[SCM] Samba Shared Repository - branch v4-1-stable updated

Karolin Seeger kseeger at samba.org
Fri Aug 1 04:47:54 MDT 2014 

The branch, v4-1-stable has been updated
       via  154a270 VERSION: Disable git snapshots for the 4.1.11 release.
       via  ebeb3b6 WHATSNEW: Add release notes for Samba 4.1.11.
       via  e6a8486 fix unstrcpy
       via  01be3c5 VERSION: Bump version number up to 4.1.11...
      from  fcc634b Merge commit 'origin/v4-1-test^' into v4-1-stable

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable


- Log -----------------------------------------------------------------
commit 154a270edb95d5141781bc5e76b4b2dcac1be5e2
Author: Karolin Seeger <kseeger at samba.org>
Date:   Thu Jul 31 15:00:27 2014 +0200

    VERSION: Disable git snapshots for the 4.1.11 release.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10735
    CVE-2014-3560: unstrcpy macro length is invalid
    
    Signed-off-by: Karolin Seeger <kseeger at samba.org>

commit ebeb3b6d0b4a8533b2744d510ae28d4350ff0845
Author: Karolin Seeger <kseeger at samba.org>
Date:   Thu Jul 31 14:48:01 2014 +0200

    WHATSNEW: Add release notes for Samba 4.1.11.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10735
    CVE-2014-3560: unstrcpy macro length is invalid
    
    Signed-off-by: Karolin Seeger <kseeger at samba.org>

commit e6a848630da3ba958c442438ea131c99fa088605
Author: Volker Lendecke <vl at samba.org>
Date:   Tue Jul 22 07:02:00 2014 +0200

    fix unstrcpy
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10735
    CVE-2014-3560: unstrcpy macro length is invalid

commit 01be3c567c010cb206678af08f688d4cd6ed6fa7
Author: Karolin Seeger <kseeger at samba.org>
Date:   Mon Jul 28 08:44:32 2014 +0200

    VERSION: Bump version number up to 4.1.11...
    
    and re-enable git snapshots.
    
    Signed-off-by: Karolin Seeger <kseeger at samba.org>
    (cherry picked from commit b474dc70f11ebd5fcfd5c0dfa40e94cea5ce206c)

-----------------------------------------------------------------------

Summary of changes:
 VERSION                    |    2 +-
 WHATSNEW.txt               |   55 +++++++++++++++++++++++++++++++++++++++++--
 lib/util/string_wrappers.h |    2 +-
 3 files changed, 54 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 10e41cd..72f82cc 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=1
-SAMBA_VERSION_RELEASE=10
+SAMBA_VERSION_RELEASE=11
 
 ########################################################
 # If a official release has a serious bug              #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index cb9a1c6..521ea1f 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,55 @@
                    ==============================
+                   Release Notes for Samba 4.1.11
+                           August 1, 2014
+                   ==============================
+
+
+This is a security release in order to address
+CVE-2014-3560 (Remote code execution in nmbd).
+
+o  CVE-2014-3560:
+   Samba 4.0.0 to 4.1.10 are affected by a remote code execution attack on
+   unauthenticated nmbd NetBIOS name services.
+
+   A malicious browser can send packets that may overwrite the heap of
+   the target nmbd NetBIOS name services daemon. It may be possible to
+   use this to generate a remote code execution vulnerability as the
+   superuser (root).
+
+
+Changes since 4.1.10:
+---------------------
+
+o   Volker Lendecke <vl at samba.org>
+    * BUG 10735: CVE-2014-3560: Fix unstrcpy macro length.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 4.1 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+======================================================================
+
+                   ==============================
                    Release Notes for Samba 4.1.10
                            July 28, 2014
                    ==============================
@@ -140,10 +191,8 @@ database (https://bugzilla.samba.org/).
 ======================================================================
 
 
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
 
-======================================================================
 
                    =============================
                    Release Notes for Samba 4.1.9
diff --git a/lib/util/string_wrappers.h b/lib/util/string_wrappers.h
index 5f9d568..243fafc 100644
--- a/lib/util/string_wrappers.h
+++ b/lib/util/string_wrappers.h
@@ -51,7 +51,7 @@ do { \
 #define unstrcpy(d,s) \
 do { \
 	const char *_unstrcpy_src = (const char *)(s); \
-	strlcpy((d),_unstrcpy_src ? _unstrcpy_src : "",sizeof(fstring)); \
+	strlcpy((d),_unstrcpy_src ? _unstrcpy_src : "",sizeof(unstring)); \
 } while (0)
 
 #ifdef HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS


-- 
Samba Shared Repository

More information about the samba-cvs mailing list