Commit b25b711e authored by Sven Neumann's avatar Sven Neumann Committed by Peter Korsgaard
Browse files

samba: bump to 3.5.11 



Bump to version 3.5.11 and also update the download location.

Signed-off-by: default avatarSven Neumann <s.neumann@raumfeld.com>
Signed-off-by: default avatarPeter Korsgaard <jacmet@sunsite.dk>
parent ab6b9e77

package/samba/samba-00CVE-2011-2694.patch

deleted100644 → 0
+0 −55
Original line number Diff line number Diff line 
From d401ccaedaec09ad6900ec24ecaf205bed3e3ac1 Mon Sep 17 00:00:00 2001

From: Kai Blin <kai@samba.org>

Date: Thu, 7 Jul 2011 10:03:33 +0200

Subject: [PATCH] s3 swat: Fix possible XSS attack (bug #8289)



Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack

against SWAT, the Samba Web Administration Tool. The attack uses reflection to

insert arbitrary content into the "change password" page.



This patch fixes the reflection issue by not printing user-specified content on

the website anymore.



Signed-off-by: Kai Blin <kai@samba.org>



CVE-2011-2694.

---

 source/web/swat.c |   14 ++------------

 1 files changed, 2 insertions(+), 12 deletions(-)



diff --git a/source/web/swat.c b/source/web/swat.c

index 9c7294a..434b1ac 100644

--- a/source/web/swat.c

+++ b/source/web/swat.c

@@ -1120,11 +1120,9 @@ static void chg_passwd(void)

 	if(cgi_variable(CHG_S_PASSWD_FLAG)) {

 		printf("<p>");

 		if (rslt == True) {

-			printf(_(" The passwd for '%s' has been changed."), cgi_variable_nonull(SWAT_USER));

-			printf("\n");

+			printf("%s\n", _(" The passwd has been changed."));

 		} else {

-			printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable_nonull(SWAT_USER));

-			printf("\n");

+			printf("%s\n", _(" The passwd has NOT been changed."));

 		}

 	}

 	

@@ -1138,14 +1136,6 @@ static void passwd_page(void)

 {

 	const char *new_name = cgi_user_name();

 

-	/* 

-	 * After the first time through here be nice. If the user

-	 * changed the User box text to another users name, remember it.

-	 */

-	if (cgi_variable(SWAT_USER)) {

-		new_name = cgi_variable_nonull(SWAT_USER);

-	} 

-

 	if (!new_name) new_name = "";

 

 	printf("<H2>%s</H2>\n", _("Server Password Management"));

-- 

1.7.1

package/samba/samba-01CVE-2011-2522.patch

deleted100644 → 0
+0 −749

File deleted.

Preview size limit exceeded, changes collapsed.

package/samba/samba-add-check-for-__use_bsd.patch

deleted100644 → 0
+0 −18
Original line number Diff line number Diff line 
--- a/source/client/mount.cifs.c	2009-04-01 13:48:54.000000000 +0200

+++ b/source/client/mount.cifs.c	2009-04-20 12:59:57.000000000 +0200

@@ -100,6 +100,7 @@

 

 /* glibc doesn't have strlcpy, strlcat. Ensure we do. JRA. We

  * don't link to libreplace so need them here. */

+#if defined(__GLIBC__) && !(defined(__UCLIBC__) && defined(__USE_BSD))

 

 /* like strncpy but does not 0 fill the buffer and always null

  *    terminates. bufsize is the size of the destination buffer */

@@ -181,6 +182,7 @@

 	SAFE_FREE(mountpassword);

 	exit(EX_USAGE);

 }

+#endif /* __GLIBC__ && !(__UCLIBC__ && __USE_BSD) */

 

 /* caller frees username if necessary */

 static char * getusername(void) {

package/samba/samba-do-not-check-glibc-version.patch

deleted100644 → 0
+0 −104

File deleted.

Preview size limit exceeded, changes collapsed.

package/samba/samba-fix-client-mtab.patch

deleted100644 → 0
+0 −11

File deleted.

Preview size limit exceeded, changes collapsed.