main/samba: security upgrade to 3.5.15 (CVE-2011-1678,CVE-2011-2724,CVE-2012-2111,CVE-2012-1182)

fixes #1104 fixes #1135
author: Natanael Copa <ncopa@alpinelinux.org> 2012-05-15 07:50:56 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2012-05-15 07:53:11 +0000
commit: 516619f168f837bfc4da1d7f8705b3ca882bbb1c (patch)
tree: 63a2974e0e58cbd226613e4f6cd19c7d2f6171e4
parent: dfccaf54290b0a736e6217e63b4fa6733fc896a2 (diff)
2 files changed, 3 insertions, 139 deletions
diff --git a/main/samba/APKBUILD b/main/samba/APKBUILD
index 9b860087334..607f9e3e59e 100644
--- a/main/samba/APKBUILD
+++ b/main/samba/APKBUILD
@@ -1,6 +1,6 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=samba
-pkgver=3.5.8
+pkgver=3.5.15
 pkgrel=0
 pkgdesc="Tools to access a server's filespace and printers via SMB"
 url="http://www.samba.org"
@@ -15,7 +15,6 @@ source="http://us1.$pkgname.org/$pkgname/ftp/stable/$pkgname-$pkgver.tar.gz
 	samba.confd
 	samba.logrotate
 	samba-uclibc-fstab.patch
-	samba-maximum-number-of-winbindd-clients.patch
 	"
 pkggroups="winbind"
 
@@ -119,9 +118,8 @@ tdb() {
 		usr/bin/tdb*
 }
 
-md5sums="355b4530c20997e94aebc74cd6ea5307  samba-3.5.8.tar.gz
+md5sums="2d72c044bdfd854ee2ab736326da3afd  samba-3.5.15.tar.gz
 c8a7f6ac5df2f73dbf023e25ea39927b  samba.initd
 c150433426e18261e6e3eed3930e1a76  samba.confd
 b7cafabfb4fa5b3ab5f2e857d8d1c733  samba.logrotate
-811e5a3f570d0053cf27a73248be4ae6  samba-uclibc-fstab.patch
-a906d4049df6ca1a3c106e7df52d9925  samba-maximum-number-of-winbindd-clients.patch"
+811e5a3f570d0053cf27a73248be4ae6  samba-uclibc-fstab.patch"
diff --git a/main/samba/samba-maximum-number-of-winbindd-clients.patch b/main/samba/samba-maximum-number-of-winbindd-clients.patch
deleted file mode 100644
index 6e84bb413be..00000000000
--- a/main/samba/samba-maximum-number-of-winbindd-clients.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-From eeb24afd78a6448e808aaf96dbd7d5abf51bbd40 Mon Sep 17 00:00:00 2001
-From: Pierre Carrier <pcarrier@redhat.com>
-Date: Tue, 14 Sep 2010 16:43:39 -0700
-Subject: [PATCH] Allows changing the maximum number of simultaneous clients in winbindd through an smb.conf option.
-
-Signed-off-by: Jeremy Allison <jra@samba.org>
----
- docs-xml/smbdotconf/winbind/winbindmaxclients.xml |   14 ++++++++++++++
- source3/include/local.h                           |    3 ---
- source3/include/proto.h                           |    1 +
- source3/param/loadparm.c                          |   13 ++++++++++++-
- source3/winbindd/winbindd.c                       |    8 +++-----
- 5 files changed, 30 insertions(+), 9 deletions(-)
- create mode 100644 docs-xml/smbdotconf/winbind/winbindmaxclients.xml
-
-diff --git a/docs-xml/smbdotconf/winbind/winbindmaxclients.xml b/docs-xml/smbdotconf/winbind/winbindmaxclients.xml
-new file mode 100644
-index 0000000..ae49e45
---- /dev/null
-+++ b/docs-xml/smbdotconf/winbind/winbindmaxclients.xml
-@@ -0,0 +1,14 @@
-+<samba:parameter name="winbind max clients"
-+                 context="G"
-+				 type="integer"
-+                 advanced="1" developer="1"
-+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-+<description>
-+	<para>This parameter specifies the maximum number of clients
-+	the <citerefentry><refentrytitle>winbindd</refentrytitle>
-+	<manvolnum>8</manvolnum></citerefentry> daemon can connect with.
-+	</para>
-+</description>
-+
-+<value type="default">200</value>
-+</samba:parameter>
-diff --git a/source3/include/local.h b/source3/include/local.h
-index a3baf64..93ec4cc 100644
---- a/source3/include/local.h
-+++ b/source3/include/local.h
-@@ -239,9 +239,6 @@
- /* Number in seconds for winbindd to wait for the mutex. Make this 2 * smbd wait time. */
- #define WINBIND_SERVER_MUTEX_WAIT_TIME (( ((NUM_CLI_AUTH_CONNECT_RETRIES) * ((CLI_AUTH_TIMEOUT)/1000)) + 5)*2)
- 
--/* Max number of simultaneous winbindd socket connections. */
--#define WINBINDD_MAX_SIMULTANEOUS_CLIENTS 200
--
- /* Buffer size to use when printing backtraces */
- #define BACKTRACE_STACK_SIZE 64
- 
-diff --git a/source3/include/proto.h b/source3/include/proto.h
-index f089c69..e1751e8 100644
---- a/source3/include/proto.h
-+++ b/source3/include/proto.h
-@@ -3539,6 +3539,7 @@ int lp_smb_encrypt(int );
- char lp_magicchar(const struct share_params *p );
- int lp_winbind_cache_time(void);
- int lp_winbind_reconnect_delay(void);
-+int lp_winbind_max_clients(void);
- const char **lp_winbind_nss_info(void);
- int lp_algorithmic_rid_base(void);
- int lp_name_cache_timeout(void);
-diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
-index e3fc2d8..bb6e132 100644
---- a/source3/param/loadparm.c
-+++ b/source3/param/loadparm.c
-@@ -262,7 +262,7 @@ struct global {
- 	int oplock_break_wait_time;
- 	int winbind_cache_time;
- 	int winbind_reconnect_delay;
--	int winbind_max_idle_children;
-+	int winbind_max_clients;
- 	char **szWinbindNssInfo;
- 	int iLockSpinTime;
- 	char *szLdapMachineSuffix;
-@@ -4606,6 +4606,15 @@ static struct parm_struct parm_table[] = {
- 		.flags		= FLAG_ADVANCED,
- 	},
- 	{
-+		.label		= "winbind max clients",
-+		.type		= P_INTEGER,
-+		.p_class	= P_GLOBAL,
-+		.ptr		= &Globals.winbind_max_clients,
-+		.special	= NULL,
-+		.enum_list	= NULL,
-+		.flags		= FLAG_ADVANCED,
-+	},
-+	{
- 		.label		= "winbind enum users",
- 		.type		= P_BOOL,
- 		.p_class	= P_GLOBAL,
-@@ -5299,6 +5308,7 @@ static void init_globals(bool reinit_globals)
- 
- 	Globals.winbind_cache_time = 300;	/* 5 minutes */
- 	Globals.winbind_reconnect_delay = 30;	/* 30 seconds */
-+	Globals.winbind_max_clients = 200;
- 	Globals.bWinbindEnumUsers = False;
- 	Globals.bWinbindEnumGroups = False;
- 	Globals.bWinbindUseDefaultDomain = False;
-@@ -5877,6 +5887,7 @@ FN_LOCAL_INTEGER(lp_smb_encrypt, ismb_encrypt)
- FN_LOCAL_CHAR(lp_magicchar, magic_char)
- FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
- FN_GLOBAL_INTEGER(lp_winbind_reconnect_delay, &Globals.winbind_reconnect_delay)
-+FN_GLOBAL_INTEGER(lp_winbind_max_clients, &Globals.winbind_max_clients)
- FN_GLOBAL_LIST(lp_winbind_nss_info, &Globals.szWinbindNssInfo)
- FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase)
- FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout)
-diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
-index 7a9ebb8..9c0a1fb 100644
---- a/source3/winbindd/winbindd.c
-+++ b/source3/winbindd/winbindd.c
-@@ -908,17 +908,15 @@ static void winbindd_listen_fde_handler(struct tevent_context *ev,
- 	struct winbindd_listen_state *s = talloc_get_type_abort(private_data,
- 					  struct winbindd_listen_state);
- 
--	while (winbindd_num_clients() >
--	       WINBINDD_MAX_SIMULTANEOUS_CLIENTS - 1) {
-+	while (winbindd_num_clients() > lp_winbind_max_clients() - 1) {
- 		DEBUG(5,("winbindd: Exceeding %d client "
- 			 "connections, removing idle "
--			 "connection.\n",
--			 WINBINDD_MAX_SIMULTANEOUS_CLIENTS));
-+			 "connection.\n", lp_winbind_max_clients()));
- 		if (!remove_idle_client()) {
- 			DEBUG(0,("winbindd: Exceeding %d "
- 				 "client connections, no idle "
- 				 "connection found\n",
--				 WINBINDD_MAX_SIMULTANEOUS_CLIENTS));
-+				 lp_winbind_max_clients()));
- 			break;
- 		}
- 	}
--- 
-1.7.0.4
-
author	Natanael Copa <ncopa@alpinelinux.org>	2012-05-15 07:50:56 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2012-05-15 07:53:11 +0000
commit	516619f168f837bfc4da1d7f8705b3ca882bbb1c (patch)
tree	63a2974e0e58cbd226613e4f6cd19c7d2f6171e4
parent	dfccaf54290b0a736e6217e63b4fa6733fc896a2 (diff)