merge upstream 3.0.28debian/3.0.28-1

git-svn-id: svn://svn.debian.org/svn/pkg-samba/trunk/samba@1673 fc4039ab-9d04-0410-8cac-899223bdd6b0
author: vorlon <vorlon@alioth.debian.org> 2007-12-12 00:32:19 +0000
committer: vorlon <vorlon@alioth.debian.org> 2007-12-12 00:32:19 +0000
commit: debc1fcad140520c4e700dac03802ad1e59ced02 (patch)
tree: b554602de816a27096484bba8a166560e5c575c8
parent: 80538c64d7f16a07581650811042b558e67a61f2 (diff)
download: samba-debian/3.0.28-1.tar.gz
10 files changed, 93 insertions, 18 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000000..d5e5177e22
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,31 @@
+*.o
+*.po
+source/client/client_proto.h
+source/include/build_env.h
+source/include/config.h
+source/include/config.h.in
+source/include/proto.h
+source/include/stamp-h
+source/include/version.h
+source/Makefile
+source/config.log
+source/config.status
+source/configure
+source/smbadduser
+source/bin/*
+source/script/findsmb
+source/script/gen-8bit-gap.sh
+source/script/installbin.sh
+source/script/uninstallbin.sh
+source/smbd/build_options.c
+source/utils/net_proto.h
+source/utils/ntlm_auth_proto.h
+source/web/swat_proto.h
+source/tags
+source/utils/passwd_proto.h
+source/include/includes.h.gch
+source/config.cache
+source/library-versions
+source/nsswitch/*.so
+source/proto_exists
+source/winbindd/winbindd_proto.h
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 9b5494ce27..9e023d1c04 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,38 @@
+                   ==============================
+                   Release Notes for Samba 3.0.28
+                            Dec 10, 2007
+                   ==============================
+
+Samba 3.0.28 is a security release in order to address the following
+defect:
+
+  o CVE-2007-6015
+    Boundary failure in GETDC mailslot processing can result in 
+    a buffer overrun
+
+The original security announcement for this and past advisories can 
+be found http://www.samba.org/samba/security/
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.27a
+---------------------
+
+o   Jeremy Allison <jra@samba.org>
+    * Fix for CVE-2007-6015.
+
+o   Volker Lendecke <vl@samba.org>
+    * Fix for CVE-2007-6015.
+    * Add missing unbecome_root() calls in error path processing
+      when failing to add local groups in create_local_nt_token().
+
+
+Release notes for older releases follow:
+
+      --------------------------------------------------
+
                    ===============================
                    Release Notes for Samba 3.0.27a
                              Nov 20, 2007
@@ -86,8 +121,6 @@ o   Martin Zielinski <mz@seh.de>
 
 
 
-Release notes for older releases follow:
-
       --------------------------------------------------
 
                    ==============================
@@ -98,7 +131,7 @@ Release notes for older releases follow:
 Samba 3.0.27 is a security release in order to address the following
 defects:
 
-  o CVS-2007-4572
+  o CVE-2007-4572
     Stack buffer overflow in nmbd's logon request processing.
 
   o CVE-2007-5398
@@ -116,15 +149,13 @@ Changes since 3.0.26a
 ---------------------
 
 o   Jeremy Allison <jra@samba.org>
-    * Fix for CVS-2007-4572.
+    * Fix for CVE-2007-4572.
     * Fix for CVE-2007-5398.
 
 
 o   Simo Sorce <idra@samba.org>
-    * Additional fixes for CVS-2007-4572.
-
+    * Additional fixes for CVE-2007-4572.
 
-Release notes for older releases follow:
 
       --------------------------------------------------
                    ===============================
diff --git a/packaging/RHEL/makerpms.sh b/packaging/RHEL/makerpms.sh
index c0c83deea3..cbf5421422 100644
--- a/packaging/RHEL/makerpms.sh
+++ b/packaging/RHEL/makerpms.sh
@@ -20,7 +20,7 @@ SRCDIR=`rpm --eval %_sourcedir`
 
 USERID=`id -u`
 GRPID=`id -g`
-VERSION='3.0.27a'
+VERSION='3.0.28'
 REVISION=''
 SPECFILE="samba.spec"
 RPMVER=`rpm --version | awk '{print $3}'`
diff --git a/packaging/RHEL/samba.spec b/packaging/RHEL/samba.spec
index ae9ccd953c..cfe55bda8f 100644
--- a/packaging/RHEL/samba.spec
+++ b/packaging/RHEL/samba.spec
@@ -5,7 +5,7 @@ Summary: Samba SMB client and server
 Vendor: Samba Team
 Packager: Samba Team <samba@samba.org>
 Name:         samba
-Version:      3.0.27a
+Version:      3.0.28
 Release:      1
 Epoch:        0
 License: GNU GPL version 2
diff --git a/source/VERSION b/source/VERSION
index 282c45387d..d80ff13cbe 100644
--- a/source/VERSION
+++ b/source/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=3
 SAMBA_VERSION_MINOR=0
-SAMBA_VERSION_RELEASE=27
+SAMBA_VERSION_RELEASE=28
 
 ########################################################
 # Bug fix releases use a letter for the patch revision #
@@ -36,7 +36,7 @@ SAMBA_VERSION_RELEASE=27
 # e.g. SAMBA_VERSION_REVISION=a                        #
 #  ->  "2.2.8a"                                        #
 ########################################################
-SAMBA_VERSION_REVISION=a
+SAMBA_VERSION_REVISION=
 
 ########################################################
 # For 'pre' releases the version will be               #
@@ -96,4 +96,4 @@ SAMBA_VERSION_IS_GIT_SNAPSHOT=
 #  ->  "CVS 3.0.0rc2-VendorVersion"                    #
 ########################################################
 SAMBA_VERSION_VENDOR_SUFFIX=
-SAMBA_VENDOR_PATCH=
+SAMBA_VERSION_VENDOR_PATCH=
diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 6fbec48894..32224fa219 100644
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -956,6 +956,7 @@ static struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
 		status = add_aliases(get_global_sam_sid(), result);
 
 		if (!NT_STATUS_IS_OK(status)) {
+			unbecome_root();
 			TALLOC_FREE(result);
 			return NULL;
 		}
@@ -965,6 +966,7 @@ static struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
 		status = add_aliases(&global_sid_Builtin, result);
 
 		if (!NT_STATUS_IS_OK(status)) {
+			unbecome_root();
 			TALLOC_FREE(result);
 			return NULL;
 		}
diff --git a/source/include/version.h b/source/include/version.h
index c046fbd2db..9d5070159c 100644
--- a/source/include/version.h
+++ b/source/include/version.h
@@ -1,7 +1,6 @@
 /* Autogenerated by script/mkversion.sh */
 #define SAMBA_VERSION_MAJOR 3
 #define SAMBA_VERSION_MINOR 0
-#define SAMBA_VERSION_RELEASE 27
-#define SAMBA_VERSION_REVISION "a"
-#define SAMBA_VERSION_OFFICIAL_STRING "3.0.27a"
+#define SAMBA_VERSION_RELEASE 28
+#define SAMBA_VERSION_OFFICIAL_STRING "3.0.28"
 #define SAMBA_VERSION_STRING samba_version_string()
diff --git a/source/lib/version.c b/source/lib/version.c
index ee8c3eb196..93fd1082f7 100644
--- a/source/lib/version.c
+++ b/source/lib/version.c
@@ -28,7 +28,7 @@ const char *samba_version_string(void)
 #else
 	static fstring samba_version;
 	static BOOL init_samba_version;
-#ifdef SAMBA_VENDOR_PATCH
+#ifdef SAMBA_VERSION_VENDOR_PATCH
 	fstring tmp_version;
 	size_t remaining;
 #endif
@@ -40,9 +40,9 @@ const char *samba_version_string(void)
 		SAMBA_VERSION_OFFICIAL_STRING,
 		SAMBA_VERSION_VENDOR_SUFFIX);
 
-#ifdef SAMBA_VENDOR_PATCH
+#ifdef SAMBA_VERSION_VENDOR_PATCH
 	remaining = sizeof(samba_version)-strlen(samba_version);
-	snprintf( tmp_version, sizeof(tmp_version),  "-%d", SAMBA_VENDOR_PATCH );
+	snprintf( tmp_version, sizeof(tmp_version),  "-%d", SAMBA_VERSION_VENDOR_PATCH);
 	strlcat( samba_version, tmp_version, remaining-1 );
 #endif
 
diff --git a/source/libsmb/clidgram.c b/source/libsmb/clidgram.c
index 83ea81ddf1..548ace6d9e 100644
--- a/source/libsmb/clidgram.c
+++ b/source/libsmb/clidgram.c
@@ -72,6 +72,12 @@ BOOL cli_send_mailslot(BOOL unique, const char *mailslot,
 	/* Setup the smb part. */
 	ptr -= 4; /* XXX Ugliness because of handling of tcp SMB length. */
 	memcpy(tmp,ptr,4);
+
+	if (smb_size + 17*2 + strlen(mailslot) + 1 + len > MAX_DGRAM_SIZE) {
+		DEBUG(0, ("cli_send_mailslot: Cannot write beyond end of packet\n"));
+		return False;
+	}
+
 	set_message(ptr,17,strlen(mailslot) + 1 + len,True);
 	memcpy(ptr,tmp,4);
 
diff --git a/source/nmbd/nmbd_packets.c b/source/nmbd/nmbd_packets.c
index bbcc1ecb02..1460f7d8cd 100644
--- a/source/nmbd/nmbd_packets.c
+++ b/source/nmbd/nmbd_packets.c
@@ -1892,6 +1892,12 @@ BOOL send_mailslot(BOOL unique, const char *mailslot,char *buf, size_t len,
 	/* Setup the smb part. */
 	ptr -= 4; /* XXX Ugliness because of handling of tcp SMB length. */
 	memcpy(tmp,ptr,4);
+
+	if (smb_size + 17*2 + strlen(mailslot) + 1 + len > MAX_DGRAM_SIZE) {
+		DEBUG(0, ("send_mailslot: Cannot write beyond end of packet\n"));
+		return False;
+	}
+
 	set_message(ptr,17,strlen(mailslot) + 1 + len,True);
 	memcpy(ptr,tmp,4);
author	vorlon <vorlon@alioth.debian.org>	2007-12-12 00:32:19 +0000
committer	vorlon <vorlon@alioth.debian.org>	2007-12-12 00:32:19 +0000
commit	debc1fcad140520c4e700dac03802ad1e59ced02 (patch)
tree	b554602de816a27096484bba8a166560e5c575c8
parent	80538c64d7f16a07581650811042b558e67a61f2 (diff)
download	samba-debian/3.0.28-1.tar.gz