diff options
author | vorlon <vorlon@alioth.debian.org> | 2008-08-27 18:20:11 +0000 |
---|---|---|
committer | vorlon <vorlon@alioth.debian.org> | 2008-08-27 18:20:11 +0000 |
commit | 2a04864d768a07d00f1d31b5a5d3dd04785cade5 (patch) | |
tree | 39c732c54d80a1d0cb03f2e09be0fbbd672b4057 | |
parent | 368bee9f8e5338ae8a86212ae4fe73642112ea85 (diff) | |
download | samba-debian/3.2.3-1.tar.gz |
use the upstream fix for CVE-2008-3789, since 3.2.3 is a targeted security fixdebian/3.2.3-1
git-svn-id: svn://svn.debian.org/svn/pkg-samba/trunk/samba@2153 fc4039ab-9d04-0410-8cac-899223bdd6b0
-rw-r--r-- | debian/changelog | 9 | ||||
-rw-r--r-- | debian/patches/CVE-2008-3789-ldb-permissions.patch | 29 | ||||
-rw-r--r-- | debian/patches/series | 1 | ||||
-rw-r--r-- | debian/samba.postinst | 8 |
4 files changed, 3 insertions, 44 deletions
diff --git a/debian/changelog b/debian/changelog index a07c02d0e0..c66dd57282 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,11 @@ -samba (2:3.2.2-1) unstable; urgency=high +samba (2:3.2.3-1) unstable; urgency=high * High-urgency upload for security fix * New upstream release - Fix "/usr/lib/cups/backend/smb does not try port 139 anymore by default" Closes: #491881 + - Fix the default permissions on ldb databases. Addresses + CVE-2008-3789; closes: #496073. - debian/rules, debian/smbfs.files: build with cifs.upcall, newly introduced to replace cifs.spnego - debian/rules: no more need to rename libsmbclient.so to @@ -12,11 +14,6 @@ samba (2:3.2.2-1) unstable; urgency=high [ Noèl Köthe ] * fixing lintian warning "build-depends-on-1-revision" - [ Steve Langasek ] - * New patch debian/patches/CVE-2008-3789-ldb-permissions.patch, fixing the - default permissions on ldb databases. Addresses CVE-2008-3789, - closes: #496073. - -- Steve Langasek <vorlon@debian.org> Wed, 27 Aug 2008 10:19:59 -0700 samba (2:3.2.1-1) unstable; urgency=low diff --git a/debian/patches/CVE-2008-3789-ldb-permissions.patch b/debian/patches/CVE-2008-3789-ldb-permissions.patch deleted file mode 100644 index 07ce0be769..0000000000 --- a/debian/patches/CVE-2008-3789-ldb-permissions.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 2b72b0fe8d17b8ea29f966196862a9b895a55f62 Mon Sep 17 00:00:00 2001 -From: Karolin Seeger <kseeger@samba.org> -Date: Mon, 25 Aug 2008 09:37:26 +0200 -Subject: [PATCH] ldb: Fix permissions of group_mapping.ldb. - -This one fixes bug #5715. -Thanks to Steve Langasek for reporting! - -Karolin ---- - source/lib/ldb/common/ldb.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/source/lib/ldb/common/ldb.c b/source/lib/ldb/common/ldb.c -index e469c49..743711b 100644 ---- a/source/lib/ldb/common/ldb.c -+++ b/source/lib/ldb/common/ldb.c -@@ -51,7 +51,7 @@ struct ldb_context *ldb_init(void *mem_ctx) - } - - ldb_set_utf8_default(ldb); -- ldb_set_create_perms(ldb, 0666); -+ ldb_set_create_perms(ldb, 0600); - - return ldb; - } --- -1.5.4.4 - diff --git a/debian/patches/series b/debian/patches/series index 9fae853eb7..24ce4a5043 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -18,4 +18,3 @@ swat-de.patch smbtar-bashism.patch no-unnecessary-cups.patch shrink-dead-code.patch -CVE-2008-3789-ldb-permissions.patch diff --git a/debian/samba.postinst b/debian/samba.postinst index 174bc44c5e..6a72f147e5 100644 --- a/debian/samba.postinst +++ b/debian/samba.postinst @@ -82,14 +82,6 @@ umask 022 # ------------------------- Debconf questions end --------------------- -# fix the permissions on group_mapping.ldb (CVE-2008-3789) -if dpkg --compare-versions "$2" lt-nl 2:3.2.2-1 \ - && dpkg --compare-versions "$2" ge 3.2.0~pre2-1 \ - && [ -e /var/lib/samba/group_mapping.ldb ] -then - chmod 0600 /var/lib/samba/group_mapping.ldb -fi - # move a tdb that should have been in /var/lib all along if dpkg --compare-versions "$2" lt-nl 3.0.25b-2 \ && dpkg --compare-versions "$2" ge 3.0.23-1 \ |