autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2015-02-24-0643/flakey.log The samba build logs are available here: http://git.samba.org/autobuild.flakey/2015-02-24-0643/samba.stderr http://git.samba.org/autobuild.flakey/2015-02-24-0643/samba.stdout The top commit at the time of the failure was: commit 84d4270c8e4ec18e9f83722d6df1a07f70acaade Author: Andreas Schneider Date: Fri Jan 30 14:37:06 2015 +0100 nmblookup: Warn user if netbios name is too long. Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Feb 24 01:01:10 CET 2015 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 84d4270 nmblookup: Warn user if netbios name is too long.
via a782ae1 nss-wins: Do not lookup invalid netbios names
via a5e3a19 libsmb: Do not lookup invalid netbios names.
via eb05766 Revert "s3: smbd: signing. Ensure we respond correctly to
an SMB2 negprot with SMB2_NEGOTIATE_SIGNING_REQUIRED."
from c0a463d waf: Only build the wrappers if we enable selftest
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 84d4270c8e4ec18e9f83722d6df1a07f70acaade
Author: Andreas Schneider
Date: Fri Jan 30 14:37:06 2015 +0100
nmblookup: Warn user if netbios name is too long.
Signed-off-by: Andreas Schneider
Reviewed-by: Jeremy Allison
Autobuild-User(master): Jeremy Allison
Autobuild-Date(master): Tue Feb 24 01:01:10 CET 2015 on sn-devel-104
commit a782ae1da463433b6f5199acd0d093583780dd20
Author: Andreas Schneider
Date: Fri Jan 30 14:29:26 2015 +0100
nss-wins: Do not lookup invalid netbios names
Signed-off-by: Andreas Schneider
Reviewed-by: Jeremy Allison
commit a5e3a198d0a1c36a3798935595e4844588caba68
Author: Andreas Schneider
Date: Fri Jan 30 14:28:48 2015 +0100
libsmb: Do not lookup invalid netbios names.
Signed-off-by: Andreas Schneider
Reviewed-by: Jeremy Allison
commit eb05766a8c539b1b7d8de8481686556f6bdcc6db
Author: Jeremy Allison
Date: Mon Feb 23 10:15:05 2015 -0800
Revert "s3: smbd: signing. Ensure we respond correctly to an SMB2 negprot
with SMB2_NEGOTIATE_SIGNING_REQUIRED."
Even though the MS-SMB2 spec says so, Windows doesn't behave
like this.
This reverts commit 1cea6e5b6f8c0e28d5ba2d296c831c4878fca304.
Signed-off-by: Jeremy Allison
Reviewed-by: "Stefan (metze) Metzmacher"
---
Summary of changes:
libcli/nbt/tools/nmblookup.c | 13 +
nsswitch/wins.c | 14 +-
source3/libsmb/namequery.c| 17 ++---
source3/smbd/smb2_negprot.c | 3 +--
source3/smbd/smb2_sesssetup.c | 4 +---
source3/utils/nmblookup.c | 9 +
6 files changed, 51 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/nbt/tools/nmblookup.c b/libcli/nbt/tools/nmblookup.c
index 9b875b0..afb81c7 100644
--- a/libcli/nbt/tools/nmblookup.c
+++ b/libcli/nbt/tools/nmblookup.c
@@ -32,6 +32,10 @@
#include "../libcli/nbt/libnbt.h"
#include "param/param.h"
+#include
+
+#define MAX_NETBIOSNAME_LEN 16
+
/* command line options */
static struct {
const char *broadcast_address;
@@ -190,6 +194,7 @@ static bool process_one(struct loadparm_context *lp_ctx,
struct tevent_context *
struct socket_address *all_zero_addr;
struct nbt_name_socket *nbtsock;
NTSTATUS status = NT_STATUS_OK;
+ size_t nbt_len;
bool ret = true;
if (!options.case_sensitive) {
@@ -212,6 +217,14 @@ static bool process_one(struct loadparm_context *lp_ctx,
struct tevent_context *
node_name = talloc_strdup(tmp_ctx, name);
}
+ nbt_len = strlen(node_name);
+ if (nbt_len > MAX_NETBIOSNAME_LEN - 1) {
+ printf("The specified netbios name [%s] is too long.\n",
+ node_name);
+ talloc_free(tmp_ctx);
+ return false;
+ }
+
nbtsock = nbt_name_socket_init(tmp_ctx, ev);
if (options.root_port) {
diff --git a/nsswitch/wins.c b/nsswitch/wins.c
index d63968b..5127ee4 100644
--- a/nsswitch/wins.c
+++ b/nsswitch/wins.c
@@ -59,10 +59,12 @@ static void nss_wins_init(void)
static struct in_addr *lookup_byname_backend(const char *name, int *count)
{
- TALLOC_CTX *frame = talloc_stackframe();
+ TALLOC_CTX *frame;
struct sockaddr_storage *address = NULL;
struct in_addr *ret = NULL;
NTSTATUS status;
+ const char *p;
+ size_t nbt_len;
int j;
if (!initialised) {
@@ -71,6 +73,16 @@ static struct in_addr *lookup_byname_backend(const char
*name, int *count)
*count = 0;
+ nbt_len = strlen(name);
+ if (nbt_len > MAX_NETBIOSNAME_LEN - 1) {
+ return NULL;
+ }
+ p = strchr(name, '.');
+ if (p != NULL) {
+ return NULL;
+ }
+
+ frame = talloc_stackframe();
/* always try with wins first */
status = resolve_wins(name, 0x00, talloc_tos(),
&address, count);
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index c80e255..85af6ed 100644
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -2566,6 +2566,8 @@ NTSTATUS internal_resolve_name(const char *name,
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
int i;
TALLOC_CTX *frame = NULL;
+
[SCM] Samba Shared Repository - branch v4-2-test updated
The branch, v4-2-test has been updated
via 3bd8850 s3-netlogon: Make sure we do not deference a NULL pointer.
via 9988930 CVE-2015-0240: s3: netlogon: Ensure we don't call
talloc_free on an uninitialized pointer.
from bba7796 s3: smbd: SMB2 close. If a file has delete on close, store
the return info before deleting.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-test
- Log -
commit 3bd8850360931145d6015d69b14089c99b370780
Author: Andreas Schneider
Date: Mon Feb 16 10:59:23 2015 +0100
s3-netlogon: Make sure we do not deference a NULL pointer.
This is an additional patch for CVE-2015-0240.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32
Pair-Programmed-With: Michael Adam
Pair-Programmed-With: Andreas Schneider
Signed-off-by: Michael Adam
Signed-off-by: Andreas Schneider
Reviewed-by: Volker Lendecke
Autobuild-User(v4-2-test): Karolin Seeger
Autobuild-Date(v4-2-test): Mon Feb 23 23:07:35 CET 2015 on sn-devel-104
commit 9988930c3524bc0d4a641b04716b3e6389c696fa
Author: Jeremy Allison
Date: Wed Jan 28 14:47:31 2015 -0800
CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an
uninitialized pointer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077
Signed-off-by: Jeremy Allison
Reviewed-by: Stefan Metzmacher
---
Summary of changes:
source3/rpc_server/netlogon/srv_netlog_nt.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c
b/source3/rpc_server/netlogon/srv_netlog_nt.c
index fdcc847..b487c31 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1100,6 +1100,10 @@ static NTSTATUS netr_creds_server_step_check(struct
pipes_struct *p,
bool schannel_global_required = (lp_server_schannel() == true) ?
true:false;
struct loadparm_context *lp_ctx;
+ if (creds_out != NULL) {
+ *creds_out = NULL;
+ }
+
if (schannel_global_required) {
status = schannel_check_required(&p->auth,
computer_name,
@@ -1257,7 +1261,7 @@ NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p,
{
NTSTATUS status = NT_STATUS_OK;
int i;
- struct netlogon_creds_CredentialState *creds;
+ struct netlogon_creds_CredentialState *creds = NULL;
DEBUG(5,("_netr_ServerPasswordSet: %d\n", __LINE__));
@@ -1270,9 +1274,14 @@ NTSTATUS _netr_ServerPasswordSet(struct pipes_struct *p,
unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
+ const char *computer_name = "";
+
+ if (creds != NULL && creds->computer_name != NULL) {
+ computer_name = creds->computer_name;
+ }
DEBUG(2,("_netr_ServerPasswordSet: netlogon_creds_server_step
failed. Rejecting auth "
"request from client %s machine account %s\n",
- r->in.computer_name, creds->computer_name));
+ r->in.computer_name, computer_name));
TALLOC_FREE(creds);
return status;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via c0a463d waf: Only build the wrappers if we enable selftest
via 8e76e26 swrap: Bump version to 1.1.3
via 6ba81a4 swrap: If we remove the socket_info also unlink the unix
socket
via ca9c6c8 swrap: Do not leak the socket_info we just removed.
via e8f56be src: Add support for running with address sanitizer.
via 8dcc02f swrap: Fix the loop for older gcc versions.
from 6e5debf torture: Add netr_setPassword(2) schannel test.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit c0a463d94abb5c50eaca7b1d402c979684f96a97
Author: Andreas Schneider
Date: Mon Feb 23 17:12:46 2015 +0100
waf: Only build the wrappers if we enable selftest
Signed-off-by: Andreas Schneider
Reviewed-by: Michael Adam
Autobuild-User(master): Andreas Schneider
Autobuild-Date(master): Mon Feb 23 22:31:22 CET 2015 on sn-devel-104
commit 8e76e267fe105d77400b7c593499f6d175e3467a
Author: Andreas Schneider
Date: Mon Feb 23 17:19:04 2015 +0100
swrap: Bump version to 1.1.3
Signed-off-by: Andreas Schneider
Reviewed-by: Michael Adam
commit 6ba81a483cf6ab739358eac9e107f79697a9202a
Author: Andreas Schneider
Date: Mon Feb 23 17:18:16 2015 +0100
swrap: If we remove the socket_info also unlink the unix socket
Signed-off-by: Andreas Schneider
Reviewed-by: Stefan Metzmacher
commit ca9c6c8a323614de274678b42740b958a09736d1
Author: Andreas Schneider
Date: Mon Feb 23 17:17:43 2015 +0100
swrap: Do not leak the socket_info we just removed.
Signed-off-by: Andreas Schneider
Reviewed-by: Michael Adam
commit e8f56be3da4b14df9be830d7b4670dc51516e0b2
Author: Andreas Schneider
Date: Mon Feb 23 17:16:00 2015 +0100
src: Add support for running with address sanitizer.
If address sanitzer will complain about our hack with variable function
attributes. This disables the checking of it.
Signed-off-by: Andreas Schneider
Reviewed-by: Guenther Deschner
commit 8dcc02f89b48ab07a6a6bc8fa53870f352c766e9
Author: Andreas Schneider
Date: Mon Feb 23 17:15:12 2015 +0100
swrap: Fix the loop for older gcc versions.
Signed-off-by: Andreas Schneider
Reviewed-by: Michael Adam
---
Summary of changes:
lib/socket_wrapper/socket_wrapper.c | 22 --
lib/socket_wrapper/wscript | 2 +-
wscript | 9 +
wscript_build | 13 +
4 files changed, 35 insertions(+), 11 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/socket_wrapper/socket_wrapper.c
b/lib/socket_wrapper/socket_wrapper.c
index d5c343d..1188c4e 100644
--- a/lib/socket_wrapper/socket_wrapper.c
+++ b/lib/socket_wrapper/socket_wrapper.c
@@ -100,6 +100,12 @@ enum swrap_dbglvl_e {
#define DESTRUCTOR_ATTRIBUTE
#endif
+#ifdef HAVE_ADDRESS_SANITIZER_ATTRIBUTE
+#define DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE __attribute__((no_sanitize_address))
+#else
+#define DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE
+#endif
+
#ifdef HAVE_GCC_THREAD_LOCAL_STORAGE
# define SWRAP_THREAD __thread
#else
@@ -452,11 +458,14 @@ static void *swrap_load_lib_handle(enum swrap_lib lib)
#ifdef HAVE_LIBSOCKET
handle = swrap.libsocket_handle;
if (handle == NULL) {
- for (handle = NULL, i = 10; handle == NULL && i >= 0;
i--) {
+ for (i = 10; i >= 0; i--) {
char soname[256] = {0};
snprintf(soname, sizeof(soname),
"libsocket.so.%d", i);
handle = dlopen(soname, flags);
+ if (handle != NULL) {
+ break;
+ }
}
swrap.libsocket_handle = handle;
@@ -474,11 +483,14 @@ static void *swrap_load_lib_handle(enum swrap_lib lib)
}
#endif
if (handle == NULL) {
- for (handle = NULL, i = 10; handle == NULL && i >= 0;
i--) {
+ for (i = 10; i >= 0; i--) {
char soname[256] = {0};
snprintf(soname, sizeof(soname), "libc.so.%d",
i);
handle = dlopen(soname, flags);
+ if (handle != NULL) {
+ break;
+ }
}
swrap.libc_handle = handle;
@@ -592,6 +604,7 @@ static int libc_eventfd(int count, int flags)
}
#endif
+DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE
static int libc_vfcntl(int fd, int cmd, va_list ap)
{
long int args[4];
@@ -643,6 +656,7 @@ static int li
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 3772746 Update latest stable release. from 496265a Announce Samba 4.1.7, 4.0.25 and 3.6.25. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 3772746ed2c3b9603660778f3a34a2f01d8f2c01 Author: Karolin Seeger Date: Mon Feb 23 21:37:40 2015 +0100 Update latest stable release. Signed-off-by: Karolin Seeger --- Summary of changes: latest_stable_release.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/latest_stable_release.html b/latest_stable_release.html index 6a22e45..5010d92 100644 --- a/latest_stable_release.html +++ b/latest_stable_release.html @@ -1,7 +1,7 @@ - Samba 4.1.16 (gzipped) - Release Notes · - Signature + Samba 4.1.17 (gzipped) + Release Notes · + Signature -- Samba Website Repository
[SCM] Socket Wrapper Repository - branch master updated
The branch, master has been updated
via 43d0166 Bump version to 1.1.3
via d459a08 Update ChangeLog
from 4c44ee6 swrap: If we remove the socket_info also unlink the unix
socket
https://git.samba.org/?p=socket_wrapper.git;a=shortlog;h=master
- Log -
commit 43d01669351e007bda10810fea675c0297b9ecd1
Author: Andreas Schneider
Date: Mon Feb 23 15:24:26 2015 +0100
Bump version to 1.1.3
Signed-off-by: Andreas Schneider
Reviewed-by: Michael Adam
commit d459a08a80b9710cf93c11d320fda8a6c0e2e31d
Author: Andreas Schneider
Date: Mon Feb 23 15:23:47 2015 +0100
Update ChangeLog
Signed-off-by: Andreas Schneider
Reviewed-by: Michael Adam
---
Summary of changes:
CMakeLists.txt | 4 ++--
ChangeLog | 5 +
2 files changed, 7 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4c57a62..ee6daa6 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -8,7 +8,7 @@ set(APPLICATION_NAME ${PROJECT_NAME})
set(APPLICATION_VERSION_MAJOR "1")
set(APPLICATION_VERSION_MINOR "1")
-set(APPLICATION_VERSION_PATCH "2")
+set(APPLICATION_VERSION_PATCH "3")
set(APPLICATION_VERSION
"${APPLICATION_VERSION_MAJOR}.${APPLICATION_VERSION_MINOR}.${APPLICATION_VERSION_PATCH}")
@@ -19,7 +19,7 @@ set(APPLICATION_VERSION
"${APPLICATION_VERSION_MAJOR}.${APPLICATION_VERSION_MINO
# Increment AGE. Set REVISION to 0
# If the source code was changed, but there were no interface changes:
# Increment REVISION.
-set(LIBRARY_VERSION "0.1.2")
+set(LIBRARY_VERSION "0.1.3")
set(LIBRARY_SOVERSION "0")
# where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is
checked
diff --git a/ChangeLog b/ChangeLog
index 052abb6..c5b6019 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,11 @@
ChangeLog
==
+version 1.1.3 (released 2015-02-23)
+ * Added support for address sanitizer.
+ * Fixed leaking of memory and fds of stale sockets.
+ * Fixed the library loading code.
+
version 1.1.2 (released 2014-10-01)
* Added support for fnctl(F_DUPFD).
* Added support for glibc 2.20.90.
--
Socket Wrapper Repository
[SCM] Socket Wrapper Repository - branch master updated
The branch, master has been updated
via 4c44ee6 swrap: If we remove the socket_info also unlink the unix
socket
from a12559d torture: Increase time to wait for pid file.
https://git.samba.org/?p=socket_wrapper.git;a=shortlog;h=master
- Log -
commit 4c44ee6bdba65d2857d83e80ffc7b6a1dd478f45
Author: Andreas Schneider
Date: Tue Feb 3 17:07:18 2015 +0100
swrap: If we remove the socket_info also unlink the unix socket
Signed-off-by: Andreas Schneider
Reviewed-by: Stefan Metzmacher
---
Summary of changes:
src/socket_wrapper.c | 3 +++
1 file changed, 3 insertions(+)
Changeset truncated at 500 lines:
diff --git a/src/socket_wrapper.c b/src/socket_wrapper.c
index eb1d67f..1188c4e 100644
--- a/src/socket_wrapper.c
+++ b/src/socket_wrapper.c
@@ -1418,6 +1418,9 @@ static void swrap_remove_stale(int fd)
if (si->fds == NULL) {
SWRAP_DLIST_REMOVE(sockets, si);
+ if (si->un_addr.sun_path[0] != '\0') {
+ unlink(si->un_addr.sun_path);
+ }
free(si);
}
}
--
Socket Wrapper Repository
[SCM] Samba Shared Repository - branch v4-1-test updated
The branch, v4-1-test has been updated via dd89495 VERSION: Bump version up to 4.1.18. via 87c7063 VERSION: Disable git snapshots for the 4.1.17 release. via 563010d WHATSNEW: Add release notes for Samba 4.1.17. via 4a312e2 s3-netlogon: Make sure we do not deference a NULL pointer. via 2b037f7 CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer. from 99fe2d6 s3: smbclient: Allinfo leaves the file handle open. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-1-test - Log - commit dd89495cc926aa9c8d5fd33d89bdd5e4a6d907e1 Author: Karolin Seeger Date: Mon Feb 23 14:38:08 2015 +0100 VERSION: Bump version up to 4.1.18. Signed-off-by: Karolin Seeger commit 87c7063c265ed9f264f34c73595a47b561796c04 Author: Karolin Seeger Date: Sat Feb 21 21:04:20 2015 +0100 VERSION: Disable git snapshots for the 4.1.17 release. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077 CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability. Signed-off-by: Karolin Seeger commit 563010d828c66461552a62b64ce79682d3d157bb Author: Karolin Seeger Date: Sat Feb 21 21:07:08 2015 +0100 WHATSNEW: Add release notes for Samba 4.1.17. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077 CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability. Signed-off-by: Karolin Seeger commit 4a312e279c1373c791406bd42aded265f07db008 Author: Andreas Schneider Date: Mon Feb 16 10:59:23 2015 +0100 s3-netlogon: Make sure we do not deference a NULL pointer. This is an additional patch for CVE-2015-0240. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32 Pair-Programmed-With: Michael Adam Pair-Programmed-With: Andreas Schneider Signed-off-by: Michael Adam Signed-off-by: Andreas Schneider Reviewed-by: Volker Lendecke commit 2b037f7e3ad5093fa8e715905f2f0379ad5552f4 Author: Jeremy Allison Date: Wed Jan 28 14:47:31 2015 -0800 CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077 Signed-off-by: Jeremy Allison Reviewed-by: Stefan Metzmacher --- Summary of changes: VERSION | 4 +- WHATSNEW.txt| 62 +++-- source3/rpc_server/netlogon/srv_netlog_nt.c | 13 +- 3 files changed, 72 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index d5fd4a8..5237bce 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=1 -SAMBA_VERSION_RELEASE=17 +SAMBA_VERSION_RELEASE=18 # If a official release has a serious bug # @@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE= # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # -> "3.0.0-SVN-build-199" # -SAMBA_VERSION_IS_GIT_SNAPSHOT=yes +SAMBA_VERSION_IS_GIT_SNAPSHOT=no # This is for specifying a release nickname# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 81a1d56..48ebdf9 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,62 @@ == + Release Notes for Samba 4.1.17 + February 23, 2015 + == + + +This is a security release in order to address CVE-2015-0240 (Unexpected +code execution in smbd). + +o CVE-2015-0240: + All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an + unexpected code execution vulnerability in the smbd file server + daemon. + + A malicious client could send packets that may set up the stack in + such a way that the freeing of memory in a subsequent anonymous + netlogon packet could allow execution of arbitrary code. This code + would execute with root privileges. + + +Changes since 4.1.16: +- + +o Jeremy Allison +* BUG 11077: CVE-2015-0240: talloc free on uninitialized stack pointer + in netlogon server could lead to security vulnerability. + + +o Andreas Schneider +* BUG 11077: CVE-2015-0240: s3-netlogon: Make sure we do not deference + a NULL pointer. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mai
[SCM] Samba Shared Repository - branch v3-6-stable updated
The branch, v3-6-stable has been updated via 5f5a01e VERSION: Bump version up to 3.6.26. from f7c3d29 WHATSNEW: Add release notes for Samba 3.6.25. https://git.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable - Log - commit 5f5a01e0b10d0037bd0d144fda26170608d72107 Author: Karolin Seeger Date: Mon Feb 23 14:41:02 2015 +0100 VERSION: Bump version up to 3.6.26. Signed-off-by: Karolin Seeger --- Summary of changes: source3/VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/VERSION b/source3/VERSION index c56e599..1bc3698 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=6 -SAMBA_VERSION_RELEASE=25 +SAMBA_VERSION_RELEASE=26 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 1a13242 VERSION: Bump version up to 4.0.26. via 31b74e8 VERSION: Disable git snapshots for the 3.0.25 release. via bad8f6d WHATSNEW: Add release notes for Samba 3.0.25. via 1d573da auth: Make sure that creds_out is initialized with NULL. via 9d5417d s3-netlogon: Make sure we do not deference a NULL pointer. via 43feed1 CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer. from 0d5069f s3: smbclient: Allinfo leaves the file handle open. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 1a13242bc488dad82b0ae5a232933df4936ecff2 Author: Karolin Seeger Date: Mon Feb 23 14:39:52 2015 +0100 VERSION: Bump version up to 4.0.26. Signed-off-by: Karolin Seeger commit 31b74e8602b1d80b56425bf7d6ab94cf2dd316a3 Author: Karolin Seeger Date: Sun Feb 22 14:24:55 2015 +0100 VERSION: Disable git snapshots for the 3.0.25 release. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077 CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability. Signed-off-by: Karolin Seeger commit bad8f6dc6fa6a8c597c92f77e08a7e77b30fdb23 Author: Karolin Seeger Date: Sat Feb 21 21:29:36 2015 +0100 WHATSNEW: Add release notes for Samba 3.0.25. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077 CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability. Signed-off-by: Karolin Seeger commit 1d573daf6c9811d963c8c0b832ffa134a175fddc Author: Andreas Schneider Date: Mon Feb 16 10:56:03 2015 +0100 auth: Make sure that creds_out is initialized with NULL. This is an additional patch for CVE-2015-0240. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32 Pair-Programmed-With: Michael Adam Pair-Programmed-With: Andreas Schneider Signed-off-by: Michael Adam Signed-off-by: Andreas Schneider Reviewed-by: Volker Lendecke commit 9d5417d09fb9fcbc0f0f86a00b728d88781dd3a4 Author: Andreas Schneider Date: Mon Feb 16 10:59:23 2015 +0100 s3-netlogon: Make sure we do not deference a NULL pointer. This is an additional patch for CVE-2015-0240. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32 Pair-Programmed-With: Michael Adam Pair-Programmed-With: Andreas Schneider Signed-off-by: Michael Adam Signed-off-by: Andreas Schneider Reviewed-by: Volker Lendecke commit 43feed106993cbe28b38a101332934b35820a506 Author: Jeremy Allison Date: Wed Jan 28 14:47:31 2015 -0800 CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077 Signed-off-by: Jeremy Allison Reviewed-by: Stefan Metzmacher --- Summary of changes: VERSION | 4 +- WHATSNEW.txt| 60 - libcli/auth/schannel_state_tdb.c| 4 ++ source3/rpc_server/netlogon/srv_netlog_nt.c | 13 ++- 4 files changed, 75 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 705c416..db42d5f 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=25 +SAMBA_VERSION_RELEASE=26 # If a official release has a serious bug # @@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE= # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # -> "3.0.0-SVN-build-199" # -SAMBA_VERSION_IS_GIT_SNAPSHOT=yes +SAMBA_VERSION_IS_GIT_SNAPSHOT=no # This is for specifying a release nickname# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 777997f..80d9c95 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,60 @@ == + Release Notes for Samba 4.0.25 + February 23, 2015 + == + + +This is a security release in order to address CVE-2015-0240 (Unexpected +code execution in smbd). + +o CVE-2015-0240: + All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an + unexpected code execution vulnerability in the smbd file server + daemon. + + A malicious client could send packets that may set up the stack in + such a way that the freeing of memory in a subsequent anonymous + netlogon packet
[SCM] Samba Shared Repository - annotated tag samba-4.0.25 created
The annotated tag, samba-4.0.25 has been created at f590c29d6ec058a221864ce07de9b631133f342d (tag) tagging 4395552a555ebc1993452143c5f65ed9d9d6b4b0 (commit) replaces samba-4.0.24 tagged by Karolin Seeger on Sun Feb 22 14:27:30 2015 +0100 - Log - samba: tag release samba-4.0.25 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEABECAAYFAlTp2UIACgkQbzORW2Vot+oRrgCgkQ/MEGUsgtnQqb1zHehjMKdH 9ksAnR4EqIjEAeH8vi0AW1Jt/ZqzkDzZ =J/oa -END PGP SIGNATURE- Andreas Schneider (2): s3-netlogon: Make sure we do not deference a NULL pointer. auth: Make sure that creds_out is initialized with NULL. Jeremy Allison (1): CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer. Karolin Seeger (4): VERSION: Bump version up to 4.0.25. VERSION: Re-enable git snapshots. WHATSNEW: Add release notes for Samba 3.0.25. VERSION: Disable git snapshots for the 3.0.25 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-stable updated
The branch, v3-6-stable has been updated via f7c3d29 WHATSNEW: Add release notes for Samba 3.6.25. via a470a8a auth: Make sure that creds_out is initialized with NULL. via 3504106 s3-netlogon: Make sure we do not deference a NULL pointer. via 4661fa5 CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer. from 6e1ba4c CVE-2014-0178 patch for 3.6 https://git.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable - Log - commit f7c3d2984be6aaae711ff144e929b5e5dc98a03e Author: Karolin Seeger Date: Sun Feb 22 15:11:32 2015 +0100 WHATSNEW: Add release notes for Samba 3.6.25. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077 CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10549 CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response Signed-off-by: Karolin Seeger commit a470a8ae13abca48e5887fac463430cc78bccfea Author: Andreas Schneider Date: Mon Feb 16 10:56:03 2015 +0100 auth: Make sure that creds_out is initialized with NULL. This is an additional patch for CVE-2015-0240. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32 Pair-Programmed-With: Michael Adam Pair-Programmed-With: Andreas Schneider Signed-off-by: Michael Adam Signed-off-by: Andreas Schneider Reviewed-by: Volker Lendecke commit 3504106c94153a87c5c8e1c0e49f1fff924b0f4d Author: Andreas Schneider Date: Mon Feb 16 10:59:23 2015 +0100 s3-netlogon: Make sure we do not deference a NULL pointer. This is an additional patch for CVE-2015-0240. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32 Pair-Programmed-With: Michael Adam Pair-Programmed-With: Andreas Schneider Signed-off-by: Michael Adam Signed-off-by: Andreas Schneider Reviewed-by: Volker Lendecke commit 4661fa51de4915c96eeb61a74982519076a02c9b Author: Jeremy Allison Date: Wed Jan 28 14:47:31 2015 -0800 CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077 Signed-off-by: Jeremy Allison Reviewed-by: Stefan Metzmacher --- Summary of changes: WHATSNEW.txt| 76 - libcli/auth/schannel_state_tdb.c| 4 ++ source3/rpc_server/netlogon/srv_netlog_nt.c | 13 - 3 files changed, 89 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index aa57ee5..795b7c9 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,76 @@ == + Release Notes for Samba 3.6.25 + February 23, 2015 + == + + +This is a security release in order to address CVE-2015-0240 (Unexpected +code execution in smbd). + +o CVE-2015-0240: + All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an + unexpected code execution vulnerability in the smbd file server + daemon. + + A malicious client could send packets that may set up the stack in + such a way that the freeing of memory in a subsequent anonymous + netlogon packet could allow execution of arbitrary code. This code + would execute with root privileges. + +o CVE-2014-0178: + In preparing a response to an authenticated FSCTL_GET_SHADOW_COPY_DATA + or FSCTL_SRV_ENUMERATE_SNAPSHOTS client request, affected versions of + Samba do not initialize 8 bytes of the 16 byte SRV_SNAPSHOT_ARRAY + response field. The uninitialized buffer is sent back to the client. + + A non-default VFS module providing the get_shadow_copy_data_fn() hook + must be explicitly enabled for Samba to process the aforementioned + client requests. Therefore, only configurations with "shadow_copy" or + "shadow_copy2" specified for the "vfs objects" parameter are vulnerable. + + +Changes since 3.6.24: +- + +o Jeremy Allison +* BUG 11077: CVE-2015-0240: talloc free on uninitialized stack pointer + in netlogon server could lead to security vulnerability. + + +o Jiří Šašek +* BUG 10549: CVE-2014-0178: Fix malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS + response. + + +o Andreas Schneider +* BUG 11077: CVE-2015-0240: s3-netlogon: Make sure we do not deference + a NULL pointer./auth: Make sure that creds_out is initialized with NULL. + + +## +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joini
[SCM] Samba Shared Repository - annotated tag samba-3.6.25 created
The annotated tag, samba-3.6.25 has been created at c4f5686c4107d779cc34ec0a63e495c4df13621e (tag) tagging f7c3d2984be6aaae711ff144e929b5e5dc98a03e (commit) replaces samba-3.6.24 tagged by Karolin Seeger on Sun Feb 22 15:14:14 2015 +0100 - Log - tag samba-3.6.25 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQBU6eQ/bzORW2Vot+oRAhJvAJ9K4XzblJQR8ZsuH0mNNZXR20vPQACfffz2 vTojP0DUlw1Tb4ndt+ijZsU= =pf3P -END PGP SIGNATURE- Andreas Schneider (2): s3-netlogon: Make sure we do not deference a NULL pointer. auth: Make sure that creds_out is initialized with NULL. Jeremy Allison (1): CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer. Jiří Šašek (1): CVE-2014-0178 patch for 3.6 Karolin Seeger (2): VERSION: Bump version up to 3.6.25. WHATSNEW: Add release notes for Samba 3.6.25. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-stable updated
The branch, v4-0-stable has been updated via 4395552 VERSION: Disable git snapshots for the 3.0.25 release. via 28babc0 WHATSNEW: Add release notes for Samba 3.0.25. via 5b833f0 auth: Make sure that creds_out is initialized with NULL. via 1981e7a s3-netlogon: Make sure we do not deference a NULL pointer. via 6ae0a8a CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer. via 4060da4 VERSION: Re-enable git snapshots. via 3865c60 VERSION: Bump version up to 4.0.25. from 3be3266 VERSION: Disable git snapshots for the 4.0.24 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-0-stable - Log - commit 4395552a555ebc1993452143c5f65ed9d9d6b4b0 Author: Karolin Seeger Date: Sun Feb 22 14:24:55 2015 +0100 VERSION: Disable git snapshots for the 3.0.25 release. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077 CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability. Signed-off-by: Karolin Seeger commit 28babc08730e3605d21fb35d3c882a2756d8cd74 Author: Karolin Seeger Date: Sat Feb 21 21:29:36 2015 +0100 WHATSNEW: Add release notes for Samba 3.0.25. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077 CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability. Signed-off-by: Karolin Seeger commit 5b833f080ec38c08030343b2fd2166b98a5b5d2c Author: Andreas Schneider Date: Mon Feb 16 10:56:03 2015 +0100 auth: Make sure that creds_out is initialized with NULL. This is an additional patch for CVE-2015-0240. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32 Pair-Programmed-With: Michael Adam Pair-Programmed-With: Andreas Schneider Signed-off-by: Michael Adam Signed-off-by: Andreas Schneider Reviewed-by: Volker Lendecke commit 1981e7a4ddfcc6cf50b6f3462b6b88be9591a5cc Author: Andreas Schneider Date: Mon Feb 16 10:59:23 2015 +0100 s3-netlogon: Make sure we do not deference a NULL pointer. This is an additional patch for CVE-2015-0240. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32 Pair-Programmed-With: Michael Adam Pair-Programmed-With: Andreas Schneider Signed-off-by: Michael Adam Signed-off-by: Andreas Schneider Reviewed-by: Volker Lendecke commit 6ae0a8ad8d88f8b4793901332ac6c50de046ce53 Author: Jeremy Allison Date: Wed Jan 28 14:47:31 2015 -0800 CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077 Signed-off-by: Jeremy Allison Reviewed-by: Stefan Metzmacher commit 4060da402b0518dc16d4119d87ae187a68a20cd7 Author: Karolin Seeger Date: Sun Feb 22 14:21:34 2015 +0100 VERSION: Re-enable git snapshots. Signed-off-by: Karolin Seeger commit 3865c60eb57297f41c41c7baaae02059934845b7 Author: Karolin Seeger Date: Thu Jan 15 12:12:10 2015 +0100 VERSION: Bump version up to 4.0.25. Signed-off-by: Karolin Seeger (cherry picked from commit f9693a1766b88ce068bb04c88f1a41ce3330e2cc) --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 60 - libcli/auth/schannel_state_tdb.c| 4 ++ source3/rpc_server/netlogon/srv_netlog_nt.c | 13 ++- 4 files changed, 74 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 81f48a9..b7ef305 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=0 -SAMBA_VERSION_RELEASE=24 +SAMBA_VERSION_RELEASE=25 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 777997f..80d9c95 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,60 @@ == + Release Notes for Samba 4.0.25 + February 23, 2015 + == + + +This is a security release in order to address CVE-2015-0240 (Unexpected +code execution in smbd). + +o CVE-2015-0240: + All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an + unexpected code execution vulnerability in the smbd file server + daemon. + + A malicious client could send packets that may set up the stack in + such a way that the freeing of memory in a subsequent anonymous + netlogon packet could allow execution of arbitrary code. This code + would execute with root
[SCM] Samba Shared Repository - branch v4-1-stable updated
The branch, v4-1-stable has been updated via 492c673 VERSION: Disable git snapshots for the 4.1.17 release. via 8f38d4b WHATSNEW: Add release notes for Samba 4.1.17. via a9a513c s3-netlogon: Make sure we do not deference a NULL pointer. via 1996b18 CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer. via 5a59b1a VERSION: Re-enable git snapshots. via e001101 VERSION: Bump version up to 4.1.17. from 1e682c3 VERSION: Disable git snapshots for the 4.1.16 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable - Log - commit 492c673de07d68e0e937ca584302fef577318b24 Author: Karolin Seeger Date: Sat Feb 21 21:04:20 2015 +0100 VERSION: Disable git snapshots for the 4.1.17 release. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077 CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability. Signed-off-by: Karolin Seeger commit 8f38d4b5e4ba45d8cc365e150f6e259d8272367c Author: Karolin Seeger Date: Sat Feb 21 21:07:08 2015 +0100 WHATSNEW: Add release notes for Samba 4.1.17. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077 CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability. Signed-off-by: Karolin Seeger commit a9a513c926209aa084991528d0f6ab84b20da5f7 Author: Andreas Schneider Date: Mon Feb 16 10:59:23 2015 +0100 s3-netlogon: Make sure we do not deference a NULL pointer. This is an additional patch for CVE-2015-0240. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32 Pair-Programmed-With: Michael Adam Pair-Programmed-With: Andreas Schneider Signed-off-by: Michael Adam Signed-off-by: Andreas Schneider Reviewed-by: Volker Lendecke commit 1996b18510a63a2619d813113c6b57e4654be318 Author: Jeremy Allison Date: Wed Jan 28 14:47:31 2015 -0800 CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077 Signed-off-by: Jeremy Allison Reviewed-by: Stefan Metzmacher commit 5a59b1a8184fe3b483e4f19e024de39b667041ef Author: Karolin Seeger Date: Tue Feb 10 21:30:36 2015 +0100 VERSION: Re-enable git snapshots. Signed-off-by: Karolin Seeger commit e001101a9cd49dadc5b818cc7a0c490a305099eb Author: Karolin Seeger Date: Thu Jan 15 12:10:58 2015 +0100 VERSION: Bump version up to 4.1.17. Signed-off-by: Karolin Seeger (cherry picked from commit c4e46cd4e32ef5bf25f3a21f74bb40dfb1dd3c0d) --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 62 +++-- source3/rpc_server/netlogon/srv_netlog_nt.c | 13 +- 3 files changed, 71 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 47509cb..8876650 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=1 -SAMBA_VERSION_RELEASE=16 +SAMBA_VERSION_RELEASE=17 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 81a1d56..48ebdf9 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,62 @@ == + Release Notes for Samba 4.1.17 + February 23, 2015 + == + + +This is a security release in order to address CVE-2015-0240 (Unexpected +code execution in smbd). + +o CVE-2015-0240: + All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an + unexpected code execution vulnerability in the smbd file server + daemon. + + A malicious client could send packets that may set up the stack in + such a way that the freeing of memory in a subsequent anonymous + netlogon packet could allow execution of arbitrary code. This code + would execute with root privileges. + + +Changes since 4.1.16: +- + +o Jeremy Allison +* BUG 11077: CVE-2015-0240: talloc free on uninitialized stack pointer + in netlogon server could lead to security vulnerability. + + +o Andreas Schneider +* BUG 11077: CVE-2015-0240: s3-netlogon: Make sure we do not deference + a NULL pointer. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. +
[SCM] Samba Shared Repository - annotated tag samba-4.1.17 created
The annotated tag, samba-4.1.17 has been created at 4c0e2aef23162c3582019a0fe51f2b75ed3aee22 (tag) tagging 492c673de07d68e0e937ca584302fef577318b24 (commit) replaces samba-4.1.16 tagged by Karolin Seeger on Sat Feb 21 21:11:57 2015 +0100 - Log - samba: tag release samba-4.1.17 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEABECAAYFAlTo5o0ACgkQbzORW2Vot+rk2gCeO2gF5R5VSgGg4aAcnXONaJLk l5EAniyBF4cEH4mNt4lEN6CvYHmL7XrV =SdnH -END PGP SIGNATURE- Andreas Schneider (1): s3-netlogon: Make sure we do not deference a NULL pointer. Jeremy Allison (1): CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer. Karolin Seeger (4): VERSION: Bump version up to 4.1.17. VERSION: Re-enable git snapshots. WHATSNEW: Add release notes for Samba 4.1.17. VERSION: Disable git snapshots for the 4.1.17 release. --- -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 496265a Announce Samba 4.1.7, 4.0.25 and 3.6.25. from 09703db Our lists are now only on lists.samba.org https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 496265ab221a5f2781a721a377f967aecc55b34b Author: Karolin Seeger Date: Mon Feb 23 11:02:47 2015 +0100 Announce Samba 4.1.7, 4.0.25 and 3.6.25. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077 CVE-2015-0240 (Unexpected code execution in smbd). Signed-off-by: Karolin Seeger --- Summary of changes: generated_news/latest_10_bodies.html| 33 +-- generated_news/latest_10_headlines.html | 5 ++- generated_news/latest_2_bodies.html | 31 +- history/header_history.html | 3 ++ history/samba-3.6.25.html | 65 + history/samba-4.0.25.html | 49 ++ history/samba-4.1.17.html | 49 ++ history/security.html | 19 + security/CVE-2015-0240.html | 73 + 9 files changed, 303 insertions(+), 24 deletions(-) create mode 100755 history/samba-3.6.25.html create mode 100755 history/samba-4.0.25.html create mode 100755 history/samba-4.1.17.html create mode 100644 security/CVE-2015-0240.html Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index b23c8f2..743799b 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,24 @@ + 23 February 2015 + Samba 4.1.17, 4.0.25 and 3.6.25 Security + Releases Available for Download + These are security releases in order to address + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240";>CVE-2015-0240 + (Unexpected code execution in smbd). + + + The uncompressed tarballs and patch files have been signed + using GnuPG (ID 6568B7EA). + + The source code can be downloaded here: + http://samba.org/samba/ftp/stable/samba-4.1.17.tar.gz";>download + Samba 4.1.17, + http://samba.org/samba/ftp/stable/samba-4.0.25.tar.gz";>download + Samba 4.0.25, + http://samba.org/samba/ftp/stable/samba-3.6.25.tar.gz";>download + Samba 3.6.25. + + + 29 January 2015 Call for Papers SambaXP 2015 From May 19th to 21st 2015 developers and users will meet again in @@ -112,15 +133,3 @@ using GnuPG (ID 6568B7EA). The source code can be https://download.samba.org/pub/samba/rc/samba-4.2.0rc2.tar.gz";>downloaded now. See https://download.samba.org/pub/samba/rc/WHATSNEW-4.2.0rc2.txt";> the release notes for more info. - - - 01 October 2014 - Samba 4.2.0rc1 Available for Download - This is the first release candidate of the upcoming Samba 4.2 release - series. - -The uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -https://download.samba.org/pub/samba/rc/samba-4.2.0rc1.tar.gz";>downloaded -now. See https://download.samba.org/pub/samba/rc/WHATSNEW-4.2.0rc1.txt";> -the release notes for more info. diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html index b8c2c93..df0dac2 100644 --- a/generated_news/latest_10_headlines.html +++ b/generated_news/latest_10_headlines.html @@ -1,4 +1,7 @@ +23 February 2015 Samba 4.1.17, 4.0.25 and 3.6.25 Security + Releases Available for Download (CVE-2015-0240) + 29 January 2015 Call for Papers SambaXP 2015 16 January 2015 Samba 4.2.0rc4 Available for @@ -18,6 +21,4 @@ 20 October 2014 Samba 4.1.13 Available for Download 15 October 2014 Samba 4.2.0rc2 Available for Download - -01 October 2014 Samba 4.2.0rc1 Available for Download diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index b311860..390bd00 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -1,3 +1,24 @@ + 23 February 2015 + Samba 4.1.17, 4.0.25 and 3.6.25 Security + Releases Available for Download + These are security releases in order to address + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240";>CVE-2015-0240 + (Unexpected code execution in smbd). + + + The uncompressed tarballs and patch files have been signed + using GnuPG (ID 6568B7EA). + + The source code can be downloaded here: + http://samba.org/samba/ftp/stable/samba-4.1.17.tar.gz";>download + Samba 4.1.17, + http://samba.org/samba/ftp/stable/samba-4.0.25.tar.gz";>download + Samba 4.0.25, + http://samba.org/samba/ftp/stable
