77 lines
3.3 KiB
Diff
77 lines
3.3 KiB
Diff
From 0c6aabcc81e2b5fc09e69d2718f0e51a282b3420 Mon Sep 17 00:00:00 2001
|
|
From: Ralph Boehme <slow@samba.org>
|
|
Date: Tue, 6 Dec 2022 16:00:36 +0100
|
|
Subject: [PATCH 01/30] CVE-2022-38023 docs-xml: improve wording for several
|
|
options: "takes precedence" -> "overrides"
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
|
|
|
|
Signed-off-by: Ralph Boehme <slow@samba.org>
|
|
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit 8ec62694a94c346e6ba8f3144a417c9984a1c8b9)
|
|
|
|
Conflict: NA
|
|
Reference: https://attachments.samba.org/attachment.cgi?id=17692
|
|
---
|
|
docs-xml/smbdotconf/logon/rejectmd5clients.xml | 2 +-
|
|
docs-xml/smbdotconf/security/serverschannel.xml | 2 +-
|
|
docs-xml/smbdotconf/winbind/rejectmd5servers.xml | 2 +-
|
|
docs-xml/smbdotconf/winbind/requirestrongkey.xml | 2 +-
|
|
4 files changed, 4 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/docs-xml/smbdotconf/logon/rejectmd5clients.xml b/docs-xml/smbdotconf/logon/rejectmd5clients.xml
|
|
index 41684ef10805..0bb9f6f6c8ec 100644
|
|
--- a/docs-xml/smbdotconf/logon/rejectmd5clients.xml
|
|
+++ b/docs-xml/smbdotconf/logon/rejectmd5clients.xml
|
|
@@ -10,7 +10,7 @@
|
|
<para>You can set this to yes if all domain members support aes.
|
|
This will prevent downgrade attacks.</para>
|
|
|
|
- <para>This option takes precedence to the 'allow nt4 crypto' option.</para>
|
|
+ <para>This option overrides the 'allow nt4 crypto' option.</para>
|
|
</description>
|
|
|
|
<value type="default">no</value>
|
|
diff --git a/docs-xml/smbdotconf/security/serverschannel.xml b/docs-xml/smbdotconf/security/serverschannel.xml
|
|
index cd2543113f3e..bd9fea84a7e7 100644
|
|
--- a/docs-xml/smbdotconf/security/serverschannel.xml
|
|
+++ b/docs-xml/smbdotconf/security/serverschannel.xml
|
|
@@ -59,7 +59,7 @@
|
|
See CVE-2020-1472(ZeroLogon) https://bugzilla.samba.org/show_bug.cgi?id=14497
|
|
</para>
|
|
|
|
- <para>This option takes precedence to the <smbconfoption name="server schannel"/> option.</para>
|
|
+ <para>This option overrides the <smbconfoption name="server schannel"/> option.</para>
|
|
|
|
<programlisting>
|
|
server require schannel:LEGACYCOMPUTER1$ = no
|
|
diff --git a/docs-xml/smbdotconf/winbind/rejectmd5servers.xml b/docs-xml/smbdotconf/winbind/rejectmd5servers.xml
|
|
index 37656293aa47..151b4676c57b 100644
|
|
--- a/docs-xml/smbdotconf/winbind/rejectmd5servers.xml
|
|
+++ b/docs-xml/smbdotconf/winbind/rejectmd5servers.xml
|
|
@@ -15,7 +15,7 @@
|
|
<para>The behavior can be controlled per netbios domain
|
|
by using 'reject md5 servers:NETBIOSDOMAIN = yes' as option.</para>
|
|
|
|
- <para>This option takes precedence to the <smbconfoption name="require strong key"/> option.</para>
|
|
+ <para>This option overrides the <smbconfoption name="require strong key"/> option.</para>
|
|
</description>
|
|
|
|
<value type="default">no</value>
|
|
diff --git a/docs-xml/smbdotconf/winbind/requirestrongkey.xml b/docs-xml/smbdotconf/winbind/requirestrongkey.xml
|
|
index 4db62bfb02db..b17620ec8f1d 100644
|
|
--- a/docs-xml/smbdotconf/winbind/requirestrongkey.xml
|
|
+++ b/docs-xml/smbdotconf/winbind/requirestrongkey.xml
|
|
@@ -19,7 +19,7 @@
|
|
|
|
<para>This option yields precedence to the <smbconfoption name="reject md5 servers"/> option.</para>
|
|
|
|
- <para>This option takes precedence to the <smbconfoption name="client schannel"/> option.</para>
|
|
+ <para>This option overrides the <smbconfoption name="client schannel"/> option.</para>
|
|
</description>
|
|
|
|
<value type="default">yes</value>
|
|
--
|
|
2.34.1
|