[Pkg-samba-maint] [Git][samba-team/samba][master] 102 commits: VERSION: Bump version up to 4.9.3...
Mathieu Parent
gitlab at salsa.debian.org
Sat Dec 22 21:10:52 GMT 2018
Mathieu Parent pushed to branch master at Debian Samba Team / samba
Commits:
424d4d2b by Karolin Seeger at 2018-11-08T07:56:10Z
VERSION: Bump version up to 4.9.3...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
7a542190 by Andreas Schneider at 2018-11-12T15:04:51Z
lib:util: Fix DEBUGCLASS pointer initializiation
This fixes a segfault in pyglue:
==10142== Process terminating with default action of signal 11 (SIGSEGV)
==10142== Bad permissions for mapped region at address 0x6F00A20
==10142== at 0x6F1074B: py_set_debug_level (pyglue.c:165)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13679
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 71ef09c1afdbf967b829cb66b33c3a5cb1c18ba0)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Mon Nov 12 16:04:51 CET 2018 on sn-devel-144
- - - - -
7f8740c0 by Volker Lendecke at 2018-11-16T07:41:06Z
winbindd: Fix crash when taking profiles
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13629
Signed-off-by: Volker Lendecke <vl at samba.org>
- - - - -
b6585b6f by Ralph Boehme at 2018-11-16T07:41:06Z
s4:torture/vfs/fruit: torture writing AFP_AfpInfo stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 221133b0e9ed28274f7513d9416f13a81b7b458b)
- - - - -
4672656d by Ralph Boehme at 2018-11-16T07:41:06Z
vfs_fruit: move a comment to the right place
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4901d71c3de754a106662d01481b960ed7c2c4dd)
- - - - -
5420863d by Ralph Boehme at 2018-11-16T10:31:10Z
vfs_fruit: validation of writes on AFP_AfpInfo stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit a7c877847f855be5ee6673e541a181b818013abf)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Fri Nov 16 11:31:10 CET 2018 on sn-devel-144
- - - - -
299e6edd by Volker Lendecke at 2018-11-19T12:49:34Z
torture: Fix the 32-bit build
Unfortunately there's no off_t printf specifier as there's one for
size_t. So we have to use intmax_t.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Nov 15 19:45:24 CET 2018 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13677
(cherry picked from commit 0872f140c4a354511b25bb5ed937b9e9409ade3a)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Mon Nov 19 13:49:34 CET 2018 on sn-devel-144
- - - - -
e71252ec by Ralph Boehme at 2018-11-20T11:30:25Z
s3:selftest: split "raw.session" and "smb2.session"
The next commit is going to add a testsuite to "smb2.session".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit d0a8899ed57c2b368c3870b3899a3422251222aa)
- - - - -
052df0f6 by Ralph Boehme at 2018-11-20T11:30:26Z
s3:selftest: also run smb2.session torture testsuite against ad_member
The next commit adds a subtest to the smb2.session testsuite that
requires Kerberos (ad_dc would work), but where neither SMB2 server or
client must require signing (ad_dc, being an AD DC, requires signing).
The ad_member environment supports Kerberos with the SMB2 server not
mandating signing, that'll do.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit b86c94f0b929f2d9e521d41396c4e1611f5a4c5b)
- - - - -
4f5af7ba by Ralph Boehme at 2018-11-20T11:30:26Z
libcli/smb: add smb2cli_session_require_signed_response()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit d407201d9bd4ee5ae5609dd107e3ab9ee7afbeb0)
- - - - -
cd8ea322 by Ralph Boehme at 2018-11-20T11:30:26Z
libcli/smb: maintain require_signed_response in smbXcli_req_state
Not used for now, that comes next.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 67cfb01611869b7590ccd836dd13a80e53545714)
- - - - -
6ca7a8a2 by Ralph Boehme at 2018-11-20T11:30:26Z
libcli/smb: defer singing check a little bit
This allows adding an additional condition to the if check where the
condition state may be modified in the "if (opcode ==
SMB2_OP_SESSSETUP)" case directly above.
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 7abf3900218e3d27c075b405735b2c38ec0fc4ca)
- - - - -
6c3577a5 by Ralph Boehme at 2018-11-20T11:30:27Z
libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming()
This can be used by the upper layers to force checking a response is
signed. It will be used to implement verification of session setup
reauth responses in a torture test. That comes next.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 53fe148476a5566b7a8204d7e44b6e75ce7d45bc)
- - - - -
ff0db7ec by Ralph Boehme at 2018-11-20T11:30:27Z
s4:torture/smb2/session: invalidate credential cache
Invalidate credential cache before connecting to the server, otherwise
we will reuse the credentials from the credential cache populated by the
preceeding tests.
Also invalidate it at the end, otherwise subsequent tests might run into
problems if the credentials expire while authenticating.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 368e1860654e737aa2fa9516cdd3668fa644009a)
- - - - -
2b164eca by Ralph Boehme at 2018-11-20T11:30:27Z
s4:torture/smb2/session: require a signed session setup reauth response
All existing tests using this function require signing, so currently
this passes. A subsequent commit adds a test where neither client nor
server require signing and that's where this trap will explode.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit ffc424ee6bedc3c208acb4c0c83da836a12d6123)
- - - - -
f2c456aa by Ralph Boehme at 2018-11-20T11:30:28Z
s4:torture/smb2/session: add force_signing to test_session_expire1i
Existing callers pass true, so no change in behaviour. The next commit
adds an additional test that passes force_signing=false.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 5fdea4095ac82536192c8d91c411b22e2683a5c1)
- - - - -
77cf7167 by Ralph Boehme at 2018-11-20T11:30:28Z
s4:torture/smb2/session: session reauth response must be signed
This test checks that a session setup reauth is signed even when neither
client nor server require signing.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 181f18c4bf70754a6f3132375d06250baab2871b)
- - - - -
041e0945 by Ralph Boehme at 2018-11-20T11:30:28Z
s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd
We talloc_move() session_info to session->global->auth_session_info
which sets session_info to NULL.
This means security_session_user_level(NULL, NULL) will always return
SECURITY_ANONYMOUS so we never sign the session setup response.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Nov 13 14:22:46 CET 2018 on sn-devel-144
(cherry picked from commit bb93e691ca9b1922bf552363a1e7d70792749d67)
- - - - -
7cd5db7a by Martin Schwenke at 2018-11-20T14:50:33Z
ctdb-tests: Make the debug hung script test cope with unreadable stacks
Ideally this would just involve using "test -r". However, operating
system security features may mean that kernel stacks are not readable
even though they appear to be.
Instead, try reading that stack of a process on the test node. If
that succeeds then so should reading the stack of the "stuck" sleep
process in the test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13684
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Tim Beale <timbeale at catalyst.net.nz>
Autobuild-User(master): Tim Beale <timbeale at samba.org>
Autobuild-Date(master): Thu Nov 15 08:15:32 CET 2018 on sn-devel-144
(cherry picked from commit c1dd6382e3211792e313f7d559b943f55c9cb0e1)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Tue Nov 20 15:50:33 CET 2018 on sn-devel-144
- - - - -
a96d403f by Karolin Seeger at 2018-11-25T13:46:28Z
VERSION: Bump version up to 4.9.3...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
(cherry picked from commit 424d4d2b4084e8778d82684d29514b5b45cdfd36)
- - - - -
bf596c14 by Aaron Haslett at 2018-11-25T13:46:43Z
CVE-2018-14629 dns: CNAME loop prevention using counter
Count number of answers generated by internal DNS query routine and stop at
20 to match Microsoft's loop prevention mechanism.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
- - - - -
6e84215d by Andrew Bartlett at 2018-11-25T13:46:49Z
CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal
In Heimdal KRB5_KDC_ERR_CLIENT_NAME_MISMATCH is an enum, so we tried to double-free
mem_ctx.
This was introduced in 9a0263a7c316112caf0265237bfb2cfb3a3d370d for the
MIT KDC effort.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
4783b9d6 by Andrew Bartlett at 2018-11-25T13:46:49Z
CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
f40e1b3b by Gary Lockyer at 2018-11-25T13:46:54Z
CVE-2018-16852 dcerpc dnsserver: Verification tests
Tests to verify
Bug 13669 - (CVE-2018-16852) NULL
pointer de-reference in Samba AD DC DNS management
The presence of the ZONE_MASTER_SERVERS property or the
ZONE_SCAVENGING_SERVERS property in a zone record causes the server to
follow a null pointer and terminate.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
05f867db by Gary Lockyer at 2018-11-25T13:46:54Z
CVE-2018-16852 dcerpc dnsserver: Ensure properties are handled correctly
Fixes for
Bug 13669 - (CVE-2018-16852) NULL
pointer de-reference in Samba AD DC DNS management
The presence of the ZONE_MASTER_SERVERS property or the
ZONE_SCAVENGING_SERVERS property in a zone record causes the server to
follow a null pointer and terminate.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
c78ca8b9 by Gary Lockyer at 2018-11-25T13:46:54Z
CVE-2018-16852 dcerpc dnsserver: refactor common properties handling
dnsserver_common.c and dnsutils.c both share similar code to process
zone properties. This patch extracts the common code and moves it to
dnsserver_common.c.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
f33f52c3 by Garming Sam at 2018-11-25T13:46:58Z
CVE-2018-16851 ldap_server: Check ret before manipulating blob
In the case of hitting the talloc ~256MB limit, this causes a crash in
the server.
Note that you would actually need to load >256MB of data into the LDAP.
Although there is some generated/hidden data which would help you reach that
limit (descriptors and RMD blobs).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13674
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4aabfecd by Andrew Bartlett at 2018-11-25T13:47:02Z
CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental
This matches https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13678
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
- - - - -
862d4909 by Andrew Bartlett at 2018-11-25T13:47:06Z
CVE-2018-16857 selftest: Prepare to allow override of lockout duration in password_lockout tests
This will make it easier to avoid flapping tests.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
(cherry picked from commit a740a6131c967f9640b19a6964fd5d6f85ce853a)
Backported as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
- - - - -
31198d39 by Joe Guo at 2018-11-25T13:47:06Z
CVE-2018-16857 PEP8: fix E305: expected 2 blank lines after class or function definition, found 1
Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Partial backport of commit 115f2a71b88 (only password_lockout.py
change) as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
- - - - -
4d0fd1a4 by Andrew Bartlett at 2018-11-25T13:47:06Z
CVE-2018-16857 selftest: Split up password_lockout into tests with and without a call to sleep()
This means we can have a long observation window for many of the tests and
so make them much more reliable. Many of these cause frustrating flapping
failures in our CI systems.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Sep 3 06:14:55 CEST 2018 on sn-devel-144
(cherry picked from commit 74357bf347348d3a8b7483c58e5250e98f7e8810)
Backported as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
- - - - -
fe8e05a9 by Joe Guo at 2018-11-25T13:47:06Z
CVE-2018-16857 PEP8: fix E127: continuation line over-indented for visual indent
Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Partial backport of commit bbb9f57603d (only password_lockout_base.py
change) as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
- - - - -
9cb6b4e9 by Joe Guo at 2018-11-25T13:47:06Z
CVE-2018-16857 PEP8: fix E251: unexpected spaces around keyword / parameter equals
Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Partial backport of commit 1ccc36b4010cd63 (only password_lockout_base.py
change) as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
- - - - -
ec9cc4ed by Tim Beale at 2018-11-25T13:47:06Z
CVE-2018-16857 tests: Sanity-check password lockout works with default values
Sanity-check that when we use the default lockOutObservationWindow that
user lockout actually works.
The easiest way to do this is to reuse the _test_login_lockout()
test-case, but stop at the point where we wait for the lockout duration
to expire (because we don't want the test to wait 30 mins).
This highlights a problem currently where the default values don't work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
4f86beea by Tim Beale at 2018-11-25T13:47:06Z
CVE-2018-16857 dsdb/util: Correctly treat lockOutObservationWindow as 64-bit int
Commit 442a38c918ae1666b35 refactored some code into a new
get_lockout_observation_window() function. However, in moving the code,
an ldb_msg_find_attr_as_int64() inadvertently got converted to a
ldb_msg_find_attr_as_int().
ldb_msg_find_attr_as_int() will only work for values up to -2147483648
(about 3.5 minutes in MS timestamp form). Unfortunately, the automated
tests used a low enough timeout that they still worked, however,
password lockout would not work with the Samba default settings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
d12b02c7 by Tim Beale at 2018-11-25T13:47:06Z
CVE-2018-16857 dsdb/util: Fix lockOutObservationWindow for PSOs
Fix a remaining place where we were trying to read the
msDS-LockoutObservationWindow as an int instead of an int64.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
60b2cd50 by Tim Beale at 2018-11-25T13:47:06Z
CVE-2018-16857 dsdb/util: Add better default lockOutObservationWindow
Clearly the lockOutObservationWindow value is important, and using a
default value of zero doesn't work very well.
This patch adds a better default value (the domain default setting of 30
minutes).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
- - - - -
bec29625 by Karolin Seeger at 2018-11-25T14:23:23Z
WHATSNEW: Add release notes for Samba 4.9.3.
o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
Internal DNS server)
o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers)
o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported))
o CVE-2018-16857 (Bad password count in AD DC not always effective)
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
40c057c9 by Karolin Seeger at 2018-11-25T14:24:31Z
VERSION: Disable GIT_SNAPSHOT for the 4.9.3 release.
o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
Internal DNS server)
o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers)
o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported))
o CVE-2018-16857 (Bad password count in AD DC not always effective)
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
9e05ff6b by Karolin Seeger at 2018-11-27T10:05:18Z
Merge tag 'samba-4.9.3' into v4-9-test
samba: tag release samba-4.9.3
- - - - -
b3d376b7 by Karolin Seeger at 2018-11-27T10:05:40Z
VERSION: Bump version up to 4.9.4.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
a816ca40 by Joe Guo at 2018-12-04T12:55:09Z
PEP8: fix E231: missing whitespace after ','
Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(part of commit 12d3fbe15cb58b57c60499103101e3a845378859 from master
cherry-picked to v4-9-test)
- - - - -
517df6d3 by Garming Sam at 2018-12-04T12:55:09Z
dirsync: Allow arbitrary length cookies
The length of the cookie is proportional to the number of DCs ever in
the domain (as it stores the uptodateness vector which has stale
invocationID).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b7a0d3b110697923a31e353905d3b1bd9385ea9b)
- - - - -
f4105adc by Garming Sam at 2018-12-04T12:55:09Z
sync_passwords: Remove dirsync cookie logging for continuous operation
Under normal operation, users shouldn't see giant cookies in their logs.
We still log the initial cookie retrieved from the cache database, which
should still be helpful for identifying corrupt cookies.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ac90c9faa783fc133229e7c163471d96440ff30e)
- - - - -
f678c6f0 by Garming Sam at 2018-12-04T12:55:09Z
ldb_controls: Add some talloc error checking for controls
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ad8bb6fcd08be28c40f2522d640333e9e69b7852)
- - - - -
739ce2c7 by Ralph Boehme at 2018-12-04T12:55:09Z
s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works
This adds a simple test that verifies that after having set
smbXcli_session_set_disconnect_expired() a session gets disconnected
when it expires.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a5d1bb5c5b5a57a2d7710dc5ab962683fe5c8e68)
- - - - -
2332c99c by Ralph Boehme at 2018-12-04T12:55:09Z
libcli/smb: don't overwrite status code
The original commit c5cd22b5bbce724dcd68fe94320382b3f772cabf from bug
9175 never worked, as the preceeding signing check overwrote the status
variable.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Nov 13 17:28:45 CET 2018 on sn-devel-144
(cherry picked from commit 5a8583ed701be97c33a20b2a20f6bbb8ac2f8e99)
- - - - -
d2a6e3e1 by Isaac Boukris at 2018-12-04T12:55:09Z
CVE-2018-16853: Fix kinit test on system lacking ldbsearch
By fixing bindir variable name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
09f9bb28 by Isaac Boukris at 2018-12-04T12:55:09Z
CVE-2018-16853: The ticket in check_policy_as can actually be a TGS
This happens when we are called from S4U2Self flow, and in that case
kdcreq->client is NULL. Use the name from client entry instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a2f4d49c by Isaac Boukris at 2018-12-04T12:55:09Z
CVE-2018-16853: Add a test to verify s4u2self doesn't crash
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
a26e6160 by Andreas Schneider at 2018-12-04T12:55:09Z
CVE-2018-16853: Do not segfault if client is not set
This can be triggered with FAST but we don't support this yet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
- - - - -
b2ef0e08 by Isaac Boukris at 2018-12-04T16:27:18Z
CVE-2018-16853: fix crash in expired passowrd case
When calling encode_krb5_padata_sequence() make sure to
pass a null terminated array as required.
Fixes expired passowrd case in samba4.blackbox.kinit test.
Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Tue Dec 4 17:27:18 CET 2018 on sn-devel-144
- - - - -
6a549df2 by Martin Schwenke at 2018-12-05T12:01:52Z
ctdb-daemon: Exit with error if a database directory does not exist
Since 4.9.0, the log messages can be confusing if a required database
directory does not exist. Explicitly check for database directories,
logging a clear error and exiting if one is missing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13696
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Dec 3 06:56:41 CET 2018 on sn-devel-144
(cherry picked from commit dd7574afd1b2fb6a88defa154bc3d15e94f9ce0d)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Wed Dec 5 13:01:52 CET 2018 on sn-devel-144
- - - - -
850a5521 by Aaron Haslett at 2018-12-10T09:12:21Z
CVE-2018-14629: Tests to expose regression from dns cname loop fix
These tests expose the regression described by Stefan Metzmacher in
discussion on the bugzilla paged linked below.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 14399fd818b130a6347eec860460929c292d5996)
- - - - -
53b2e9af by Stefan Metzmacher at 2018-12-10T09:12:21Z
CVE-2018-14629 dns: fix CNAME loop prevention using counter regression
The loop prevention should only be done for CNAME records!
Otherwise we truncate the answer records for A, AAAA or
SRV queries, which is a bad idea if you have more than 20 DCs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Dec 4 08:52:29 CET 2018 on sn-devel-144
(cherry picked from commit 34f4491d79b47b2fe2457b8882f11644cf773bc4)
- - - - -
7cc1a8d9 by Ralph Boehme at 2018-12-10T09:12:21Z
selftest: test wbinfo -n and --gid-info with "NT Authority"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit c46b6b111e8adcd7cf029e5c3293cbdc471793db)
- - - - -
cf7e9d3d by Ralph Boehme at 2018-12-10T09:12:22Z
libcli/security: add dom_sid_lookup_is_predefined_domain()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 2de5f06d399109009c343b0acfef822db38502a1)
- - - - -
fd91429b by Ralph Boehme at 2018-12-10T09:12:22Z
winbindd: add some braces
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit e0f784baeaa73096534d9a1ed941028d99f84ece)
- - - - -
ac2c24cc by Ralph Boehme at 2018-12-10T09:12:22Z
winbindd: fix predefined domains routing in find_lookup_domain_from_sid()
Route predefined domains through the BUILTIN domain child, not passdb.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit b512a58bbd7361cbbcf68f6713943377338fc2a1)
- - - - -
1d0e4511 by Ralph Boehme at 2018-12-10T12:43:15Z
winbindd: Route predefined domains through the BUILTIN domain child
Without this eg "NT Authority" didn't work:
$ bin/wbinfo -n "NT Authority/Authenticated Users"
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name NT Authority/Authenticated Users
$ bin/wbinfo --group-info="NT Authority/Authenticated Users"
failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for group NT Authority/Authenticated Users
With the patch:
$ bin/wbinfo -n "NT Authority/Authenticated Users"
S-1-5-11 SID_WKN_GROUP (5)
$ bin/wbinfo --group-info="NT Authority/Authenticated Users"
NT AUTHORITY\authenticated users:x:10002:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Dec 5 11:27:22 CET 2018 on sn-devel-144
(cherry picked from commit 8b8d9fdad4a4e2c479141b3d40e9a7320a49c0dd)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Mon Dec 10 13:43:15 CET 2018 on sn-devel-144
- - - - -
f53459c9 by Justin Stephenson at 2018-12-13T12:48:21Z
s3:libads: Add net ads leave keep-account option
Add the ability to leave the domain with --keep-account argument to avoid
removal of the host machine account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13498
Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit d881f0c8a0ce2fc7cabf1966c5724e72c70d6694)
- - - - -
8eaf7922 by Ralph Boehme at 2018-12-13T12:48:21Z
vfs_error_inject: add pwrite
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 55a82f907f6410ff478e82b0cf7f1caeacaf5ddd)
- - - - -
1cf55de5 by Ralph Boehme at 2018-12-13T12:48:21Z
vfs_error_inject: add EBADF error
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 523a9b312c9f09178a5afefb48343e684e41d817)
- - - - -
6f8ea0a0 by Ralph Boehme at 2018-12-13T12:48:21Z
s4:torture: add a test-suite for VSS
This test will not be run from the main torture test runner in selftest,
as there we don't pass the required arguments 'twrp_file' and
'twrp_snapshot'.
The test needs a carefully prepared environment with provisioned
snapshot data, so the test will be started from a blackbox test
script. That comes next.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 48ddb87a32ca44c2fcc5aac0cc28c5527dc7eade)
- - - - -
0244de24 by Ralph Boehme at 2018-12-13T12:48:21Z
s3:script/tests: add a test for VSS write behaviour
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(backported from commit 12778f015988f7e8755016c72c26939998758dae)
- - - - -
0e355e38 by Ralph Boehme at 2018-12-13T12:48:22Z
vfs_shadow_copy2: add _already_converted arg to shadow_copy2_strip_snapshot_internal()
Not used for now, all existing callers pass NULL.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 87bf06ed790dad8a4f650c0cd1b6781864666cbf)
- - - - -
256d488b by Ralph Boehme at 2018-12-13T12:48:22Z
vfs_shadow_copy2: add shadow_copy2_strip_snapshot_converted
Can be used by callers to determine if a path is in fact pointing at a
file in a snapshot. Will be used in the next commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 14d6488d355e960ab02e72c414cbbc316f1db718)
- - - - -
e60c9431 by Ralph Boehme at 2018-12-13T12:48:22Z
vfs_shadow_copy2: nicely deal with attempts to open previous version for writing
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit cf95756235f718478e556ce1fbf7c032f9c9acfb)
- - - - -
1f897e6c by Günther Deschner at 2018-12-13T12:48:22Z
s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13708
Guenther
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Tue Dec 11 17:26:31 CET 2018 on sn-devel-144
(cherry picked from commit 75d15484f3b71b1a2684c4a73e53aaa467f9932b)
- - - - -
3295cc8b by Ralph Boehme at 2018-12-13T12:48:22Z
s3:selftest: add a VSS test reading a stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit cfffa2e2428b42db65a4ece00602e0cef8ceb5a3)
- - - - -
88863119 by Ralph Boehme at 2018-12-13T12:48:22Z
s3:smbd: prepare filename_convert_internal() for twrp
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit bffc540bc8459cbb1bd1a98528fb1d3b2b54d1d2)
- - - - -
f8c144fa by Ralph Boehme at 2018-12-13T12:48:22Z
s3:smbd: add twrp processing to filename_convert_internal()
Not used for now, existing callers pass NULL.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit c69bd336a17ca04dbfb4f5d04a963d25b9925118)
- - - - -
baf1e0f3 by Ralph Boehme at 2018-12-13T12:48:23Z
s3:smbd: add twrp args to filename_convert()
All existing callers pass NULL, no change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 14b6e6842b76d7c3e53249ba026a3ff51615ebd7)
- - - - -
fa2a9c3b by Ralph Boehme at 2018-12-13T12:48:23Z
s3:smbd: pass down twrp from SMB2_CREATE to filename_convert()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 9c462e1b324ebad60c51bd6e8e659b39a31ec02e)
- - - - -
d18c5775 by Ralph Boehme at 2018-12-13T15:47:40Z
vfs_shadow_copy2: in fstat also convert fsp->fsp_name and fsp->base_fsp->fsp_name
Stacked VFS modules might use the file name, not the file
handle. Looking at you, vfs_fruit...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit aa1fac696956f96e89e54ddd4535a6e2844161b0)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Thu Dec 13 16:47:40 CET 2018 on sn-devel-144
- - - - -
9da8cd02 by Karolin Seeger at 2018-12-20T08:23:09Z
WHATSNEW: Add release notes for Samba 4.9.4.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
- - - - -
f1a0c835 by Karolin Seeger at 2018-12-20T08:23:46Z
VERSION: Disable GIT_SNAPSHOT for the 4.9.4 release.
- - - - -
844dc32d by Mathieu Parent at 2018-12-22T08:48:57Z
New upstream version 4.9.4+dfsg
- - - - -
d7ccf243 by Mathieu Parent at 2018-12-22T09:06:18Z
Revert "Add patches for previous fixes"
This reverts commit cda661fd990e4fd71464bd9e1fd6b98d3c3bf640.
- - - - -
bed833b4 by Mathieu Parent at 2018-12-22T09:06:24Z
Revert "CVE-2018-16857 dsdb/util: Add better default lockOutObservationWindow"
This reverts commit 5e0dd8bd24fd8a854147fde4403609736f835b71.
- - - - -
798893ee by Mathieu Parent at 2018-12-22T09:06:26Z
Revert "CVE-2018-16857 dsdb/util: Fix lockOutObservationWindow for PSOs"
This reverts commit e0213feb9e7b13afb44eb74fbbdba063096573e9.
- - - - -
b80f15d8 by Mathieu Parent at 2018-12-22T09:06:28Z
Revert "CVE-2018-16857 dsdb/util: Correctly treat lockOutObservationWindow as 64-bit int"
This reverts commit 4f9ba70626a899d3aeea57c1f1b78d9a3a7c6a77.
- - - - -
f43a2085 by Mathieu Parent at 2018-12-22T09:06:30Z
Revert "CVE-2018-16857 tests: Sanity-check password lockout works with default values"
This reverts commit bed247a3ed8c861a7ea3587347fef93fda72ce1c.
- - - - -
e5282649 by Mathieu Parent at 2018-12-22T09:06:31Z
Revert "CVE-2018-16857 PEP8: fix E251: unexpected spaces around keyword / parameter equals"
This reverts commit 6563b5bfe9b113ce059a5d5a4f40a413d286152a.
- - - - -
f6f2432f by Mathieu Parent at 2018-12-22T09:06:33Z
Revert "CVE-2018-16857 PEP8: fix E127: continuation line over-indented for visual indent"
This reverts commit 0587bc1755c234deaf096328fdb1a061c0e16480.
- - - - -
b5d28491 by Mathieu Parent at 2018-12-22T09:06:34Z
Revert "CVE-2018-16857 selftest: Split up password_lockout into tests with and without a call to sleep()"
This reverts commit 3efbb4f58f2a0e7f8517bc0fb9074cd3fa1ce2eb.
- - - - -
7069d0eb by Mathieu Parent at 2018-12-22T09:06:36Z
Revert "CVE-2018-16857 PEP8: fix E305: expected 2 blank lines after class or function definition, found 1"
This reverts commit acd70a3976b355f540e97394ab279a46e8c1495d.
- - - - -
0092508e by Mathieu Parent at 2018-12-22T09:06:37Z
Revert "CVE-2018-16857 selftest: Prepare to allow override of lockout duration in password_lockout tests"
This reverts commit db44a7108d94678e2989707209a81698ee70c937.
- - - - -
501a3868 by Mathieu Parent at 2018-12-22T09:06:38Z
Revert "CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental"
This reverts commit 7a437f807d53e486ec3b2f71d64d2ba1e2ae9f66.
- - - - -
599959ab by Mathieu Parent at 2018-12-22T09:06:40Z
Revert "CVE-2018-16852 dcerpc dnsserver: refactor common properties handling"
This reverts commit a5e6809c087053c3b6209fb05f001433becdc828.
- - - - -
0aebef3e by Mathieu Parent at 2018-12-22T09:06:41Z
Revert "CVE-2018-16852 dcerpc dnsserver: Ensure properties are handled correctly"
This reverts commit ab1b3698386cb4790feee4af5e1985cf25a4b3c8.
- - - - -
cb3b952f by Mathieu Parent at 2018-12-22T09:06:43Z
Revert "CVE-2018-16852 dcerpc dnsserver: Verification tests"
This reverts commit d6486b6e5d32f9dc766da4a957aba3d726298bea.
- - - - -
afbb0923 by Mathieu Parent at 2018-12-22T09:06:44Z
Revert "CVE-2018-16851 ldap_server: Check ret before manipulating blob"
This reverts commit f57de09ca90e47ea341ca5ec495cf01c1a2d13d3.
- - - - -
8d80596b by Mathieu Parent at 2018-12-22T09:06:45Z
Revert "CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ"
This reverts commit eb771f0b98a37aa9e522b7ea02a052c22a59ef2a.
- - - - -
3c9b15fe by Mathieu Parent at 2018-12-22T09:06:46Z
Revert "CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal"
This reverts commit cd9b957178a7aec0a859e95e4e240c4880903c2d.
- - - - -
065a10c4 by Mathieu Parent at 2018-12-22T09:06:48Z
Revert "CVE-2018-14629 dns: CNAME loop prevention using counter"
This reverts commit bbe5d2a732643c54c041d5a91105a8cf465e55da.
- - - - -
387327d8 by Mathieu Parent at 2018-12-22T09:07:34Z
Merge tag 'upstream/4.9.4+dfsg'
Upstream version 4.9.4+dfsg
- - - - -
e48511a2 by Mathieu Parent at 2018-12-22T09:10:55Z
Changelog for previous commits
- - - - -
cbdbf5e6 by Stefan Metzmacher at 2018-12-22T09:25:41Z
s3:auth: ignore create_builtin_guests() failing without a valid idmap configuration
This happens on standalone servers, where winbindd is automatically
started by init scripts if it's installed. But it's not really
used and may not have a valid idmap configuration (
"idmap config * : range" has no default!)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13697
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 865538fabaea33741f5fa542dbc3f2e08308c2c1)
- - - - -
11c53c78 by Mathieu Parent at 2018-12-22T09:26:49Z
ignore create_builtin_guests() failing without a valid idmap configuration (Closes: #909465, #899269)
- - - - -
329610cf by Mathieu Parent at 2018-12-22T17:31:55Z
Remove unused lintian overrides (library-not-linked-against-libc)
- - - - -
95feae2a by Mathieu Parent at 2018-12-22T17:32:05Z
Release 4.9.4+dfsg-1
- - - - -
30 changed files:
- VERSION
- WHATSNEW.txt
- ctdb/doc/ctdb-etcd.7
- ctdb/doc/ctdb-script.options.5
- ctdb/doc/ctdb-statistics.7
- ctdb/doc/ctdb-tunables.7
- ctdb/doc/ctdb.1
- ctdb/doc/ctdb.7
- ctdb/doc/ctdb.conf.5
- ctdb/doc/ctdb.sysconfig.5
- ctdb/doc/ctdb_diagnostics.1
- ctdb/doc/ctdb_mutex_ceph_rados_helper.7
- ctdb/doc/ctdbd.1
- ctdb/doc/ctdbd_wrapper.1
- ctdb/doc/ltdbtool.1
- ctdb/doc/onnode.1
- ctdb/doc/ping_pong.1
- ctdb/server/ctdbd.c
- ctdb/tests/simple/90_debug_hung_script.sh
- debian/changelog
- − debian/patches/CVE-2018-14629-v4-9.patch
- − debian/patches/CVE-2018-16841-master.patch
- − debian/patches/CVE-2018-16851-master.patch
- − debian/patches/CVE-2018-16852-v4-9-v2.patch
- − debian/patches/CVE-2018-16857-v4-9.patch
- − debian/patches/mit-kdc-experimental-v4-7.patch
- + debian/patches/s3-auth-ignore-create_builtin_guests-failing-without.patch
- debian/patches/series
- − debian/samba-dsdb-modules.lintian-overrides
- debian/samba.lintian-overrides
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/samba-team/samba/compare/88baa2674c02b6c4c1df6e13e97569017a02d483...95feae2a075c2456e230d4603819cd666e3f3d8b
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/compare/88baa2674c02b6c4c1df6e13e97569017a02d483...95feae2a075c2456e230d4603819cd666e3f3d8b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20181222/cf19ff0b/attachment-0001.html>
More information about the Pkg-samba-maint
mailing list