autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-12-08-1416/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-12-08-1416/samba3.stderr http://git.samba.org/autobuild.flakey/2013-12-08-1416/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-12-08-1416/samba.stderr http://git.samba.org/autobuild.flakey/2013-12-08-1416/samba.stdout The top commit at the time of the failure was: commit 5390ff5a26f7868336d8136b0361943080dd7f5b Author: Christian Ambach a...@samba.org Date: Fri Nov 22 05:19:16 2013 +0100 lib/ntdb optimize includes in ntdb tools use the private header (which will use libreplace or system headers) instead of direct includes of system includes Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Rusty Russell ru...@samba.org Autobuild-User(master): Christian Ambach a...@samba.org Autobuild-Date(master): Sat Dec 7 18:38:21 CET 2013 on sn-devel-104
[SCM] CTDB repository - branch 1.2.40 updated - ctdb-1.2.70-2-gf0416af
The branch, 1.2.40 has been updated via f0416afa6dc776489e2c7b3f0ede3480a3035bdb (commit) via bcb73f0b9c48fab6ac89e4ec0a297fd156beb6f6 (commit) from 5620a403f3ed8dd1ec8dcb449de4cf8a840893a8 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.2.40 - Log - commit f0416afa6dc776489e2c7b3f0ede3480a3035bdb Author: Martin Schwenke mar...@meltin.net Date: Mon Dec 9 12:02:47 2013 +1100 New version 1.2.71 Signed-off-by: Martin Schwenke mar...@meltin.net commit bcb73f0b9c48fab6ac89e4ec0a297fd156beb6f6 Author: Martin Schwenke mar...@meltin.net Date: Mon Dec 9 11:47:01 2013 +1100 eventscripts: Do not restart NFS on reconfigure, just do statd notify See also commit 2629de72e1f37b5e46772c2ef8d8d0012fc4ed37 in the master branch. In this branch the NFS restart was accidentally re-added in 30e05c8b14413f3e1150b01e856d4b51c675ea5c and formalised in 3fd4da153703bc83cf102ad367dd20d873e938a0 when the mistake wasn't realised. Signed-off-by: Martin Schwenke mar...@meltin.net --- Summary of changes: config/events.d/60.nfs | 17 ++--- packaging/RPM/ctdb.spec.in |4 +++- 2 files changed, 13 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/config/events.d/60.nfs b/config/events.d/60.nfs index f567c82..13a2b04 100755 --- a/config/events.d/60.nfs +++ b/config/events.d/60.nfs @@ -14,7 +14,16 @@ start_nfs() { service_name=nfs service_start=start_nfs service_stop=startstop_nfs stop -service_reconfigure=startstop_nfs restart +service_reconfigure=reconfigure_nfs + +reconfigure_nfs () +{ +# If IPs have been reallocated, we must restart the lock manager +# across all nodes and notify statd clients. +if [ -x $CTDB_BASE/statd-callout ] ; then + $CTDB_BASE/statd-callout notify +fi /dev/null 21 +} nfs_check_thread_count () { @@ -200,12 +209,6 @@ case $1 in ctdb_service_reconfigure exit 0 fi - - # if the ips have been reallocated, we must restart the lockmanager - # across all nodes and ping all statd listeners - [ -x $CTDB_BASE/statd-callout ] { - $CTDB_BASE/statd-callout notify - } /dev/null 21 ;; *) ctdb_standard_event_handler $@ diff --git a/packaging/RPM/ctdb.spec.in b/packaging/RPM/ctdb.spec.in index 2792b59..715a824 100644 --- a/packaging/RPM/ctdb.spec.in +++ b/packaging/RPM/ctdb.spec.in @@ -3,7 +3,7 @@ Name: ctdb Summary: Clustered TDB Vendor: Samba Team Packager: Samba Team sa...@samba.org -Version: 1.2.70 +Version: 1.2.71 Release: 1GITHASH Epoch: 0 License: GNU GPL version 3 @@ -155,6 +155,8 @@ development libraries for ctdb %changelog +* Mon Dec 09 2013 : Version 1.2.71 + - Don't restart NFS on failover, just do statd notification * Mon Nov 25 2013 : Version 1.2.70 - Just warn when recovery fails to update flags on inactive node * Mon Nov 04 2013 : Version 1.2.69 -- CTDB repository
[SCM] CTDB repository - annotated tag ctdb-1.2.71 created - ctdb-1.2.71
The annotated tag, ctdb-1.2.71 has been created at bca4492a2bcad7eea2fd6185a4289460386fbbfc (tag) tagging f0416afa6dc776489e2c7b3f0ede3480a3035bdb (commit) replaces ctdb-1.2.70 tagged by Amitay Isaacs on Mon Dec 9 13:46:20 2013 +1100 - Log - new version 1.2.71 Martin Schwenke (2): eventscripts: Do not restart NFS on reconfigure, just do statd notify New version 1.2.71 --- -- CTDB repository
Re: [SCM] CTDB repository - branch 1.2.40 updated - ctdb-1.2.70-2-gf0416af
Are you really bouncing the lock manager still? You need to make sure that they enter a grace period across the cluster so you can have lock revocery working semi-reliably. On Sun, Dec 8, 2013 at 6:46 PM, Amitay Isaacs ami...@samba.org wrote: The branch, 1.2.40 has been updated via f0416afa6dc776489e2c7b3f0ede3480a3035bdb (commit) via bcb73f0b9c48fab6ac89e4ec0a297fd156beb6f6 (commit) from 5620a403f3ed8dd1ec8dcb449de4cf8a840893a8 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.2.40 - Log - commit f0416afa6dc776489e2c7b3f0ede3480a3035bdb Author: Martin Schwenke mar...@meltin.net Date: Mon Dec 9 12:02:47 2013 +1100 New version 1.2.71 Signed-off-by: Martin Schwenke mar...@meltin.net commit bcb73f0b9c48fab6ac89e4ec0a297fd156beb6f6 Author: Martin Schwenke mar...@meltin.net Date: Mon Dec 9 11:47:01 2013 +1100 eventscripts: Do not restart NFS on reconfigure, just do statd notify See also commit 2629de72e1f37b5e46772c2ef8d8d0012fc4ed37 in the master branch. In this branch the NFS restart was accidentally re-added in 30e05c8b14413f3e1150b01e856d4b51c675ea5c and formalised in 3fd4da153703bc83cf102ad367dd20d873e938a0 when the mistake wasn't realised. Signed-off-by: Martin Schwenke mar...@meltin.net --- Summary of changes: config/events.d/60.nfs | 17 ++--- packaging/RPM/ctdb.spec.in |4 +++- 2 files changed, 13 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/config/events.d/60.nfs b/config/events.d/60.nfs index f567c82..13a2b04 100755 --- a/config/events.d/60.nfs +++ b/config/events.d/60.nfs @@ -14,7 +14,16 @@ start_nfs() { service_name=nfs service_start=start_nfs service_stop=startstop_nfs stop -service_reconfigure=startstop_nfs restart +service_reconfigure=reconfigure_nfs + +reconfigure_nfs () +{ +# If IPs have been reallocated, we must restart the lock manager +# across all nodes and notify statd clients. +if [ -x $CTDB_BASE/statd-callout ] ; then + $CTDB_BASE/statd-callout notify +fi /dev/null 21 +} nfs_check_thread_count () { @@ -200,12 +209,6 @@ case $1 in ctdb_service_reconfigure exit 0 fi - - # if the ips have been reallocated, we must restart the lockmanager - # across all nodes and ping all statd listeners - [ -x $CTDB_BASE/statd-callout ] { - $CTDB_BASE/statd-callout notify - } /dev/null 21 ;; *) ctdb_standard_event_handler $@ diff --git a/packaging/RPM/ctdb.spec.in b/packaging/RPM/ctdb.spec.in index 2792b59..715a824 100644 --- a/packaging/RPM/ctdb.spec.in +++ b/packaging/RPM/ctdb.spec.in @@ -3,7 +3,7 @@ Name: ctdb Summary: Clustered TDB Vendor: Samba Team Packager: Samba Team sa...@samba.org -Version: 1.2.70 +Version: 1.2.71 Release: 1GITHASH Epoch: 0 License: GNU GPL version 3 @@ -155,6 +155,8 @@ development libraries for ctdb %changelog +* Mon Dec 09 2013 : Version 1.2.71 + - Don't restart NFS on failover, just do statd notification * Mon Nov 25 2013 : Version 1.2.70 - Just warn when recovery fails to update flags on inactive node * Mon Nov 04 2013 : Version 1.2.69 -- CTDB repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c65ad56 ctdb:packaging:RPM: don't run autogen. via 7dbb068 ctdb:packaging:RPM: package the new manpages via 0e83402 ctdb:build: install the new manpages from 5390ff5 lib/ntdb optimize includes in ntdb tools http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c65ad56d40c2ac286dc9d726119d04384981d0b3 Author: Michael Adam ob...@samba.org Date: Fri Dec 6 01:37:34 2013 +0100 ctdb:packaging:RPM: don't run autogen. autogen is already run in maketarball.sh which generates the tarball for the RPM. This way, we don't have a rpm build dependency on autoconf. Recent changes introduced a dependency into autoconf version = 2.60, so this fix allows the generated source RPM to be built also on older platforms. Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Martin Schwenke mar...@meltin.net Reviewed-by: Amitay Isaacs ami...@gmail.com Autobuild-User(master): Martin Schwenke mart...@samba.org Autobuild-Date(master): Mon Dec 9 05:47:00 CET 2013 on sn-devel-104 commit 7dbb068aa7e77f34377e762bbd65cb7ca72b85b4 Author: Michael Adam ob...@samba.org Date: Fri Dec 6 01:33:57 2013 +0100 ctdb:packaging:RPM: package the new manpages Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Martin Schwenke mar...@meltin.net Reviewed-by: Amitay Isaacs ami...@gmail.com commit 0e8340229b0efa6291218a24865e52acb24bb12c Author: Michael Adam ob...@samba.org Date: Fri Dec 6 01:31:11 2013 +0100 ctdb:build: install the new manpages Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Martin Schwenke mar...@meltin.net Reviewed-by: Amitay Isaacs ami...@gmail.com --- Summary of changes: ctdb/Makefile.in|6 ++ ctdb/packaging/RPM/ctdb.spec.in |7 --- 2 files changed, 10 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/ctdb/Makefile.in b/ctdb/Makefile.in index eb280f2..92bd56f 100755 --- a/ctdb/Makefile.in +++ b/ctdb/Makefile.in @@ -370,9 +370,15 @@ install: all manpages $(PMDA_INSTALL) if [ -f doc/ctdb.1 ];then ${INSTALLCMD} -d $(DESTDIR)$(mandir)/man1; fi if [ -f doc/ctdb.1 ];then ${INSTALLCMD} -m 644 doc/ctdb.1 $(DESTDIR)$(mandir)/man1; fi if [ -f doc/ctdbd.1 ];then ${INSTALLCMD} -m 644 doc/ctdbd.1 $(DESTDIR)$(mandir)/man1; fi + if [ -f doc/ctdbd_wrapper.1 ];then ${INSTALLCMD} -m 644 doc/ctdbd_wrapper.1 $(DESTDIR)$(mandir)/man1; fi if [ -f doc/onnode.1 ];then ${INSTALLCMD} -m 644 doc/onnode.1 $(DESTDIR)$(mandir)/man1; fi if [ -f doc/ltdbtool.1 ]; then ${INSTALLCMD} -m 644 doc/ltdbtool.1 $(DESTDIR)$(mandir)/man1; fi if [ -f doc/ping_pong.1 ];then ${INSTALLCMD} -m 644 doc/ping_pong.1 $(DESTDIR)$(mandir)/man1; fi + if [ -f doc/ctdb.7 ]; then ${INSTALLCMD} -d $(DESTDIR)$(mandir)/man7; fi + if [ -f doc/ctdb.7 ]; then ${INSTALLCMD} -m 644 doc/ctdb.7 $(DESTDIR)$(mandir)/man7; fi + if [ -f doc/ctdb-tunables.7 ]; then ${INSTALLCMD} -m 644 doc/ctdb-tunables.7 $(DESTDIR)$(mandir)/man7; fi + if [ -f doc/ctdbd.conf.5 ]; then ${INSTALLCMD} -d $(DESTDIR)$(mandir)/man5; fi + if [ -f doc/ctdbd.conf.5 ]; then ${INSTALLCMD} -m 644 doc/ctdbd.conf.5 $(DESTDIR)$(mandir)/man5; fi ${INSTALLCMD} -m 755 config/notify.sh $(DESTDIR)$(etcdir)/ctdb ${INSTALLCMD} -m 755 config/debug-hung-script.sh $(DESTDIR)$(etcdir)/ctdb ${INSTALLCMD} -m 755 config/ctdb-crash-cleanup.sh $(DESTDIR)$(etcdir)/ctdb diff --git a/ctdb/packaging/RPM/ctdb.spec.in b/ctdb/packaging/RPM/ctdb.spec.in index b7d1bef..e3a3486 100644 --- a/ctdb/packaging/RPM/ctdb.spec.in +++ b/ctdb/packaging/RPM/ctdb.spec.in @@ -83,9 +83,6 @@ fi export CC -## always run autogen.sh -./autogen.sh - CFLAGS=$RPM_OPT_FLAGS $EXTRA -D_GNU_SOURCE ./configure \ %if %with_included_talloc --with-included-talloc \ @@ -202,9 +199,13 @@ rm -rf $RPM_BUILD_ROOT %{_bindir}/onnode %{_mandir}/man1/ctdb.1.gz %{_mandir}/man1/ctdbd.1.gz +%{_mandir}/man1/ctdbd_wrapper.1.gz %{_mandir}/man1/onnode.1.gz %{_mandir}/man1/ltdbtool.1.gz %{_mandir}/man1/ping_pong.1.gz +%{_mandir}/man5/ctdbd.conf.5.gz +%{_mandir}/man7/ctdb.7.gz +%{_mandir}/man7/ctdb-tunables.7.gz %{_libdir}/pkgconfig/ctdb.pc -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-1-stable updated
The branch, v4-1-stable has been updated via 6898c4d VERSION: Disable git snapshots for the 4.1.3 release. via 98833dc WHATSNEW: Add release notes for Samba 4.1.3. via b89e14d CVE-2012-6150: Fail authentication for single group name which cannot be converted to sid via d96f88c CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked. via c406802 CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked. via ca5d6f5 CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked. via 066c6e3 CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply. via da5dfc7 CVE-2013-4408:s3:ctdb_conn: add some length verification to ctdb_packet_more() via bdb643e CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done() via c4e31ea CVE-2013-4408:s3:util_tsock: add some overflow detection to tstream_read_packet_done() via 0ba0b27 CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler() via f71b390 CVE-2013-4408:s4:dcerpc_sock: check for invalid frag_len within sock_complete_packet() via db102cd CVE-2013-4408:s4:dcerpc_smb2: check for invalid frag_len in send_read_request_continue() via e5954aa CVE-2013-4408:s4:dcerpc_smb: check for invalid frag_len in send_read_request_continue() via 730027c CVE-2013-4408:s4:dcerpc: check for invalid frag_len in ncacn_pull() via f557bfe CVE-2013-4408:s3:rpc_client: verify frag_len at least contains the header size via 895ce91 CVE-2013-4408:s3:rpc_client: check for invalid frag_len in dcerpc_pull_ncacn_packet() via c4a1b2e CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_next_vector() via 78b4989 CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_done() via dbe7531 VERSION: Bump version number up to 4.1.3... from e1e735a VERSION: Disable git snapshots for the 4.1.2 release. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable - Log - commit 6898c4dbf993889a804e77dd6cb32e0be50f653f Author: Karolin Seeger ksee...@samba.org Date: Tue Dec 3 12:19:11 2013 +0100 VERSION: Disable git snapshots for the 4.1.3 release. Bug 10185 - CVE-2013-4408: DCERPC frag_len not checked BUG: https://bugzilla.samba.org/show_bug.cgi?id=10185 Bug 10306 - CVE-2012-6150: Fail authentication if user isn't member of *any* require_membership_of specified groups BUG: https://bugzilla.samba.org/show_bug.cgi?id=10306 (BUG: https://bugzilla.samba.org/show_bug.cgi?id=10300) Signed-off-by: Karolin Seeger ksee...@samba.org commit 98833dc13ee71c1b6367c63e06a5b73a4bc457d7 Author: Karolin Seeger ksee...@samba.org Date: Fri Dec 6 19:45:57 2013 +0100 WHATSNEW: Add release notes for Samba 4.1.3. Bug 10185 - CVE-2013-4408: DCERPC frag_len not checked BUG: https://bugzilla.samba.org/show_bug.cgi?id=10185 Bug 10306 - CVE-2012-6150: Fail authentication if user isn't member of *any* require_membership_of specified groups BUG: https://bugzilla.samba.org/show_bug.cgi?id=10306 (BUG: https://bugzilla.samba.org/show_bug.cgi?id=10300) Signed-off-by: Karolin Seeger ksee...@samba.org commit b89e14d3c7a2dc3a47d2ffdc8b3412dde6186f1e Author: Noel Power noel.po...@suse.com Date: Wed Oct 16 16:30:55 2013 +0100 CVE-2012-6150: Fail authentication for single group name which cannot be converted to sid furthermore if more than one name is supplied and no sid is converted then also fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10300 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10306 Signed-off-by: Noel Power noel.po...@suse.com Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: David Disseldorp dd...@samba.org [dd...@samba.org: fixed incorrect bugzilla tag I added to master commit] commit d96f88c91586c2aed60c9037eb86ffa6bb8259fb Author: Jeremy Allison j...@samba.org Date: Thu Nov 7 22:41:22 2013 -0800 CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Jeremy Allison j...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit c406802cf767929c7016041da51fb512094a7f30 Author: Jeremy Allison j...@samba.org Date: Thu Nov 7 21:40:55 2013 -0800 CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Jeremy Allison j...@samba.org commit ca5d6f5eed28350a7d0a5179e2d4ca31d0069959 Author: Jeremy Allison j...@samba.org Date: Thu Nov 7 20:38:01 2013 -0800 CVE-2013-4408:s3:Ensure LookupSids
[SCM] Samba Shared Repository - annotated tag samba-4.1.3 created
The annotated tag, samba-4.1.3 has been created at ad0b16dd3228411178dc8af809014c73f0247ae1 (tag) tagging 6898c4dbf993889a804e77dd6cb32e0be50f653f (commit) replaces samba-4.1.2 tagged by Karolin Seeger on Fri Dec 6 19:49:49 2013 +0100 - Log - samba: tag release samba-4.1.3 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQBSohxNbzORW2Vot+oRAj05AJ9ROkG1gZS3p8oT9LyXvQsR97ol+gCfQalN 8Xl6TJyCXNsThUJIYDaX4J0= =3m3a -END PGP SIGNATURE- Jeremy Allison (4): CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply. CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked. CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked. CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked. Karolin Seeger (3): VERSION: Bump version number up to 4.1.3... WHATSNEW: Add release notes for Samba 4.1.3. VERSION: Disable git snapshots for the 4.1.3 release. Noel Power (1): CVE-2012-6150: Fail authentication for single group name which cannot be converted to sid Stefan Metzmacher (12): CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_done() CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_next_vector() CVE-2013-4408:s3:rpc_client: check for invalid frag_len in dcerpc_pull_ncacn_packet() CVE-2013-4408:s3:rpc_client: verify frag_len at least contains the header size CVE-2013-4408:s4:dcerpc: check for invalid frag_len in ncacn_pull() CVE-2013-4408:s4:dcerpc_smb: check for invalid frag_len in send_read_request_continue() CVE-2013-4408:s4:dcerpc_smb2: check for invalid frag_len in send_read_request_continue() CVE-2013-4408:s4:dcerpc_sock: check for invalid frag_len within sock_complete_packet() CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler() CVE-2013-4408:s3:util_tsock: add some overflow detection to tstream_read_packet_done() CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done() CVE-2013-4408:s3:ctdb_conn: add some length verification to ctdb_packet_more() --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-stable updated
The branch, v4-0-stable has been updated via b0574ae VERSION: Disable git snapshots for the 4.0.13 release. via 73546c1 WHATSNEW: Add release notes for Samba 4.0.13. via c114323 CVE-2012-6150: fail authentication for single group name which cannot be converted to sid via 09060b5 CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked. via d6a4813 CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked. via acab72e CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked. via dd126bf CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply. via f1e2d2d CVE-2013-4408:s3:ctdb_conn: add some length verification to ctdb_packet_more() via b705738 CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done() via 29bd4d1 CVE-2013-4408:s3:util_tsock: add some overflow detection to tstream_read_packet_done() via 06b043c CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler() via 05cd093 CVE-2013-4408:s4:dcerpc_sock: check for invalid frag_len within sock_complete_packet() via 53afd58 CVE-2013-4408:s4:dcerpc_smb2: check for invalid frag_len in send_read_request_continue() via 0703abf CVE-2013-4408:s4:dcerpc_smb: check for invalid frag_len in send_read_request_continue() via 654b02e CVE-2013-4408:s4:dcerpc: check for invalid frag_len in ncacn_pull() via 2da4314 CVE-2013-4408:s3:rpc_client: verify frag_len at least contains the header size via 7eb27f2 CVE-2013-4408:s3:rpc_client: check for invalid frag_len in dcerpc_pull_ncacn_packet() via 9d994c2 CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_next_vector() via e209606 CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_done() via 0ba9d8f VERSION: Bump version number up to 4.0.13... from 430c74f VERSION: Disable git snapshots for the 4.0.12 release. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-stable - Log - commit b0574ae788d3379915996fb5bd0db2721f0634cd Author: Karolin Seeger ksee...@samba.org Date: Tue Dec 3 11:56:10 2013 +0100 VERSION: Disable git snapshots for the 4.0.13 release. Bug 10185 - CVE-2013-4408: DCERPC frag_len not checked BUG: https://bugzilla.samba.org/show_bug.cgi?id=10185 Bug 10306 - CVE-2012-6150: Fail authentication if user isn't member of *any* require_membership_of specified groups BUG: https://bugzilla.samba.org/show_bug.cgi?id=10306 (BUG: https://bugzilla.samba.org/show_bug.cgi?id=10300) Signed-off-by: Karolin Seeger ksee...@samba.org commit 73546c11154000ddf43d8139d39879cc1b9ba155 Author: Karolin Seeger ksee...@samba.org Date: Fri Dec 6 20:04:54 2013 +0100 WHATSNEW: Add release notes for Samba 4.0.13. Bug 10185 - CVE-2013-4408: DCERPC frag_len not checked BUG: https://bugzilla.samba.org/show_bug.cgi?id=10185 Bug 10306 - CVE-2012-6150: Fail authentication if user isn't member of *any* require_membership_of specified groups BUG: https://bugzilla.samba.org/show_bug.cgi?id=10306 (BUG: https://bugzilla.samba.org/show_bug.cgi?id=10300) Signed-off-by: Karolin Seeger ksee...@samba.org commit c114323019419ca9a4eb9a71b1b6e16e1eff4b59 Author: Noel Power noel.po...@suse.com Date: Wed Oct 16 16:30:55 2013 +0100 CVE-2012-6150: fail authentication for single group name which cannot be converted to sid furthermore if more than one name is supplied and no sid is converted then also fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10300 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10306 Signed-off-by: Noel Power noel.po...@suse.com Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: David Disseldorp dd...@samba.org [dd...@samba.org: fixed incorrect bugzilla tag I added to master commit] commit 09060b5770915c8a54e0673f485c308bbb7aefaa Author: Jeremy Allison j...@samba.org Date: Thu Nov 7 22:41:22 2013 -0800 CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Jeremy Allison j...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit d6a4813e19d4970aaa87bd68983b5deba096b3ad Author: Jeremy Allison j...@samba.org Date: Thu Nov 7 21:40:55 2013 -0800 CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Jeremy Allison j...@samba.org commit acab72eaf3fd762f7085a5cec4225cfca8616a63 Author: Jeremy Allison j...@samba.org Date: Thu Nov 7 20:38:01 2013 -0800 CVE-2013-4408:s3:Ensure
[SCM] Samba Shared Repository - annotated tag samba-4.0.13 created
The annotated tag, samba-4.0.13 has been created at 32e064da9e3332c17156988fe2cd1e245af59781 (tag) tagging b0574ae788d3379915996fb5bd0db2721f0634cd (commit) replaces samba-4.0.12 tagged by Karolin Seeger on Fri Dec 6 20:08:22 2013 +0100 - Log - samba: tag release samba-4.0.13 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQBSoiCmbzORW2Vot+oRAjz6AKCLY8AKZE4Ae8zh8b4//6ipP2kHqgCgopjb wsW5SoHGwLqTI1eg+qyQJBs= =TB9B -END PGP SIGNATURE- Jeremy Allison (4): CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply. CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked. CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked. CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked. Karolin Seeger (3): VERSION: Bump version number up to 4.0.13... WHATSNEW: Add release notes for Samba 4.0.13. VERSION: Disable git snapshots for the 4.0.13 release. Noel Power (1): CVE-2012-6150: fail authentication for single group name which cannot be converted to sid Stefan Metzmacher (12): CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_done() CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_next_vector() CVE-2013-4408:s3:rpc_client: check for invalid frag_len in dcerpc_pull_ncacn_packet() CVE-2013-4408:s3:rpc_client: verify frag_len at least contains the header size CVE-2013-4408:s4:dcerpc: check for invalid frag_len in ncacn_pull() CVE-2013-4408:s4:dcerpc_smb: check for invalid frag_len in send_read_request_continue() CVE-2013-4408:s4:dcerpc_smb2: check for invalid frag_len in send_read_request_continue() CVE-2013-4408:s4:dcerpc_sock: check for invalid frag_len within sock_complete_packet() CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler() CVE-2013-4408:s3:util_tsock: add some overflow detection to tstream_read_packet_done() CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done() CVE-2013-4408:s3:ctdb_conn: add some length verification to ctdb_packet_more() --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-stable updated
The branch, v3-6-stable has been updated via e795800 WHATSNEW: Add release notes for Samba 3.0.22. via 3b61be8 CVE-2012-6150: Fail authentication for single group name which cannot be converted to sid via 50e3da9 CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked. via b915d0b CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked. via 4c2aa03 CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked. via 6434d49 CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply. via f6d2b22 CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done() via 9242121 CVE-2013-4408:s3:util_tsock: add some overflow detection to tstream_read_packet_done() via 27a7516 CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler() via ba9728b CVE-2013-4408:s4:dcerpc_sock: check for invalid frag_len within sock_complete_packet() via fc294c4 CVE-2013-4408:s4:dcerpc_smb2: check for invalid frag_len in send_read_request_continue() via c9d780c CVE-2013-4408:s4:dcerpc_smb: check for invalid frag_len in send_read_request_continue() via 17667fc CVE-2013-4408:s4:dcerpc: check for invalid frag_len in ncacn_pull() via 2883374 CVE-2013-4408:s3:rpc_client: verify frag_len at least contains the header size via 4487b19 CVE-2013-4408:s3:rpc_client: check for invalid frag_len in dcerpc_pull_ncacn_packet() via b13b142 CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_next_vector() via d485eff CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_done() from 8317477 VERSION: Bump version up to 3.6.22. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable - Log - commit e795800392ce1b5b5717ea0ad5334ebd6c9df7ed Author: Karolin Seeger ksee...@samba.org Date: Fri Dec 6 20:19:23 2013 +0100 WHATSNEW: Add release notes for Samba 3.0.22. Bug 10185 - CVE-2013-4408: DCERPC frag_len not checked BUG: https://bugzilla.samba.org/show_bug.cgi?id=10185 Bug 10306 - CVE-2012-6150: Fail authentication if user isn't member of *any* require_membership_of specified groups BUG: https://bugzilla.samba.org/show_bug.cgi?id=10306 (BUG: https://bugzilla.samba.org/show_bug.cgi?id=10300) Signed-off-by: Karolin Seeger ksee...@samba.org commit 3b61be8a4b06f929c1bd52c1b8016f9a4fff9be1 Author: Noel Power noel.po...@suse.com Date: Wed Oct 16 16:30:55 2013 +0100 CVE-2012-6150: Fail authentication for single group name which cannot be converted to sid furthermore if more than one name is supplied and no sid is converted then also fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10300 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10306 Signed-off-by: Noel Power noel.po...@suse.com Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: David Disseldorp dd...@samba.org [dd...@samba.org: fixed incorrect bugzilla tag I added to master commit] commit 50e3da9992e4a43b888caa3aeadfbf5293e8281a Author: Jeremy Allison j...@samba.org Date: Tue Nov 19 14:10:15 2013 -0800 CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Jeremy Allison j...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit b915d0bd6d88f8fe725716b7654acfcb8303a2d4 Author: Jeremy Allison j...@samba.org Date: Tue Nov 19 14:04:19 2013 -0800 CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Jeremy Allison j...@samba.org commit 4c2aa03e447b0ac7a74aecdee37205740e43bea5 Author: Jeremy Allison j...@samba.org Date: Tue Nov 19 13:53:32 2013 -0800 CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Jeremy Allison j...@samba.org commit 6434d492578b37c7c97bd3f55d4fc14958bbd080 Author: Jeremy Allison j...@samba.org Date: Tue Oct 22 15:34:12 2013 -0700 CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit f6d2b22ec51e025a309548224e8354bce52ea648 Author: Stefan Metzmacher me...@samba.org Date: Wed Oct 16 14:17:49 2013 +0200 CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done() Bug:
[SCM] Samba Shared Repository - annotated tag samba-3.6.22 created
The annotated tag, samba-3.6.22 has been created at 27e09c41c426351bf4736ecc6150c387ae168573 (tag) tagging e795800392ce1b5b5717ea0ad5334ebd6c9df7ed (commit) replaces samba-3.6.21 tagged by Karolin Seeger on Sat Dec 7 20:25:55 2013 +0100 - Log - tag samba-3.6.22 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQBSo3ZJbzORW2Vot+oRAgP1AJ4w8Ou2CfTr9aqaU24mWRD23MjrIACgnM5h lWLrlxIWC5t4SHxzoZjos5s= =xV34 -END PGP SIGNATURE- Jeremy Allison (4): CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply. CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked. CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked. CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked. Karolin Seeger (2): VERSION: Bump version up to 3.6.22. WHATSNEW: Add release notes for Samba 3.0.22. Noel Power (1): CVE-2012-6150: Fail authentication for single group name which cannot be converted to sid Stefan Metzmacher (11): CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_done() CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_next_vector() CVE-2013-4408:s3:rpc_client: check for invalid frag_len in dcerpc_pull_ncacn_packet() CVE-2013-4408:s3:rpc_client: verify frag_len at least contains the header size CVE-2013-4408:s4:dcerpc: check for invalid frag_len in ncacn_pull() CVE-2013-4408:s4:dcerpc_smb: check for invalid frag_len in send_read_request_continue() CVE-2013-4408:s4:dcerpc_smb2: check for invalid frag_len in send_read_request_continue() CVE-2013-4408:s4:dcerpc_sock: check for invalid frag_len within sock_complete_packet() CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler() CVE-2013-4408:s3:util_tsock: add some overflow detection to tstream_read_packet_done() CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done() --- -- Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-12-09-0616/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-12-09-0616/samba3.stderr http://git.samba.org/autobuild.flakey/2013-12-09-0616/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-12-09-0616/samba.stderr http://git.samba.org/autobuild.flakey/2013-12-09-0616/samba.stdout The top commit at the time of the failure was: commit c65ad56d40c2ac286dc9d726119d04384981d0b3 Author: Michael Adam ob...@samba.org Date: Fri Dec 6 01:37:34 2013 +0100 ctdb:packaging:RPM: don't run autogen. autogen is already run in maketarball.sh which generates the tarball for the RPM. This way, we don't have a rpm build dependency on autoconf. Recent changes introduced a dependency into autoconf version = 2.60, so this fix allows the generated source RPM to be built also on older platforms. Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Martin Schwenke mar...@meltin.net Reviewed-by: Amitay Isaacs ami...@gmail.com Autobuild-User(master): Martin Schwenke mart...@samba.org Autobuild-Date(master): Mon Dec 9 05:47:00 CET 2013 on sn-devel-104
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via eeddc3f Announce Samba 4.1.3, 4.0.13 and 3.6.22. from 851bb7f Announce Samba 3.6.21. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit eeddc3fb3f16fa57795798e37f5d40b0e3449a8f Author: Karolin Seeger ksee...@samba.org Date: Mon Dec 9 05:57:59 2013 +0100 Announce Samba 4.1.3, 4.0.13 and 3.6.22. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: generated_news/latest_10_bodies.html| 36 +++--- generated_news/latest_10_headlines.html |6 +++- generated_news/latest_2_bodies.html | 36 +++--- history/header_history.html |3 ++ history/security.html | 23 +++ 5 files changed, 76 insertions(+), 28 deletions(-) Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index 2d8248a..87d128a 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,26 @@ + h5a name=4.1.309 December 2013/a/h5 + p class=headlineSamba 4.1.3, 4.0.13 and 3.6.22 bSecurity + Releases/b Available for Download/p + pThese are security releases in order to address + a href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408;CVE-2013-4408/a + (bDCE-RPC fragment length field is incorrectly checked/b) and + a href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150;CVE-2012-6150/a + (bpam_winbind login without require_membership_of restrictions/b). + /p + + pThe uncompressed tarballs and patch files have been signed + using GnuPG (ID 6568B7EA)./p + p + The source code can be downloaded here: + lia href=http://samba.org/samba/ftp/stable/samba-4.1.3.tar.gz;download + Samba 4.1.3/a,/li + lia href=http://samba.org/samba/ftp/stable/samba-4.0.13.tar.gz;download + Samba 4.0.13/a,/li + lia href=http://samba.org/samba/ftp/stable/samba-3.6.22.tar.gz;download + Samba 3.6.22/a./li + /p + + h5a name=3.6.2129 November 2013/a/h5 p class=headlineSamba 3.6.21 Available for Download/p pThis is the latest stable release of the Samba 3.6 series./p @@ -119,16 +142,3 @@ using GnuPG (ID 6568B7EA). The source code can be a href=https://download.samba.org/pub/samba/rc/samba-4.1.0rc3.tar.gz;downloaded now/a. See a href=https://download.samba.org/pub/samba/rc/WHATSNEW-4.1.0rc3.txt;the release notes for more info/a./p - - - h5a name=4.0.920 August 2013/a/h5 - p class=headlineSamba 4.0.9 Available for Download/p - pThis is the latest stable release of the Samba 4.0 series./p - -pThe uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -a href=http://samba.org/samba/ftp/stable/samba-4.0.9.tar.gz;downloaded -now/a. A a href=http://samba.org/samba/ftp/patches/patch-4.0.8-4.0.9.diffs.gz; -patch against Samba 4.0.8/a is also available. See -a href=http://samba.org/samba/history/samba-4.0.9.html; the release notes - for more info/a./p diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html index 73e5a64..673ff16 100644 --- a/generated_news/latest_10_headlines.html +++ b/generated_news/latest_10_headlines.html @@ -1,4 +1,8 @@ ul + li 09 December 2013 a href=#4.1.3Samba 4.1.3, 4.0.13 + and 3.6.22 Security Releases Available for Download (CVE-2013-4408 and + CVE-2012-6150)/a/li + li 29 November 2013 a href=#3.6.21Samba 3.6.21 Available for Download/a/li li 22 November 2013 a href=#4.1.2Samba 4.1.2 Available for Download/a/li @@ -20,6 +24,4 @@ li 11 September 2013 a href=#4.1.0rc3Samba 4.1.0rc3 Available for Download/a/li - - li 20 August 2013 a href=#4.0.9Samba 4.0.9 Available for Download/a/li /ul diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index 0b905cf..05ef819 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -1,3 +1,26 @@ + h5a name=4.1.309 December 2013/a/h5 + p class=headlineSamba 4.1.3, 4.0.13 and 3.6.22 bSecurity + Releases/b Available for Download/p + pThese are security releases in order to address + a href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408;CVE-2013-4408/a + (bDCE-RPC fragment length field is incorrectly checked/b) and + a href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150;CVE-2012-6150/a + (bpam_winbind login without require_membership_of restrictions/b). + /p + + pThe uncompressed tarballs and patch files have been signed + using GnuPG (ID 6568B7EA)./p +
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 1e82af3 Update latest stable release... from eeddc3f Announce Samba 4.1.3, 4.0.13 and 3.6.22. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 1e82af366b35dbbde2745c285e295da7acd93efd Author: Karolin Seeger ksee...@samba.org Date: Mon Dec 9 06:19:52 2013 +0100 Update latest stable release... and add release notes for 4.1.3, 4.0.13 and 3.6.22. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: history/samba-3.6.22.html | 86 history/samba-4.0.13.html | 86 history/samba-4.1.3.html | 86 latest_stable_release.html |6 ++-- 4 files changed, 261 insertions(+), 3 deletions(-) create mode 100755 history/samba-3.6.22.html create mode 100755 history/samba-4.0.13.html create mode 100755 history/samba-4.1.3.html Changeset truncated at 500 lines: diff --git a/history/samba-3.6.22.html b/history/samba-3.6.22.html new file mode 100755 index 000..6de5c00 --- /dev/null +++ b/history/samba-3.6.22.html @@ -0,0 +1,86 @@ +!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; +html xmlns=http://www.w3.org/1999/xhtml; + +head +titleSamba - Release Notes Archive/title +/head + +body + + H2Samba 3.6.22 Available for Download/H2 + +p +pre + == + Release Notes for Samba 3.6.22 + December 9, 2013 + == + + +This is a security release in order to address +CVE-2013-4408 (DCE-RPC fragment length field is incorrectly checked) and +CVE-2012-6150 (pam_winbind login without require_membership_of restrictions). + +o CVE-2013-4408: + Samba versions 3.4.0 and above (versions 3.4.0 - 3.4.17, 3.5.0 - + 3.5.22, 3.6.0 - 3.6.21, 4.0.0 - 4.0.12 and including 4.1.2) are + vulnerable to buffer overrun exploits in the client processing of + DCE-RPC packets. This is due to incorrect checking of the DCE-RPC + fragment length in the client code. + + This is a critical vulnerability as the DCE-RPC client code is part of + the winbindd authentication and identity mapping daemon, which is + commonly configured as part of many server installations (when joined + to an Active Directory Domain). A malicious Active Directory Domain + Controller or man-in-the-middle attacker impersonating an Active + Directory Domain Controller could achieve root-level access by + compromising the winbindd process. + + Samba server versions 3.4.0 - 3.4.17 and versions 3.5.0 - 3.5.22 are + also vulnerable to a denial of service attack (server crash) due to a + similar error in the server code of those versions. + + Samba server versions 3.6.0 and above (including all 3.6.x versions, + all 4.0.x versions and 4.1.x) are not vulnerable to this problem. + + In addition range checks were missing on arguments returned from calls + to the DCE-RPC functions LookupSids (lsa and samr), LookupNames (lsa and samr) + and LookupRids (samr) which could also cause similar problems. + + As this was found during an internal audit of the Samba code there are + no currently known exploits for this problem (as of December 9th 2013). + +o CVE-2012-6150: + Winbind allows for the further restriction of authenticated PAM logins using + the require_membership_of parameter. System administrators may specify a list + of SIDs or groups for which an authenticated user must be a member of. If an + authenticated user does not belong to any of the entries, then login should + fail. Invalid group name entries are ignored. + + Samba versions 3.3.10, 3.4.3, 3.5.0 and later incorrectly allow login from + authenticated users if the require_membership_of parameter specifies only + invalid group names. + + This is a vulnerability with low impact. All require_membership_of group + names must be invalid for this bug to be encountered. + + +Changes since 3.6.21: +- + +o Jeremy Allison lt;j...@samba.orggt; +* BUG 10185: CVE-2013-4408: Correctly check DCE-RPC fragment length field. + + +o Stefan Metzmacher lt;me...@samba.orggt; +* BUG 10185: CVE-2013-4408: Correctly check DCE-RPC fragment length field. + + +o Noel Power lt;noel.po...@suse.comgt; +* BUGs 10300, 10306: CVE-2012-6150: Fail authentication if user isn't + member of *any* require_membership_of specified groups. +/pre + +/body +/html diff --git a/history/samba-4.0.13.html b/history/samba-4.0.13.html new file mode 100755 index 000..6ca5b08 --- /dev/null +++ b/history/samba-4.0.13.html @@ -0,0 +1,86 @@ +!DOCTYPE html PUBLIC
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via f32a5a1 Add security advisories for CVE-2013-4408 and CVE-2012-6150. from 1e82af3 Update latest stable release... http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit f32a5a1e0e90362078b28fa321785b95c24f53a7 Author: Karolin Seeger ksee...@samba.org Date: Mon Dec 9 06:43:33 2013 +0100 Add security advisories for CVE-2013-4408 and CVE-2012-6150. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: security/CVE-2012-6150.html | 76 +++ security/CVE-2013-4408.html | 93 +++ 2 files changed, 169 insertions(+), 0 deletions(-) create mode 100644 security/CVE-2012-6150.html create mode 100644 security/CVE-2013-4408.html Changeset truncated at 500 lines: diff --git a/security/CVE-2012-6150.html b/security/CVE-2012-6150.html new file mode 100644 index 000..f11a3df --- /dev/null +++ b/security/CVE-2012-6150.html @@ -0,0 +1,76 @@ +!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; +html xmlns=http://www.w3.org/1999/xhtml; + +head +titleSamba - Security Announcement Archive/title +/head + +body + + H2CVE-2012-6150.html:/H2 + +p +pre +=== +== Subject: pam_winbind login without require_membership_of restrictions +== +== CVE ID#: CVE-2012-6150 +== +== Versions:Samba 3.3.10, 3.4.3, 3.5.0 and later +== +== Summary: Login of authenticated users is not restricted by the +== pam_winbind require_membership_of parameter if it only +== specifies invalid group names. +== +=== + +=== +Description +=== + +Winbind allows for the further restriction of authenticated PAM logins using +the require_membership_of parameter. System administrators may specify a list +of SIDs or groups for which an authenticated user must be a member of. If an +authenticated user does not belong to any of the entries, then login should +fail. Invalid group name entries are ignored. + +Samba versions 3.3.10, 3.4.3, 3.5.0 and later incorrectly allow login from +authenticated users if the require_membership_of parameter specifies only +invalid group names. + +This is a vulnerability with low impact. All require_membership_of group +names must be invalid for this bug to be encountered. + +== +Patch Availability +== + +Patches addressing this issue have been posted to: + +http://www.samba.org/samba/security/ + +Samba versions 3.6.22, 4.0.13, and 4.1.3 have been released to address this +issue. + +== +Workaround +== + +Ensure that the require_membership_of parameter only refers to SIDs or valid +Active Directory group names. + +=== +Credits +=== + +This problem was found by Noel Power from SUSE who also provided the patch +to fix the issue. + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== +/pre +/body +/html diff --git a/security/CVE-2013-4408.html b/security/CVE-2013-4408.html new file mode 100644 index 000..87318ca --- /dev/null +++ b/security/CVE-2013-4408.html @@ -0,0 +1,93 @@ +!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; +html xmlns=http://www.w3.org/1999/xhtml; + +head +titleSamba - Security Announcement Archive/title +/head + +body + + H2CVE-2013-4408.html:/H2 + +p +pre +=== +== Subject: DCE-RPC fragment length field is incorrectly checked. +== +== CVE ID#: CVE-2013-4408 +== +== Versions:All versions of Samba later than 3.4.0 +== +== Summary: Incorrect length checks on DCE-RPC fragment lengths +== cause Samba client utilities including winbindd to +== be vulnerable to buffer overrun exploits. +== +=== + +=== +Description +=== + +Samba versions 3.4.0 and above (versions 3.4.0 - 3.4.17, 3.5.0 - +3.5.22, 3.6.0 - 3.6.21, 4.0.0 - 4.0.12 and including 4.1.2) are +vulnerable to buffer overrun exploits in the client processing of +DCE-RPC packets. This is due to incorrect checking of the DCE-RPC +fragment length in the client code. + +This is a critical vulnerability as the DCE-RPC client code is part of +the winbindd authentication and identity mapping daemon, which is +commonly configured as part of many server installations (when joined +to an Active Directory Domain). A malicious Active Directory Domain +Controller or man-in-the-middle attacker
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via db8b33d VERSION: Bump version up to 4.0.14 via d580670 Merge tag 'samba-4.0.13' into v4-0-test via b0574ae VERSION: Disable git snapshots for the 4.0.13 release. via 73546c1 WHATSNEW: Add release notes for Samba 4.0.13. via c114323 CVE-2012-6150: fail authentication for single group name which cannot be converted to sid via 09060b5 CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked. via d6a4813 CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked. via acab72e CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked. via dd126bf CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply. via f1e2d2d CVE-2013-4408:s3:ctdb_conn: add some length verification to ctdb_packet_more() via b705738 CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done() via 29bd4d1 CVE-2013-4408:s3:util_tsock: add some overflow detection to tstream_read_packet_done() via 06b043c CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler() via 05cd093 CVE-2013-4408:s4:dcerpc_sock: check for invalid frag_len within sock_complete_packet() via 53afd58 CVE-2013-4408:s4:dcerpc_smb2: check for invalid frag_len in send_read_request_continue() via 0703abf CVE-2013-4408:s4:dcerpc_smb: check for invalid frag_len in send_read_request_continue() via 654b02e CVE-2013-4408:s4:dcerpc: check for invalid frag_len in ncacn_pull() via 2da4314 CVE-2013-4408:s3:rpc_client: verify frag_len at least contains the header size via 7eb27f2 CVE-2013-4408:s3:rpc_client: check for invalid frag_len in dcerpc_pull_ncacn_packet() via 9d994c2 CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_next_vector() via e209606 CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_done() via 0ba9d8f VERSION: Bump version number up to 4.0.13... from c880a38 smbd: Fix bug 10284 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit db8b33d99eeb2c75724f58e7e87c3f36d9405012 Author: Karolin Seeger ksee...@samba.org Date: Mon Dec 9 07:09:02 2013 +0100 VERSION: Bump version up to 4.0.14 Signed-off-by: Karolin Seeger ksee...@samba.org commit d580670ebacacac8fbcaf1f0dce93b56868643af Merge: c880a384a9063cb970483185dc114792a75eaeae b0574ae788d3379915996fb5bd0db2721f0634cd Author: Karolin Seeger ksee...@samba.org Date: Mon Dec 9 07:08:22 2013 +0100 Merge tag 'samba-4.0.13' into v4-0-test samba: tag release samba-4.0.13 --- Summary of changes: VERSION |2 +- WHATSNEW.txt| 97 ++- lib/async_req/async_sock.c |5 ++ libcli/util/tstream.c |5 ++ librpc/rpc/dcerpc_util.c| 14 nsswitch/libwbclient/wbc_sid.c |7 ++ nsswitch/pam_winbind.c |6 ++ nsswitch/wbinfo.c | 23 ++- source3/lib/ctdb_conn.c |5 ++ source3/lib/netapi/group.c | 98 +++ source3/lib/netapi/localgroup.c |8 ++- source3/lib/netapi/user.c | 72 source3/lib/util_tsock.c|5 ++ source3/libnet/libnet_join.c| 16 + source3/librpc/rpc/dcerpc_helpers.c |4 + source3/rpc_client/cli_lsarpc.c | 35 +- source3/rpc_client/cli_pipe.c | 41 +-- source3/rpc_server/netlogon/srv_netlog_nt.c |2 +- source3/rpcclient/cmd_lsarpc.c | 13 +++- source3/rpcclient/cmd_samr.c| 66 ++- source3/smbd/lanman.c |8 ++ source3/utils/net_rpc.c | 47 - source3/utils/net_rpc_join.c|9 +++ source3/winbindd/wb_lookupsids.c|3 + source3/winbindd/winbindd_msrpc.c | 10 ++- source3/winbindd/winbindd_rpc.c | 54 +++ source4/libcli/util/clilsa.c| 22 ++- source4/libnet/groupinfo.c |9 ++- source4/libnet/groupman.c | 10 ++-- source4/libnet/libnet_join.c| 12 +++- source4/libnet/libnet_lookup.c |5 ++ source4/libnet/libnet_passwd.c | 10 +++- source4/libnet/userinfo.c |8 ++- source4/libnet/userman.c| 24 +++ source4/librpc/rpc/dcerpc.c |4 +
[SCM] Samba Shared Repository - branch v4-1-test updated
The branch, v4-1-test has been updated via 180bca8 VERSION: Bump version up to 4.1.4. via ff99526 Merge tag 'samba-4.1.3' into v4-1-test via 6898c4d VERSION: Disable git snapshots for the 4.1.3 release. via 98833dc WHATSNEW: Add release notes for Samba 4.1.3. via b89e14d CVE-2012-6150: Fail authentication for single group name which cannot be converted to sid via d96f88c CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked. via c406802 CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked. via ca5d6f5 CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked. via 066c6e3 CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply. via da5dfc7 CVE-2013-4408:s3:ctdb_conn: add some length verification to ctdb_packet_more() via bdb643e CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done() via c4e31ea CVE-2013-4408:s3:util_tsock: add some overflow detection to tstream_read_packet_done() via 0ba0b27 CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler() via f71b390 CVE-2013-4408:s4:dcerpc_sock: check for invalid frag_len within sock_complete_packet() via db102cd CVE-2013-4408:s4:dcerpc_smb2: check for invalid frag_len in send_read_request_continue() via e5954aa CVE-2013-4408:s4:dcerpc_smb: check for invalid frag_len in send_read_request_continue() via 730027c CVE-2013-4408:s4:dcerpc: check for invalid frag_len in ncacn_pull() via f557bfe CVE-2013-4408:s3:rpc_client: verify frag_len at least contains the header size via 895ce91 CVE-2013-4408:s3:rpc_client: check for invalid frag_len in dcerpc_pull_ncacn_packet() via c4a1b2e CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_next_vector() via 78b4989 CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_done() via dbe7531 VERSION: Bump version number up to 4.1.3... from bfdf098 smbd: Fix bug 10284 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test - Log - commit 180bca8cd5612f2db1d4d01446af8b7d66c68e27 Author: Karolin Seeger ksee...@samba.org Date: Mon Dec 9 07:10:31 2013 +0100 VERSION: Bump version up to 4.1.4. Signed-off-by: Karolin Seeger ksee...@samba.org commit ff99526b5cd8b85de7d8e20fbe35c17935e2b0e7 Merge: bfdf0984af539d40bcbfec75b1ee65a2808857a4 6898c4dbf993889a804e77dd6cb32e0be50f653f Author: Karolin Seeger ksee...@samba.org Date: Mon Dec 9 07:10:12 2013 +0100 Merge tag 'samba-4.1.3' into v4-1-test samba: tag release samba-4.1.3 --- Summary of changes: VERSION |2 +- WHATSNEW.txt| 97 ++- lib/async_req/async_sock.c |5 ++ libcli/util/tstream.c |5 ++ librpc/rpc/dcerpc_util.c| 14 nsswitch/libwbclient/wbc_sid.c |7 ++ nsswitch/pam_winbind.c |6 ++ nsswitch/wbinfo.c | 23 ++- source3/lib/ctdb_conn.c |5 ++ source3/lib/netapi/group.c | 98 +++ source3/lib/netapi/localgroup.c |8 ++- source3/lib/netapi/user.c | 72 source3/lib/util_tsock.c|5 ++ source3/libnet/libnet_join.c| 16 + source3/librpc/rpc/dcerpc_helpers.c |4 + source3/rpc_client/cli_lsarpc.c | 35 +- source3/rpc_client/cli_pipe.c | 41 +-- source3/rpc_server/netlogon/srv_netlog_nt.c |2 +- source3/rpcclient/cmd_lsarpc.c | 13 +++- source3/rpcclient/cmd_samr.c| 66 ++- source3/smbd/lanman.c |8 ++ source3/utils/net_rpc.c | 47 - source3/utils/net_rpc_join.c|9 +++ source3/winbindd/wb_lookupsids.c|3 + source3/winbindd/winbindd_msrpc.c | 10 ++- source3/winbindd/winbindd_rpc.c | 54 +++ source4/libcli/util/clilsa.c| 22 ++- source4/libnet/groupinfo.c |9 ++- source4/libnet/groupman.c | 10 ++-- source4/libnet/libnet_join.c| 12 +++- source4/libnet/libnet_lookup.c |5 ++ source4/libnet/libnet_passwd.c | 10 +++- source4/libnet/userinfo.c |8 ++- source4/libnet/userman.c| 24 +++ source4/librpc/rpc/dcerpc.c |4 +