diff options
| author | Kirill Ponomarev <krion@FreeBSD.org> | 2007-05-24 07:54:25 +0000 |
|---|---|---|
| committer | Kirill Ponomarev <krion@FreeBSD.org> | 2007-05-24 07:54:25 +0000 |
| commit | cbf318b29dde8496a5d724c78e64cb5163b9a558 (patch) | |
| tree | c7aec4678ade46e29d9008a8e73bec542b66fba8 /net/samba3/files/patch-nsswitch_pam_winbind.c | |
| parent | Make fetchable by update to latest release 3.6.1. (diff) | |
An update of net/samba3 to the 3.0.25 version plus security fixes.
Major features included in the 3.0.25 code base are:
o Significant improvements in the winbind off-line logon support.
o Support for secure DDNS updates as part of the 'net ads join'
process.
o Rewritten IdMap interface which allows for TTL based caching and
per domain backends.
o New plug-in interface for the "winbind nss info" parameter.
o New file change notify subsystem which is able to make use of
inotify on Linux.
o Support for passing Windows security descriptors to a VFS
plug-in allowing for multiple Unix ACL implements to running
side by side on the Same server.
o Improved compatibility with Windows Vista clients including
improved read performance with Linux servers.
o Man pages for IdMap and VFS plug-ins.
Security Fixes included in the Samba 3.0.25 release are:
o CVE-2007-2444
Versions: Samba 3.0.23d - 3.0.25pre2
Local SID/Name translation bug can result in
user privilege elevation
o CVE-2007-2446
Versions: Samba 3.0.0 - 3.0.24
Multiple heap overflows allow remote code execution
o CVE-2007-2447
Versions: Samba 3.0.0 - 3.0.24
Unescaped user input parameters are passed as
arguments to /bin/sh allowing for remote command
execution
PR: ports/112836
Submitted by: maintainer
Approved by: portmgr (self)
Notes
Notes:
svn path=/head/; revision=191627
Diffstat (limited to 'net/samba3/files/patch-nsswitch_pam_winbind.c')
| -rw-r--r-- | net/samba3/files/patch-nsswitch_pam_winbind.c | 23 |
1 files changed, 7 insertions, 16 deletions
diff --git a/net/samba3/files/patch-nsswitch_pam_winbind.c b/net/samba3/files/patch-nsswitch_pam_winbind.c index 1e0c90546733..9c1a8f1bdee5 100644 --- a/net/samba3/files/patch-nsswitch_pam_winbind.c +++ b/net/samba3/files/patch-nsswitch_pam_winbind.c @@ -1,20 +1,11 @@ ---- nsswitch/pam_winbind.c.orig Mon Aug 7 18:46:33 2006 -+++ nsswitch/pam_winbind.c Thu Aug 24 01:30:57 2006 -@@ -1016,7 +1016,7 @@ - } - return PAM_USER_UNKNOWN; +--- ./nsswitch/pam_winbind.c.orig Mon Apr 9 19:30:57 2007 ++++ ./nsswitch/pam_winbind.c Tue Apr 17 02:06:59 2007 +@@ -1735,7 +1735,7 @@ + ret = PAM_USER_UNKNOWN; + goto out; case 0: - pam_get_data( pamh, PAM_WINBIND_NEW_AUTHTOK_REQD, (const void **)&tmp); + pam_get_data( pamh, PAM_WINBIND_NEW_AUTHTOK_REQD, (void **)&tmp); if (tmp != NULL) { - retval = atoi(tmp); - switch (retval) { -@@ -1319,7 +1319,7 @@ - * By reaching here we have approved the passwords and must now - * rebuild the password database file. - */ -- pam_get_data( pamh, PAM_WINBIND_PWD_LAST_SET, (const void **)&pwdlastset_update); -+ pam_get_data( pamh, PAM_WINBIND_PWD_LAST_SET, (void **)&pwdlastset_update); - - retval = winbind_chauthtok_request(pamh, ctrl, user, pass_old, pass_new, pwdlastset_update); - if (retval) { + ret = atoi((const char *)tmp); + switch (ret) { |