From owner-freebsd-ports Thu Aug 31 0:30: 8 2000 Delivered-To: freebsd-ports@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id A0D6737B424 for ; Thu, 31 Aug 2000 00:30:01 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id AAA22339; Thu, 31 Aug 2000 00:30:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from nakaji.tutrp.tut.ac.jp (nakaji.tutrp.tut.ac.jp [133.15.188.118]) by hub.freebsd.org (Postfix) with ESMTP id E755337B43F for ; Thu, 31 Aug 2000 00:19:45 -0700 (PDT) Received: (from nakaji@localhost) by nakaji.tutrp.tut.ac.jp (8.11.0/8.11.0) id e7V7JOa24060; Thu, 31 Aug 2000 16:19:24 +0900 (JST) (envelope-from nakaji) Message-Id: <200008310719.e7V7JOa24060@nakaji.tutrp.tut.ac.jp> Date: Thu, 31 Aug 2000 16:19:24 +0900 (JST) From: nakaji@jp.freebsd.org Reply-To: nakaji@jp.freebsd.org To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: ports/20957: Update port: japanese/samba to fix security problem Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 20957 >Category: ports >Synopsis: Update port: japanese/samba to fix security problem >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Aug 31 00:30:01 PDT 2000 >Closed-Date: >Last-Modified: >Originator: NAKAJI Hiroyuki >Release: FreeBSD 5.0-CURRENT i386 >Organization: >Environment: FreeBSD nakaji.tutrp.tut.ac.jp 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Mon Aug 28 14:07:52 JST 2000 root@nakaji.tutrp.tut.ac.jp:/home2/obj/usr/src/sys/NAKAJI i386 >Description: Japanized swat has big security hole. For debug, swat outputs some informations into /tmp/cgi.log and they includes username and his/her passwd. Sometimes it is root. >How-To-Repeat: >Fix: Samba-2.0.7-ja-1.2 is unsafe. Update to 1.2a, delete /tmp/cgi.log and change root's password if necessary. Here is a patch for update of japanese/samba. Index: Makefile =================================================================== RCS file: /usr2/ncvs/ports/japanese/samba/Makefile,v retrieving revision 1.6 diff -u -r1.6 Makefile --- Makefile 2000/08/30 04:47:06 1.6 +++ Makefile 2000/08/31 05:31:05 @@ -24,7 +24,7 @@ Y2K= http://us1.samba.org/samba/docs/sambay2k.html SAMBA_VERSION= 2.0.7 -SAMBA_JA_VERSION= 1.2 +SAMBA_JA_VERSION= 1.2a # directories VARDIR= /var Index: files/md5 =================================================================== RCS file: /usr2/ncvs/ports/japanese/samba/files/md5,v retrieving revision 1.3 diff -u -r1.3 md5 --- files/md5 2000/08/29 19:47:12 1.3 +++ files/md5 2000/08/31 05:31:05 @@ -1 +1 @@ -MD5 (samba-2.0.7-ja-1.2.tar.gz) = b0972989e1e99af0420707edcc90e733 +MD5 (samba-2.0.7-ja-1.2a.tar.gz) = 85467d1b552baf5218f7984be1b8c42f >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message