Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • lts-team/packages/samba
  • thctlo/samba-lintianfix
  • arnaudr/samba
  • jrwren/samba
  • paride/samba
  • athos/samba
  • henrich/samba
  • cnotin/samba
  • mimi89999/samba
  • samba-team/samba
  • ahasenack/samba
  • jrtc27/samba
  • noel/samba
13 results
Show changes
Commits on Source (7)
samba (2:4.16.0+dfsg-1) UNRELEASED; urgency=medium
* New upstream major release.
Closes: #1004690, CVE-2021-20316: Fileserver symlink metadata share escape
Closes: #1004691, CVE-2021-43566: mkdir race condition allows share escape
Closes: #1004692, CVE-2021-44141: UNIX extensions in SMB1 disclose whether
the outside target of a symlink exists
Closes: #1005642 (windows client data corruption due to cache poisoning)
* Notable changes in 4.16 series compared to 4.13:
- modular VFS (see The_New_VFS.txt)
- publishing printers in AD is more complete
- group policies for winbindd cilents (like linux systems)
- certificate auto enrollement in AD group policy
- large list of improvements in samba-tool
- SMB1 protocol has been deprecated, some subcommands has been removed
- more consistend options/subcommands in samba commands
-- Michael Tokarev <mjt@tls.msk.ru> Thu, 24 Mar 2022 13:54:07 +0300
samba (2:4.13.14+dfsg-1) unstable; urgency=high
* New upstream security release in order to address the following defects:
......
......@@ -5,7 +5,8 @@ Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
Uploaders: Steve Langasek <vorlon@debian.org>,
Jelmer Vernooij <jelmer@debian.org>,
Mathieu Parent <sathieu@debian.org>,
Andrew Bartlett <abartlet+debian@catalyst.net.nz>
Andrew Bartlett <abartlet+debian@catalyst.net.nz>,
Michael Tokarev <mjt@tls.msk.ru>
Homepage: https://www.samba.org
Standards-Version: 4.5.1
Build-Depends: bison,
......@@ -31,8 +32,9 @@ Build-Depends: bison,
libgpgme11-dev,
libicu-dev,
libjansson-dev,
libjson-perl,
libldap2-dev,
libldb-dev (>= 2:2.2.3~),
libldb-dev (>= 2:2.5.0~),
libncurses5-dev,
libpam0g-dev,
libparse-yapp-perl,
......@@ -41,11 +43,11 @@ Build-Depends: bison,
librados-dev [amd64 arm64 armel armhf i386 mips64el mipsel ppc64el ppc64 s390x x32],
libreadline-dev,
libsystemd-dev [linux-any],
libtalloc-dev (>= 2.3.1~),
libtalloc-dev (>= 2.3.3~),
libtasn1-6-dev (>= 3.8),
libtasn1-bin,
libtdb-dev (>= 1.4.3~),
libtevent-dev (>= 0.10.2~),
libtdb-dev (>= 1.4.6~),
libtevent-dev (>= 0.11.0~),
liburing-dev [linux-any],
perl,
pkg-config,
......@@ -53,10 +55,11 @@ Build-Depends: bison,
python3-dev,
python3-dnspython,
python3-etcd,
python3-ldb (>= 2:2.2.3~),
python3-ldb-dev (>= 2:2.2.3~),
python3-talloc-dev (>= 2.3.1~),
python3-tdb (>= 1.4.3~),
python3-ldb (>= 2:2.5.0~),
python3-ldb-dev (>= 2:2.5.0~),
python3-markdown,
python3-talloc-dev (>= 2.3.3~),
python3-tdb (>= 1.4.6~),
python3-testtools,
python3,
xfslibs-dev [linux-any],
......
From 32d876c6fa18cfbd2f81823c122a9eb5c50a6313 Mon Sep 17 00:00:00 2001
From: Mathieu Parent <math.parent@gmail.com>
Date: Sat, 4 Jul 2020 23:16:40 +0200
Subject: [PATCH] Rename mdfind to mdsearch
GNUstep as an mdfind binary, and both should be co-instalable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14431
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
---
docs-xml/manpages/{mdfind.1.xml => mdsearch.1.xml} | 10 +++++-----
docs-xml/wscript_build | 2 +-
python/samba/tests/blackbox/{mdfind.py => mdsearch.py} | 10 +++++-----
source3/rpc_server/mdssvc/es_mapping.c | 2 +-
source3/utils/{mdfind.c => mdsearch.c} | 2 +-
source3/utils/wscript_build | 4 ++--
source4/selftest/tests.py | 2 +-
7 files changed, 16 insertions(+), 16 deletions(-)
rename docs-xml/manpages/{mdfind.1.xml => mdsearch.1.xml} (94%)
rename python/samba/tests/blackbox/{mdfind.py => mdsearch.py} (93%)
rename source3/utils/{mdfind.c => mdsearch.c} (98%)
diff --git a/docs-xml/manpages/mdfind.1.xml b/docs-xml/manpages/mdsearch.1.xml
similarity index 94%
rename from docs-xml/manpages/mdfind.1.xml
rename to docs-xml/manpages/mdsearch.1.xml
index 0deef066059..c75d1f045f0 100644
--- a/docs-xml/manpages/mdfind.1.xml
+++ b/docs-xml/manpages/mdsearch.1.xml
@@ -1,9 +1,9 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<refentry id="mdfind.1">
+<refentry id="mdsearch.1">
<refmeta>
- <refentrytitle>mdfind</refentrytitle>
+ <refentrytitle>mdsearch</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
@@ -11,7 +11,7 @@
</refmeta>
<refnamediv>
- <refname>mdfind</refname>
+ <refname>mdsearch</refname>
<refpurpose>Run Spotlight searches against an SMB server</refpurpose>
</refnamediv>
@@ -32,7 +32,7 @@
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>1</manvolnum></citerefentry> suite.</para>
- <para>mdfind is a simple utility to run Spotlight searches against an SMB server
+ <para>mdsearch is a simple utility to run Spotlight searches against an SMB server
that runs the Spotlight <emphasis>mdssvc</emphasis> RPC service.</para>
</refsect1>
@@ -143,6 +143,6 @@
Andrew Tridgell. Samba is now developed by the Samba Team as an Open
Source project similar to the way the Linux kernel is developed.</para>
- <para>The mdfind manpage was written by Ralph Boehme.</para>
+ <para>The mdsearch manpage was written by Ralph Boehme.</para>
</refsect1>
</refentry>
diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index dc5f31459e7..37094147e0b 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -19,7 +19,7 @@ manpages='''
manpages/libsmbclient.7
manpages/lmhosts.5
manpages/log2pcap.1
- manpages/mdfind.1
+ manpages/mdsearch.1
manpages/mvxattr.1
manpages/net.8
manpages/nmbd.8
diff --git a/python/samba/tests/blackbox/mdfind.py b/python/samba/tests/blackbox/mdsearch.py
similarity index 93%
rename from python/samba/tests/blackbox/mdfind.py
rename to python/samba/tests/blackbox/mdsearch.py
index 5c1c0c3d155..8da5a49e136 100644
--- a/python/samba/tests/blackbox/mdfind.py
+++ b/python/samba/tests/blackbox/mdsearch.py
@@ -1,5 +1,5 @@
#
-# Blackbox tests for mdfind
+# Blackbox tests for mdsearch
#
# Copyright (C) Ralph Boehme 2019
#
@@ -17,7 +17,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-"""Blackbox test for mdfind"""
+"""Blackbox test for mdsearch"""
import os
import time
@@ -95,8 +95,8 @@ class MdfindBlackboxTests(BlackboxTestCase):
self.server.server_activate()
self.server.serve_forever()
- def test_mdfind(self):
- """Simple blackbox test for mdfind"""
+ def test_mdsearch(self):
+ """Simple blackbox test for mdsearch"""
username = os.environ["USERNAME"]
password = os.environ["PASSWORD"]
@@ -123,7 +123,7 @@ class MdfindBlackboxTests(BlackboxTestCase):
self.server.json_in = json_in.replace("%BASEPATH%", self.sharepath)
self.server.json_out = json_out.replace("%BASEPATH%", self.sharepath)
- output = self.check_output("mdfind -s %s -U %s%%%s fileserver spotlight '*==\"samba*\"'" % (config, username, password))
+ output = self.check_output("mdsearch -s %s -U %s%%%s fileserver spotlight '*==\"samba*\"'" % (config, username, password))
actual = output.decode('utf-8').splitlines()
expected = ["%s/%s" % (self.sharepath, file) for file in testfiles]
diff --git a/source3/rpc_server/mdssvc/es_mapping.c b/source3/rpc_server/mdssvc/es_mapping.c
index 5c71e503bf5..e55a0768d47 100644
--- a/source3/rpc_server/mdssvc/es_mapping.c
+++ b/source3/rpc_server/mdssvc/es_mapping.c
@@ -41,7 +41,7 @@
* search term, the corresponding Spotlight query and the final string that gets
* sent to the target Elasticsearch server.
*
- * string | mdfind | http
+ * string | mdsearch | http
* -------+--------+------
* x!x x!x x\\!x
* x&x x&x x\\&x
diff --git a/source3/utils/mdfind.c b/source3/utils/mdsearch.c
similarity index 98%
rename from source3/utils/mdfind.c
rename to source3/utils/mdsearch.c
index 2f952c29b4f..df146063508 100644
--- a/source3/utils/mdfind.c
+++ b/source3/utils/mdsearch.c
@@ -90,7 +90,7 @@ int main(int argc, char **argv)
long_options,
POPT_CONTEXT_KEEP_FIRST);
- poptSetOtherOptionHelp(pc, "mdfind [OPTIONS] <server> <share> <query>\n");
+ poptSetOtherOptionHelp(pc, "mdsearch [OPTIONS] <server> <share> <query>\n");
while ((opt = poptGetNextOpt(pc)) != -1) {
DBG_ERR("Invalid option %s: %s\n",
diff --git a/source3/utils/wscript_build b/source3/utils/wscript_build
index 6157cac9050..3393111ccfc 100644
--- a/source3/utils/wscript_build
+++ b/source3/utils/wscript_build
@@ -312,8 +312,8 @@ bld.SAMBA3_BINARY('smbstatus',
CONN_TDB
''')
-bld.SAMBA3_BINARY('mdfind',
- source='mdfind.c',
+bld.SAMBA3_BINARY('mdsearch',
+ source='mdsearch.c',
deps='''
talloc
tevent
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 3a903a7eee0..d16fb02f43c 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -929,7 +929,7 @@ planoldpythontestsuite("ad_dc_ntvfs",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("none", "samba.tests.loadparm")
planoldpythontestsuite("fileserver",
- "samba.tests.blackbox.mdfind",
+ "samba.tests.blackbox.mdsearch",
extra_args=['-U"$USERNAME%$PASSWORD"'])
planoldpythontestsuite("fileserver",
"samba.tests.blackbox.smbcacls_basic")
--
2.26.2
......@@ -22,18 +22,16 @@ Signed-off-by: Rafael David Tinoco <rafaeldtinoco@ubuntu.com>
Author: Rafael David Tinoco <rafaeldtinoco@ubuntu.com>
Bug-Debian: https://bugs.debian.org/929931
Bug-Ubuntu: https://bugs.launchpad.net/bugs/722201
Last-Update: 2018-06-27
Last-Update: 2022-03-24
---
ctdb/config/ctdb.conf | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ctdb/config/ctdb.conf b/ctdb/config/ctdb.conf
index 5440600a4..cde24280e 100644
index 8e1b3760973..def0803578f 100644
--- a/ctdb/config/ctdb.conf
+++ b/ctdb/config/ctdb.conf
@@ -5,10 +5,10 @@
[logging]
@@ -7,6 +7,6 @@
# Enable logging to syslog
- # location = syslog
+ location = syslog
......@@ -42,8 +40,3 @@ index 5440600a4..cde24280e 100644
- # log level = NOTICE
+ log level = NOTICE
[cluster]
# Shared recovery lock file to avoid split brain. Daemon
--
2.20.1
......@@ -3,16 +3,16 @@ Subject: Patch in symbol table from rfc3454, for Heimdal scripts
Status: cherry-picked from heimdal package
---
source4/heimdal/lib/wind/rfc3454.txt-table | 7074 ++++++++++++++++++++++++++++
source4/heimdal_build/wscript_build | 6 +-
third_party/heimdal/lib/wind/rfc3454.txt-table | 7074 ++++++++++++++++++++++++++++
third_party/heimdal_build/wscript_build | 6 +-
2 files changed, 7077 insertions(+), 3 deletions(-)
create mode 100644 source4/heimdal/lib/wind/rfc3454.txt-table
diff --git a/source4/heimdal/lib/wind/rfc3454.txt-table b/source4/heimdal/lib/wind/rfc3454.txt-table
diff --git a/third_party/heimdal/lib/wind/rfc3454.txt-table b/third_party/heimdal/lib/wind/rfc3454.txt-table
new file mode 100644
index 0000000..5bef0b5
--- /dev/null
+++ b/source4/heimdal/lib/wind/rfc3454.txt-table
+++ b/third_party/heimdal/lib/wind/rfc3454.txt-table
@@ -0,0 +1,7074 @@
+ ----- Start Table A.1 -----
+
......@@ -7088,10 +7088,10 @@ index 0000000..5bef0b5
+
+ ----- End Table D.2 -----
+
diff --git a/source4/heimdal_build/wscript_build b/source4/heimdal_build/wscript_build
diff --git a/third_party/heimdal_build/wscript_build b/third_party/heimdal_build/wscript_build
index 2072be4..c93bdb8 100644
--- a/source4/heimdal_build/wscript_build
+++ b/source4/heimdal_build/wscript_build
--- a/third_party/heimdal_build/wscript_build
+++ b/third_party/heimdal_build/wscript_build
@@ -842,7 +842,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_WIND'):
HEIMDAL_GENERATOR(
name="HEIMDAL_ERRORLIST",
......
......@@ -4,10 +4,8 @@ README_nosmbldap-tools.patch
smbclient-pager.patch
usershare.patch
VERSION.patch
add-so-version-to-private-libraries
heimdal-rfc3454.txt
#add-so-version-to-private-libraries
smbd.service-Run-update-apparmor-samba-profile-befor.patch
fix-nfs-service-name-to-nfs-kernel-server.patch
Rename-mdfind-to-mdsearch.patch
ctdb-config-enable-syslog-by-default.patch
trusted_domain_fix_v4.13.patch
From 21ee75079ec354e2e5ba3252cdc63be4da059413 Mon Sep 17 00:00:00 2001
From: Andrew Walker <awalker@ixsystems.com>
Date: Tue, 9 Nov 2021 13:46:45 -0500
Subject: [PATCH] s3/winbindd/winbindd_util - fix "allow trusted domains"
At bypass for BUILTIN (S-1-5-32) domain if
"allow trusted domains" is disabled.
---
source3/winbindd/winbindd_util.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 1ae4a8d3ca3..20f13fcaa21 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -125,13 +125,19 @@ static NTSTATUS add_trusted_domain(const char *domain_name,
struct winbindd_domain *domain = NULL;
int role = lp_server_role();
struct dom_sid_buf buf;
+ bool is_builtin = false;
if (is_null_sid(sid)) {
DBG_ERR("Got null SID for domain [%s]\n", domain_name);
return NT_STATUS_INVALID_PARAMETER;
}
- if (!is_allowed_domain(domain_name)) {
+ if (strequal(domain_name, "BUILTIN") &&
+ sid_check_is_builtin(sid)) {
+ is_builtin = True;
+ }
+
+ if (!is_builtin && !is_allowed_domain(domain_name)) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
--
2.26.2
......@@ -53,7 +53,6 @@ conf_args = \
--with-automount \
--with-ldap \
--with-ads \
--with-dnsupdate \
--with-gpgme \
--libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \
--with-modulesdir=/usr/lib/$(DEB_HOST_MULTIARCH)/samba \
......