[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ad236bb7590 s3: lib: nmblib. Clean up and harden nmb packet processing. via a39c4d9bed2 vfs_gpfs: Preserve errno across unbecome_root call via 01e563be72f smbd: Remove unused define via 6a19404e98e smbd: Remove unused function linux_set_lease_capability via fed2c3edc52 vfs_gpfs: Cleanup lease mapping function via 49584782789 vfs_gpfs: Change lease helper function to only provide mapping via 96252a0ec4c vfs_gpfs: Remove function call from "if" statement via d9c992a7a9f vfs_gpfs: Reformat function definition of vfs_gpfs_setlease via 22cd011bc41 vfs_gpfs: Remove call to linux_set_lease_capability from 648f94d2031 script/release.sh: make it possible to run from a git worktree https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ad236bb7590e423b4c69fe6028f2f3495977f48b Author: Jeremy Allison Date: Fri Jan 17 13:49:48 2020 -0800 s3: lib: nmblib. Clean up and harden nmb packet processing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14239 OSS-FUZZ: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20156 OSS-FUZZ: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20157 Credit to oss-fuzz. No security implications. Signed-off-by: Jeremy Allison Pair programmed with: Douglas Bagnall Reviewed-by: Douglas Bagnall Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Jan 21 23:33:41 UTC 2020 on sn-devel-184 commit a39c4d9bed2468495e0efc13620fea5a1fb650f8 Author: Christof Schmitt Date: Thu Jan 16 14:15:15 2020 -0700 vfs_gpfs: Preserve errno across unbecome_root call Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison commit 01e563be72f8e37a1f4fafe7a5a8b2c7b19db7c8 Author: Christof Schmitt Date: Thu Jan 16 13:50:03 2020 -0700 smbd: Remove unused define CAP_LEASE is not used in the file oplock_linux.c, so remove it there. Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison commit 6a19404e98ed1ed234c6948e78d1b1304c48a45d Author: Christof Schmitt Date: Thu Jan 16 13:45:54 2020 -0700 smbd: Remove unused function linux_set_lease_capability This function is no longer used. In case this capability would be required, set_effective_capability(LEASE_CAPABILITY) could also be called directly. Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison commit fed2c3edc5285d712e5c060a8fc0f05fc19ae6bb Author: Christof Schmitt Date: Thu Jan 16 12:18:46 2020 -0700 vfs_gpfs: Cleanup lease mapping function Shorten the function a bit by directly returning the mapped value. Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison commit 49584782789f345a38f5efa577439c934bc4b7a6 Author: Christof Schmitt Date: Thu Jan 16 12:17:46 2020 -0700 vfs_gpfs: Change lease helper function to only provide mapping The set_gpfs_lease function first maps the lease argument to the GPFS version and then issues the API call. Change this to only do the mapping in the helper function. Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison commit 96252a0ec4c460372f79f8fb31a876ab511c941d Author: Christof Schmitt Date: Thu Jan 16 12:15:29 2020 -0700 vfs_gpfs: Remove function call from "if" statement Follow the current coding guidelines to first issue the function call and then check the return code. Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison commit d9c992a7a9fef7cdaea304b9c22f9e4025588e87 Author: Christof Schmitt Date: Thu Jan 16 12:13:46 2020 -0700 vfs_gpfs: Reformat function definition of vfs_gpfs_setlease Remove trailing whitespace and put each argument on a seperate line. Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison commit 22cd011bc41f648cd3570a511ea3c45eac67e52c Author: Christof Schmitt Date: Thu Jan 16 12:12:53 2020 -0700 vfs_gpfs: Remove call to linux_set_lease_capability The API call is already done as root user (become_root), so that the lease contains the root user. The lease capability is already implied by the root user, so the explicit call to linux_set_lease_capability is not required. Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison --- Summary of changes: source3/libsmb/nmblib.c | 12 source3/modules/vfs_gpfs.c | 36 source3/smbd/oplock_linux.c | 12 source3/smbd/proto.h| 1 - 4 files changed, 28 insertions(+), 33 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c index b6dca800e94..84cbb054b8e
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated
via 969123b4ab8 script/release.sh: make it possible to run from a git
worktree
from 1c330a18d45 VERSION: Bump version up to 4.10.13.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test
- Log -
commit 969123b4ab8643a6cac47012bc61ec7bc00f1824
Author: Stefan Metzmacher
Date: Tue Jan 21 19:25:00 2020 +0100
script/release.sh: make it possible to run from a git worktree
.git is a regular file in that case.
Also check that script/release.sh is present as a relative path
to ensure we're called from the expected location.
Signed-off-by: Stefan Metzmacher
(cherry picked from commit 648f94d2031c6e758bdf54089d1e710c265ca732)
---
Summary of changes:
script/release.sh | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/script/release.sh b/script/release.sh
index b533e259440..6c3ba0d4add 100755
--- a/script/release.sh
+++ b/script/release.sh
@@ -17,14 +17,14 @@
CONF_UPLOAD_URL="samba-b...@download-master.samba.org:/home/data/ftp/pub"
CONF_DOWNLOAD_URL="https://download.samba.org/pub;
CONF_HISTORY_URL="https://www.samba.org;
-test -d ".git" || {
+test -d ".git" -o -r ".git" || {
echo "Run this script from the top-level directory in the"
echo "repository"
exit 1
}
usage() {
- echo "Usage: release.sh "
+ echo "Usage: script/release.sh "
echo ""
echo "PRODUCT: ldb, talloc, tevent, tdb, samba-rc, samba-stable"
echo "COMMAND: fullrelease, create, push, upload, announce"
@@ -32,6 +32,13 @@ usage() {
return 0
}
+test -x "script/release.sh" || {
+ usage
+ echo "Run this script from the top-level directory in the"
+ echo "repository: as 'script/release.sh'"
+ exit 1
+}
+
check_args() {
local cmd="$1"
local got_args="$2"
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated
via bbacbd5f3f2 script/release.sh: make it possible to run from a git
worktree
from c5f61b9dd0a VERSION: Bump version up to 4.11.6.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test
- Log -
commit bbacbd5f3f2f1fc624f057c6e30160fbcfbaba40
Author: Stefan Metzmacher
Date: Tue Jan 21 19:25:00 2020 +0100
script/release.sh: make it possible to run from a git worktree
.git is a regular file in that case.
Also check that script/release.sh is present as a relative path
to ensure we're called from the expected location.
Signed-off-by: Stefan Metzmacher
(cherry picked from commit 648f94d2031c6e758bdf54089d1e710c265ca732)
---
Summary of changes:
script/release.sh | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/script/release.sh b/script/release.sh
index b533e259440..6c3ba0d4add 100755
--- a/script/release.sh
+++ b/script/release.sh
@@ -17,14 +17,14 @@
CONF_UPLOAD_URL="samba-b...@download-master.samba.org:/home/data/ftp/pub"
CONF_DOWNLOAD_URL="https://download.samba.org/pub;
CONF_HISTORY_URL="https://www.samba.org;
-test -d ".git" || {
+test -d ".git" -o -r ".git" || {
echo "Run this script from the top-level directory in the"
echo "repository"
exit 1
}
usage() {
- echo "Usage: release.sh "
+ echo "Usage: script/release.sh "
echo ""
echo "PRODUCT: ldb, talloc, tevent, tdb, samba-rc, samba-stable"
echo "COMMAND: fullrelease, create, push, upload, announce"
@@ -32,6 +32,13 @@ usage() {
return 0
}
+test -x "script/release.sh" || {
+ usage
+ echo "Run this script from the top-level directory in the"
+ echo "repository: as 'script/release.sh'"
+ exit 1
+}
+
check_args() {
local cmd="$1"
local got_args="$2"
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-12-test updated
The branch, v4-12-test has been updated
via 814be2888b3 script/release.sh: make it possible to run from a git
worktree
from 1e3b0034af6 VERSION: Bump version up to 4.12.0rc2...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test
- Log -
commit 814be2888b3bd77f7a67323b1a0a909448e878e3
Author: Stefan Metzmacher
Date: Tue Jan 21 19:25:00 2020 +0100
script/release.sh: make it possible to run from a git worktree
.git is a regular file in that case.
Also check that script/release.sh is present as a relative path
to ensure we're called from the expected location.
Signed-off-by: Stefan Metzmacher
(cherry picked from commit 648f94d2031c6e758bdf54089d1e710c265ca732)
---
Summary of changes:
script/release.sh | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/script/release.sh b/script/release.sh
index b533e259440..6c3ba0d4add 100755
--- a/script/release.sh
+++ b/script/release.sh
@@ -17,14 +17,14 @@
CONF_UPLOAD_URL="samba-b...@download-master.samba.org:/home/data/ftp/pub"
CONF_DOWNLOAD_URL="https://download.samba.org/pub;
CONF_HISTORY_URL="https://www.samba.org;
-test -d ".git" || {
+test -d ".git" -o -r ".git" || {
echo "Run this script from the top-level directory in the"
echo "repository"
exit 1
}
usage() {
- echo "Usage: release.sh "
+ echo "Usage: script/release.sh "
echo ""
echo "PRODUCT: ldb, talloc, tevent, tdb, samba-rc, samba-stable"
echo "COMMAND: fullrelease, create, push, upload, announce"
@@ -32,6 +32,13 @@ usage() {
return 0
}
+test -x "script/release.sh" || {
+ usage
+ echo "Run this script from the top-level directory in the"
+ echo "repository: as 'script/release.sh'"
+ exit 1
+}
+
check_args() {
local cmd="$1"
local got_args="$2"
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 648f94d2031 script/release.sh: make it possible to run from a git
worktree
from 71b57a0ac3d WHATSNEW: Start release notes for Samba 4.13.0pre1.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 648f94d2031c6e758bdf54089d1e710c265ca732
Author: Stefan Metzmacher
Date: Tue Jan 21 19:25:00 2020 +0100
script/release.sh: make it possible to run from a git worktree
.git is a regular file in that case.
Also check that script/release.sh is present as a relative path
to ensure we're called from the expected location.
Signed-off-by: Stefan Metzmacher
---
Summary of changes:
script/release.sh | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/script/release.sh b/script/release.sh
index b533e259440..6c3ba0d4add 100755
--- a/script/release.sh
+++ b/script/release.sh
@@ -17,14 +17,14 @@
CONF_UPLOAD_URL="samba-b...@download-master.samba.org:/home/data/ftp/pub"
CONF_DOWNLOAD_URL="https://download.samba.org/pub;
CONF_HISTORY_URL="https://www.samba.org;
-test -d ".git" || {
+test -d ".git" -o -r ".git" || {
echo "Run this script from the top-level directory in the"
echo "repository"
exit 1
}
usage() {
- echo "Usage: release.sh "
+ echo "Usage: script/release.sh "
echo ""
echo "PRODUCT: ldb, talloc, tevent, tdb, samba-rc, samba-stable"
echo "COMMAND: fullrelease, create, push, upload, announce"
@@ -32,6 +32,13 @@ usage() {
return 0
}
+test -x "script/release.sh" || {
+ usage
+ echo "Run this script from the top-level directory in the"
+ echo "repository: as 'script/release.sh'"
+ exit 1
+}
+
check_args() {
local cmd="$1"
local got_args="$2"
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-12-test updated
The branch, v4-12-test has been updated via 1e3b0034af6 VERSION: Bump version up to 4.12.0rc2... from 773c5de6750 VERSION: Disable GIT_SNAPSHOT for the 4.12.0rc1 release... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test - Log - commit 1e3b0034af65259046771f1aad83d21450220a66 Author: Stefan Metzmacher Date: Tue Jan 21 14:48:35 2020 +0100 VERSION: Bump version up to 4.12.0rc2... and re-enable GIT_SNAPSHOT. Signed-off-by: Stefan Metzmacher --- Summary of changes: VERSION | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 17bb6b45790..78a4c77be70 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=1 +SAMBA_VERSION_RC_RELEASE=2 # To mark SVN snapshots this should be set to 'yes'# @@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE=1 # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # -> "3.0.0-SVN-build-199" # -SAMBA_VERSION_IS_GIT_SNAPSHOT=no +SAMBA_VERSION_IS_GIT_SNAPSHOT=yes # This is for specifying a release nickname# -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via bb3a6d6 NEWS[4.12.0rc1]: Samba 4.12.0rc1 Available for Download from 23dc692 NEWS[4.11.5]: Samba 4.11.5, 4.10.12 and 4.9.18 Security Releases Available https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit bb3a6d6e65c3edec791fe58e2f70e4e343314c6f Author: Stefan Metzmacher Date: Tue Jan 21 17:11:25 2020 +0100 NEWS[4.12.0rc1]: Samba 4.12.0rc1 Available for Download Signed-off-by: Stefan Metzmacher --- Summary of changes: posted_news/20200121-161552.4.12.0rc1.body.html | 12 posted_news/20200121-161552.4.12.0rc1.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20200121-161552.4.12.0rc1.body.html create mode 100644 posted_news/20200121-161552.4.12.0rc1.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20200121-161552.4.12.0rc1.body.html b/posted_news/20200121-161552.4.12.0rc1.body.html new file mode 100644 index 000..3254446 --- /dev/null +++ b/posted_news/20200121-161552.4.12.0rc1.body.html @@ -0,0 +1,12 @@ + +21 January 2020 +Samba 4.12.0rc1 Available for Download + +This is the first release candidate of the upcoming Samba 4.12 release series. + + +The uncompressed tarball has been signed using GnuPG (ID 6F33915B6568B7EA). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.12.0rc1.tar.gz;>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.12.0rc1.WHATSNEW.txt;>the release notes for more info. + + diff --git a/posted_news/20200121-161552.4.12.0rc1.headline.html b/posted_news/20200121-161552.4.12.0rc1.headline.html new file mode 100644 index 000..6f405e1 --- /dev/null +++ b/posted_news/20200121-161552.4.12.0rc1.headline.html @@ -0,0 +1,3 @@ + + 21 January 2020 Samba 4.12.0rc1 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - annotated tag samba-4.12.0rc1 created
The annotated tag, samba-4.12.0rc1 has been created
at f57687fc81fb658531e2dc81435ff70b0eea9b8f (tag)
tagging 773c5de675049bd6943e0464d7cabcea54d94e47 (commit)
replaces ldb-2.1.0
tagged by Stefan Metzmacher
on Tue Jan 21 17:10:55 2020 +0100
- Log -
samba: tag release samba-4.12.0rc1
-BEGIN PGP SIGNATURE-
iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXicijwAKCRBvM5FbZWi3
6g5fAJ9JxlFHfGH2YgzDDeHESpiQyJrpDQCfZLRlT2HKV/JlMPTDVu1XynQjvZs=
=oX1O
-END PGP SIGNATURE-
Andrew Bartlett (15):
heimdal_build: Remove bashism from --address-sanitizer build rule
CVE-2019-14902 selftest: Add test for replication of inherited security
descriptors
CVE-2019-14902 selftest: Add test for a special case around replicated
renames
selftest: Add test to confirm ACL inheritence really happens
CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive()
is proctected by a transaction
CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to
be done here
CVE-2019-14902 dsdb: Ensure we honour both change->force_self and
change->force_children
CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN
CVE-2019-14902 repl_meta_data: Fix issue where inherited Security
Descriptors were not replicated.
CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD
inheritance) after any rename
CVE-2019-14902 dsdb: Change basis of descriptor module deferred
processing to be GUIDs
repl_meta_data: Add comment explaining what is being renamed after the
conflict is resolved
repl_meta_data: Do not set *rename = true unless there has been a
conflict on the incoming DN
repl_meta_data: Only reset replMetaData entry for name if we made a
conflict name here
CVE-2019-14907 lib/util: Do not print the failed to convert string into
the logs
Anoop C S (1):
vfs_glusterfs: Return fake fd from pipe() during open
Björn Baumbach (20):
samba-tool: add --full-dn option to group list command
samba-tool: add --full-dn option for user getgroups command
samba-tool tests: add test-case for 'user getgrouops --full-dn'
python/samdb: add option to specify types of group members
python/samdb: add more object types for adding/remove group members
python/samdb: fetch specific error if there are more than one search
results
python/samdb: add 'computer' to the default group member types for group
member filters
python/samdb: adapt search filter for user object type
python/samdb: adapt search filter for group object type
python/samdb: add type "all" to search for all common types of group
members
python/samdb: validation of group member types for group member filter
samba-tool group addmembers: add new option --object-types
samba-tool group addmembers: add --member-dn option
samba-tool group removemembers: adapt functionality to addmembers command
samba-tool group {add,remove}members: allow to use --member-dn in
combination with listofmembers
samba-tool group addmembers: add --member-base-dn option for group member
search
selftest: add test for new samba-tool group addmembers --member-dn option
selftest: add tests for samba-tool group addmembers --object-types option
selftest: add test for samba-tool groupmember --member-base-dn option
samba-tool group addmembers: avoid python traceback on member add failure
David Disseldorp (3):
vfs_ceph: add .fcntl_fn hook
vfs_glusterfs: add .fcntl_fn hook
Revert "vfs_glusterfs: Return fake fd from pipe() during open"
Douglas Bagnall (7):
fuzz: ldb_dn parsing
fuzz: add ldb ldif fuzzer
fuzz: ldb binary decode/enode
fuzz: add nmblib/parse_packet target
samba-tool gpo: improve UNC parsing
fuzzing: check for NULL on ldb_init()
fuzz_oLschema2ldif: check multiple possible NULLs
Gary Lockyer (1):
CVE-2019-19344 kcc dns scavenging: Fix use after free in
dns_tombstone_records_zone
Günther Deschner (7):
librpc: add various new clusapi functions and types
s4-torture: save cluster version in clusapi test context
s4-torture: fix asserts in clusapi_NodeControl tests
s4-torture: add clusapi GroupSet tests
s4-torture: fix copy/paste error in clusapi group test
s4-torture: increase various bufsizes to better deal with Windows 2019
clusters
librpc: add clusapi_GroupSetControlCode enum
Jule Anger (17):
samba-tool tests: Add test-case for 'group list --full-dn'
samba-tool: add --full-dn option to computer list command
samba-tool tests: add test case for 'computer list --full-dn'
samba-tool: add --full-dn option to user list command
samba-tool tests: add test case for 'user list --full-dn'
samba-tool: add --full-dn option to group
[SCM] Samba Shared Repository - branch v4-12-test updated
The branch, v4-12-test has been updated
via 773c5de6750 VERSION: Disable GIT_SNAPSHOT for the 4.12.0rc1
release...
via e1e55a47419 WHATSNEW: Add release note for Samba 4.12.0rc1.
via cf9850b4e06 samba-tool group addmembers: avoid python traceback on
member add failure
via 2697415239d selftest: add test for samba-tool groupmember
--member-base-dn option
via 8c5a266ef3f selftest: add tests for samba-tool group addmembers
--object-types option
via 347c65434ec selftest: add test for new samba-tool group addmembers
--member-dn option
via 557fa1d44b6 samba-tool group addmembers: add --member-base-dn
option for group member search
via 5b129bf12ba samba-tool group {add,remove}members: allow to use
--member-dn in combination with listofmembers
via 47f9ee91ed9 samba-tool group removemembers: adapt functionality to
addmembers command
via aedcf6a5274 samba-tool group addmembers: add --member-dn option
via f2e2579926e samba-tool group addmembers: add new option
--object-types
via a4d77bfd90d python/samdb: validation of group member types for
group member filter
via f9bf6b7856e python/samdb: add type "all" to search for all common
types of group members
via c4e899d6b4b python/samdb: adapt search filter for group object type
via 45abb4fd4f4 python/samdb: adapt search filter for user object type
via 2baa301237f python/samdb: add 'computer' to the default group
member types for group member filters
via 2abebee1405 python/samdb: fetch specific error if there are more
than one search results
via e3099ac4072 python/samdb: add more object types for adding/remove
group members
via 662b7458aed python/samdb: add option to specify types of group
members
via b081bd977c8 samba-tool tests: add test-case for 'ou list --base-dn'
via 2186c5a6a4c samba-tool: add -b/--base-dn option to OUs list command
via 918d91bb843 samba-tool tests: add test-case for 'user list
--base-dn'
via d4de2e3192e samba-tool: add -b/--base-dn option to users list
command
via 55be0f1d2f7 samba-tool tests: add test-case for 'contact list
--base-dn'
via 8a45adb2b19 samba-tool: add -b/--base-dn option to contacts list
command
via 88f0a1390b8 samba-tool tests: add test-case for 'computer list
--base-dn'
via b292a266a8d samba-tool: add -b/--base-dn option to computer list
command
via bced03b0d1a samba-tool tests: add test-case for 'group list
--base-dn'
via 8f68236dc4e samba-tool: add -b/--base-dn option to groups list
command
via b545ab1a85d samba-tool tests: add test-case for 'user getgrouops
--full-dn'
via 41262d1d66c samba-tool: add --full-dn option for user getgroups
command
via d2d345103b2 samba-tool tests: add test-case for 'group listmembers
--full-dn'
via bb66b322546 samba-tool: add --full-dn option to group listmembers
command
via 08207f77f13 samba-tool tests: add test case for 'user list
--full-dn'
via 31060963956 samba-tool: add --full-dn option to user list command
via 2e767e81be4 samba-tool tests: add test case for 'computer list
--full-dn'
via 29326e32645 samba-tool: add --full-dn option to computer list
command
via e64f7de31fd samba-tool tests: Add test-case for 'group list
--full-dn'
via 51d4c82f3c5 samba-tool: add --full-dn option to group list command
via b813ef6ae7a Revert "vfs_glusterfs: Return fake fd from pipe()
during open"
via cc4a55d290c vfs_glusterfs: add .fcntl_fn hook
via b56c56eecdf vfs_ceph: add .fcntl_fn hook
via 0a77890bbc9 testenv: No "mktemp" for in_screen
via 823e4de3094 testenv: Simplify "in_screen"
via 1ca1c601989 testenv: Properly kill daemons
via 4f1e4f9ce3f testenv: Be more careful deleting environment tmpfiles
from 85478847a1f WHATSNEW: Add CTDB changes for 4.12
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test
- Log -
---
Summary of changes:
VERSION | 6 +-
WHATSNEW.txt | 2 +-
python/samba/netcmd/computer.py | 27 +-
python/samba/netcmd/contact.py| 11 ++-
python/samba/netcmd/group.py | 156 ++
python/samba/netcmd/ou.py | 19 +++-
python/samba/netcmd/user.py | 46 -
python/samba/samdb.py | 113 +-
python/samba/tests/samba_tool/computer.py | 39
python/samba/tests/samba_tool/contact.py | 19
python/samba/tests/samba_tool/group.py| 66 +
python/samba/tests/samba_tool/ou.py | 19
python/samba/tests/samba_tool/user.py | 46
[SCM] Samba Shared Repository - branch v4-12-stable updated
The branch, v4-12-stable has been updated
via 773c5de6750 VERSION: Disable GIT_SNAPSHOT for the 4.12.0rc1
release...
via e1e55a47419 WHATSNEW: Add release note for Samba 4.12.0rc1.
via cf9850b4e06 samba-tool group addmembers: avoid python traceback on
member add failure
via 2697415239d selftest: add test for samba-tool groupmember
--member-base-dn option
via 8c5a266ef3f selftest: add tests for samba-tool group addmembers
--object-types option
via 347c65434ec selftest: add test for new samba-tool group addmembers
--member-dn option
via 557fa1d44b6 samba-tool group addmembers: add --member-base-dn
option for group member search
via 5b129bf12ba samba-tool group {add,remove}members: allow to use
--member-dn in combination with listofmembers
via 47f9ee91ed9 samba-tool group removemembers: adapt functionality to
addmembers command
via aedcf6a5274 samba-tool group addmembers: add --member-dn option
via f2e2579926e samba-tool group addmembers: add new option
--object-types
via a4d77bfd90d python/samdb: validation of group member types for
group member filter
via f9bf6b7856e python/samdb: add type "all" to search for all common
types of group members
via c4e899d6b4b python/samdb: adapt search filter for group object type
via 45abb4fd4f4 python/samdb: adapt search filter for user object type
via 2baa301237f python/samdb: add 'computer' to the default group
member types for group member filters
via 2abebee1405 python/samdb: fetch specific error if there are more
than one search results
via e3099ac4072 python/samdb: add more object types for adding/remove
group members
via 662b7458aed python/samdb: add option to specify types of group
members
via b081bd977c8 samba-tool tests: add test-case for 'ou list --base-dn'
via 2186c5a6a4c samba-tool: add -b/--base-dn option to OUs list command
via 918d91bb843 samba-tool tests: add test-case for 'user list
--base-dn'
via d4de2e3192e samba-tool: add -b/--base-dn option to users list
command
via 55be0f1d2f7 samba-tool tests: add test-case for 'contact list
--base-dn'
via 8a45adb2b19 samba-tool: add -b/--base-dn option to contacts list
command
via 88f0a1390b8 samba-tool tests: add test-case for 'computer list
--base-dn'
via b292a266a8d samba-tool: add -b/--base-dn option to computer list
command
via bced03b0d1a samba-tool tests: add test-case for 'group list
--base-dn'
via 8f68236dc4e samba-tool: add -b/--base-dn option to groups list
command
via b545ab1a85d samba-tool tests: add test-case for 'user getgrouops
--full-dn'
via 41262d1d66c samba-tool: add --full-dn option for user getgroups
command
via d2d345103b2 samba-tool tests: add test-case for 'group listmembers
--full-dn'
via bb66b322546 samba-tool: add --full-dn option to group listmembers
command
via 08207f77f13 samba-tool tests: add test case for 'user list
--full-dn'
via 31060963956 samba-tool: add --full-dn option to user list command
via 2e767e81be4 samba-tool tests: add test case for 'computer list
--full-dn'
via 29326e32645 samba-tool: add --full-dn option to computer list
command
via e64f7de31fd samba-tool tests: Add test-case for 'group list
--full-dn'
via 51d4c82f3c5 samba-tool: add --full-dn option to group list command
via b813ef6ae7a Revert "vfs_glusterfs: Return fake fd from pipe()
during open"
via cc4a55d290c vfs_glusterfs: add .fcntl_fn hook
via b56c56eecdf vfs_ceph: add .fcntl_fn hook
via 0a77890bbc9 testenv: No "mktemp" for in_screen
via 823e4de3094 testenv: Simplify "in_screen"
via 1ca1c601989 testenv: Properly kill daemons
via 4f1e4f9ce3f testenv: Be more careful deleting environment tmpfiles
from 85478847a1f WHATSNEW: Add CTDB changes for 4.12
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-stable
- Log -
---
Summary of changes:
VERSION | 6 +-
WHATSNEW.txt | 2 +-
python/samba/netcmd/computer.py | 27 +-
python/samba/netcmd/contact.py| 11 ++-
python/samba/netcmd/group.py | 156 ++
python/samba/netcmd/ou.py | 19 +++-
python/samba/netcmd/user.py | 46 -
python/samba/samdb.py | 113 +-
python/samba/tests/samba_tool/computer.py | 39
python/samba/tests/samba_tool/contact.py | 19
python/samba/tests/samba_tool/group.py| 66 +
python/samba/tests/samba_tool/ou.py | 19
python/samba/tests/samba_tool/user.py |
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 71b57a0ac3d WHATSNEW: Start release notes for Samba 4.13.0pre1.
via 423ca5e3529 VERSION: Bump version up to 4.13.0pre1...
via 773c5de6750 VERSION: Disable GIT_SNAPSHOT for the 4.12.0rc1
release...
via e1e55a47419 WHATSNEW: Add release note for Samba 4.12.0rc1.
via cf9850b4e06 samba-tool group addmembers: avoid python traceback on
member add failure
via 2697415239d selftest: add test for samba-tool groupmember
--member-base-dn option
via 8c5a266ef3f selftest: add tests for samba-tool group addmembers
--object-types option
via 347c65434ec selftest: add test for new samba-tool group addmembers
--member-dn option
via 557fa1d44b6 samba-tool group addmembers: add --member-base-dn
option for group member search
via 5b129bf12ba samba-tool group {add,remove}members: allow to use
--member-dn in combination with listofmembers
via 47f9ee91ed9 samba-tool group removemembers: adapt functionality to
addmembers command
via aedcf6a5274 samba-tool group addmembers: add --member-dn option
via f2e2579926e samba-tool group addmembers: add new option
--object-types
via a4d77bfd90d python/samdb: validation of group member types for
group member filter
via f9bf6b7856e python/samdb: add type "all" to search for all common
types of group members
via c4e899d6b4b python/samdb: adapt search filter for group object type
via 45abb4fd4f4 python/samdb: adapt search filter for user object type
via 2baa301237f python/samdb: add 'computer' to the default group
member types for group member filters
via 2abebee1405 python/samdb: fetch specific error if there are more
than one search results
via e3099ac4072 python/samdb: add more object types for adding/remove
group members
via 662b7458aed python/samdb: add option to specify types of group
members
via b081bd977c8 samba-tool tests: add test-case for 'ou list --base-dn'
via 2186c5a6a4c samba-tool: add -b/--base-dn option to OUs list command
via 918d91bb843 samba-tool tests: add test-case for 'user list
--base-dn'
via d4de2e3192e samba-tool: add -b/--base-dn option to users list
command
via 55be0f1d2f7 samba-tool tests: add test-case for 'contact list
--base-dn'
via 8a45adb2b19 samba-tool: add -b/--base-dn option to contacts list
command
via 88f0a1390b8 samba-tool tests: add test-case for 'computer list
--base-dn'
via b292a266a8d samba-tool: add -b/--base-dn option to computer list
command
via bced03b0d1a samba-tool tests: add test-case for 'group list
--base-dn'
via 8f68236dc4e samba-tool: add -b/--base-dn option to groups list
command
via b545ab1a85d samba-tool tests: add test-case for 'user getgrouops
--full-dn'
via 41262d1d66c samba-tool: add --full-dn option for user getgroups
command
via d2d345103b2 samba-tool tests: add test-case for 'group listmembers
--full-dn'
via bb66b322546 samba-tool: add --full-dn option to group listmembers
command
via 08207f77f13 samba-tool tests: add test case for 'user list
--full-dn'
via 31060963956 samba-tool: add --full-dn option to user list command
via 2e767e81be4 samba-tool tests: add test case for 'computer list
--full-dn'
via 29326e32645 samba-tool: add --full-dn option to computer list
command
via e64f7de31fd samba-tool tests: Add test-case for 'group list
--full-dn'
via 51d4c82f3c5 samba-tool: add --full-dn option to group list command
via b813ef6ae7a Revert "vfs_glusterfs: Return fake fd from pipe()
during open"
via cc4a55d290c vfs_glusterfs: add .fcntl_fn hook
via b56c56eecdf vfs_ceph: add .fcntl_fn hook
via 0a77890bbc9 testenv: No "mktemp" for in_screen
via 823e4de3094 testenv: Simplify "in_screen"
via 1ca1c601989 testenv: Properly kill daemons
via 4f1e4f9ce3f testenv: Be more careful deleting environment tmpfiles
from 85478847a1f WHATSNEW: Add CTDB changes for 4.12
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 71b57a0ac3d1ac5be98347dc109d7ebd14d39e88
Author: Stefan Metzmacher
Date: Tue Jan 21 14:51:34 2020 +0100
WHATSNEW: Start release notes for Samba 4.13.0pre1.
Signed-off-by: Stefan Metzmacher
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Tue Jan 21 16:04:29 UTC 2020 on sn-devel-184
commit 423ca5e3529f137cec3d367ef004eee2d4d18e4b
Author: Stefan Metzmacher
Date: Tue Jan 21 14:23:45 2020 +0100
VERSION: Bump version up to 4.13.0pre1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Stefan Metzmacher
commit 773c5de675049bd6943e0464d7cabcea54d94e47
Author: Stefan Metzmacher
Date: Tue Jan 21 14:21:50 2020 +0100
VERSION:
[SCM] Samba Shared Repository - annotated tag ldb-2.1.0 created
The annotated tag, ldb-2.1.0 has been created
at f5698d21c5e94186d82048b57512b907556069f8 (tag)
tagging 79460b1b9f3452d6d68014b84f4a9dc3988bd916 (commit)
replaces tevent-0.10.2
tagged by Stefan Metzmacher
on Tue Jan 21 15:13:07 2020 +0100
- Log -
ldb: tag release ldb-2.1.0
-BEGIN PGP SIGNATURE-
iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAl4nBvMACgkQR5ORYRMI
QCUtUAf/SqLyprEhEB9ZrmguuSezQaDvBr5GpK1ufOOd0iDQ5wwRqSPikhIc71kW
V72bfy1yUjEQbYjtWiqAOhppAyZHxiPNmWxbZMdISMaZTn5viuh+S/F/Z5EvM8Pz
Fd1z5ctSnIx+QbcdS9GVPDQnsupLk1vwWnotpLzL/TKREczOwJJktgmzMY7Tti9S
fNVCw2uwqFU2Ptqs5XEneIafLf79XdeI+bfBBPIQ7t7W3pAkOadk9DPZuoN5oLes
XqiQ+hKwS9BgCtkM/h7f5T/rLH4dWIA8+0RlOjdJfQwyItAhd72ZgWJHzwGpzQ3X
B2kaARhXDlwLI91xk0nXPEhgEqqo1g==
=kQMw
-END PGP SIGNATURE-
Alexander Bokovoy (1):
s3-rpcserver: fix security level check for DsRGetForestTrustInformation
Amitay Isaacs (1):
build: add missing crypt dependency for auth4_unix
Andreas Schneider (41):
s3:rpc_server: Replace E_md5hash() with GnuTLS calls
s3:winbindd: Replace E_md5hash() with GnuTLS calls
s3:winbind: Replace E_md5hash() with GnuTLS calls
libcli:auth: Remove unused E_md5hash()
s4:lib:tls: Fix cert and privkey types
s4:rpc_server: Return the status code from dcesrv_transport_session_key()
s3:printing: Use httpConnect2 from CUPS
gitignore: Add .build.log
s3:winbind: Print priv pipe location
ldb:tests: Avoid that the debug function overwrites memory
ldb:tests: Allow test filtering in ldb_mod_op_test
ldb: Avoid a possible NULL pointer dereference
ldb:tests: Use assert_in_range() in test_get_size()
ldb:tests: Add missing size check for tdb
ldb:tests: Add missing null check for ldb_kv_private
s3:tests: Remove the -I SERVER_IP so that Kerberos auth works
s3:selfest: Do not print the env twice
s3:smbspool: Map AUTH_INFO_REQUIRED=none to anonymous connection
s3:smbspool_krb5_wrapper: Map AUTH_INFO_REQUIRED=none to anonymous
s3:smbspool: Leave early if we print as root
s4:lib: Make sure we close fd's in error path
s3:rpc_server: Fix string compare for utmp entries
s3:torture: Do not segfault if cli is NULL
s3:smbd: Fix possible NULL deref in smbd_do_qfilepathinfo()
s3:lib: Move NULL check before messaging_dgm_out_rearm_idle_timer()
auth:tests: Improve debug output of test_gnutls
auth:tests: Only enable torture_gnutls_aes_128_cfb() on GnuTLS >= 3.6.11
pidl: Remove Parse/Yapp/Driver.pm
lib:crypto: Remove our implementation of AES CCM
lib:crypto: Remove our implementation of AES GCM
lib:crypto: Only build AES code if we need AES CMAC
lib:crypto: Build intel aes-ni only if GnuTLS doesn't provide AES CMAC
s3:script: Try to fix a Perl warning
s3:libsmb: Generate the inode only based on the path component
s3:libsmb: Add try_posixinfo to SMBSRV struct. Only enable for SMB1 with
UNIX for now.
s3:libsmb: Return a 'struct stat' buffer for SMBC_getatr()
s3:libsmb: Add a setup_stat_from_stat_ex() function
libsmbclient: If over SMB1 first try to do a posix stat on the file.
librpc: Fix string length checking in ndr_pull_charset_to_null()
librpc: Add test for ndr_string_length()
docs-xml: 'mangled names = illegal' is the new default
Andrew Bartlett (95):
lib/fuzzing: Avoid NULL pointer de-ref from 0-length input
lib/fuzzing: Free memory after successful load in fuzz_tiniparser
witness.idl: Change array type in IDL for the print function
ndr: Include the caller location in ndr_{pull,push}_error() messages
librpc: Unify packet dumping on ndr_pull() failure
ndrdump: Fix one more NTSTATUS rather than friendly ndr message
ndrdump: print structure name when failing to setup
ndrdump: TALLOC_FREE() on each exit path to allow running with leak
detection
ndrdump: Add const
ndrdump: Check for input decode failures
ndrdump: Allow for base64-encoded input in a file and on the command line
ndrdump: Return a different error code for ndr_pull() failures
ndrdump: Invert sense of --stop-on-parse-failure into
--print-after-parse-failure
ndrdump: Still print --dump bytes after parse failure
python: Return the stdout when also checking error codes
selftest: Confirm that --base64-input and --input work and a PIDL bug is
fixed.
selftest: Confirm that NDR bugs are fixed in DCOM code
selftest: Test repushing an ntlmssp AUTHENTICATE_MESSAGE
librpc: Check for NULL pointer in value() in ntlmssp_AUTHENTICATE
lib/fuzzing: Use --fuzz-target-ldflags if specified
lib/fuzzing/oss-fuzz: Add build_samba.sh for oss-fuzz
lib/fuzzing/oss-fuzz: add stub build.sh that will not change often
lib/fuzzing/oss-fuzz: Install chrpath as we
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 85478847a1f WHATSNEW: Add CTDB changes for 4.12
via aa2977e1519 ctdb-mutex: Change default re-check time for fcntl
helper to 5s
via 14b1dffc27d ctdb-tests: Add some tests to check recovery from
recovery lock issues
via 64501f51931 ctdb-tests: Put recovery lock for local daemons into a
subdirectory
via 93fc31858f9 ctdb-tests: Add local_daemons.sh option for recovery
lock recheck interval
from 13658324a3a CVE-2019-19344 kcc dns scavenging: Fix use after free
in dns_tombstone_records_zone
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 85478847a1f6bf8027a1a91df23ae746042620db
Author: Martin Schwenke
Date: Fri Dec 20 18:16:13 2019 +1100
WHATSNEW: Add CTDB changes for 4.12
Signed-off-by: Martin Schwenke
Reviewed-by: Amitay Isaacs
Autobuild-User(master): Amitay Isaacs
Autobuild-Date(master): Tue Jan 21 13:05:00 UTC 2020 on sn-devel-184
commit aa2977e1519b76b2c70871032bbc5ab85f8a0c45
Author: Martin Schwenke
Date: Fri Jan 10 14:25:39 2020 +1100
ctdb-mutex: Change default re-check time for fcntl helper to 5s
Testing against a commonly used cluster filesystem has shown no
performance impact, as expected.
Signed-off-by: Martin Schwenke
Reviewed-by: Amitay Isaacs
commit 14b1dffc27def76f1c69ff820f4e03dc50ddf4b6
Author: Martin Schwenke
Date: Fri Jan 10 15:45:48 2020 +1100
ctdb-tests: Add some tests to check recovery from recovery lock issues
Signed-off-by: Martin Schwenke
Reviewed-by: Amitay Isaacs
commit 64501f519319f83fb6281da50c76275782ee1f6c
Author: Martin Schwenke
Date: Fri Jan 10 14:04:14 2020 +1100
ctdb-tests: Put recovery lock for local daemons into a subdirectory
This makes it more like the way it works with a cluster filesystem.
It also allows the subdirectory to be manipulated in tests.
Signed-off-by: Martin Schwenke
Reviewed-by: Amitay Isaacs
commit 93fc31858f91c1b4080a223fed905eaac66a90d2
Author: Martin Schwenke
Date: Fri Jan 17 15:30:01 2020 +1100
ctdb-tests: Add local_daemons.sh option for recovery lock recheck interval
Signed-off-by: Martin Schwenke
Reviewed-by: Amitay Isaacs
---
Summary of changes:
WHATSNEW.txt | 11 +++
ctdb/server/ctdb_mutex_fcntl_helper.c | 2 +-
.../simple/cluster.015.reclock_remove_lock.sh | 90 ++
.../simple/cluster.016.reclock_move_lock_dir.sh| 74 ++
ctdb/tests/local_daemons.sh| 17 +++-
5 files changed, 190 insertions(+), 4 deletions(-)
create mode 100755
ctdb/tests/INTEGRATION/simple/cluster.015.reclock_remove_lock.sh
create mode 100755
ctdb/tests/INTEGRATION/simple/cluster.016.reclock_move_lock_dir.sh
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 0faf69e030f..18c787d3cba 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -129,6 +129,17 @@ Heimdal-DC: removal of weak-crypto.
Following removal of DES encryption types from Samba, the embedded Heimdal
build has been updated to not compile weak crypto code (HEIM_WEAK_CRYPTO).
+CTDB changes
+
+
+* The ctdb_mutex_fcntl_helper periodically re-checks the lock file
+
+ The re-check period is specified using a 2nd argument to this
+ helper. The default re-check period is 5s.
+
+ If the file no longer exists or the inode number changes then the
+ helper exits. This triggers an election.
+
smb.conf changes
diff --git a/ctdb/server/ctdb_mutex_fcntl_helper.c
b/ctdb/server/ctdb_mutex_fcntl_helper.c
index 1448a9062a0..51c46ce733f 100644
--- a/ctdb/server/ctdb_mutex_fcntl_helper.c
+++ b/ctdb/server/ctdb_mutex_fcntl_helper.c
@@ -398,7 +398,7 @@ int main(int argc, char *argv[])
file = argv[1];
- recheck_time = 60;
+ recheck_time = 5;
if (argc == 3) {
recheck_time = smb_strtoul(argv[2],
NULL,
diff --git a/ctdb/tests/INTEGRATION/simple/cluster.015.reclock_remove_lock.sh
b/ctdb/tests/INTEGRATION/simple/cluster.015.reclock_remove_lock.sh
new file mode 100755
index 000..d74bcf819b4
--- /dev/null
+++ b/ctdb/tests/INTEGRATION/simple/cluster.015.reclock_remove_lock.sh
@@ -0,0 +1,90 @@
+#!/bin/bash
+
+# Verify that the cluster recovers if the recovery lock is removed.
+
+. "${TEST_SCRIPTS_DIR}/integration.bash"
+
+set -e
+
+ctdb_test_skip_on_cluster
+
+ctdb_test_init -r 5
+
+generation_has_changed ()
+{
+ local node="$1"
+ local generation_init="$2"
+
+ # Leak this so it can be printed by test
+ generation_new=""
+
+ ctdb_onnode "$node" status
+ # shellcheck disable=SC2154
+ # $outfile set by ctdb_onnode()
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 13658324a3a CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone via 34a8cee348d CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs via 86023642c39 repl_meta_data: Only reset replMetaData entry for name if we made a conflict name here via 9e126852a69 repl_meta_data: Do not set *rename = true unless there has been a conflict on the incoming DN via 512ea17983e repl_meta_data: Add comment explaining what is being renamed after the conflict is resolved via 2b1828276b3 CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs via b7030f9a8bd CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename via 4c62210098d CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. via 520d2ae187e CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN via 3f3791765c6 CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children via 5d714c1cea1 CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here via 545d205e5b2 CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction via febe15ab2e1 selftest: Add test to confirm ACL inheritence really happens via d64670bab82 CVE-2019-14902 selftest: Add test for a special case around replicated renames via 7b19e221aee CVE-2019-14902 selftest: Add test for replication of inherited security descriptors from 558bd7c83d0 util: Add detection of libunwind https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 13658324a3ab30213ff50c21308f287ef3a131fd Author: Gary Lockyer Date: Mon Dec 16 13:57:47 2019 +1300 CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone ldb_msg_add_empty reallocates the underlying element array, leaving old_el pointing to freed memory. This patch takes two defensive copies of the ldb message, and performs the updates on them rather than the ldb messages in the result. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14050 Signed-off-by: Gary Lockyer Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Tue Jan 21 11:38:38 UTC 2020 on sn-devel-184 commit 34a8cee348d3dfea18e92a4ae829ae797a652192 Author: Andrew Bartlett Date: Fri Nov 29 20:58:47 2019 +1300 CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs The string may be in another charset, or may be sensitive and certainly may not be terminated. It is not safe to just print. Found by Robert Święcki using a fuzzer he wrote for smbd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208 Signed-off-by: Andrew Bartlett commit 86023642c3961f00d0e4e6c71086739d9d568276 Author: Andrew Bartlett Date: Fri Dec 6 18:26:11 2019 +1300 repl_meta_data: Only reset replMetaData entry for name if we made a conflict name here We previously set it for any rename Signed-off-by: Andrew Bartlett commit 9e126852a6912e545641a506491f425a987e3b80 Author: Andrew Bartlett Date: Fri Dec 6 18:15:16 2019 +1300 repl_meta_data: Do not set *rename = true unless there has been a conflict on the incoming DN The normal case of a partner-sent rename is not a cause for updating the replPropertyMetaData Signed-off-by: Andrew Bartlett commit 512ea17983e7cca78778d493c75b4401a438dfbb Author: Andrew Bartlett Date: Fri Dec 6 17:55:13 2019 +1300 repl_meta_data: Add comment explaining what is being renamed after the conflict is resolved Signed-off-by: Andrew Bartlett commit 2b1828276b365a30131ac6ea543ac344941b8088 Author: Andrew Bartlett Date: Thu Dec 12 14:44:57 2019 +1300 CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs We can not process on the basis of a DN, as the DN may have changed in a rename, not only that this module can see, but also from repl_meta_data below. Therefore remove all the complex tree-based change processing, leaving only a tree-based sort of the possible objects to be changed, and a single stopped_dn variable containing the DN to stop processing below (after a no-op change). BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett commit b7030f9a8bd67f454c17d065d9af9199748aa6d3 Author: Andrew Bartlett Date: Fri Dec 6 18:26:42 2019 +1300 CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename Previously if there was a conflict, but the incoming object would
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 7b47e920325 VERSION: Bump version up to 4.9.19. via ebad1b499f0 Merge tag 'samba-4.9.18' into v4-9-test via 5f8ef2f9eec VERSION: Disable GIT_SNAPSHOT for the 4.9.18 release. via 4e6475813f9 WHATSNEW: Add release notes for Samba 4.9.18. via 55fb0c2f67e CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone via ad0e68d354a CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs via 030fa9e5455 CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is never read warning via 16b377276ee CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs via 7071888d5b5 CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename via 9e6b09e0fd5 CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. via 9ac2b09fa5a CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN via 0fa9a362e55 CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children via 589d1e4846b CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here via 17215b36b22 CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction via 4afff32debe selftest: Add test to confirm ACL inheritence really happens via c5a005a4538 CVE-2019-14902 selftest: Add test for a special case around replicated renames via 77d55b64af6 CVE-2019-14902 selftest: Add test for replication of inherited security descriptors via 052a54a54f7 VERSION: Bump version up to Samba 4.9.18... from 5d91d4cdbeb VERSION: Bump version up to Samba 4.9.18... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 7b47e92032519cd2df26089f2688c52d5112cd7a Author: Karolin Seeger Date: Tue Jan 21 11:07:22 2020 +0100 VERSION: Bump version up to 4.9.19. Signed-off-by: Karolin Seeger commit ebad1b499f05731c506d0bcf14d95283d8289b33 Merge: 5d91d4cdbeb 5f8ef2f9eec Author: Karolin Seeger Date: Tue Jan 21 11:06:47 2020 +0100 Merge tag 'samba-4.9.18' into v4-9-test samba: tag release samba-4.9.18 --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 76 - lib/util/charset/convert_string.c | 33 +- source4/dsdb/kcc/scavenge_dns_records.c | 51 ++- source4/dsdb/samdb/ldb_modules/acl_util.c | 4 +- source4/dsdb/samdb/ldb_modules/descriptor.c | 291 + source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 55 +++- source4/dsdb/samdb/samdb.h | 2 +- source4/selftest/tests.py | 5 + source4/torture/drs/python/repl_secdesc.py | 400 10 files changed, 750 insertions(+), 169 deletions(-) create mode 100644 source4/torture/drs/python/repl_secdesc.py Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index e7c3f48ba86..bc59724074c 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=9 -SAMBA_VERSION_RELEASE=18 +SAMBA_VERSION_RELEASE=19 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index c1f544b2c5c..d9ee3b40646 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,75 @@ + == + Release Notes for Samba 4.9.18 + January 21, 2020 + == + + +This is a security release in order to address the following defects: + +o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD + Directory not automatic. +o CVE-2019-14907: Crash after failed character conversion at log level 3 or + above. +o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. + + +=== +Details +=== + +o CVE-2019-14902:
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 1c330a18d45 VERSION: Bump version up to 4.10.13. via a69b3905140 Merge tag 'samba-4.10.12' into v4-10-test via 06f7473fe56 VERSION: Disable GIT_SNAPSHOT for the 4.10.12 release. via 8e1313322ce WHATSNEW: Add release notes for Samba 4.11.5. via ed516929162 CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone via 7deeb0c93bb CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs via 28e6066e5db CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is never read warning via 90c1563cb83 CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs via d257c764a7b CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename via cf95287171e CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. via efb7ac7efe0 CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN via f3e3e8deb46 CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children via 8092b27908c CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here via 17e6091b99a CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction via 62e098fec23 selftest: Add test to confirm ACL inheritence really happens via 9480a26697e CVE-2019-14902 selftest: Add test for a special case around replicated renames via e7eeb725858 CVE-2019-14902 selftest: Add test for replication of inherited security descriptors via a4c62918730 VERSION: Re-enable GIT_SNAPSHOT. via 32d2cd1f5b5 VERSION: Bump version up to 4.10.12. from b2800628a6b ctdb-tests: Skip some tests that don't work with IPv6 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 1c330a18d459f649f594dd7b0e9f0bd7406a6b26 Author: Karolin Seeger Date: Tue Jan 21 11:05:28 2020 +0100 VERSION: Bump version up to 4.10.13. Signed-off-by: Karolin Seeger commit a69b3905140e62b5271936958f1b7ab6c425ded5 Merge: b2800628a6b 06f7473fe56 Author: Karolin Seeger Date: Tue Jan 21 11:05:05 2020 +0100 Merge tag 'samba-4.10.12' into v4-10-test samba: tag release samba-4.10.12 --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 76 - lib/util/charset/convert_string.c | 33 +- source4/dsdb/kcc/scavenge_dns_records.c | 51 ++- source4/dsdb/samdb/ldb_modules/acl_util.c | 4 +- source4/dsdb/samdb/ldb_modules/descriptor.c | 291 + source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 55 +++- source4/dsdb/samdb/samdb.h | 2 +- source4/selftest/tests.py | 6 + source4/torture/drs/python/repl_secdesc.py | 400 10 files changed, 751 insertions(+), 169 deletions(-) create mode 100644 source4/torture/drs/python/repl_secdesc.py Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 95e454cceea..0d742c7bf2e 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=10 -SAMBA_VERSION_RELEASE=12 +SAMBA_VERSION_RELEASE=13 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 6b3fbc88d50..82e54d46a79 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,75 @@ + === + Release Notes for Samba 4.10.12 + January 21, 2020 + === + + +This is a security release in order to address the following defects: + +o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD + Directory not automatic. +o CVE-2019-14907: Crash after failed character conversion at log level 3 or + above. +o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. + + +=== +Details +=== + +o CVE-2019-14902: + The implementation of ACL inheritance in the Samba AD DC was not complete, + and so absent a 'full-sync' replication, ACLs could get out of sync between + domain controllers. + +o CVE-2019-14907: + When processing untrusted string input Samba can read past the end of the + allocated buffer when printing a "Conversion error" message to the logs. + +o CVE-2019-19344: + During DNS zone scavenging (of expired dynamic entries) there is a read of + memory
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via c5f61b9dd0a VERSION: Bump version up to 4.11.6. via 5f735302220 Merge tag 'samba-4.11.5' into v4-11-test via 01a4dd8ea2b VERSION: Disable GIT_SNAPSHOT for the 4.11.5 release. via 16f159bdd2d WHATSNEW: Add release notes for Samba 4.11.5. via a56fb1c0427 CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone via 0010822597d CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs via 5884a973309 CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs via da1d3a0c03c CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename via febccb4845e CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. via 2cf368d0023 CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN via dc1b30c8316 CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children via 68a91b11e40 CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here via 971247385a4 CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction via 50498111ac0 selftest: Add test to confirm ACL inheritence really happens via 59a7bbe0c15 CVE-2019-14902 selftest: Add test for a special case around replicated renames via 6b6a993e6af CVE-2019-14902 selftest: Add test for replication of inherited security descriptors via 98761ff1b2e VERSION: Bump version up to 4.11.5... from c5dee3fcee6 libsmbclient: If over SMB1 first try to do a posix stat on the file. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit c5f61b9dd0a0624ba91f1ee9277c653ebb38a3e6 Author: Karolin Seeger Date: Tue Jan 21 11:02:17 2020 +0100 VERSION: Bump version up to 4.11.6. Signed-off-by: Karolin Seeger commit 5f73530222071af7cf6d9fa044cde86217fec112 Merge: c5dee3fcee6 01a4dd8ea2b Author: Karolin Seeger Date: Tue Jan 21 11:01:42 2020 +0100 Merge tag 'samba-4.11.5' into v4-11-test samba: tag release samba-4.11.5 --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 76 - lib/util/charset/convert_string.c | 38 +-- source4/dsdb/kcc/scavenge_dns_records.c | 51 ++- source4/dsdb/samdb/ldb_modules/acl_util.c | 4 +- source4/dsdb/samdb/ldb_modules/descriptor.c | 291 + source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 55 +++- source4/dsdb/samdb/samdb.h | 2 +- source4/selftest/tests.py | 5 + source4/torture/drs/python/repl_secdesc.py | 400 10 files changed, 752 insertions(+), 172 deletions(-) create mode 100644 source4/torture/drs/python/repl_secdesc.py Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 7bbd4754860..0f54515c8b9 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=11 -SAMBA_VERSION_RELEASE=5 +SAMBA_VERSION_RELEASE=6 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 830081446ab..99272550643 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,75 @@ + == + Release Notes for Samba 4.11.5 + January 21, 2020 + == + + +This is a security release in order to address the following defects: + +o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD + Directory not automatic. +o CVE-2019-14907: Crash after failed character conversion at log level 3 or + above. +o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. + + +=== +Details +=== + +o CVE-2019-14902: + The implementation of ACL
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 23dc692 NEWS[4.11.5]: Samba 4.11.5, 4.10.12 and 4.9.18 Security Releases Available from 1f2b0f6 Add Samba 4.11.4. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 23dc692e9585ed8a3005dbb7d0d834cef27431ba Author: Karolin Seeger Date: Tue Jan 14 09:54:01 2020 +0100 NEWS[4.11.5]: Samba 4.11.5, 4.10.12 and 4.9.18 Security Releases Available Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 3 + history/samba-4.10.12.html | 71 +++ history/samba-4.11.5.html| 71 +++ history/samba-4.9.18.html| 71 +++ history/security.html| 23 + posted_news/20200121-090843.4.11.5.body.html | 33 +++ posted_news/20200121-090843.4.11.5.headline.html | 4 + security/CVE-2019-14902.html | 108 +++ security/CVE-2019-14907.html | 83 + security/CVE-2019-19344.html | 87 ++ 10 files changed, 554 insertions(+) create mode 100644 history/samba-4.10.12.html create mode 100644 history/samba-4.11.5.html create mode 100644 history/samba-4.9.18.html create mode 100644 posted_news/20200121-090843.4.11.5.body.html create mode 100644 posted_news/20200121-090843.4.11.5.headline.html create mode 100644 security/CVE-2019-14902.html create mode 100644 security/CVE-2019-14907.html create mode 100644 security/CVE-2019-19344.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 8a663ae..6afeebd 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,11 +9,13 @@ Release Notes + samba-4.11.5 samba-4.11.4 samba-4.11.3 samba-4.11.2 samba-4.11.1 samba-4.11.0 + samba-4.10.12 samba-4.10.11 samba-4.10.10 samba-4.10.9 @@ -26,6 +28,7 @@ samba-4.10.2 samba-4.10.1 samba-4.10.0 + samba-4.9.18 samba-4.9.17 samba-4.9.16 samba-4.9.15 diff --git a/history/samba-4.10.12.html b/history/samba-4.10.12.html new file mode 100644 index 000..cf86c8a --- /dev/null +++ b/history/samba-4.10.12.html @@ -0,0 +1,71 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.10.12 - Release Notes + + +Samba 4.10.12 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.10.12.tar.gz;>Samba 4.10.12 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.10.12.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.10.11-4.10.12.diffs.gz;>Patch (gzipped) against Samba 4.10.11 +https://download.samba.org/pub/samba/patches/samba-4.10.11-4.10.12.diffs.asc;>Signature + + + + === + Release Notes for Samba 4.10.12 + January 21, 2020 + === + + +This is a security release in order to address the following defects: + +o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD + Directory not automatic. +o CVE-2019-14907: Crash after failed character conversion at log level 3 or + above. +o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. + + +=== +Details +=== + +o CVE-2019-14902: + The implementation of ACL inheritance in the Samba AD DC was not complete, + and so absent a full-sync replication, ACLs could get out of sync between + domain controllers. + +o CVE-2019-14907: + When processing untrusted string input Samba can read past the end of the + allocated buffer when printing a Conversion error message to the logs. + +o CVE-2019-19344: + During DNS zone scavenging (of expired dynamic entries) there is a read of + memory after it has been freed. + +For more details and workarounds, please refer to the security advisories. + + +Changes since 4.10.11 +-- + +o Andrew Bartlett abart...@samba.org + * BUG 12497: CVE-2019-14902: Replication of ACLs down subtree on AD Directory + not automatic. + * BUG 14208: CVE-2019-14907: lib/util: Do not print the failed to convert + string into the logs. + +o Gary Lockyer g.
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via 5f8ef2f9eec VERSION: Disable GIT_SNAPSHOT for the 4.9.18 release. via 4e6475813f9 WHATSNEW: Add release notes for Samba 4.9.18. via 55fb0c2f67e CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone via ad0e68d354a CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs via 030fa9e5455 CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is never read warning via 16b377276ee CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs via 7071888d5b5 CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename via 9e6b09e0fd5 CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. via 9ac2b09fa5a CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN via 0fa9a362e55 CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children via 589d1e4846b CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here via 17215b36b22 CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction via 4afff32debe selftest: Add test to confirm ACL inheritence really happens via c5a005a4538 CVE-2019-14902 selftest: Add test for a special case around replicated renames via 77d55b64af6 CVE-2019-14902 selftest: Add test for replication of inherited security descriptors via 052a54a54f7 VERSION: Bump version up to Samba 4.9.18... from 631a49647b7 VERSION: Disable GIT_SNAPSHOT for the 4.9.17 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - commit 5f8ef2f9eecbc6c6c405bdb55ed685ad83008c11 Author: Karolin Seeger Date: Fri Jan 10 16:30:15 2020 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.9.18 release. o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. o CVE-2019-14907: Crash after failed character conversion at log level 3 or above. o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. Signed-off-by: Karolin Seeger commit 4e6475813f9e5a32207244857fd11f330a49a65b Author: Karolin Seeger Date: Fri Jan 10 11:58:31 2020 +0100 WHATSNEW: Add release notes for Samba 4.9.18. o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. o CVE-2019-14907: Crash after failed character conversion at log level 3 or above. o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. Signed-off-by: Karolin Seeger commit 55fb0c2f67ef1906c942729c00f9f918dd92a658 Author: Gary Lockyer Date: Mon Dec 16 13:57:47 2019 +1300 CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone ldb_msg_add_empty reallocates the underlying element array, leaving old_el pointing to freed memory. This patch takes two defensive copies of the ldb message, and performs the updates on them rather than the ldb messages in the result. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14050 Signed-off-by: Gary Lockyer commit ad0e68d354ad33c577dbf146fc4a1b8254857558 Author: Andrew Bartlett Date: Fri Nov 29 20:58:47 2019 +1300 CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs The string may be in another charset, or may be sensitive and certainly may not be terminated. It is not safe to just print. Found by Robert Święcki using a fuzzer he wrote for smbd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208 Signed-off-by: Andrew Bartlett (adapted from master commit) commit 030fa9e5455125e30b71c90be80baadb657d8993 Author: Noel Power Date: Fri May 24 13:37:00 2019 + CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is never read warning Fixes: lib/util/charset/convert_string.c:301:5: warning: Value stored to 'reason' is never read <--[clang] BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208 Signed-off-by: Noel Power Reviewed-by: Gary Lockyer g...@catalyst.net.nz (cherry picked from commit add47e288bc80c1bf45765d1588a9fa5998ea677) commit 16b377276ee82c04d069666e53deaa95a7633dd4 Author: Andrew Bartlett Date: Thu Dec 12 14:44:57 2019 +1300 CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs We can not process on the basis of a DN, as the DN may have changed in a rename, not only that this module can see, but also from repl_meta_data below. Therefore remove
[SCM] Samba Shared Repository - annotated tag samba-4.9.18 created
The annotated tag, samba-4.9.18 has been created at 9ccbee36aac2bbaad4d7ef3309ac558176d8325a (tag) tagging 5f8ef2f9eecbc6c6c405bdb55ed685ad83008c11 (commit) replaces samba-4.9.17 tagged by Karolin Seeger on Tue Jan 14 09:59:25 2020 +0100 - Log - samba: tag release samba-4.9.18 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXh2C7QAKCRBvM5FbZWi3 6mMqAKC3cXHx2BbXAOltLJ1XRqupYxIF5wCdEBY4+na7u9VHhOUsFvfyDbiI3rU= =ShVP -END PGP SIGNATURE- Andrew Bartlett (11): CVE-2019-14902 selftest: Add test for replication of inherited security descriptors CVE-2019-14902 selftest: Add test for a special case around replicated renames selftest: Add test to confirm ACL inheritence really happens CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs Gary Lockyer (1): CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone Karolin Seeger (3): VERSION: Bump version up to Samba 4.9.18... WHATSNEW: Add release notes for Samba 4.9.18. VERSION: Disable GIT_SNAPSHOT for the 4.9.18 release. Noel Power (1): CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is never read warning --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-stable updated
The branch, v4-10-stable has been updated via 06f7473fe56 VERSION: Disable GIT_SNAPSHOT for the 4.10.12 release. via 8e1313322ce WHATSNEW: Add release notes for Samba 4.11.5. via ed516929162 CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone via 7deeb0c93bb CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs via 28e6066e5db CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is never read warning via 90c1563cb83 CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs via d257c764a7b CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename via cf95287171e CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. via efb7ac7efe0 CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN via f3e3e8deb46 CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children via 8092b27908c CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here via 17e6091b99a CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction via 62e098fec23 selftest: Add test to confirm ACL inheritence really happens via 9480a26697e CVE-2019-14902 selftest: Add test for a special case around replicated renames via e7eeb725858 CVE-2019-14902 selftest: Add test for replication of inherited security descriptors via a4c62918730 VERSION: Re-enable GIT_SNAPSHOT. via 32d2cd1f5b5 VERSION: Bump version up to 4.10.12. from d644dfea6f2 VERSION: Disable GIT_SNAPSHOT for the 4.10.11 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-stable - Log - commit 06f7473fe565b3e2fd9413cbdcc77439d9907735 Author: Karolin Seeger Date: Thu Jan 9 12:51:27 2020 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.10.12 release. o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. o CVE-2019-14907: Crash after failed character conversion at log level 3 or above. o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. Signed-off-by: Karolin Seeger commit 8e1313322ce62b1dbd56957faa849e83d7c9ddfe Author: Karolin Seeger Date: Thu Jan 9 12:48:31 2020 +0100 WHATSNEW: Add release notes for Samba 4.11.5. o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. o CVE-2019-14907: Crash after failed character conversion at log level 3 or above. o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. Signed-off-by: Karolin Seeger commit ed5169291628b663c6d641f3c9e8d89bb84f91ac Author: Gary Lockyer Date: Mon Dec 16 13:57:47 2019 +1300 CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone ldb_msg_add_empty reallocates the underlying element array, leaving old_el pointing to freed memory. This patch takes two defensive copies of the ldb message, and performs the updates on them rather than the ldb messages in the result. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14050 Signed-off-by: Gary Lockyer commit 7deeb0c93bb5da014ea3d259ab9dbd63e8be72cb Author: Andrew Bartlett Date: Fri Nov 29 20:58:47 2019 +1300 CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs The string may be in another charset, or may be sensitive and certainly may not be terminated. It is not safe to just print. Found by Robert Święcki using a fuzzer he wrote for smbd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208 Signed-off-by: Andrew Bartlett (adapted from master commit) commit 28e6066e5db61ca0a375fd8712385c0d1761b257 Author: Noel Power Date: Fri May 24 13:37:00 2019 + CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is never read warning Fixes: lib/util/charset/convert_string.c:301:5: warning: Value stored to 'reason' is never read <--[clang] Signed-off-by: Noel Power Reviewed-by: Gary Lockyer g...@catalyst.net.nz (cherry picked from commit add47e288bc80c1bf45765d1588a9fa5998ea677) commit 90c1563cb83a59fb4d9b997fbde76bcec1092c29 Author: Andrew Bartlett Date: Thu Dec 12 14:44:57 2019 +1300 CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs We can not process on the basis of a DN, as the DN may have changed in a rename, not only that this module can see, but also from repl_meta_data below. Therefore
[SCM] Samba Shared Repository - annotated tag samba-4.10.12 created
The annotated tag, samba-4.10.12 has been created at dde19178d82ea800356b3b0544a1226af75a1f97 (tag) tagging 06f7473fe565b3e2fd9413cbdcc77439d9907735 (commit) replaces samba-4.10.11 tagged by Karolin Seeger on Tue Jan 14 09:56:55 2020 +0100 - Log - samba: tag release samba-4.10.12 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXh2CVwAKCRBvM5FbZWi3 6t2fAJ0X60FriEfN9NI3ssMsCid0VnOyYwCgn2YJuJ7a9qzVZskT5Gwn8YKNVGc= =bT2i -END PGP SIGNATURE- Andrew Bartlett (11): CVE-2019-14902 selftest: Add test for replication of inherited security descriptors CVE-2019-14902 selftest: Add test for a special case around replicated renames selftest: Add test to confirm ACL inheritence really happens CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs Gary Lockyer (1): CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone Karolin Seeger (4): VERSION: Bump version up to 4.10.12. VERSION: Re-enable GIT_SNAPSHOT. WHATSNEW: Add release notes for Samba 4.11.5. VERSION: Disable GIT_SNAPSHOT for the 4.10.12 release. Noel Power (1): CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is never read warning --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-11-stable updated
The branch, v4-11-stable has been updated via 01a4dd8ea2b VERSION: Disable GIT_SNAPSHOT for the 4.11.5 release. via 16f159bdd2d WHATSNEW: Add release notes for Samba 4.11.5. via a56fb1c0427 CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone via 0010822597d CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs via 5884a973309 CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs via da1d3a0c03c CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename via febccb4845e CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. via 2cf368d0023 CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN via dc1b30c8316 CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children via 68a91b11e40 CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here via 971247385a4 CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction via 50498111ac0 selftest: Add test to confirm ACL inheritence really happens via 59a7bbe0c15 CVE-2019-14902 selftest: Add test for a special case around replicated renames via 6b6a993e6af CVE-2019-14902 selftest: Add test for replication of inherited security descriptors via 98761ff1b2e VERSION: Bump version up to 4.11.5... from a3e0dc33741 VERSION: Disable GIT_SNAPSHOT for the 4.11.4 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-stable - Log - commit 01a4dd8ea2b7503270221beef02d21b0a2bc5ffa Author: Karolin Seeger Date: Wed Jan 8 11:55:21 2020 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.11.5 release. o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. o CVE-2019-14907: Crash after failed character conversion at log level 3 or above. o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. Signed-off-by: Karolin Seeger commit 16f159bdd2dc1fadcfa5920f895eb32f2ccdc73c Author: Karolin Seeger Date: Wed Jan 8 11:53:55 2020 +0100 WHATSNEW: Add release notes for Samba 4.11.5. o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. o CVE-2019-14907: Crash after failed character conversion at log level 3 or above. o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. Signed-off-by: Karolin Seeger commit a56fb1c04278e27381d5eaf52ec1036fceae411f Author: Gary Lockyer Date: Mon Dec 16 13:57:47 2019 +1300 CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone ldb_msg_add_empty reallocates the underlying element array, leaving old_el pointing to freed memory. This patch takes two defensive copies of the ldb message, and performs the updates on them rather than the ldb messages in the result. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14050 Signed-off-by: Gary Lockyer commit 0010822597db4b26858f2a03ea09e070854da782 Author: Andrew Bartlett Date: Fri Nov 29 20:58:47 2019 +1300 CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs The string may be in another charset, or may be sensitive and certainly may not be terminated. It is not safe to just print. Found by Robert Święcki using a fuzzer he wrote for smbd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208 Signed-off-by: Andrew Bartlett commit 5884a9733099f5be05e2de5d3452a882b5c35c27 Author: Andrew Bartlett Date: Thu Dec 12 14:44:57 2019 +1300 CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs We can not process on the basis of a DN, as the DN may have changed in a rename, not only that this module can see, but also from repl_meta_data below. Therefore remove all the complex tree-based change processing, leaving only a tree-based sort of the possible objects to be changed, and a single stopped_dn variable containing the DN to stop processing below (after a no-op change). BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett commit da1d3a0c03c002f6d2ffc6cfc7c0c15a4baa1000 Author: Andrew Bartlett Date: Fri Dec 6 18:26:42 2019 +1300 CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename Previously if there was a conflict, but the incoming object would still win, this was not marked as a rename, and so inheritence was not done.
[SCM] Samba Shared Repository - annotated tag samba-4.11.5 created
The annotated tag, samba-4.11.5 has been created at a24064bd0fa285f9e9267ce97bef1d2832ee872f (tag) tagging 01a4dd8ea2b7503270221beef02d21b0a2bc5ffa (commit) replaces samba-4.11.4 tagged by Karolin Seeger on Tue Jan 14 09:53:44 2020 +0100 - Log - samba: tag release samba-4.11.5 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXh2BmAAKCRBvM5FbZWi3 6rKYAKCpA6mL2dMK5YnnsxtatX/R63hN7gCfYFXs8eqau1AKGkJFeqCURQJOvAc= =tGpQ -END PGP SIGNATURE- Andrew Bartlett (11): CVE-2019-14902 selftest: Add test for replication of inherited security descriptors CVE-2019-14902 selftest: Add test for a special case around replicated renames selftest: Add test to confirm ACL inheritence really happens CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs Gary Lockyer (1): CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone Karolin Seeger (3): VERSION: Bump version up to 4.11.5... WHATSNEW: Add release notes for Samba 4.11.5. VERSION: Disable GIT_SNAPSHOT for the 4.11.5 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 558bd7c83d0 util: Add detection of libunwind
from 5ff83809a2b s3: lib: dbwrap_ctdb: Ensure value_valid is set when
creating empty record
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 558bd7c83d08523a9e88414195d9703df38e9af2
Author: Martin Schwenke
Date: Tue Oct 1 13:52:38 2019 +1000
util: Add detection of libunwind
The current detection doesn't seem to work, so libunwind doesn't seem
to be used.
Signed-off-by: Martin Schwenke
Signed-off-by: Amitay Isaacs
Reviewed-by: Volker Lendecke
Autobuild-User(master): Martin Schwenke
Autobuild-Date(master): Tue Jan 21 08:12:17 UTC 2020 on sn-devel-184
---
Summary of changes:
lib/util/wscript_build | 2 +-
lib/util/wscript_configure | 11 ++-
2 files changed, 11 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/wscript_build b/lib/util/wscript_build
index 3a80b93b2c7..a827eea3ed9 100644
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -82,7 +82,7 @@ bld.SAMBA_SUBSYSTEM('samba-util-core',
become_daemon.c mkdir_p.c''',
deps='''time-basic samba-debug socket-blocking talloc
tevent execinfo pthread strv tini''',
-public_deps='systemd systemd-daemon sys_rw',
+public_deps='systemd systemd-daemon sys_rw LIBUNWIND',
local_include=False)
bld.SAMBA_LIBRARY('iov_buf',
diff --git a/lib/util/wscript_configure b/lib/util/wscript_configure
index 93853511575..4f57184f515 100644
--- a/lib/util/wscript_configure
+++ b/lib/util/wscript_configure
@@ -8,7 +8,16 @@ if Options.options.disable_fault_handling:
# backtrace could be in libexecinfo or in libc
conf.CHECK_FUNCS_IN('backtrace backtrace_symbols', 'execinfo', checklibc=True,
headers='execinfo.h')
-conf.CHECK_HEADERS('execinfo.h libunwind.h')
+conf.CHECK_HEADERS('execinfo.h')
+
+conf.SET_TARGET_TYPE('LIBUNWIND', 'EMPTY')
+if conf.check_cfg(package='libunwind-generic',
+ args='--cflags --libs',
+ msg='Checking for libunwind',
+ uselib_store='LIBUNWIND',
+ mandatory=False):
+if conf.CHECK_HEADERS('libunwind.h'):
+conf.SET_TARGET_TYPE('LIBUNWIND', 'SYSLIB')
conf.CHECK_STRUCTURE_MEMBER('struct statvfs', 'f_frsize',
define='HAVE_FRSIZE', headers='sys/statvfs.h')
--
Samba Shared Repository
