diff options
author | Hauke Mehrtens <hauke@openwrt.org> | 2016-04-17 11:05:54 +0000 |
---|---|---|
committer | Hauke Mehrtens <hauke@openwrt.org> | 2016-04-17 11:05:54 +0000 |
commit | a69b3ac305d7abee34d912131873d34a1d04120f (patch) | |
tree | 801e532962af993187cd9ce5fa14fff4babebff5 /package/network/services/samba36/patches/011-patch-cve-2015-5296.patch | |
parent | a6d6810914eb03013b4d726645dcc2038c120558 (diff) | |
download | upstream-a69b3ac305d7abee34d912131873d34a1d04120f.tar.gz upstream-a69b3ac305d7abee34d912131873d34a1d04120f.tar.bz2 upstream-a69b3ac305d7abee34d912131873d34a1d04120f.zip |
CC: samba: fix some security problems
Backport of r49175.
This fixes the following security problems:
* CVE-2015-7560
* CVE-2015-5370
* CVE-2016-2110
* CVE-2016-2111
* CVE-2016-2112
* CVE-2016-2115
* CVE-2016-2118
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@49177 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/network/services/samba36/patches/011-patch-cve-2015-5296.patch')
-rw-r--r-- | package/network/services/samba36/patches/011-patch-cve-2015-5296.patch | 28 |
1 files changed, 2 insertions, 26 deletions
diff --git a/package/network/services/samba36/patches/011-patch-cve-2015-5296.patch b/package/network/services/samba36/patches/011-patch-cve-2015-5296.patch index eaafd1c667..a309cf1b7f 100644 --- a/package/network/services/samba36/patches/011-patch-cve-2015-5296.patch +++ b/package/network/services/samba36/patches/011-patch-cve-2015-5296.patch @@ -12,11 +12,9 @@ Reviewed-by: Jeremy Allison <jra@samba.org> source3/libsmb/clidfs.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) -diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c -index 23e1471..f153b6b 100644 --- a/source3/libsmb/clidfs.c +++ b/source3/libsmb/clidfs.c -@@ -98,6 +98,11 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, +@@ -98,6 +98,11 @@ static struct cli_state *do_connect(TALL const char *username; const char *password; NTSTATUS status; @@ -28,7 +26,7 @@ index 23e1471..f153b6b 100644 /* make a copy so we don't modify the global string 'service' */ servicename = talloc_strdup(ctx,share); -@@ -132,7 +137,7 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, +@@ -132,7 +137,7 @@ static struct cli_state *do_connect(TALL zero_sockaddr(&ss); /* have to open a new connection */ @@ -37,26 +35,6 @@ index 23e1471..f153b6b 100644 if (c == NULL) { d_printf("Connection to %s failed\n", server_n); return NULL; --- -2.5.0 - - -From 060adb0abdeda51b8b622c6020b5dea0c8dde1cf Mon Sep 17 00:00:00 2001 -From: Stefan Metzmacher <metze@samba.org> -Date: Wed, 30 Sep 2015 21:17:02 +0200 -Subject: [PATCH 2/2] CVE-2015-5296: s3:libsmb: force signing when requiring - encryption in SMBC_server_internal() - -BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 - -Signed-off-by: Stefan Metzmacher <metze@samba.org> -Reviewed-by: Jeremy Allison <jra@samba.org> ---- - source3/libsmb/libsmb_server.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c -index 45be660..167f2c9 100644 --- a/source3/libsmb/libsmb_server.c +++ b/source3/libsmb/libsmb_server.c @@ -258,6 +258,7 @@ SMBC_server_internal(TALLOC_CTX *ctx, @@ -108,5 +86,3 @@ index 45be660..167f2c9 100644 if (! NT_STATUS_IS_OK(nt_status)) { DEBUG(1,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status))); --- -2.5.0 |