# HG changeset patch
# User Pascal Bellard <pascal.bellard@slitaz.org>
# Date 1496074791 -7200
# Node ID 1df27fba69d41925838d9635e9479925545dba62
# Parent  258b8d3b3004c36c2257d624c4b7bd1622973df7
samba: CVE-2017-7494

diff -r 258b8d3b3004 -r 1df27fba69d4 samba/receipt
--- a/samba/receipt	Fri Apr 28 11:22:14 2017 +0200
+++ b/samba/receipt	Mon May 29 18:19:51 2017 +0200
@@ -20,6 +20,7 @@
 # Rules to configure and make the package.
 compile_rules()
 {
+	patch -p0 < $stuff/CVE-2017-7494.u
 	cd $src/source3
 	./configure --prefix=/usr --infodir=/usr/share/info \
 	--with-piddir=/var/run/samba --with-lockdir=/var/run/samba \
diff -r 258b8d3b3004 -r 1df27fba69d4 samba/stuff/CVE-2017-7494.u
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/samba/stuff/CVE-2017-7494.u	Mon May 29 18:19:51 2017 +0200
@@ -0,0 +1,15 @@
+CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
+--- source3/rpc_server/srv_pipe.c
++++ source3/rpc_server/srv_pipe.c
+@@ -1102,6 +1102,11 @@
+ 		pipename += 1;
+ 	}
+ 
++	if (strchr(pipename, '/')) {
++		DEBUG(1, ("Refusing open on pipe %s\n", pipename));
++		return false;
++	}
++
+ 	if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
+ 		DEBUG(10, ("refusing spoolss access\n"));
+ 		return false;