[samba/f20] revert back to manually apply CVE-2014-3560 to 4.1.9.
Guenther Deschner
gd at fedoraproject.org
Fri Aug 1 21:28:49 UTC 2014
commit b8db8a8dbe75367f9fa94884ff4cd8abadafda54
Author: Günther Deschner <gd at samba.org>
Date: Fri Aug 1 23:25:47 2014 +0200
revert back to manually apply CVE-2014-3560 to 4.1.9.
Guenther
samba-CVE-2014-3560.patch | 30 ++++++++++++++++++++++++++++++
samba.spec | 13 ++++++++-----
sources | 2 +-
3 files changed, 39 insertions(+), 6 deletions(-)
---
diff --git a/samba-CVE-2014-3560.patch b/samba-CVE-2014-3560.patch
new file mode 100644
index 0000000..e510f01
--- /dev/null
+++ b/samba-CVE-2014-3560.patch
@@ -0,0 +1,30 @@
+From fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2 Mon Sep 17 00:00:00 2001
+From: Volker Lendecke <vl at samba.org>
+Date: Tue, 22 Jul 2014 07:02:00 +0200
+Subject: [PATCH] fix unstrcpy
+
+Signed-off-by: Volker Lendecke <vl at samba.org>
+Reviewed-by: Jeremy Allison <jra at samba.org>
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10735
+CVE-2014-3560: unstrcpy macro length is invalid
+---
+ lib/util/string_wrappers.h | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/lib/util/string_wrappers.h b/lib/util/string_wrappers.h
+index 5f9d568..243fafc 100644
+--- a/lib/util/string_wrappers.h
++++ b/lib/util/string_wrappers.h
+@@ -51,7 +51,7 @@ do { \
+ #define unstrcpy(d,s) \
+ do { \
+ const char *_unstrcpy_src = (const char *)(s); \
+- strlcpy((d),_unstrcpy_src ? _unstrcpy_src : "",sizeof(fstring)); \
++ strlcpy((d),_unstrcpy_src ? _unstrcpy_src : "",sizeof(unstring)); \
+ } while (0)
+
+ #ifdef HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS
+--
+1.7.0.4
+
diff --git a/samba.spec b/samba.spec
index b0305e7..706cb8c 100644
--- a/samba.spec
+++ b/samba.spec
@@ -1,9 +1,9 @@
# Set --with testsuite or %bcond_without to run the Samba torture testsuite.
%bcond_with testsuite
-%define main_release 1
+%define main_release 4
-%define samba_version 4.1.11
+%define samba_version 4.1.9
%define talloc_version 2.0.8
%define ntdb_version 0.9
%define tdb_version 1.2.12
@@ -73,7 +73,7 @@ License: GPLv3+ and LGPLv3+
Group: System Environment/Daemons
URL: http://www.samba.org/
-Source0: http://ftp.samba.org/pub/samba/stable/samba-%{version}%{pre_release}.tar.xz
+Source0: samba-%{version}%{pre_release}.tar.xz
# Red Hat specific replacement-files
Source1: samba.log
@@ -85,6 +85,8 @@ Source6: samba.pamd
Source200: README.dc
Source201: README.downgrade
+Patch0: samba-CVE-2014-3560.patch
+
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
Requires(pre): /usr/sbin/groupadd
@@ -503,6 +505,8 @@ module necessary to communicate to the Winbind Daemon
%prep
%setup -q -n samba-%{version}%{pre_release}
+%patch0 -p1 -b .samba-CVE-2014-3560.patch
+
%build
%global _talloc_lib ,talloc,pytalloc,pytalloc-util
%global _tevent_lib ,tevent,pytevent
@@ -1572,8 +1576,7 @@ rm -rf %{buildroot}
%{_mandir}/man8/pam_winbind.8*
%changelog
-* Fri Aug 1 2014 - Jared Smith <jsmith at fedoraproject.org> - 4.1.11-1
-- Update to upstream Samba 4.1.11 release
+* Fri Aug 1 2014 - Jared Smith <jsmith at fedoraproject.org> - 4.1.9-4
- resolves: #1126015 - Fix CVE-2014-3560
* Mon Jun 23 2014 - Guenther Deschner <gdeschner at redhat.com> - 4.1.9-3
diff --git a/sources b/sources
index 9d7f271..a2ebf03 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-4e638121da030622e42ff46999ee6165 samba-4.1.11.tar.xz
+f5341f341eb01967a51bfe40b4ad7fbd samba-4.1.9.tar.xz
More information about the scm-commits
mailing list