[Pkg-samba-maint] [Git][samba-team/samba][upstream_4.10] 10 commits: VERSION: Bump version up to 4.10.8...

Mathieu Parent gitlab at salsa.debian.org
Tue Sep 10 19:56:11 BST 2019



Mathieu Parent pushed to branch upstream_4.10 at Debian Samba Team / samba


Commits:
523f9f15 by Karolin Seeger at 2019-08-27T11:16:24Z
VERSION: Bump version up to 4.10.8...

and re-eanble GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger at samba.org>
(cherry picked from commit baafb6fc060c0b61f3e744c041be871303fa9c66)

- - - - -
cf67b48f by Jeremy Allison at 2019-08-27T11:16:24Z
CVE-2019-10197: smbd: separate out impersonation debug info into a new function.

Will be called on elsewhere on successful impersonation.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

- - - - -
fd0d3986 by Stefan Metzmacher at 2019-08-27T11:16:24Z
CVE-2019-10197: smbd: make sure that change_to_user_internal() always resets current_user.done_chdir

We should not leave current_user.done_chdir as true if we didn't call
chdir_current_service() with success.

This caused problems in when calling vfs_ChDir() in pop_conn_ctx() when
chdir_current_service() worked once on one share but later failed on another
share.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
0af5d11c by Stefan Metzmacher at 2019-08-27T11:16:24Z
CVE-2019-10197: smbd: make sure we reset current_user.{need,done}_chdir in become_root()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035

Signed-off-by: Stefan Metzmacher <metze at samba.org>

- - - - -
d1d48f20 by Stefan Metzmacher at 2019-08-27T11:16:24Z
CVE-2019-10197: selftest: make fsrvp_share its own independent subdirectory

The next patch will otherwise break the fsrvp related tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035

Signed-off-by: Stefan Metzmacher <metze at samba.org>

- - - - -
962d4a98 by Stefan Metzmacher at 2019-08-27T11:16:24Z
CVE-2019-10197: test_smbclient_s3.sh: add regression test for the no permission on share root problem

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035

Signed-off-by: Stefan Metzmacher <metze at samba.org>

- - - - -
661a7cdb by Stefan Metzmacher at 2019-08-27T11:16:24Z
CVE-2019-10197: smbd: split change_to_user_impersonate() out of change_to_user_internal()

This makes sure we always call chdir_current_service() even
when we still impersonated the user. Which is important
in order to run the SMB* request within the correct working directory
and only if the user has permissions to enter that directory.

It makes sure we always update conn->lastused_count
in chdir_current_service() for each request.

Note that vfs_ChDir() (called from chdir_current_service())
maintains its own cache and avoids calling SMB_VFS_CHDIR()
if possible.

It means we still avoid syscalls if we get a multiple requests
for the same session/tcon tuple.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
3761e478 by Karolin Seeger at 2019-08-27T11:16:24Z
WHATSNEW: Add release notes for Samba 4.10.8.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035
CVE-2019-10197 [SECURITY][EMBARGOED] permissions check deny can allow user to
escape from the share.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
2d587a11 by Karolin Seeger at 2019-08-27T11:16:44Z
VERSION: Disable GIT_SNAPSHOT for the 4.10.8 release.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
96c16ed9 by Mathieu Parent at 2019-09-10T16:39:31Z
New upstream version 4.10.8+dfsg
- - - - -


30 changed files:

- VERSION
- WHATSNEW.txt
- ctdb/doc/ctdb-etcd.7
- ctdb/doc/ctdb-script.options.5
- ctdb/doc/ctdb-statistics.7
- ctdb/doc/ctdb-tunables.7
- ctdb/doc/ctdb.1
- ctdb/doc/ctdb.7
- ctdb/doc/ctdb.conf.5
- ctdb/doc/ctdb.sysconfig.5
- ctdb/doc/ctdb_diagnostics.1
- ctdb/doc/ctdb_mutex_ceph_rados_helper.7
- ctdb/doc/ctdbd.1
- ctdb/doc/ctdbd_wrapper.1
- ctdb/doc/ltdbtool.1
- ctdb/doc/onnode.1
- ctdb/doc/ping_pong.1
- docs/manpages/cifsdd.8
- docs/manpages/dbwrap_tool.1
- docs/manpages/eventlogadm.8
- docs/manpages/findsmb.1
- docs/manpages/idmap_ad.8
- docs/manpages/idmap_autorid.8
- docs/manpages/idmap_hash.8
- docs/manpages/idmap_ldap.8
- docs/manpages/idmap_nss.8
- docs/manpages/idmap_rfc2307.8
- docs/manpages/idmap_rid.8
- docs/manpages/idmap_script.8
- docs/manpages/idmap_tdb.8


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/samba-team/samba/compare/b9ee441bfef2d6d114f24296b82dea3ec4237190...96c16ed9e6352cb8bf90d864699c96ce0c1734bf

-- 
View it on GitLab: https://salsa.debian.org/samba-team/samba/compare/b9ee441bfef2d6d114f24296b82dea3ec4237190...96c16ed9e6352cb8bf90d864699c96ce0c1734bf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20190910/9785b70e/attachment-0001.html>


More information about the Pkg-samba-maint mailing list