diff options
Diffstat (limited to 'package/network/services/samba36/patches/028-CVE-2016-2125-v3.6.patch')
-rw-r--r-- | package/network/services/samba36/patches/028-CVE-2016-2125-v3.6.patch | 59 |
1 files changed, 0 insertions, 59 deletions
diff --git a/package/network/services/samba36/patches/028-CVE-2016-2125-v3.6.patch b/package/network/services/samba36/patches/028-CVE-2016-2125-v3.6.patch deleted file mode 100644 index 8e174f0e7b..0000000000 --- a/package/network/services/samba36/patches/028-CVE-2016-2125-v3.6.patch +++ /dev/null @@ -1,59 +0,0 @@ -From: =?utf-8?q?Guido_G=C3=BCnther?= <agx@sigxcpu.org> -Date: Wed, 28 Dec 2016 19:21:49 +0100 -Subject: security-CVE-2016-2125: Don't pass GSS_C_DELEG_FLAG by default - -This is a backport of upstream commits - - b1a056f77e793efc45df34ab7bf78fbec1bf8a59 - b83897ae49fdee1fda73c10c7fe73362bfaba690 (code not used in wheezy) - 3106964a640ddf6a3c08c634ff586a814f94dff8 (code not used in wheezy) ---- - source3/librpc/crypto/gse.c | 1 - - source3/libsmb/clifsinfo.c | 2 +- - source4/auth/gensec/gensec_gssapi.c | 2 +- - source4/scripting/bin/nsupdate-gss | 2 +- - 4 files changed, 3 insertions(+), 4 deletions(-) - ---- a/source3/librpc/crypto/gse.c -+++ b/source3/librpc/crypto/gse.c -@@ -162,7 +162,6 @@ static NTSTATUS gse_context_init(TALLOC_ - memcpy(&gse_ctx->gss_mech, gss_mech_krb5, sizeof(gss_OID_desc)); - - gse_ctx->gss_c_flags = GSS_C_MUTUAL_FLAG | -- GSS_C_DELEG_FLAG | - GSS_C_DELEG_POLICY_FLAG | - GSS_C_REPLAY_FLAG | - GSS_C_SEQUENCE_FLAG; ---- a/source3/libsmb/clifsinfo.c -+++ b/source3/libsmb/clifsinfo.c -@@ -726,7 +726,7 @@ static NTSTATUS make_cli_gss_blob(TALLOC - &es->s.gss_state->gss_ctx, - srv_name, - GSS_C_NO_OID, /* default OID. */ -- GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG, -+ GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_POLICY_FLAG, - GSS_C_INDEFINITE, /* requested ticket lifetime. */ - NULL, /* no channel bindings */ - p_tok_in, ---- a/source4/auth/gensec/gensec_gssapi.c -+++ b/source4/auth/gensec/gensec_gssapi.c -@@ -172,7 +172,7 @@ static NTSTATUS gensec_gssapi_start(stru - if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "mutual", true)) { - gensec_gssapi_state->want_flags |= GSS_C_MUTUAL_FLAG; - } -- if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "delegation", true)) { -+ if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "delegation", false)) { - gensec_gssapi_state->want_flags |= GSS_C_DELEG_FLAG; - } - if (gensec_setting_bool(gensec_security->settings, "gensec_gssapi", "replay", true)) { ---- a/source4/scripting/bin/nsupdate-gss -+++ b/source4/scripting/bin/nsupdate-gss -@@ -178,7 +178,7 @@ sub negotiate_tkey($$$$) - my $flags = - GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | - GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG | -- GSS_C_INTEG_FLAG | GSS_C_DELEG_FLAG; -+ GSS_C_INTEG_FLAG; - - - $status = GSSAPI::Cred::acquire_cred(undef, 120, undef, GSS_C_INITIATE, |