[Pkg-samba-maint] [Git][samba-team/samba][upstream_4.17] 42 commits: VERSION: Bump version up to Samba 4.17.5...

Michael Tokarev (@mjt) gitlab at salsa.debian.org
Thu Jan 26 20:50:48 GMT 2023



Michael Tokarev pushed to branch upstream_4.17 at Debian Samba Team / samba


Commits:
72dcfb47 by Jule Anger at 2022-12-15T17:06:06+01:00
VERSION: Bump version up to Samba 4.17.5...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Jule Anger <janger at samba.org>

- - - - -
0d89084e by Volker Lendecke at 2023-01-04T20:20:16+00:00
ctdb: Fix a use-after-free in run_proc

If you happen to talloc_free(run_ctx) before all the tevent_req's
hanging off it, you run into the following:

==495196== Invalid read of size 8
==495196==    at 0x10D757: run_proc_state_destructor (run_proc.c:413)
==495196==    by 0x488F736: _tc_free_internal (talloc.c:1158)
==495196==    by 0x488FBDD: _talloc_free_internal (talloc.c:1248)
==495196==    by 0x4890F41: _talloc_free (talloc.c:1792)
==495196==    by 0x48538B1: tevent_req_received (tevent_req.c:293)
==495196==    by 0x4853429: tevent_req_destructor (tevent_req.c:129)
==495196==    by 0x488F736: _tc_free_internal (talloc.c:1158)
==495196==    by 0x4890AF6: _tc_free_children_internal (talloc.c:1669)
==495196==    by 0x488F967: _tc_free_internal (talloc.c:1184)
==495196==    by 0x488FBDD: _talloc_free_internal (talloc.c:1248)
==495196==    by 0x4890F41: _talloc_free (talloc.c:1792)
==495196==    by 0x10DE62: main (run_proc_test.c:86)
==495196==  Address 0x55b77f8 is 152 bytes inside a block of size 160 free'd
==495196==    at 0x48399AB: free (vg_replace_malloc.c:538)
==495196==    by 0x488FB25: _tc_free_internal (talloc.c:1222)
==495196==    by 0x488FBDD: _talloc_free_internal (talloc.c:1248)
==495196==    by 0x4890F41: _talloc_free (talloc.c:1792)
==495196==    by 0x10D315: run_proc_context_destructor (run_proc.c:329)
==495196==    by 0x488F736: _tc_free_internal (talloc.c:1158)
==495196==    by 0x488FBDD: _talloc_free_internal (talloc.c:1248)
==495196==    by 0x4890F41: _talloc_free (talloc.c:1792)
==495196==    by 0x10DE62: main (run_proc_test.c:86)
==495196==  Block was alloc'd at
==495196==    at 0x483877F: malloc (vg_replace_malloc.c:307)
==495196==    by 0x488EAD9: __talloc_with_prefix (talloc.c:783)
==495196==    by 0x488EC73: __talloc (talloc.c:825)
==495196==    by 0x488F0FC: _talloc_named_const (talloc.c:982)
==495196==    by 0x48925B1: _talloc_zero (talloc.c:2421)
==495196==    by 0x10C8F2: proc_new (run_proc.c:61)
==495196==    by 0x10D4C9: run_proc_send (run_proc.c:381)
==495196==    by 0x10DDF6: main (run_proc_test.c:79)

This happens because run_proc_context_destructor() directly does a
talloc_free() on the struct proc_context's and not the enclosing
tevent_req's. run_proc_kill() makes sure that we don't follow
proc->req, but it forgets the "state->proc", which is free()'ed, but
later dereferenced in run_proc_state_destructor().

This is an attempt at a quick fix, I believe we should convert
run_proc_context->plist into an array of tevent_req's, so that we can
properly TALLOC_FREE() according to the "natural" hierarchy and not
just pull an arbitrary thread out of that heap.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15269

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Oct  6 15:10:20 UTC 2022 on sn-devel-184

(cherry picked from commit 688be0177b04d04709813a02ae6da1e983ac25dd)

- - - - -
4f47415e by Andrew at 2023-01-04T20:20:16+00:00
rpc_server:srvsvc - retrieve share ACL via root context

share_info.tdb has permissions of 0o600 and so we need
to become_root() prior to retrieving the security info.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15265

Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Dec 19 20:41:15 UTC 2022 on sn-devel-184

(cherry picked from commit 80c0b416892bfacc0d919fe032461748d7962f05)

- - - - -
72e6fff0 by Andrew Walker at 2023-01-04T20:20:16+00:00
s3:params:lp_do_section - protect against NULL deref

iServiceIndex may indicate an empty slot in the ServicePtrs
array. In this case, lpcfg_serivce_ok(ServicePtrs[iServiceIndex])
may trigger a NULL deref and crash. Skipping the check
here will cause a scan of the array in add_a_service() and the
NULL slot will be used safely.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15267

Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Dec 20 18:49:54 UTC 2022 on sn-devel-184

(cherry picked from commit 5b19288949e97a5af742ff2719992d56f21e364a)

- - - - -
0d2acb2e by Andreas Schneider at 2023-01-04T20:20:16+00:00
s3:script: Improve test_chdir_cache.sh

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15268

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 0d1961267cd9e8f1158a407c5d135514c363f37e)

- - - - -
bc05daaf by Andreas Schneider at 2023-01-04T21:23:48+00:00
s3:client: Fix a use-after-free issue in smbclient

Detected by

    make test TESTS="samba3.blackbox.chdir-cache"

with an optimized build or with AddressSanitizer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15268

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 9c707b4be27e2a6f79886d3ec8b5066c922b99bd)

Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Wed Jan  4 21:23:48 UTC 2023 on sn-devel-184

- - - - -
33a5ca2f by Jeremy Allison at 2023-01-05T10:01:54+00:00
s3: smbd: Strip any leading '\\' characters if the SMB2 DFS flag is set.

MacOS clients send SMB2 DFS pathnames as \server\share\file\name.

Ensure smbd can cope with this by stipping any leading '\\'
characters from an SMB2 packet with the DFS flag set.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15277

NB. The test for this is not back-ported to
4.17 as there are too many changes in the
test infrastructure and supporting client
libraries between 4.17 and master.

Back-ported from c9a6e242d15ee707a2e30f973fd37e80b3225aca.

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Thu Jan  5 10:01:54 UTC 2023 on sn-devel-184

- - - - -
658a590b by Volker Lendecke at 2023-01-13T10:54:14+00:00
testprogs: Add testit_grep_count() helper

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 55feb593012fc5b24e795a00081666fca740429c)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15266

- - - - -
a8934a92 by Stefan Metzmacher at 2023-01-13T10:54:14+00:00
selftest: add samba3.blackbox.registry_share

This demonstrates the regression introduced by
f03665bb7e8ea97699062630f2aa1bac4c5dfc7f, where
registry shares are no longer listed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15266

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Walker <awalker at ixsystems.com>
(cherry picked from commit a00c7395fbc7974a61a70ae54ea6ae6349933de2)

- - - - -
b1d5552f by Stefan Metzmacher at 2023-01-13T10:54:14+00:00
s3:rpc_server/srvsvc: make sure we (re-)load all shares as root.

This fixes a regression in commit f03665bb7e8ea97699062630f2aa1bac4c5dfc7f

The use of reload_services() has a lot of side effects, e.g. reopen of
log files and other things, which are only useful in smbd, but not in rpcd_classic.
It was also unloading the user and registry shares we loaded a few lines
above.

We need to do all (re-)loading as root, otherwise we won't be able
to read root only smb.conf files, access registry shares, ...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15266

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Walker <awalker at ixsystems.com>

Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Dec 29 21:14:02 UTC 2022 on sn-devel-184

(cherry picked from commit f28553105be7465026bcc0fcbbed6a1a8c2133dd)

- - - - -
cedb4ff4 by Stefan Metzmacher at 2023-01-13T10:54:14+00:00
s4:lib/messaging: fix interaction between imessaging_context_destructor and irpc_destructor

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15280

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 0d096931196524a2d1bf59470bc629dc9231131e)

- - - - -
409dd9b2 by Florian Weimer at 2023-01-13T10:54:14+00:00
buildtools/wafsamba: Avoid calling lib_func without a prototype

This is a backport of commit f4c0a750d4adebcf2342a44e85f04526c34
("WAF: Fix detection of linker features")
to buildtools/wafsamba/samba_conftests.py.  It fixes the check for
rpath support with compilers in strict C99 mode.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15281

Signed-off-by: Florian Weimer <fweimer at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 75db84b1e59a42737343445c43c41494460c89f0)

- - - - -
fab96048 by Florian Weimer at 2023-01-13T10:54:14+00:00
source3/wscript: Fix detection of major/minor macros

These macros are only available via <sys/sysmacros.h> as of glibc
commit e16deca62e16f645213dffd4ecd1153c37765f17 ("[BZ #19239] Don't
include sys/sysmacros.h from sys/types.h."), which went into
glibc 2.28.

This is different from the usual C99 cleanups because it changes
the configure check result with existing compilers that usually
accept implicit function declarations.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15281

Signed-off-by: Florian Weimer <fweimer at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit d0ee9d5a43072ecbd37327f5dc936c546f97ba34)

- - - - -
69f6517f by Florian Weimer at 2023-01-13T10:54:14+00:00
source3/wscript: Remove implicit int and implicit function declarations

This should fix the remaining C89isms in these configure checks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15281

Signed-off-by: Florian Weimer <fweimer at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 7779050a6765a37cc0c6438309e512782220dcb3)

- - - - -
0bc115f7 by Jones Syue at 2023-01-13T11:56:59+00:00
s3:smbstatus: go to cmdline_messaging_context_free

If the locking.tdb is not found,
(for example, fresh new installed samba server is not running yet)
smbstatus utility would exit earlier,
and lock files are left behind in the directory 'msg.sock' and 'msg.lock'.
Consider that a script to run smbstatus utility in a loop,
this might result in used space slowly growing-up on the underlying filesystem.
Since the samba server is not running yet,
there is no cleanupd daemon could delete these files to reclaim space.

Supposed to use 'ret = 0; goto done;' instead of exit(0),
this would go through the cmdline_messaging_context_free() which deletes
the lock files in the directory msg.sock and msg.lock before smbstatus
utility is exiting.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15282

Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jan 11 17:08:10 UTC 2023 on sn-devel-184

(cherry picked from commit de5d31f452b2445bd92b1746efb05aa096716af8)

Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Fri Jan 13 11:56:59 UTC 2023 on sn-devel-184

- - - - -
a92a0043 by Jeremy Allison at 2023-01-16T09:41:10+00:00
s4: torture: Show return value for smbc_getxattr() is incorrect (returns >0 for success, should return zero).

Add torture test to show smbc_getxattr() should return -1 on
failure, 0 on success.

Add knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14808

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>
(cherry picked from commit 74636dfe24c15677261fc40c0a4ec62404898cf4)

- - - - -
50330f69 by Jeremy Allison at 2023-01-16T09:41:10+00:00
s3: libsmbclient: Fix smbc_getxattr() to return 0 on success.

Remove knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14808

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: David Mulder <dmulder at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Nov  1 18:31:22 UTC 2022 on sn-devel-184

(cherry picked from commit bdbb38d16c8eaff33484bb747efa639c4d8e7f35)

- - - - -
7b29d407 by Andrew Walker at 2023-01-16T09:41:10+00:00
nsswitch:libwbclient - fix leak in wbcCtxPingDc2

Memory allocated for response is never freed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15164

Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Sep  6 20:10:17 UTC 2022 on sn-devel-184

(cherry picked from commit aa9f3a2da97ae13cce3e50fe3d58f143200e9a17)

- - - - -
67d388c7 by Jeremy Allison at 2023-01-16T09:41:10+00:00
s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_CLOSE test to smb2.compound_async.

Shows we fail sending an SMB2_OP_FLUSH + SMB2_OP_CLOSE
compound. Internally the flush goes async and
we free the req, then we process the close.
When the flush completes it tries to access
already freed data.

Found using the Apple MacOSX client at SNIA SDC 2022.

Add knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 17a110c1b58196eb8ecf3c76eb97e8508976c544)

- - - - -
7b4652b8 by Jeremy Allison at 2023-01-16T09:41:10+00:00
s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_FLUSH test to smb2.compound_async.

Shows we fail sending an SMB2_OP_FLUSH + SMB2_OP_FLUSH
compound if we immediately close the file afterward.

Internally the flushes go async and we free the req, then
we process the close. When the flushes complete they try to access
already freed data.

Extra test which will allow me to test when the final
component (flush) of the compound goes async and returns
NT_STATUS_PENDING.

Add knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 6f149dfd9d8d2619a9e18975ebcf5e69df2b7766)

- - - - -
61babd9a by Jeremy Allison at 2023-01-16T09:41:10+00:00
s3: smbd: Add utility function smbd_smb2_is_last_in_compound().

Not yet used. Returns true if we're processing the last SMB2 request in a
compound.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e668c3a82cd566b405c976d45659dd79786948de)

- - - - -
1e94c94a by Jeremy Allison at 2023-01-16T09:41:10+00:00
s3: smbd: Cause SMB2_OP_FLUSH to go synchronous in a compound anywhere but the last operation in the list.

Async read and write go synchronous in the same case,
so do the same here.

Remove knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15172

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu Nov 17 05:55:42 UTC 2022 on sn-devel-184

(cherry picked from commit 26adf3344337f4e8d5d2107e6ba42e5ea7656372)

- - - - -
580cfa72 by Jeremy Allison at 2023-01-16T09:41:10+00:00
s3: smbd: In synthetic_pathref() change DBG_ERR -> DBG_NOTICE to avoid spamming the logs.

Can easily be seen by doing make test TESTS=fruit
and looking in st/nt4_dc/smbd_test.log.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15210

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Nov 16 06:00:56 UTC 2022 on sn-devel-184

(cherry picked from commit f0ca9546102acf09f1834c03f8907ed26bfc80f8)

- - - - -
02e63b6d by Jeremy Allison at 2023-01-16T09:41:10+00:00
s4: libcli: Ignore errors when getting A records after fetching AAAA records.

The target may only be available over IPv6.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15226

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Nov  9 20:34:07 UTC 2022 on sn-devel-184

(cherry picked from commit 10537a89bb0b461ba31d614b7c9ed56a842422e7)

- - - - -
669da62d by Jeremy Allison at 2023-01-16T09:41:11+00:00
selftest: Show vfs_virusscanner crashes when traversing a 2-level directory tree.

Modify check_infected_read() test to use a 2-level deep
directory.

We must have vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS = no
set on the virusscanner share as otherwise the openat flag
shortcut defeats the test.

Add knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15283

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit c844bff3eca336547c6cedfeeb03adda4eed57c6)

- - - - -
34a90840 by Jeremy Allison at 2023-01-16T10:49:14+00:00
s3: smbd: Tweak openat_pathref_dirfsp_nosymlink() to NULL out fsp->fsp_name after calling fd_close() on intermediate directories, rather than before.

vfs_virusfilter expects a non-NULL fsp->fsp_name to use for printing debugs
(it always indirects fsp->fsp_name). vfs_fruit also does the same, so would
also crash in fruit_close() with 'debug level = 10' and vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS = no
set (we don't test with that which is why we haven't noticed
this before).

Remove knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15283

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Jan 13 08:33:47 UTC 2023 on sn-devel-184

(cherry picked from commit 3d3d01cda8d3a6d0d18d1b808aa9414e71d56062)

Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Mon Jan 16 10:49:14 UTC 2023 on sn-devel-184

- - - - -
5a49be37 by Samuel Cabrero at 2023-01-23T09:27:12+00:00
CVE-2022-38023 s3:rpc_server/netlogon: 'server schannel != yes' warning to dcesrv_interface_netlogon_bind

Follow s4 netlogon server changes and move the checks to the RPC bind
hook. Next commits will remove the s3 netr_creds_server_step_check()
function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 8141eae47aad849741beb138fae866c772e4ec4c)

- - - - -
6d31e359 by Samuel Cabrero at 2023-01-23T09:27:12+00:00
CVE-2022-38023 selftest:Samba3: avoid global 'server schannel = auto'

Instead of using the generic deprecated option use the specific
server require schannel:COMPUTERACCOUNT = no in order to allow
legacy tests for pass.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 3cd18690f83d2f85e847fc703ac127b4b04189fc)

- - - - -
71185d09 by Samuel Cabrero at 2023-01-23T09:27:12+00:00
CVE-2022-38023 s4:rpc_server:wscript: Reformat following pycodestyle

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit d9e6b490db3ead7e79bb3ff0c1f9ef8ab8bdc65b)

- - - - -
600a91f4 by Samuel Cabrero at 2023-01-23T09:27:12+00:00
CVE-2022-38023 s4:rpc_server/netlogon: Move schannel and credentials check functions to librpc

Will be used later by s3 netlogon server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 121e7b0e39478c5291100652ac92c263f406076b)

- - - - -
de2e2045 by Samuel Cabrero at 2023-01-23T09:27:12+00:00
CVE-2022-38023 s3:rpc_server/netlogon: Use dcesrv_netr_creds_server_step_check()

After s3 and s4 rpc servers merge we can avoid duplicated code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 25300d354c80995997d552581cd91dddaf4bbf48)

- - - - -
03a65b24 by Samuel Cabrero at 2023-01-23T09:27:12+00:00
CVE-2022-38023 s3:rpc_server/netlogon: make sure all _netr_LogonSamLogon*() calls go through dcesrv_netr_check_schannel()

Some checks are also required for _netr_LogonSamLogonEx().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit ca07f4340ce58a7e940a1123888b7409176412f7)

- - - - -
67cdc5de by Samuel Cabrero at 2023-01-23T09:27:12+00:00
CVE-2022-38023 s3:rpc_server/netlogon: Check for global "server schannel require seal"

By default we'll now require schannel connections with privacy/sealing/encryption.

But we allow exceptions for specific computer/trust accounts.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit a0b97e262318dc56fe663da89b0ee3172b2e7848)

- - - - -
d737d6b8 by Samuel Cabrero at 2023-01-23T09:27:12+00:00
CVE-2022-38023 docs-xml/smbdotconf: The "server schannel require seal[:COMPUTERACCOUNT]" options are also honoured by s3 netlogon server..

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 02fba22b8c9e9b33ab430555ef45500c45eaa9d1)

- - - - -
0b3fab18 by Samuel Cabrero at 2023-01-23T09:27:12+00:00
CVE-2022-38023 s3:rpc_server/netlogon: Avoid unnecessary loadparm_context allocations

After s3 and s4 rpc servers merge the loadparm_context is available in
the dcesrv_context structure.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Jan  9 15:17:14 UTC 2023 on sn-devel-184

(cherry picked from commit 56837f3d3169a02d0d92bd085d9c8250415ce29b)

- - - - -
961eda75 by Stefan Metzmacher at 2023-01-23T09:27:12+00:00
s3:auth: call wbcFreeMemory(info) in auth3_generate_session_info_pac()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15286

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit e27084f5d8c3a151c5d0b266118f0d71b641dc85)

- - - - -
cd3479c6 by Jeremy Allison at 2023-01-23T09:27:12+00:00
s3: smbd: Add test to show smbd crashes when doing an FSCTL on a named stream handle.

Add knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15236

Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit abc4495e4591964bb4625c2669a1f84213faab77)

- - - - -
f0729d7a by Jeremy Allison at 2023-01-23T09:27:12+00:00
s3: smbd: Always use metadata_fsp() when processing fsctls.

Currently all fsctls we implement need the base fsp, not
an alternate data stream fsp. We may revisit this later
if we implement fsctls that operate on an ADS.

Remove knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15236

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Walker <awalker at ixsystems.com>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Nov 14 18:13:31 UTC 2022 on sn-devel-184

(cherry picked from commit fa4eba131b882c3858b28f5fd9864998e19a4510)

- - - - -
85331e00 by Andrew Walker at 2023-01-23T10:27:59+00:00
lib/replace - add extra check to bsd_attr_list

The FreeBSD extattr API may return success and truncated
namelist. We need to check for this in bsd_attr_list to
ensure that we don't accidentally read off the end of the
buffer. In the case of a truncated value, the pascal
strings for attr names will reflect the lengths as if
the value were not truncated. For example:
`58DosStrea`

In case of short read we now set error to ERANGE and
fail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15271

Signed-off-by: Andrew Walker <awalker at ixsystems.com>
Reviewed-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Jan  2 14:27:23 UTC 2023 on sn-devel-184

(cherry picked from commit 01cdc5e00be78a51f0766634cc7fe50de2088203)

Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Mon Jan 23 10:27:59 UTC 2023 on sn-devel-184

- - - - -
c67be713 by Jule Anger at 2023-01-26T18:43:17+01:00
WHATSNEW: Add release notes for Samba 4.17.5.

Signed-off-by: Jule Anger <janger at samba.org>

- - - - -
420b9e67 by Jule Anger at 2023-01-26T18:43:17+01:00
VERSION: Disable GIT_SNAPSHOT for the 4.17.5 release.

Signed-off-by: Jule Anger <janger at samba.org>

- - - - -
2bf1e55d by Michael Tokarev at 2023-01-26T23:34:17+03:00
New upstream version 4.17.5+dfsg
- - - - -


30 changed files:

- VERSION
- WHATSNEW.txt
- buildtools/wafsamba/samba_waf18.py
- ctdb/common/run_proc.c
- ctdb/doc/ctdb-etcd.7
- ctdb/doc/ctdb-script.options.5
- ctdb/doc/ctdb-statistics.7
- ctdb/doc/ctdb-tunables.7
- ctdb/doc/ctdb.1
- ctdb/doc/ctdb.7
- ctdb/doc/ctdb.conf.5
- ctdb/doc/ctdb.sysconfig.5
- ctdb/doc/ctdb_diagnostics.1
- ctdb/doc/ctdb_mutex_ceph_rados_helper.7
- ctdb/doc/ctdbd.1
- ctdb/doc/ltdbtool.1
- ctdb/doc/onnode.1
- ctdb/doc/ping_pong.1
- docs-xml/smbdotconf/security/serverschannelrequireseal.xml
- docs/manpages/cifsdd.8
- docs/manpages/dbwrap_tool.1
- docs/manpages/eventlogadm.8
- docs/manpages/idmap_ad.8
- docs/manpages/idmap_autorid.8
- docs/manpages/idmap_hash.8
- docs/manpages/idmap_ldap.8
- docs/manpages/idmap_nss.8
- docs/manpages/idmap_rfc2307.8
- docs/manpages/idmap_rid.8
- docs/manpages/idmap_script.8


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/3aa49021a34b94f3fd7684c62080b5173d6370db...2bf1e55d96d21643fb74b93c615c750a92bfbb0b

-- 
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/3aa49021a34b94f3fd7684c62080b5173d6370db...2bf1e55d96d21643fb74b93c615c750a92bfbb0b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20230126/99b68caf/attachment-0001.htm>


More information about the Pkg-samba-maint mailing list