgi_user_name(void); ++char *cgi_user_pass(void); + void cgi_setup(const char *rootdir, int auth_required); + const char *cgi_baseurl(void); + const char *cgi_pathinfo(void); +@@ -66,5 +67,10 @@ void status_page(void); + /* The following definitions come from web/swat.c */ + + const char *lang_msg_rotate(TALLOC_CTX *ctx, const char *msgid); ++void get_xsrf_token(const char *username, const char *pass, ++ const char *formname, time_t xsrf_time, char token_str[33]); ++void print_xsrf_token(const char *username, const char *pass, ++ const char *formname); ++bool verify_xsrf_token(const char *formname); + + #endif /* _SWAT_PROTO_H_ */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/CVE-2011-2694.diff new/patches/samba.org/CVE-2011-2694.diff --- old/patches/samba.org/CVE-2011-2694.diff 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/CVE-2011-2694.diff 2011-07-27 02:02:14.000000000 +0200 @@ -0,0 +1,47 @@ +From be65f08f70a4fdd2c58394ec4338aa175d7b8f3b Mon Sep 17 00:00:00 2001 +From: Kai Blin <[email protected]> +Date: Thu, 7 Jul 2011 10:03:33 +0200 +Subject: [PATCH 01/13] s3 swat: Fix possible XSS attack (bug #8289) + +Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack +against SWAT, the Samba Web Administration Tool. The attack uses reflection to +insert arbitrary content into the "change password" page. + +This patch fixes the reflection issue by not printing user-specified content on +the website anymore. + +Signed-off-by: Kai Blin <[email protected]> + +Index: source3/web/swat.c +=================================================================== +--- source3/web/swat.c.orig ++++ source3/web/swat.c +@@ -1231,11 +1231,9 @@ static void chg_passwd(void) + if(cgi_variable(CHG_S_PASSWD_FLAG)) { + printf("<p>"); + if (rslt == True) { +- printf(_(" The passwd for '%s' has been changed."), cgi_variable_nonull(SWAT_USER)); +- printf("\n"); ++ printf("%s\n", _(" The passwd has been changed.")); + } else { +- printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable_nonull(SWAT_USER)); +- printf("\n"); ++ printf("%s\n", _(" The passwd for has NOT been changed.")); + } + } + +@@ -1251,14 +1249,6 @@ static void passwd_page(void) + const char passwd_form[] = "passwd"; + const char rpasswd_form[] = "rpasswd"; + +- /* +- * After the first time through here be nice. If the user +- * changed the User box text to another users name, remember it. +- */ +- if (cgi_variable(SWAT_USER)) { +- new_name = cgi_variable_nonull(SWAT_USER); +- } +- + if (!new_name) new_name = ""; + + printf("<H2>%s</H2>\n", _("Server Password Management")); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/a04c47b10758b6aa8035107e816dc7efac871646 new/patches/samba.org/a04c47b10758b6aa8035107e816dc7efac871646 --- old/patches/samba.org/a04c47b10758b6aa8035107e816dc7efac871646 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/a04c47b10758b6aa8035107e816dc7efac871646 2011-07-21 22:10:31.000000000 +0200 @@ -0,0 +1,24 @@ +commit a04c47b10758b6aa8035107e816dc7efac871646 +Author: Michael Adam <[email protected]> +Date: Thu Dec 23 16:46:24 2010 +0100 + + s3:ctdb: samba can now handle the NOREPLY flag + + Revert "samba3 can't handle NOREPLY yet" + + This reverts commit 9bf211db6d7d6ef6e59508de69d6d8dfe5bae059. + +Index: source3/lib/ctdbd_conn.c +=================================================================== +--- source3/lib/ctdbd_conn.c.orig ++++ source3/lib/ctdbd_conn.c +@@ -732,9 +732,6 @@ static NTSTATUS ctdbd_control(struct ctd + struct ctdbd_connection *new_conn = NULL; + NTSTATUS status; + +- /* the samba3 ctdb code can't handle NOREPLY yet */ +- flags &= ~CTDB_CTRL_FLAG_NOREPLY; +- + if (conn == NULL) { + status = ctdbd_init_connection(NULL, &new_conn); + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/b807c58b655f1ffbf849f5de9eef66136bdb4a52 new/patches/samba.org/b807c58b655f1ffbf849f5de9eef66136bdb4a52 --- old/patches/samba.org/b807c58b655f1ffbf849f5de9eef66136bdb4a52 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/b807c58b655f1ffbf849f5de9eef66136bdb4a52 2011-07-21 22:10:31.000000000 +0200 @@ -0,0 +1,37 @@ +commit b807c58b655f1ffbf849f5de9eef66136bdb4a52 +Author: Björn Baumbach <[email protected]> +Date: Tue Jul 12 17:32:55 2011 +0200 + + s3: dbwrap_ctdb.c: fix #ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION issue (bug #8303) + + Check for HAVE_CTDB_CONTROL_SCHEDULE_FOR_DELETION_DECL instead of + CTDB_CONTROL_SCHEDULE_FOR_DELETION, which is an enum member and not a + define. + + Signed-off-by: Stefan Metzmacher <[email protected]> + + Autobuild-User: Stefan Metzmacher <[email protected]> + Autobuild-Date: Tue Jul 12 18:56:30 CEST 2011 on sn-devel-104 + +Index: source3/lib/dbwrap_ctdb.c +=================================================================== +--- source3/lib/dbwrap_ctdb.c.orig ++++ source3/lib/dbwrap_ctdb.c +@@ -879,7 +879,7 @@ static NTSTATUS db_ctdb_store(struct db_ + + + +-#ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION ++#ifdef HAVE_CTDB_CONTROL_SCHEDULE_FOR_DELETION_DECL + static NTSTATUS db_ctdb_send_schedule_for_deletion(struct db_record *rec) + { + NTSTATUS status; +@@ -942,7 +942,7 @@ static NTSTATUS db_ctdb_delete(struct db + return status; + } + +-#ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION ++#ifdef HAVE_CTDB_CONTROL_SCHEDULE_FOR_DELETION_DECL + status = db_ctdb_send_schedule_for_deletion(rec); + #endif + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/bda7d3134ecc547b9c174a04fd2d02813b06f038 new/patches/samba.org/bda7d3134ecc547b9c174a04fd2d02813b06f038 --- old/patches/samba.org/bda7d3134ecc547b9c174a04fd2d02813b06f038 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/bda7d3134ecc547b9c174a04fd2d02813b06f038 2011-07-21 22:10:31.000000000 +0200 @@ -0,0 +1,22 @@ +commit bda7d3134ecc547b9c174a04fd2d02813b06f038 +Author: Michael Adam <[email protected]> +Date: Tue Mar 8 16:26:34 2011 +0100 + + s3:ctdb: pass the ctdb control flags to the ctdb daemon when sending the control + + The only flag that is currently used is the NOREPLY flag to indicate that + the client expects no reply packet. This needs to get passed down to the + ctdb daemon so that it really does not send a reply. + +Index: source3/lib/ctdbd_conn.c +=================================================================== +--- source3/lib/ctdbd_conn.c.orig ++++ source3/lib/ctdbd_conn.c +@@ -754,6 +754,7 @@ static NTSTATUS ctdbd_control(struct ctd + req.opcode = opcode; + req.srvid = srvid; + req.datalen = data.dsize; ++ req.flags = flags; + + DEBUG(10, ("ctdbd_control: Sending ctdb packet\n")); + ctdb_packet_dump(&req.hdr); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/samba.org/c7655450f4c9784b700218628568c39e3528e9df new/patches/samba.org/c7655450f4c9784b700218628568c39e3528e9df --- old/patches/samba.org/c7655450f4c9784b700218628568c39e3528e9df 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/c7655450f4c9784b700218628568c39e3528e9df 2011-07-21 22:10:31.000000000 +0200 @@ -0,0 +1,20 @@ +commit c7655450f4c9784b700218628568c39e3528e9df +Author: Michael Adam <[email protected]> +Date: Thu Dec 23 16:43:55 2010 +0100 + + s3:ctdb: correctly handle cstatus if CTDB_CTRL_FLAG_NOREPLY is set. + +Index: source3/lib/ctdbd_conn.c +=================================================================== +--- source3/lib/ctdbd_conn.c.orig ++++ source3/lib/ctdbd_conn.c +@@ -780,6 +780,9 @@ static NTSTATUS ctdbd_control(struct ctd + + if (flags & CTDB_CTRL_FLAG_NOREPLY) { + TALLOC_FREE(new_conn); ++ if (cstatus) { ++ *cstatus = 0; ++ } + return NT_STATUS_OK; + } + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/series new/patches/series --- old/patches/series 2011-02-28 17:14:18.000000000 +0100 +++ new/patches/series 2011-07-27 02:04:52.000000000 +0200 @@ -13,6 +13,15 @@ samba.org/0afb2995a2177afa2eb7b8f99887a39cdaf23a15 -p0 # bso 7791, bnc 656112 samba.org/0c45b32bc7d93b03838405a97b054cb414267892 -p0 # bso 7835 samba.org/9c12232f1ae36e00d04114ad73edd8ba3c2c6a5c -p0 # bnc 666460 +samba.org/21576e3f8c32878910460bf9575c200ad93d682a -p0 # bnc 643119 +samba.org/1c579318ae2d2480ee4cc998443c0d1661b39846 -p0 # bnc 643787 +samba.org/c7655450f4c9784b700218628568c39e3528e9df -p0 # bnc 705170 +samba.org/a04c47b10758b6aa8035107e816dc7efac871646 -p0 # bnc 705170 +samba.org/bda7d3134ecc547b9c174a04fd2d02813b06f038 -p0 # bnc 705170 +samba.org/3a3c118a7edf679d6b545df035fd8d51b00e0830 -p0 # bnc 705170 +samba.org/b807c58b655f1ffbf849f5de9eef66136bdb4a52 -p0 # bnc 705170 +samba.org/CVE-2011-2522.diff -p0 # bnc 705241, bso 8290 +samba.org/CVE-2011-2694.diff -p0 # bnc 708503, bso 8289 # SuSE specific changes # disabled -> WIP lmuelle diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches/suse/async_printcap_svc_update.diff new/patches/suse/async_printcap_svc_update.diff --- old/patches/suse/async_printcap_svc_update.diff 2011-02-28 17:13:48.000000000 +0100 +++ new/patches/suse/async_printcap_svc_update.diff 2011-07-27 02:07:07.000000000 +0200 @@ -217,7 +217,7 @@ =================================================================== --- source3/web/swat.c.orig +++ source3/web/swat.c -@@ -490,7 +490,7 @@ static int save_reload(int snum) +@@ -564,7 +564,7 @@ static int save_reload(int snum) return 0; } iNumNonAutoPrintServices = lp_numservices(); @@ -226,7 +226,7 @@ return 1; } -@@ -1434,7 +1434,7 @@ const char *lang_msg_rotate(TALLOC_CTX * +@@ -1547,7 +1547,7 @@ const char *lang_msg_rotate(TALLOC_CTX * load_config(True); load_interfaces(); iNumNonAutoPrintServices = lp_numservices(); ++++++ vendor-files.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/tools/package-data new/vendor-files/tools/package-data --- old/vendor-files/tools/package-data 2011-02-28 18:19:20.000000000 +0100 +++ new/vendor-files/tools/package-data 2011-07-27 13:36:37.000000000 +0200 @@ -1,2 +1,2 @@ # This is an autogenrated file. -SAMBA_PACKAGE_SVN_VERSION="2505" +SAMBA_PACKAGE_SVN_VERSION="2573" ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
