[Pkg-samba-maint] [Git][samba-team/samba][upstream_4.11] 23 commits: VERSION: Bump version up to 4.11.2...

Mathieu Parent gitlab at salsa.debian.org
Mon Dec 16 08:54:26 GMT 2019 


Mathieu Parent pushed to branch upstream_4.11 at Debian Samba Team / samba


Commits:
193d6f5e by Karolin Seeger at 2019-10-24T08:52:36Z
VERSION: Bump version up to 4.11.2...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger at samba.org>
(cherry picked from commit 7b8309398beab679cd4068da497661ce33616edc)

- - - - -
07df3dfa by Jeremy Allison at 2019-10-24T08:52:36Z
CVE-2019-10218 - s3: libsmb: Protect SMB1 client code from evil server returned names.

Disconnect with NT_STATUS_INVALID_NETWORK_RESPONSE if so.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14071

Signed-off-by: Jeremy Allison <jra at samba.org>

- - - - -
914c985e by Jeremy Allison at 2019-10-24T08:52:36Z
CVE-2019-10218 - s3: libsmb: Protect SMB2 client code from evil server returned names.

Disconnect with NT_STATUS_INVALID_NETWORK_RESPONSE if so.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14071

Signed-off-by: Jeremy Allison <jra at samba.org>

- - - - -
e0e8830b by Andrew Bartlett at 2019-10-24T08:52:36Z
CVE-2019-14833: Use utf8 characters in the unacceptable password

This shows that the "check password script" handling has a bug.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12438
Signed-off-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
b3a71bf8 by Björn Baumbach at 2019-10-24T08:52:36Z
CVE-2019-14833 dsdb: send full password to check password script

utf8_len represents the number of characters (not bytes) of the
password. If the password includes multi-byte characters it is required
to write the total number of bytes to the check password script.
Otherwise the last bytes of the password string would be ignored.

Therefore we rename utf8_len to be clear what it does and does
not represent.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12438

Signed-off-by: Björn Baumbach <bb at sernet.de>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
4087d169 by Andrew Bartlett at 2019-10-24T08:52:36Z
CVE-2019-14847 dsdb: Demonstrate the correct interaction of ranged_results style attributes and dirsync

Incremental results are provided by a flag on the dirsync control, not
by changing the attribute name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040

Signed-off-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
e33b8c56 by Andrew Bartlett at 2019-10-24T08:52:36Z
CVE-2019-14847 dsdb: Correct behaviour of ranged_results when combined with dirsync

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040

Signed-off-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
3815f9bf by Karolin Seeger at 2019-10-24T08:52:36Z
WHATSNEW: Add release notes for Samba 4.11.2.

* Bug 14071: CVE-2019-10218: Client code can return filenames containing path
  separators.
* Bug 12438: CVE-2019-14833: Samba AD DC check password script does not receive
  the full password.
* Bug 14040: CVE-2019-14847: User with "get changes" permission can crash AD DC
  LDAP server via dirsync.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
df2b97d1 by Karolin Seeger at 2019-10-24T08:52:52Z
VERSION: Disable GIT_SNAPSHOT for the 4.11.2 release.

* Bug 14071: CVE-2019-10218: Client code can return filenames containing path
  separators.
* Bug 12438: CVE-2019-14833: Samba AD DC check password script does not receive
  the full password.
* Bug 14040: CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP
  server via dirsync.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
dff88803 by Karolin Seeger at 2019-12-03T12:10:21Z
VERSION: Bump version up to 4.11.3.

Signed-off-by: Karolin Seeger <kseeger at samba.org>
(cherry picked from commit e704eee3083658f7dcdd4238295f8e0b229a1688)

- - - - -
026fd23c by Karolin Seeger at 2019-12-03T12:10:21Z
VERSION: Re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
9324b7a9 by Andrew Bartlett at 2019-12-03T12:10:21Z
CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in dcesrv_DnssrvEnumRecords

The sort behaviour for child records is not correct in Samba so
we add a flapping entry.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138

Signed-off-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
678888b4 by Andrew Bartlett at 2019-12-03T12:10:21Z
CVE-2019-14861: s4-rpc_server: Remove special case for @ in dns_build_tree()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138

Signed-off-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
2318a4a7 by Andrew Bartlett at 2019-12-03T12:10:21Z
CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords)

dns_name_compare() had logic to put @ and the top record in the tree being
enumerated first, but if a domain had both then this would break the
older qsort() implementation in ldb_qsort() and cause a read of memory
before the base pointer.

By removing this special case (not required as the base pointer
is already seperatly located, no matter were it is in the
returned records) the crash is avoided.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138

Signed-off-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
fae31952 by Andrew Bartlett at 2019-12-03T12:10:21Z
CVE-2019-14861: Test to demonstrate the bug

This test does not fail every time, but when it does it casues a segfault which
takes out the rpc_server master process, as this hosts the dnsserver pipe.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138

Signed-off-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
b69ee283 by Andrew Bartlett at 2019-12-03T12:10:21Z
s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_local

This test often flaps in Samba 4.9 (where more tests and DCs run in the environment)
with obj_1 being 3.  This is quite OK, we just need to see some changes get
replicated, not 0 changes.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 4ae0f9ce0f5ada99cf1d236377e5a1234c879ae3)

- - - - -
fbd7a4c0 by Isaac Boukris at 2019-12-03T12:10:21Z
samba-tool: add user-sensitive command to set not-delegated flag

Signed-off-by: Isaac Boukris <iboukris at gmail.com>

- - - - -
fc0127db by Isaac Boukris at 2019-12-03T12:10:21Z
CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed

Signed-off-by: Isaac Boukris <iboukris at gmail.com>

- - - - -
fbc1f000 by Isaac Boukris at 2019-12-03T12:10:21Z
CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self

Signed-off-by: Isaac Boukris <iboukris at gmail.com>

- - - - -
1ccab20c by Isaac Boukris at 2019-12-03T12:10:21Z
CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag

Signed-off-by: Isaac Boukris <iboukris at samba.org>

- - - - -
a694a009 by Karolin Seeger at 2019-12-04T09:02:16Z
WHATSNEW: Add release notes for Samba 4.11.3.

o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
                  management server (dnsserver).
o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition
                  on Samba AD DC.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
7fc8563c by Karolin Seeger at 2019-12-04T09:03:55Z
VERSION: Disable GIT_SNAPSHOT for the 4.11.3 release.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
3719537f by Mathieu Parent at 2019-12-15T20:44:31Z
New upstream version 4.11.3+dfsg
- - - - -


30 changed files:

- VERSION
- WHATSNEW.txt
- ctdb/doc/ctdb-etcd.7
- ctdb/doc/ctdb-script.options.5
- ctdb/doc/ctdb-statistics.7
- ctdb/doc/ctdb-tunables.7
- ctdb/doc/ctdb.1
- ctdb/doc/ctdb.7
- ctdb/doc/ctdb.conf.5
- ctdb/doc/ctdb.sysconfig.5
- ctdb/doc/ctdb_diagnostics.1
- ctdb/doc/ctdb_mutex_ceph_rados_helper.7
- ctdb/doc/ctdbd.1
- ctdb/doc/ctdbd_wrapper.1
- ctdb/doc/ltdbtool.1
- ctdb/doc/onnode.1
- ctdb/doc/ping_pong.1
- docs/manpages/cifsdd.8
- docs/manpages/dbwrap_tool.1
- docs/manpages/eventlogadm.8
- docs/manpages/findsmb.1
- docs/manpages/idmap_ad.8
- docs/manpages/idmap_autorid.8
- docs/manpages/idmap_hash.8
- docs/manpages/idmap_ldap.8
- docs/manpages/idmap_nss.8
- docs/manpages/idmap_rfc2307.8
- docs/manpages/idmap_rid.8
- docs/manpages/idmap_script.8
- docs/manpages/idmap_tdb.8


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/samba-team/samba/compare/6d3c629b703bfbb7a0c3053c89c691e68ac6f089...3719537fa3a3ae38c03daafd8d0acef09d99f223

-- 
View it on GitLab: https://salsa.debian.org/samba-team/samba/compare/6d3c629b703bfbb7a0c3053c89c691e68ac6f089...3719537fa3a3ae38c03daafd8d0acef09d99f223
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20191216/9a6176a8/attachment-0001.html>

More information about the Pkg-samba-maint mailing list