Projects
openEuler:20.03:LTS:SP3
samba
_service:tar_scm_kernel_repo:backport-0002-CVE-...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:backport-0002-CVE-2022-38023.patch of Package samba
From ddafd6dc7706e74e74ce96039ac8006b9b2e05ad Mon Sep 17 00:00:00 2001 From: Ralph Boehme <slow@samba.org> Date: Tue, 6 Dec 2022 16:05:26 +0100 Subject: [PATCH 02/29] CVE-2022-38023 docs-xml: improve wording for several options: "yields precedence" -> "is over-riden" BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 830e865ba5648f6520bc552ffd71b61f754b8251) Conflict: NA Reference: https://attachments.samba.org/attachment.cgi?id=17698 --- docs-xml/smbdotconf/logon/allownt4crypto.xml | 2 +- docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml | 2 +- docs-xml/smbdotconf/security/clientschannel.xml | 2 +- docs-xml/smbdotconf/security/serverschannel.xml | 2 +- docs-xml/smbdotconf/winbind/requirestrongkey.xml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs-xml/smbdotconf/logon/allownt4crypto.xml b/docs-xml/smbdotconf/logon/allownt4crypto.xml index 03dc8fa93f72..06afcef73b1b 100644 --- a/docs-xml/smbdotconf/logon/allownt4crypto.xml +++ b/docs-xml/smbdotconf/logon/allownt4crypto.xml @@ -18,7 +18,7 @@ <para>"allow nt4 crypto = yes" allows weak crypto to be negotiated, maybe via downgrade attacks.</para> - <para>This option yields precedence to the 'reject md5 clients' option.</para> + <para>This option is over-ridden by the 'reject md5 clients' option.</para> </description> <value type="default">no</value> diff --git a/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml b/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml index 03531adbfb36..8bccab391cc2 100644 --- a/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml +++ b/docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml @@ -15,7 +15,7 @@ <para>The behavior can be overwritten per interface name (e.g. lsarpc, netlogon, samr, srvsvc, winreg, wkssvc ...) by using 'allow dcerpc auth level connect:interface = yes' as option.</para> - <para>This option yields precedence to the implementation specific restrictions. + <para>This option is over-ridden by the implementation specific restrictions. E.g. the drsuapi and backupkey protocols require DCERPC_AUTH_LEVEL_PRIVACY. The dnsserver protocol requires DCERPC_AUTH_LEVEL_INTEGRITY. </para> diff --git a/docs-xml/smbdotconf/security/clientschannel.xml b/docs-xml/smbdotconf/security/clientschannel.xml index 5b07da95050c..d124ad481818 100644 --- a/docs-xml/smbdotconf/security/clientschannel.xml +++ b/docs-xml/smbdotconf/security/clientschannel.xml @@ -23,7 +23,7 @@ <para>Note that for active directory domains this is hardcoded to <smbconfoption name="client schannel">yes</smbconfoption>.</para> - <para>This option yields precedence to the <smbconfoption name="require strong key"/> option.</para> + <para>This option is over-ridden by the <smbconfoption name="require strong key"/> option.</para> </description> <value type="default">yes</value> <value type="example">auto</value> diff --git a/docs-xml/smbdotconf/security/serverschannel.xml b/docs-xml/smbdotconf/security/serverschannel.xml index 79e4e73a95c9..3e66df1c2032 100644 --- a/docs-xml/smbdotconf/security/serverschannel.xml +++ b/docs-xml/smbdotconf/security/serverschannel.xml @@ -23,7 +23,7 @@ <para>If you still have legacy domain members use the <smbconfoption name="server require schannel:COMPUTERACCOUNT"/> option. </para> - <para>This option yields precedence to the <smbconfoption name="server require schannel:COMPUTERACCOUNT"/> option.</para> + <para>This option is over-ridden by the <smbconfoption name="server require schannel:COMPUTERACCOUNT"/> option.</para> </description> diff --git a/docs-xml/smbdotconf/winbind/requirestrongkey.xml b/docs-xml/smbdotconf/winbind/requirestrongkey.xml index b17620ec8f1d..9c1c1d7af148 100644 --- a/docs-xml/smbdotconf/winbind/requirestrongkey.xml +++ b/docs-xml/smbdotconf/winbind/requirestrongkey.xml @@ -17,7 +17,7 @@ <para>Note for active directory domain this option is hardcoded to 'yes'</para> - <para>This option yields precedence to the <smbconfoption name="reject md5 servers"/> option.</para> + <para>This option is over-ridden by the <smbconfoption name="reject md5 servers"/> option.</para> <para>This option overrides the <smbconfoption name="client schannel"/> option.</para> </description> -- 2.34.1
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.