autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2014-03-11-0920/flakey.log The samba build logs are available here: http://git.samba.org/autobuild.flakey/2014-03-11-0920/samba.stderr http://git.samba.org/autobuild.flakey/2014-03-11-0920/samba.stdout The top commit at the time of the failure was: commit cff0f8e75f598aaa55d7afb3d73433f8d2750957 Author: Garming Sam garm...@catalyst.net.nz Date: Thu Dec 19 15:06:51 2013 +1300 samba-tool: make provision check for bind version (small corrections and TODO added following Jelmer's review by abartlet) Signed-off-by: Garming Sam garm...@catalyst.net.nz Change-Id: Iba9a709641dad9f2ae05df0b26ac4cd2ebfc84f0 Reviewed-by: Andrew Bartlett abart...@samba.org Reviewed-by: Jelmer Vernooij jel...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Sun Mar 9 02:52:50 CET 2014 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 80e5ae1 vfs_catia: add chmod() via e7856ed Add usable stream name defines via 8424d35 Fix a typo from cff0f8e samba-tool: make provision check for bind version http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 80e5ae1cefd86397200c4e322c93a89efcd6bad8 Author: Ralph Boehme r...@sernet.de Date: Mon Mar 10 17:14:38 2014 +0100 vfs_catia: add chmod() Clients using UNIX extensions need chmod() to go through catia. Signed-off-by: Ralph Boehme r...@sernet.de Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Tue Mar 11 13:39:17 CET 2014 on sn-devel-104 commit e7856ed58d993806dacc121d3af022d213f76af0 Author: Ralph Boehme r...@sernet.de Date: Mon Jan 13 14:03:45 2014 +0100 Add usable stream name defines Add stream name defines that are usable with Samba's way of storing stream names internally. Signed-off-by: Ralph Boehme r...@sernet.de Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org commit 8424d35919c52258774e76e34c087d9473cd8d88 Author: Ralph Boehme r...@sernet.de Date: Fri Feb 14 17:38:25 2014 +0100 Fix a typo Signed-off-by: Ralph Boehme r...@sernet.de Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org --- Summary of changes: source3/include/MacExtensions.h | 19 +-- source3/modules/vfs_catia.c | 20 2 files changed, 33 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/MacExtensions.h b/source3/include/MacExtensions.h index 6e911fe..a60f894 100644 --- a/source3/include/MacExtensions.h +++ b/source3/include/MacExtensions.h @@ -30,16 +30,23 @@ #define DefaultStreamTestLen 6 #define DefaultStreamTest :$DATA #define AFPDATA_STREAM ::$DATA -#define AFPINFO_STREAM :AFP_AfpInfo:$DATA -#define AFPRESOURCE_STREAM :AFP_Resource:$DATA -#define AFPCOMMENTS_STREAM :Comments:$DATA -#define AFPDESKTOP_STREAM :AFP_DeskTop:$DATA -#define AFPIDINDEX_STREAM :AFP_IdIndex:$DATA + +#define AFPINFO_STREAM_NAME:AFP_AfpInfo +#define AFPRESOURCE_STREAM_NAME:AFP_Resource +#define AFPCOMMENTS_STREAM_NAME:Comments +#define AFPDESKTOP_STREAM_NAME :AFP_DeskTop +#define AFPIDINDEX_STREAM_NAME :AFP_IdIndex + +#define AFPINFO_STREAM AFPINFO_STREAM_NAME :$DATA +#define AFPRESOURCE_STREAM AFPRESOURCE_STREAM_NAME :$DATA +#define AFPCOMMENTS_STREAM AFPCOMMENTS_STREAM_NAME :$DATA +#define AFPDESKTOP_STREAM AFPDESKTOP_STREAM_NAME :$DATA +#define AFPIDINDEX_STREAM AFPIDINDEX_STREAM_NAME :$DATA /* ** NT's AFP_AfpInfo stream structure */ -#define APF_INFO_SIZE 0x3c +#define AFP_INFO_SIZE 0x3c #define AFP_Signature 0x41465000 #define AFP_Version0x0100 #define AFP_BackupTime 0x0080 diff --git a/source3/modules/vfs_catia.c b/source3/modules/vfs_catia.c index 1a37dd2..6743dfe 100644 --- a/source3/modules/vfs_catia.c +++ b/source3/modules/vfs_catia.c @@ -549,6 +549,25 @@ static int catia_lchown(vfs_handle_struct *handle, return ret; } +static int catia_chmod(vfs_handle_struct *handle, const char *path, mode_t mode) +{ + char *name = NULL; + NTSTATUS status; + int ret; + + status = catia_string_replace_allocate(handle-conn, path, + name, vfs_translate_to_unix); + if (!NT_STATUS_IS_OK(status)) { + errno = map_errno_from_nt_status(status); + return -1; + } + + ret = SMB_VFS_NEXT_CHMOD(handle, name, mode); + TALLOC_FREE(name); + + return ret; +} + static int catia_rmdir(vfs_handle_struct *handle, const char *path) { @@ -917,6 +936,7 @@ static struct vfs_fn_pointers vfs_catia_fns = { .unlink_fn = catia_unlink, .chown_fn = catia_chown, .lchown_fn = catia_lchown, + .chmod_fn = catia_chmod, .chdir_fn = catia_chdir, .ntimes_fn = catia_ntimes, .realpath_fn = catia_realpath, -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 1145d5b Announce Samba 4.1.6, 4.0.16 and 3.6.23. from f75d82b Add cwrap.org. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 1145d5b473781e575cb443a6d3422a901304801f Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 11 18:46:38 2014 +0100 Announce Samba 4.1.6, 4.0.16 and 3.6.23. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: generated_news/latest_10_bodies.html| 48 +++--- generated_news/latest_10_headlines.html |8 +- generated_news/latest_2_bodies.html | 36 +++ history/header_history.html |3 + history/samba-3.6.23.html | 47 ++ history/samba-4.0.16.html | 59 + history/samba-4.1.6.html| 59 + history/security.html | 22 ++- latest_stable_release.html |6 +- security/CVE-2013-4496.html | 107 +++ security/CVE-2013-6442.html | 71 11 files changed, 421 insertions(+), 45 deletions(-) create mode 100755 history/samba-3.6.23.html create mode 100755 history/samba-4.0.16.html create mode 100755 history/samba-4.1.6.html create mode 100644 security/CVE-2013-4496.html create mode 100644 security/CVE-2013-6442.html Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index e3a280d..4aa0378 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,27 @@ + h5a name=4.1.611 March 2014/a/h5 + p class=headlineSamba 4.1.6, 4.0.16 and 3.6.23 bSecurity + Releases/b Available for Download/p + pThese are security releases in order to address + a href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4496;CVE-2013-4496/a + (bPassword lockout not enforced for SAMR password changes/b) and + a href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6442;CVE-2013-6442/a + (bsmbcacls will remove the ACL on a file or directory when changing owner or group + owner./b). + /p + + pThe uncompressed tarballs and patch files have been signed + using GnuPG (ID 6568B7EA)./p + p + The source code can be downloaded here: + lia href=http://samba.org/samba/ftp/stable/samba-4.1.6.tar.gz;download + Samba 4.1.6/a,/li + lia href=http://samba.org/samba/ftp/stable/samba-4.0.16.tar.gz;download + Samba 4.0.16/a,/li + lia href=http://samba.org/samba/ftp/stable/samba-3.6.23.tar.gz;download + Samba 3.6.23/a./li + /p + + h5a name=4.1.521 February 2014/a/h5 p class=headlineSamba 4.1.5 Available for Download/p pThis is the latest stable release of the Samba 4.1 series./p @@ -122,27 +146,3 @@ now/a. A a href=http://samba.org/samba/ftp/patches/patch-4.0.11-4.0.12.diffs patch against Samba 4.0.11/a is also available. See a href=http://samba.org/samba/history/samba-4.0.12.html; the release notes for more info/a./p - - - h5a name=4.1.111 November 2013/a/h5 - p class=headlineSamba 4.1.1, 4.0.11 and 3.6.20 bSecurity - Releases/b Available for Download/p - pThese are security releases in order to address - a href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475;CVE-2013-4475/a - (bACLs are not checked on opening an alternate data stream on a file - or directory)/b and - a href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4476;CVE-2013-4476/a - (bPrivate key in key.pem world readable/b). - /p - - pThe uncompressed tarballs and patch files have been signed - using GnuPG (ID 6568B7EA)./p - p - The source code can be downloaded here: - lia href=http://samba.org/samba/ftp/stable/samba-4.1.1.tar.gz;download - Samba 4.1.1/a,/li - lia href=http://samba.org/samba/ftp/stable/samba-4.0.11.tar.gz;download - Samba 4.0.11/a,/li - lia href=http://samba.org/samba/ftp/stable/samba-3.6.20.tar.gz;download - Samba 3.6.20/a./li - /p diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html index 846d13e..5cac83d 100644 --- a/generated_news/latest_10_headlines.html +++ b/generated_news/latest_10_headlines.html @@ -1,4 +1,8 @@ ul + li 11 March 2014 a href=#4.1.6Samba 4.1.6, 4.0.16 + and 3.6.23 Security Releases Available for Download (CVE-2013-4496 and + CVE-2013-6442)/a/li + li 21 February 2014 a href=#4.1.5Samba 4.1.5 Available for Download/a/li li 18 February 2014 a href=#4.0.15Samba 4.0.15 Available for Download/a/li @@ -18,8 +22,4 @@
[SCM] Samba Shared Repository - annotated tag samba-3.6.23 created
The annotated tag, samba-3.6.23 has been created at 59ae0ebad7348cb77e092bec52c7fc9af122a301 (tag) tagging d053eed91cb8a6d33bc6b79caec3c839209cf407 (commit) replaces samba-3.6.22 tagged by Karolin Seeger on Tue Mar 11 11:20:58 2014 +0100 - Log - tag samba-3.6.23 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQBTHuORbzORW2Vot+oRAhOlAJ4lgv8Nc/Wrr9RpC87LbNsqqBjwEgCfVUJF jBYsTKWkQY92nDwsc8th0bM= =ZGIV -END PGP SIGNATURE- Andrew Bartlett (2): CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes CVE-2013-4496:samr: Remove ChangePasswordUser Karolin Seeger (2): VERSION: Bump version up to 3.6.23. WHATSNEW: Add release notes for Samba 3.6.23. Stefan Metzmacher (1): CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-stable updated
The branch, v4-0-stable has been updated via bc0f537 VERSION: Disable git snapshots for the 4.0.16 release. via 2cd17b5 WHATSNEW: Add release notes for Samba 4.0.16. via 109d63a CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner. via f580c8c CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340 via 8fee6bd CVE-2013-4496:samr: Remove ChangePasswordUser via 139b90d CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case. via a597c31 CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes via adfa17e VERSION: Bump version number up to 4.0.16... from e005eb7 VERSION: Disable git snapshots for the 4.0.15 release. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-stable - Log - commit bc0f537280d7b34c717629312015170344289e5c Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 11 12:00:52 2014 +0100 VERSION: Disable git snapshots for the 4.0.16 release. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 CVE-2013-4496: Enforce password lockout for SAMR password changes. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327 CVE-2013-6442: ensure we don't lose an existing ACL when setting owner or group owner. Signed-off-by: Karolin Seeger ksee...@samba.org commit 2cd17b566c55eb88eb2081f78300a9493469bfcb Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 11 11:42:21 2014 +0100 WHATSNEW: Add release notes for Samba 4.0.16. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 CVE-2013-4496: Password lockout not enforced for SAMR password changes. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327 CVE-2013-6442: smbcacls --chown | --chgrp dacl regression Signed-off-by: Karolin Seeger ksee...@samba.org commit 109d63a4f2f81c06948b8c0db15ff3f35276d24e Author: Jeremy Allison j...@samba.org Date: Wed Dec 18 13:56:18 2013 -0800 CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327 Bug 10327 - CVE-2013-6442: smbcacls --chown | --chgrp dacl regression Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit f580c8c3a6eb5a296a91633dc6ce3e0e84f7a877 Author: Andrew Bartlett abart...@samba.org Date: Thu Nov 28 06:50:01 2013 +1300 CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340 Part of this was removed when ChangePasswordUser was unimplemented, but remove the remainder of this flawed commit. Fully check the password first, as extract_pw_from_buffer() already does a partial check of the password because it needs a correct old password to correctly decrypt the length. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 8fee6bd909714a487841001bcc82bf8f8665ca06 Author: Andrew Bartlett abart...@samba.org Date: Tue Nov 5 16:16:46 2013 +1300 CVE-2013-4496:samr: Remove ChangePasswordUser This old password change mechanism does not provide the plaintext to validate against password complexity, and it is not used by modern clients. The missing features in both implementations (by design) were: - the password complexity checks (no plaintext) - the minimum password length (no plaintext) Additionally, the source3 version did not check: - the minimum password age - pdb_get_pass_can_change() which checks the security descriptor for the 'user cannot change password' setting. - the password history - the output of the 'passwd program' if 'unix passwd sync = yes'. Finally, the mechanism was almost useless, as it was incorrectly only made available to administrative users with permission to reset the password. It is removed here so that it is not mistakenly reinstated in the future. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 139b90d29a1b05a3c376c9c9be11c967967e2be3 Author: Stefan Metzmacher me...@samba.org Date: Tue Nov 5 14:04:20 2013 +0100 CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Signed-off-by: Andrew Bartlett
[SCM] Samba Shared Repository - annotated tag samba-4.0.16 created
The annotated tag, samba-4.0.16 has been created at 0a8b2bd8bdb07257b2c78df2eb386e2e696b16eb (tag) tagging bc0f537280d7b34c717629312015170344289e5c (commit) replaces samba-4.0.15 tagged by Karolin Seeger on Tue Mar 11 12:05:15 2014 +0100 - Log - samba: tag release samba-4.0.16 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEABECAAYFAlMe7esACgkQbzORW2Vot+qi9ACeOD8pmHvFY7TgCOy3a/1G4H3Q 5rcAoLjjvCG/RNhimEEtJWpi9igUowXa =q7dU -END PGP SIGNATURE- Andrew Bartlett (3): CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes CVE-2013-4496:samr: Remove ChangePasswordUser CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340 Jeremy Allison (1): CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner. Karolin Seeger (3): VERSION: Bump version number up to 4.0.16... WHATSNEW: Add release notes for Samba 4.0.16. VERSION: Disable git snapshots for the 4.0.16 release. Stefan Metzmacher (1): CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-1-stable updated
The branch, v4-1-stable has been updated via 48966b6 VERSION: Disable git snapshots for the 4.1.6 release. via 6125d12 WHATSNEW: Add release notes for Samba 4.1.6. via 7ff3ed7 CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner. via 435541a CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340 via 70efaac CVE-2013-4496:samr: Remove ChangePasswordUser via 05ba344 CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case. via f5743f0 CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes via 0a0f17d VERSION: Bump version number up to 4.1.6... from 144791e VERSION: Disable git snapshots for the 4.1.5 release. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable - Log - commit 48966b660733c9c9726cc3a87fa670b4c8427f5a Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 11 12:42:27 2014 +0100 VERSION: Disable git snapshots for the 4.1.6 release. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 CVE-2013-4496: Enforce password lockout for SAMR password changes. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327 CVE-2013-6442: ensure we don't lose an existing ACL when setting owner or group owner. Signed-off-by: Karolin Seeger ksee...@samba.org commit 6125d12c4f2fc9853c1bba9cb1725cf277856fdb Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 11 12:40:13 2014 +0100 WHATSNEW: Add release notes for Samba 4.1.6. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 CVE-2013-4496: Password lockout not enforced for SAMR password changes. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327 CVE-2013-6442: smbcacls --chown | --chgrp dacl regression Signed-off-by: Karolin Seeger ksee...@samba.org commit 7ff3ed7f03debca689f79abc6edf591b4459822b Author: Jeremy Allison j...@samba.org Date: Wed Dec 18 13:56:18 2013 -0800 CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327 Bug 10327 - CVE-2013-6442: smbcacls --chown | --chgrp dacl regression Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 435541a9bc25879ec5cdd987a72a3a278bae2877 Author: Andrew Bartlett abart...@samba.org Date: Thu Nov 28 06:50:01 2013 +1300 CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340 Part of this was removed when ChangePasswordUser was unimplemented, but remove the remainder of this flawed commit. Fully check the password first, as extract_pw_from_buffer() already does a partial check of the password because it needs a correct old password to correctly decrypt the length. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 70efaacd009f44b9b31403afb3c7c858ecdcaf96 Author: Andrew Bartlett abart...@samba.org Date: Tue Nov 5 16:16:46 2013 +1300 CVE-2013-4496:samr: Remove ChangePasswordUser This old password change mechanism does not provide the plaintext to validate against password complexity, and it is not used by modern clients. The missing features in both implementations (by design) were: - the password complexity checks (no plaintext) - the minimum password length (no plaintext) Additionally, the source3 version did not check: - the minimum password age - pdb_get_pass_can_change() which checks the security descriptor for the 'user cannot change password' setting. - the password history - the output of the 'passwd program' if 'unix passwd sync = yes'. Finally, the mechanism was almost useless, as it was incorrectly only made available to administrative users with permission to reset the password. It is removed here so that it is not mistakenly reinstated in the future. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 05ba34438145e73d301bc814864aadc237528203 Author: Stefan Metzmacher me...@samba.org Date: Tue Nov 5 14:04:20 2013 +0100 CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org
[SCM] Samba Shared Repository - annotated tag samba-4.1.6 created
The annotated tag, samba-4.1.6 has been created at bda19120ad98320985ed9a8a1e968b8896a04e82 (tag) tagging 48966b660733c9c9726cc3a87fa670b4c8427f5a (commit) replaces samba-4.1.5 tagged by Karolin Seeger on Tue Mar 11 12:47:11 2014 +0100 - Log - samba: tag release samba-4.1.6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iEYEABECAAYFAlMe978ACgkQbzORW2Vot+rMswCghrEE5i+PScVCsrCdPMERqXuQ mTAAoL0CMVaFXadPN6bDD/9oXybaiaW7 =uvyo -END PGP SIGNATURE- Andrew Bartlett (3): CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes CVE-2013-4496:samr: Remove ChangePasswordUser CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340 Jeremy Allison (1): CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner. Karolin Seeger (3): VERSION: Bump version number up to 4.1.6... WHATSNEW: Add release notes for Samba 4.1.6. VERSION: Disable git snapshots for the 4.1.6 release. Stefan Metzmacher (1): CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-stable updated
The branch, v3-6-stable has been updated via d053eed WHATSNEW: Add release notes for Samba 3.6.23. via 906bf7f CVE-2013-4496:samr: Remove ChangePasswordUser via 88c9f68 CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case. via 87ad661 CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes from bd9d125 VERSION: Bump version up to 3.6.23. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable - Log - commit d053eed91cb8a6d33bc6b79caec3c839209cf407 Author: Karolin Seeger ksee...@samba.org Date: Mon Mar 10 17:35:05 2014 +0100 WHATSNEW: Add release notes for Samba 3.6.23. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 CVE-2013-4496: Password lockout not enforced for SAMR password changes Signed-off-by: Karolin Seeger ksee...@samba.org commit 906bf7fd50da8acd7720589fe0fe8b7ebde81a5a Author: Andrew Bartlett abart...@samba.org Date: Tue Nov 5 16:16:46 2013 +1300 CVE-2013-4496:samr: Remove ChangePasswordUser This old password change mechanism does not provide the plaintext to validate against password complexity, and it is not used by modern clients. The missing features in both implementations (by design) were: - the password complexity checks (no plaintext) - the minimum password length (no plaintext) Additionally, the source3 version did not check: - the minimum password age - pdb_get_pass_can_change() which checks the security descriptor for the 'user cannot change password' setting. - the password history - the output of the 'passwd program' if 'unix passwd sync = yes'. Finally, the mechanism was almost useless, as it was incorrectly only made available to administrative users with permission to reset the password. It is removed here so that it is not mistakenly reinstated in the future. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 88c9f6820bafc74a93487e5d7d4b24768bd157a6 Author: Stefan Metzmacher me...@samba.org Date: Tue Nov 5 14:04:20 2013 +0100 CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit 87ad66195e9035f1e5fbca7c4ccc4458f10aa875 Author: Andrew Bartlett abart...@samba.org Date: Fri Nov 1 14:55:44 2013 +1300 CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Andrew Bartlett abart...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Andreas Schneider a...@samba.org --- Summary of changes: WHATSNEW.txt | 58 ++- source3/auth/check_samsec.c |1 + source3/rpc_server/samr/srv_samr_chgpasswd.c | 55 ++ source3/rpc_server/samr/srv_samr_nt.c| 111 +--- source3/smbd/lanman.c| 254 -- source4/rpc_server/samr/samr_password.c | 126 + source4/torture/rpc/samr.c | 12 +- 7 files changed, 136 insertions(+), 481 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 652feab..717b7ce 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,58 @@ == + Release Notes for Samba 3.6.23 + March 11, 2014 + == + + +This is a security release in order to address +CVE-2013-4496 (Password lockout not enforced for SAMR password changes). + +o CVE-2013-4496: + Samba versions 3.4.0 and above allow the administrator to implement + locking out Samba accounts after a number of bad password attempts. + + However, all released versions of Samba did not implement this check for + password changes, such as are available over multiple SAMR and RAP + interfaces, allowing password guessing attacks. + + +Changes since 3.6.22: +- + +o Andrew Bartlett abart...@samba.org +* BUG 10245: CVE-2013-4496: Enforce password lockout for SAMR password + changes. + + +o Stefan
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 58cb450 VERSION: Bump version number up to 4.0.17. via 887e04b VERSION: Disable git snapshots for the 4.0.16 release. via a656392 WHATSNEW: Add release notes for Samba 4.0.16. via caad2f0 CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner. via e999b98 CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340 via 6b8bca5 CVE-2013-4496:samr: Remove ChangePasswordUser via d8b5c1b CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case. via ac0ef44 CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes from 24fec62 s3-spoolssd: Don't register spoolssd if epmd is not running. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 58cb450bae8cc1b3d73167422dfdeb4d964f3070 Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 11 19:31:59 2014 +0100 VERSION: Bump version number up to 4.0.17. Signed-off-by: Karolin Seeger ksee...@samba.org commit 887e04b646952c7b59db00bbf72782b8566173f2 Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 11 12:00:52 2014 +0100 VERSION: Disable git snapshots for the 4.0.16 release. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 CVE-2013-4496: Enforce password lockout for SAMR password changes. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327 CVE-2013-6442: ensure we don't lose an existing ACL when setting owner or group owner. Signed-off-by: Karolin Seeger ksee...@samba.org commit a656392aa2be9c11c0f61766341b56e4ded21af4 Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 11 11:42:21 2014 +0100 WHATSNEW: Add release notes for Samba 4.0.16. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 CVE-2013-4496: Password lockout not enforced for SAMR password changes. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327 CVE-2013-6442: smbcacls --chown | --chgrp dacl regression Signed-off-by: Karolin Seeger ksee...@samba.org commit caad2f06991c0c9c245f86935d45d405c177f445 Author: Jeremy Allison j...@samba.org Date: Wed Dec 18 13:56:18 2013 -0800 CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327 Bug 10327 - CVE-2013-6442: smbcacls --chown | --chgrp dacl regression Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit e999b98ccead0794007a14326c894d2a4a6d7bea Author: Andrew Bartlett abart...@samba.org Date: Thu Nov 28 06:50:01 2013 +1300 CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340 Part of this was removed when ChangePasswordUser was unimplemented, but remove the remainder of this flawed commit. Fully check the password first, as extract_pw_from_buffer() already does a partial check of the password because it needs a correct old password to correctly decrypt the length. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 6b8bca5d9345517979342ca12cb9f65857c21ca2 Author: Andrew Bartlett abart...@samba.org Date: Tue Nov 5 16:16:46 2013 +1300 CVE-2013-4496:samr: Remove ChangePasswordUser This old password change mechanism does not provide the plaintext to validate against password complexity, and it is not used by modern clients. The missing features in both implementations (by design) were: - the password complexity checks (no plaintext) - the minimum password length (no plaintext) Additionally, the source3 version did not check: - the minimum password age - pdb_get_pass_can_change() which checks the security descriptor for the 'user cannot change password' setting. - the password history - the output of the 'passwd program' if 'unix passwd sync = yes'. Finally, the mechanism was almost useless, as it was incorrectly only made available to administrative users with permission to reset the password. It is removed here so that it is not mistakenly reinstated in the future. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit d8b5c1bb6577102b8e0dcb43be673b09b5187455 Author: Stefan Metzmacher me...@samba.org Date: Tue Nov 5 14:04:20 2013 +0100 CVE-2013-4496:s3:auth: fix memory leak in the
[SCM] Samba Shared Repository - branch v4-1-test updated
The branch, v4-1-test has been updated via 1cd273e VERSION: Bump version number up to 4.1.7. via 5d724b9 VERSION: Disable git snapshots for the 4.1.6 release. via 31d0028 WHATSNEW: Add release notes for Samba 4.1.6. via 0508f04 CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner. via b6f2145 CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340 via 1313f96 CVE-2013-4496:samr: Remove ChangePasswordUser via cb9fdd3 CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case. via 0f243b2 CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes from 705595f s3-spoolssd: Don't register spoolssd if epmd is not running. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test - Log - commit 1cd273eeabe765e0be8c7dd056dd537c0ea30b08 Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 11 19:34:09 2014 +0100 VERSION: Bump version number up to 4.1.7. Signed-off-by: Karolin Seeger ksee...@samba.org commit 5d724b97f4e05a805c94b983986b61c93fee5c5f Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 11 12:42:27 2014 +0100 VERSION: Disable git snapshots for the 4.1.6 release. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 CVE-2013-4496: Enforce password lockout for SAMR password changes. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327 CVE-2013-6442: ensure we don't lose an existing ACL when setting owner or group owner. Signed-off-by: Karolin Seeger ksee...@samba.org commit 31d00286901e7813dea13ffedec3ac0ce42e32a4 Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 11 12:40:13 2014 +0100 WHATSNEW: Add release notes for Samba 4.1.6. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 CVE-2013-4496: Password lockout not enforced for SAMR password changes. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327 CVE-2013-6442: smbcacls --chown | --chgrp dacl regression Signed-off-by: Karolin Seeger ksee...@samba.org commit 0508f0456b656b943a75771a7a560450c732fcc8 Author: Jeremy Allison j...@samba.org Date: Wed Dec 18 13:56:18 2013 -0800 CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327 Bug 10327 - CVE-2013-6442: smbcacls --chown | --chgrp dacl regression Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit b6f21455e1662ee8768189692f88f959c804917d Author: Andrew Bartlett abart...@samba.org Date: Thu Nov 28 06:50:01 2013 +1300 CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340 Part of this was removed when ChangePasswordUser was unimplemented, but remove the remainder of this flawed commit. Fully check the password first, as extract_pw_from_buffer() already does a partial check of the password because it needs a correct old password to correctly decrypt the length. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 1313f96c66e7bd2c4695a94755a4ae77678084a8 Author: Andrew Bartlett abart...@samba.org Date: Tue Nov 5 16:16:46 2013 +1300 CVE-2013-4496:samr: Remove ChangePasswordUser This old password change mechanism does not provide the plaintext to validate against password complexity, and it is not used by modern clients. The missing features in both implementations (by design) were: - the password complexity checks (no plaintext) - the minimum password length (no plaintext) Additionally, the source3 version did not check: - the minimum password age - pdb_get_pass_can_change() which checks the security descriptor for the 'user cannot change password' setting. - the password history - the output of the 'passwd program' if 'unix passwd sync = yes'. Finally, the mechanism was almost useless, as it was incorrectly only made available to administrative users with permission to reset the password. It is removed here so that it is not mistakenly reinstated in the future. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit cb9fdd32f5818a992b899478a30d174d1559fb9f Author: Stefan Metzmacher me...@samba.org Date: Tue Nov 5 14:04:20 2013 +0100 CVE-2013-4496:s3:auth: fix memory leak in the
[SCM] Samba Shared Repository - branch v3-6-stable updated
The branch, v3-6-stable has been updated via 3b5dcee VERSION: Bump version number up to 3.6.24. from d053eed WHATSNEW: Add release notes for Samba 3.6.23. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable - Log - commit 3b5dcee460a14fd1af5dc931ad010e39b4e7326f Author: Karolin Seeger ksee...@samba.org Date: Tue Mar 11 19:35:13 2014 +0100 VERSION: Bump version number up to 3.6.24. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: source3/VERSION |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/VERSION b/source3/VERSION index 967eaeb..3a71177 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=6 -SAMBA_VERSION_RELEASE=23 +SAMBA_VERSION_RELEASE=24 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8c01dbc gencache: Add gencache values to memcache from 80e5ae1 vfs_catia: add chmod() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8c01dbc0586d89f974f08a30f7c7a8ed4f7f7813 Author: Volker Lendecke v...@samba.org Date: Mon Mar 10 15:41:32 2014 +0100 gencache: Add gencache values to memcache gencache_parse calling tdb shows up in profiles when we do a lot of open/close traffic with large ACLs. For every file we convert unix ids to sids, and in the domain member case this goes through gencache. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Mar 11 19:56:47 CET 2014 on sn-devel-104 --- Summary of changes: source3/include/memcache.h |1 + source3/lib/gencache.c | 37 + 2 files changed, 38 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/memcache.h b/source3/include/memcache.h index 9362483..d5a0376 100644 --- a/source3/include/memcache.h +++ b/source3/include/memcache.h @@ -35,6 +35,7 @@ struct memcache; enum memcache_number { STAT_CACHE, + GENCACHE_RAM, GETWD_CACHE, GETPWNAM_CACHE, /* talloc */ MANGLE_HASH2_CACHE, diff --git a/source3/lib/gencache.c b/source3/lib/gencache.c index 168b511..0fb1fd8 100644 --- a/source3/lib/gencache.c +++ b/source3/lib/gencache.c @@ -25,6 +25,7 @@ #include system/filesys.h #include system/glob.h #include util_tdb.h +#include memcache.h #undef DBGC_CLASS #define DBGC_CLASS DBGC_TDB @@ -37,6 +38,7 @@ static struct tdb_context *cache; static struct tdb_context *cache_notrans; +static int cache_notrans_seqnum; /** * @file gencache.c @@ -112,6 +114,7 @@ static bool gencache_init(void) cache_notrans = tdb_open_log(cache_fname, 0, TDB_CLEAR_IF_FIRST| TDB_INCOMPATIBLE_HASH| +TDB_SEQNUM| TDB_NOSYNC, open_flags, 0644); if (cache_notrans == NULL) { @@ -413,6 +416,7 @@ static bool gencache_pull_timeout(char *val, time_t *pres, char **pendptr) struct gencache_parse_state { void (*parser)(time_t timeout, DATA_BLOB blob, void *private_data); void *private_data; + bool is_memcache; }; static int gencache_parse_fn(TDB_DATA key, TDB_DATA data, void *private_data) @@ -434,6 +438,13 @@ static int gencache_parse_fn(TDB_DATA key, TDB_DATA data, void *private_data) blob = data_blob_const( endptr+1, data.dsize - PTR_DIFF(endptr+1, data.dptr)); state-parser(t, blob, state-private_data); + + if (!state-is_memcache) { + memcache_add(NULL, GENCACHE_RAM, +data_blob_const(key.dptr, key.dsize), +data_blob_const(data.dptr, data.dsize)); + } + return 0; } @@ -444,6 +455,7 @@ bool gencache_parse(const char *keystr, { struct gencache_parse_state state; TDB_DATA key = string_term_tdb_data(keystr); + DATA_BLOB memcache_val; int ret; if (keystr == NULL) { @@ -459,6 +471,31 @@ bool gencache_parse(const char *keystr, state.parser = parser; state.private_data = private_data; + if (memcache_lookup(NULL, GENCACHE_RAM, + data_blob_const(key.dptr, key.dsize), + memcache_val)) { + /* +* Make sure that nobody has changed the gencache behind our +* back. +*/ + int current_seqnum = tdb_get_seqnum(cache_notrans); + if (current_seqnum == cache_notrans_seqnum) { + /* +* Ok, our memcache is still current, use it without +* going to the tdb files. +*/ + state.is_memcache = true; + gencache_parse_fn(key, make_tdb_data(memcache_val.data, + memcache_val.length), + state); + return true; + } + memcache_flush(NULL, GENCACHE_RAM); + cache_notrans_seqnum = current_seqnum; + } + + state.is_memcache = false; + ret = tdb_parse_record(cache_notrans, key, gencache_parse_fn, state); if (ret == 0) { return true; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-1-test updated
The branch, v4-1-test has been updated via 71eade3 Merge tag 'samba-4.1.6' into v4-1-test via 48966b6 VERSION: Disable git snapshots for the 4.1.6 release. via 6125d12 WHATSNEW: Add release notes for Samba 4.1.6. via 7ff3ed7 CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner. via 435541a CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340 via 70efaac CVE-2013-4496:samr: Remove ChangePasswordUser via 05ba344 CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case. via f5743f0 CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes via 0a0f17d VERSION: Bump version number up to 4.1.6... from 1cd273e VERSION: Bump version number up to 4.1.7. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test - Log - commit 71eade3f8f2e6196fb839259e1467c9223086489 Merge: 1cd273eeabe765e0be8c7dd056dd537c0ea30b08 48966b660733c9c9726cc3a87fa670b4c8427f5a Author: Stefan Metzmacher me...@samba.org Date: Tue Mar 11 20:50:47 2014 +0100 Merge tag 'samba-4.1.6' into v4-1-test Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: Changeset truncated at 500 lines: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via e42fd53 Merge tag 'samba-4.0.16' into v4-0-test via bc0f537 VERSION: Disable git snapshots for the 4.0.16 release. via 2cd17b5 WHATSNEW: Add release notes for Samba 4.0.16. via 109d63a CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner. via f580c8c CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340 via 8fee6bd CVE-2013-4496:samr: Remove ChangePasswordUser via 139b90d CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case. via a597c31 CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes via adfa17e VERSION: Bump version number up to 4.0.16... from 58cb450 VERSION: Bump version number up to 4.0.17. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit e42fd53389807d8375a69a1b8c69d48007b48a19 Merge: 58cb450bae8cc1b3d73167422dfdeb4d964f3070 bc0f537280d7b34c717629312015170344289e5c Author: Stefan Metzmacher me...@samba.org Date: Tue Mar 11 20:55:57 2014 +0100 Merge tag 'samba-4.0.16' into v4-0-test Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: Changeset truncated at 500 lines: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 41d8d99 CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner. from 8c01dbc gencache: Add gencache values to memcache http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 41d8d99d8ac9e53405868bf5e34f48a01550c1f4 Author: Jeremy Allison j...@samba.org Date: Wed Dec 18 13:56:18 2013 -0800 CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327 Bug 10327 - CVE-2013-6442: smbcacls --chown | --chgrp dacl regression Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Karolin Seeger ksee...@samba.org Autobuild-Date(master): Tue Mar 11 22:55:54 CET 2014 on sn-devel-104 --- Summary of changes: source3/utils/smbcacls.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index 11b7388..e3b7099 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -990,7 +990,7 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode, return EXIT_FAILED; } - sd = make_sec_desc(talloc_tos(),old-revision, old-type, + sd = make_sec_desc(talloc_tos(),old-revision, SEC_DESC_SELF_RELATIVE, (change_mode == REQUEST_CHOWN) ? sid : NULL, (change_mode == REQUEST_CHGRP) ? sid : NULL, NULL, NULL, sd_size); -- Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2014-03-12-0334/flakey.log The samba build logs are available here: http://git.samba.org/autobuild.flakey/2014-03-12-0334/samba.stderr http://git.samba.org/autobuild.flakey/2014-03-12-0334/samba.stdout The top commit at the time of the failure was: commit 41d8d99d8ac9e53405868bf5e34f48a01550c1f4 Author: Jeremy Allison j...@samba.org Date: Wed Dec 18 13:56:18 2013 -0800 CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327 Bug 10327 - CVE-2013-6442: smbcacls --chown | --chgrp dacl regression Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Karolin Seeger ksee...@samba.org Autobuild-Date(master): Tue Mar 11 22:55:54 CET 2014 on sn-devel-104