<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<h3>
Mathieu Parent pushed to branch upstream_4.10
at <a href="https://salsa.debian.org/samba-team/samba">Debian Samba Team / samba</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/523f9f15b020e944cd7929b8afc4d02158668137">523f9f15</a></strong>
<div>
<span>by Karolin Seeger</span>
<i>at 2019-08-27T11:16:24Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">VERSION: Bump version up to 4.10.8...
and re-eanble GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit baafb6fc060c0b61f3e744c041be871303fa9c66)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/cf67b48f779807ccebde6f7c86f4330063f705eb">cf67b48f</a></strong>
<div>
<span>by Jeremy Allison</span>
<i>at 2019-08-27T11:16:24Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2019-10197: smbd: separate out impersonation debug info into a new function.
Will be called on elsewhere on successful impersonation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/fd0d3986bba5ce9fee3df5dbba26a593e1274680">fd0d3986</a></strong>
<div>
<span>by Stefan Metzmacher</span>
<i>at 2019-08-27T11:16:24Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2019-10197: smbd: make sure that change_to_user_internal() always resets current_user.done_chdir
We should not leave current_user.done_chdir as true if we didn't call
chdir_current_service() with success.
This caused problems in when calling vfs_ChDir() in pop_conn_ctx() when
chdir_current_service() worked once on one share but later failed on another
share.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/0af5d11c762ee623f4c656897ed196722ed8d626">0af5d11c</a></strong>
<div>
<span>by Stefan Metzmacher</span>
<i>at 2019-08-27T11:16:24Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2019-10197: smbd: make sure we reset current_user.{need,done}_chdir in become_root()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035
Signed-off-by: Stefan Metzmacher <metze@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/d1d48f20a25867e65f064f2c157222cdcb74658b">d1d48f20</a></strong>
<div>
<span>by Stefan Metzmacher</span>
<i>at 2019-08-27T11:16:24Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2019-10197: selftest: make fsrvp_share its own independent subdirectory
The next patch will otherwise break the fsrvp related tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035
Signed-off-by: Stefan Metzmacher <metze@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/962d4a98b50a3ce1d58ebc516e8de9335a14dfdb">962d4a98</a></strong>
<div>
<span>by Stefan Metzmacher</span>
<i>at 2019-08-27T11:16:24Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2019-10197: test_smbclient_s3.sh: add regression test for the no permission on share root problem
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035
Signed-off-by: Stefan Metzmacher <metze@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/661a7cdb0aba2c94332ff7b997023ad040aa4f7c">661a7cdb</a></strong>
<div>
<span>by Stefan Metzmacher</span>
<i>at 2019-08-27T11:16:24Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2019-10197: smbd: split change_to_user_impersonate() out of change_to_user_internal()
This makes sure we always call chdir_current_service() even
when we still impersonated the user. Which is important
in order to run the SMB* request within the correct working directory
and only if the user has permissions to enter that directory.
It makes sure we always update conn->lastused_count
in chdir_current_service() for each request.
Note that vfs_ChDir() (called from chdir_current_service())
maintains its own cache and avoids calling SMB_VFS_CHDIR()
if possible.
It means we still avoid syscalls if we get a multiple requests
for the same session/tcon tuple.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/3761e4787f0f174252d7316adc23e7e17723bd1c">3761e478</a></strong>
<div>
<span>by Karolin Seeger</span>
<i>at 2019-08-27T11:16:24Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">WHATSNEW: Add release notes for Samba 4.10.8.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035
CVE-2019-10197 [SECURITY][EMBARGOED] permissions check deny can allow user to
escape from the share.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/2d587a11d5f48a012d06df3c614283013ccf728c">2d587a11</a></strong>
<div>
<span>by Karolin Seeger</span>
<i>at 2019-08-27T11:16:44Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">VERSION: Disable GIT_SNAPSHOT for the 4.10.8 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/96c16ed9e6352cb8bf90d864699c96ce0c1734bf">96c16ed9</a></strong>
<div>
<span>by Mathieu Parent</span>
<i>at 2019-09-10T16:39:31Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">New upstream version 4.10.8+dfsg</pre>
</li>
</ul>
<h4>30 changed files:</h4>
<ul>
<li class="file-stats">
<a href="#b33892fbddeffc3368077b4904ad0b3d562a7312">
VERSION
</a>
</li>
<li class="file-stats">
<a href="#3277e12b5a9f9ff632d229e2629d34ad21dd93fc">
WHATSNEW.txt
</a>
</li>
<li class="file-stats">
<a href="#7621aa1ce515b0afdaffdf0eca777ff6f439e31a">
ctdb/doc/ctdb-etcd.7
</a>
</li>
<li class="file-stats">
<a href="#5cbe2af7f9551bd8ba760b3978da68f98bcca8d1">
ctdb/doc/ctdb-script.options.5
</a>
</li>
<li class="file-stats">
<a href="#6f372b1da785e9b62534d3ddc2b1cc994e1edea1">
ctdb/doc/ctdb-statistics.7
</a>
</li>
<li class="file-stats">
<a href="#bff45f5b0a1ff6f2cac0546191f2199bad760297">
ctdb/doc/ctdb-tunables.7
</a>
</li>
<li class="file-stats">
<a href="#cf03e1c00a6ff50094bf342fee6dbac15b3a4e0f">
ctdb/doc/ctdb.1
</a>
</li>
<li class="file-stats">
<a href="#ab0737fb37c5f24c1a655306d7f3cf9b28970fa1">
ctdb/doc/ctdb.7
</a>
</li>
<li class="file-stats">
<a href="#355570170158b89f755ad8c2655ff1b55be32cfb">
ctdb/doc/ctdb.conf.5
</a>
</li>
<li class="file-stats">
<a href="#f3298e106280fd2e988e57b01b9f5697370b66b1">
ctdb/doc/ctdb.sysconfig.5
</a>
</li>
<li class="file-stats">
<a href="#027f7ec3db27f736464febdb40a2f5784278e923">
ctdb/doc/ctdb_diagnostics.1
</a>
</li>
<li class="file-stats">
<a href="#944489b6fed794d85434d7748c57ff12c56034db">
ctdb/doc/ctdb_mutex_ceph_rados_helper.7
</a>
</li>
<li class="file-stats">
<a href="#b3f02388c7b39adb49f0f55dbc87a0b75e7f21c3">
ctdb/doc/ctdbd.1
</a>
</li>
<li class="file-stats">
<a href="#2097dbfda6f5cb780a636fd916929b31054ddd8c">
ctdb/doc/ctdbd_wrapper.1
</a>
</li>
<li class="file-stats">
<a href="#1abbc4563e217dafc807f4824b2e10419a31fcf7">
ctdb/doc/ltdbtool.1
</a>
</li>
<li class="file-stats">
<a href="#0a2e2417e72340b1b7bea2f903aa804c91c6386b">
ctdb/doc/onnode.1
</a>
</li>
<li class="file-stats">
<a href="#cfbec512f592346951273f1f00fd0300153259f8">
ctdb/doc/ping_pong.1
</a>
</li>
<li class="file-stats">
<a href="#3ffe9922012afbdd8d172aea0e4a744017a46c3e">
docs/manpages/cifsdd.8
</a>
</li>
<li class="file-stats">
<a href="#fb65349fa2f09806b79d9f359349e05a1a43aab9">
docs/manpages/dbwrap_tool.1
</a>
</li>
<li class="file-stats">
<a href="#eae12bb44b3ee724b1c740f12730f4c389df0b72">
docs/manpages/eventlogadm.8
</a>
</li>
<li class="file-stats">
<a href="#8b9d6931b4023500ead3431562d618ffd52466ff">
docs/manpages/findsmb.1
</a>
</li>
<li class="file-stats">
<a href="#28926762f13c3ce5a1de6e2d2e8068ffb67c6740">
docs/manpages/idmap_ad.8
</a>
</li>
<li class="file-stats">
<a href="#e777d8f0d1e98d8eb6b36fe3cecbf128683c39d6">
docs/manpages/idmap_autorid.8
</a>
</li>
<li class="file-stats">
<a href="#25cc1933670f40b62ff9a036acd111a74cd79767">
docs/manpages/idmap_hash.8
</a>
</li>
<li class="file-stats">
<a href="#5e94741d6f83b11f5f44b9534cb80852b6663b3b">
docs/manpages/idmap_ldap.8
</a>
</li>
<li class="file-stats">
<a href="#9866bbd092d8ac30b5d4d0b2c769014f00968de0">
docs/manpages/idmap_nss.8
</a>
</li>
<li class="file-stats">
<a href="#a656ad172d8f1be792355bac9e7b4c3bbd953e10">
docs/manpages/idmap_rfc2307.8
</a>
</li>
<li class="file-stats">
<a href="#292a9fb6acd638e1a952d4947275be44996f43e7">
docs/manpages/idmap_rid.8
</a>
</li>
<li class="file-stats">
<a href="#ac4355cdd58ceba6dc1b0a8d6c4419a277e15af1">
docs/manpages/idmap_script.8
</a>
</li>
<li class="file-stats">
<a href="#471721d5cfe533e7f628990cbf64f295d8eb6fc7">
docs/manpages/idmap_tdb.8
</a>
</li>
</ul>
<h5>The diff was not included because it is too large.</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">
—
<br>
<a href="https://salsa.debian.org/samba-team/samba/compare/b9ee441bfef2d6d114f24296b82dea3ec4237190...96c16ed9e6352cb8bf90d864699c96ce0c1734bf">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.
</p>
</div>
</body>
</html>