[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via 5f8ef2f9eec VERSION: Disable GIT_SNAPSHOT for the 4.9.18 release. via 4e6475813f9 WHATSNEW: Add release notes for Samba 4.9.18. via 55fb0c2f67e CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone via ad0e68d354a CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs via 030fa9e5455 CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is never read warning via 16b377276ee CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs via 7071888d5b5 CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename via 9e6b09e0fd5 CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. via 9ac2b09fa5a CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN via 0fa9a362e55 CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children via 589d1e4846b CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here via 17215b36b22 CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction via 4afff32debe selftest: Add test to confirm ACL inheritence really happens via c5a005a4538 CVE-2019-14902 selftest: Add test for a special case around replicated renames via 77d55b64af6 CVE-2019-14902 selftest: Add test for replication of inherited security descriptors via 052a54a54f7 VERSION: Bump version up to Samba 4.9.18... from 631a49647b7 VERSION: Disable GIT_SNAPSHOT for the 4.9.17 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - commit 5f8ef2f9eecbc6c6c405bdb55ed685ad83008c11 Author: Karolin Seeger Date: Fri Jan 10 16:30:15 2020 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.9.18 release. o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. o CVE-2019-14907: Crash after failed character conversion at log level 3 or above. o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. Signed-off-by: Karolin Seeger commit 4e6475813f9e5a32207244857fd11f330a49a65b Author: Karolin Seeger Date: Fri Jan 10 11:58:31 2020 +0100 WHATSNEW: Add release notes for Samba 4.9.18. o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. o CVE-2019-14907: Crash after failed character conversion at log level 3 or above. o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. Signed-off-by: Karolin Seeger commit 55fb0c2f67ef1906c942729c00f9f918dd92a658 Author: Gary Lockyer Date: Mon Dec 16 13:57:47 2019 +1300 CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone ldb_msg_add_empty reallocates the underlying element array, leaving old_el pointing to freed memory. This patch takes two defensive copies of the ldb message, and performs the updates on them rather than the ldb messages in the result. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14050 Signed-off-by: Gary Lockyer commit ad0e68d354ad33c577dbf146fc4a1b8254857558 Author: Andrew Bartlett Date: Fri Nov 29 20:58:47 2019 +1300 CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs The string may be in another charset, or may be sensitive and certainly may not be terminated. It is not safe to just print. Found by Robert Święcki using a fuzzer he wrote for smbd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208 Signed-off-by: Andrew Bartlett (adapted from master commit) commit 030fa9e5455125e30b71c90be80baadb657d8993 Author: Noel Power Date: Fri May 24 13:37:00 2019 + CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is never read warning Fixes: lib/util/charset/convert_string.c:301:5: warning: Value stored to 'reason' is never read <--[clang] BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208 Signed-off-by: Noel Power Reviewed-by: Gary Lockyer g...@catalyst.net.nz (cherry picked from commit add47e288bc80c1bf45765d1588a9fa5998ea677) commit 16b377276ee82c04d069666e53deaa95a7633dd4 Author: Andrew Bartlett Date: Thu Dec 12 14:44:57 2019 +1300 CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs We can not process on the basis of a DN, as the DN may have changed in a rename, not only that this module can see, but also from repl_meta_data below. Therefore remove
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via 631a49647b7 VERSION: Disable GIT_SNAPSHOT for the 4.9.17 release. via 2d9d1c3a0f1 WHATSNEW: Add release notes for Samba 4.9.17. via 277ab21fcf3 CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag via d0d4954b9b4 CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self via 5249cad8b43 CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed via 80ea4bde850 samba-tool: add user-sensitive command to set not-delegated flag via 38db53fa5e9 s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_local via 90073f0abc4 CVE-2019-14861: Test to demonstrate the bug via 16405fecc40 CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords) via 51fa9a6a805 CVE-2019-14861: s4-rpc_server: Remove special case for @ in dns_build_tree() via 9501741466b CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in dcesrv_DnssrvEnumRecords via 2636162d9a0 VERSION: Bump version up to 4.9.17... from f2c73b4e6bc VERSION: Disable GIT_SNAPSHOT for th 4.9.16 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - commit 631a49647b76cc203917fa8d32e11ab3935106b3 Author: Karolin Seeger Date: Fri Nov 29 12:21:03 2019 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.9.17 release. o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS management server (dnsserver). o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition on Samba AD DC. Signed-off-by: Karolin Seeger commit 2d9d1c3a0f1b58239ed6cb37b8e3f716373c87fd Author: Karolin Seeger Date: Fri Nov 29 12:19:48 2019 +0100 WHATSNEW: Add release notes for Samba 4.9.17. o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS management server (dnsserver). o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition on Samba AD DC. Signed-off-by: Karolin Seeger commit 277ab21fcf31bf60458410994e188d9c236963a3 Author: Isaac Boukris Date: Thu Nov 21 11:12:48 2019 +0100 CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag BUG: https://bugzilla.samba.org/show_bug.cgi?id=14187 Signed-off-by: Isaac Boukris commit d0d4954b9b4643678b6f465959dd69de0faafd07 Author: Isaac Boukris Date: Mon Oct 28 02:54:09 2019 +0200 CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self Signed-off-by: Isaac Boukris commit 5249cad8b435d162584f010f492568d6f4526662 Author: Isaac Boukris Date: Wed Oct 30 15:59:16 2019 +0100 CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed Signed-off-by: Isaac Boukris commit 80ea4bde850048474d23f13fa5bf1149b7cc6859 Author: Isaac Boukris Date: Sun Oct 27 14:02:00 2019 +0200 samba-tool: add user-sensitive command to set not-delegated flag Signed-off-by: Isaac Boukris commit 38db53fa5e930e6bc739f5ac8b7160048b6dd7d6 Author: Andrew Bartlett Date: Fri Nov 1 06:53:56 2019 +1300 s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_local This test often flaps in Samba 4.9 (where more tests and DCs run in the environment) with obj_1 being 3. This is quite OK, we just need to see some changes get replicated, not 0 changes. Signed-off-by: Andrew Bartlett Reviewed-by: Douglas Bagnall (cherry picked from commit 4ae0f9ce0f5ada99cf1d236377e5a1234c879ae3) commit 90073f0abc495c4b5bd05322b71667c534ee9dd8 Author: Andrew Bartlett Date: Wed Oct 30 11:50:57 2019 +1300 CVE-2019-14861: Test to demonstrate the bug This test does not fail every time, but when it does it casues a segfault which takes out the rpc_server master process, as this hosts the dnsserver pipe. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138 Signed-off-by: Andrew Bartlett commit 16405fecc403517574915a49de5f4abcaa964e21 Author: Andrew Bartlett Date: Tue Oct 29 14:15:36 2019 +1300 CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords) dns_name_compare() had logic to put @ and the top record in the tree being enumerated first, but if a domain had both then this would break the older qsort() implementation in ldb_qsort() and cause a read of memory before the base pointer. By removing this special case (not required as the base pointer is already seperatly located, no matter were it is in the returned records) the crash is avoided. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138 Signed-off-by: Andrew Bartlett commit 51fa9a6a805e4221120847ee9dcab6796021175a Author:
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via f2c73b4e6bc VERSION: Disable GIT_SNAPSHOT for th 4.9.16 release. via a1b939d6282 WHATSNEW: Add release notes for Samba 4.9.16. via 2927573cfef Merge tag 'samba-4.9.15' into v4-9-test via 92b73cf0bf0 ctdb-tcp: Close inflight connecting TCP sockets after fork via 0dcb2efb8f8 ctdb-tcp: Drop tracking of file descriptor for incoming connections via 14406d123ab ctdb-tcp: Avoid orphaning the TCP incoming queue via 20b823fc255 ctdb-tcp: Check incoming queue to see if incoming connection is up via 2d1f566ef95 VERSION: Bump version up to 4.9.16. via 5942df08644 VERSION: Bump version up to 4.9.15... from 0d69a39c463 VERSION: Disable GIT_SNAPSHOT for the 4.9.15 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - commit f2c73b4e6bcfba4ea58cea999e6c83bd61d86bb3 Author: Karolin Seeger Date: Tue Nov 26 13:15:43 2019 +0100 VERSION: Disable GIT_SNAPSHOT for th 4.9.16 release. Signed-off-by: Karolin Seeger commit a1b939d628248125cd12ad4e5653f4e2967d5669 Author: Karolin Seeger Date: Tue Nov 26 13:13:17 2019 +0100 WHATSNEW: Add release notes for Samba 4.9.16. Signed-off-by: Karolin Seeger commit 2927573cfef0d0856fa82f28f4e655b280372bff Merge: 92b73cf0bf0 0d69a39c463 Author: Karolin Seeger Date: Tue Nov 26 13:03:54 2019 +0100 Merge tag 'samba-4.9.15' into v4-9-test samba: tag release samba-4.9.15 Signed-off-by: Karolin Seeger commit 92b73cf0bf028321b99eba942b76d494c6a96e2b Author: Volker Lendecke Date: Thu Nov 7 15:26:01 2019 +0100 ctdb-tcp: Close inflight connecting TCP sockets after fork Commit c68b6f96f26 changed the talloc hierarchy such that outgoing TCP sockets while sitting in the async connect() syscall are not freed via ctdb_tcp_shutdown() anymore, they are hanging off a longer-running structure. Free this structure as well. If an outgoing TCP socket leaks into a long-running child process (possibly the recovery daemon), this connection will never be closed as seen by the destination node. Because with recent changes incoming connections will not be accepted as long as any incoming connection is alive, with that socket leak into the recovery daemon we will never again be able to successfully connect to the node that is affected by this leak. Further attempts to connect will be discarded by the destination as long as the recovery daemon keeps this socket alive. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14175 RN: Avoid communication breakdown on node reconnect Signed-off-by: Martin Schwenke Signed-off-by: Volker Lendecke Reviewed-by: Amitay Isaacs (cherry picked from commit a6d99d9e5c5bc58e6d56be7a6c1dbc7c8d1a882f) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Wed Nov 20 14:58:33 UTC 2019 on sn-devel-144 commit 0dcb2efb8f828606d22742100491fb7b8f61a340 Author: Martin Schwenke Date: Tue Oct 29 17:28:22 2019 +1100 ctdb-tcp: Drop tracking of file descriptor for incoming connections This file descriptor is owned by the incoming queue. It will be closed when the queue is torn down. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14175 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit bf47bc18bb8a94231870ef821c0352b7a15c2e28) commit 14406d123ab4587715ca97114e933f3ae1e31c17 Author: Martin Schwenke Date: Tue Oct 29 15:29:11 2019 +1100 ctdb-tcp: Avoid orphaning the TCP incoming queue CTDB's incoming queue handling does not check whether an existing queue exists, so can overwrite the pointer to the queue. This used to be harmless until commit c68b6f96f26664459187ab2fbd56767fb31767e0 changed the read callback to use a parent structure as the callback data. Instead of cleaning up an orphaned queue on disconnect, as before, this will now free the new queue. At first glance it doesn't seem possible that 2 incoming connections from the same node could be processed before the intervening disconnect. However, the incoming connections and disconnect occur on different file descriptors. The queue can become orphaned on node A when the following sequence occurs: 1. Node A comes up 2. Node A accepts an incoming connection from node B 3. Node B processes a timeout before noticing that outgoing the queue is writable 4. Node B tears down the outgoing connection to node A 5. Node B initiates a new connection to node A 6. Node A accepts an incoming connection from node B Node A processes then the disconnect of the old incoming connection from (2) but tears down the new incoming connection from (6). This then occurs until the
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via 0d69a39c463 VERSION: Disable GIT_SNAPSHOT for the 4.9.15 release. via 485061c WHATSNEW: Add release notes for Samba 4.9.15. via 77b10b360f4 CVE-2019-14847 dsdb: Correct behaviour of ranged_results when combined with dirsync via bdb3e3f669b CVE-2019-14847 dsdb: Demonstrate the correct interaction of ranged_results style attributes and dirsync via ea39bdd6293 CVE-2019-14847 dsdb/modules/dirsync: ensure attrs exist (CID 1107212) via 70078d4ddf3 CVE-2019-14833 dsdb: send full password to check password script via e6de467a763 CVE-2019-14833: Use utf8 characters in the unacceptable password via 167f78aa97a CVE-2019-10218 - s3: libsmb: Protect SMB2 client code from evil server returned names. via fc6022b9b19 CVE-2019-10218 - s3: libsmb: Protect SMB1 client code from evil server returned names. via 08c10ff906a VERSION: Bump version up to 4.9.15... from 2250bc58aea VERSION: Disable GIT_SNAPSHOT for the 4.9.14 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - commit 0d69a39c463ea7da23f3b2d1aecedb2d6bbcfd15 Author: Karolin Seeger Date: Thu Oct 24 12:37:23 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.9.15 release. * Bug 14071: CVE-2019-10218: Client code can return filenames containing path separators. * Bug 12438: CVE-2019-14833: Samba AD DC check password script does not receive the full password. * Bug 14040: CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync. Signed-off-by: Karolin Seeger commit 485061c134a28b5f439ede34df3a3fee6997 Author: Karolin Seeger Date: Thu Oct 24 12:36:15 2019 +0200 WHATSNEW: Add release notes for Samba 4.9.15. * Bug 14071: CVE-2019-10218: Client code can return filenames containing path separators. * Bug 12438: CVE-2019-14833: Samba AD DC check password script does not receive the full password. * Bug 14040: CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync. Signed-off-by: Karolin Seeger commit 77b10b360f4ffb7ac90bc5fce0a80306515c1aca Author: Andrew Bartlett Date: Tue Oct 15 15:44:34 2019 +1300 CVE-2019-14847 dsdb: Correct behaviour of ranged_results when combined with dirsync BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040 Signed-off-by: Andrew Bartlett commit bdb3e3f669bd991da819040e726e003e4e2b841d Author: Andrew Bartlett Date: Tue Oct 15 16:28:46 2019 +1300 CVE-2019-14847 dsdb: Demonstrate the correct interaction of ranged_results style attributes and dirsync Incremental results are provided by a flag on the dirsync control, not by changing the attribute name. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040 Signed-off-by: Andrew Bartlett commit ea39bdd6293041af668f1bfdfea39a725733bad3 Author: Douglas Bagnall Date: Fri May 3 17:27:51 2019 +1200 CVE-2019-14847 dsdb/modules/dirsync: ensure attrs exist (CID 1107212) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040 Signed-off-by: Douglas Bagnall Reviewed-by: Gary Lockyer (cherry picked from commit 23f72c4d712f8d1fec3d67a66d477709d5b0abe2) commit 70078d4ddf3b842eeadee058dadeef82ec4edf0b Author: Björn Baumbach Date: Tue Aug 6 16:32:32 2019 +0200 CVE-2019-14833 dsdb: send full password to check password script utf8_len represents the number of characters (not bytes) of the password. If the password includes multi-byte characters it is required to write the total number of bytes to the check password script. Otherwise the last bytes of the password string would be ignored. Therefore we rename utf8_len to be clear what it does and does not represent. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12438 Signed-off-by: Björn Baumbach Signed-off-by: Andrew Bartlett commit e6de467a763b93152eef27726957a32879268fb7 Author: Andrew Bartlett Date: Thu Sep 19 11:50:01 2019 +1200 CVE-2019-14833: Use utf8 characters in the unacceptable password This shows that the "check password script" handling has a bug. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12438 Signed-off-by: Andrew Bartlett commit 167f78aa97af6502cb2027dc9dad40399b0a9c4f Author: Jeremy Allison Date: Tue Aug 6 12:08:09 2019 -0700 CVE-2019-10218 - s3: libsmb: Protect SMB2 client code from evil server returned names. Disconnect with NT_STATUS_INVALID_NETWORK_RESPONSE if so. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14071 Signed-off-by: Jeremy Allison commit fc6022b9b19473076c4236fdf4ac474f44ca73e2 Author: Jeremy Allison Date: Mon Aug 5 13:39:53 2019 -0700 CVE-2019-10218 - s3: libsmb:
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via 2250bc58aea VERSION: Disable GIT_SNAPSHOT for the 4.9.14 release. via 72a2a1b5630 WHATSNEW: Add release notes for Samba 4.9.14. via a5ffe3982cc spnego: fix server handling of no optimistic exchange via e7603aa87f0 selftest: add tests for no optimistic spnego exchange via 16b10d1a433 spnego: add client option to omit sending an optimistic token via 6024163e177 ctdb-vacuum: Process all records not deleted on a remote node via c788ff56bae fault.c: improve fault_report message text pointing to our wiki via 9a5bdc6c9e6 ctdb-tools: Stop deleted nodes from influencing ctdb nodestatus exit code via c50486c09a2 s3/4: libsmbclient test. Test using smbc_telldir/smbc_lseekdir with smbc_readdir/smbc_readdirplus/smbc_getdents. via 5cd57eb58b7 s3: libsmbclient: Fix smbc_lseekdir() to work with smbc_readdirplus(). via 588c84d4882 s3: libsmbclient: Ensure SMBC_getdents_ctx() also updates the readdirplus pointers. via b44cc7f07e3 s3: libsmbclient: Ensure SMBC_readdirplus_ctx() also updates the readdir pointers. via 04cb3d3ee13 s3: libsmbclient: Ensure SMBC_readdir_ctx() also updates the readdirplus pointers. via 36439305afc libcli/smb: send SMB2_NETNAME_NEGOTIATE_CONTEXT_ID via 9b60134b8bb libcli/smb: add new COMPRESSION and NETNAME negotiate context ids via 00a810d8fdd s3:ldap: Fix join with don't exists machine account via b9f1be5cf45 ctdb: fix compilation on systems with glibc robust mutexes via 5a308ef8e07 vfs_glusterfs: Use pthreadpool for scheduling aio operations via 745052cb6b9 ctdb-recoverd: Fix typo in previous fix via 89b08e4fbcf ctdb-tests: Clear deleted record via recovery instead of vacuuming via 4cbd3cd970a ctdb-tests: Strengthen volatile DB traverse test via 3801c9582b7 ctdb-recoverd: Only check for LMASTER nodes in the VNN map via 68cc58437fa ctdb-tests: Don't retrieve the VNN map from target node for notlmaster via 31066fde8c5 ctdb-tests: Handle special cases first and return via c3f2c55320d ctdb-tests: Inline handling of recovered and notlmaster statuses via cf39c0fc3b0 ctdb-tests: Drop unused node statuses frozen/unfrozen via fd8a55bb3f4 ctdb-tests: Reformat node_has_status() via b40bef3c5ee VERSION: Bump version up to 4.9.14. via 7cb10fc9976 Merge tag 'samba-4.9.13' into v4-9-test via fcf29cda0e7 ctdb-daemon: Make node inactive in the NODE_STOP control via fa705bc7dee ctdb-daemon: Drop unused function ctdb_local_node_got_banned() via c2ee9bbeeea ctdb-daemon: Switch banning code to use ctdb_node_become_inactive() via 13780a3ee01 ctdb-daemon: Factor out new function ctdb_node_become_inactive() via f4442942fbb ctdb-tcp: Mark node as disconnected if incoming connection goes away via 1e45ab3c23d ctdb-tcp: Only mark a node connected if both directions are up via 9155ad23d43 ctdb-tcp: Create outbound queue when the connection becomes writable via f2ce6c745cf ctdb-tcp: Use TALLOC_FREE() via b21bc19bae5 ctdb-tcp: Move incoming fd and queue into struct ctdb_tcp_node via 17f1a95203a ctdb-tcp: Rename fd -> out_fd via a8dd1a0577e ctdb-daemon: Add function ctdb_ip_to_node() via a309b862e8f ctdb-daemon: Replace function ctdb_ip_to_nodeid() with ctdb_ip_to_pnn() via b74fde880de undoguididx: blackbox test via 4da5d9c9761 undoguididx: Add "or later" to warning about using tools from Samba 4.8 via 00950aa7cf7 sambaundoguididx: fix for -s via f3f259e7369 sambaundoguididx: Add flags=ldb.FLG_DONT_CREATE_DB and port to Python3 via c61d824e3ca s4/scripting: MORE py3 compatible print functions via 47a971f5841 s4/scripting/*: py3 compatible print via 8818401b301 ldb: release ldb 1.4.8 via e22c1fbd56f ldb: ldbdump key and pack format version comments via 388cb30bd7d ldb: baseinfo pack format check on init via 3cb3b34def3 ldb: Fix segfault parsing new pack formats via 3e9e7afc259 ldb: test for parse errors via abc63d6eab0 VERSION: Bump version up to 4.9.13... from 1acf30ac5c1 VERSION: Disable GIT_SNAPSHOT for the 4.9.13 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 86 +++- auth/gensec/spnego.c | 24 + ctdb/include/ctdb_private.h| 8 +- ctdb/server/ctdb_banning.c | 26 +- ctdb/server/ctdb_daemon.c | 11 +-
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated
via 1acf30ac5c1 VERSION: Disable GIT_SNAPSHOT for the 4.9.13 release.
via 514743b29cd WHATSNEW: Add release notes for Samba 4.9.13.
via 8e2c37bdde1 CVE-2019-10197: smbd: split
change_to_user_impersonate() out of change_to_user_internal()
via c98528753fc CVE-2019-10197: test_smbclient_s3.sh: add regression
test for the no permission on share root problem
via 1305693dba3 CVE-2019-10197: selftest: make fsrvp_share its own
independent subdirectory
via 104557f2ad5 CVE-2019-10197: smbd: make sure we reset
current_user.{need,done}_chdir in become_root()
via 5604883d06d CVE-2019-10197: smbd: make sure that
change_to_user_internal() always resets current_user.done_chdir
via 4772adbe1ce CVE-2019-10197: smbd: separate out impersonation debug
info into a new function.
via 674ef36921f VERSION: Bump version up to 4.9.13...
via 53d19bf5359 VERSION: Diable GIT_SNAPSHOT for the 4.9.12 release.
via 1205c5cb588 WHATSNEW: Add release notes for Samba 4.9.12.
via dcff563d0ff vfs_glusterfs: Enable profiling for file system
operations
via 0cb08a2309c vfs_gpfs: Implement special case for denying owner
access to ACL
via fe990205ac8 vfs_gpfs: Move mapping from generic NFSv ACL to GPFS
ACL to separate function
via bba26e385b3 docs: Remove gpfs:merge_writeappend from vfs_gpfs
manpage
via b3560baaf99 vfs_gpfs: Remove merge_writeappend parameter
via 548cc5183e4 nfs4_acls: Use correct owner information for ACL after
owner change
via c5d4691183f nfs4_acls: Add test for merging duplicates when mapping
from NFS4 ACL to DACL
via 1f10af9fb98 nfs4_acls: Remove duplicate entries when mapping from
NFS4 ACL to DACL
via b4b61724550 nfs4_acls: Rename smbacl4_fill_ace4 function
via 657f79f8594 nfs4_acls: Add additional owner entry when mapping to
NFS4 ACL with IDMAP_TYPE_BOTH
via d297f347dd1 nfs4_acls: Remove redundant pointer variable
via 596a4e4d0a1 nfs4_acls: Remove redundant logging from
smbacl4_fill_ace4
via 7555f121757 nfs4_acls: Move adding of NFS4 ACE to ACL to
smbacl4_fill_ace4
via 02a5fbd007a nfs4_acls: Move smbacl4_MergeIgnoreReject function
via 8c8f09c32f8 nfs4_acls: Remove i argument from
smbacl4_MergeIgnoreReject
via 966916dafec nfs4_acls: Add missing braces in smbacl4_win2nfs4
via ff1cee15494 nfs4_acls: Add helper function for checking INHERIT
flags.
via 1026680518d nfs4_acls: Use correct type when checking ownerGID
via 2493a9f81b9 nfs4_acls: Use switch/case for checking idmap type
via d50b5fc5fc5 nfs4_acls: Use sids_to_unixids to lookup uid or gid
via 9ba27632b29 test_nfs4_acls: Add test for mapping from DACL to NFS4
ACL with IDMAP_TYPE_BOTH
via 8ad87b9ab42 test_nfs4_acls: Add test for mapping from NFS4 ACL to
DACL with IDMAP_TYPE_BOTH
via c5da1d665a9 test_nfs4_acls: Add test for mapping from NFS4 to DACL
in config mode special
via f64276397e2 test_nfs4_acls: Add test for mapping from DACL to NFS4
ACL with config special
via 92d2e243c30 test_nfs4_acls: Add test for matching DACL entries for
acedup
via 5b130cc4d10 test_nfs4_acls: Add test for acedup settings
via b21c3f38871 test_nfs4_acls: Add test for 'map full control' option
via 79f9a5013a6 test_nfs4_acls: Add test for mapping from NFS4 to DACL
CREATOR entries
via e8f8c4c8257 test_nfs4_acls: Add test for mapping CREATOR entries to
NFS4 ACL entries
via f0581b94b24 test_nfs4_acls: Add test for mapping from DACL to
special NFS4 ACL entries
via f900a6e1252 test_nfs4_acls: Add test for mapping of special NFS4
ACL entries to DACL entries
via c9650274538 test_nfs4_acls: Add test for mapping permissions from
DACL to NFS4 ACL
via f431a1b7de7 test_nfs4_acls: Add test for mapping permissions from
NFS4 ACL to DACL
via 0aadba938c9 test_nfs4_acls: Add test for flags mapping from DACL to
NFS4 ACL
via d142e46acdf test_nfs4_acls: Add test for flags mapping from NFS4
ACL to DACL
via 7f1c567af71 test_nfs4_acls: Add tests for mapping of ACL types
via ee47f743a9b test_nfs4_acls: Add tests for mapping of empty ACLs
via c84bdb31826 selftest: Start implementing unit test for nfs4_acls
via 1db5a29088b nfs4_acls: Remove fsp from smbacl4_win2nfs4
via 0af50d85f6d Revert "nfs4acl: Fix owner mapping with ID_TYPE_BOTH"
via d2b711ae9bf vfs: Use dom_sid_str_buf
via 1784a664892 Add PrimaryGroupId to group array in DC response
via c20f77fe0fb selftest: check for PrimaryGroupId in DC returned group
array
via 1c43f6b1afb selftest: remote_pac: s/s2u4self/s4u2self/g
via 3aa131b5558 vfs:glusterfs_fuse: build only if we have setmntent()
via c7e98332192 vfs:glusterfs_fuse: ensure fileids are constant
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated
via f9055cbf92c VERSION: Disable GIT_SNAPSHOT for the 4.9.11 release.
via 09aecc7e33f WHATSNEW: Add release notes for Samba 4.9.11.
via 78b728570f3 ldb: Release ldb 1.4.7
via 98cef2ad057 VERSION: Bump version up to 4.9.11...
from 4cea44ba0a2 VERSION: Disable GIT_SNAPSHOT for the 4.9.10 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable
- Log -
---
Summary of changes:
VERSION| 2 +-
WHATSNEW.txt | 49 --
lib/ldb/ABI/{ldb-1.3.0.sigs => ldb-1.4.7.sigs} | 0
...yldb-util-1.1.10.sigs => pyldb-util-1.4.7.sigs} | 0
...-util-1.1.10.sigs => pyldb-util.py3-1.4.7.sigs} | 0
lib/ldb/wscript| 2 +-
6 files changed, 48 insertions(+), 5 deletions(-)
copy lib/ldb/ABI/{ldb-1.3.0.sigs => ldb-1.4.7.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.4.7.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util.py3-1.4.7.sigs} (100%)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index e6177d7a239..75b6a9a9768 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=9
-SAMBA_VERSION_RELEASE=10
+SAMBA_VERSION_RELEASE=11
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index b313ef80b35..4c28ae2b424 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,49 @@
+ ==
+ Release Notes for Samba 4.9.11
+July 03, 2019
+ ==
+
+
+This is the latest stable release of the Samba 4.9 release series.
+
+In yesterday's Samba 4.9.10 release, LDAP_REFERRAL_SCHEME_OPAQUE was added to
+db_module.h in order to fix bug #12478. Unfortunately, the ldb version was not
+raised. Samba >= 4.9.10 is no longer able to build with ldb 1.4.6. This version
+includes the new ldb version. Please note that there are just the version bumps
+in ldb and Samba, no code change. If you don't build Samba with an external ldb
+library, you can ignore this release and keep using 4.9.11.
+
+
+Changes since 4.9.10:
+-
+
+o Stefan Metzmacher
+ * BUG 12478: ldb: Release ldb 1.4.7.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
==
Release Notes for Samba 4.9.10
July 02, 2019
@@ -120,9 +166,6 @@ database (https://bugzilla.samba.org/).
==
-Release notes for older releases follow:
-
-
=
Release Notes for Samba 4.9.9
June 19, 2019
diff --git a/lib/ldb/ABI/ldb-1.3.0.sigs b/lib/ldb/ABI/ldb-1.4.7.sigs
similarity index 100%
copy from lib/ldb/ABI/ldb-1.3.0.sigs
copy to lib/ldb/ABI/ldb-1.4.7.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs
b/lib/ldb/ABI/pyldb-util-1.4.7.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util-1.4.7.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs
b/lib/ldb/ABI/pyldb-util.py3-1.4.7.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util.py3-1.4.7.sigs
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index 5c5ca15f86a..b8df924ef49 100644
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -1,7 +1,7 @@
#!/usr/bin/env python
APPNAME = 'ldb'
-VERSION = '1.4.6'
+VERSION = '1.4.7'
blddir = 'bin'
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via 4cea44ba0a2 VERSION: Disable GIT_SNAPSHOT for the 4.9.10 release. via 75872ddde11 WHATSNEW: Add release notes for Samba 4.9.10. via 38d6dd6ae9f python/ntacls: use correct "state directory" smb.conf option instead of "state dir" via da0d67b29bf docs: Document DCEPRC binding string for rpcclient via 3cd4642014b s3:mdssvc: fix flex compilation error via 44b5168845e ctdb-scripts: Fix tcp_tw_recycle existence check via 575739df9fd docs: Improve documentation of "lanman auth" and "ntlm auth" connection via 684d772e0e1 vfs_fruit: remove a now unnecessary include via 7ae1667bda9 vfs_fruit: use VFS functions in ad_read_rsrc_adouble() via 1a8dffceff4 vfs_fruit: use fsp and remove syscalls from ad_convert_blank_rfork() via afc88153675 vfs_fruit: use VFS function in ad_convert_truncate() via 14048aaf176 vfs_fruit: add VFS handle to ad_convert_truncate() via 015586a4227 vfs_fruit: use fsp and remove mmap in ad_convert_xattr() via 42e6d4d4b5e vfs_fruit: remove use of mmap() from ad_convert_move_reso() via e21d880614c vfs_fruit: convert ad_open_rsrc() to open a proper fsp with SMB_VFS_CREATE_FILE() via b10eabed24d vfs_fruit: only do cross protocol locking on non-internal opens via 645836ff20a vfs_fruit: remove a layer of indirection via 06bd78910ec vfs_fruit: pass VFS handle to ad_convert_move_reso() via e8cecc86ab5 vfs_fruit: remove xattr code from the AppleDouble subsystem via 76074dded7d vfs_fruit: remove now unused AppleDouble code for resource fork in xattr via b24bac64570 vfs_fruit: use stream code for resource fork size calculation in readdir_attr_rfork_size() via 561d52f89a6 vfs_fruit: use correct case FRUIT_RSRC_STREAM in readdir_attr_rfork_size() via c2c6377ebf8 vfs_fruit: ignore AppleDouble files in fruit_unlink() via 1542bb051be vfs_fruit: add a missing else via 18c45bb3440 vfs_fruit: add and use is_adouble_file() via c3676d8d42b vfs_fruit: finally, remove ad_handle from struct adouble via 20e66673c39 vfs_fruit: pass handle to ad_convert_delete_adfile() via fbc0501bed0 vfs_fruit: pass handle to ad_convert_finderinfo() via b50f2ad9919 vfs_fruit: pass handle to ad_convert_blank_rfork() via 1efc046ceff vfs_fruit: pass handle to ad_convert_xattr() via b5275f407f6 vfs_fruit: indentation fix via f30219176ae vfs_fruit: pass handle to ad_read_rsrc() and all the way down via 5975a4a8dfd vfs_fruit: use proper VFS function in ad_read_meta() via 9ae195e4bd8 vfs_fruit: indentation fix via b4c6efa3ebd vfs_fruit: pass handle to ad_read_meta() via c99c7f2a641 vfs_fruit: pass handle to ad_read() via 7ece266411a vfs_fruit: pass handle to ad_set() via f94d0095e8a vfs_fruit: pass handle to ad_fset() via 79beb172cc6 s3:auth: explicitly add BUILTIN\Guests to the guest token via 15fa6919b8a tests: add a test for guest authentication via 36641f70d05 selftest: allow guest login in the ad_member_idmap_rid env via 1cc8068e196 s3:smbd: call reinit_guest_session_info() in the conf updated handler via 71c33811c82 s3:auth: add reinit_guest_session_info() via 29e402f583b dsdb:audit_log: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..." via 11b1f405ee9 ldap server: generate correct referral schemes via 670b864e908 ldap tests: test scheme for referrals via 2cde1306169 s4 dsdb: fix use after free in samldb_rename_search_base_callback via 936a71bfe0e s3/vfs_glusterfs_fuse: Avoid using NAME_MAX directly via 3136b31e957 s3/vfs_glusterfs: Avoid using NAME_MAX directly via dba38ed369b Revert "s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX" via 3b1ccbfc0ce Revert "s3/vfs_glusterfs: Dynamically determine NAME_MAX" via 2a7e6eb8b1d dsdb/repl: we need to replicate the whole schema before we can apply it via 414261f3785 VERSION: Bump version up to 4.9.10. via 01f22365af9 Merge tag 'samba-4.9.9' into v4-9-test via 8b1dfd9b172 vfs_fruit: change trigger points of AppleDouble conversion via 267e70cb0d0 vfs_fruit: add a forward declaration for ad_get() via 77655c65737 selftest: run vfs.fruit test against a share that deletes empty resource forks via 45de537de14 s4:torture/vfs/fruit: ensure test_adouble_conversion_wo_xattr() uses a non-emtpy resourcefork via 22170e79bc4 s4:torture/vfs/fruit: ensure test_adouble_conversion() uses a non-emtpy resourcefork via 341fcacfc01 registry: add a missing include via dada63ccaee docs: dfree command. Correct usage of dfree scripts. via fce8502f381 lib: util: Finally remove possibilities of using sys_popen() unsafely. via eb7091a23b8 s3:
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via e6e7c8cada4 VERSION: Disable GIT_SNAPSHOT for the 4.9.9 release via c0712976700 WHATSNEW: Add release notes for Samba 4.9.9 via c2423655657 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2 via 09818693ac2 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation via a26bed6da5c VERSION: Re-enable GIT_SNAPSHOT. via a402c1e10ef VERSION: Bump version up to 4.9.9. from 9dfd4419b50 VERSION: Disable GIT_SNAPSHOT for the 4.9.8 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - commit e6e7c8cada481f79fb899e372fa2f34d35e14637 Author: Karolin Seeger Date: Thu Jun 13 11:59:07 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.9.9 release CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922 Signed-off-by: Karolin Seeger commit c07129767006e89014b01105d5aca6b3043b5596 Author: Karolin Seeger Date: Thu Jun 13 11:57:35 2019 +0200 WHATSNEW: Add release notes for Samba 4.9.9 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922 Signed-off-by: Karolin Seeger commit c2423655657f3074c80ae06f0b6806fc71c8bb41 Author: Douglas Bagnall Date: Wed May 22 13:23:25 2019 +1200 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2 We still want to return DOES_NOT_EXIST when request_filter is not 0. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit 09818693ac251a15df39433ed529b882883cdd44 Author: Douglas Bagnall Date: Wed May 22 12:58:01 2019 +1200 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation We still want to return DOES_NOT_EXIST when request_filter is not 0. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit a26bed6da5c1813b14a2c4a5d77359d76eb2f4b3 Author: Karolin Seeger Date: Thu Jun 13 11:16:26 2019 +0200 VERSION: Re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit a402c1e10ef4e1007250a5d622e6bfde56cd5291 Author: Karolin Seeger Date: Tue May 14 08:23:03 2019 +0200 VERSION: Bump version up to 4.9.9. Signed-off-by: Karolin Seeger (cherry picked from commit a9f7f1f7433b1f1c18ebf0d88fc57ae270f2711f) --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 57 - python/samba/tests/dcerpc/dnsserver.py | 51 ++ source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 14 +- 4 files changed, 119 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 1833b6c24d0..62d75c7cb9a 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=9 -SAMBA_VERSION_RELEASE=8 +SAMBA_VERSION_RELEASE=9 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b0191a14442..a053735f6e9 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,56 @@ + = + Release Notes for Samba 4.9.9 +June 19, 2019 + = + + +This is a security release in order to address the following defect: + +o CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server + (dnsserver)) + +=== +Details +=== + +o CVE-2019-12435: + An authenticated user can crash the Samba AD DC's RPC server process via a + NULL pointer dereference. + +For more details and workarounds, please refer to the security advisory. + + +Changes since 4.9.8: + + +o Douglas Bagnall + * BUG 13922: CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found + in DnssrvOperation2. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via 9dfd4419b50 VERSION: Disable GIT_SNAPSHOT for the 4.9.8 release. via ff8e3fbae80 WHATSNEW: Add release notes for Samba 4.9.8. via de3fa5d6b94 CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum via 52200468716 CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum via bc1b0ade6ff VERSION: Bump version up to 4.9.8... from c8e9b9fe7cc VERSION: Disable GIT_SNAPSHOT for the 4.9.7 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - commit 9dfd4419b50b17ed916957372829057af8e27893 Author: Karolin Seeger Date: Tue May 7 12:25:56 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.9.8 release. CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum) Signed-off-by: Karolin Seeger commit ff8e3fbae80e62f1b0f8b638a171e913a14b231a Author: Karolin Seeger Date: Tue May 7 12:24:55 2019 +0200 WHATSNEW: Add release notes for Samba 4.9.8. CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum) Signed-off-by: Karolin Seeger commit de3fa5d6b9462bd8c5bc01cf1ae89fa997009ae7 Author: Isaac Boukris Date: Wed Jan 30 23:49:07 2019 +0200 CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685 Signed-off-by: Isaac Boukris Reviewed-by: Andrew Bartlett Signed-off-by: Andrew Bartlett commit 522004687162c3dfad87581ce930b21c9ecdf834 Author: Isaac Boukris Date: Thu Apr 25 22:12:10 2019 +1200 CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685 Signed-off-by: Isaac Boukris Signed-off-by: Andrew Bartlett commit bc1b0ade6ff84fd16fa58d357497b317ba04cbff Author: Karolin Seeger Date: Tue Apr 16 12:39:04 2019 +0200 VERSION: Bump version up to 4.9.8... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger (cherry picked from commit 86de3470b4c342857d1c8408929ef4637fdf1937) --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 58 +++- source4/heimdal/kdc/krb5tgs.c| 7 ++ source4/torture/krb5/kdc-canon-heimdal.c | 115 +-- 4 files changed, 175 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index ba6fe8a24b9..1833b6c24d0 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=9 -SAMBA_VERSION_RELEASE=7 +SAMBA_VERSION_RELEASE=8 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index d135527fa1b..b0191a14442 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,57 @@ + = + Release Notes for Samba 4.9.8 +May 14, 2019 + = + + +This is a security release in order to address the following defect: + +o CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum) + + +=== +Details +=== + +o CVE-2018-16860: + The checksum validation in the S4U2Self handler in the embedded Heimdal KDC + did not first confirm that the checksum was keyed, allowing replacement of + the requested target (client) principal. + +For more details and workarounds, please refer to the security advisory. + + +Changes since 4.9.7: + + +o Isaac Boukris + * BUG 13685: CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed + checksum. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + = Release Notes for Samba 4.9.7 May
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via c8e9b9fe7cc VERSION: Disable GIT_SNAPSHOT for the 4.9.7 release. via b9fac394ab0 WHATSNEW: Add release notes for Samba 4.9.7. via 16462634503 s3/vfs_glusterfs: Dynamically determine NAME_MAX via f6907809a8e s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX via 571f7034fcc docs/vfs_ceph: describe new ACL behaviour via c5089041e62 vfs_ceph: explicitly enable libcephfs POSIX ACL support via 7abc1442500 smb2_server: grant all 8192 credits to clients via 74001095d25 vfs_default: fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check via a50c4d7a891 vfs_default: fix DEBUG messages in vfswrap_offload_write_*_done() via dedeaf370eb vfs_snapper: drop unneeded fstat handler via c8bdbc39955 smb2_tcon: avoid STATUS_PENDING completely on tdis via d8d3e6895ae smb2_sesssetup: avoid STATUS_PENDING completely on session logoff via 6122f423d8d smb2_tcon: avoid STATUS_PENDING responses for tree connect via dc06b1b364d smb2_sesssetup: avoid STATUS_PENDING responses for session setup via 8d6361b63bb smb2_server: allow smbd_smb2_request_pending_queue(0) to avoid STATUS_PENDING via 7aa443a3cf3 s3:smbd: handle IO_REPARSE_TAG_DFS in SMB_FIND_FILE_FULL_DIRECTORY_INFO via 945a41d3841 ctdb-common: Avoid race between fd and signal events via d9c47cb86e0 ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake" via e974e44014b torture: Add test for talloc size accounting in memcache via e09262b7a0f memcache: Increase size of default memcache to 512k via a54038bf5f8 memcache: Properly track the size of talloc objects via 116c874f1ff memcache: Introduce struct for storing talloc pointer via 49fa08814e2 ctdb-scripts: Update statd-callout to try several configuration files via dae0e8ec961 ctdb-scripts: Allow load_system_config() to take multiple alternatives via 14069988a97 ctdb-tests: Update NFS test infrastructure to support systemd services via aee71ea6863 ctdb-scripts: Add systemd services to NFS call-out via 7932032de40 ctdb-scripts: Start NFS quota service if defined via 5a97b7f00ab ctdb-scripts: Stop/start mount/rquotad/status via NFS call-out via f00827672cb ctdb-scripts: Factor out nfs_load_config() via 022b9a6ca7d ctdb-scripts: Add test variable CTDB_NFS_DISTRO_STYLE via 117586288be ctdb-scripts: Rename variable nfslock_service to nfs_lock_service via d415458f6fc ctdb-scripts: Reindent some functions prior to making changes via d78118d0af5 py/provision: fix for Python 2.6 via 7f1811ee4ff s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join via d101da493ec s3-libnet_join: setup libnet join error string when AD connect fails via 4147349c963 s3-libnet_join: always pass down admin domain to ads layer via e933ddb7744 s3:ldap: Leave add machine code early for pre-existing accounts via 55da00ced98 s3:libads: Make sure we can lookup KDCs which are not configured via cf210317a6f s3:libnet: Use more secure name for the JOIN krb5.conf via 33ec6f827ef auth:creds: Prefer the principal over DOMAIN/username when using NTLM via 1a239fa0bdb auth:ntlmssp: Add back CRAP ndr debug output via 7dce8031959 s3:libnet: Fix debug message in libnet_DomainJoin() via 0acb2e42fcb s3:libsmb: Add some useful debug output to cliconnect via be37e77bb31 s3:libads: Print more information when LDAP fails via b1d1f5f5ac3 docs: Update smbclient manpage for --max-protocol via d162726a2e7 VERSION: Bump version up to 4.9.7. via 8ee79597846 Merge tag 'samba-4.9.6' into v4-9-test via d59cefc8c3b libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response via 9c52fdc1871 s3:lib: Fix the debug message for adding cache entries. via 5b7161153d0 s3:waf: Fix the detection of makdev() macro on Linux via 055b971a7b0 regfio tests: Update comment style to match README.Coding via 0cc3508242b regfio: Update code near recent changes to match README.Coding via f3552ad511c regfio: Improve handling of malformed registry hive files via b5ae06cc653 regfio: Add trivial unit test via 223352ee944 regfio: Use correct function names in debug information via 4644b23b91c Fix typos in "valid" via 87ffad41af1 py/kcc_utils: py2.6 compatibility via d44f2157a72 py/graph: use 2.6 compatible check for set membership via 42b62465fcc dbcheck: use the str() value of the "name" attribute via 693c349874f dbcheck: don't check expired tombstone objects by default anymore via 3fca3dcc1c9 blackbox/dbcheck-links.sh: prepare regression test for skipping expired tombstones
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via dd7b68d11c0 VERSION: Disable GIT_SNAPSHOT for the 4.9.6 release. via 424563dbdab WHATSNEW: Add release notes for Samba 4.9.6. via d53121af802 CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey. via c92ac5ada09 CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir() via 30db48655f7 CVE-2019-3870 pysmbd: Move umask manipuations as close as possible to users via 65a175aac08 CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact via 83cc536a420 CVE-2019-3870 tests: Add test to check file-permissions are correct after provision via b708ce3f1ac CVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten via 49231313afe VERSION: Bump version up to 4.9.6... from 214ec9cf8f4 VERSION: Disable GIT_SNAPSHOT for the 4.9.5 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - commit dd7b68d11c0c51033cdac339ee511acbd7750ce3 Author: Karolin Seeger Date: Fri Apr 5 09:47:20 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.9.6 release. CVE-2019-3870 (World writable files in Samba AD DC private/ dir) CVE-2019-3880 (Save registry file outside share as unprivileged user) Signed-off-by: Karolin Seeger commit 424563dbdabe1e0b57862e7b522ecabe21cd7300 Author: Karolin Seeger Date: Fri Apr 5 09:45:46 2019 +0200 WHATSNEW: Add release notes for Samba 4.9.6. CVE-2019-3870 (World writable files in Samba AD DC private/ dir) CVE-2019-3880 (Save registry file outside share as unprivileged user) Signed-off-by: Karolin Seeger commit d53121af8028bb39c1d61e0f5c26ae1d30ab6351 Author: Jeremy Allison Date: Thu Mar 21 14:51:30 2019 -0700 CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey. The were not using VFS backend calls and could only work locally, and were unsafe against symlink races and other security issues. If the incoming handle is valid, return WERR_BAD_PATHNAME. [MS-RRP] states "The format of the file name is implementation-specific" so ensure we don't allow this. As reported by Michael Hanselmann. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851 Signed-off-by: Jeremy Allison Reviewed-by: Andrew Bartlett commit c92ac5ada094a2f3f10f15b65d6ba5c771261acd Author: Andrew Bartlett Date: Thu Mar 21 17:24:14 2019 +1300 CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir() mkdir() is the other call that requires a umask of 0 in Samba. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison commit 30db48655f7aae97586d9143b0c0e00308392115 Author: Andrew Bartlett Date: Thu Mar 14 18:20:06 2019 +1300 CVE-2019-3870 pysmbd: Move umask manipuations as close as possible to users Umask manipulation was added to pysmbd with e146fe5ef96c1522175a8e81db15d1e8879e5652 in 2012 and init_files_struct was split out in 747c3f1fb379bb68cc7479501b85741493c05812 in 2018 for Samba 4.9. (It was added to assist the smbd.create_file() routine used in the backup and restore tools, which needed to write files with full metadata). This in turn avoids leaving init_files_struct() without resetting the umask to the original, saved, value. Per umask(2) this is required before open() and mkdir() system calls (along side other file-like things such as those for Unix domain socks and FIFOs etc). Therefore for safety and clarify the additional 'belt and braces' umask manipuations elsewhere are removed. mkdir() will be protected by a umask() bracket, for correctness, in the next patch. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 Signed-off-by: Andrew Bartlett (This backport to Samba 4.9 by Andrew Bartlett is not a pure cherry-pick due to merge conflicts) commit 65a175aac08bc69eaaf6b4e011eb59b262e3417b Author: Andrew Bartlett Date: Thu Mar 21 17:21:58 2019 +1300 CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison commit 83cc536a42003bf2df0a5a121b07df33c1ffd96a Author: Tim Beale Date: Fri Mar 15 13:52:50 2019 +1300 CVE-2019-3870 tests: Add test to check file-permissions are correct after provision This provisions a new DC and checks there are no world-writable files in the new DC's private directory. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett Reviewed-by: Jeremy Allison commit
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via 214ec9cf8f4 VERSION: Disable GIT_SNAPSHOT for the 4.9.5 release. via 2bbbc1aae27 WHATSNEW: Add release notes for Samba 4.9.5. via 43957ab96e7 libcli/security: fix handling of deny type ACEs in access_check_max_allowed() via 4fe9eff4dd6 s4:torture: Add test_deny1(). via 824a058aa92 s4:torture: Add test_owner_rights_deny1(). via b4289aa34ae libcli/security: correct access check and maximum access calculation for Owner Rights ACEs via f801b824815 s4:torture: Add test_owner_rights_deny(). via b1ce4d436a1 s4:torture: Fix the test_owner_rights() test to show permissions are additive. via 8f9858671fd libcli/security: add "Owner Rights" calculation to access_check_max_allowed() via 2a7e1bb9c03 s4:torture: add a Maximum Access check with an Owner Rights ACE via 953039c7a78 s4:libcli: remember return code from maximum access via 9dc374fee03 sambaundoguididx: use the right escaped oder unescaped sam ldb files via f8748b8bfc2 s4-server: Open and close a transaction on sam.ldb at startup via 47fb4ba84f3 vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback via ba75d5f4839 vfs_ceph: fix strict_allocate_ftruncate() via 15ef70cb53a vfs_ceph: add missing fallocate hook via 13bf811858f s3: smbd: filenames - ensure we replace the missing '/' if we error in an intermediate POSIX path. via ffb706ddbce s3: torture: Add additional POSIX mkdir tests. via 4b58042f3fa smbd: unix_convert: Ensure we don't call get_real_filename on POSIX paths. via fe4254ef4e1 smbd: SMB1-POSIX: Add missing info-level SMB_POSIX_PATH_OPEN for UCF_UNIX_NAME_LOOKUP flag. via f59064f8a96 s3: smbtorture3: Add POSIX-MKDIR test for posix_mkdir case sensitive bug. via 53dfd92b82e winbindd: set idmap cache entries as the last step in async wb_xids2sids via 9c36a6dd16a winbindd: track whether a result from xid2sid was coming from the cache via b6587172d0c winbindd: switch send-next/done order via 06862c77d5c winbindd: update xid in wb_xids2sids_state->xids with what we got via 4cf7bddc645 winbindd: convert id to a pointer in wb_xids2sids_dom_done() via 577ac999fbd winbindd: make xids a const argument to wb_xids2sids_send() via 915aff6fe7c winbindd: make a copy of xid's in wb_xids2sids_send() via eb16d3b7bc1 ctdb-cluster-mutex: Separate out command and file handling via 65c3c5801ff ctdb-recoverd: Time out attempt to take recovery lock after 120s via 4c059e03ef7 ctdb-recoverd: Ban node on unknown error when taking recovery lock via fd9a02c0bb2 ctdb-recoverd: Make recoverd context available in recovery lock handle via f63f2a0ee39 ctdb-recoverd: Clean up logging on failure to take recovery lock via fb8c3bd8995 ctdb-recoverd: Free cluster mutex handler on failure to take lock via 592f02112bb ctdb-config: Change example recovery lock setting to one that fails via ad3751b5a51 messages_dgm: Properly handle receiver re-initialization via 9dd1b416654 torture3: Extend read3 for the "messaging target re-inits" failure via 6bea9304998 messages_dgm: Use saved errno value via 6a38b9917b2 man pages: document prefork process model via ab66f70056c notifyd: Fix SIGBUS on sparc via 2bbd2dcf282 CVE-2019-3824 ldb: Release ldb 1.4.6 via 47b2344bdb1 CVE-2019-3824 ldb: Add tests for ldb_wildcard_match via 2a88a47b9f8 CVE-2019-3824 ldb: wildcard_match end of data check via 73187de7138 CVE-2019-3824 ldb: wildcard_match check tree operation via 754bc1a76e9 CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero via 33fa01b4be0 CVE-2019-3824 ldb: Improve code style and layout in wildcard processing via cedc4e89625 CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing via fd8e90b9a51 CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare via 2f5823c5015 waf: Check for libnscd via d85f9fdc8ac tldap: avoid more use after free errors via 5995d5b91bf tldap: avoid a use after free crash via c0858bc990c s3:vfs: Correctly check if OFD locks should be enabled or not via 53d2623b2fd s3:vfs: Initialize pid to 0 in test_netatalk_lock() via eb425d50447 s4: torture: vfs_fruit. Change test_fruit_locking_conflict() to match the vfs_fruit working server code. via b650db4d06a s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code. via 6f697b9c68a netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg via 7644bb26be0 smbd: uid: Don't crash if 'force group' is added to an existing share connection. via eac00de2a09 s3: tests: Add regression test for smbd crash on share force group change with existing connection.
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via f1a0c8355e6 VERSION: Disable GIT_SNAPSHOT for the 4.9.4 release. via 9da8cd023f2 WHATSNEW: Add release notes for Samba 4.9.4. via d18c5775771 vfs_shadow_copy2: in fstat also convert fsp->fsp_name and fsp->base_fsp->fsp_name via fa2a9c3be08 s3:smbd: pass down twrp from SMB2_CREATE to filename_convert() via baf1e0f30fe s3:smbd: add twrp args to filename_convert() via f8c144fa191 s3:smbd: add twrp processing to filename_convert_internal() via 88863119323 s3:smbd: prepare filename_convert_internal() for twrp via 3295cc8b4a5 s3:selftest: add a VSS test reading a stream via 1f897e6c1d2 s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs. via e60c9431c6e vfs_shadow_copy2: nicely deal with attempts to open previous version for writing via 256d488b593 vfs_shadow_copy2: add shadow_copy2_strip_snapshot_converted via 0e355e3826f vfs_shadow_copy2: add _already_converted arg to shadow_copy2_strip_snapshot_internal() via 0244de24cfe s3:script/tests: add a test for VSS write behaviour via 6f8ea0a08ea s4:torture: add a test-suite for VSS via 1cf55de5ceb vfs_error_inject: add EBADF error via 8eaf7922410 vfs_error_inject: add pwrite via f53459c9232 s3:libads: Add net ads leave keep-account option via 1d0e4511ce1 winbindd: Route predefined domains through the BUILTIN domain child via ac2c24cc424 winbindd: fix predefined domains routing in find_lookup_domain_from_sid() via fd91429b529 winbindd: add some braces via cf7e9d3d90f libcli/security: add dom_sid_lookup_is_predefined_domain() via 7cc1a8d9caa selftest: test wbinfo -n and --gid-info with "NT Authority" via 53b2e9aff3a CVE-2018-14629 dns: fix CNAME loop prevention using counter regression via 850a5521a3b CVE-2018-14629: Tests to expose regression from dns cname loop fix via 6a549df2419 ctdb-daemon: Exit with error if a database directory does not exist via b2ef0e08a9b CVE-2018-16853: fix crash in expired passowrd case via a26e6160b33 CVE-2018-16853: Do not segfault if client is not set via a2f4d49c1c5 CVE-2018-16853: Add a test to verify s4u2self doesn't crash via 09f9bb28371 CVE-2018-16853: The ticket in check_policy_as can actually be a TGS via d2a6e3e1bb4 CVE-2018-16853: Fix kinit test on system lacking ldbsearch via 2332c99cba7 libcli/smb: don't overwrite status code via 739ce2c7335 s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works via f678c6f06f0 ldb_controls: Add some talloc error checking for controls via f4105adc285 sync_passwords: Remove dirsync cookie logging for continuous operation via 517df6d3da3 dirsync: Allow arbitrary length cookies via a816ca4004a PEP8: fix E231: missing whitespace after ',' via b3d376b7d4d VERSION: Bump version up to 4.9.4. via 9e05ff6b9bf Merge tag 'samba-4.9.3' into v4-9-test via 7cd5db7a63d ctdb-tests: Make the debug hung script test cope with unreadable stacks via 041e0945cb5 s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd via 77cf7167374 s4:torture/smb2/session: session reauth response must be signed via f2c456aa1b7 s4:torture/smb2/session: add force_signing to test_session_expire1i via 2b164eca304 s4:torture/smb2/session: require a signed session setup reauth response via ff0db7ec9c2 s4:torture/smb2/session: invalidate credential cache via 6c3577a5885 libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming() via 6ca7a8a2ffb libcli/smb: defer singing check a little bit via cd8ea322a32 libcli/smb: maintain require_signed_response in smbXcli_req_state via 4f5af7ba729 libcli/smb: add smb2cli_session_require_signed_response() via 052df0f679d s3:selftest: also run smb2.session torture testsuite against ad_member via e71252ecb2b s3:selftest: split "raw.session" and "smb2.session" via 299e6edd0e6 torture: Fix the 32-bit build via 5420863dd11 vfs_fruit: validation of writes on AFP_AfpInfo stream via 4672656d9e1 vfs_fruit: move a comment to the right place via b6585b6fa67 s4:torture/vfs/fruit: torture writing AFP_AfpInfo stream via 7f8740c0acf winbindd: Fix crash when taking profiles via 7a542190501 lib:util: Fix DEBUGCLASS pointer initializiation via 424d4d2b408 VERSION: Bump version up to 4.9.3... from 40c057c900a VERSION: Disable GIT_SNAPSHOT for the 4.9.3 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - --- Summary of changes: VERSION
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via 40c057c900a VERSION: Disable GIT_SNAPSHOT for the 4.9.3 release. via bec29625127 WHATSNEW: Add release notes for Samba 4.9.3. via 60b2cd50f4d CVE-2018-16857 dsdb/util: Add better default lockOutObservationWindow via d12b02c7884 CVE-2018-16857 dsdb/util: Fix lockOutObservationWindow for PSOs via 4f86beeaf34 CVE-2018-16857 dsdb/util: Correctly treat lockOutObservationWindow as 64-bit int via ec9cc4ed5a0 CVE-2018-16857 tests: Sanity-check password lockout works with default values via 9cb6b4e9131 CVE-2018-16857 PEP8: fix E251: unexpected spaces around keyword / parameter equals via fe8e05a9ea8 CVE-2018-16857 PEP8: fix E127: continuation line over-indented for visual indent via 4d0fd1a421a CVE-2018-16857 selftest: Split up password_lockout into tests with and without a call to sleep() via 31198d39a76 CVE-2018-16857 PEP8: fix E305: expected 2 blank lines after class or function definition, found 1 via 862d4909ecc CVE-2018-16857 selftest: Prepare to allow override of lockout duration in password_lockout tests via 4aabfecd290 CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental via f33f52c366f CVE-2018-16851 ldap_server: Check ret before manipulating blob via c78ca8b9b48 CVE-2018-16852 dcerpc dnsserver: refactor common properties handling via 05f867db81f CVE-2018-16852 dcerpc dnsserver: Ensure properties are handled correctly via f40e1b3b42c CVE-2018-16852 dcerpc dnsserver: Verification tests via 4783b9d6a43 CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ via 6e84215d4aa CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal via bf596c14c24 CVE-2018-14629 dns: CNAME loop prevention using counter via a96d403ff30 VERSION: Bump version up to 4.9.3... from 865cc283d1b VERSION: Disable GIT_SNAPSHOT for the 4.9.2 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - commit 40c057c900a9367e8020c943d29547ea8942212f Author: Karolin Seeger Date: Sun Nov 25 15:24:31 2018 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.9.3 release. o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD Internal DNS server) o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT) o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server) o CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers) o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported)) o CVE-2018-16857 (Bad password count in AD DC not always effective) Signed-off-by: Karolin Seeger commit bec29625127fc62ae2f023ea43d918638dd4156e Author: Karolin Seeger Date: Sun Nov 25 15:23:23 2018 +0100 WHATSNEW: Add release notes for Samba 4.9.3. o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD Internal DNS server) o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT) o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server) o CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers) o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported)) o CVE-2018-16857 (Bad password count in AD DC not always effective) Signed-off-by: Karolin Seeger commit 60b2cd50f4d0554cc5ca8c53b2d1fa89e56a6d06 Author: Tim Beale Date: Tue Nov 13 13:22:41 2018 +1300 CVE-2018-16857 dsdb/util: Add better default lockOutObservationWindow Clearly the lockOutObservationWindow value is important, and using a default value of zero doesn't work very well. This patch adds a better default value (the domain default setting of 30 minutes). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett commit d12b02c78842786969557b9be7c953e9594d90dd Author: Tim Beale Date: Tue Nov 13 13:19:04 2018 +1300 CVE-2018-16857 dsdb/util: Fix lockOutObservationWindow for PSOs Fix a remaining place where we were trying to read the msDS-LockoutObservationWindow as an int instead of an int64. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett commit 4f86beeaf3408383385ee99a74520a805dd63c0f Author: Tim Beale Date: Tue Nov 13 12:24:16 2018 +1300 CVE-2018-16857 dsdb/util: Correctly treat lockOutObservationWindow as 64-bit int Commit 442a38c918ae1666b35 refactored some code into a new get_lockout_observation_window()
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via 865cc28 VERSION: Disable GIT_SNAPSHOT for the 4.9.2 release. via f8c0389 WHATSNEW: Add release notes for Samba 4.9.2. via 1a3b20d selftest: Run smb2.delete-on-close-perms also with "delete readonly = yes" via 380badf selftest: Add share to test "delete readonly" option via 03518d2 smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute via 9603a09 smbtorture: Add test for DELETE_ON_CLOSE on files with READ_ONLY attribute via 2dd3c33 torture: Fix the clang build via 7354097 vfs_fruit: let fruit_open_meta() with O_CREAT return a fake-fd via cf43b5d vfs_fruit: don't check for delete-on-close on the FinderInfo stream via eacbfe9 vfs_fruit: let fruit_pwrite_meta_stream also ftruncate empty FinderInfo via 27a5a83 vfs_fruit: pass stream size to delete_invalid_meta_stream() via 029f64f vfs_fruit: let fruit handle all aio on the FinderInfo metadata stream via d405dc3 vfs_fruit: do ino calculation via c23f1da vfs_fruit: prepare fruit_pread_meta() for reading on fake-fd via a5b677d vfs_fruit: prepare fruit_pwrite_meta() for on-demand opening and writing via 44834da vfs_fruit: prepare struct fio for fake-fd and on-demand opening via a57e29e vfs_fruit: add fio->created via c7ce8c8 vfs_fruit: remove resource fork special casing via c8e1405 vfs_fruit: add some debugging of dev/ino via 42a5dbd s4:torture/vfs/fruit: add test "empty_stream" via 5076abb s4:torture/vfs/fruit: add check_stream_list_handle() via 0a16d4f s4:torture/util: add torture_smb2_open() via e03f36a vfs_fruit: filter empty streams via e8f1df0 vfs_fruit: use check on global_fruit_config.nego_aapl for macOS specific behaviour via 71d8b4a s4:torture/vfs/fruit: enable AAPL extensions in a bunch of tests via a09f0a8 vfs_fruit: don't unlink 0-byte size truncated streams via 535abb3 s4:torture/vfs/fruit: write some data to a just created teststream via e2fe019 s4:torture/vfs/fruit: expand test "setinfo eof stream" via abfc211 vfs_fruit: update handling of read-only creation of resource fork via 816651b s4:torture/vfs/fruit: update test "creating rsrc with read-only access" for newer macOS versions via cc9956e s4:torture/vfs/fruit: expand existing vfs_test "null afpinfo" via 530c24f s4:torture/vfs/fruit: expand existing test "setinfo delete-on-close AFP_AfpInfo" a little bit via 756da49 s4:torture/vfs/fruit: update test "read open rsrc after rename" to work with macOS via 8b5a4c3 s4:torture/vfs/fruit: ensure a directory handle is closed in all code paths via 1e3f8a6 s4:torture/vfs/fruit: update test "stream names" to work with macOS via cca8842 s4:torture/vfs/fruit: update test "SMB2/CREATE context AAPL" to work against macOS via 7717809 s4:torture/vfs/fruit: set share_access to NTCREATEX_SHARE_ACCESS_MASK in check_stream_list via 718317b s4:torture/vfs/fruit: fix a few error checks in "delete AFP_AfpInfo by writing all 0" via dd2a1d0 s4:torture/vfs/fruit: skip a few tests when running against a macOS SMB server via e03bdef vfs_streams_xattr: fix open implementation via 53104cb ctdb-recovery: Ban a node that causes recovery failure via d72319d s3:smbd: remove now unused check if fsp is NULL via c1e441e s3:smbd: fix SMB2 aio cancelling via a9bb620 s4:torture/smb2/read: add test for cancelling SMB aio via 6fa0ab1 vfs_delay_inject: implement pread_send and pwrite_send via 82a7e00 s4:libcli/smb2: reapply request endtime via 7e99105 libcli: fill endtime if smbXcli_req_create() timeout is non-zero via 786b6c7 libcli: add smbXcli_req_endtime via a0a3ce5 dsdb group audit tests: log_membership_changes extra tests via 1554338 dsdb group audit tests: check_version improve diagnostics via a29074f dsdb group audit tests: check_timestamp improve diagnostics via 5d06550 dsdb group audit: align dn_compare with memcmp via fd43fd8 dsdb group_audit: Test to replicate BUG 13664 via 9b7bd1c dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path via 0945b9b dsdb encrypted_secrets tests: Allow "ldb://" in file path via 19e17ff python tests Blackbox: add random_password via c20b587 ldb: Bump ldb version to 1.4.3 via 4908da4 lib/ldb: Ensure ldb.Dn can accept utf8 encoded unicode via 1f7757e lib/ldb/tests: add test for ldb.Dn passed utf8 unicode via 339a86a lib/ldb: Test correct variable for no mem condition via d88db0d dsdb: Add comments explaining the limitations of our current backlink behaviour via 556b2c8 s4:samldb: internally use extended dns while changing the primaryGroupID field via c9e0e43
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via 8fb6b0f VERSION: Disable GIT_SNAPSHOT for the 4.9.1 release. via 7483205 WHATSNEW: Add release notes for Samba 4.9.1. via 95b08d1 s3: nmbd: Stop nmbd network announce storm. via 10d1b4d ctdb-recoverd: Set recovery lock handle at start of attempt via e6bcccb ctdb-recoverd: Handle cancellation when releasing recovery lock via a9c7c64 ctdb-recoverd: Return early when the recovery lock is not held via 4913040 ctdb-recoverd: Store recovery lock handle via 54820e3 ctdb-recoverd: Use talloc() to allocate recovery lock handle via 773a647 ctdb-recoverd: Rename hold_reclock_state to ctdb_recovery_lock_handle via 7bd0e80 ctdb-recoverd: Re-check master on failure to take recovery lock via 3819f79 ctdb-recoverd: Clean up taking of recovery lock via 7187d7d ctdb-cluster-mutex: Block signals around fork via de45241 ctdb-cluster-mutex: Reset SIGTERM handler in cluster mutex child via 0420955 ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page via ff7b231 s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds via 06c566c s3-rpc_client: Advertise Windows 7 client info via 78fbf10 s3-spoolss: Make spoolss client os_major,os_minor and os_build configurable. via cab67cb VERSION: Bump version up to 4.9.1... from 4fc4ae2 VERSION: Disable GIT_SNAPSHOT for the 4.9.0 release https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 58 +++ ctdb/doc/ctdbd_wrapper.1.xml | 6 -- ctdb/server/ctdb_cluster_mutex.c | 32 ++ ctdb/server/ctdb_recoverd.c | 120 +++--- docs-xml/smbdotconf/printing/spoolssosversion.xml | 39 +++ source3/nmbd/nmbd_sendannounce.c | 2 +- source3/rpc_client/cli_spoolss.c | 29 +++--- source3/rpc_client/init_spoolss.c | 31 ++ source3/rpc_client/init_spoolss.h | 3 + source3/rpcclient/cmd_iremotewinspool.c | 16 +-- 11 files changed, 270 insertions(+), 68 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index cbf21a9..406f63d 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=9 -SAMBA_VERSION_RELEASE=0 +SAMBA_VERSION_RELEASE=1 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index d344d9b..0742d7d 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,62 @@ = + Release Notes for Samba 4.9.1 + September 24, 2018 + = + + +This is the latest stable release of the Samba 4.9 release series. + + +Major enhancements include: +--- + + o s3: nmbd: Stop nmbd network announce storm (bug #13620). + + +Changes since 4.9.0: + + +o Andrew Bartlett + * BUG 13620: s3: nmbd: Stop nmbd network announce storm. + +o Günther Deschner + * BUG 13597: s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool + cmds. + +o Martin Schwenke + * BUG 13617: CTDB recovery lock has some race conditions. + +o Justin Stephenson + * BUG 13597: s3-rpc_client: Advertise Windows 7 client info. + +o Ralph Wuerthner + * BUG 13610: ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + = Release Notes for Samba 4.9.0
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via 4fc4ae2 VERSION: Disable GIT_SNAPSHOT for the 4.9.0 release via ea7784a WHATSNEW: Add release notes for Samba 4.9.0. via 834631b WHATSNEW: Fix typo. via efbb842 WHATSNEW: 'samba-tool ou' command: manage organizational units via 9bb128f samba_dnsupdate: honor 'dns zone scavenging' option, only update if needed via b94c676 WHATSNEW.txt: announce 4.9.0 trust improvements via c9743ba wafsamba: Fix 'make -j' via fa4c7f4 VERSION: Bump version up to 4.9.0rc6... from 71aa4d1 VERSION: Disable GIT_SNAPSHOT for the 4.9.0rc5 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 80 +-- buildtools/wafsamba/samba_utils.py| 9 +++- selftest/knownfail.d/dns | 2 - source4/scripting/bin/samba_dnsupdate | 15 ++- 5 files changed, 89 insertions(+), 19 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 89ac63f..cbf21a9 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=5 +SAMBA_VERSION_RC_RELEASE= # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 07cd9f2..d344d9b 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,22 +1,16 @@ -Release Announcements -= - -This is the fifth release candidate of Samba 4.9. This is *not* -intended for production environments and is designed for testing -purposes only. Please report any defects via the Samba bug reporting -system at https://bugzilla.samba.org/. - -Samba 4.9 will be the next version of the Samba suite. + = + Release Notes for Samba 4.9.0 +September 13, 2018 + = -UPGRADING -= +This is the first stable release of the Samba 4.9 release series. +Please read the release notes carefully before upgrading. NEW FEATURES/CHANGES - 'net ads setspn' @@ -215,6 +209,25 @@ accounts including creating a new computer and resetting the password. This allows an 'offline join' of a member server or workstation to the Samba AD domain. +New 'samba-tool ou' command +--- + +The new 'samba-tool ou' command allows to manage organizational units. + +Available subcommands are: + create - Create an organizational unit. + delete - Delete an organizational unit. + list - List all organizational units + listobjects - List all objects in an organizational unit. + move - Move an organizational unit. + rename - Rename an organizational unit. + +In addition to the ou commands, there are new subcommands for the user +and group management, which can make use of the organizational units: + group move - Move a group to an organizational unit/container. + user move- Move a user to an organizational unit/container. + user show- Display a user AD object. + Samba performance tool now operates against Microsoft Windows AD @@ -265,6 +278,38 @@ feature, currently it should be enabled from the DNS Manager tool from Windows. Also the feature needs to have been enabled by setting the smb.conf parameter "dns zone scavenging = yes". +Improved support for trusted domains (as AD DC) +--- + +The support for trusted domains/forests has been further improved. + +External domain trusts, as well a transitive forest trusts, +are supported in both directions (inbound and outbound) +for Kerberos and NTLM authentication. + +The following features are new in 4.9 (compared to 4.8): + +- It's now possible to add users/groups of a trusted domain + into domain groups. The group memberships are expanded + on trust boundaries. +- foreignSecurityPrincipal objects (FPO) are now automatically + created when members (as SID) of a trusted domain/forest + are added to a group. +- The 'samba-tool group *members' commands allow + members to be specified as foreign SIDs. + +However there are currently still a few limitations: + +- Both sides of the trust need to fully trust each other! +- No SID filtering rules are applied at all! +- This means DCs of domain A can grant domain admin rights + in domain B. +- Selective
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated
via 71aa4d1 VERSION: Disable GIT_SNAPSHOT for the 4.9.0rc5 release.
via 85edcc5 WHATSNEW: Add release notes for Samba 4.9.0rc5.
via c53bf98 krb5-samba: interdomain trust uses different salt principal
via 3dba82d testprogs/blackbox: let test_trust_user_account.sh check
the correct kerberos salt
via a8be75b testprogs/blackbox: add testit[_expect_failure]_grep() to
subunit.sh
via 58b3c86 samba-tool: add virtualKerberosSalt attribute to 'user
getpassword/syncpasswords'
via ab0e26a s4:selftest: test kinit with the interdomain trust user
account
via bcba25d vfs_fruit: Don't unlink the main file
via 5dad448 torture: Make sure that fruit_ftruncate only unlinks streams
via 5265716 s3:smbd: add a comment stating that file_close_user() is
redundant for SMB2
via 71b7745 s3:smbd: let session logoff close files and tcons before
deleting the session
via b5d7834 s3:smbd: reorder tcon global record deletion and closing
files of a tcon
via c77edea selftest: add a durable handle test with delayed disconnect
via 99ef099 s4:selftest: reformat smb2_s3only list
via 7c5883a vfs_delay_inject: adding delay to VFS calls
via 7a3dbad s4:rpc_server/netlogon: don't treet trusted domains as
primary in LogonGetDomainInfo()
via c6cfdf0 s4:rpc_server/netlogon: make use of talloc_zero_array() for
the netr_OneDomainInfo array
via 3982347 s4:rpc_server/netlogon: use
samdb_domain_guid()/dsdb_trust_local_tdo_info() to build our netr_OneDomainInfo
values
via c7ca858 s4:dsdb/common: add samdb_domain_guid() helper function
via 7aab1f1 dsdb:util_trusts: add dsdb_trust_local_tdo_info() helper
function
via 53f225c dsdb/util_trusts: domain_dn is an input parameter of
dsdb_trust_crossref_tdo_info()
via 5556a67 s4:torture/rpc/netlogon: verify the trusted domains output
of LogonGetDomainInfo()
via 0a1df2a s4:torture/rpc/netlogon: assert that
cli_credentials_get_{workstation,password} don't return NULL
via 176c9c3 smbd: Fix a memleak in async search ask sharemode
via 02f01fa ctdb-daemon: Log complete eventd startup command
via 9987cc3 ctdb-daemon: Do not retry connection to eventd
via 46de8d2 ctdb-daemon: Wait for eventd to be ready before connecting
via 0155635 ctdb-daemon: Open eventd pipe earlier
via abb6337 ctdb-daemon: Improve error handling consistency
via 1a171bc ctdb-event: Add support to eventd for the startup
notification FD
via 35242cf ctdb-common: Add support for sock daemon to notify of
successful startup
via a242e10 ctdb-common: Process the whole config file even if an error
occurs
via 7db0f18 ctdb-common: Avoid ENOENT for unknown conf options
via 40dff2c ctdb-common: Avoid ENOENT for unknown conf type tags
via 372b79c ctdb-common: Log a message when an invalid conf value is
encountered
via 42b2c12f ctdb-common: Log a message for unknown conf option
via 8b711e8 ctdb-common: Fix log message for conf option with unknown
section
via 0070d21 ctdb-daemon: Drop incorrect log message
via 8d9c661 s3: util: Do not take over stderr when there is no log file
via 4c2dfd7 s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only
returns absolute pathnames.
via 4629746 s3: VFS: vfs_full_audit: Add $cwd arg to
smb_fname_str_do_log().
via 3b31cae VERSION: Bump version up to 4.9.0rc5...
from 8fd169a VERSION: Disable GIT_SNAPSHOT for the 4.9.0rc4 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable
- Log -
---
Summary of changes:
VERSION| 2 +-
WHATSNEW.txt | 82 ++--
auth/credentials/credentials_krb5.c| 16 +-
ctdb/common/conf.c | 47 +++--
ctdb/common/sock_daemon.c | 26 +++
ctdb/common/sock_daemon.h | 10 +
ctdb/event/event_daemon.c | 8 +
ctdb/server/ctdbd.c| 2 +-
ctdb/server/eventscript.c | 147 +++--
ctdb/tests/cunit/conf_test_001.sh | 4 +-
ctdb/tests/cunit/config_test_001.sh| 5 +-
ctdb/tests/cunit/config_test_005.sh| 6 +
lib/krb5_wrap/krb5_samba.c | 61 --
lib/krb5_wrap/krb5_samba.h | 2 +-
lib/util/debug.c | 7 +-
python/samba/netcmd/user.py| 24 +++
selftest/target/Samba3.pm | 8 +
source3/locking/share_mode_lock.c
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via 8fd169a VERSION: Disable GIT_SNAPSHOT for the 4.9.0rc4 release. via 46aedae WHATSNEW: Add changes since RC3. via 927c199 WHATSNEW: More CTDB updates for 4.9 via e67b397 ctdb-tests: Check that no IPs are assigned when failover is disabled via 6620173 ctdb-tests: Add an extra conf loading test case via 512149a ctdb-doc: Switch tunable DisableIPFailover to a config option via 79a3bef ctdb-config: Switch tunable DisableIPFailover to a config option via 83b79f5 ctdb-config: Integrate failover options into conf-tool via f518865 ctdb-failover: Add failover configuration options via 4a30fb0 ctdb-tests: Drop DisableIPFailover simple test via 089d3b9 ctdb-daemon: Pass DisableIPFailover tunable via environment variable via 624b4d1 ctdb-common: Allow boolean configuration values to have yes/no values via 5567445 ctdb-doc: Switch tunable TDBMutexEnabled to a config option via 75261d6 ctdb-config: Switch tunable TDBMutexEnabled to a config option via 5f346ce ctdb-doc: Add support for migrating tunables to ctdb.conf options via 73c884c ctdb-doc: Change option "no realtime" option to "realtime scheduling" via d51434b ctdb-config: Change option "no realtime" option to "realtime scheduling" via 34b4bdc ctdb-doc: Handle boolean options in config migration more carefully via 97048c0 ctdb-doc: Make config migration script notice removed CTDB_BASE option via 7e38e95 ctdb-common: Fix aliasing issue in IPv6 checksum via 3fd839a s3: smbd: Ensure get_real_filename() copes with empty pathnames. via 729ac56 torture: Demonstrate the invalid lock order panic via 2f93246 vfs_fruit: Fix a leak of "br_lck" via 018550f python: Fix print in dns_invalid.py via ccbc9c1 wafsamba/samba_abi: always hide ABI symbols which must be local via a89ec4e selftest: Load time_audit and full_audit modules for all tests via b0e1a03 s3: vfs: time_audit: fix handling of token_blob in smb_time_audit_offload_read_recv() via 96a74ab s3:libads: Free addr before we free the context via 14eed16 s3:winbind: Fix memory leak in nss_init() via bd0b693 s3:registry: Fix possible memory leak in _reg_perfcount_multi_sz_from_tdb() via 8f65578 s3:libads: Fix memory leaks in ads_krb5_chg_password() via f1c2e68 s3:client: Avoid a possible fd leak in do_get() via 98e7021 s4:lib: Fix a possible fd leak in gp_get_file() via 6ffa700 s3:utils: Do not leak memory in new_user() via cdb6f01 s3:utils: Do not overflow the destination buffer in net_idmap_restore() via 1000cbe s3:passdb: Don't leak memory on error in fetch_ldap_pw() via 2431f54 wbinfo: Free memory when we leave wbinfo_dsgetdcname() via 12a8f20 netcmd: Fix --kerberos=yes and --no-secrets domain backups via b9315fa netcmd: Delete unnecessary function via 15e1a41 netcmd: Fix kerberos option for domain backups via 69583d1 netcmd: domain backup didn't support prompting for password via ec47551 netcmd: Improve domain backup targetdir checks via 6244e6a VERSION: Bump version up to 4.9.0rc4... from ba2ef7f VERISON: Disable GIT_SNAPSHOT for 4.9.0rc3 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 58 +++- buildtools/wafsamba/samba_abi.py | 10 +- buildtools/wafsamba/tests/test_abi.py | 14 +++ ctdb/common/conf.c | 4 +- ctdb/common/conf_tool.c| 2 + ctdb/common/system_socket.c| 12 ++- ctdb/common/tunable.c | 4 +- ctdb/database/database_conf.c | 21 + ctdb/database/database_conf.h | 3 +- ctdb/doc/ctdb-tunables.7.xml | 28 -- ctdb/doc/ctdb.1.xml| 2 - ctdb/doc/ctdb.conf.5.xml | 52 ++- ctdb/doc/examples/config_migrate.sh| 104 +++-- ctdb/doc/examples/config_migrate.test_input| 7 +- .../database_conf.h => failover/failover_conf.c} | 43 ++--- .../event_conf.h => failover/failover_conf.h} | 16 ++-- ctdb/server/ctdb_config.c | 18 +++- ctdb/server/ctdb_config.h | 6 +- ctdb/server/ctdb_ltdb_server.c | 7 +- ctdb/server/ctdb_recoverd.c| 14 ++- ctdb/server/ctdb_takeover.c
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via ba2ef7f VERISON: Disable GIT_SNAPSHOT for 4.9.0rc3 release. via 6f1fdf9 WHATSNEW: Add release notes for Samba 4.9.0rc3. via bf3bb82 libsmb: Fix CID 1438243 Unchecked return value via 601eb6b libsmb: Fix CID 1438244 Unsigned compared against 0 via 33c7d3c smbd: Fix CID 1438245 Dereference before null check via 0eaef7e smbd: Fix CID 1438246 Unchecked return value via e30cf1a smbd: Align integer types via 2d5c574 ctdb: add expiry test for ctdb_mutex_ceph_rados_helper via 37b4e0b ctdb_mutex_ceph_rados_helper: fix deadlock via lock renewals via 2849d57 ctdb_mutex_ceph_rados_helper: rename timer_ev to ppid_timer_ev via 5f3548b ctdb_mutex_ceph_rados_helper: use talloc destructor for cleanup via eae828b ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler via 609109d ctdb/build: link ctdb_mutex_ceph_rados_helper against ceph-common via b09fdd0 s3: tests: smbclient. Regression test to ensure we get NT_STATUS_DIRECTORY_NOT_EMPTY on rmdir. via 921a5bb s4/torture: Add new test for DELETE_ON_CLOSE on non-empty directories via 81b0d5c s3/libsmb: Explicitly set delete_on_close token for rmdir via 7ed470b cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user via 4a2880b libsmb: Harden smbc_readdir_internal() against returns from malicious servers. via 61e34a2 libsmb: Ensure smbc_urlencode() can't overwrite passed in buffer. via 4897bf3 CVE-2018-10919 tests: Add extra test for dirsync deleted object corner-case via 52b5ed8 CVE-2018-10919 acl_read: Fix unauthorized attribute access via searches via a5cd47d CVE-2018-10919 acl_read: Flip the logic in the dirsync check via 4c201d0 CVE-2018-10919 acl_read: Small refactor to aclread_callback() via 0395055 CVE-2018-10919 acl_read: Split access_mask logic out into helper function via 605a7f3 CVE-2018-10919 security: Fix checking of object-specific CONTROL_ACCESS rights via 9c9f50b CVE-2018-10919 tests: test ldap searches for non-existent attributes. via e2574d0 CVE-2018-10919 tests: Add test case for object visibility with limited rights via 10a2c8d CVE-2018-10919 tests: Add tests for guessing confidential attributes via 17b7206 CVE-2018-10919 security: Add more comments to the object-specific access checks via 5bcbf5a CVE-2018-10919 security: Move object-specific access checks into separate function via 164766b CVE-2018-1140 dns: Add a test to trigger the LDB casefolding issue on invalid chars via e2d6ad5 Release LDB 1.4.2 for CVE-2018-1140 via bf988ac CVE-2018-1140 ldb: Add tests for search add and rename with a bad dn= DN via dc2898f CVE-2018-1140 ldb_tdb: Check for DN validity in add, rename and search via 8fed2cc CVE-2018-1140 ldb_tdb: Ensure the dn in distinguishedName= is valid before use via 504cff7 CVE-2018-1140 ldb: Check for ldb_dn_get_casefold() failure in ldb_sqlite via 31a001f CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr() via 3e89172 CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth". via e2b2c00 CVE-2018-1139 selftest: verify whether ntlmv1 can be used via SMB1 when it is disabled. via 48f5dbd CVE-2018-1139 s3-utils: use enum ntlm_auth_level in ntlm_password_check(). via d171f8d CVE-2018-1139 libcli/auth: fix debug messages in hash_password_check() via 3579ac4 CVE-2018-1139 libcli/auth: Add initial tests for ntlm_password_check() via 7751937 s3/smbd: Ensure quota code is only called when quota support detected via 31e07eb Shorten description in vfs_linux_xfs_sgid manual via 1a0d142 s3:waf: Install eventlogadm to /usr/sbin via b1558f1 systemd: Only start smb when network interfaces are up via 39dc0db ctdb-eventd: Fix CID 1438155 via ec22496 ctdb: Fix a cut error via b0c0a19 s3/utils: fix regression where specifying -Unetbios/root works via 134f17c s3/smbd: allow set quota for non root user (when built with --enable-selftest) via 951722d s3/script/tests: Add simple (smb1 & smb2) get/set/list tests for smbcquotas via a9d0df4 s3/script/test: modify existing smbcquota test to use SMB2 in addition to SMB1. via b65c3de s3/smbd: smb2 server implementation for query get/set info. via 046d3a3 s3/smbd: adjust smb1 server to use idl structs and generated ndr push/pull funcs via bdfcecc s3/libsmb: adjust smb2 code for new idl structs & generated ndr push/pull funcs. via 0ccd34a s3/libsmb: adjust smb1 cli code to use idl structs and ndr push/pull funcs. via 59bb7dd librpc/idl Add some query [getset]info quota related structures via
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated
via 7f744ab VERSION: Disable GIT_SNAPSHOT for the 4.9.0rc2 release.
via 9fc6a2e WHATSNEW: Add release notes for Samba 4.9.0rc2.
via d666a5e ctdb-docs: Update documentation for "ctdb event" command
via 8932003 ctdb-event: Implement event tool "script list" command
via 792e170 ctdb-event: Change event-tool script enable/disable to
chmod file directly
via 0c65347 ctdb-common: Use script abstraction in run_event
via 4cce86e ctdb-common: Factor out basic script abstraction
via 34aba6f ctdb-event: Fix "ctdb event status" usage message
via f24f0f13 ctdb-doc: Provide an example script for migrating old
configuration
via cb1292d WHATSNEW: Add further CTDB updates for 4.9
via d197d11 ctdb-docs: Replace obsolete reference to
CTDB_DEBUG_HUNG_SCRIPT option
via 5c2513d ctdb-protocol: Fix compilation issue with strncpy()
via d4e9454 ctdb-common: Fix compilation issue with strncpy()
via eb3f8ae ctdb-common: Fix the TCP packet length check
via e4aa9b9 ctdb-tests: Strip all spaces from od output
via 23e4131 ctdb-tests: Fix a typo
via 0733f13 ctdb-tests: Use errcode to translate ETIMEDOUT
via 0be07ae ctdb-tests: Replace md5sum with posix cksum
via 862aedc ctdb-tests: Use portable wc -c instead of stat -c "%s"
via 55fe4b5 ctdb-scripts: date "+%N" is non-portable
via 33df4f9 ctdb-tests: Simplify pattern matching for ctime output
via 18aa6548 ctdb-tests: Do not try to match pstree output in eventd
tests
via eb1279e ctdb-common: Add fd argument to ctdb_connection_list_read()
via ea5643f ctdb-protocol: Avoid fgets in ctdb_connection_list_read
via b21efa2 ctdb-common: Add line based I/O
via fcae5c6 ctdb-tests: Porting tests should ignore unsupported features
via 16838f3 ctdb-tests: Use sigcode to match signals
via 0ec4783 ctdb-tests: Add signal code matching utility
via adc4c78 ctdb-tests: Add ps output filter for freebsd
via ed50360 ctdb-client: Switch to ETIMEDOUT instead of ETIME
via 60ef296 ctdb-daemon: Switch to using ETIMEDOUT instead of ETIME
via 0782860 ctdb-event: Switch to ETIMEDOUT instead of ETIME
via 43cd4e4 ctdb-common: Switch to ETIMEDOUT from ETIME
via d49d03d ctdb-tests: Add required_error() to match on error codes
via 3f75791 ctdb-tests: Add errno matching utility
via f6be661 ctdb-tests: Switch some test stubs to use /bin/sh
via 58671b0 ctdb-tests: Improve portability by not using mktemp
--tmpdir option
via ebeecc3 ctdb-tests: Avoid use of non-portable getopt in stubs
via 04a9667 ctdb-tests: Avoid use of non-portable getopt in run_tests.sh
via e4b703e ctdb-tools: Avoid use of non-portable getopt in onnode
via 7d28f01 ctdb-tests: Improve portability by not using /bin/bash
directly
via 23b5be4 ctdb-tools: Improve portability by not using /bin/bash
directly
via 4c2e666 s3: smbd: Fix AIX sendfile() for SMB2. Ensure we don't spin
on EAGAIN.
via a221165 s3: smbd: Fix FreeBSD sendfile() for SMB2. Ensure we don't
spin on EAGAIN.
via 8b54ad0 s3: smbd: Fix HPUX sendfile() for SMB2. Ensure we don't
spin on EAGAIN.
via 8652ab1 s3: smbd: Fix Solaris sendfile() for SMB2. Ensure we don't
spin on EAGAIN.
via 76d3abe s3: smbd: Fix Linux sendfile() for SMB2. Ensure we don't
spin on EAGAIN.
via a6dab26 dns wildcards: fix BUG 13536
via 1496392 dns wildcards: tests to confirm BUG 13536
via 9ad7af6 s3: smbd: fix path check in
smbd_smb2_create_durable_lease_check()
via 3b7a39b s4: torture: run test_durable_v2_open_reopen2_lease() in a
subdirectory
via c775cda ctdb-tests: Loosen match against pstree output in simple
test
via 5abe6e6 ctdb-tests: Simplify pstree output in eventd unit tests
via 0b3e00a samba-tool trust: support discovery via netr_GetDcName
via a3c26b3 s3:selftest: run rpc.lsa.lookupsids also with explicit
[smb1] and [smb2]
via e3e6425 s4:librpc: autonegotiate SMB1/2/3
via 25405ee python/tests: use explicit "client ipc max protocol = NT1"
for samba.tests.net_join_no_spnego
via 373406a tests/auth_log: Permit SMB2 service description if empty
binding is used for kerberos authentication
via b1753af s4:libcli: add smb_connect_nego_{send,recv}()
via 3d8c4bf s4:libcli: allow a fallback to NTLMSSP if SPNEGO is not
supported locally
via 02f7b65 s4:libcli: add fallback_to_anonymous to smb2_connect_send()
via 4d7023f s4:libcli: allow passing an already negotiated connection
to smb2_connect_send()
via a3a5797 s4:libcli: split out smb2_connect_session_start()
via c85c9b5 s4:libcli: add smb2_transport_raw_init()
via f9b685e s4:libcli: allow passing an already
