b9a43fba61
A security hole has been discovered in versions 2.2.2 through 2.2.6
of Samba that could potentially allow an attacker to gain root access
on the target machine. The word "potentially" is used because there
is no known exploit of this bug, and the Samba Team has not been able to
craft one ourselves. However, the seriousness of the problem warrants
this immediate 2.2.7 release.
1) ensure we send the notify message in the same way it is expected
to be received by srv_spoolss_receive_message().
2) attribute matching on truncate only matters when opening truncate
with current SYSTEM|HIDDEN -> NONE. It's fine to truncate on open
with current NONE -> SYSTEM | HIDDEN.
3) Fix bug in rpcclient's deldriver command
4) Don't set global_machine_password_needs_changing if
lp_machine_password_timeout() is set to zero
5) don't parse the BUFFER5 if the buffer length is zero
6) fix core dump if pdbedit is run as non-root or smbpasswd file does
not exist
7) Ensure can_delete() returns correct error code
8) correctly return NT_STATUS_DELETE_PENDING from open code
9) fix bug that assumed dos_unistr2 length was in ucs2 units, not bytes
10) check the long_archi name is not null when deleting a printer driver.
fixes core dump in smbd when using rpcclient's deldriver
11) fix fd leak with kernel change notify on Linux 2.4 kernels
12) must add one to the extra_data size to transfer the 0 string
terminator. This was causing "wbinfo --sequence" to access past the
end of malloced memory
13) fix for large systems allowing more than 65536 files open in
NTcreate&X
14) Fix bug in %U expansion
|
||
|---|---|---|
| .. | ||
| files | ||
| patches | ||
| DESCR | ||
| distinfo | ||
| INSTALL | ||
| Makefile | ||
| Makefile.common | ||
| MESSAGE.smbpasswd | ||
| PLIST | ||