Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • lts-team/packages/samba
  • thctlo/samba-lintianfix
  • arnaudr/samba
  • jrwren/samba
  • paride/samba
  • athos/samba
  • henrich/samba
  • cnotin/samba
  • mimi89999/samba
  • samba-team/samba
  • ahasenack/samba
  • jrtc27/samba
  • noel/samba
13 results
Show changes
Commits on Source (101)
Showing
with 257 additions and 60 deletions
# see https://docs.gitlab.com/ce/ci/yaml/README.html for all available options
image: registry.gitlab.com/samba-team/samba:latest
before_script:
- echo "Build starting ..."
build_samba:
stage: build
tags:
- autobuild
- docker
- private
script:
# this one takes about 4 hours to finish
- python script/autobuild.py samba --verbose --tail --testbase /tmp/samba-testbase
......@@ -14,7 +17,8 @@ build_samba:
build_samba_others:
stage: build
tags:
- autobuild
- docker
- private
script:
- python script/autobuild.py samba-nopython --verbose --tail --testbase /tmp/samba-testbase
- python script/autobuild.py samba-systemkrb5 --verbose --tail --testbase /tmp/samba-testbase
......@@ -26,7 +30,8 @@ build_samba_others:
build_ctdb:
stage: build
tags:
- autobuild
- docker
- private
script:
- python script/autobuild.py samba-ctdb --verbose --tail --testbase /tmp/samba-testbase
- python script/autobuild.py ctdb --verbose --tail --testbase /tmp/samba-testbase
......@@ -34,7 +39,8 @@ build_ctdb:
build_others:
stage: build
tags:
- autobuild
- docker
- private
script:
- python script/autobuild.py ldb --verbose --tail --testbase /tmp/samba-testbase
- python script/autobuild.py pidl --verbose --tail --testbase /tmp/samba-testbase
......
......@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=8
SAMBA_VERSION_RELEASE=2
SAMBA_VERSION_RELEASE=4
########################################################
# If a official release has a serious bug #
......
=============================
Release Notes for Samba 4.8.4
August 14, 2018
=============================
This is a security release in order to address the following defects:
o CVE-2018-1139 (Weak authentication protocol allowed.)
o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.)
o CVE-2018-10858 (Insufficient input validation on client directory
listing in libsmbclient.)
o CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
server.)
=======
Details
=======
o CVE-2018-1139:
Vulnerability that allows authentication via NTLMv1 even if disabled.
o CVE-2018-1140:
Missing null pointer checks may crash the Samba AD DC, both over
DNS and LDAP.
o CVE-2018-10858:
A malicious server could return a directory entry that could corrupt
libsmbclient memory.
o CVE-2018-10918:
Missing null pointer checks may crash the Samba AD DC, over the
authenticated DRSUAPI RPC service.
o CVE-2018-10919:
Missing access control checks allow discovery of confidential attribute
values via authenticated LDAP search expressions.
Changes since 4.8.3:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 13453: CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
returns from malicious servers.
o Andrew Bartlett <abartlet@samba.org>
* BUG 13374: CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query
with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140
* BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
not servicePrincipalName is set on a user.
o Tim Beale <timbeale@catalyst.net.nz>
* BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via
searches.
o Günther Deschner <gd@samba.org>
* BUG 13360: CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
is disabled via "ntlm auth".
o Andrej Gessel <Andrej.Gessel@janztec.com>
* BUG 13374: CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
ltdb_index_dn_attr().
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
Release notes for older releases follow:
----------------------------------------
=============================
Release Notes for Samba 4.8.3
June 26, 2018
=============================
This is the latest stable release of the Samba 4.8 release series.
Changes since 4.8.2:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 13428: s3: smbd: Fix SMB2-FLUSH against directories.
* BUG 13457: s3: smbd: printing: Re-implement delete-on-close semantics for
print files missing since 3.5.x.
* BUG 13474: python: Fix talloc frame use in make_simple_acl().
o Jeffrey Altman <jaltman@secure-endpoints.com>
* BUG 11573: heimdal: lib/krb5: Do not fail set_config_files due to parse
error.
o Andrew Bartlett <abartlet@samba.org>
* ldb: version 1.3.4
* BUG 13448: ldb: One-level search was incorrectly falling back to full DB
scan.
* BUG 13452: ldb: Save a copy of the index result before calling the
callbacks.
* BUG 13454: No Backtrace given by Samba's AD DC by default.
* BUG 13471: ldb_tdb: Use mem_ctx and so avoid leak onto long-term memory
on duplicated add.
o Ralph Boehme <slow@samba.org>
* BUG 13432: s3:smbd: Fix interaction between chown and SD flags.
o Günther Deschner <gd@samba.org>
* BUG 13437: Fix building Samba with gcc 8.1.
o Andrej Gessel <Andrej.Gessel@janztec.com>
* BUG 13475: Fix several mem leaks in ldb_index ldb_search ldb_tdb.
o Volker Lendecke <vl@samba.org>
* BUG 13331: libgpo: Fix the build --without-ads.
o Stefan Metzmacher <metze@samba.org>
* BUG 13369: Looking up the user using the UPN results in user name with the
REALM instead of the DOMAIN.
* BUG 13427: Fix broken server side GENSEC_FEATURE_LDAP_STYLE handling
(NTLMSSP NTLM2 packet check failed due to invalid signature!).
o Christof Schmitt <cs@samba.org>
* BUG 13446: smbd: Flush dfree memcache on service reload.
* BUG 13478: krb5_wrap: Fix keep_old_entries logic for older Kerberos
libraries.
o Andreas Schneider <asn@samba.org>
* BUG 13369: Looking up the user using the UPN results in user name with the
REALM instead of the DOMAIN.
* BUG 13437: Fix building Samba with gcc 8.1.
* BUG 13440: s3:utils: Do not segfault on error in DoDNSUpdate().
* BUG 13480: krb5_plugin: Add winbind localauth plugin for MIT Kerberos.
o Lukas Slebodnik <lslebodn@fedoraproject.org>
* BUG 13459: ldb: Fix memory leak on module context.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
----------------------------------------------------------------------
=============================
Release Notes for Samba 4.8.2
May 16, 2018
......@@ -86,8 +265,8 @@ database (https://bugzilla.samba.org/).
======================================================================
Release notes for older releases follow:
----------------------------------------
----------------------------------------------------------------------
=============================
Release Notes for Samba 4.8.1
......@@ -450,6 +629,19 @@ This new module integrates with Sophos, F-Secure and ClamAV anti-virus
software to provide scanning and filtering of files on a Samba share.
Local authorization plugin for MIT Kerberos
-------------------------------------------
This plugin controls the relationship between Kerberos principals and AD
accounts through winbind. The module receives the Kerberos principal and the
local account name as inputs and can then check if they match. This can resolve
issues with canonicalized names returned by Kerberos within AD. If the user
tries to log in as 'alice', but the samAccountName is set to ALICE (uppercase),
Kerberos would return ALICE as the username. Kerberos would not be able to map
'alice' to 'ALICE' in this case and auth would fail. With this plugin account
names can be correctly mapped. This only applies to GSSAPI authentication,
not for the geting the initial ticket granting ticket.
REMOVED FEATURES
================
......
......@@ -350,7 +350,7 @@ static void add_version(struct json_context *context, int major, int minor)
static void add_timestamp(struct json_context *context)
{
char buffer[40]; /* formatted time less usec and timezone */
char timestamp[50]; /* the formatted ISO 8601 time stamp */
char timestamp[65]; /* the formatted ISO 8601 time stamp */
char tz[10]; /* formatted time zone */
struct tm* tm_info; /* current local time */
struct timeval tv; /* current system time */
......
......@@ -179,25 +179,6 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
}
if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
if (gensec_security->want_features & GENSEC_FEATURE_LDAP_STYLE) {
/*
* We need to handle NTLMSSP_NEGOTIATE_SIGN as
* NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE
* is requested.
*/
ntlmssp_state->force_wrap_seal = true;
}
}
if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
if (role == ROLE_STANDALONE) {
ntlmssp_state->server.is_standalone = true;
......
......@@ -865,13 +865,23 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
* is requested.
*/
ntlmssp_state->force_wrap_seal = true;
/*
* We want also work against old Samba servers
* which didn't had GENSEC_FEATURE_LDAP_STYLE
* we negotiate SEAL too. We may remove this
* in a few years. As all servers should have
* GENSEC_FEATURE_LDAP_STYLE by then.
*/
}
}
if (ntlmssp_state->force_wrap_seal) {
bool ret;
/*
* We want also work against old Samba servers
* which didn't had GENSEC_FEATURE_LDAP_STYLE
* we negotiate SEAL too. We may remove this
* in a few years. As all servers should have
* GENSEC_FEATURE_LDAP_STYLE by then.
*/
ret = gensec_setting_bool(gensec_security->settings,
"ntlmssp_client",
"ldap_style_send_seal",
true);
if (ret) {
ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
}
......
......@@ -1080,6 +1080,14 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
data_blob_free(&ntlmssp_state->challenge_blob);
if (gensec_ntlmssp_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
if (gensec_security->want_features & GENSEC_FEATURE_LDAP_STYLE) {
/*
* We need to handle NTLMSSP_NEGOTIATE_SIGN as
* NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE
* is requested.
*/
ntlmssp_state->force_wrap_seal = true;
}
nt_status = ntlmssp_sign_init(ntlmssp_state);
}
......
......@@ -2,12 +2,12 @@
.\" Title: ctdb-etcd
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 05/16/2018
.\" Date: 08/11/2018
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB\-ETCD" "7" "05/16/2018" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDB\-ETCD" "7" "08/11/2018" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ctdb-statistics
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 05/16/2018
.\" Date: 08/11/2018
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB\-STATISTICS" "7" "05/16/2018" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDB\-STATISTICS" "7" "08/11/2018" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ctdb-tunables
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 05/16/2018
.\" Date: 08/11/2018
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB\-TUNABLES" "7" "05/16/2018" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDB\-TUNABLES" "7" "08/11/2018" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ctdb
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 05/16/2018
.\" Date: 08/11/2018
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB" "1" "05/16/2018" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDB" "1" "08/11/2018" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ctdb
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 05/16/2018
.\" Date: 08/11/2018
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB" "7" "05/16/2018" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDB" "7" "08/11/2018" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ctdb_diagnostics
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 05/16/2018
.\" Date: 08/11/2018
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDB_DIAGNOSTICS" "1" "05/16/2018" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDB_DIAGNOSTICS" "1" "08/11/2018" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: Ceph RADOS Mutex
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 05/16/2018
.\" Date: 08/11/2018
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CEPH RADOS MUTEX" "7" "05/16/2018" "ctdb" "CTDB \- clustered TDB database"
.TH "CEPH RADOS MUTEX" "7" "08/11/2018" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ctdbd
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 05/16/2018
.\" Date: 08/11/2018
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDBD" "1" "05/16/2018" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDBD" "1" "08/11/2018" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ctdbd.conf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 05/16/2018
.\" Date: 08/11/2018
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDBD\&.CONF" "5" "05/16/2018" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDBD\&.CONF" "5" "08/11/2018" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ctdbd_wrapper
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 05/16/2018
.\" Date: 08/11/2018
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "CTDBD_WRAPPER" "1" "05/16/2018" "ctdb" "CTDB \- clustered TDB database"
.TH "CTDBD_WRAPPER" "1" "08/11/2018" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ltdbtool
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 05/16/2018
.\" Date: 08/11/2018
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "LTDBTOOL" "1" "05/16/2018" "ctdb" "CTDB \- clustered TDB database"
.TH "LTDBTOOL" "1" "08/11/2018" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: onnode
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 05/16/2018
.\" Date: 08/11/2018
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "ONNODE" "1" "05/16/2018" "ctdb" "CTDB \- clustered TDB database"
.TH "ONNODE" "1" "08/11/2018" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......
......@@ -2,12 +2,12 @@
.\" Title: ping_pong
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 05/16/2018
.\" Date: 08/11/2018
.\" Manual: CTDB - clustered TDB database
.\" Source: ctdb
.\" Language: English
.\"
.TH "PING_PONG" "1" "05/16/2018" "ctdb" "CTDB \- clustered TDB database"
.TH "PING_PONG" "1" "08/11/2018" "ctdb" "CTDB \- clustered TDB database"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......