Your message dated Sun, 06 Jul 2008 22:17:18 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#488688: fixed in samba 2:3.0.30-4 has caused the Debian Bug report #488688, regarding samba: regression with CVE-2008-1105: serving large files may break to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 488688: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=488688 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: samba Version: 2:3.0.30-2 Severity: normal Tags: patch User: [EMAIL PROTECTED] Usertags: origin-ubuntu intrepid ubuntu-patch In Ubuntu, we've applied the attached patch to our development and stable releases to achieve the following: * debian/patches/upstream_bug5517.patch: adjust cli_negprot() to properly calculate buffer sizes. This bug was introduced in the fix for CVE-2008-1105 * References https://bugs.launchpad.net/ubuntu/+source/samba/+bug/241448 https://bugzilla.samba.org/show_bug.cgi?id=5517 Jamiediff -u samba-3.0.30/debian/changelog samba-3.0.30/debian/changelog diff -u samba-3.0.30/debian/patches/series samba-3.0.30/debian/patches/series --- samba-3.0.30/debian/patches/series +++ samba-3.0.30/debian/patches/series @@ -17,0 +18 @@ +upstream_bug5517.patch only in patch2: unchanged: --- samba-3.0.30.orig/debian/patches/upstream_bug5517.patch +++ samba-3.0.30/debian/patches/upstream_bug5517.patch @@ -0,0 +1,16 @@ +diff -Nur samba-3.0.30/source/libsmb/cliconnect.c samba-3.0.30.new/source/libsmb/cliconnect.c +--- samba-3.0.30/source/libsmb/cliconnect.c 2008-05-28 08:41:11.000000000 -0400 ++++ samba-3.0.30.new/source/libsmb/cliconnect.c 2008-06-30 09:17:06.000000000 -0400 +@@ -1328,9 +1328,9 @@ + if (cli->capabilities & (CAP_LARGE_READX|CAP_LARGE_WRITEX)) { + SAFE_FREE(cli->outbuf); + SAFE_FREE(cli->inbuf); +- cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN); +- cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN); +- cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE; ++ cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN); ++ cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN); ++ cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE + LARGE_WRITEX_HDR_SIZE; + } + + } else if (cli->protocol >= PROTOCOL_LANMAN1) {
--- End Message ---
--- Begin Message ---Source: samba Source-Version: 2:3.0.30-4 We believe that the bug you reported is fixed in the latest version of samba, which is due to be installed in the Debian FTP archive: libpam-smbpass_3.0.30-4_i386.deb to pool/main/s/samba/libpam-smbpass_3.0.30-4_i386.deb libsmbclient-dev_3.0.30-4_i386.deb to pool/main/s/samba/libsmbclient-dev_3.0.30-4_i386.deb libsmbclient_3.0.30-4_i386.deb to pool/main/s/samba/libsmbclient_3.0.30-4_i386.deb samba-common_3.0.30-4_i386.deb to pool/main/s/samba/samba-common_3.0.30-4_i386.deb samba-dbg_3.0.30-4_i386.deb to pool/main/s/samba/samba-dbg_3.0.30-4_i386.deb samba-doc-pdf_3.0.30-4_all.deb to pool/main/s/samba/samba-doc-pdf_3.0.30-4_all.deb samba-doc_3.0.30-4_all.deb to pool/main/s/samba/samba-doc_3.0.30-4_all.deb samba_3.0.30-4.diff.gz to pool/main/s/samba/samba_3.0.30-4.diff.gz samba_3.0.30-4.dsc to pool/main/s/samba/samba_3.0.30-4.dsc samba_3.0.30-4_i386.deb to pool/main/s/samba/samba_3.0.30-4_i386.deb smbclient_3.0.30-4_i386.deb to pool/main/s/samba/smbclient_3.0.30-4_i386.deb smbfs_3.0.30-4_i386.deb to pool/main/s/samba/smbfs_3.0.30-4_i386.deb swat_3.0.30-4_i386.deb to pool/main/s/samba/swat_3.0.30-4_i386.deb winbind_3.0.30-4_i386.deb to pool/main/s/samba/winbind_3.0.30-4_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christian Perrier <[EMAIL PROTECTED]> (supplier of updated samba package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 06 Jul 2008 11:43:53 +0200 Source: samba Binary: samba samba-common smbclient swat samba-doc samba-doc-pdf smbfs libpam-smbpass libsmbclient libsmbclient-dev winbind samba-dbg Architecture: source all i386 Version: 2:3.0.30-4 Distribution: unstable Urgency: low Maintainer: Debian Samba Maintainers <[EMAIL PROTECTED]> Changed-By: Christian Perrier <[EMAIL PROTECTED]> Description: libpam-smbpass - pluggable authentication module for SMB/CIFS password database libsmbclient - shared library that allows applications to talk to SMB/CIFS serve libsmbclient-dev - libsmbclient static libraries and headers samba - a LanManager-like file and printer server for Unix samba-common - Samba common files used by both the server and the client samba-dbg - Samba debugging symbols samba-doc - Samba documentation samba-doc-pdf - Samba documentation (PDF format) smbclient - a LanManager-like simple client for Unix smbfs - mount and umount commands for the smbfs (for kernels >= than 2.2. swat - Samba Web Administration Tool winbind - service to resolve user and group information from Windows NT ser Closes: 486056 487681 488688 488709 Changes: samba (2:3.0.30-4) unstable; urgency=low . [ Christian Perrier ] * Rename libcupsys2-dev to libcups2-dev in build dependencies * Localize SWAT in German. Closes: #487681 . [ Jelmer Vernooij ] * Fix bashism in smbtar. (Closes: #486056) . [ Jamie Strandboge ] * debian/patches/upstream_bug5517.patch: adjust cli_negprot() to properly calculate buffer sizes. This bug was introduced in the fix for CVE-2008-1105. Closes: #488688 . [ Debconf translations ] * Romanian updated. Closes: #488709. Checksums-Sha1: 21227b2cafdd668fd0407162d222c88c3c105233 1567 samba_3.0.30-4.dsc a6bca34c950c72ac3146102c623201d05b1193db 208850 samba_3.0.30-4.diff.gz 26a69827234c08f9af63d3711c50114d3021c3d9 5169960 samba-doc_3.0.30-4_all.deb 57e1c62de8a924d3b1c753e10881dd18e51d2e44 6685460 samba-doc-pdf_3.0.30-4_all.deb 3d208a864f5c8c4a42c18964fe67dd065fe82240 3800052 samba_3.0.30-4_i386.deb d722b6d934c51466f3b6aa3460bc813ad19fb4c1 2804582 samba-common_3.0.30-4_i386.deb 42865ce07dcb738d435ba66712ee09c634a13ab0 4788580 smbclient_3.0.30-4_i386.deb 82b83b0ede8041e9af99dbe940b11b185dc2d669 957046 swat_3.0.30-4_i386.deb 98155f358875c5b2d29f27afd55e8b324054d1af 88240 smbfs_3.0.30-4_i386.deb 76d3edceb210e8e6aff451b101252514dba1aae6 458422 libpam-smbpass_3.0.30-4_i386.deb 3d4c65e53d8fe2033353d515703e3e6eb8649c64 866218 libsmbclient_3.0.30-4_i386.deb 7c8f087ca05f25687fc4035b4907da79e4676bc6 1176872 libsmbclient-dev_3.0.30-4_i386.deb f794bbd8990338a783b79ac32f6dbbda1b57fe37 2215796 winbind_3.0.30-4_i386.deb d6345372515f6b93978e08b2d6ca8aba4853b253 19973668 samba-dbg_3.0.30-4_i386.deb Checksums-Sha256: 1ce6b7767e8e3087143ce010a8e61ce98d5bb72b7db071a4af149d83e79515c5 1567 samba_3.0.30-4.dsc 682b1ecdbee555a8be9339836c91db02ff748d2279610a4a72df4050b0d9c25f 208850 samba_3.0.30-4.diff.gz d971d55090226cdf6f80ee714bd60ebe052a45992795a043abd7b2c70001cb6c 5169960 samba-doc_3.0.30-4_all.deb d7f1b13014475ff1885023d2985cb57e745ed7e7a11d60105a39d9010a89960b 6685460 samba-doc-pdf_3.0.30-4_all.deb de84b263d8e4f9fcd902bf80570f39d9b9a6d4b656cfce10f7398a6c9bf07f45 3800052 samba_3.0.30-4_i386.deb de3634f0a286632aee3e5d2f468d950da95de6e967b811bd3a913fd9a043e8f3 2804582 samba-common_3.0.30-4_i386.deb 3b95e269fc2247df0539c89dbe73fa38ce8a371c1b3d3c98a7901ebc4387d67e 4788580 smbclient_3.0.30-4_i386.deb 4180241fcf5548a0a0becc229e26c7319092740f832da006e28f0f1f990564e7 957046 swat_3.0.30-4_i386.deb 9f25ede5c80acc1742c09060867706e70b87087a049253a4d6145cee4ef2bd8a 88240 smbfs_3.0.30-4_i386.deb 50e314cb57ff9486eb852e7acadfeb224818e6411e324283ed0e268a069340ba 458422 libpam-smbpass_3.0.30-4_i386.deb c8932747bb6cbe13da003b92c6a13054b3eb07377c55e62cf632c6b1b89b2d82 866218 libsmbclient_3.0.30-4_i386.deb a6da20f82d277d1d350bd5b0484254710b0fcb2927ca4669407f0515b7937a2e 1176872 libsmbclient-dev_3.0.30-4_i386.deb c5e4727295a440993291fea31c5f2e96685e57bd191e68f2d7b543130faf4003 2215796 winbind_3.0.30-4_i386.deb 55cec1d181935d243c0882bdda3a896f0c698e826ddb6a72102ae88551aa2823 19973668 samba-dbg_3.0.30-4_i386.deb Files: 2fa7ab7b1d043895f1adf33aed5187f9 1567 net optional samba_3.0.30-4.dsc 045acd1cbf911f973f5526f8b84b072a 208850 net optional samba_3.0.30-4.diff.gz 8cc7bfde912e6cdea3e5ffd1d42e8a31 5169960 doc optional samba-doc_3.0.30-4_all.deb 848b5deccdea0b62b3ef1a645d2d932b 6685460 doc optional samba-doc-pdf_3.0.30-4_all.deb 5539b84cf1ca1e83efa08393529c57ef 3800052 net optional samba_3.0.30-4_i386.deb aed3b98571a0b421d5cd2e03b30f3167 2804582 net optional samba-common_3.0.30-4_i386.deb ce6011dab3b8925a32e18f62428f832f 4788580 net optional smbclient_3.0.30-4_i386.deb 3129befbafa9c80caa113228a3b775f2 957046 net optional swat_3.0.30-4_i386.deb 5fe05ee141a0ca329a00dbcf29833d4c 88240 otherosfs optional smbfs_3.0.30-4_i386.deb 83ac669b8e89735d76c87ebd4ccb1a01 458422 admin extra libpam-smbpass_3.0.30-4_i386.deb 09cad5ced7c087eb63f5404a16a7631e 866218 libs optional libsmbclient_3.0.30-4_i386.deb d13b0a3a3cd99900fd343fe6b7ca0ea5 1176872 libdevel extra libsmbclient-dev_3.0.30-4_i386.deb c48c1b4b95b1f8be403e98166605825d 2215796 net optional winbind_3.0.30-4_i386.deb dcb9020bd0e4ea744a1186ce5465c927 19973668 devel extra samba-dbg_3.0.30-4_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkhxPP8ACgkQ1OXtrMAUPS03WQCdHf2hyFm4oGyOohxIFEL9SZJU 4aEAoL2jaCAb4SB7qbtd6K8dvEj2euzf =/D8U -----END PGP SIGNATURE-----
--- End Message ---
