rpms/kernel/F-11 linux-2.6-cifs-reenable-lanman-security.patch, NONE, 1.1 kernel.spec, 1.1734, 1.1735
Chuck Ebbert
cebbert at fedoraproject.org
Tue Sep 15 05:48:14 UTC 2009
Author: cebbert
Update of /cvs/pkgs/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv18393
Modified Files:
kernel.spec
Added Files:
linux-2.6-cifs-reenable-lanman-security.patch
Log Message:
Fix CIFS security flags mask broken in 2.6.30 (#523173)
linux-2.6-cifs-reenable-lanman-security.patch:
cifsglob.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE linux-2.6-cifs-reenable-lanman-security.patch ---
[CIFS] Re-enable Lanman security
commit ac68392460ffefed13020967bae04edc4d3add06 ("[CIFS] Allow raw
ntlmssp code to be enabled with sec=ntlmssp") added a new bit to the
allowed security flags mask but seems to have inadvertently removed
Lanman security from the allowed flags. Add it back.
Signed-off-by: Chuck Ebbert <cebbert at redhat.com>
--- linux-2.6.30.noarch.orig/fs/cifs/cifsglob.h
+++ linux-2.6.30.noarch/fs/cifs/cifsglob.h
@@ -544,9 +544,9 @@ require use of the stronger protocol */
#define CIFSSEC_MUST_LANMAN 0x10010
#define CIFSSEC_MUST_PLNTXT 0x20020
#ifdef CONFIG_CIFS_UPCALL
-#define CIFSSEC_MASK 0xAF0AF /* allows weak security but also krb5 */
+#define CIFSSEC_MASK 0xBF0BF /* allows weak security but also krb5 */
#else
-#define CIFSSEC_MASK 0xA70A7 /* current flags supported if weak */
+#define CIFSSEC_MASK 0xB70B7 /* current flags supported if weak */
#endif /* UPCALL */
#else /* do not allow weak pw hash */
#ifdef CONFIG_CIFS_UPCALL
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/kernel.spec,v
retrieving revision 1.1734
retrieving revision 1.1735
diff -u -p -r1.1734 -r1.1735
--- kernel.spec 15 Sep 2009 05:00:12 -0000 1.1734
+++ kernel.spec 15 Sep 2009 05:48:12 -0000 1.1735
@@ -725,6 +725,9 @@ Patch13002: linux-2.6-virtio_blk-dont-bo
Patch14000: make-mmap_min_addr-suck-less.patch
+# ----- send for upstream inclusion -----
+Patch14010: linux-2.6-cifs-reenable-lanman-security.patch
+
# ----- patches headed for -stable -----
# Fix string overflows found by stackprotector:
@@ -1357,6 +1360,9 @@ ApplyPatch linux-2.6-virtio_blk-dont-bou
ApplyPatch make-mmap_min_addr-suck-less.patch
+# ----- send for upstream inclusion -----
+ApplyPatch linux-2.6-cifs-reenable-lanman-security.patch
+
# ----- patches headed for -stable -----
# CVE-2009-2847
@@ -1961,7 +1967,10 @@ fi
# and build.
%changelog
-* Sat Sep 12 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.7-55.rc1
+* Tue Sep 15 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.7-56.rc1
+- Fix CIFS security flags mask broken in 2.6.30 (#523173)
+
+* Tue Sep 15 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.7-55.rc1
- Fix cpufreq lockdep warnings (#522685)
* Sat Sep 12 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.7-54.rc1
More information about the fedora-extras-commits
mailing list