[Pkg-samba-maint] [Git][samba-team/samba][upstream_4.9] 78 commits: VERSION: Bump version up to 4.9.3...

Mathieu Parent gitlab at salsa.debian.org
Sat Dec 22 21:10:55 GMT 2018


Mathieu Parent pushed to branch upstream_4.9 at Debian Samba Team / samba


Commits:
424d4d2b by Karolin Seeger at 2018-11-08T07:56:10Z
VERSION: Bump version up to 4.9.3...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
7a542190 by Andreas Schneider at 2018-11-12T15:04:51Z
lib:util: Fix DEBUGCLASS pointer initializiation

This fixes a segfault in pyglue:

==10142== Process terminating with default action of signal 11 (SIGSEGV)
==10142==  Bad permissions for mapped region at address 0x6F00A20
==10142==    at 0x6F1074B: py_set_debug_level (pyglue.c:165)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13679

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 71ef09c1afdbf967b829cb66b33c3a5cb1c18ba0)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Mon Nov 12 16:04:51 CET 2018 on sn-devel-144

- - - - -
7f8740c0 by Volker Lendecke at 2018-11-16T07:41:06Z
winbindd: Fix crash when taking profiles

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13629
Signed-off-by: Volker Lendecke <vl at samba.org>

- - - - -
b6585b6f by Ralph Boehme at 2018-11-16T07:41:06Z
s4:torture/vfs/fruit: torture writing AFP_AfpInfo stream

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 221133b0e9ed28274f7513d9416f13a81b7b458b)

- - - - -
4672656d by Ralph Boehme at 2018-11-16T07:41:06Z
vfs_fruit: move a comment to the right place

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4901d71c3de754a106662d01481b960ed7c2c4dd)

- - - - -
5420863d by Ralph Boehme at 2018-11-16T10:31:10Z
vfs_fruit: validation of writes on AFP_AfpInfo stream

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit a7c877847f855be5ee6673e541a181b818013abf)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Fri Nov 16 11:31:10 CET 2018 on sn-devel-144

- - - - -
299e6edd by Volker Lendecke at 2018-11-19T12:49:34Z
torture: Fix the 32-bit build

Unfortunately there's no off_t printf specifier as there's one for
size_t. So we have to use intmax_t.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Nov 15 19:45:24 CET 2018 on sn-devel-144

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13677

(cherry picked from commit 0872f140c4a354511b25bb5ed937b9e9409ade3a)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Mon Nov 19 13:49:34 CET 2018 on sn-devel-144

- - - - -
e71252ec by Ralph Boehme at 2018-11-20T11:30:25Z
s3:selftest: split "raw.session" and "smb2.session"

The next commit is going to add a testsuite to "smb2.session".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit d0a8899ed57c2b368c3870b3899a3422251222aa)

- - - - -
052df0f6 by Ralph Boehme at 2018-11-20T11:30:26Z
s3:selftest: also run smb2.session torture testsuite against ad_member

The next commit adds a subtest to the smb2.session testsuite that
requires Kerberos (ad_dc would work), but where neither SMB2 server or
client must require signing (ad_dc, being an AD DC, requires signing).

The ad_member environment supports Kerberos with the SMB2 server not
mandating signing, that'll do.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit b86c94f0b929f2d9e521d41396c4e1611f5a4c5b)

- - - - -
4f5af7ba by Ralph Boehme at 2018-11-20T11:30:26Z
libcli/smb: add smb2cli_session_require_signed_response()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit d407201d9bd4ee5ae5609dd107e3ab9ee7afbeb0)

- - - - -
cd8ea322 by Ralph Boehme at 2018-11-20T11:30:26Z
libcli/smb: maintain require_signed_response in smbXcli_req_state

Not used for now, that comes next.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 67cfb01611869b7590ccd836dd13a80e53545714)

- - - - -
6ca7a8a2 by Ralph Boehme at 2018-11-20T11:30:26Z
libcli/smb: defer singing check a little bit

This allows adding an additional condition to the if check where the
condition state may be modified in the "if (opcode ==
SMB2_OP_SESSSETUP)" case directly above.

No change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 7abf3900218e3d27c075b405735b2c38ec0fc4ca)

- - - - -
6c3577a5 by Ralph Boehme at 2018-11-20T11:30:27Z
libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming()

This can be used by the upper layers to force checking a response is
signed. It will be used to implement verification of session setup
reauth responses in a torture test. That comes next.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 53fe148476a5566b7a8204d7e44b6e75ce7d45bc)

- - - - -
ff0db7ec by Ralph Boehme at 2018-11-20T11:30:27Z
s4:torture/smb2/session: invalidate credential cache

Invalidate credential cache before connecting to the server, otherwise
we will reuse the credentials from the credential cache populated by the
preceeding tests.

Also invalidate it at the end, otherwise subsequent tests might run into
problems if the credentials expire while authenticating.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 368e1860654e737aa2fa9516cdd3668fa644009a)

- - - - -
2b164eca by Ralph Boehme at 2018-11-20T11:30:27Z
s4:torture/smb2/session: require a signed session setup reauth response

All existing tests using this function require signing, so currently
this passes. A subsequent commit adds a test where neither client nor
server require signing and that's where this trap will explode.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit ffc424ee6bedc3c208acb4c0c83da836a12d6123)

- - - - -
f2c456aa by Ralph Boehme at 2018-11-20T11:30:28Z
s4:torture/smb2/session: add force_signing to test_session_expire1i

Existing callers pass true, so no change in behaviour. The next commit
adds an additional test that passes force_signing=false.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 5fdea4095ac82536192c8d91c411b22e2683a5c1)

- - - - -
77cf7167 by Ralph Boehme at 2018-11-20T11:30:28Z
s4:torture/smb2/session: session reauth response must be signed

This test checks that a session setup reauth is signed even when neither
client nor server require signing.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 181f18c4bf70754a6f3132375d06250baab2871b)

- - - - -
041e0945 by Ralph Boehme at 2018-11-20T11:30:28Z
s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd

We talloc_move() session_info to session->global->auth_session_info
which sets session_info to NULL.

This means security_session_user_level(NULL, NULL) will always return
SECURITY_ANONYMOUS so we never sign the session setup response.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Nov 13 14:22:46 CET 2018 on sn-devel-144

(cherry picked from commit bb93e691ca9b1922bf552363a1e7d70792749d67)

- - - - -
7cd5db7a by Martin Schwenke at 2018-11-20T14:50:33Z
ctdb-tests: Make the debug hung script test cope with unreadable stacks

Ideally this would just involve using "test -r".  However, operating
system security features may mean that kernel stacks are not readable
even though they appear to be.

Instead, try reading that stack of a process on the test node.  If
that succeeds then so should reading the stack of the "stuck" sleep
process in the test.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13684

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Tim Beale <timbeale at catalyst.net.nz>

Autobuild-User(master): Tim Beale <timbeale at samba.org>
Autobuild-Date(master): Thu Nov 15 08:15:32 CET 2018 on sn-devel-144

(cherry picked from commit c1dd6382e3211792e313f7d559b943f55c9cb0e1)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Tue Nov 20 15:50:33 CET 2018 on sn-devel-144

- - - - -
a96d403f by Karolin Seeger at 2018-11-25T13:46:28Z
VERSION: Bump version up to 4.9.3...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger at samba.org>
(cherry picked from commit 424d4d2b4084e8778d82684d29514b5b45cdfd36)

- - - - -
bf596c14 by Aaron Haslett at 2018-11-25T13:46:43Z
CVE-2018-14629 dns: CNAME loop prevention using counter

Count number of answers generated by internal DNS query routine and stop at
20 to match Microsoft's loop prevention mechanism.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
6e84215d by Andrew Bartlett at 2018-11-25T13:46:49Z
CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal

In Heimdal KRB5_KDC_ERR_CLIENT_NAME_MISMATCH is an enum, so we tried to double-free
mem_ctx.

This was introduced in 9a0263a7c316112caf0265237bfb2cfb3a3d370d for the
MIT KDC effort.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
4783b9d6 by Andrew Bartlett at 2018-11-25T13:46:49Z
CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
f40e1b3b by Gary Lockyer at 2018-11-25T13:46:54Z
CVE-2018-16852 dcerpc dnsserver: Verification tests

Tests to verify
Bug 13669 - (CVE-2018-16852) NULL
            pointer de-reference in Samba AD DC DNS management

The presence of the ZONE_MASTER_SERVERS property or the
ZONE_SCAVENGING_SERVERS property in a zone record causes the server to
follow a null pointer and terminate.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669

Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
05f867db by Gary Lockyer at 2018-11-25T13:46:54Z
CVE-2018-16852 dcerpc dnsserver: Ensure properties are handled correctly

Fixes for
Bug 13669 - (CVE-2018-16852) NULL
            pointer de-reference in Samba AD DC DNS management

The presence of the ZONE_MASTER_SERVERS property or the
ZONE_SCAVENGING_SERVERS property in a zone record causes the server to
follow a null pointer and terminate.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c78ca8b9 by Gary Lockyer at 2018-11-25T13:46:54Z
CVE-2018-16852 dcerpc dnsserver: refactor common properties handling

dnsserver_common.c and dnsutils.c both share similar code to process
zone properties.  This patch extracts the common code and moves it to
dnsserver_common.c.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
f33f52c3 by Garming Sam at 2018-11-25T13:46:58Z
CVE-2018-16851 ldap_server: Check ret before manipulating blob

In the case of hitting the talloc ~256MB limit, this causes a crash in
the server.

Note that you would actually need to load >256MB of data into the LDAP.
Although there is some generated/hidden data which would help you reach that
limit (descriptors and RMD blobs).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13674

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
4aabfecd by Andrew Bartlett at 2018-11-25T13:47:02Z
CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental

This matches https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13678

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
862d4909 by Andrew Bartlett at 2018-11-25T13:47:06Z
CVE-2018-16857 selftest: Prepare to allow override of lockout duration in password_lockout tests

This will make it easier to avoid flapping tests.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
(cherry picked from commit a740a6131c967f9640b19a6964fd5d6f85ce853a)

Backported as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

- - - - -
31198d39 by Joe Guo at 2018-11-25T13:47:06Z
CVE-2018-16857 PEP8: fix E305: expected 2 blank lines after class or function definition, found 1

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

Partial backport of commit 115f2a71b88 (only password_lockout.py
change) as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

- - - - -
4d0fd1a4 by Andrew Bartlett at 2018-11-25T13:47:06Z
CVE-2018-16857 selftest: Split up password_lockout into tests with and without a call to sleep()

This means we can have a long observation window for many of the tests and
so make them much more reliable.  Many of these cause frustrating flapping
failures in our CI systems.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Sep  3 06:14:55 CEST 2018 on sn-devel-144

(cherry picked from commit 74357bf347348d3a8b7483c58e5250e98f7e8810)
Backported as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

- - - - -
fe8e05a9 by Joe Guo at 2018-11-25T13:47:06Z
CVE-2018-16857 PEP8: fix E127: continuation line over-indented for visual indent

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

Partial backport of commit bbb9f57603d (only password_lockout_base.py
change) as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

- - - - -
9cb6b4e9 by Joe Guo at 2018-11-25T13:47:06Z
CVE-2018-16857 PEP8: fix E251: unexpected spaces around keyword / parameter equals

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

Partial backport of commit 1ccc36b4010cd63 (only password_lockout_base.py
change) as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

- - - - -
ec9cc4ed by Tim Beale at 2018-11-25T13:47:06Z
CVE-2018-16857 tests: Sanity-check password lockout works with default values

Sanity-check that when we use the default lockOutObservationWindow that
user lockout actually works.

The easiest way to do this is to reuse the _test_login_lockout()
test-case, but stop at the point where we wait for the lockout duration
to expire (because we don't want the test to wait 30 mins).

This highlights a problem currently where the default values don't work.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
4f86beea by Tim Beale at 2018-11-25T13:47:06Z
CVE-2018-16857 dsdb/util: Correctly treat lockOutObservationWindow as 64-bit int

Commit 442a38c918ae1666b35 refactored some code into a new
get_lockout_observation_window() function. However, in moving the code,
an ldb_msg_find_attr_as_int64() inadvertently got converted to a
ldb_msg_find_attr_as_int().

ldb_msg_find_attr_as_int() will only work for values up to -2147483648
(about 3.5 minutes in MS timestamp form). Unfortunately, the automated
tests used a low enough timeout that they still worked, however,
password lockout would not work with the Samba default settings.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
d12b02c7 by Tim Beale at 2018-11-25T13:47:06Z
CVE-2018-16857 dsdb/util: Fix lockOutObservationWindow for PSOs

Fix a remaining place where we were trying to read the
msDS-LockoutObservationWindow as an int instead of an int64.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
60b2cd50 by Tim Beale at 2018-11-25T13:47:06Z
CVE-2018-16857 dsdb/util: Add better default lockOutObservationWindow

Clearly the lockOutObservationWindow value is important, and using a
default value of zero doesn't work very well.

This patch adds a better default value (the domain default setting of 30
minutes).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
bec29625 by Karolin Seeger at 2018-11-25T14:23:23Z
WHATSNEW: Add release notes for Samba 4.9.3.

o  CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
                   Internal DNS server)
o  CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o  CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o  CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers)
o  CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
                   configuration (unsupported))
o  CVE-2018-16857 (Bad password count in AD DC not always effective)

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
40c057c9 by Karolin Seeger at 2018-11-25T14:24:31Z
VERSION: Disable GIT_SNAPSHOT for the 4.9.3 release.

o  CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
                   Internal DNS server)
o  CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o  CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o  CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers)
o  CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
                   configuration (unsupported))
o  CVE-2018-16857 (Bad password count in AD DC not always effective)

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
9e05ff6b by Karolin Seeger at 2018-11-27T10:05:18Z
Merge tag 'samba-4.9.3' into v4-9-test

samba: tag release samba-4.9.3

- - - - -
b3d376b7 by Karolin Seeger at 2018-11-27T10:05:40Z
VERSION: Bump version up to 4.9.4.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
a816ca40 by Joe Guo at 2018-12-04T12:55:09Z
PEP8: fix E231: missing whitespace after ','

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

(part of commit 12d3fbe15cb58b57c60499103101e3a845378859 from master
cherry-picked to v4-9-test)

- - - - -
517df6d3 by Garming Sam at 2018-12-04T12:55:09Z
dirsync: Allow arbitrary length cookies

The length of the cookie is proportional to the number of DCs ever in
the domain (as it stores the uptodateness vector which has stale
invocationID).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b7a0d3b110697923a31e353905d3b1bd9385ea9b)

- - - - -
f4105adc by Garming Sam at 2018-12-04T12:55:09Z
sync_passwords: Remove dirsync cookie logging for continuous operation

Under normal operation, users shouldn't see giant cookies in their logs.
We still log the initial cookie retrieved from the cache database, which
should still be helpful for identifying corrupt cookies.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ac90c9faa783fc133229e7c163471d96440ff30e)

- - - - -
f678c6f0 by Garming Sam at 2018-12-04T12:55:09Z
ldb_controls: Add some talloc error checking for controls

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ad8bb6fcd08be28c40f2522d640333e9e69b7852)

- - - - -
739ce2c7 by Ralph Boehme at 2018-12-04T12:55:09Z
s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works

This adds a simple test that verifies that after having set
smbXcli_session_set_disconnect_expired() a session gets disconnected
when it expires.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a5d1bb5c5b5a57a2d7710dc5ab962683fe5c8e68)

- - - - -
2332c99c by Ralph Boehme at 2018-12-04T12:55:09Z
libcli/smb: don't overwrite status code

The original commit c5cd22b5bbce724dcd68fe94320382b3f772cabf from bug
9175 never worked, as the preceeding signing check overwrote the status
variable.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Nov 13 17:28:45 CET 2018 on sn-devel-144

(cherry picked from commit 5a8583ed701be97c33a20b2a20f6bbb8ac2f8e99)

- - - - -
d2a6e3e1 by Isaac Boukris at 2018-12-04T12:55:09Z
CVE-2018-16853: Fix kinit test on system lacking ldbsearch

By fixing bindir variable name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571

Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

- - - - -
09f9bb28 by Isaac Boukris at 2018-12-04T12:55:09Z
CVE-2018-16853: The ticket in check_policy_as can actually be a TGS

This happens when we are called from S4U2Self flow, and in that case
kdcreq->client is NULL.  Use the name from client entry instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571

Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

- - - - -
a2f4d49c by Isaac Boukris at 2018-12-04T12:55:09Z
CVE-2018-16853: Add a test to verify s4u2self doesn't crash

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571

Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

- - - - -
a26e6160 by Andreas Schneider at 2018-12-04T12:55:09Z
CVE-2018-16853: Do not segfault if client is not set

This can be triggered with FAST but we don't support this yet.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

- - - - -
b2ef0e08 by Isaac Boukris at 2018-12-04T16:27:18Z
CVE-2018-16853: fix crash in expired passowrd case

When calling encode_krb5_padata_sequence() make sure to
pass a null terminated array as required.

Fixes expired passowrd case in samba4.blackbox.kinit test.

Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Tue Dec  4 17:27:18 CET 2018 on sn-devel-144

- - - - -
6a549df2 by Martin Schwenke at 2018-12-05T12:01:52Z
ctdb-daemon: Exit with error if a database directory does not exist

Since 4.9.0, the log messages can be confusing if a required database
directory does not exist.  Explicitly check for database directories,
logging a clear error and exiting if one is missing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13696

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Dec  3 06:56:41 CET 2018 on sn-devel-144

(cherry picked from commit dd7574afd1b2fb6a88defa154bc3d15e94f9ce0d)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Wed Dec  5 13:01:52 CET 2018 on sn-devel-144

- - - - -
850a5521 by Aaron Haslett at 2018-12-10T09:12:21Z
CVE-2018-14629: Tests to expose regression from dns cname loop fix

These tests expose the regression described by Stefan Metzmacher in
discussion on the bugzilla paged linked below.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 14399fd818b130a6347eec860460929c292d5996)

- - - - -
53b2e9af by Stefan Metzmacher at 2018-12-10T09:12:21Z
CVE-2018-14629 dns: fix CNAME loop prevention using counter regression

The loop prevention should only be done for CNAME records!

Otherwise we truncate the answer records for A, AAAA or
SRV queries, which is a bad idea if you have more than 20 DCs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Dec  4 08:52:29 CET 2018 on sn-devel-144

(cherry picked from commit 34f4491d79b47b2fe2457b8882f11644cf773bc4)

- - - - -
7cc1a8d9 by Ralph Boehme at 2018-12-10T09:12:21Z
selftest: test wbinfo -n and --gid-info with "NT Authority"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit c46b6b111e8adcd7cf029e5c3293cbdc471793db)

- - - - -
cf7e9d3d by Ralph Boehme at 2018-12-10T09:12:22Z
libcli/security: add dom_sid_lookup_is_predefined_domain()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164

Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 2de5f06d399109009c343b0acfef822db38502a1)

- - - - -
fd91429b by Ralph Boehme at 2018-12-10T09:12:22Z
winbindd: add some braces

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit e0f784baeaa73096534d9a1ed941028d99f84ece)

- - - - -
ac2c24cc by Ralph Boehme at 2018-12-10T09:12:22Z
winbindd: fix predefined domains routing in find_lookup_domain_from_sid()

Route predefined domains through the BUILTIN domain child, not passdb.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164

Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit b512a58bbd7361cbbcf68f6713943377338fc2a1)

- - - - -
1d0e4511 by Ralph Boehme at 2018-12-10T12:43:15Z
winbindd: Route predefined domains through the BUILTIN domain child

Without this eg "NT Authority" didn't work:

  $ bin/wbinfo -n "NT Authority/Authenticated Users"
  failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
  Could not lookup name NT Authority/Authenticated Users

  $ bin/wbinfo --group-info="NT Authority/Authenticated Users"
  failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
  Could not get info for group NT Authority/Authenticated Users

With the patch:

  $ bin/wbinfo -n "NT Authority/Authenticated Users"
  S-1-5-11 SID_WKN_GROUP (5)

  $ bin/wbinfo --group-info="NT Authority/Authenticated Users"
  NT AUTHORITY\authenticated users:x:10002:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Dec  5 11:27:22 CET 2018 on sn-devel-144

(cherry picked from commit 8b8d9fdad4a4e2c479141b3d40e9a7320a49c0dd)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Mon Dec 10 13:43:15 CET 2018 on sn-devel-144

- - - - -
f53459c9 by Justin Stephenson at 2018-12-13T12:48:21Z
s3:libads: Add net ads leave keep-account option

Add the ability to leave the domain with --keep-account argument to avoid
removal of the host machine account.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13498

Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit d881f0c8a0ce2fc7cabf1966c5724e72c70d6694)

- - - - -
8eaf7922 by Ralph Boehme at 2018-12-13T12:48:21Z
vfs_error_inject: add pwrite

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 55a82f907f6410ff478e82b0cf7f1caeacaf5ddd)

- - - - -
1cf55de5 by Ralph Boehme at 2018-12-13T12:48:21Z
vfs_error_inject: add EBADF error

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 523a9b312c9f09178a5afefb48343e684e41d817)

- - - - -
6f8ea0a0 by Ralph Boehme at 2018-12-13T12:48:21Z
s4:torture: add a test-suite for VSS

This test will not be run from the main torture test runner in selftest,
as there we don't pass the required arguments 'twrp_file' and
'twrp_snapshot'.

The test needs a carefully prepared environment with provisioned
snapshot data, so the test will be started from a blackbox test
script. That comes next.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 48ddb87a32ca44c2fcc5aac0cc28c5527dc7eade)

- - - - -
0244de24 by Ralph Boehme at 2018-12-13T12:48:21Z
s3:script/tests: add a test for VSS write behaviour

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(backported from commit 12778f015988f7e8755016c72c26939998758dae)

- - - - -
0e355e38 by Ralph Boehme at 2018-12-13T12:48:22Z
vfs_shadow_copy2: add _already_converted arg to shadow_copy2_strip_snapshot_internal()

Not used for now, all existing callers pass NULL.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 87bf06ed790dad8a4f650c0cd1b6781864666cbf)

- - - - -
256d488b by Ralph Boehme at 2018-12-13T12:48:22Z
vfs_shadow_copy2: add shadow_copy2_strip_snapshot_converted

Can be used by callers to determine if a path is in fact pointing at a
file in a snapshot. Will be used in the next commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 14d6488d355e960ab02e72c414cbbc316f1db718)

- - - - -
e60c9431 by Ralph Boehme at 2018-12-13T12:48:22Z
vfs_shadow_copy2: nicely deal with attempts to open previous version for writing

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit cf95756235f718478e556ce1fbf7c032f9c9acfb)

- - - - -
1f897e6c by Günther Deschner at 2018-12-13T12:48:22Z
s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13708

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Tue Dec 11 17:26:31 CET 2018 on sn-devel-144

(cherry picked from commit 75d15484f3b71b1a2684c4a73e53aaa467f9932b)

- - - - -
3295cc8b by Ralph Boehme at 2018-12-13T12:48:22Z
s3:selftest: add a VSS test reading a stream

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit cfffa2e2428b42db65a4ece00602e0cef8ceb5a3)

- - - - -
88863119 by Ralph Boehme at 2018-12-13T12:48:22Z
s3:smbd: prepare filename_convert_internal() for twrp

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit bffc540bc8459cbb1bd1a98528fb1d3b2b54d1d2)

- - - - -
f8c144fa by Ralph Boehme at 2018-12-13T12:48:22Z
s3:smbd: add twrp processing to filename_convert_internal()

Not used for now, existing callers pass NULL.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit c69bd336a17ca04dbfb4f5d04a963d25b9925118)

- - - - -
baf1e0f3 by Ralph Boehme at 2018-12-13T12:48:23Z
s3:smbd: add twrp args to filename_convert()

All existing callers pass NULL, no change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 14b6e6842b76d7c3e53249ba026a3ff51615ebd7)

- - - - -
fa2a9c3b by Ralph Boehme at 2018-12-13T12:48:23Z
s3:smbd: pass down twrp from SMB2_CREATE to filename_convert()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 9c462e1b324ebad60c51bd6e8e659b39a31ec02e)

- - - - -
d18c5775 by Ralph Boehme at 2018-12-13T15:47:40Z
vfs_shadow_copy2: in fstat also convert fsp->fsp_name and fsp->base_fsp->fsp_name

Stacked VFS modules might use the file name, not the file
handle. Looking at you, vfs_fruit...

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit aa1fac696956f96e89e54ddd4535a6e2844161b0)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Thu Dec 13 16:47:40 CET 2018 on sn-devel-144

- - - - -
9da8cd02 by Karolin Seeger at 2018-12-20T08:23:09Z
WHATSNEW: Add release notes for Samba 4.9.4.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
f1a0c835 by Karolin Seeger at 2018-12-20T08:23:46Z
VERSION: Disable GIT_SNAPSHOT for the 4.9.4 release.

- - - - -
844dc32d by Mathieu Parent at 2018-12-22T08:48:57Z
New upstream version 4.9.4+dfsg
- - - - -


30 changed files:

- VERSION
- WHATSNEW.txt
- ctdb/doc/ctdb-etcd.7
- ctdb/doc/ctdb-script.options.5
- ctdb/doc/ctdb-statistics.7
- ctdb/doc/ctdb-tunables.7
- ctdb/doc/ctdb.1
- ctdb/doc/ctdb.7
- ctdb/doc/ctdb.conf.5
- ctdb/doc/ctdb.sysconfig.5
- ctdb/doc/ctdb_diagnostics.1
- ctdb/doc/ctdb_mutex_ceph_rados_helper.7
- ctdb/doc/ctdbd.1
- ctdb/doc/ctdbd_wrapper.1
- ctdb/doc/ltdbtool.1
- ctdb/doc/onnode.1
- ctdb/doc/ping_pong.1
- ctdb/server/ctdbd.c
- ctdb/tests/simple/90_debug_hung_script.sh
- docs-xml/manpages/net.8.xml
- docs/manpages/cifsdd.8
- docs/manpages/dbwrap_tool.1
- docs/manpages/eventlogadm.8
- docs/manpages/findsmb.1
- docs/manpages/idmap_ad.8
- docs/manpages/idmap_autorid.8
- docs/manpages/idmap_hash.8
- docs/manpages/idmap_ldap.8
- docs/manpages/idmap_nss.8
- docs/manpages/idmap_rfc2307.8


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/samba-team/samba/compare/daedac997f73d5e647e10d3247032571bb8a0c30...844dc32d630203e1665e78ce6d4e0e346552cb5f

-- 
View it on GitLab: https://salsa.debian.org/samba-team/samba/compare/daedac997f73d5e647e10d3247032571bb8a0c30...844dc32d630203e1665e78ce6d4e0e346552cb5f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20181222/3f5fc13f/attachment-0001.html>


More information about the Pkg-samba-maint mailing list