<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Mathieu Parent pushed to branch master

at <a href="https://salsa.debian.org/samba-team/samba">Debian Samba Team / samba</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/samba-team/samba/commit/bbe5d2a732643c54c041d5a91105a8cf465e55da">bbe5d2a7</a></strong>

<div>

<span>by Aaron Haslett</span>

<i>at 2018-11-24T22:21:16Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-14629 dns: CNAME loop prevention using counter

Count number of answers generated by internal DNS query routine and stop at

20 to match Microsoft's loop prevention mechanism.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Reviewed-by: Garming Sam <garming@catalyst.net.nz>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/samba-team/samba/commit/cd9b957178a7aec0a859e95e4e240c4880903c2d">cd9b9571</a></strong>

<div>

<span>by Andrew Bartlett</span>

<i>at 2018-11-24T22:21:16Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal

In Heimdal KRB5_KDC_ERR_CLIENT_NAME_MISMATCH is an enum, so we tried to double-free

mem_ctx.

This was introduced in 9a0263a7c316112caf0265237bfb2cfb3a3d370d for the

MIT KDC effort.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/samba-team/samba/commit/eb771f0b98a37aa9e522b7ea02a052c22a59ef2a">eb771f0b</a></strong>

<div>

<span>by Andrew Bartlett</span>

<i>at 2018-11-24T22:21:16Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/samba-team/samba/commit/f57de09ca90e47ea341ca5ec495cf01c1a2d13d3">f57de09c</a></strong>

<div>

<span>by Garming Sam</span>

<i>at 2018-11-24T22:21:16Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16851 ldap_server: Check ret before manipulating blob

In the case of hitting the talloc ~256MB limit, this causes a crash in

the server.

Note that you would actually need to load >256MB of data into the LDAP.

Although there is some generated/hidden data which would help you reach that

limit (descriptors and RMD blobs).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13674

Signed-off-by: Garming Sam <garming@catalyst.net.nz>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/samba-team/samba/commit/d6486b6e5d32f9dc766da4a957aba3d726298bea">d6486b6e</a></strong>

<div>

<span>by Gary Lockyer</span>

<i>at 2018-11-24T22:21:16Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16852 dcerpc dnsserver: Verification tests

Tests to verify

Bug 13669 - (CVE-2018-16852) NULL

            pointer de-reference in Samba AD DC DNS management

The presence of the ZONE_MASTER_SERVERS property or the

ZONE_SCAVENGING_SERVERS property in a zone record causes the server to

follow a null pointer and terminate.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/samba-team/samba/commit/ab1b3698386cb4790feee4af5e1985cf25a4b3c8">ab1b3698</a></strong>

<div>

<span>by Gary Lockyer</span>

<i>at 2018-11-24T22:21:17Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16852 dcerpc dnsserver: Ensure properties are handled correctly

Fixes for

Bug 13669 - (CVE-2018-16852) NULL

            pointer de-reference in Samba AD DC DNS management

The presence of the ZONE_MASTER_SERVERS property or the

ZONE_SCAVENGING_SERVERS property in a zone record causes the server to

follow a null pointer and terminate.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/samba-team/samba/commit/a5e6809c087053c3b6209fb05f001433becdc828">a5e6809c</a></strong>

<div>

<span>by Gary Lockyer</span>

<i>at 2018-11-24T22:21:17Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16852 dcerpc dnsserver: refactor common properties handling

dnsserver_common.c and dnsutils.c both share similar code to process

zone properties.  This patch extracts the common code and moves it to

dnsserver_common.c.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/samba-team/samba/commit/7a437f807d53e486ec3b2f71d64d2ba1e2ae9f66">7a437f80</a></strong>

<div>

<span>by Andrew Bartlett</span>

<i>at 2018-11-24T22:21:17Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental

This matches https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13678

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/samba-team/samba/commit/db44a7108d94678e2989707209a81698ee70c937">db44a710</a></strong>

<div>

<span>by Andrew Bartlett</span>

<i>at 2018-11-24T22:21:17Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16857 selftest: Prepare to allow override of lockout duration in password_lockout tests

This will make it easier to avoid flapping tests.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

(cherry picked from commit a740a6131c967f9640b19a6964fd5d6f85ce853a)

Backported as a dependency for:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/samba-team/samba/commit/acd70a3976b355f540e97394ab279a46e8c1495d">acd70a39</a></strong>

<div>

<span>by Joe Guo</span>

<i>at 2018-11-24T22:21:17Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16857 PEP8: fix E305: expected 2 blank lines after class or function definition, found 1

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Partial backport of commit 115f2a71b88 (only password_lockout.py

change) as a dependency for:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/samba-team/samba/commit/3efbb4f58f2a0e7f8517bc0fb9074cd3fa1ce2eb">3efbb4f5</a></strong>

<div>

<span>by Andrew Bartlett</span>

<i>at 2018-11-24T22:21:18Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16857 selftest: Split up password_lockout into tests with and without a call to sleep()

This means we can have a long observation window for many of the tests and

so make them much more reliable.  Many of these cause frustrating flapping

failures in our CI systems.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>

Autobuild-Date(master): Mon Sep  3 06:14:55 CEST 2018 on sn-devel-144

(cherry picked from commit 74357bf347348d3a8b7483c58e5250e98f7e8810)

Backported as a dependency for:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/samba-team/samba/commit/0587bc1755c234deaf096328fdb1a061c0e16480">0587bc17</a></strong>

<div>

<span>by Joe Guo</span>

<i>at 2018-11-24T22:21:18Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16857 PEP8: fix E127: continuation line over-indented for visual indent

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Partial backport of commit bbb9f57603d (only password_lockout_base.py

change) as a dependency for:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/samba-team/samba/commit/6563b5bfe9b113ce059a5d5a4f40a413d286152a">6563b5bf</a></strong>

<div>

<span>by Joe Guo</span>

<i>at 2018-11-24T22:21:18Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16857 PEP8: fix E251: unexpected spaces around keyword / parameter equals

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Partial backport of commit 1ccc36b4010cd63 (only password_lockout_base.py

change) as a dependency for:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/samba-team/samba/commit/bed247a3ed8c861a7ea3587347fef93fda72ce1c">bed247a3</a></strong>

<div>

<span>by Tim Beale</span>

<i>at 2018-11-24T22:21:18Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16857 tests: Sanity-check password lockout works with default values

Sanity-check that when we use the default lockOutObservationWindow that

user lockout actually works.

The easiest way to do this is to reuse the _test_login_lockout()

test-case, but stop at the point where we wait for the lockout duration

to expire (because we don't want the test to wait 30 mins).

This highlights a problem currently where the default values don't work.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/samba-team/samba/commit/4f9ba70626a899d3aeea57c1f1b78d9a3a7c6a77">4f9ba706</a></strong>

<div>

<span>by Tim Beale</span>

<i>at 2018-11-24T22:21:18Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16857 dsdb/util: Correctly treat lockOutObservationWindow as 64-bit int

Commit 442a38c918ae1666b35 refactored some code into a new

get_lockout_observation_window() function. However, in moving the code,

an ldb_msg_find_attr_as_int64() inadvertently got converted to a

ldb_msg_find_attr_as_int().

ldb_msg_find_attr_as_int() will only work for values up to -2147483648

(about 3.5 minutes in MS timestamp form). Unfortunately, the automated

tests used a low enough timeout that they still worked, however,

password lockout would not work with the Samba default settings.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/samba-team/samba/commit/e0213feb9e7b13afb44eb74fbbdba063096573e9">e0213feb</a></strong>

<div>

<span>by Tim Beale</span>

<i>at 2018-11-24T22:21:19Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16857 dsdb/util: Fix lockOutObservationWindow for PSOs

Fix a remaining place where we were trying to read the

msDS-LockoutObservationWindow as an int instead of an int64.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/samba-team/samba/commit/5e0dd8bd24fd8a854147fde4403609736f835b71">5e0dd8bd</a></strong>

<div>

<span>by Tim Beale</span>

<i>at 2018-11-24T22:21:19Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16857 dsdb/util: Add better default lockOutObservationWindow

Clearly the lockOutObservationWindow value is important, and using a

default value of zero doesn't work very well.

This patch adds a better default value (the domain default setting of 30

minutes).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/samba-team/samba/commit/cda661fd990e4fd71464bd9e1fd6b98d3c3bf640">cda661fd</a></strong>

<div>

<span>by Mathieu Parent</span>

<i>at 2018-11-24T22:21:19Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add patches for previous fixes

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/samba-team/samba/commit/5a02c113aa3057c1c08d703d4b322f7361c2cfe5">5a02c113</a></strong>

<div>

<span>by Mathieu Parent</span>

<i>at 2018-11-24T22:21:19Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Prepend 1.5.1+really to ldb version

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/samba-team/samba/commit/88baa2674c02b6c4c1df6e13e97569017a02d483">88baa267</a></strong>

<div>

<span>by Mathieu Parent</span>

<i>at 2018-11-24T22:21:30Z</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Release 2:4.9.2+dfsg-2

</pre>

</li>

</ul>

<h4>24 changed files:</h4>

<ul>

<li class="file-stats">

<a href="#9c96da0e9f91d7d8937b69b524702c106258f0d1">

debian/changelog

</a>

</li>

<li class="file-stats">

<a href="#58ef006ab62b83b4bec5d81fe5b32c3b4c2d1cc2">

debian/control

</a>

</li>

<li class="file-stats">

<a href="#e6451d74570ae1203cae7546cde5ac2540513271">

<span class="new-file">

+

debian/patches/CVE-2018-14629-v4-9.patch

</span>

</a>

</li>

<li class="file-stats">

<a href="#f88513a404a27829b8d47466ebcfaa7a17e1e9f3">

<span class="new-file">

+

debian/patches/CVE-2018-16841-master.patch

</span>

</a>

</li>

<li class="file-stats">

<a href="#72fbcef34478015b234dd8979555a32770bd8123">

<span class="new-file">

+

debian/patches/CVE-2018-16851-master.patch

</span>

</a>

</li>

<li class="file-stats">

<a href="#c86573fc1606a832eb2063014d6db1dc2e0ed729">

<span class="new-file">

+

debian/patches/CVE-2018-16852-v4-9-v2.patch

</span>

</a>

</li>

<li class="file-stats">

<a href="#23166f3fd37b1b15b5cfc2cd1b9a814fe64e6411">

<span class="new-file">

+

debian/patches/CVE-2018-16857-v4-9.patch

</span>

</a>

</li>

<li class="file-stats">

<a href="#969ccd334c5ff3fc144b4e22b2d61320b04aaaf0">

<span class="new-file">

+

debian/patches/mit-kdc-experimental-v4-7.patch

</span>

</a>

</li>

<li class="file-stats">

<a href="#bc34014ab4b9a49dd7a27bdd8d352912607c3a96">

debian/patches/series

</a>

</li>

<li class="file-stats">

<a href="#8756c63497c8dc39f7773438edf53b220c773f67">

debian/rules

</a>

</li>

<li class="file-stats">

<a href="#b153c0d0b0801608b23aa55e0d45d1a2808c4998">

python/samba/tests/dns.py

</a>

</li>

<li class="file-stats">

<a href="#0e22be94683697d11163ca608753d00e0feafd86">

selftest/knownfail.d/dns

</a>

</li>

<li class="file-stats">

<a href="#55fc476df9f99f19ba1ad91c47c99ab81b42c26d">

source4/dns_server/dns_query.c

</a>

</li>

<li class="file-stats">

<a href="#54f6a863c30ed676508ecddd9d7fa99e6d395dda">

source4/dns_server/dnsserver_common.c

</a>

</li>

<li class="file-stats">

<a href="#a65db99fd4d2110b4b3a6df29682b36fb80ace04">

source4/dns_server/dnsserver_common.h

</a>

</li>

<li class="file-stats">

<a href="#0c7e9d4463c69f2458a0ed7f64ec4524cc4cda5c">

source4/dsdb/common/util.c

</a>

</li>

<li class="file-stats">

<a href="#ed75614128081f3f48d052d5ed246e9325b17476">

source4/dsdb/tests/python/password_lockout.py

</a>

</li>

<li class="file-stats">

<a href="#bbf4780cafc2d68fca29f3e4b5d7e6fb8f76091b">

source4/dsdb/tests/python/password_lockout_base.py

</a>

</li>

<li class="file-stats">

<a href="#7b9661cb936f1852e8b41274fc30b9eb3bc29c4d">

source4/kdc/db-glue.c

</a>

</li>

<li class="file-stats">

<a href="#2d62950c162b041c536d82ee398f9705dc5795ad">

source4/ldap_server/ldap_server.c

</a>

</li>

<li class="file-stats">

<a href="#08d28442c9d3ca22842a29798b1e15a1694822df">

source4/rpc_server/dnsserver/dnsutils.c

</a>

</li>

<li class="file-stats">

<a href="#c331f3df665ee6a7e4e56f3d61f20c6880e457c5">

<span class="new-file">

+

source4/rpc_server/tests/rpc_dns_server_dnsutils_test.c

</span>

</a>

</li>

<li class="file-stats">

<a href="#4393a8b6817bd4458838504a26bc9e545f94a7c1">

source4/rpc_server/wscript_build

</a>

</li>

<li class="file-stats">

<a href="#6e579c36b1d921af6550d6dd8e05d0a4875efafa">

source4/selftest/tests.py

</a>

</li>

</ul>

<h5>The diff was not included because it is too large.</h5>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777777;">

—

<br>

<a href="https://salsa.debian.org/samba-team/samba/compare/c1f2485d48002c306cf1bb8f6d9a8b09f4fec198...88baa2674c02b6c4c1df6e13e97569017a02d483">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

</p>

</div>

</body>

</html>