rpms/kernel/F-11 linux-2.6-cifs-reenable-lanman-security.patch, NONE, 1.1 kernel.spec, 1.1734, 1.1735

Chuck Ebbert cebbert at fedoraproject.org
Tue Sep 15 05:48:14 UTC 2009 

Author: cebbert

Update of /cvs/pkgs/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv18393

Modified Files:
	kernel.spec 
Added Files:
	linux-2.6-cifs-reenable-lanman-security.patch 
Log Message:
Fix CIFS security flags mask broken in 2.6.30 (#523173)

linux-2.6-cifs-reenable-lanman-security.patch:
 cifsglob.h |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- NEW FILE linux-2.6-cifs-reenable-lanman-security.patch ---
[CIFS] Re-enable Lanman security

commit ac68392460ffefed13020967bae04edc4d3add06 ("[CIFS] Allow raw 
ntlmssp code to be enabled with sec=ntlmssp") added a new bit to the
allowed security flags mask but seems to have inadvertently removed
Lanman security from the allowed flags. Add it back.

Signed-off-by: Chuck Ebbert <cebbert at redhat.com>

--- linux-2.6.30.noarch.orig/fs/cifs/cifsglob.h
+++ linux-2.6.30.noarch/fs/cifs/cifsglob.h
@@ -544,9 +544,9 @@ require use of the stronger protocol */
 #define   CIFSSEC_MUST_LANMAN	0x10010
 #define   CIFSSEC_MUST_PLNTXT	0x20020
 #ifdef CONFIG_CIFS_UPCALL
-#define   CIFSSEC_MASK          0xAF0AF /* allows weak security but also krb5 */
+#define   CIFSSEC_MASK          0xBF0BF /* allows weak security but also krb5 */
 #else
-#define   CIFSSEC_MASK          0xA70A7 /* current flags supported if weak */
+#define   CIFSSEC_MASK          0xB70B7 /* current flags supported if weak */
 #endif /* UPCALL */
 #else /* do not allow weak pw hash */
 #ifdef CONFIG_CIFS_UPCALL


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/kernel.spec,v
retrieving revision 1.1734
retrieving revision 1.1735
diff -u -p -r1.1734 -r1.1735
--- kernel.spec	15 Sep 2009 05:00:12 -0000	1.1734
+++ kernel.spec	15 Sep 2009 05:48:12 -0000	1.1735
@@ -725,6 +725,9 @@ Patch13002: linux-2.6-virtio_blk-dont-bo
 
 Patch14000: make-mmap_min_addr-suck-less.patch
 
+# ----- send for upstream inclusion -----
+Patch14010: linux-2.6-cifs-reenable-lanman-security.patch
+
 # ----- patches headed for -stable -----
 
 # Fix string overflows found by stackprotector:
@@ -1357,6 +1360,9 @@ ApplyPatch linux-2.6-virtio_blk-dont-bou
 
 ApplyPatch make-mmap_min_addr-suck-less.patch
 
+# ----- send for upstream inclusion -----
+ApplyPatch linux-2.6-cifs-reenable-lanman-security.patch
+
 # ----- patches headed for -stable -----
 
 # CVE-2009-2847
@@ -1961,7 +1967,10 @@ fi
 # and build.
 
 %changelog
-* Sat Sep 12 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.7-55.rc1
+* Tue Sep 15 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.7-56.rc1
+- Fix CIFS security flags mask broken in 2.6.30 (#523173)
+
+* Tue Sep 15 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.7-55.rc1
 - Fix cpufreq lockdep warnings (#522685)
 
 * Sat Sep 12 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.7-54.rc1

More information about the fedora-extras-commits mailing list