[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 20b0adc Make sure that we only propogate the INHERITED flag when we are allowed to. via e95a1cd build: Do not pass CPP="" to pidl, skip the env variable entirely via ad0bc91 build: Remove the forced use of only the first part of the compiler string via 5225216 scripting: No longer install samba_upgradeprovision via 12907e7 scripting/samba_upgradedns: Only look for IPv4/IPv6 addresses if we actually them via bf68cd4 samba-tool classicupgrade: Do not print the admin password during upgrade via 6bcef4e s4-dbcheck: Allow forcing an override of an old @MODULES record via 81a75d0 selftest: Add test for rfc2307 mapping handling via c820ab7 s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307 via 0f174b7 build: Set LD_LIBRARY_PATH in install_with_python.sh from 9ec44d4 Fix bug #9724 - is_encrypted_packet() function incorrectly used inside server. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 20b0adc9a6da3e9c1c6dcbd65c8f76f921de88ff Author: Richard Sharpe Date: Wed Mar 27 19:36:43 2013 -0700 Make sure that we only propogate the INHERITED flag when we are allowed to. Signed-off-by: Jeremy Allison Reviewed-by: Richard Sharpe Fix bug #9747 - When creating a directory Samba allows inherited bit to slip through. Autobuild-User(v4-0-test): Karolin Seeger Autobuild-Date(v4-0-test): Tue Apr 2 23:07:34 CEST 2013 on sn-devel-104 commit e95a1cded19f7a7af0ecb51c8a575a564b912185 Author: Andrew Bartlett Date: Fri Mar 22 13:47:46 2013 +1100 build: Do not pass CPP="" to pidl, skip the env variable entirely This will cause pidl to use $CC -E instead. Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit afe9343880ee27cf9fe937c6379c469435ef20d6) The last 2 patches address bug #9739 - [PATCH] PIDL build fixes for hosts without CPP (Solaris 11). commit ad0bc9130d1d02fd0280e89c393f3d28b596d0a8 Author: Andrew Bartlett Date: Fri Mar 22 13:06:43 2013 +1100 build: Remove the forced use of only the first part of the compiler string This corrects parts of 378295c3fe813c70815a14c7de608e4a859bd6cc and 301d59caf2ee6f49e108b748b0e38221dec9bb96. This is seen if CC="ccache gcc" and CPP isn't used for some reason. Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 7dc6dfd90c5182ed85042b22d4864d3e9b007531) commit 5225216d76df523bec29c8a08815c412deedac06 Author: Andrew Bartlett Date: Thu Feb 28 00:03:19 2013 +1100 scripting: No longer install samba_upgradeprovision This tool is an important part of the toolkit a Samba Team member can use to assist a user with the upgrade of a very old Samba 4.0 AD DC installation. However, like all powerful tools, it has sharp edges, and these need to have more protection added before we recommend the tool be used. The WHATSNEW already indicated that this tool should not be used but a large number of users have run it, and due to lack of testing in the past, some have run into bugs. While this tool can be run in debug modes, by default it simply fixes the database following a series of internal rule. This does a good job much of the time, but does not request permission in the way that dbcheck does, and will create extra objects for things like the DNS partitions. By removing this from the installed binaries, we provide another signal that it should not be used right now, until these matters are fixed and some clear documentation on how to safely use the tool can be written. Andrew Bartlett Reviewed-by: Michael Adam Autobuild-User(master): Michael Adam Autobuild-Date(master): Tue Mar 12 02:51:23 CET 2013 on sn-devel-104 (cherry picked from commit 389197e7c31e8d6616e6503181c088940ddb5986) Fix bug #9728 - DO NOT install samba_upgradeprovision in 4.0.x. commit 12907e7f7f1d9fda4dc33da87849ac86a234c9a8 Author: Andrew Bartlett Date: Fri Dec 28 10:05:40 2012 +1100 scripting/samba_upgradedns: Only look for IPv4/IPv6 addresses if we actually them This allows the script to be used to create/remove the samba-specific dns-SERVER account when we do not need to create the in-directory partition. Andrew Bartlett Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Thu Jan 10 20:56:50 CET 2013 on sn-devel-104 (cherry picked from commit edbc26bca84ee77b5a9571ba8dc9416c0db25906) Fix bug #9721 - samba_upgradedns patch for robustness (do not guess addresses when just changing roles). commit bf68cd42178dd6cc7bea2cb381dcf53f
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b986a3a Ensure EA value is allocated on the right context. via 9b94de1 Final fix for bug #9130 - Certain xattrs cause Windows error 0x800700FF via 43becd6 Ensure we don't return uninitialized memory in the pad bytes. via 7bee3ef Add a test to show that zero-length EA's are never returned over SMB2. via b96bc9fa Fix bug #9130 - Certain xattrs cause Windows error 0x800700FF via 875bedd Fix bug #9130 - Certain xattrs cause Windows error 0x800700FF via 15fa043 Change estimate_ea_size() to correctly estimate the EA size over SMB2. via d9e7c82 Modify fill_ea_chained_buffer() to be able to do size calculation only, no marshalling. via 1e8bcce Ensure we can never return an uninitialized EA list. from 50e0060 Add a comment about why we are removing the INHERITED bit so people understand. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b986a3a9c988c6ec29c0e0a2f8609d5132e952f4 Author: Jeremy Allison Date: Thu Mar 28 08:55:11 2013 -0700 Ensure EA value is allocated on the right context. Ensure we free on error condition (tidyup, not a leak). Signed-off-by: Jeremy Allison Reviewed-by: David Disseldorp Autobuild-User(master): David Disseldorp Autobuild-Date(master): Tue Apr 2 21:54:33 CEST 2013 on sn-devel-104 commit 9b94de161f30bb34c666c0cf0cc94250e6a7b863 Author: Jeremy Allison Date: Wed Mar 27 11:54:34 2013 -0700 Final fix for bug #9130 - Certain xattrs cause Windows error 0x800700FF The spec lies when it says that NextEntryOffset is the only value considered when finding the next EA. We were adding 4 more extra pad bytes than needed (i.e. if the next entry already was on a 4 byte boundary, then we were adding 4 additional pad bytes). Signed-off-by: Jeremy Allison Reviewed-by: David Disseldorp commit 43becd6f305bd5d21d886027d38a92d4dff22d75 Author: Jeremy Allison Date: Tue Mar 26 16:46:51 2013 -0700 Ensure we don't return uninitialized memory in the pad bytes. Signed-off-by: Jeremy Allison Reviewed-by: David Disseldorp commit 7bee3ef68490bb38942d717e03e203d00be32f9f Author: Jeremy Allison Date: Tue Mar 26 13:26:49 2013 -0700 Add a test to show that zero-length EA's are never returned over SMB2. Zero length EA's only delete an EA, never store. Proves we should never return zero-length EA's even if they have been set on the POSIX side. ntvfs server doesn't implement the FULL_EA_INFORMATION setinfo call, so add to selftest/knownfail. Signed-off-by: Jeremy Allison Reviewed-by: David Disseldorp commit b96bc9fa260c397887ba6199181f3b8bca7046a6 Author: Jeremy Allison Date: Tue Mar 26 16:38:00 2013 -0700 Fix bug #9130 - Certain xattrs cause Windows error 0x800700FF Ensure ntvfs server never returns zero length EA's. Signed-off-by: Jeremy Allison Reviewed-by: David Disseldorp commit 875bedc51df59f85ae7bbd7db52fbfb5ffef Author: Jeremy Allison Date: Tue Mar 26 16:37:22 2013 -0700 Fix bug #9130 - Certain xattrs cause Windows error 0x800700FF Ensure we never return any zero-length EA's. Signed-off-by: Jeremy Allison Reviewed-by: David Disseldorp commit 15fa043b7d362ee197835c0a72a936684c774472 Author: Jeremy Allison Date: Tue Mar 26 15:54:31 2013 -0700 Change estimate_ea_size() to correctly estimate the EA size over SMB2. Signed-off-by: Jeremy Allison Reviewed-by: David Disseldorp commit d9e7c8219fd8b3d770301a87bc1cd62b07b989ca Author: Jeremy Allison Date: Tue Mar 26 15:46:06 2013 -0700 Modify fill_ea_chained_buffer() to be able to do size calculation only, no marshalling. Signed-off-by: Jeremy Allison Reviewed-by: David Disseldorp commit 1e8bcce52f233722fad5c25f2467b86d97cadfa0 Author: Jeremy Allison Date: Fri Mar 29 10:07:20 2013 -0700 Ensure we can never return an uninitialized EA list. Signed-off-by: Jeremy Allison Reviewed-by: David Disseldorp --- Summary of changes: selftest/knownfail |1 + source3/smbd/trans2.c| 70 +++ source4/ntvfs/posix/pvfs_qfileinfo.c |6 ++ source4/torture/smb2/setinfo.c | 121 ++ 4 files changed, 183 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/knownfail b/selftest/knownfail index 61a0a0e..e4b4694 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -162,6 +162,7 @@ ^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_sd\(none\) # Due to something rewriting the NT ACL on DNS objects ^samba4.blackbox.upgradeprovision.alpha13.ldapcmp_full_sd\(none\) # Due to somet
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 93bca18 Make sure that we only propogate the INHERITED flag when we are allowed to. from 97bb3cc torture: Add ntprinting latin1 test. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 93bca1881e3a8993c76fec408d7c0c369556683d Author: Jeremy Allison Date: Thu Mar 28 09:36:41 2013 -0700 Make sure that we only propogate the INHERITED flag when we are allowed to. Signed-off-by: Jeremy Allison Fix bug #9747 - When creating a directory Samba allows inherited bit to slip through. --- Summary of changes: source3/lib/secdesc.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index b7c9fc5..7ff3a6a 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -602,7 +602,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, if (!container) { new_flags = 0; } else { - new_flags &= ~SEC_ACE_FLAG_INHERIT_ONLY; + new_flags &= ~(SEC_ACE_FLAG_INHERIT_ONLY| + SEC_ACE_FLAG_INHERITED_ACE); if (!(new_flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) { new_flags |= SEC_ACE_FLAG_INHERIT_ONLY; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 50e0060 Add a comment about why we are removing the INHERITED bit so people understand. from 5e91957 BUG 9758: Don't leak the epm_Map policy handle. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 50e0060091e008ad93fcfbb68cbbb81da5dec067 Author: Richard Sharpe Date: Tue Apr 2 06:48:03 2013 -0700 Add a comment about why we are removing the INHERITED bit so people understand. Signed-off-by: Richard Sharpe Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Tue Apr 2 20:05:13 CEST 2013 on sn-devel-104 --- Summary of changes: libcli/security/secdesc.c |9 + 1 files changed, 9 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c index a7e9900..8570334 100644 --- a/libcli/security/secdesc.c +++ b/libcli/security/secdesc.c @@ -614,6 +614,15 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, if (!container) { new_flags = 0; } else { + /* +* We need to remove SEC_ACE_FLAG_INHERITED_ACE here +* if present because it should only be set if the +* parent has the AUTO_INHERITED bit set in the +* type/control field. If we don't it will slip through +* and create DACLs with incorrectly ordered ACEs +* when there are CREATOR_OWNER or CREATOR_GROUP +* ACEs. +*/ new_flags &= ~(SEC_ACE_FLAG_INHERIT_ONLY | SEC_ACE_FLAG_INHERITED_ACE); -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via fc98b10 Add missing ) and try to make it a sentence from f548787 Link CVE-2013-0454 and add it to the history http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit fc98b10028ee6d4560ddcc405e7d7f1200b0bc85 Author: Lars Müller Date: Tue Apr 2 19:43:04 2013 +0200 Add missing ) and try to make it a sentence --- Summary of changes: generated_news/latest_10_bodies.html |6 +++--- generated_news/latest_2_bodies.html |6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index bf82fcb..7489b5d 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -3,9 +3,9 @@ This is a bug fix announcement in order to address http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0454";> -CVE-2013-0454 (A writable configured share might get read only -A http://ftp.samba.org/pub/samba/patches/security/samba-3.6-CVE-2013-0454.patch";> -patch against Samba 3.6.5. +CVE-2013-0454 (A writable configured share might get read only) +This http://ftp.samba.org/pub/samba/patches/security/samba-3.6-CVE-2013-0454.patch";> +patch is required by Samba 3.6.5. The patch file has been signed using GnuPG (ID 6568B7EA). diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index cbc581c..56fe096 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -3,9 +3,9 @@ This is a bug fix announcement in order to address http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0454";> -CVE-2013-0454 (A writable configured share might get read only -A http://ftp.samba.org/pub/samba/patches/security/samba-3.6-CVE-2013-0454.patch";> -patch against Samba 3.6.5. +CVE-2013-0454 (A writable configured share might get read only) +This http://ftp.samba.org/pub/samba/patches/security/samba-3.6-CVE-2013-0454.patch";> +patch is required by Samba 3.6.5. The patch file has been signed using GnuPG (ID 6568B7EA). 19 March 2013 -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via f548787 Link CVE-2013-0454 and add it to the history from 1b2389d Add html header and footer http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit f5487872506be97f3ba7a299fbc5c6a80d3d321d Author: Lars Müller Date: Tue Apr 2 19:21:52 2013 +0200 Link CVE-2013-0454 and add it to the history --- Summary of changes: generated_news/latest_10_bodies.html| 23 +++ generated_news/latest_10_headlines.html |4 ++-- generated_news/latest_2_bodies.html | 22 ++ history/header_history.html |1 + history/security.html | 12 security/CVE-2013-0454.html |8 ++-- 6 files changed, 42 insertions(+), 28 deletions(-) Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index a7755ea..bf82fcb 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,14 @@ + 02 April 2013 + Samba 3.6.0 - 3.6.5 (inclusive) bug fix Available for Download + +This is a bug fix announcement in order to address http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0454";> +CVE-2013-0454 (A writable configured share might get read only +A http://ftp.samba.org/pub/samba/patches/security/samba-3.6-CVE-2013-0454.patch";> +patch against Samba 3.6.5. +The patch file has been signed using GnuPG (ID 6568B7EA). + + 19 March 2013 Samba 4.0.4 Available for Download @@ -128,15 +139,3 @@ now. A http://samba.org/samba/ftp/patches/patch-3.5.19-3.5.20.diffs patch against Samba 3.5.19 is also available. See http://samba.org/samba/history/samba-3.5.20.html";> the release notes for more info. - - 11 December 2012 - Samba 4.0.0 Available for Download - This is the first stable release of the Samba 4.0 series. - -The uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -http://samba.org/samba/ftp/stable/samba-4.0.0.tar.gz";>downloaded -now. See http://samba.org/samba/history/samba-4.0.0.html";> -the release notes for more info and the -https://www.samba.org/samba/news/releases/4.0.0.html";> -press release. diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html index be4dd41..4416ab1 100644 --- a/generated_news/latest_10_headlines.html +++ b/generated_news/latest_10_headlines.html @@ -1,4 +1,6 @@ +02 April 2013 Samba 3.6.0 - 3.6.5 (inclusive) bug fix Available for Download + 19 March 2013 Samba 4.0.4 Available for Download 18 March 2013 Samba 3.6.13 Available for Download @@ -16,6 +18,4 @@ 17 December 2012 Samba 3.5.20 Available for Download 11 December 2012 Samba 4.0.0 Available for Download - -10 December 2012 Samba 3.6.10 Available for Download diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index 4cf9b5e..cbc581c 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -1,3 +1,13 @@ + 02 April 2013 + Samba 3.6.0 - 3.6.5 (inclusive) bug fix Available for Download + +This is a bug fix announcement in order to address http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0454";> +CVE-2013-0454 (A writable configured share might get read only +A http://ftp.samba.org/pub/samba/patches/security/samba-3.6-CVE-2013-0454.patch";> +patch against Samba 3.6.5. +The patch file has been signed using GnuPG (ID 6568B7EA). + 19 March 2013 Samba 4.0.4 Available for Download @@ -12,15 +22,3 @@ now. A http://download.samba.org/samba/ftp/patches/patch-4.0.3-4.0 patch against Samba 4.0.3 is also available. See http://samba.org/samba/history/samba-4.0.4.html";> the release notes for more info. - - 18 March 2013 - Samba 3.6.13 Available for Download - This is the latest stable release of the Samba 3.6 series. - -The uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -http://samba.org/samba/ftp/stable/samba-3.6.13.tar.gz";>downloaded -now. A http://samba.org/samba/ftp/patches/patch-3.6.12-3.6.13.diffs.gz";> -patch against Samba 3.6.12 is also available. -See http://samba.org/samba/history/samba-3.6.13.html";> -the release notes for more info. diff --git a/history/header_history.html b/history/header_history.html index f1f8b02..6957046 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + CVE-2013-0454 samba-4.0.4 samba-4.0.3 samba-4.0.2 dif
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-04-02-1833/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-04-02-1833/samba3.stderr http://git.samba.org/autobuild.flakey/2013-04-02-1833/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-04-02-1833/samba.stderr http://git.samba.org/autobuild.flakey/2013-04-02-1833/samba.stdout The top commit at the time of the failure was: commit 5e9195756e7f0355a022b00f9d1cbfd8e761e006 Author: Andreas Schneider Date: Tue Apr 2 13:08:19 2013 +0200 BUG 9758: Don't leak the epm_Map policy handle. Reviewed-by: Alexander Bokovoy Autobuild-User(master): Alexander Bokovoy Autobuild-Date(master): Tue Apr 2 17:16:56 CEST 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5e91957 BUG 9758: Don't leak the epm_Map policy handle. via 257d2ef epm: Increase debug level for already registered endpoints. from 5530cc4 Fix bad SMB2 opcode reading in server. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5e9195756e7f0355a022b00f9d1cbfd8e761e006 Author: Andreas Schneider Date: Tue Apr 2 13:08:19 2013 +0200 BUG 9758: Don't leak the epm_Map policy handle. Reviewed-by: Alexander Bokovoy Autobuild-User(master): Alexander Bokovoy Autobuild-Date(master): Tue Apr 2 17:16:56 CEST 2013 on sn-devel-104 commit 257d2ef527b257b2228fc9bbfddfb3c604b79fb4 Author: Andreas Schneider Date: Tue Apr 2 13:09:13 2013 +0200 epm: Increase debug level for already registered endpoints. Reviewed-by: Alexander Bokovoy --- Summary of changes: source3/rpc_server/epmapper/srv_epmapper.c |2 +- source3/rpc_server/rpc_ep_register.c |4 2 files changed, 5 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/epmapper/srv_epmapper.c b/source3/rpc_server/epmapper/srv_epmapper.c index 17db5a4..cfa233c 100644 --- a/source3/rpc_server/epmapper/srv_epmapper.c +++ b/source3/rpc_server/epmapper/srv_epmapper.c @@ -373,7 +373,7 @@ error_status_t _epm_Insert(struct pipes_struct *p, * endpoint. */ if (find_interface(ep, iface) != NULL) { - DEBUG(0, ("dcesrv_interface_register: interface '%s' " + DEBUG(8, ("dcesrv_interface_register: interface '%s' " "already registered on endpoint\n", iface->name)); /* FIXME wrong error code? */ diff --git a/source3/rpc_server/rpc_ep_register.c b/source3/rpc_server/rpc_ep_register.c index e0fe962..96a3705 100644 --- a/source3/rpc_server/rpc_ep_register.c +++ b/source3/rpc_server/rpc_ep_register.c @@ -249,6 +249,10 @@ static void rpc_ep_monitor_loop(struct tevent_req *subreq) ok = false; } + dcerpc_epm_LookupHandleFree(state->h, + tmp_ctx, + &entry_handle, + &result); talloc_free(tmp_ctx); subreq = tevent_wakeup_send(state->mem_ctx, -- Samba Shared Repository