<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style data-premailer="ignore" type="text/css">
a { color: #1068bf; }
</style>
<style>img {
max-width: 100%; height: auto;
}
body {
font-size: 0.875rem;
}
body {
-webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px;
}
body {
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Noto Sans", Ubuntu, Cantarell, "Helvetica Neue", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji"; font-size: inherit;
}
</style>
</head>
<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Noto Sans", Ubuntu, Cantarell, "Helvetica Neue", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";'>
<div class="content">
<h3 style="margin-top: 20px; margin-bottom: 10px;">
Michael Tokarev pushed to branch upstream_4.16 at <a href="https://salsa.debian.org/samba-team/samba">Debian Samba Team / samba</a>
</h3>
<h4 style="margin-top: 10px; margin-bottom: 10px;">
Commits:
</h4>
<ul>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/d41566d1bd0a5452d15925b5c9db66b7b139f06f">d41566d1</a></strong>
<div>
<span> by Andreas Schneider </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>third_party: Update socket_wrapper to version 1.3.4
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 5dcb49bbd80abf6f3f082ef9c1d5452991c74c87)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/f0c44d9e53dbeb9a8ebc387635f6146cb292882f">f0c44d9e</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 tests/krb5: Add PasswordKey_from_creds()
This is needed for generating a key when we don't have ETYPE-INFO2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/3542483de3f07806d78ea018852092516582c71d">3542483d</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 lib:crypto: Add des_crypt_blob_16() for encrypting data with DES
This lets us access single-DES from Python. This function is used in a
following commit for encrypting an NT hash to obtain the verifier for a
SAMR password change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit b27a67af0216811d330d8a4c52390cf4fc04b5fd)
[jsutton@samba.org Fixed wscript conflict introduced by commit
61aeb7740764b202db0ddba559e83c3b2953ae36]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/b7351888e82c5d2ae6222aede762609c02da2905">b7351888</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 lib:crypto: Add md4_hash_blob() for hashing data with MD4
This lets us access MD4, which might not be available in hashlib, from
Python. This function is used in a following commit for hashing a
password to obtain the verifier for a SAMR password change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 17b8d164f69a5ed79d9b7b7fc2f3f84f8ea534c8)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/63020bf13c04f7a8604b8f4a02dba48b8aeed769">63020bf1</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 tests/krb5: Add tests for password lockout race
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 91e2e5616ccd507fcaf097533c5fc25974119c1e)
[jsutton@samba.org Fixed conflicts in usage.py, knownfails, and tests.py
due to not having claims tests]
[jsutton@samba.org Removed tests for unsupported SAMR AES password
change, removed related GNUTLS_PBKDF2_SUPPORT environment variable, and
fixed knownfail conflicts; marked all password lockout tests as
flapping due to sporadic failures seen with Fedora 35]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/0e3ac110df7e08823407006aa82e6300524212ee">0e3ac110</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 tests/krb5: Convert password lockout tests to use os.fork() and os.pipe()
Running the password lockout tests on Fedora 35 occasionally results in
errors similar to the following:
[1(0)/1 at 0s] samba.tests.krb5.lockout_tests(ad_dc:local)
EPOLL_CTL_DEL EBADF for fde[0x5569dc76c670] mpx_fde[(nil)] fd[14] - disabling
EPOLL_CTL_DEL EBADF for fde[0x5569dc6089c0] mpx_fde[(nil)] fd[14] - disabling
EPOLL_CTL_DEL EBADF for fde[0x5569dbbe58e0] mpx_fde[(nil)] fd[14] - disabling
UNEXPECTED(error): samba.tests.krb5.lockout_tests.samba.tests.krb5.lockout_tests.LockoutTests.test_lockout_race_kdc(ad_dc:local)
REASON: Exception: Exception: concurrent.futures.process._RemoteTraceback:
"""
Traceback (most recent call last):
File "/usr/lib64/python3.10/concurrent/futures/process.py", line 243, in _process_worker
r = call_item.fn(*call_item.args, **call_item.kwargs)
File "/home/samba/src/bin/python/samba/tests/krb5/lockout_tests.py", line 141, in connect_kdc
pipe.send_bytes(b'0')
File "/usr/lib64/python3.10/multiprocessing/connection.py", line 205, in send_bytes
self._send_bytes(m[offset:offset + size])
File "/usr/lib64/python3.10/multiprocessing/connection.py", line 416, in _send_bytes
self._send(header + buf)
File "/usr/lib64/python3.10/multiprocessing/connection.py", line 373, in _send
n = write(self._handle, buf)
OSError: [Errno 9] Bad file descriptor
"""
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/home/samba/src/bin/python/samba/tests/krb5/lockout_tests.py", line 537, in test_lockout_race_kdc
self.do_lockout_race(connect_kdc)
File "/home/samba/src/bin/python/samba/tests/krb5/lockout_tests.py", line 863, in do_lockout_race
self.wait_for_ready(our_pipe, connect_future)
File "/home/samba/src/bin/python/samba/tests/krb5/lockout_tests.py", line 471, in wait_for_ready
raise exception
OSError: [Errno 9] Bad file descriptor
Such messages can be seen to come from epoll_del_event(). By resorting
to lower-level facilites such as fork() and OS pipes, we lose helpful
features such as timeouts and propagation of exceptions from child
processes, but we may avoid interactions with the event system that lead
to failures.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/bc30ca2117c75aa57c8a8b11420678cc8eea294b">bc30ca21</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 s4-rpc_server: Use authsam_search_account() to find the user
This helps the bad password and audit log handling code as it
allows assumptions to be made about the attributes found in
the variable "msg", such as that DSDB_SEARCH_SHOW_EXTENDED_DN
was used.
This ensures we can re-search on the DN via the embedded GUID,
which in in turn rename-proof.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 439f96a2cfe77f6cbf331d965a387512c2db91c6)
[jsutton@samba.org Adapted to LM hash still being present]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/740c4c2b95367793c557085e3cc5b4e367e2e0bb">740c4c2b</a></strong>
<div>
<span> by Gary Lockyer </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 auth4: split samdb_result_msds_LockoutObservationWindow() out
samdb_result_msds_LockoutObservationWindow() is split out of
samdb_result_effective_badPwdCount()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 2087b0cd986b8959b2a402b9a1891472e47ca0b0)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/831335aaaad6eead7ebd7dc3ed89c5f33c2a3e35">831335aa</a></strong>
<div>
<span> by Gary Lockyer </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 s4 auth: Prepare to make bad password count increment atomic
To ensure that the bad password count is incremented atomically,
and that the successful logon accounting data is updated atomically,
without always opening a transaction, we will need to make a note
of all bad and successful passwords in a side-DB outside the
transaction lock.
This provides the functions needed for that and hooks them in
(future commits will handle errors and use the results).
Based on patches by Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 408717242aad8adf4551f2394eee2d80a06c7e63)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/9dcf447d82238816f6056d64c68e85ddd8808660">9dcf447d</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 auth4: Reread the user record if a bad password is noticed.
As is, this is pointless, as we need a transaction to make this
any less of a race, but this provides the steps towards that goal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 7b8e32efc336fb728e0c7e3dd6fbe2ed54122124)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/8580b90a87b0a18dad8d9808e6d85ccbe5ecf107">8580b90a</a></strong>
<div>
<span> by Gary Lockyer </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 s4 auth test: Unit tests for source4/auth/sam.c
cmocka unit tests for the authsam_reread_user_logon_data in
source4/auth/sam.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d6cf245b96fb02edb3bcc52733d040d5f03fb918)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/a1a440c10148d19d3b9ac47ade2fa36ab0e39e33">a1a440c1</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 auth4: Detect ACCOUNT_LOCKED_OUT error for password change
This is more specific than NT_STATUS_UNSUCCESSFUL, and for the SAMR
password change, matches the result the call to samdb_result_passwords()
would give.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 336e303cf1962b56b64c0d9d2b05ac15d00e8692)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/79f791ff0ebe0a8a6787c74ad20870ce41907844">79f791ff</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 s4 auth: make bad password count increment atomic
Ensure that the bad password count is incremented atomically,
and that the successful logon accounting data is updated atomically.
Use bad password indicator (in a distinct TDB) to determine if to open a transaction
We open a transaction when we have seen the hint that this user
has recorded a bad password. This allows us to avoid always
needing one, while not missing a possible lockout.
We also go back and get a transation if we did not take out
one out but we chose to do a write (eg for lastLogonTimestamp)
Based on patches by Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit de4cc0a3dae89f3e51a099282615cf80c8539e11)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/a9aae34d5a97081dff9126328167678cfc4601c7">a9aae34d</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 auth4: Add missing newline to debug message on PSO read failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 4a9e0fdccfa218fbb2c3eb87e1a955ade0364b98)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/6b826a375a13f44a0486024ee09564cf3b1528ca">6b826a37</a></strong>
<div>
<span> by Gary Lockyer </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 auth4: Return only the result message and free the surrounding result
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b954acfde258a1909ed60c1c3e1015701582719f)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/0d6da5250be44888b3eaeb94aad7cee77f44d095">0d6da525</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 auth4: Split authsam_calculate_lastlogon_sync_interval() out
authsam_calculate_lastlogon_sync_interval() is split out of authsam_update_lastlogon_timestamp()
Based on work by Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 55147335aec8194b6439169b040556a96db22e95)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/dd38fae8c8d7d47c75f03b6bc94bed8d47012cb6">dd38fae8</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 auth4: Inline samdb_result_effective_badPwdCount() in authsam_logon_success_accounting()
By bringing this function inline it can then be split out in a
subsequent commit.
Based on work by Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 712181032a47318576ef35f6a6cf0f958aa538fb)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/6a70d006917486e4f1bf9333ab8a4961e79ef51a">6a70d006</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 auth4: Avoid reading the database twice by precaculating some variables
These variables are not important to protect against a race with
and a double-read can easily be avoided by moving them up the file
a little.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b5f78b7b895a6b92cfdc9221b18d67ab18bc2a24)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/2fe2485b93d589620684f79b61d3da222accfb1e">2fe2485b</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 s4-auth: Pass through error code from badPwdCount update
The error code may be NT_STATUS_ACCOUNT_LOCKED_OUT, which we use in
preference to NT_STATUS_WRONG_PASSWORD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d8a862cb811489abb67d4cf3a7fbd83d05c7e5cb)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/f725f2f2442b3cef0fb51ad2af5248147524873b">f725f2f2</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 s4:dsdb: Update bad password count inside transaction
Previously, there was a gap between calling dsdb_update_bad_pwd_count()
and dsdb_module_modify() where no transaction was in effect. Another
process could slip in and modify badPwdCount, only for our update to
immediately overwrite it. Doing the update inside the transaction will
help for the following commit when we make it atomic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a65147a9e98ead70869cdfa20ffcc9c167dbf535)
[jsutton@samba.org Fixed conflicts due to lack of dbg_ret variable]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/f58d7e42009180dba67832149123a19237d388b2">f58d7e42</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 s4:dsdb: Make badPwdCount update atomic
We reread the account details inside the transaction in case the account
has been locked out in the meantime. If it has, we return the
appropriate error code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 96479747bdb5bc5f33d903085f5f69793f369e3a)
[jsutton@samba.org Fixed conflict due to lack of dbg_ret variable]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/29b31129fd372513ad24e56ec4caab6844e2ed72">29b31129</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 s4:kdc: Move logon success accounting code into existing branch
This simplifies the code for the following commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 2b593c34c4f5cb82440b940766e53626c1cbec5b)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/5eb5daaa1521d424ebde5a4d06ad05c9cdfc7996">5eb5daaa</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 s4:kdc: Check return status of authsam_logon_success_accounting()
If we find that the user has been locked out sometime during the request
(due to a race), we will now return an error code.
Note that we cannot avoid the MIT KDC aspect of the issue by checking
the return status of mit_samba_zero_bad_password_count(), because
kdb_vftabl::audit_as_req() returning void means we cannot pass on the
result.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit b1e740896ebae14ba64250da2f718e1d707e9eed)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/74d8c3d5843f2ba285bc1a6ace1eba5080c0e99c">74d8c3d5</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 s4:kdc: Check badPwdCount update return status
If the account has been locked out in the meantime (indicated by
NT_STATUS_ACCOUNT_LOCKED_OUT), we should return the appropriate error
code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit bdfc9d96f8fe5070ab8a189bbf42ccb7e77afb73)
[jsutton@samba.org Fixed knownfail conflicts due to not having claims
tests]
[jsutton@samba.org Fixed knownfail conflicts]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/96c24b58b8cc2301007f0bf586184fd2d264b028">96c24b58</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 s4-rpc_server: Check badPwdCount update return status
If the account has been locked out in the meantime (indicated by
NT_STATUS_ACCOUNT_LOCKED_OUT), we should return the appropriate error
code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a268a1a0e304d0702469e4ac146d8af5e7384c39)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/05447dfb2016d32fdfffb42fdb02cc4db68b18a9">05447dfb</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 s4:auth_winbind: Check return status of authsam_logon_success_accounting()
This may return an error if we find the account is locked out.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 268ea7bef5af4b9c8a02f4f5856113ff0664d9e8)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/69abe0c2b0aeeb8ac1fb93baae41f1452ac4a5fc">69abe0c2</a></strong>
<div>
<span> by Jeremy Allison </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 s3: ensure bad password count atomic updates
The bad password count is supposed to limit the number of failed login
attempt a user can make before being temporarily locked out, but race
conditions between processes have allowed determined attackers to make
many more than the specified number of attempts. This is especially
bad on constrained or overcommitted hardware.
To fix this, once a bad password is detected, we reload the sam account
information under a user-specific mutex, ensuring we have an up to
date bad password count.
Discovered by Nathaniel W. Turner.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8587734bf989aeaafa9d09d78d0f381caf52d285)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/ae3b615236c4cc773be30f34ec9b794a25253449">ae3b6152</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR password change
The bad password count is supposed to limit the number of failed login
attempt a user can make before being temporarily locked out, but race
conditions between processes have allowed determined attackers to make
many more than the specified number of attempts. This is especially
bad on constrained or overcommitted hardware.
To fix this, once a bad password is detected, we reload the sam account
information under a user-specific mutex, ensuring we have an up to
date bad password count.
Derived from a similar patch to source3/auth/check_samsec.c by
Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 65c473d4a53fc8a22a0d531aff45203ea3a4d99b)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/a3aebea4893256b8953101ed06bf4ce1afc381a2">a3aebea4</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>lib:util: Check memset_s() error code in talloc_keep_secret_destructor()
Panic if memset_s() fails.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 03a50d8f7d872b6ef701d1207061c88b73d171bb)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/3cab9f6a34ed7091059d4aa4221d5a6a712d4c25">3cab9f6a</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>libcli:auth: Keep passwords from convert_string_talloc() secret
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 6edf88f5c40421b9881666a2e78038ea9c547c24)
[jsutton@samba.org Removed change to decode_pwd_string_from_buffer514()
that is not present in 4.16]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/d9a144e8c4ea1488dcec981279d7d22347730ad0">d9a144e8</a></strong>
<div>
<span> by Pavel Filipenský </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>lib:replace: Add macro BURN_STR() to zero memory of a string
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 8564380346ace981b957bb8464f2ecf007032062)
[jsutton@samba.org Fixed conflict]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/317d36710b59ed6f4c72433de950b5a1d77a6c12">317d3671</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s3:rpc_server: Use BURN_STR() to zero password
This ensures these calls are not optimised away.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1258746ba85b8702628f95a19aba9afea96eab8b)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/f78ff75c51f6cd15b476de373f11b1c87f962970">f78ff75c</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 s4-rpc_server: Extend scope of transaction for ChangePasswordUser3
Now the initial account search is performed under the transaction,
ensuring the overall password change is atomic. We set DSDB_SESSION_INFO
to drop our privileges to those of the user before we perform the actual
password change, and restore them afterwards if we need to update the
bad password count.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit fcabcb326d385c1e1daaa8dae9820e33a3868f56)
[jsutton@samba.org Included dsdb/common/util.h header for
DSDB_SESSION_INFO define]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/c56e2e2e700cb1b4a75f5bb3224ecf4657dd2a99">c56e2e2e</a></strong>
<div>
<span> by Andreas Schneider </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s3:rpc_server: Use a done goto label for dcesrv_samr_SetUserInfo()
This will be used in the following commits.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit a246ae993fd8553bf66aa8ee1700eb68b85f2857)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/f7f1106b2edafc25ddd9c6f98b04c048e1c85dd4">f7f1106b</a></strong>
<div>
<span> by Andreas Schneider </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s4:rpc_server: Use sam_ctx consistently in dcesrv_samr_SetUserInfo()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 1b3d7f811680f9ac66ca5822950b3eee081a06b0)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/d0cd367da4c9a7041541315aa104309c6cb28e05">d0cd367d</a></strong>
<div>
<span> by Andreas Schneider </span> <i> at 2022-09-18T16:46:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s4:rpc_server: Add transaction for dcesrv_samr_SetUserInfo()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 1aa403517ffc0d43df72ddc9fa2ce86ab5c33873)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/6a0280d9553db535601c71c1be475f85949d5b83">6a0280d9</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-09-18T17:46:29+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251 dsdb/common: Remove transaction logic from samdb_set_password()
All of its callers, where necessary, take out a transaction covering the
entire password set or change operation, so a transaction is no longer
needed here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7981cba87e3a7256b12bfc5fdd89b136c12979ff)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Sun Sep 18 17:46:29 UTC 2022 on sn-devel-184
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/729bbca5e88d9c7bee4fccd2e3c9a8f14b9f8ae7">729bbca5</a></strong>
<div>
<span> by Volker Lendecke </span> <i> at 2022-09-28T19:13:18+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>vfs_gpfs: Prevent mangling of GPFS timestamps after 2106
gpfs_set_times as of August 2020 stores 32-bit unsigned tv_sec. We
should not silently garble time stamps but reject the attempt to set
an out-of-range timestamp.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit b954d181cd25d9029d3c222e8d97fe7a3b0b2400)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/08383bedc3be4807dc2b8fb018790de9e00c5606">08383bed</a></strong>
<div>
<span> by Volker Lendecke </span> <i> at 2022-09-28T19:13:18+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>lib: Map ERANGE to NT_STATUS_INTEGER_OVERFLOW
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Aug 19 12:43:06 UTC 2022 on sn-devel-184
(cherry picked from commit 06f35edaf129ce3195960905d38af73ec12fc716)
(cherry picked from commit e56c18d356bd3419abebd36e1fae39019cabbfaf)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/04e54799b2bc4666f69106fc7f1236237eae73a9">04e54799</a></strong>
<div>
<span> by Volker Lendecke </span> <i> at 2022-09-28T19:13:18+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>vfs_gpfs: Protect against timestamps before the Unix epoch
In addition to b954d181cd2 we should also protect against timestamps
before the epoch.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15151
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Sep 23 06:50:17 UTC 2022 on sn-devel-184
(cherry picked from commit f6b391e04a4d5974b908f4f375bd2876083aa7b2)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/2f71273a73673da7d2a12e61cbcc3242b2c9958a">2f71273a</a></strong>
<div>
<span> by Jeremy Allison </span> <i> at 2022-09-28T20:10:04+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s3: smbd: Fix memory leak in smbd_server_connection_terminate_done().
The function smbd_server_connection_terminate_done() does not free subreq
which is allocated in smbXsrv_connection_shutdown_send, this can be a
memory leakage if multi-channel is enabled.
Suggested fix by haihua yang <hhyangdev@gmail.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15174
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Sep 23 09:51:20 UTC 2022 on sn-devel-184
(cherry picked from commit b600b0c8d9690cb5eeded1e5925c8e667c11af04)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Wed Sep 28 20:10:04 UTC 2022 on sn-devel-184
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/7c2697e9c84ad94001d0b6aa73c6bb91a079ef78">7c2697e9</a></strong>
<div>
<span> by Andreas Schneider </span> <i> at 2022-10-07T08:45:15+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s3:auth: Flush the GETPWSID in memory cache for NTLM auth
Example valgrind output:
==22502== 22,747,002 bytes in 21,049 blocks are possibly lost in loss record 1,075 of 1,075
==22502== at 0x4C29F73: malloc (vg_replace_malloc.c:309)
==22502== by 0x11D7089C: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.16)
==22502== by 0x9027834: tcopy_passwd (in /usr/lib64/libsmbconf.so.0)
==22502== by 0x6A1E1A3: pdb_copy_sam_account (in /usr/lib64/libsamba-passdb.so.0.27.2)
==22502== by 0x6A28AB7: pdb_getsampwnam (in /usr/lib64/libsamba-passdb.so.0.27.2)
==22502== by 0x65D0BC4: check_sam_security (in /usr/lib64/samba/libauth-samba4.so)
==22502== by 0x65C70F0: ??? (in /usr/lib64/samba/libauth-samba4.so)
==22502== by 0x65C781A: auth_check_ntlm_password (in /usr/lib64/samba/libauth-samba4.so)
==22502== by 0x14E464: ??? (in /usr/sbin/winbindd)
==22502== by 0x151CED: winbind_dual_SamLogon (in /usr/sbin/winbindd)
==22502== by 0x152072: winbindd_dual_pam_auth_crap (in /usr/sbin/winbindd)
==22502== by 0x167DE0: ??? (in /usr/sbin/winbindd)
==22502== by 0x12F29B12: tevent_common_invoke_fd_handler (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F30086: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2E056: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2925C: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x16A243: ??? (in /usr/sbin/winbindd)
==22502== by 0x16AA04: ??? (in /usr/sbin/winbindd)
==22502== by 0x12F29F68: tevent_common_invoke_immediate_handler (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F29F8F: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2FE3C: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2E056: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2925C: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F4C7: main (in /usr/sbin/winbindd)
You can find one for each string in pdb_copy_sam_account(), in total
this already has 67 MB in total for this valgrind run.
pdb_getsampwnam() -> memcache_add_talloc(NULL, PDB_GETPWSID_CACHE, ...)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15169
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 16 20:30:31 UTC 2022 on sn-devel-184
(cherry picked from commit 9ef2f7345f0d387567fca598cc7008af95598903)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/2003f7cf7497d8a0dfc11c230c8f3a28c53eea64">2003f7cf</a></strong>
<div>
<span> by Douglas Bagnall </span> <i> at 2022-10-07T08:45:15+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pytest: add file removal helpers for TestCaseInTempDir
In several places we end a test by deleting a number of files and
directories, but we do it rather haphazardly with unintentionally
differing error handling. For example, in some tests we currently have
something like:
try:
shutil.rmtree(os.path.join(self.tempdir, "a"))
os.remove(os.path.join(self.tempdir, "b"))
shutil.rmtree(os.path.join(self.tempdir, "c"))
except Exception:
pass
where if, for example, the removal of "b" fails, the removal of "c" will
not be attempted. That will result in the tearDown method raising an
exception, and we're no better off. If the above code is replaced with
self.rm_files('b')
self.rm_dirs('a', 'c')
the failure to remove 'b' will cause a test error, *unless* the failure
was due to a FileNotFoundError (a.k.a. an OSError with errno ENOENT),
in which case we ignore it, as was probably the original intention.
If on the other hand, we have
self.rm_files('b', must_exist=True)
self.rm_dirs('a', 'c')
then the FileNotFoundError causes a failure (not an error).
We take a little bit of care to stay within self.tempdir, to protect
test authors who accidentally write something like `self.rm_dirs('/')`.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 2359741b2854a8de9d151fe189be80a4bd087ff9)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/70de610892409421aeb9047b26a551881966acdc">70de6108</a></strong>
<div>
<span> by Douglas Bagnall </span> <i> at 2022-10-07T08:45:15+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pytest/downgradedatabase: use TestCaseInTempDir.rm_files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 85bc1552e3919d049d39a065824172a24933d38b)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/6e217c047d2123e27e735aa7b168f564d0b719e6">6e217c04</a></strong>
<div>
<span> by Douglas Bagnall </span> <i> at 2022-10-07T08:45:15+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pytest/samdb_api: use TestCaseInTempDir.rm_files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 4e3dabad0be0900a203896c2c2acb270d31b0a42)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/fba1864d7a74e82676bf55a8c162ead90adb445c">fba1864d</a></strong>
<div>
<span> by Douglas Bagnall </span> <i> at 2022-10-07T08:45:15+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pytest/join: use TestCaseInTempDir.rm_files/dirs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 7455c53fa4f7871b3980f820d22b0fd411195704)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/6a6db20068fb28cbc3b70a92b0b51d08621272c5">6a6db200</a></strong>
<div>
<span> by Douglas Bagnall </span> <i> at 2022-10-07T08:45:15+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pytest/samdb: use TestCaseInTempDir.rm_files/.rm_dirs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 251360d6e58986dd53f0317319544e930dc61444)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/42b5bfa68e25a2878bc0f441061a2e8195874573">42b5bfa6</a></strong>
<div>
<span> by Douglas Bagnall </span> <i> at 2022-10-07T08:45:15+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pytest/samba_tool_drs: use TestCaseInTempDir.rm_files/.rm_dirs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 3f0aab45c81c9f9b6b87eb68bc785902619dc10d)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/dd2c5f96981e6ea06447490dbf65d883134060b2">dd2c5f96</a></strong>
<div>
<span> by Douglas Bagnall </span> <i> at 2022-10-07T08:45:15+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>pytest/samba_tool_drs_no_dns: use TestCaseInTempDir.rm_files/.rm_dirs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15191
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 24f7d71416753b792d6fe029da6f366adb10383e)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/2d2156b01dea36fdac02fdd6bb5f2e36ef81d2b7">2d2156b0</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-10-07T08:45:15+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>selftest: Prepare for "old Samba" mode regarding getncchanges GET_ANC/GET_TGT
The chgdcpass environment will emulate older verions of Samba
that fail to implement DRSUAPI_DRS_GET_ANC correctly and
totally fails to support DRSUAPI_DRS_GET_TGT.
This will allow testing of a client-side fallback, allowing migration
from sites that run very old Samba versions over DRSUAPI (currently
the only option is to attempt an in-place upgrade).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 62b426243f4eaa4978c249b6e6ce90d35aeaefe4)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/997b8f8341f27919b0ae24d24680637f14406d54">997b8f83</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-10-07T08:45:15+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>selftest: Add tests for GetNCChanges GET_ANC using samba-tool drs clone-dc-database
This test, compared with the direct to RPC tests, will succeed, then fail once the
server is changed to emulate Samba 4.5 and and again succeed once the python code
changes to allow skipping the DRSUAPI_DRS_CRITICAL_ONLY step
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 7ff743d65dcf27ffe0c6861720e8ce531bfa378d)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/a0e0c7e9894f8c3ff073dbff1a7e77e9a6b2f06b">a0e0c7e9</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-10-07T08:45:15+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s4-rpc_server:getncchanges Add "old Samba" mode regarding GET_ANC/GET_TGT
This emulates older verions of Samba that fail to implement
DRSUAPI_DRS_GET_ANC correctly and totally fails to support
DRSUAPI_DRS_GET_TGT.
This will allow testing of a client-side fallback, allowing migration
from sites that run very old Samba versions over DRSUAPI (currently
the only option is to attempt an in-place upgrade).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 314bc44fa9b8fc99c80bfcfff71f2cec67bbda36)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/584a4c005751e3964d070e40573f8620706fc647">584a4c00</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-10-07T08:45:15+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>selftest: Enable "old Samba" mode regarding GET_ANC/GET_TGT
The chgdcpass server now emulates older verions of Samba that
fail to implement DRSUAPI_DRS_GET_ANC correctly and totally fails to support
DRSUAPI_DRS_GET_TGT.
We now show this is in effect by the fact that tests now fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit b0bbc94d4124d63b1d5a35ccbc88ffd51d520ba0)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/0a8330ab7dc2bad3b2ab24dc5e5e368b3979ea05">0a8330ab</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-10-07T08:45:15+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s4-libnet: Add messages to object count mismatch failures
This helps explain these better than WERR_GEN_FAILURE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 483c48f52d6ff5e8149ed12bfeb2b6608c946f01)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/1a4d3a2db79dbf48b772b7bbbcf5988a43958642">1a4d3a2d</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-10-07T09:56:12+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>python-drs: Add client-side debug and fallback for GET_ANC
Samba 4.5 and earlier will fail to do GET_ANC correctly and will not
replicate non-critical parents of objects with isCriticalSystemObject=TRUE
when DRSUAPI_DRS_CRITICAL_ONLY is set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit bff2bc9c7d69ec2fbe9339c2353a0a846182f1ea)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Fri Oct 7 09:56:12 UTC 2022 on sn-devel-184
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/ada5ef9d847f17fd00fd1704300258de97c69e6f">ada5ef9d</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-10-18T08:34:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>smbXsrv_client: correctly check in negotiate_request.length smbXsrv_client_connection_pass[ed]_*
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 21ef01e7b8368caa050ed82b9d787d1679220b2b)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/52dd57d4b30218b93231cf1a990c8829b0c06033">52dd57d4</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-10-18T08:34:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>smbXsrv_client: notify a different node to drop a connection by client guid.
If a client disconnected all its interfaces and reconnects when
the come back, it will likely start from any ip address returned
dns, which means it can try to connect to a different ctdb node.
The old node may not have noticed the disconnect and still holds
the client_guid based smbd.
Up unil now the new node returned NT_STATUS_NOT_SUPPORTED to
the SMB2 Negotiate request, as messaging_send_iov[_from]() will
return -1/ENOSYS if a file descriptor os passed to a process on
a different node.
Now we tell the other node to teardown all client connections
belonging to the client-guid.
Note that this is not authenticated, but if an attacker can
capture the client-guid, he can also inject TCP resets anyway,
to get the same effect.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15159
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 2 20:59:15 UTC 2022 on sn-devel-184
(cherry picked from commit 8591d9424371e173b079d5c8a267ea4c2cb266ad)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/f806366dd4a5a551a48526594bd25711376f5f04">f806366d</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-10-18T08:34:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>smbXsrv_client: ignore NAME_NOT_FOUND from smb2srv_client_connection_passed
If we hit a race, when a client disconnects the connection after the initial
SMB2 Negotiate request, before the connection is completely passed to
process serving the given client guid, the temporary smbd which accepted the
new connection may already detected the disconnect and exitted before
the long term smbd servicing the client guid was able to send the
MSG_SMBXSRV_CONNECTION_PASSED message.
The result was a log message like this:
smbXsrv_client_connection_pass_loop: smb2srv_client_connection_passed() failed => NT_STATUS_OBJECT_NAME_NOT_FOUND
and all connections belonging to the client guid were dropped,
because we called exit_server_cleanly().
Now we ignore NT_STATUS_OBJECT_NAME_NOT_FOUND from
smb2srv_client_connection_passed() and let the normal
event loop detect the broken connection, so that only
that connection is terminated (not the whole smbd process).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 636ec45c93ad040ba70296aa543884c145b3e789)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/68a233322bdba537546cc4c23c9e97122a67fe59">68a23332</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-10-18T08:34:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>smbXsrv_client: fix a debug message in smbXsrv_client_global_verify_record()
DBG_WARNING() already adds the function name as prefix.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit acb3d821deaf06faa16f6428682ecdb02babeb98)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/935f1ec476edd0688a5471d7a7486da5f92c8b3f">935f1ec4</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-10-18T08:34:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>smbXsrv_client: call smb2srv_client_connection_{pass,drop}() before dbwrap_watched_watch_send()
dbwrap_watched_watch_send() should typically be the last thing to call
before the db record is unlocked, as it's not that easy to undo.
In future we want to recover from smb2srv_client_connection_{pass,drop}()
returning NT_STATUS_OBJECT_NAME_NOT_FOUND and it would add complexity if
would need to undo dbwrap_watched_watch_send() at that point.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 56c597bc2b29dc3e555f737ba189f521d0e31e8c)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/0fa03f112f75dbae7f3f63d245928668df57da45">0fa03f11</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-10-18T08:34:18+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>smbXsrv_client: make sure we only wait for smb2srv_client_mc_negprot_filter once and only when needed
This will simplify the following changes...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 8c8d8cf01e01c2726d03fa1c81e0ce9992ee736c)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/b3e8e8185fcb740a780867e69e014d7b87e77afe">b3e8e818</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-10-18T08:34:18+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>smbXsrv_client: handle NAME_NOT_FOUND from smb2srv_client_connection_{pass,drop}()
If we get NT_STATUS_OBJECT_NOT_FOUND from smb2srv_client_connection_{pass,drop}()
we should just keep the connection and overwrite the stale record in
smbXsrv_client_global.tdb. It's basically a race with serverid_exists()
and a process that doesn't cleanly teardown.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15200
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 5d66d5b84f87267243dcd5223210906ce589af91)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/24bc377a0ec8fc23df22b396b6b30e6b60b39fb7">24bc377a</a></strong>
<div>
<span> by Jeremy Allison </span> <i> at 2022-10-18T08:34:18+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s4: smbtorture: Add fsync_resource_fork test to fruit tests.
This shows we currently hang when sending an SMB2_OP_FLUSH on
an AFP_Resource fork.
Adds knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
(cherry picked from commit 1b8a8732848169c632af12b7c2b4cd3ee73be244)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/6c7af4055805041726c5735da5b89f2f7f067aef">6c7af405</a></strong>
<div>
<span> by Jeremy Allison </span> <i> at 2022-10-18T08:34:18+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s3: VFS: fruit. Implement fsync_send()/fsync_recv().
For type == ADOUBLE_META, fio->fake_fd is true so
writes are already synchronous, just call tevent_req_post().
For type == ADOUBLE_RSRC we know we are configured
with FRUIT_RSRC_ADFILE (because fruit_must_handle_aio_stream()
returned true), so we can just call SMB_VFS_NEXT_FSYNC_SEND()
after replacing fsp with fio->ad_fsp.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
(cherry picked from commit 35c637f2e6c671acf8fb9c2a67774bd5e74dd7d0)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/3e0ce4513b06f17791c02ab0b4f787f63fe69b9f">3e0ce451</a></strong>
<div>
<span> by Ralph Boehme </span> <i> at 2022-10-18T09:41:37+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>vfs_fruit: add missing calls to tevent_req_received()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15182
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
(cherry picked from commit a7fba3ff5996330158d3cc6bc24746a59492b690)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Tue Oct 18 09:41:37 UTC 2022 on sn-devel-184
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/0503e0df3b6b0b02c54c50f25e77b39de90ca575">0503e0df</a></strong>
<div>
<span> by Noel Power </span> <i> at 2022-10-19T08:39:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s3/rpcclient: Duplicate string returned from poptGetArg
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.
==4407== Invalid read of size 1
==4407== at 0x146263: main (rpcclient.c:1262)
==4407== Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 1
==4407== at 0x14627D: main (rpcclient.c:1263)
==4407== Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 1
==4407== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x4980E1C: talloc_strdup (talloc.c:2470)
==4407== by 0x488CD96: dcerpc_parse_binding (binding.c:320)
==4407== by 0x1462B1: main (rpcclient.c:1267)
==4407== Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 1
==4407== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x4980E1C: talloc_strdup (talloc.c:2470)
==4407== by 0x488CD96: dcerpc_parse_binding (binding.c:320)
==4407== by 0x1462B1: main (rpcclient.c:1267)
==4407== Address 0x7b67cd1 is 1 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 8
==4407== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x4980DC2: __talloc_strlendup (talloc.c:2457)
==4407== by 0x4980E32: talloc_strdup (talloc.c:2470)
==4407== by 0x488CD96: dcerpc_parse_binding (binding.c:320)
==4407== by 0x1462B1: main (rpcclient.c:1267)
==4407== Address 0x7b67cd0 is 0 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
==4407==
==4407== Invalid read of size 1
==4407== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x4980DC2: __talloc_strlendup (talloc.c:2457)
==4407== by 0x4980E32: talloc_strdup (talloc.c:2470)
==4407== by 0x488CD96: dcerpc_parse_binding (binding.c:320)
==4407== by 0x1462B1: main (rpcclient.c:1267)
==4407== Address 0x7b67cd8 is 8 bytes inside a block of size 10 free'd
==4407== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B2E8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x5B2F5D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x146227: main (rpcclient.c:1251)
==4407== Block was alloc'd at
==4407== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==4407== by 0x5B302EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==4407== by 0x1461BC: main (rpcclient.c:1219)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d26d3d9bff61f796c9c9ab54990ea078f575ab1e)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/da11c48d9b69b394e2d01b3405aba24b17e671e0">da11c48d</a></strong>
<div>
<span> by Noel Power </span> <i> at 2022-10-19T08:39:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s3/param: Fix use after free with popt-1.19
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.
==5325== Invalid read of size 1
==5325== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859E1C: talloc_strdup (talloc.c:2470)
==5325== by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325== by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859E1C: talloc_strdup (talloc.c:2470)
==5325== by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325== by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b1 is 1 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 8
==5325== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325== by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 2
==5325== at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325== by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8c0 is 16 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x48C0D37: talloc_sub_basic (substitute.c:303)
==5325== by 0x4894B98: lp_load_ex (loadparm.c:4004)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8c2 is 18 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859E1C: talloc_strdup (talloc.c:2470)
==5325== by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325== by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859E1C: talloc_strdup (talloc.c:2470)
==5325== by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325== by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b1 is 1 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 8
==5325== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325== by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8b0 is 0 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 2
==5325== at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325== by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8c0 is 16 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
==5325== Invalid read of size 1
==5325== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4859DC2: __talloc_strlendup (talloc.c:2457)
==5325== by 0x4859E32: talloc_strdup (talloc.c:2470)
==5325== by 0x4B3B74B: add_to_file_list (loadparm.c:1023)
==5325== by 0x4894BD4: lp_load_ex (loadparm.c:4011)
==5325== by 0x489529E: lp_load_with_registry_shares (loadparm.c:4237)
==5325== by 0x10ABD7: main (test_lp_load.c:98)
==5325== Address 0x72da8c2 is 18 bytes inside a block of size 20 free'd
==5325== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B8F8B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x4B905D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB8E: main (test_lp_load.c:90)
==5325== Block was alloc'd at
==5325== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5325== by 0x4B912EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5325== by 0x10AB49: main (test_lp_load.c:74)
==5325==
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ff003fc87b8164610dfd6572347c05308c4b2fd7)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/1efcc10c9d4f4f35ea22322e427989112a3bae51">1efcc10c</a></strong>
<div>
<span> by Noel Power </span> <i> at 2022-10-19T08:39:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s3/utils: Add missing poptFreeContext
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 31d3d10b260f05080ca0a3cf9434aa4704d60739)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/4b35fa3f85e6ce8811a47e3d42049fecc0045d2f">4b35fa3f</a></strong>
<div>
<span> by Noel Power </span> <i> at 2022-10-19T08:39:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s3/utils: Fix use after free with popt 1.19
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.
==5914== Invalid read of size 1
==5914== at 0x4FDF740: strlcpy (in /usr/lib64/libbsd.so.0.11.6)
==5914== by 0x49E09A9: tdbsam_getsampwnam (pdb_tdb.c:583)
==5914== by 0x49D94E5: pdb_getsampwnam (pdb_interface.c:340)
==5914== by 0x10DED1: print_user_info (pdbedit.c:372)
==5914== by 0x111413: main (pdbedit.c:1324)
==5914== Address 0x73b6750 is 0 bytes inside a block of size 7 free'd
==5914== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5914== by 0x4C508B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==5914== by 0x4C515D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==5914== by 0x1113E6: main (pdbedit.c:1323)
==5914== Block was alloc'd at
==5914== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==5914== by 0x4C522EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==5914== by 0x110AE5: main (pdbedit.c:1137)
==5914==
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e82699fcca3716d9ed0450263fd83f948de8ffbe)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/5383d625cbb3a2c10b4fa18d21e738dabad5d6be">5383d625</a></strong>
<div>
<span> by Noel Power </span> <i> at 2022-10-19T08:39:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s3/utils: Fix use after free with popt 1.19
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.
==6055== Command: ./bin/testparm /etc/samba/smb.conf
==6055==
==6055== Invalid read of size 1
==6055== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4C1E50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6055== by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
==6055== by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
==6055== by 0x10EBFA: main (testparm.c:862)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4C1E50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6055== by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
==6055== by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
==6055== by 0x10EBFA: main (testparm.c:862)
==6055== Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4C44DD0: _IO_default_xsputn (in /usr/lib64/libc.so.6)
==6055== by 0x4C1E39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6055== by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
==6055== by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
==6055== by 0x10EBFA: main (testparm.c:862)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4C44DDF: _IO_default_xsputn (in /usr/lib64/libc.so.6)
==6055== by 0x4C1E39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6055== by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
==6055== by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
==6055== by 0x10EBFA: main (testparm.c:862)
==6055== Address 0x72dab72 is 2 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
Load smb config files from /etc/samba/smb.conf
==6055== Invalid read of size 1
==6055== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927E1C: talloc_strdup (talloc.c:2470)
==6055== by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055== by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927E1C: talloc_strdup (talloc.c:2470)
==6055== by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055== by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 8
==6055== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055== by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 2
==6055== at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055== by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab80 is 16 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055== by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab82 is 18 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927E1C: talloc_strdup (talloc.c:2470)
==6055== by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055== by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927E1C: talloc_strdup (talloc.c:2470)
==6055== by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055== by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 8
==6055== at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055== by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 2
==6055== at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055== by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab80 is 16 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055== at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055== by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055== by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055== by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055== by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055== by 0x10EC06: main (testparm.c:864)
==6055== Address 0x72dab82 is 18 bytes inside a block of size 20 free'd
==6055== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EBAC: main (testparm.c:854)
==6055== Block was alloc'd at
==6055== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055== by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055== by 0x10EB2E: main (testparm.c:830)
==6055==
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4b15d8c2a5c8547b84e7926fed9890b5676b8bc3)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/7480f9c01d6449e071784b04ea1f8e2a18906d75">7480f9c0</a></strong>
<div>
<span> by Noel Power </span> <i> at 2022-10-19T08:39:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s4/lib/registry: Fix use after free with popt 1.19
popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.
==6357== Command: ./bin/regpatch file
==6357==
Can't load /home/npower/samba-back/INSTALL_DIR/etc/smb.conf - run testparm to debug it
==6357== Syscall param openat(filename) points to unaddressable byte(s)
==6357== at 0x4BFE535: open (in /usr/lib64/libc.so.6)
==6357== by 0x4861432: reg_diff_load (patchfile.c:345)
==6357== by 0x4861CD3: reg_diff_apply (patchfile.c:542)
==6357== by 0x10ADF9: main (regpatch.c:114)
==6357== Address 0x70f79d0 is 0 bytes inside a block of size 5 free'd
==6357== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ADCF: main (regpatch.c:111)
==6357== Block was alloc'd at
==6357== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ACBD: main (regpatch.c:79)
==6357==
==6357== Invalid read of size 1
==6357== at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4B5D50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4AD32F0: __dbgtext_va (debug.c:1904)
==6357== by 0x4AD33F2: dbgtext (debug.c:1925)
==6357== by 0x4861515: reg_diff_load (patchfile.c:353)
==6357== by 0x4861CD3: reg_diff_apply (patchfile.c:542)
==6357== by 0x10ADF9: main (regpatch.c:114)
==6357== Address 0x70f79d0 is 0 bytes inside a block of size 5 free'd
==6357== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ADCF: main (regpatch.c:111)
==6357== Block was alloc'd at
==6357== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ACBD: main (regpatch.c:79)
==6357==
==6357== Invalid read of size 1
==6357== at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4B5D50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4AD32F0: __dbgtext_va (debug.c:1904)
==6357== by 0x4AD33F2: dbgtext (debug.c:1925)
==6357== by 0x4861515: reg_diff_load (patchfile.c:353)
==6357== by 0x4861CD3: reg_diff_apply (patchfile.c:542)
==6357== by 0x10ADF9: main (regpatch.c:114)
==6357== Address 0x70f79d1 is 1 bytes inside a block of size 5 free'd
==6357== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ADCF: main (regpatch.c:111)
==6357== Block was alloc'd at
==6357== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ACBD: main (regpatch.c:79)
==6357==
==6357== Invalid read of size 1
==6357== at 0x4B83DD0: _IO_default_xsputn (in /usr/lib64/libc.so.6)
==6357== by 0x4B5D39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4AD32F0: __dbgtext_va (debug.c:1904)
==6357== by 0x4AD33F2: dbgtext (debug.c:1925)
==6357== by 0x4861515: reg_diff_load (patchfile.c:353)
==6357== by 0x4861CD3: reg_diff_apply (patchfile.c:542)
==6357== by 0x10ADF9: main (regpatch.c:114)
==6357== Address 0x70f79d0 is 0 bytes inside a block of size 5 free'd
==6357== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ADCF: main (regpatch.c:111)
==6357== Block was alloc'd at
==6357== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ACBD: main (regpatch.c:79)
==6357==
==6357== Invalid read of size 1
==6357== at 0x4B83DDF: _IO_default_xsputn (in /usr/lib64/libc.so.6)
==6357== by 0x4B5D39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4B7E719: __vasprintf_internal (in /usr/lib64/libc.so.6)
==6357== by 0x4AD32F0: __dbgtext_va (debug.c:1904)
==6357== by 0x4AD33F2: dbgtext (debug.c:1925)
==6357== by 0x4861515: reg_diff_load (patchfile.c:353)
==6357== by 0x4861CD3: reg_diff_apply (patchfile.c:542)
==6357== by 0x10ADF9: main (regpatch.c:114)
==6357== Address 0x70f79d2 is 2 bytes inside a block of size 5 free'd
==6357== at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF38B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x4AF45D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ADCF: main (regpatch.c:111)
==6357== Block was alloc'd at
==6357== at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6357== by 0x4AF52EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6357== by 0x10ACBD: main (regpatch.c:79)
==6357==
Error reading registry patch file `file'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 14 13:38:55 UTC 2022 on sn-devel-184
(cherry picked from commit 7e0e3f47cd67e4cadc101691cd14837f45d9506a)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/e69d2b3f9d2c8f38a4d93413d563ad5241d35383">e69d2b3f</a></strong>
<div>
<span> by Noel Power </span> <i> at 2022-10-19T08:39:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s3/param: Check return of talloc_strdup
followup to commit ff003fc87b8164610dfd6572347c05308c4b2fd7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 19eb88bc53e481327bbd437b0c145d5765c6dcec)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/9a18da112c47055fb32291dfcde42f2ccca7aad7">9a18da11</a></strong>
<div>
<span> by Noel Power </span> <i> at 2022-10-19T08:39:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s3/utils: Check return of talloc_strdup
followup to e82699fcca3716d9ed0450263fd83f948de8ffbe
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 972127daddc7a32d23fb84d97102557035b06f5b)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/4d7e31b98162a33702162b00cf40811dfeabe671">4d7e31b9</a></strong>
<div>
<span> by Noel Power </span> <i> at 2022-10-19T08:39:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s3/utils: check result of talloc_strdup
follow to commit 4b15d8c2a5c8547b84e7926fed9890b5676b8bc3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Oct 17 19:49:37 UTC 2022 on sn-devel-184
(cherry picked from commit 0326549a052c22e4929e3760fd5011c35e32fe33)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/6ba44033e3869196982e67a8f757f34a5e1f2788">6ba44033</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-10-19T08:39:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s4:messaging: add imessaging_init_discard_incoming()
We often create imessaging contexts just for sending messages,
but we'll never process incoming messages because a temporary event
context was used and we just queue a lot of imessaging_post_state
structures with immediate events.
With imessaging_init_discard_incoming() we'll discard any incoming messages
unless we have pending irpc requests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit a120fb1c724dfaed5a99e34aaf979502586f17c0)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/04d0d5a0366ec92a7cafcf56e0cf2c74780c0eed">04d0d5a0</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-10-19T08:39:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s3:auth_samba4: make use of imessaging_init_discard_incoming()
Otherwise we'll generate a memory leak of imessaging_post_state/
tevent_immediate structures per incoming message!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 32df5e4961cf064b72bb496157cc6092126d9b8e)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/c28d971b12bab1342d9ad0a8475deef647e5aa1b">c28d971b</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-10-19T09:45:53+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s4:messaging: let imessaging_client_init() use imessaging_init_discard_incoming()
imessaging_client_init() is for temporary stuff only, so we should drop
(unexpected) incoming messages unless we expect irpc responses.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15201
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 13 13:32:30 UTC 2022 on sn-devel-184
(cherry picked from commit 266bcedc18efc52e29efde6bad220623a5423e30)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Wed Oct 19 09:45:53 UTC 2022 on sn-devel-184
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/a90110931331ff532d9a7034e258f1c959b6c57d">a9011093</a></strong>
<div>
<span> by Jule Anger </span> <i> at 2022-10-25T11:55:25+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Merge tag 'samba-4.16.6' into v4-16-test
samba: tag release samba-4.16.6
Signed-off-by: Jule Anger <janger@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/c2095819c31ca66fa8a0936cca79ff1e7973966b">c2095819</a></strong>
<div>
<span> by Jule Anger </span> <i> at 2022-10-25T11:56:55+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>VERSION: Bump version up to Samba 4.16.7...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/c805ccba33985ca07da63b4be3affafb495e13a1">c805ccba</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-10-31T14:30:08+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>lib/tsocket: Add tests for loop on EAGAIN
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit f0fb8b9508346aed50528216fd959a9b1a941409)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/119bf609985a873346891c5ca55e69178d712eb0">119bf609</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-10-31T14:30:08+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>lib/tsocket: split out tsocket_bsd_error() from tsocket_bsd_pending()
This will be used on its own soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 9950efd83e1a4b5e711f1d36fefa8a5d5e8b2410)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/d8d5146d1679383747ad0533759f97020b78221e">d8d5146d</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-10-31T14:30:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>lib/tsocket: check for errors indicated by poll() before getsockopt(fd, SOL_SOCKET, SO_ERROR)
This also returns an error if we got TCP_FIN from the peer,
which is only reported by an explicit POLLRDHUP check.
Also on FreeBSD getsockopt(fd, SOL_SOCKET, SO_ERROR) fetches
and resets the error, so a 2nd call no longer returns an error.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 29a65da63d730ecead1e7d4a81a76dd1c8c179ea)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/aeb7dd2ca89e7a010baaf3a5da17eaa466ace06e">aeb7dd2c</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-10-31T14:30:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>lib/tsocket: remember the first error as tstream_bsd->error
If we found that the connection is broken, there's no point
in trying to use it anymore, so just return the first error we detected.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4c7e2b9b60de5d02bb3f69effe7eddbf466a6155)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/bc16a8abe3f1446a0da7e672cdba469fcc8ef96a">bc16a8ab</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-10-31T14:30:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>lib/tsocket: avoid endless cpu-spinning in tstream_bsd_fde_handler()
There were some reports that strace output an LDAP server socket is in
CLOSE_WAIT state, returning EAGAIN for writev over and over (after a call to
epoll() each time).
In the tstream_bsd code the problem happens when we have a pending
writev_send, while there's no readv_send pending. In that case
we still ask for TEVENT_FD_READ in order to notice connection errors
early, so we try to call writev even if the socket doesn't report TEVENT_FD_WRITE.
And there are situations where we do that over and over again.
It happens like this with a Linux kernel:
tcp_fin() has this:
struct tcp_sock *tp = tcp_sk(sk);
inet_csk_schedule_ack(sk);
sk->sk_shutdown |= RCV_SHUTDOWN;
sock_set_flag(sk, SOCK_DONE);
switch (sk->sk_state) {
case TCP_SYN_RECV:
case TCP_ESTABLISHED:
/* Move to CLOSE_WAIT */
tcp_set_state(sk, TCP_CLOSE_WAIT);
inet_csk_enter_pingpong_mode(sk);
break;
It means RCV_SHUTDOWN gets set as well as TCP_CLOSE_WAIT, but
sk->sk_err is not changed to indicate an error.
tcp_sendmsg_locked has this:
...
err = -EPIPE;
if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN))
goto do_error;
while (msg_data_left(msg)) {
int copy = 0;
skb = tcp_write_queue_tail(sk);
if (skb)
copy = size_goal - skb->len;
if (copy <= 0 || !tcp_skb_can_collapse_to(skb)) {
bool first_skb;
new_segment:
if (!sk_stream_memory_free(sk))
goto wait_for_space;
...
wait_for_space:
set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
if (copied)
tcp_push(sk, flags & ~MSG_MORE, mss_now,
TCP_NAGLE_PUSH, size_goal);
err = sk_stream_wait_memory(sk, &timeo);
if (err != 0)
goto do_error;
It means if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN)) doesn't
hit as we only have RCV_SHUTDOWN and sk_stream_wait_memory returns
-EAGAIN.
tcp_poll has this:
if (sk->sk_shutdown & RCV_SHUTDOWN)
mask |= EPOLLIN | EPOLLRDNORM | EPOLLRDHUP;
So we'll get EPOLLIN | EPOLLRDNORM | EPOLLRDHUP triggering
TEVENT_FD_READ and writev/sendmsg keeps getting EAGAIN.
So we need to always clear TEVENT_FD_READ if we don't
have readable handler in order to avoid burning cpu.
But we turn it on again after a timeout of 1 second
in order to monitor the error state of the connection.
And now that our tsocket_bsd_error() helper checks for POLLRDHUP,
we can check if the socket is in an error state before calling the
writable handler when TEVENT_FD_READ was reported.
Only on error we'll call the writable handler, which will pick
the error without calling writev().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e232ba946f00aac39d67197d9939bc923814479c)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/f7a84cffe9d9c61df7a7c5dd94e9caf3d18d9b3c">f7a84cff</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-10-31T14:30:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s4:ldap_server: let ldapsrv_call_writev_start use conn_idle_time to limit the time
If the client is not able to receive the results within connections idle
time, then we should treat it as dead. It's value is 15 minutes (900 s)
by default.
In order to limit that further an admin can use 'socket options'
and set TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL and/or TCP_USER_TIMEOUT
to useful values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 19 17:13:39 UTC 2022 on sn-devel-184
(cherry picked from commit eb2f3526032803f34c88ef1619a832a741f71910)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/efa48817d3c6fd3c64051bdf29648dff1702cf5d">efa48817</a></strong>
<div>
<span> by Jeremy Allison </span> <i> at 2022-10-31T14:30:09+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s4: torture: libsmbclient: Add a torture test to ensure smbc_stat() returns ENOENT on a non-existent file.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15195
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
(cherry picked from commit 9eda432836bfff3d3d4a365a08a5ecb54f0f2e34)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/618395a7eafbb6224047610659c2d343318a1d33">618395a7</a></strong>
<div>
<span> by Jeremy Allison </span> <i> at 2022-10-31T15:31:53+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s3: libsmbclient: Fix smbc_stat() to return ENOENT on a non-existent file.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15195
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
(backported from commit fd0c01da1c744ae6fd9d8675616d8b6d3531e469)
jra@samba.org: Older SMBC_getatr returns bool not NTSTATUS.
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Oct 31 15:31:53 UTC 2022 on sn-devel-184
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/eeea6587e92daf792c5ca382d7c03c40e6ccd621">eeea6587</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-11-08T13:11:15+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>third_party/heimdal: Introduce macro for common plugin structure elements
Heimdal's HDB plugin interface, and hence Samba's KDC that depends upon
it, doesn't work on 32-bit builds due to structure fields being arranged
in the wrong order. This problem presents itself in the form of
segmentation faults on 32-bit systems, but goes unnoticed on 64-bit
builds thanks to extra structure padding absorbing the errant fields.
This commit reorders the HDB plugin structure fields to prevent crashes
and introduces a common macro to ensure every plugin presents a
consistent interface.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15110
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 074e92849715ed3485703cfbba3771d405e4e78a)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/b57c2bb47256903bf2b88f6c1b66d540578ba619">b57c2bb4</a></strong>
<div>
<span> by Volker Lendecke </span> <i> at 2022-11-08T14:09:47+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>heimdal: Fix the 32-bit build on FreeBSD
REF: https://github.com/heimdal/heimdal/pull/1004
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15220
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit ab4c7bda8daccdb99adaf6ec7fddf8b5f84be09a)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Tue Nov 8 14:09:47 UTC 2022 on sn-devel-184
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/b403ae70a059f8ec053443675801efec946b8b5b">b403ae70</a></strong>
<div>
<span> by Jule Anger </span> <i> at 2022-11-15T15:41:08+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>VERSION: Bump version up to Samba 4.16.7...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
(cherry picked from commit c2095819c31ca66fa8a0936cca79ff1e7973966b)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/a8ef840d4362d3ffeab13c1d5fea417511b727c2">a8ef840d</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-11-15T15:41:08+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-42898 third_party/heimdal: PAC parse integer overflows
Catch overflows that result from adding PAC_INFO_BUFFER_SIZE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15203
Heavily edited by committer Nico Williams <nico@twosigma.com>, original by
Joseph Sutton <josephsutton@catalyst.net.nz>.
Signed-off-by: Nico Williams <nico@twosigma.com>
[jsutton@samba.org Zero-initialised header_size in krb5_pac_parse() to
avoid a maybe-uninitialized error; added a missing check for ret == 0]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/2e1f66e3d9dd6ef89ccc9926e8d1f0195e539635">2e1f66e3</a></strong>
<div>
<span> by Jule Anger </span> <i> at 2022-11-15T15:41:09+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>WHATSNEW: Add release notes for Samba 4.16.7.
Signed-off-by: Jule Anger <janger@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/fc0f1090f4ca6d240b4bcfc84890cfc26a44827f">fc0f1090</a></strong>
<div>
<span> by Jule Anger </span> <i> at 2022-11-15T15:41:09+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>VERSION: Disable GIT_SNAPSHOT for the 4.16.7 release.
Signed-off-by: Jule Anger <janger@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/722abdcf35c4850088ca2ec948dac83847071891">722abdcf</a></strong>
<div>
<span> by Jule Anger </span> <i> at 2022-11-15T15:54:55+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>Merge tag 'samba-4.16.7' into v4-16-test
samba: tag release samba-4.16.7
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/83da21f42926a54736120880f2f9da561f19d921">83da21f4</a></strong>
<div>
<span> by Jule Anger </span> <i> at 2022-11-15T15:55:35+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>VERSION: Bump version up to Samba 4.16.8...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/77cd58bcd49606cc490482e70614ba7590eebc23">77cd58bc</a></strong>
<div>
<span> by Michael Tokarev </span> <i> at 2022-11-15T19:53:11+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>New upstream version 4.16.7+dfsg</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/450dd63bdf9d8f48701828c52990d3633e738e82">450dd63b</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-11-23T12:43:15+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>lib/replace: fix memory leak in snprintf replacements
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15230
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Nov 9 11:18:02 UTC 2022 on sn-devel-184
(cherry picked from commit 76adda9d2fea9f93f4cf97536db5c0be6deeb98c)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/5ade6d20f35b6dc70f2b4449c72ddf67f924ff82">5ade6d20</a></strong>
<div>
<span> by Andreas Schneider </span> <i> at 2022-11-23T12:43:15+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s3:tests: Add substitution test for include directive
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(backported from commit ce3d27a9f5a98b4680af5fb5a595b0e7e94f8c30)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/ef39898066c3dcdb5f11ca10ae037f2e404d514d">ef398980</a></strong>
<div>
<span> by Andreas Schneider </span> <i> at 2022-11-23T12:43:15+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s3:tests: Add substitution test for listing shares
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit c213ead8c4c1b5287294a67e65f271fbb0b922b2)
(cherry picked from commit 8f1ba9193b0a11a320754cfbde2ab42b68d61ad4)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/b11ceb58fee9442f4a1f113d5375273fe4357913">b11ceb58</a></strong>
<div>
<span> by Andreas Schneider </span> <i> at 2022-11-23T12:43:15+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s3:rpc_server: Fix include directive substitution when enumerating shares
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit f03665bb7e8ea97699062630f2aa1bac4c5dfc7f)
(cherry picked from commit 2b643c17d486ecbd0b46a9f31aeb3593ad19e464)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/399522d048e5f7effec31c67588fac722a970f8d">399522d0</a></strong>
<div>
<span> by Jeremy Allison </span> <i> at 2022-11-23T12:43:15+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>nsswitch: Fix pam_set_data()/pam_get_data() to use pointers to a time_t, not try and embedd it directly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15224
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Nov 16 15:09:45 UTC 2022 on sn-devel-184
(cherry picked from commit 7cb50405515298b75dcc512633fb3877045aabc6)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/33f74aea5d5d8096dfd71089a74a123161957197">33f74aea</a></strong>
<div>
<span> by Noel Power </span> <i> at 2022-11-23T13:52:37+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>nsswitch: Fix uninitialized memory when allocating pwdlastset_prelim
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15224
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 16 19:29:21 UTC 2022 on sn-devel-184
(cherry picked from commit f6284877ce07fc5ddf4f4e2d824013b645d6e12c)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Wed Nov 23 13:52:37 UTC 2022 on sn-devel-184
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/7edddbc684c8098f15063732b9bf13b089e8fae4">7edddbc6</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-11-23T15:58:56+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-42898: HEIMDAL: lib/krb5: fix _krb5_get_int64 on systems where 'unsigned long' is just 32-bit
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15203
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Wed Nov 23 15:58:56 UTC 2022 on sn-devel-184
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/8c2f27d442f49453079f6037a54e6a02cc276573">8c2f27d4</a></strong>
<div>
<span> by Ralph Boehme </span> <i> at 2022-12-05T10:11:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>torture: add a test trying to set FILE_ATTRIBUTE_TEMPORARY on a directory
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15252
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit fdb19ce8aa189f6cfbd2d1fd7ed6fe809ba93cf3)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/885e3fc12de55e56e6170be4456101bda09d8a17">885e3fc1</a></strong>
<div>
<span> by Ralph Boehme </span> <i> at 2022-12-05T11:03:30+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>smbd: reject FILE_ATTRIBUTE_TEMPORARY on directories
Cf MS-FSA 2.1.5.14.2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15252
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Nov 28 10:14:12 UTC 2022 on sn-devel-184
(cherry picked from commit 535a08dfc4c045d7b0c0ed335f76b5d560dd7bbd)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Mon Dec 5 11:03:30 UTC 2022 on sn-devel-184
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/994464eee20aa6d2bba6f6e780d868d1a058d8bb">994464ee</a></strong>
<div>
<span> by Andreas Schneider </span> <i> at 2022-12-06T12:02:00+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>s3:utils: Fix stack smashing in net offlinejoin
Cast from 'uint32_t *' (aka 'unsigned int *') to 'size_t *' (aka
'unsigned long *') increases required alignment from 4 to 8
==10343==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffdc6784fc0 at pc 0x7f339f1ea500 bp 0x7ffdc6784ed0 sp 0x7ffdc6784ec8
WRITE of size 8 at 0x7ffdc6784fc0 thread T0
#0 0x7f339f1ea4ff in fd_load ../../lib/util/util_file.c:220
#1 0x7f339f1ea5a4 in file_load ../../lib/util/util_file.c:245
#2 0x56363209a596 in net_offlinejoin_requestodj ../../source3/utils/net_offlinejoin.c:267
#3 0x56363209a9d0 in net_offlinejoin ../../source3/utils/net_offlinejoin.c:74
#4 0x56363208f61c in net_run_function ../../source3/utils/net_util.c:453
#5 0x563631fe8a9f in main ../../source3/utils/net.c:1358
#6 0x7f339b22c5af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#7 0x7f339b22c678 in __libc_start_main_impl ../csu/libc-start.c:381
#8 0x563631faf374 in _start ../sysdeps/x86_64/start.S:115
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15257
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit ef8c8ac54cdf75ca4333223c1f3e580e31efca92)
Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Tue Dec 6 12:02:00 UTC 2022 on sn-devel-184
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/d7eccdbb0285ee2c1b07377471215692e9c7f3d0">d7eccdbb</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-12-06T14:24:11+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-44640 selftest: Exclude Heimdal fuzz-inputs from source_chars test
A new file will shorlty fail as it is binary input
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14929
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 5a02915913a2410904886e186ada90a36492571f)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/2736d267aa9cfd49bd1c9a934d4788a2b9c49809">2736d267</a></strong>
<div>
<span> by Nicolas Williams </span> <i> at 2022-12-06T15:28:49+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-44640 HEIMDAL: asn1: invalid free in ASN.1 codec
Heimdal's ASN.1 compiler generates code that allows specially
crafted DER encodings of CHOICEs to invoke the wrong free function
on the decoded structure upon decode error. This is known to impact
the Heimdal KDC, leading to an invalid free() of an address partly
or wholly under the control of the attacker, in turn leading to a
potential remote code execution (RCE) vulnerability.
This error affects the DER codec for all CHOICE types used in
Heimdal, though not all cases will be exploitable. We have not
completed a thorough analysis of all the Heimdal components
affected, thus the Kerberos client, the X.509 library, and other
parts, may be affected as well.
This bug has been in Heimdal since 2005. It was first reported by
Douglas Bagnall, though it had been found independently by the
Heimdal maintainers via fuzzing a few weeks earlier.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14929
(cherry-picked from Heimdal commit 9c9dac2b169255bad9071eea99fa90b980dde767)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Dec 6 13:41:05 UTC 2022 on sn-devel-184
(cherry picked from commit 68fc909a7f4d69c254d34bec85cf8431bcb6e72f)
Autobuild-User(v4-16-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-16-test): Tue Dec 6 15:28:49 UTC 2022 on sn-devel-184
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/a1136ed2e05a2adca83a57a0402a165de631be58">a1136ed2</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-12T15:52:22+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2021-20251: s4:auth: fix use after free in authsam_logon_success_accounting()
This fixes a use after free problem introduced by
commit 7b8e32efc336fb728e0c7e3dd6fbe2ed54122124,
which has msg = current; which means the lifetime
of the 'msg' memory is no longer in the scope of th
caller.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15253
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1414269dccfd7cb831889cc92df35920b034457c)
Autobuild-User(v4-16-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-16-test): Mon Dec 12 15:52:22 UTC 2022 on sn-devel-184
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/4d099f8f678373736a195dfe367bb688c72036b9">4d099f8f</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>selftest: make filter-subunit much more efficient for large knownfail lists
By compiling the knownfail lists ahead of time we change a 20min test
into a 90sec test.
This could be improved further by combining this into a single regular expression,
but this is enough for now. The 'reason' is thankfully not used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15258
Pair-programmed-with: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 22128c718cadd34af892df102bd52df6a6b03303)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/af08dd3e25a660c3bb4427f4dc3cd847cc083112">af08dd3e</a></strong>
<div>
<span> by Ralph Boehme </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 docs-xml: improve wording for several options: "takes precedence" -> "overrides"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8ec62694a94c346e6ba8f3144a417c9984a1c8b9)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/421398ce5ebd9c031ae2c3333d8119d39f616feb">421398ce</a></strong>
<div>
<span> by Ralph Boehme </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 docs-xml: improve wording for several options: "yields precedence" -> "is over-riden"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 830e865ba5648f6520bc552ffd71b61f754b8251)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/b0dbc395510a90f47d306eab7ff91ad95ccf6268">b0dbc395</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 libcli/auth: pass lp_ctx to netlogon_creds_cli_set_global_db()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 992f39a2c8a58301ceeb965f401e29cd64c5a209)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/1fe8857b4d90809ff5b160c73e3d2c28acd3ce65">1fe8857b</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 libcli/auth: add/use netlogon_creds_cli_warn_options()
This warns the admin about insecure options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(similar to commit 7e7adf86e59e8a673fbe87de46cef0d62221e800)
[jsutton@samba.org Replaced call to tevent_cached_getpid() with one to
getpid()]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/8a7df0920b76c1a8887200b99e032cc4cb3fc9db">8a7df092</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 s3:net: add and use net_warn_member_options() helper
This makes sure domain member related 'net' commands print warnings
about unsecure smb.conf options.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 1fdf1d55a5dd550bdb16d037b5dc995c33c1a67a)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/a2388a06cba159ef51af12e69682c6651b836783">a2388a06</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 s3:winbindd: also allow per domain "winbind sealed pipes:DOMAIN" and "require strong key:DOMAIN"
This avoids advising insecure defaults for the global options.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d60828f6391307a59abaa02b72b6a8acf66b2fef)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/08e2a933933a3044914c95be1667b3072436ceed">08e2a933</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 servers' default to yes
AES is supported by Windows >= 2008R2 and Samba >= 4.0 so there's no
reason to allow md5 servers by default.
Note the change in netlogon_creds_cli_context_global() is only cosmetic,
but avoids confusion while reading the code. Check with:
git show -U35 libcli/auth/netlogon_creds_cli.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 1c6c1129905d0c7a60018e7bf0f17a0fd198a584)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/2139565c2fe0f928ed15393d2b8216392b04f36b">2139565c</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 s4:rpc_server/netlogon: 'server schannel != yes' warning to dcesrv_interface_netlogon_bind
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e060ea5b3edbe3cba492062c9605f88fae212ee0)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/a5996700aded774bcaf61c48af900b8f8d5bb112">a5996700</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 s4:rpc_server/netlogon: add a lp_ctx variable to dcesrv_netr_creds_server_step_check()
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 7baabbe9819cd5a2714e7ea4e57a0c23062c0150)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/0c32166174b36af5a31758dafe88820ff03b9aa9">0c321661</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 s4:rpc_server/netlogon: add talloc_stackframe() to dcesrv_netr_creds_server_step_check()
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0e6a2ba83ef1be3c6a0f5514c21395121621a145)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/88018634c78b589185e877e6d7e4f10894c32a0b">88018634</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 s4:rpc_server/netlogon: re-order checking in dcesrv_netr_creds_server_step_check()
This will simplify the following changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ec62151a2fb49ecbeaa3bf924f49a956832b735e)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/82af786a36bd070f1191e6040a65a46893d10b3a">82af786a</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 s4:rpc_server/netlogon: improve CVE-2020-1472(ZeroLogon) debug messages
In order to avoid generating useless debug messages during make test,
we will use 'CVE_2020_1472:warn_about_unused_debug_level = 3'
and 'CVE_2020_1472:error_debug_level = 2' in order to avoid schannel warnings.
Review with: git show -w
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 16ee03efc194d9c1c2c746f63236b977a419918d)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/066dafb07a1ee96af75677a1b4c25f8f4a28e0dd">066dafb0</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 selftest:Samba4: avoid global 'server schannel = auto'
Instead of using the generic deprecated option use the specific
server require schannel:COMPUTERACCOUNT = no in order to allow
legacy tests for pass.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 63c96ea6c02981795e67336401143f2a8836992c)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/3f4c9c13b1fe79351537fa064f9b39f6cd6f68b1">3f4c9c13</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 s4:torture: use NETLOGON_NEG_SUPPORTS_AES by default
For generic tests we should use the best available features.
And AES will be required by default soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit cfd55a22cda113fbb2bfa373b54091dde1ea6e66)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/35ff1221013b5bce7901ebd2bd5ba0089a058de2">35ff1221</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 s4:rpc_server/netlogon: split out dcesrv_netr_ServerAuthenticate3_check_downgrade()
We'll soon make it possible to use 'reject md5 servers:CLIENTACCOUNT$ = no',
which means we'll need the downgrade detection in more places.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b6339fd1dcbe903e73efeea074ab0bd04ef83561)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/852763adc2211347f105cc181ca8abfd79490073">852763ad</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 s4:rpc_server/netlogon: require aes if weak crypto is disabled
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4c7f84798acd1e3218209d66d1a92e9f42954d51)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/bc78864cb5ff3d37c4efe59888f6150671fc0897">bc78864c</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 clients' default to yes
AES is supported by Windows Server >= 2008R2, Windows (Client) >= 7 and Samba >= 4.0,
so there's no reason to allow md5 clients by default.
However some third party domain members may need it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit c8e53394b98b128ed460a6111faf05dfbad980d1)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/c25546926f57b66c9b19c8a0fca8a40e85aa400a">c2554692</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 s4:rpc_server/netlogon: defer downgrade check until we found the account in our SAM
We'll soon make it possible to use 'reject md5 servers:CLIENTACCOUNT$ = no',
which means we'll need use the account name from our SAM.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b09f51eefc311bbb1525efd1dc7b9a837f7ec3c2)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/d2dc3622d4522cbc224fcae384475bf7430988cf">d2dc3622</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 s4:rpc_server/netlogon: add 'server reject md5 schannel:COMPUTERACCOUNT = no' and 'allow nt4 crypto:COMPUTERACCOUNT = yes'
This makes it more flexible when we change the global default to
'reject md5 servers = yes'.
'allow nt4 crypto = no' is already the default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 69b36541606d7064de9648cd54b35adfdf8f0e8f)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/3075f65e5d5e440bcb7b0721e603fe174b764827">3075f65e</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 docs-xml/smbdotconf: document "allow nt4 crypto:COMPUTERACCOUNT = no"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit bd429d025981b445bf63935063e8e302bfab3f9b)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/80d0238679fb6c0e7df96a8f628f8d4696e8190c">80d02386</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 docs-xml/smbdotconf: document "server reject md5 schannel:COMPUTERACCOUNT"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 2ad302b42254e3c2800aaf11669fe2e6d55fa8a1)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/729e905776c5a90e6d4a4855fb82300125a65fd4">729e9057</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 s4:rpc_server/netlogon: debug 'reject md5 servers' and 'allow nt4 crypto' misconfigurations
This allows the admin to notice what's wrong in order to adjust the
configuration if required.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 43df4be35950f491864ae8ada05d51b42a556381)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/3f7cd285b79a113cacec0309fce9bfb303c0f417">3f7cd285</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 selftest:Samba4: avoid global 'allow nt4 crypto = yes' and 'reject md5 clients = no'
Instead of using the generic deprecated option use the specific
allow nt4 crypto:COMPUTERACCOUNT = yes and
server reject md5 schannel:COMPUTERACCOUNT = no
in order to allow legacy tests for pass.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 7ae3735810c2db32fa50f309f8af3c76ffa29768)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/abba8c4579f41f267d9b48d2adaac2b5228edcb0">abba8c45</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 s4:rpc_server/netlogon: split out dcesrv_netr_check_schannel() function
This will allow us to reuse the function in other places.
As it will also get some additional checks soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit f43dc4f0bd60d4e127b714565147f82435aa4f07)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/9f809e2dd39e9f5dce5454fb64dd0472ebcb2e10">9f809e2d</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 s4:rpc_server/netlogon: make sure all dcesrv_netr_LogonSamLogon*() calls go through dcesrv_netr_check_schannel()
We'll soon add some additional contraints in dcesrv_netr_check_schannel(),
which are also required for dcesrv_netr_LogonSamLogonEx().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 689507457f5e6666488732f91a355a2183fb1662)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/d04da3d7008d7bcd55eff70400d5834342925013">d04da3d7</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 docs-xml/smbdotconf: add "server schannel require seal[:COMPUTERACCOUNT]" options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 7732a4b0bde1d9f98a0371f17d22648495329470)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/1d9c939ebaa711aba3f58860f2091b7b96e76690">1d9c939e</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 s4:rpc_server/netlogon: add a per connection cache to dcesrv_netr_check_schannel()
It's enough to warn the admin once per connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 3c57608e1109c1d6e8bb8fbad2ef0b5d79d00e1a)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/03730459feb0a86e6a56c29af2af6fb4e516d587">03730459</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 s4:rpc_server/netlogon: implement "server schannel require seal[:COMPUTERACCOUNT]"
By default we'll now require schannel connections with
privacy/sealing/encryption.
But we allow exceptions for specific computer/trust accounts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b3ed90a0541a271a7c6d4bee1201fa47adc3c0c1)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/587ff282a9d087e659ac507347694e0e488bfa32">587ff282</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 testparm: warn about server/client schannel != yes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit f964c0c357214637f80d0089723b9b11d1b38f7e)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/c09df344f0e37d48768ec606cbeb25b0f6250a24">c09df344</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-38023 testparm: warn about unsecure schannel related options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4d540473c3d43d048a30dd63efaeae9ff87b2aeb)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/3dec660ae2bd1067ea2314917197f44aedef9ba3">3dec660a</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 s4:kdc: Move supported enc-type handling out of samba_kdc_message2entry_keys()
By putting this in the caller we potentially allow samba_kdc_message2entry_keys()
to be reused by a non-KDC caller.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 29eb7e2488e2c55ceacb859a57836a08cbb7f8e8)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
[jsutton@samba.org Adapted to older code without support for Protected
Users or older keys; kept still-needed 'kdc_db_ctx'
samba_kdc_message2entry_keys() parameter]
Reviewed-by: Stefan Metzmacher <metze@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/0fee9c469c08538c6eb4c07cc0b127033f6c1c80">0fee9c46</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 tests/krb5: Allow passing expected etypes to get_keys()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 2f17cbf3b295663a91e4facb0dc8f09ef4a77f4a)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
[jsutton@samba.org Removed changes to protected_users_tests.py]
Reviewed-by: Stefan Metzmacher <metze@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/130c4877b3870c660635750d08849e2a2d7d5673">130c4877</a></strong>
<div>
<span> by Andreas Schneider </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 s3:param: Fix old-style function definition
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 80dc3bc2b80634ab7c6c71fa1f9b94f0216322b2)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/a89385f2ab705d9cdcd7acebd3388da0d4c399c0">a89385f2</a></strong>
<div>
<span> by Andreas Schneider </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 s3:client: Fix old-style function definition
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 81f4335dfb847c041bfd3d6110fc8f1d5741d41f)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/397a390aa86b83ef46126d3df7335a6f4c7d7845">397a390a</a></strong>
<div>
<span> by Andreas Schneider </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 s3:utils: Fix old-style function definition
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b787692b5e915031d4653bf375995320ed1aca07)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/a65fc1fa476a45de402d6127b4ce5a26e761508f">a65fc1fa</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 tests/krb5: Add test requesting a TGT expiring post-2038
This demonstrates the behaviour of Windows 11 22H2 over Kerberos,
which changed to use a year 9999 date for a forever timetime in
tickets.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15197
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 20 05:00:23 UTC 2022 on sn-devel-184
(cherry picked from commit 50cbdecf2e276e5f87b9c2d95fd3ca86d11a08e2)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/05206c09237e3437e521808c9fa828ea6a8248b4">05206c09</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 docs-xml/smbdotconf: "kerberos encryption types = legacy" should not be used
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit a4f6f51cbed53775cdfedc7eec2f28c7beb875cc)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/12e4e94853fd5b9a614dc0a6fb62acbe93f83be1">12e4e948</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 testparm: warn about 'kerberos encryption types = legacy'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit c0c25cc0217b082c12330a8c47869c8428a20d0c)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/91b74c701acd7e64a1aa1119782305d2132adc31">91b74c70</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 libcli/auth: let netlogon_creds_cli_warn_options() about "kerberos encryption types=legacy"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0248907e34945153ff2be62dc11d75c956a05932)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/2408d405d31274a97b67baf04a36d58e50341050">2408d405</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 selftest: Allow krb5 tests to run against an IP by using the target_hostname binding string
This makes it easier to test against a server that is not accessible via DNS.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit c7cd6889177e8c705bb637172a60a5cf26734a3f)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/cc2bea27a640b43c4eed5846fb1bbd3e5ad5d0ad">cc2bea27</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 tests/krb5: Split out _tgs_req() into base class
We will use it for testing our handling of encryption types.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(similar to commit 50e075d2db21e9f23d686684ea3df9454b6b560e)
[jsutton@samba.org Adapted to 4.17 version of function]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/9ed5a352ca1707ba0cb06bfa785f0e8d5049666d">9ed5a352</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 tests/krb5: Add 'etypes' parameter to _tgs_req()
This lets us select the encryption types we claim to support in the
request body.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(similar to commit e0a91dddc4a6c70d7425c2c6836dcf2dd6d9a2de)
[jsutton@samba.org Adapted to 4.17 version of function taking different
parameters]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/8d208ab0616068ed1272d81e968d8f3d33953ca6">8d208ab0</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 tests/krb5: Add a test requesting tickets with various encryption types
The KDC should leave the choice of ticket encryption type up to the
target service, and admit no influence from the client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(similar to commit 177334c04230d0ad74bfc2b6825ffbebd5afb9af)
[jsutton@samba.org Fixed conflicts in usage.py, knownfails, tests.py]
[jsutton@samba.org Fixed knownfail conflicts]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/a9c836d0442b60a3b5dbc3ddbedf6f866e633e79">a9c836d0</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 HEIMDAL: Look up the server keys to combine with clients etype list to select a session key
We need to select server, not client, to compare client etypes against.
(It is not useful to compare the client-supplied encryption types with
the client's own long-term keys.)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(similar to commit 538315a2aa6d03b7639b49eb1576efa8755fefec)
[jsutton@samba.org Fixed knownfail conflicts]
[jsutton@samba.org Fixed knownfail conflicts]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/0601bb94c62b7e64b1f943523120196727b118ed">0601bb94</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37967 Add new PAC checksum
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15231
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(similar to commit a50a2be622afaa7a280312ea12f5eb9c9a0c41da)
[jsutton@samba.org Fixed conflicts in krb5pac.idl and raw_testcase.py]
[jsutton@samba.org Fixed conflicts in kdc_base_test.py, raw_testcase.py,
knownfails, tests.py. Adapted KDC PAC changes to older function.]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/4c2dc48598dda4bf0d5a166ed3d05ab7b4a3abfb">4c2dc485</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 param: Add support for new option "kdc default domain supportedenctypes"
This matches the Windows registry key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\KDC\DefaultDomainSupportedEncTypes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit d861d4eb28bd4c091955c11669edcf867b093a6f)
[jsutton@samba.org Fixed header include conflict]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/545c20fd321f8eb5feebd11c825942755b374fdc">545c20fd</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 param: Add support for new option "kdc force enable rc4 weak session keys"
Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit ee18bc29b8ef6a3f09070507cc585467e55a1628)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/31543f2902e64ddc999670cfe4a4f0513159a547">31543f29</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 third_party/heimdal: Fix error message typo
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d6b3d68efc296190a133b4e38137bdfde39257f4)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/b8996509387b76f118577821a132542a9a7cb549">b8996509</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 samba-tool: Fix 'domain trust create' documentation
This option does the opposite of what the documentation claims.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 6b155b22e6afa52ce29cc475840c1d745b0f1f5e)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/71fcd5366a0971b982cb553d442bcb11f71f9ace">71fcd536</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 samba-tool: Declare explicitly RC4 support of trust objects
As we will assume, as part of the fixes for CVE-2022-37966, that trust
objects with no msDS-SupportedEncryptionTypes attribute support AES
keys, RC4 support must now be explicitly indicated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 086646865eef247a54897f5542495a2105563a5e)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/f29efb011f62a94d4cd6de4aca8722f743008f78">f29efb01</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 selftest: Add tests for Kerberos session key behaviour since ENC_HMAC_SHA1_96_AES256_SK was added
ENC_HMAC_SHA1_96_AES256_SK is a flag introduced for by Microsoft in this CVE
to indicate that additionally, AES session keys are available.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(similar to commit 371d7e63fcb966ab54915a3dedb888d48adbf0c0)
[jsutton@samba.org Removed unneeded fast_tests.py change, added
non_etype_bits in raw_testcase.py, fixed conflicts in knownfails and
tests.py]
[jsutton@samba.org Fixed conflicts in tests and knownfails]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/da9da918f7510a1b8120479b8ec505b6b2397e93">da9da918</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 selftest: Run S4U tests against FL2003 DC
This shows that changes around RC4 encryption types do not break older
functional levels where only RC4 keys are available.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 44802c46b18caf3c7f9f2fb1b66025fc30e22ac5)
[jsutton@samba.org Fixed import conflict]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/a836bcf22ce87cf93e7d3cbf975d1baaa8f32c3b">a836bcf2</a></strong>
<div>
<span> by Andrew Bartlett </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 kdc: Implement new Kerberos session key behaviour since ENC_HMAC_SHA1_96_AES256_SK was added
ENC_HMAC_SHA1_96_AES256_SK is a flag introduced for by Microsoft in this
CVE to indicate that additionally, AES session keys are available. We
set the etypes available for session keys depending on the encryption
types that are supported by the principal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15219
Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(similar to commit 975e43fc45531fdea14b93a3b1529b3218a177e6)
[jsutton@samba.org Fixed knownfail conflicts]
[jsutton@samba.org Adapted to older KDC code; fixed knownfail conflicts]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/c13c60ffbf7f86011594268cc48a1f9f1991f664">c13c60ff</a></strong>
<div>
<span> by Joseph Sutton </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 kdc: Assume trust objects support AES by default
As part of matching the behaviour of Windows, assume that trust objects
support AES256, but not RC4, if not specified otherwise.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15219
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 4bb50c868c8ed14372cb7d27e53cdaba265fc33d)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/001ed425ea19b42cb815be71188d49209bfddbd7">001ed425</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 wafsamba: add support for CHECK_VARIABLE(mandatory=True)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 9da028c46f70db60a80d47f5dadbec194510211f)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/8842d0197d1055d35516c293192fc9c5121b46b7">8842d019</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 system_mitkrb5: require support for aes enctypes
This will never fail as we already require a version that supports aes,
but this makes it clearer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a80f8e1b826ee3f9bbb22752464a73b97c2a612d)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/911750da81abc99ee57bcb0d6129fec85bf6b761">911750da</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 lib/krb5_wrap: remove unused ifdef HAVE_ENCTYPE_AES*
aes encryption types are always supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit c9b10ee32c7e91521d024477a28fb7a622e4eb04)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/836646d4a02028a96b9974ddf7c36c6d54f25f45">836646d4</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 s3:libads: remove unused ifdef HAVE_ENCTYPE_AES*
aes encryption types are always supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 2bd27955ce1000c13b468934eed8b0fdeb66e3bf)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/c0bbcc442b8725a9c2b6352514df80c4c0d71dae">c0bbcc44</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 s3:libnet: remove unused ifdef HAVE_ENCTYPE_AES*
aes encryption types are always supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1a36c348d7a984bed8d0f3de5bf9bebd1cb3c47a)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/0c7af9838fecf1bb900029876496a8a7517bd3a9">0c7af983</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 s3:net_ads: remove unused ifdef HAVE_ENCTYPE_AES*
aes encryption types are always supported.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit f3fe1f2ce64ed36be5b001fb4fea92428e73e4e3)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/b220162824537232ec87cf2194966d590c2165b7">b2201628</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 lib/krb5_wrap: no longer reference des encryption types
We no longer have support for des encryption types in the kerberos
libraries anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 16b805c8f376e0992a8bbb359d6bd8f0f96229db)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/3e4a521a2aaa9da223132ad97f7052460d951a9d">3e4a521a</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 s3:libads: no longer reference des encryption types
We no longer have support for des encryption types in the kerberos
libraries anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a683507e560a499336c50b88abcd853d49618bf4)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/f8839f39f0a7e344c5b46d1e952bf4c7dc5017a6">f8839f39</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:16+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 s3:libnet: no longer reference des encryption types
We no longer have support for des encryption types in the kerberos
libraries anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 40b47c194d7c41fbc6515b6029d5afafb0911232)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/1d2318ec326f3e530de1d9baf8c4ba3c80603f82">1d2318ec</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 s3:net_ads: no longer reference des encryption types
We no longer have support for des encryption types in the kerberos
libraries anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 4cedaa643bf95ef2628f1b631feda833bb2e7da1)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/052cfe5a4a1a02bcad0fce53e8e4a1002aa787fd">052cfe5a</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 s3:net_ads: let 'net ads enctypes list' pretty print AES256-SK and RESOURCE-SID-COMPRESSION-DISABLED
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit b7260c89e0df18822fa276e681406ec4d3921caa)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/679904dc0dfd187704a1fe2b9d9fb1b498773516">679904dc</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 s4:pydsdb: add ENC_HMAC_SHA1_96_AES256_SK
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 621b8c3927b63776146940b183b03b3ea77fd2d7)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/ec1a2225a0f73f81c46530203775fd5ac703858a">ec1a2225</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 s4:kdc: use the strongest possible keys
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13135
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d7ea197ed1a9903f601030e6466cc822f9b8f794)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/b40b03d0601394cc3a8e7923229aa8d53b2d815f">b40b03d0</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 drsuapi.idl: add trustedDomain related ATTID values
For now this is only for debugging in order to see
DRSUAPI_ATTID_msDS_SupportedEncryptionTypes in the replication meta
data.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15219
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit f1c5fa28c460f7e011049606b1b9ef96443e5e1f)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/f11edc1741ea584552e608947cc08956c67cbf9e">f11edc17</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 s4:libnet: initialize libnet_SetPassword() arguments explicitly to zero by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 9e69289b099b47e0352ef67ef7e6529d11688e9a)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/55476d01ffcc8115d4170e2b0b2cc8252d0227a7">55476d01</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 s4:libnet: add support LIBNET_SET_PASSWORD_SAMR_HANDLE_18 to set nthash only
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 271cd82cd681d723572fcaeed24052dc98a83612)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/dd69e432ee80317b691f92a7515917cfda894488">dd69e432</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 s4:libnet: allow python bindings to force setting an nthash via SAMR level 18
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 4ebbe7e40754eeb1c8f221dd59018c3e681ab2ab)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/3ea9946f652a04373f3a51597aae4aa24c912eb0">3ea9946f</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 python:tests/krb5: fix some tests running against Windows 2022
I'm using the following options:
SERVER=172.31.9.218 DC_SERVER=w2022-118.w2022-l7.base \
SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 \
DOMAIN=W2022-L7 REALM=W2022-L7.BASE \
ADMIN_USERNAME=Administrator ADMIN_PASSWORD=A1b2C3d4 \
CLIENT_USERNAME=Administrator CLIENT_PASSWORD=A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=2 \
FULL_SIG_SUPPORT=1 TKT_SIG_SUPPORT=1 FORCED_RC4=1
in order to run these:
python/samba/tests/krb5/as_req_tests.py -v --failfast AsReqKerberosTests
python/samba/tests/krb5/etype_tests.py -v --failfast EtypeTests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit e0f89b7bc8025db615dccf096aab4ca87e655368)
[jsutton@samba.org Fixed conflicts in parameters; brought in rep_padata
non-None assertion]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/b20acd876c892dd9b2fdf74c8d2dc1a2f95a32ab">b20acd87</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 python:tests/krb5: allow ticket/supported_etypes to be passed KdcTgsBaseTests._{as,tgs}_req()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d8fd6a22b67a2b3ae03a2e428cc4987f07af6e29)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/aeb7c646bb03d468f2cc167153dd54d79848cabb">aeb7c646</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 python:tests/krb5: ignore empty supplementalCredentials attributes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit f434a30ee7c40aac4a223fcabac9ddd160a155a5)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/f4dc5721be379b292bcc175e35c49bc6dee82b73">f4dc5721</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 python:tests/krb5: add 'force_nt4_hash' for account creation of KDCBaseTest
This will allow us to create tests accounts with only an nt4 hash
stored, without any aes keys.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 77bd3258f1db0ddf4639a83a81a1aad3ee52c87d)
[jsutton@samba.org Fixed conflicts in parameters]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/8e6d2953ba1ac44a2395cbcdd202a4f38ee16c98">8e6d2953</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 python:tests/krb5: add better PADATA_SUPPORTED_ETYPES assert message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit c7c576208960e336da276e251ad7a526e1b3ed45)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/c8afae7869a8aa53da90bf1748eb8ce2e8d763aa">c8afae78</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 python:tests/krb5: test much more etype combinations
This tests work out the difference between
- msDS-SupportedEncryptionTypes value or it's default
- software defined extra flags for DC accounts
- accounts with only an nt hash being stored
- the resulting value in the KRB5_PADATA_SUPPORTED_ETYPES announcement
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13135
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1dfa91682efd3b12d7d6af75287efb12ebd9e526)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/906dbd0a4bdc89d14c971c1bd4e6c3059eefb2c6">906dbd0a</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 s4:kdc: announce PA-SUPPORTED-ETYPES like windows.
We need to take the value from the msDS-SupportedEncryptionTypes
attribute and only take the default if there's no value or
if the value is 0.
For krbtgt and DC accounts we need to force support for
ARCFOUR-HMAC-MD5 and AES encryption types and add the related bits
in addtition. (Note for krbtgt msDS-SupportedEncryptionTypes is
completely ignored the hardcoded value is the default, so there's
no AES256-SK for krbtgt).
For UF_USE_DES_KEY_ONLY on the account we reset
the value to 0, these accounts are in fact disabled completely,
as they always result in KRB5KDC_ERR_ETYPE_NOSUPP.
Then we try to get all encryption keys marked in
supported_enctypes, and the available_enctypes
is a reduced set depending on what keys are
actually stored in the database.
We select the supported session key enctypes by the available
keys and in addition based on AES256-SK as well as the
"kdc force enable rc4 weak session keys" option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13135
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit fde745ec3491a4fd7b23e053a67093a2ccaf0905)
[jsutton@samba.org Adapted to older KDC code]
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/e7d3998bcc8dd4bae40ce5c5854d8c1a39c92809">e7d3998b</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 param: don't explicitly initialize "kdc force enable rc4 weak session keys" to false/"no"
This is not squashed in order to allow easier backports...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7504a4d6fee7805aac7657b9dab88c48353d6db4)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/be57176c3abd01635859e3d3195c3afc091610db">be57176c</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 param: let "kdc default domain supportedenctypes = 0" mean the default
In order to allow better upgrades we need the default value for smb.conf to the
same even if the effective default value of the software changes in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit fa64f8fa8d92167ed15d1109af65bbb4daab4bad)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/4477651a0de470f826cc548b78feb14305a6ba2b">4477651a</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 param: Add support for new option "kdc supported enctypes"
This allows admins to disable enctypes completely if required.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 36d0a495159f72633f1f41deec979095417a1727)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/cdc71cfd273fed0d7907f05897a77335dee374e1">cdc71cfd</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 s4:kdc: apply restrictions of "kdc supported enctypes"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit cca3c024fc514bee79bb60a686e470605cc98d6f)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/160e566d59011cfc9e5002f306314f1e9a37371b">160e566d</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T10:28:17+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 samba-tool: add 'domain trust modify' command
For now it only allows the admin to modify
the msDS-SupportedEncryptionTypes values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from commit d1999c152acdf939b4cd7eb446dd9921d3edae29)
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/d5a8e41313d6645898bca3771131da92860b715b">d5a8e413</a></strong>
<div>
<span> by Stefan Metzmacher </span> <i> at 2022-12-14T11:34:00+00:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>CVE-2022-37966 python:/tests/krb5: call sys.path.insert(0, "bin/python") before any other imports
This allows the tests to be executed without an explicit
PYTHONPATH="bin/python".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Dec 13 14:06:14 UTC 2022 on sn-devel-184
(similar to commit 987cba90573f955fe9c781830daec85ad4d5bf92)
[jsutton@samba.org Fixed conflicts; removed changes to non-existent
tests]
Autobuild-User(v4-16-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-16-test): Wed Dec 14 11:34:00 UTC 2022 on sn-devel-184
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/64d7270f282ffaa64d8f016b00f46cd4ac827020">64d7270f</a></strong>
<div>
<span> by Jule Anger </span> <i> at 2022-12-15T17:03:15+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>WHATSNEW: Add release notes for Samba 4.16.8.
Signed-off-by: Jule Anger <janger@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/6cc6e233b5ceb2a579400f020b61c67ca7bbeb78">6cc6e233</a></strong>
<div>
<span> by Jule Anger </span> <i> at 2022-12-15T17:03:50+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>VERSION: Disable GIT_SNAPSHOT for the 4.16.8 release.
Signed-off-by: Jule Anger <janger@samba.org>
</pre>
</li>
<li>
<strong style="font-weight: bold;"><a href="https://salsa.debian.org/samba-team/samba/-/commit/23882e6390a2320575b427a57ccb8d5650dbc3a0">23882e63</a></strong>
<div>
<span> by Michael Tokarev </span> <i> at 2022-12-15T20:19:10+03:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.8125rem; color: #303030; position: relative; font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; word-break: break-all; word-wrap: break-word; background-color: #fafafa; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dbdbdb;'>New upstream version 4.16.8+dfsg</pre>
</li>
</ul>
<h4 style="margin-top: 10px; margin-bottom: 10px;">
30 changed files:
</h4>
<ul>
<li class="file-stats">
<a href="#b33892fbddeffc3368077b4904ad0b3d562a7312">
VERSION
</a>
</li>
<li class="file-stats">
<a href="#3277e12b5a9f9ff632d229e2629d34ad21dd93fc">
WHATSNEW.txt
</a>
</li>
<li class="file-stats">
<a href="#717e4435bfe6c4ce86a7ac15a5461119235be37b">
buildtools/wafsamba/samba_autoconf.py
</a>
</li>
<li class="file-stats">
<a href="#75e2e126c5e57214a32b44efefe529338e57adc1">
buildtools/wafsamba/samba_third_party.py
</a>
</li>
<li class="file-stats">
<a href="#7621aa1ce515b0afdaffdf0eca777ff6f439e31a">
ctdb/doc/ctdb-etcd.7
</a>
</li>
<li class="file-stats">
<a href="#5cbe2af7f9551bd8ba760b3978da68f98bcca8d1">
ctdb/doc/ctdb-script.options.5
</a>
</li>
<li class="file-stats">
<a href="#6f372b1da785e9b62534d3ddc2b1cc994e1edea1">
ctdb/doc/ctdb-statistics.7
</a>
</li>
<li class="file-stats">
<a href="#bff45f5b0a1ff6f2cac0546191f2199bad760297">
ctdb/doc/ctdb-tunables.7
</a>
</li>
<li class="file-stats">
<a href="#cf03e1c00a6ff50094bf342fee6dbac15b3a4e0f">
ctdb/doc/ctdb.1
</a>
</li>
<li class="file-stats">
<a href="#ab0737fb37c5f24c1a655306d7f3cf9b28970fa1">
ctdb/doc/ctdb.7
</a>
</li>
<li class="file-stats">
<a href="#355570170158b89f755ad8c2655ff1b55be32cfb">
ctdb/doc/ctdb.conf.5
</a>
</li>
<li class="file-stats">
<a href="#f3298e106280fd2e988e57b01b9f5697370b66b1">
ctdb/doc/ctdb.sysconfig.5
</a>
</li>
<li class="file-stats">
<a href="#027f7ec3db27f736464febdb40a2f5784278e923">
ctdb/doc/ctdb_diagnostics.1
</a>
</li>
<li class="file-stats">
<a href="#944489b6fed794d85434d7748c57ff12c56034db">
ctdb/doc/ctdb_mutex_ceph_rados_helper.7
</a>
</li>
<li class="file-stats">
<a href="#b3f02388c7b39adb49f0f55dbc87a0b75e7f21c3">
ctdb/doc/ctdbd.1
</a>
</li>
<li class="file-stats">
<a href="#2097dbfda6f5cb780a636fd916929b31054ddd8c">
ctdb/doc/ctdbd_wrapper.1
</a>
</li>
<li class="file-stats">
<a href="#1abbc4563e217dafc807f4824b2e10419a31fcf7">
ctdb/doc/ltdbtool.1
</a>
</li>
<li class="file-stats">
<a href="#0a2e2417e72340b1b7bea2f903aa804c91c6386b">
ctdb/doc/onnode.1
</a>
</li>
<li class="file-stats">
<a href="#cfbec512f592346951273f1f00fd0300153259f8">
ctdb/doc/ping_pong.1
</a>
</li>
<li class="file-stats">
<a href="#bde6c34daa9c26fe0e1e6281f2851e80bb862875">
docs-xml/manpages/samba-tool.8.xml
</a>
</li>
<li class="file-stats">
<a href="#0150460ea02817fcbbc1ad54dce988b4fd6ce4b4">
docs-xml/smbdotconf/logon/allownt4crypto.xml
</a>
</li>
<li class="file-stats">
<a href="#9ad12c9a804ae99bed9d81c9c00b5938fa3e4760">
docs-xml/smbdotconf/logon/rejectmd5clients.xml
</a>
</li>
<li class="file-stats">
<a href="#3fb67dd16026c4986baa897a5d96967af6fe9336">
docs-xml/smbdotconf/security/allowdcerpcauthlevelconnect.xml
</a>
</li>
<li class="file-stats">
<a href="#f36d7d490983962d57e5184ea6be0a0e0ca097a1">
docs-xml/smbdotconf/security/clientschannel.xml
</a>
</li>
<li class="file-stats">
<a href="#7adc2679aa20d561fa5cc201cd9ed7b2c889d57f">
<span class="new-file">
+
docs-xml/smbdotconf/security/kdcdefaultdomainsupportedenctypes.xml
</span>
</a>
</li>
<li class="file-stats">
<a href="#3b403be4831274a919b829a9bf8b42f39c3e7f28">
<span class="new-file">
+
docs-xml/smbdotconf/security/kdcforceenablerc4weaksessionkeys.xml
</span>
</a>
</li>
<li class="file-stats">
<a href="#ca17db6ef25ea7a91c5e09d2895b4c9b39152d91">
<span class="new-file">
+
docs-xml/smbdotconf/security/kdcsupportedenctypes.xml
</span>
</a>
</li>
<li class="file-stats">
<a href="#74f8793dfe90853e91412ed72d4ea536b03a808c">
docs-xml/smbdotconf/security/kerberosencryptiontypes.xml
</a>
</li>
<li class="file-stats">
<a href="#0181580d049c7460332a6fbb5b7f0a237bb37cbd">
docs-xml/smbdotconf/security/serverschannel.xml
</a>
</li>
<li class="file-stats">
<a href="#014fd7651d67fecf7d31c5229d92bd0c85213481">
<span class="new-file">
+
docs-xml/smbdotconf/security/serverschannelrequireseal.xml
</span>
</a>
</li>
</ul>
<h5 style="margin-top: 10px; margin-bottom: 10px; font-size: 0.875rem;">
The diff was not included because it is too large.
</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
<a href="https://salsa.debian.org/samba-team/samba/-/compare/37c4e43485a006bbbdaba804aea3a1cb9cd6dea3...23882e6390a2320575b427a57ccb8d5650dbc3a0">View it on GitLab</a>.
<br>
You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://salsa.debian.org">salsa.debian.org</a>. <a href="https://salsa.debian.org/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link">Manage all notifications</a> · <a href="https://salsa.debian.org/help" target="_blank" rel="noopener noreferrer" class="help-link">Help</a>
</p>
</div>
</body>
</html>