[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via c31f541 samba3.py: Correctly initialize cache directory for passdb
test
from 81464dae smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit c31f54112e21b2e76398a402e864a2b6b6c74e6c
Author: Christof Schmitt
Date: Thu Jan 15 14:31:19 2015 -0700
samba3.py: Correctly initialize cache directory for passdb test
Running 'make test TESTS=tests.samba3' succeeds, but the log shows that
it tried to open the gencache tdb in the wrong directory:
Unable to create directory /usr/local/samba/var/cache for file
gencache.tdb. Error was No such file or directory
Fix this by correctly initializing the cache directory.
Signed-off-by: Christof Schmitt
Reviewed-By: Jelmer Vernooij
Autobuild-User(master): Christof Schmitt
Autobuild-Date(master): Fri Jan 16 02:36:39 CET 2015 on sn-devel-104
---
Summary of changes:
python/samba/tests/samba3.py | 1 +
1 file changed, 1 insertion(+)
Changeset truncated at 500 lines:
diff --git a/python/samba/tests/samba3.py b/python/samba/tests/samba3.py
index f449c64..126e133 100644
--- a/python/samba/tests/samba3.py
+++ b/python/samba/tests/samba3.py
@@ -72,6 +72,7 @@ class PassdbTestCase(TestCaseInTempDir):
self.lp.set("private dir", datadir)
self.lp.set("state directory", datadir)
self.lp.set("lock directory", datadir)
+self.lp.set("cache directory", datadir)
passdb.set_secrets_dir(datadir)
self.pdb = passdb.PDB("tdbsam")
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 81464dae smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT.
from ef7fb90 CVE-2014-8143:dsdb-samldb: Check for extended access rights
before we allow changes to userAccountControl
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 81464daea71e5fa3067ec7d5f5c69c890c0f7949
Author: Ira Cooper
Date: Thu Jan 15 11:41:50 2015 -0500
smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT.
This sequencing is causing problems for vfs_ceph, and likely
other vfs modules.
Signed-off-by: Ira Cooper
Reviewed-by: Jeremy Allison
Autobuild-User(master): Jeremy Allison
Autobuild-Date(master): Fri Jan 16 00:13:17 CET 2015 on sn-devel-104
---
Summary of changes:
source3/smbd/service.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 3fd0fc8..ada2d07 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -1133,12 +1133,12 @@ void close_cnum(connection_struct *conn, uint64_t vuid)
talloc_tos()),
lp_servicename(talloc_tos(), SNUM(conn;
- /* Call VFS disconnect hook */
- SMB_VFS_DISCONNECT(conn);
-
/* make sure we leave the directory available for unmount */
vfs_ChDir(conn, "/");
+ /* Call VFS disconnect hook */
+ SMB_VFS_DISCONNECT(conn);
+
/* execute any "postexec = " line */
if (*lp_postexec(talloc_tos(), SNUM(conn)) &&
change_to_user(conn, vuid)) {
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-2-test updated
The branch, v4-2-test has been updated via 77d8786 VERSION: Re-enable git snapshots... via c88a4f4 VERSION: Disable git snapshots for the 4.2.0rc4 release. via 8fdb354 WHATSNEW: Add release notes for Samba 4.2.0rc4. via 2a699e4 CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl via df1f7ce CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.c via 0b97e8b CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag via 239c0f2 CVE-2014-8143:auth: Force talloc type of session_info pointer to match from 923827c vfs_fruit: mmap under FreeBSD needs PROT_READ https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-test - Log - commit 77d8786bf8380de0a3e3c4a17e245e3dc261eabf Author: Karolin Seeger Date: Thu Jan 15 16:53:23 2015 +0100 VERSION: Re-enable git snapshots... and bump version up to 4.2.0rc5. Signed-off-by: Karolin Seeger Autobuild-User(v4-2-test): Karolin Seeger Autobuild-Date(v4-2-test): Thu Jan 15 22:37:56 CET 2015 on sn-devel-104 commit c88a4f4923fef8243e7e9dea4ab57f620f3a387a Author: Karolin Seeger Date: Thu Jan 15 16:51:50 2015 +0100 VERSION: Disable git snapshots for the 4.2.0rc4 release. Signed-off-by: Karolin Seeger commit 8fdb3547416be67366837fdf1e30b6bb6e27551d Author: Karolin Seeger Date: Thu Jan 15 16:51:08 2015 +0100 WHATSNEW: Add release notes for Samba 4.2.0rc4. Signed-off-by: Karolin Seeger commit 2a699e4e1168c473cf88c40db8efa1eab1bc17a2 Author: Andrew Bartlett Date: Thu Dec 4 17:23:29 2014 +1300 CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl This requires an additional control to be used in the LSA server to add domain trust account objects. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam Reviewed-by: Stefan Metzmacher commit df1f7ce906a17d916e6faeb495efdab01e2759bf Author: Andrew Bartlett Date: Mon Dec 8 14:20:21 2014 +1300 CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.c Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Change-Id: If6bc90305a1e9a5a92562a01ba7e44330de91cc1 Pair-programmed-with: Garming Sam Signed-off-by: Andrew Bartlett Signed-off-by: Garming Sam Reviewed-by: Stefan Metzmacher commit 0b97e8b96dad7213fb10bdec976386ded3580a64 Author: Andrew Bartlett Date: Mon Dec 8 12:19:19 2014 +1300 CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Change-Id: I36ad5ebc5d8a4811c41b59af90a3add4ae5fd857 Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam Reviewed-by: Stefan Metzmacher commit 239c0f267cc6fd81b15c67c81bda84de65950dfa Author: Andrew Bartlett Date: Tue Nov 11 15:23:02 2014 +1300 CVE-2014-8143:auth: Force talloc type of session_info pointer to match This helps us keep things safe in LDB where we put this in a opaque pointer. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Andrew Bartlett Change-Id: I46fe53ba655ca0810c276b72fbca524884cdf22d Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam Reviewed-by: Stefan Metzmacher --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 48 +++- librpc/idl/security.idl | 13 ++- source4/auth/session.c | 5 + source4/dsdb/common/util.c | 4 +- source4/dsdb/pydsdb.c | 1 + source4/dsdb/samdb/ldb_modules/samldb.c | 190 +++- source4/dsdb/samdb/samdb.h | 6 + source4/rpc_server/lsa/dcesrv_lsa.c | 15 ++- source4/setup/schema_samba4.ldif| 1 + 10 files changed, 276 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index fa38d58..8dd14ce 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=4 +SAMBA_VERSION_RC_RELEASE=5 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 4e394ad..dc47556 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the third release candidate of Samba 4.2. This is *not* +This is the fourth release candidate of Samba 4.2. This i
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 0026695 Fix Theseiare->These are typo from 8840a9d Yet another typo... ;-) https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 00266950fcc9e199272eca79a67ed5a2f2c559e4 Author: David Disseldorp Date: Thu Jan 15 16:55:19 2015 +0100 Fix Theseiare->These are typo Signed-off-by: David Disseldorp --- Summary of changes: generated_news/latest_10_bodies.html | 2 +- generated_news/latest_2_bodies.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index 0b54c44..be2f01e 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,7 +1,7 @@ 15 January 2015 Samba 4.1.16 and 4.0.24 Security Releases Available for Download - Theseiare security releases in order to address + These are security releases in order to address http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143";>CVE-2014-8143 (Elevation of privilege to Active Directory Domain Controller). diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index 1b97b49..f5ae4c0 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -1,7 +1,7 @@ 15 January 2015 Samba 4.1.16 and 4.0.24 Security Releases Available for Download - Theseiare security releases in order to address + These are security releases in order to address http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143";>CVE-2014-8143 (Elevation of privilege to Active Directory Domain Controller). -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-2-test updated
The branch, v4-2-test has been updated via 923827c vfs_fruit: mmap under FreeBSD needs PROT_READ via e3d7893 vfs_fruit: fix base_fsp name conversion via eaeeb51 s3-libads: Fix a possible segfault in kerberos_fetch_pac(). via ec80439 lib/util: Avoid collision which alread defined consumer DEBUG macro. via a756e65 spoolss: clear PrinterInfo on GetPrinter error via 4e3e5e7 spoolss: clear info on GetPrinterDriverDirectory error via d2d2f8a spoolss: clear info on GetPrintProcessorDirectory error via e9e576a spoolss: clear FormInfo on GetForm error via 9762d72 spoolss: clear DriverInfo on GetPrinterDriver2 error via 2141975 spoolss: clear JobInfo on GetJob error via f0040c6 [PATCH] vfs: Add glusterfs manpage. via 92b34c5 net: Fix sam addgroupmem via 561eb6c s3:passdb: fix logic in pdb_set_pw_history() via bdc182f s3-util: Fix authentication with long hostnames. from d196b54 winbind: Retry after SESSION_EXPIRED error in ping-dc https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-test - Log - commit 923827c2f7b4e7b1f3fd15c6fee2d22b36712c6f Author: Volker Lendecke Date: Thu Jan 8 17:14:37 2015 +0100 vfs_fruit: mmap under FreeBSD needs PROT_READ We memmove, which does read Bug: https://bugzilla.samba.org/show_bug.cgi?id=11040 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Böhme Reviewed-by: Jeremy Allison (cherry picked from commit 56e2384dfe29fd8f16b9d0cf7264f9bb8ed38966) Autobuild-User(v4-2-test): Karolin Seeger Autobuild-Date(v4-2-test): Thu Jan 15 16:16:51 CET 2015 on sn-devel-104 commit e3d7893c6d566c43bceff79eeb7782659699a47d Author: Volker Lendecke Date: Tue Jan 6 15:55:15 2015 + vfs_fruit: fix base_fsp name conversion Bug: https://bugzilla.samba.org/show_bug.cgi?id=11039 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke (cherry picked from commit d9c22a3af2ac319d075a952c71496b6b76c83fcf) commit eaeeb5132658717644bc1008c71d33cfc3e04629 Author: Andreas Schneider Date: Wed Jan 7 17:12:54 2015 +0100 s3-libads: Fix a possible segfault in kerberos_fetch_pac(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11037 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit a13e29cc4345d85ab6fe4482119386b87e4e8673) commit ec8043974019a9b2d9b507c2cf1f3611b66e7605 Author: Andreas Schneider Date: Thu Jan 8 10:24:36 2015 +0100 lib/util: Avoid collision which alread defined consumer DEBUG macro. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11033 Signed-off-by: Andreas Schneider Reviewed-by: Martin Schwenke (cherry picked from commit 87c176563baea3458c5322f1e3dfae6cf074b4b4) Signed-off-by: Andreas Schneider commit a756e6551c87f3457fbac77a651075dab58c503a Author: David Disseldorp Date: Wed Dec 17 16:54:42 2014 +0100 spoolss: clear PrinterInfo on GetPrinter error If an error is returned without zeroing a pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp Reviewed-by: Andreas Schneider (cherry picked from commit a11e97b79645ff0d9e7d20f5318a979194a858fe) commit 4e3e5e7c91844246b92819bbb777a2657ed3d0f9 Author: David Disseldorp Date: Wed Dec 17 16:47:50 2014 +0100 spoolss: clear info on GetPrinterDriverDirectory error If an error is returned without zeroing a pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp Reviewed-by: Andreas Schneider (cherry picked from commit c9fccb5018f9a19bb654b9ad79aa716e37a274d6) commit d2d2f8a24f08e71238ecb742979fcbcb921c11cb Author: David Disseldorp Date: Wed Dec 17 15:54:22 2014 +0100 spoolss: clear info on GetPrintProcessorDirectory error If an error is returned without zeroing a pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp Reviewed-by: Andreas Schneider (cherry picked from commit 679c781112ce6b7cffca11c28e58ae5f9a0d717d) commit e9e576a5fb12f8402ff0025ed348cee9325be7b6 Author: David Disseldorp Date: Wed Dec 17 15:29:52 2014 +0100 spoolss: clear FormInfo on GetForm error In handling a spoolss GetForm request, the handler may return an immediate error if one of the input parameters is invalid. If this is done without zeroing the pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: D
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2015-01-15-1547/flakey.log The samba build logs are available here: http://git.samba.org/autobuild.flakey/2015-01-15-1547/samba.stderr http://git.samba.org/autobuild.flakey/2015-01-15-1547/samba.stdout The top commit at the time of the failure was: commit ef7fb904a97f00babb33affa0bfc8d2f5bb5ce32 Author: Andrew Bartlett Date: Thu Dec 4 17:23:29 2014 +1300 CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl This requires an additional control to be used in the LSA server to add domain trust account objects. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam Reviewed-by: Stefan Metzmacher Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Thu Jan 15 14:54:47 CET 2015 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ef7fb90 CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl via 9d62b67 CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.c via db004e0 CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag via 452cc51 CVE-2014-8143:auth: Force talloc type of session_info pointer to match from d098b6c s3: auth - tests: Add test for "force user" being a unix-only user, not in passdb. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ef7fb904a97f00babb33affa0bfc8d2f5bb5ce32 Author: Andrew Bartlett Date: Thu Dec 4 17:23:29 2014 +1300 CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl This requires an additional control to be used in the LSA server to add domain trust account objects. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam Reviewed-by: Stefan Metzmacher Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Thu Jan 15 14:54:47 CET 2015 on sn-devel-104 commit 9d62b6764e99737fd7b914163237a8767d1224b1 Author: Andrew Bartlett Date: Mon Dec 8 14:20:21 2014 +1300 CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.c Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Change-Id: If6bc90305a1e9a5a92562a01ba7e44330de91cc1 Pair-programmed-with: Garming Sam Signed-off-by: Andrew Bartlett Signed-off-by: Garming Sam Reviewed-by: Stefan Metzmacher commit db004e079a3ee1833a2d76ab216af96f8f6612ca Author: Andrew Bartlett Date: Mon Dec 8 12:19:19 2014 +1300 CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Change-Id: I36ad5ebc5d8a4811c41b59af90a3add4ae5fd857 Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam Reviewed-by: Stefan Metzmacher commit 452cc51e10b8913247e80027394c76af5ad5653d Author: Andrew Bartlett Date: Tue Nov 11 15:23:02 2014 +1300 CVE-2014-8143:auth: Force talloc type of session_info pointer to match This helps us keep things safe in LDB where we put this in a opaque pointer. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Andrew Bartlett Change-Id: I46fe53ba655ca0810c276b72fbca524884cdf22d Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam Reviewed-by: Stefan Metzmacher --- Summary of changes: librpc/idl/security.idl | 13 ++- source4/auth/session.c | 5 + source4/dsdb/common/util.c | 4 +- source4/dsdb/pydsdb.c | 1 + source4/dsdb/samdb/ldb_modules/samldb.c | 190 +++- source4/dsdb/samdb/samdb.h | 6 + source4/rpc_server/lsa/dcesrv_lsa.c | 15 ++- source4/setup/schema_samba4.ldif| 1 + 8 files changed, 228 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index eb80a86..78c13c9 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -674,14 +674,21 @@ interface security const string GUID_DRS_CHANGE_RID_MASTER = "d58d5f36-0a98-11d1-adbb-00c04fd8d5cd"; const string GUID_DRS_CHANGE_SCHEMA_MASTER= "e12b56b6-0a95-11d1-adbb-00c04fd8d5cd"; const string GUID_DRS_GET_CHANGES = "1131f6aa-9c07-11d1-f79f-00c04fc2dcd2"; + const string GUID_DRS_REPL_SYNCRONIZE = "1131f6ab-9c07-11d1-f79f-00c04fc2dcd2"; + const string GUID_DRS_MANAGE_TOPOLOGY = "1131f6ac-9c07-11d1-f79f-00c04fc2dcd2"; const string GUID_DRS_GET_ALL_CHANGES = "1131f6ad-9c07-11d1-f79f-00c04fc2dcd2"; + const string GUID_DRS_RO_REPL_SECRET_SYNC = "1131f6ae-9c07-11d1-f79f-00c04fc2dcd2"; const string GUID_DRS_GET_FILTERED_ATTRIBUTES = "89e95b76-444d-4c62-991a-0facbeda640c"; - const string GUID_DRS_MANAGE_TOPOLOGY = "1131f6ac-9c07-11d1-f79f-00c04fc2dcd2"; const string GUID_DRS_MONITOR_TOPOLOGY= "f98340fb-7c5b-4cdb-a00b-2ebdfa115a96"; - const string GUID_DRS_REPL_SYNCRONIZE = "1131f6ab-9c07-11d1-f79f-00c04fc2dcd2"; - const string GUID_DRS_RO_REPL_SECRET_SYNC = "1131f6ae-9c07-11d1-f79f-00c04fc2dcd2"; const string GUID_DRS_USER_CHANGE_PASSWORD= "ab721a53-1e2f-11d0-9819-00aa0040529b"; const string GUID_DRS_FORCE_CHANGE_PASSWORD = "00299570-246d-11d0-a768-00aa006e0529"; +const string GUID_DRS_UPDATE_PASSWORD_NOT_REQUIRED_BIT + = "280f369c-67c7-438e-ae98-1d46f3c6f541"; +
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via f9693a1 VERSION: Bump version up to 4.0.25. via 9b14925 Merge tag 'samba-4.0.24' into v4-0-test via 654b1d1 smbd: Fix CID 1063259 Uninitialized scalar variable via 03299a2 net: Fix sam addgroupmem via 017ff20 dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptable via 3be3266 VERSION: Disable git snapshots for the 4.0.24 release. via 65a088d WHATSNEW: Add release notes for Samba 4.0.24. via 3d221ef CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl via 01a4bd7 CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.c via 5acd6c0 CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag via 392523a CVE-2014-8143:auth: Force talloc type of session_info pointer to match via 003ae6a VERSION: Bump version up to 4.0.24... from 4f6075e nsswitch: fix soname of linux nss_*.so.2 modules https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit f9693a1766b88ce068bb04c88f1a41ce3330e2cc Author: Karolin Seeger Date: Thu Jan 15 12:12:10 2015 +0100 VERSION: Bump version up to 4.0.25. Signed-off-by: Karolin Seeger commit 9b14925b20aac0f2f8aac60d7e63f50c128bffd1 Merge: 654b1d1 3be3266 Author: Karolin Seeger Date: Thu Jan 15 12:11:57 2015 +0100 Merge tag 'samba-4.0.24' into v4-0-test samba: tag release samba-4.0.24 commit 654b1d119cd7127d0d60f36b8bec1efb20032431 Author: Volker Lendecke Date: Sun Aug 18 20:35:32 2013 + smbd: Fix CID 1063259 Uninitialized scalar variable Signed-off-by: Volker Lendecke Bug: https://bugzilla.samba.org/show_bug.cgi?id=11041 Reviewed-by: Andrew Bartlett (cherry picked from commit cc983c9a6a92f3d127ec6461b15aed3fa90e6d30) Reviewed-by: David Disseldorp commit 03299a23d82f653917a6df31e8bb786c26f5eb1b Author: Volker Lendecke Date: Tue Jan 13 12:51:13 2015 +0100 net: Fix sam addgroupmem Domain local groups come across as SID_TYPE_ALIAS and are sent to us in the PAC/Info3 struct. We should allow this in net sam addgroupmem. Volker Signed-off-by: Volker Lendecke Reviewed-by: Guenther Deschner Bug: https://bugzilla.samba.org/show_bug.cgi?id=11051 Autobuild-User(master): Günther Deschner Autobuild-Date(master): Tue Jan 13 15:28:16 CET 2015 on sn-devel-104 commit 017ff207a6883a50705de985e8653e2a05f3b024 Author: Garming Sam Date: Thu Dec 4 11:53:12 2014 +1300 dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptable This includes additional tests based directly on the docs, rather than simply testing our internal implementation in client and server contexts, that create a user and groups. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11022 Pair-programmed-with: Garming Sam Signed-off-by: Garming-Sam Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Mon Dec 22 17:17:02 CET 2014 on sn-devel-104 (similar to commit e4213512d0a967e87a74a1ae816c903fb38dd8b9) --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 53 +++- librpc/idl/security.idl | 13 +- source3/smbd/process.c | 1 + source3/utils/net_sam.c | 8 +- source4/auth/session.c | 5 + source4/dsdb/common/util.c | 4 +- source4/dsdb/pydsdb.c| 1 + source4/dsdb/samdb/ldb_modules/operational.c | 66 - source4/dsdb/samdb/ldb_modules/samldb.c | 192 ++- source4/dsdb/samdb/samdb.h | 6 + source4/dsdb/tests/python/token_group.py | 347 ++- source4/rpc_server/lsa/dcesrv_lsa.c | 15 +- source4/setup/schema_samba4.ldif | 1 + 14 files changed, 686 insertions(+), 28 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index a0ec102..705c416 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=24 +SAMBA_VERSION_RELEASE=25 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index c74580b..777997f 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,53 @@ == + Release Notes for Samba 4.0.24 + January 15,
[SCM] Samba Shared Repository - branch v4-1-test updated
The branch, v4-1-test has been updated via c4e46cd VERSION: Bump version up to 4.1.17. via af5c876 Merge tag 'samba-4.1.16' into v4-1-test via 1c6bcc0 smbd: Fix CID 1063259 Uninitialized scalar variable via 5bbf2df s3-libads: Fix a possible segfault in kerberos_fetch_pac(). via e968af8 spoolss: clear PrinterInfo on GetPrinter error via fd9daf3 spoolss: clear info on GetPrinterDriverDirectory error via fcbeb46 spoolss: clear info on GetPrintProcessorDirectory error via 50a72f0 spoolss: clear FormInfo on GetForm error via 1719bda spoolss: clear DriverInfo on GetPrinterDriver2 error via a9dab56 spoolss: clear JobInfo on GetJob error via c5cff32 vfs: Add glusterfs manpage. via ecb145c net: Fix sam addgroupmem via 333d257 dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptable via 2baeba4 s3-util: Fix authentication with long hostnames. via 1e682c3 VERSION: Disable git snapshots for the 4.1.16 release. via 8010553 WHATSNEW: Add release notes for Samba 4.1.16. via 5cc1c0e CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl via 3c93b57 CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.c via f2cb9b9 CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag via 9e15786 CVE-2014-8143:auth: Force talloc type of session_info pointer to match via cc49a60 VERSION: Bump version up to 4.1.16... from 9f52de7 VERSION: Bump version up to 4.1.16... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-1-test - Log - commit c4e46cd4e32ef5bf25f3a21f74bb40dfb1dd3c0d Author: Karolin Seeger Date: Thu Jan 15 12:10:58 2015 +0100 VERSION: Bump version up to 4.1.17. Signed-off-by: Karolin Seeger commit af5c87631de5712b2b31856233c23ca772eb8aa4 Merge: 1c6bcc0 1e682c3 Author: Karolin Seeger Date: Thu Jan 15 12:10:22 2015 +0100 Merge tag 'samba-4.1.16' into v4-1-test samba: tag release samba-4.1.16 commit 1c6bcc0d7f63fe3b18500bd2a5d532746302345c Author: Volker Lendecke Date: Sun Aug 18 20:35:32 2013 + smbd: Fix CID 1063259 Uninitialized scalar variable Signed-off-by: Volker Lendecke Bug: https://bugzilla.samba.org/show_bug.cgi?id=11041 Reviewed-by: Andrew Bartlett (cherry picked from commit cc983c9a6a92f3d127ec6461b15aed3fa90e6d30) Reviewed-by: David Disseldorp commit 5bbf2df3fe60ed124a05a515d7128fe5e750f29b Author: Andreas Schneider Date: Wed Jan 7 17:12:54 2015 +0100 s3-libads: Fix a possible segfault in kerberos_fetch_pac(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11037 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit a13e29cc4345d85ab6fe4482119386b87e4e8673) commit e968af8e5e7e1d19b7da270e8af01f1ea49a Author: David Disseldorp Date: Wed Dec 17 16:54:42 2014 +0100 spoolss: clear PrinterInfo on GetPrinter error If an error is returned without zeroing a pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp Reviewed-by: Andreas Schneider (cherry picked from commit a11e97b79645ff0d9e7d20f5318a979194a858fe) commit fd9daf39e7faa76a5b8b47c316a16ed257dea837 Author: David Disseldorp Date: Wed Dec 17 16:47:50 2014 +0100 spoolss: clear info on GetPrinterDriverDirectory error If an error is returned without zeroing a pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp Reviewed-by: Andreas Schneider (cherry picked from commit c9fccb5018f9a19bb654b9ad79aa716e37a274d6) commit fcbeb4638d2120c20ff361720723554cbf1e4c3a Author: David Disseldorp Date: Wed Dec 17 15:54:22 2014 +0100 spoolss: clear info on GetPrintProcessorDirectory error If an error is returned without zeroing a pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp Reviewed-by: Andreas Schneider (cherry picked from commit 679c781112ce6b7cffca11c28e58ae5f9a0d717d) commit 50a72f093547d543036ea7a3df3d1ef49590af17 Author: David Disseldorp Date: Wed Dec 17 15:29:52 2014 +0100 spoolss: clear FormInfo on GetForm error In handling a spoolss GetForm request, the handler may return an immediate error if one of the input parameters is invalid. If this is done without zeroing the pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 8840a9d Yet another typo... ;-) from 3b246c6 Fix typo. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 8840a9d8827f5817e17102065a55e3ca62ce6230 Author: Karolin Seeger Date: Thu Jan 15 11:58:01 2015 +0100 Yet another typo... ;-) Signed-off-by: Karolin Seeger --- Summary of changes: security/CVE-2014-8143.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/security/CVE-2014-8143.html b/security/CVE-2014-8143.html index fe1c908..edc38a6 100644 --- a/security/CVE-2014-8143.html +++ b/security/CVE-2014-8143.html @@ -12,7 +12,6 @@ - === == Subject: CVE-2014-8143: Elevation of privilege to Active Directory Domain Controller == @@ -90,5 +89,6 @@ the Samba team. == Our Code, Our Bugs, Our Responsibility. == The Samba Team == + -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 3b246c6 Fix typo. from a2265c7 Announce Samba 4.1.16 and 4.0.24. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 3b246c65a0f571297a0deec8e5173535cb7b81cc Author: Karolin Seeger Date: Thu Jan 15 11:54:32 2015 +0100 Fix typo. Signed-off-by: Karolin Seeger --- Summary of changes: generated_news/latest_10_bodies.html | 2 +- generated_news/latest_2_bodies.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index b5495a7..0b54c44 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -12,7 +12,7 @@ The source code can be downloaded here: http://samba.org/samba/ftp/stable/samba-4.1.16.tar.gz";>download Samba 4.1.16, - http://samba.org/samba/ftp/stable/samba-4.0.25.tar.gz";>download + http://samba.org/samba/ftp/stable/samba-4.0.24.tar.gz";>download Samba 4.0.24. diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index 03c66b3..1b97b49 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -12,7 +12,7 @@ The source code can be downloaded here: http://samba.org/samba/ftp/stable/samba-4.1.16.tar.gz";>download Samba 4.1.16, - http://samba.org/samba/ftp/stable/samba-4.0.25.tar.gz";>download + http://samba.org/samba/ftp/stable/samba-4.0.24.tar.gz";>download Samba 4.0.24. -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via a2265c7 Announce Samba 4.1.16 and 4.0.24. from cedbc64 Announce Samba 4.1.15. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit a2265c7b87efc1663c6e45aae86eeac3eccf49ea Author: Karolin Seeger Date: Thu Jan 15 10:39:13 2015 +0100 Announce Samba 4.1.16 and 4.0.24. Signed-off-by: Karolin Seeger --- Summary of changes: generated_news/latest_10_bodies.html| 37 ++--- generated_news/latest_10_headlines.html | 6 +-- generated_news/latest_2_bodies.html | 32 ++- history/header_history.html | 2 + history/samba-4.0.24.html | 42 +++ history/samba-4.1.16.html | 42 +++ history/security.html | 15 ++ latest_stable_release.html | 6 +-- security/CVE-2014-8143.html | 94 + 9 files changed, 239 insertions(+), 37 deletions(-) create mode 100755 history/samba-4.0.24.html create mode 100755 history/samba-4.1.16.html create mode 100644 security/CVE-2014-8143.html Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index 41a028c..b5495a7 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,22 @@ + 15 January 2015 + Samba 4.1.16 and 4.0.24 Security + Releases Available for Download + Theseiare security releases in order to address + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143";>CVE-2014-8143 + (Elevation of privilege to Active Directory Domain Controller). + + + The uncompressed tarballs and patch files have been signed + using GnuPG (ID 6568B7EA). + + The source code can be downloaded here: + http://samba.org/samba/ftp/stable/samba-4.1.16.tar.gz";>download + Samba 4.1.16, + http://samba.org/samba/ftp/stable/samba-4.0.25.tar.gz";>download + Samba 4.0.24. + + + 12 January 2015 Samba 4.1.15 Available for Download This is the latest stable release of the Samba 4.1 series. @@ -110,21 +129,3 @@ now. A http://samba.org/samba/ftp/patches/patch-4.1.11-4.1.12.diffs patch against Samba 4.1.11 is also available. See http://samba.org/samba/history/samba-4.1.12.html";> the release notes for more info. - - 01 August 2014 - Samba 4.1.11 and 4.0.21 Security - Releases Available for Download - These are security releases in order to address - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3560";>CVE-2014-3560 - (Remote code execution in nmbd). - - - The uncompressed tarballs and patch files have been signed - using GnuPG (ID 6568B7EA). - - The source code can be downloaded here: - http://samba.org/samba/ftp/stable/samba-4.1.11.tar.gz";>download - Samba 4.1.11, - http://samba.org/samba/ftp/stable/samba-4.0.21.tar.gz";>download - Samba 4.0.21. - diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html index 58d8754..ba00525 100644 --- a/generated_news/latest_10_headlines.html +++ b/generated_news/latest_10_headlines.html @@ -1,4 +1,7 @@ +15 January 2015 Samba 4.1.16 and 4.0.24 Security + Releases Available for Download (CVE-2014-8143) + 12 January 2015 Samba 4.1.15 Available for Download 20 December 2014 Samba 4.2.0rc3 Available for Download @@ -16,7 +19,4 @@ 15 September 2014 Samba 4.0.22 Available for Download 08 September 2014 Samba 4.1.12 Available for Download - -01 August 2014 Samba 4.1.11 and 4.0.21 Security - Releases Available for Download (CVE-2014-3560) diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index c0bb851..03c66b3 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -1,3 +1,22 @@ + 15 January 2015 + Samba 4.1.16 and 4.0.24 Security + Releases Available for Download + Theseiare security releases in order to address + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143";>CVE-2014-8143 + (Elevation of privilege to Active Directory Domain Controller). + + + The uncompressed tarballs and patch files have been signed + using GnuPG (ID 6568B7EA). + + The source code can be downloaded here: + http://samba.org/samba/ftp/stable/samba-4.1.16.tar.gz";>download + Samba 4.1.16, + http://samba.org/samba/ftp/stable/samba-4.0.25.tar.gz";>download + Samba 4.0.24. + + + 12 January 2015 Samba 4.1.15 Available for Download This is the latest stable releas
[SCM] Samba Shared Repository - branch v4-0-stable updated
The branch, v4-0-stable has been updated via 3be3266 VERSION: Disable git snapshots for the 4.0.24 release. via 65a088d WHATSNEW: Add release notes for Samba 4.0.24. via 3d221ef CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl via 01a4bd7 CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.c via 5acd6c0 CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag via 392523a CVE-2014-8143:auth: Force talloc type of session_info pointer to match via 003ae6a VERSION: Bump version up to 4.0.24... from 21764ef VERSION: Disable git snapshots for the 4.0.23 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-stable - Log - commit 3be3266359da9ee6cd3aac970a81f019e8c389eb Author: Karolin Seeger Date: Mon Jan 12 21:05:40 2015 +0100 VERSION: Disable git snapshots for the 4.0.24 release. Signed-off-by: Karolin Seeger commit 65a088d2d418c4285de26a5636f0e7a38ae28ec9 Author: Karolin Seeger Date: Mon Jan 12 21:01:33 2015 +0100 WHATSNEW: Add release notes for Samba 4.0.24. Signed-off-by: Karolin Seeger commit 3d221efd635601e8f1ba08e018a248472a36d5df Author: Andrew Bartlett Date: Thu Dec 4 17:23:29 2014 +1300 CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl This requires an additional control to be used in the LSA server to add domain trust account objects. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher commit 01a4bd717e1ae61f207bd0ae3109ee20846ff426 Author: Andrew Bartlett Date: Mon Dec 8 14:20:21 2014 +1300 CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.c Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Change-Id: If6bc90305a1e9a5a92562a01ba7e44330de91cc1 Pair-programmed-with: Garming Sam Signed-off-by: Andrew Bartlett Signed-off-by: Garming Sam Reviewed-by: Stefan Metzmacher commit 5acd6c08f1b9c79a820d3f6b907563bcd1101e15 Author: Andrew Bartlett Date: Mon Dec 8 12:19:19 2014 +1300 CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Change-Id: I36ad5ebc5d8a4811c41b59af90a3add4ae5fd857 Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam Reviewed-by: Stefan Metzmacher commit 392523a227671eb1570d1815c8280fe001d8a435 Author: Andrew Bartlett Date: Tue Nov 11 15:23:02 2014 +1300 CVE-2014-8143:auth: Force talloc type of session_info pointer to match This helps us keep things safe in LDB where we put this in a opaque pointer. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Andrew Bartlett Change-Id: I46fe53ba655ca0810c276b72fbca524884cdf22d Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam Reviewed-by: Stefan Metzmacher commit 003ae6a1a56732e9e2ddd39a19f5f50426b39854 Author: Karolin Seeger Date: Sun Dec 7 21:47:37 2014 +0100 VERSION: Bump version up to 4.0.24... ...and re-enable git snapshots. Signed-off-by: Karolin Seeger (cherry picked from commit b1adeee4aed02f3066f9a96f20daeb3dce43b68c) --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 53 - librpc/idl/security.idl | 13 ++- source4/auth/session.c | 5 + source4/dsdb/common/util.c | 4 +- source4/dsdb/pydsdb.c | 1 + source4/dsdb/samdb/ldb_modules/samldb.c | 192 +++- source4/dsdb/samdb/samdb.h | 6 + source4/rpc_server/lsa/dcesrv_lsa.c | 15 ++- source4/setup/schema_samba4.ldif| 1 + 10 files changed, 281 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index e0e7f36..81f48a9 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=23 +SAMBA_VERSION_RELEASE=24 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index c74580b..777997f 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,53 @@ == + Release Notes for Samba 4.0.24 + January 15, 2015 + == + + +This is a security release in order to address CVE-2014-8143 (Elevation +of privilege to Active Directory Domain Controller). + +o CVE-2014-8143:
[SCM] Samba Shared Repository - annotated tag samba-4.1.16 created
The annotated tag, samba-4.1.16 has been created at ccc30a331f15a5fb80749547609da2f26f03a78d (tag) tagging 1e682c3ce0593b3cd93acc6a5be0d74db8d04fef (commit) replaces samba-4.1.15 tagged by Karolin Seeger on Mon Jan 12 21:43:20 2015 +0100 - Log - samba: tag release samba-4.1.16 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEABECAAYFAlS0MegACgkQbzORW2Vot+od3QCgxoOB+Ik6efDKLMYeKEcZ7hea 7MYAnRyr3FLW/Ncxz0EUGoG7uHO+hXjE =dku4 -END PGP SIGNATURE- Andrew Bartlett (4): CVE-2014-8143:auth: Force talloc type of session_info pointer to match CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.c CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl Karolin Seeger (3): VERSION: Bump version up to 4.1.16... WHATSNEW: Add release notes for Samba 4.1.16. VERSION: Disable git snapshots for the 4.1.16 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-4.0.24 created
The annotated tag, samba-4.0.24 has been created at d94618691e10ddede09db0d213fcf424412ec35a (tag) tagging 3be3266359da9ee6cd3aac970a81f019e8c389eb (commit) replaces samba-4.0.23 tagged by Karolin Seeger on Mon Jan 12 21:07:40 2015 +0100 - Log - samba: tag release samba-4.0.24 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEABECAAYFAlS0KYwACgkQbzORW2Vot+qnawCfdMXHWfgCwvIgnve8qiSdePpJ KwwAn36SobRLWmba292NuanLCtt7lA4v =JNET -END PGP SIGNATURE- Andrew Bartlett (4): CVE-2014-8143:auth: Force talloc type of session_info pointer to match CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.c CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl Karolin Seeger (3): VERSION: Bump version up to 4.0.24... WHATSNEW: Add release notes for Samba 4.0.24. VERSION: Disable git snapshots for the 4.0.24 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-1-stable updated
The branch, v4-1-stable has been updated via 1e682c3 VERSION: Disable git snapshots for the 4.1.16 release. via 8010553 WHATSNEW: Add release notes for Samba 4.1.16. via 5cc1c0e CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl via 3c93b57 CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.c via f2cb9b9 CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag via 9e15786 CVE-2014-8143:auth: Force talloc type of session_info pointer to match via cc49a60 VERSION: Bump version up to 4.1.16... from 28eacea VERSION: Disable git snapshots for the 4.1.15 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable - Log - commit 1e682c3ce0593b3cd93acc6a5be0d74db8d04fef Author: Karolin Seeger Date: Mon Jan 12 21:42:02 2015 +0100 VERSION: Disable git snapshots for the 4.1.16 release. Signed-off-by: Karolin Seeger commit 801055358de0988717b65b4f6a2a6a4b820b9fcd Author: Karolin Seeger Date: Mon Jan 12 21:41:32 2015 +0100 WHATSNEW: Add release notes for Samba 4.1.16. Signed-off-by: Karolin Seeger commit 5cc1c0ec403358d08e208a38feae11631510ab72 Author: Andrew Bartlett Date: Thu Dec 4 17:23:29 2014 +1300 CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl This requires an additional control to be used in the LSA server to add domain trust account objects. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher commit 3c93b5772ef002569810b01c39faac8b34168f05 Author: Andrew Bartlett Date: Mon Dec 8 14:20:21 2014 +1300 CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.c Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Change-Id: If6bc90305a1e9a5a92562a01ba7e44330de91cc1 Pair-programmed-with: Garming Sam Signed-off-by: Andrew Bartlett Signed-off-by: Garming Sam Reviewed-by: Stefan Metzmacher commit f2cb9b99235ebfdd0d53c3ebdaaac44f8b958311 Author: Andrew Bartlett Date: Mon Dec 8 12:19:19 2014 +1300 CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Change-Id: I36ad5ebc5d8a4811c41b59af90a3add4ae5fd857 Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam Reviewed-by: Stefan Metzmacher commit 9e15786d093ac984262394510333cb3c3d512e1a Author: Andrew Bartlett Date: Tue Nov 11 15:23:02 2014 +1300 CVE-2014-8143:auth: Force talloc type of session_info pointer to match This helps us keep things safe in LDB where we put this in a opaque pointer. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993 Andrew Bartlett Change-Id: I46fe53ba655ca0810c276b72fbca524884cdf22d Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam Reviewed-by: Stefan Metzmacher commit cc49a6005c4406efd781ebc9ab7bb0ba00a3a603 Author: Karolin Seeger Date: Sun Jan 11 20:41:04 2015 +0100 VERSION: Bump version up to 4.1.16... and re-enable git snapshots. Signed-off-by: Karolin Seeger (cherry picked from commit 9f52de75088380915835e815217bdcd0afa8dc85) --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 55 - librpc/idl/security.idl | 13 ++- source4/auth/session.c | 5 + source4/dsdb/common/util.c | 4 +- source4/dsdb/pydsdb.c | 1 + source4/dsdb/samdb/ldb_modules/samldb.c | 192 +++- source4/dsdb/samdb/samdb.h | 6 + source4/rpc_server/lsa/dcesrv_lsa.c | 15 ++- source4/setup/schema_samba4.ldif| 1 + 10 files changed, 282 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index e5a8fba..47509cb 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=1 -SAMBA_VERSION_RELEASE=15 +SAMBA_VERSION_RELEASE=16 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index fe8cbeb..81a1d56 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,55 @@ == + Release Notes for Samba 4.1.16 + January 15, 2015 + == + + +This is a security release in order to address CVE-2014-8143 (Elevation +of privilege to Active Directory Domain Controller). + +o CVE-2014-8143: +
