[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 294a1a8 CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function. via 4301505 CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races. via 592e7fa CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function. via 6ff5f0a CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing. via 49ed0b0 CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system. via f6dfdf7 CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success. via e68e73b CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error. via 86f1523 CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns. via 05a9898 CVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir(). via 682d597 CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed. via 3461518 CVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation for making robust. via 0a982be CVE-2017-2619: s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag via 47b6b6f CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir() from 1e0df57 libwbclient: add WBC_SID_NAME_LABEL https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 294a1a8374d413d8af506e962c1d310d9ee79ae5 Author: Jeremy Allison Date: Thu Dec 15 13:06:31 2016 -0800 CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Thu Mar 23 22:55:04 CET 2017 on sn-devel-144 commit 4301505d977449d1995699010bb04682009aa105 Author: Jeremy Allison Date: Thu Dec 15 13:04:46 2016 -0800 CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 592e7fa67b137099b894759e8aa579eea0eb9c4c Author: Jeremy Allison Date: Thu Dec 15 12:56:08 2016 -0800 CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 6ff5f0a75a9ec1aeccf50dff97d4c328fd65f219 Author: Jeremy Allison Date: Thu Dec 15 12:52:13 2016 -0800 CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 49ed0b01d1310f09e321122effed571b8ba852cb Author: Jeremy Allison Date: Mon Dec 19 12:35:32 2016 -0800 CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit f6dfdf7d31967076dbd51ceb35145d28381a6f92 Author: Jeremy Allison Date: Mon Dec 19 12:32:07 2016 -0800 CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit e68e73b8d3c164b882d3cc02685f99f2ea3d2880 Author: Jeremy Allison Date: Mon Dec 19 12:15:59 2016 -0800 CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 86f15237a13a4dd2bca7c9cd81a9e54029d0becc Author: Jeremy Allison Date: Mon Dec 19 12:13:20 2016 -0800 CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 05a9898ddae5566884357f8f66e15e5ba102ef49 Author: Jeremy Allison Date: Mon Dec 19 16:35:00 2016 -0800 CVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir(). Hardens OpenDir against TOC/TOU races. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 682d597ee3b23e9f49e124e1e04e2b288c9a053f Author: Jeremy Allison Date: Mon Dec 19 16:25:26 2016 -0800 CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Sig
[SCM] Samba Shared Repository - branch v4-5-test updated
The branch, v4-5-test has been updated via 8e8ebe5 Changes to make the Solaris C compiler happy. via 968e3e2 Fix for Solaris C compiler. via 19b6c87 ctdb-readonly: Avoid a tight loop waiting for revoke to complete via 85e3446 s3:vfs_expand_msdfs: Do not open the remote address as a file via 9533a55 s3: locking: Update oplock optimization for the leases era ! via cd86895 s3: locking: Move two leases functions into a new file. from d537977 VERSION: Up to Samba 4.5.8. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-5-test - Log - commit 8e8ebe544730d76e9d15ff9512d514c854b51d29 Author: Jeremy Allison Date: Thu Mar 16 09:17:51 2017 -0700 Changes to make the Solaris C compiler happy. Fix Bug 12693 dbwrap_watch.c syntax error before or at: } BUG: https://bugzilla.samba.org/show_bug.cgi?id=12693 Signed-off-by: Tom schulz Reviewed-by: Volker Lendecke Reviewed-by: Jeremy Allison (cherry picked from commit 2780a56d0bb7848e017314a033ef22ee944d8b05) Autobuild-User(v4-5-test): Karolin Seeger Autobuild-Date(v4-5-test): Thu Mar 23 17:08:09 CET 2017 on sn-devel-144 commit 968e3e2fbf1020e4c44ac123f74c379373c76650 Author: Jeremy Allison Date: Thu Mar 16 09:10:52 2017 -0700 Fix for Solaris C compiler. Inspired by comment 4 in bug 12559. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12559 Signed-off-by: Tom Schulz Reviewed-by: Jeremy Allison Reviewed-by: Martin Schwenke (cherry picked from commit 59229276bcf5e2b7fa0ddf3ceb6fd3adccc01f9a) commit 19b6c872bbe8bbc68aeee77e1123ce16d3577538 Author: Amitay Isaacs Date: Tue Mar 14 16:12:55 2017 +1100 ctdb-readonly: Avoid a tight loop waiting for revoke to complete BUG: https://bugzilla.samba.org/show_bug.cgi?id=12697 During revoking readonly delegations, if one of the nodes disappears, then there is no point re-trying revoking readonly delegation. The database needs to be recovered before the revoke operation can succeed. So retry only after a grace period. Signed-off-by: Amitay Isaacs Reviewed-by: Martin Schwenke Autobuild-User(master): Martin Schwenke Autobuild-Date(master): Fri Mar 17 14:05:57 CET 2017 on sn-devel-144 (cherry picked from commit ad758cb869ac83534993caa212abc9fe9905ec68) commit 85e3446176786d0ec21138fe71de641e1401b1ae Author: Andreas Schneider Date: Tue Mar 14 16:12:20 2017 +0100 s3:vfs_expand_msdfs: Do not open the remote address as a file The arguments get passed in the wrong order to read_target_host(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=12687 Signed-off-by: Andreas Schneider (cherry picked from commit 1115f152de9ec25bc9e5e499874b4a7c92c888c0) commit 9533a55ee5ffe430589dcea845851b84876ef656 Author: Jeremy Allison Date: Tue Mar 14 13:34:07 2017 -0700 s3: locking: Update oplock optimization for the leases era ! BUG: https://bugzilla.samba.org/show_bug.cgi?id=12628 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Mar 15 20:04:32 CET 2017 on sn-devel-144 (cherry picked from commit 1c4b15aa5f6707e7bcfc21435e26929fb7f45c0f) commit cd86895e16ab66e003a51df8e80dcfb136654fd5 Author: Jeremy Allison Date: Tue Mar 14 13:23:13 2017 -0700 s3: locking: Move two leases functions into a new file. map_oplock_to_lease_type(), fsp_lease_type(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=12628 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (back ported from commit 125c78ad0b8f9caaef1ba2f1aeb5ec593375fccd) --- Summary of changes: ctdb/server/ctdb_call.c| 8 +++--- source3/include/tldap.h| 6 + source3/lib/dbwrap/dbwrap_watch.c | 2 +- source3/locking/leases_util.c | 55 ++ source3/locking/locking.c | 22 --- source3/locking/proto.h| 4 +++ source3/modules/vfs_expand_msdfs.c | 3 +-- source3/smbd/files.c | 8 -- source3/smbd/oplock.c | 22 --- source3/smbd/proto.h | 2 -- source3/wscript_build | 6 + 11 files changed, 91 insertions(+), 47 deletions(-) create mode 100644 source3/locking/leases_util.c Changeset truncated at 500 lines: diff --git a/ctdb/server/ctdb_call.c b/ctdb/server/ctdb_call.c index 3478419..f9c2922 100644 --- a/ctdb/server/ctdb_call.c +++ b/ctdb/server/ctdb_call.c @@ -1599,7 +1599,6 @@ static int deferred_call_destructor(struct revokechild_deferred_call *deferred_c { struct ctdb_context *ctdb = deferred_call->ctdb; struct revokechild_requeue_h
[SCM] Samba Shared Repository - branch v4-6-test updated
The branch, v4-6-test has been updated via 32f7ba9 Changes to make the Solaris C compiler happy. via 36a2ee2 lib/crypto: implement samba.crypto Python module for RC4 via 137b26f Fix for Solaris C compiler. via e418059 s3:libsmb: Only print error message if kerberos use is forced via 177dba4 ctdb-readonly: Avoid a tight loop waiting for revoke to complete via 71b8b1d s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes. via 9c8b11b s3:vfs_expand_msdfs: Do not open the remote address as a file via 1fc5090 testprogs: Test 'net ads join' with a dedicated keytab via a54601e param: Allow to specify kerberos method on the commandline via 6717c67 s3:libads: Correctly handle the keytab kerberos methods via 323ba48 krb5_wrap: Print a warning for an invalid keytab name via 0abbc39 testprogs: Correctly expand shell parameters via d6c9486 auth/credentials: Always set the the realm if we set the principal from the ccache via 906c8a3 s3-gse: move krb5 fallback to smb_gss_krb5_import_cred wrapper via 9bf6381 s3-gse: convert to use smb_gss_krb5_import_cred via 92e6351 libads: convert to use smb_gss_krb5_import_cred via 4b74d31 credentials_krb5: convert to use smb_gss_krb5_import_cred via cb44a31 lib/krb5_wrap: add smb_gss_krb5_import_cred wrapper via 7f963d9 gssapi: check for gss_acquire_cred_from from c47fee6 VERSION: Bump version up to 4.6.2. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test - Log - commit 32f7ba9dad215dd177a19b9c04d35c9e4d69f77e Author: Jeremy Allison Date: Thu Mar 16 09:17:51 2017 -0700 Changes to make the Solaris C compiler happy. Fix Bug 12693 dbwrap_watch.c syntax error before or at: } BUG: https://bugzilla.samba.org/show_bug.cgi?id=12693 Signed-off-by: Tom schulz Reviewed-by: Volker Lendecke Reviewed-by: Jeremy Allison (cherry picked from commit 2780a56d0bb7848e017314a033ef22ee944d8b05) Autobuild-User(v4-6-test): Karolin Seeger Autobuild-Date(v4-6-test): Thu Mar 23 16:58:20 CET 2017 on sn-devel-144 commit 36a2ee20bcbad64d61a51fd395565a4fb63075ca Author: Alexander Bokovoy Date: Fri Mar 10 16:20:06 2017 +0200 lib/crypto: implement samba.crypto Python module for RC4 Implement a small Python module that exposes arcfour_crypt_blob() function widely used in Samba C code. When Samba Python bindings are used to call LSA CreateTrustedDomainEx2, there is a need to encrypt trusted credentials with RC4 cipher. Current Samba Python code relies on Python runtime to provide RC4 cipher. However, in FIPS 140-2 mode system crypto libraries do not provide access RC4 cipher at all. According to Microsoft dochelp team, Windows is treating AuthenticationInformation blob encryption as 'plain text' in terms of FIPS 140-2, thus doing application-level encryption. Replace samba.arcfour_encrypt() implementation with a call to samba.crypto.arcfour_crypt_blob(). Signed-off-by: Alexander Bokovoy Reviewed-by: Simo Sorce Reviewed-by: Guenther Deschner Autobuild-User(master): Günther Deschner Autobuild-Date(master): Wed Mar 15 01:30:24 CET 2017 on sn-devel-144 (cherry picked from commit bbeef554f2c15e739f6095fcb57d9ef6646b411c) BUG: https://bugzilla.samba.org/show_bug.cgi?id=12690 Include samba.crypto Python module to 4.6 commit 137b26fd57fb029e3957c4048805612fb9a5e223 Author: Jeremy Allison Date: Thu Mar 16 09:10:52 2017 -0700 Fix for Solaris C compiler. Inspired by comment 4 in bug 12559. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12559 Signed-off-by: Tom Schulz Reviewed-by: Jeremy Allison Reviewed-by: Martin Schwenke (cherry picked from commit 59229276bcf5e2b7fa0ddf3ceb6fd3adccc01f9a) commit e418059fbd799700776a4fe80b80437123b7bc57 Author: Andreas Schneider Date: Mon Mar 20 16:08:20 2017 +0100 s3:libsmb: Only print error message if kerberos use is forced BUG: https://bugzilla.samba.org/show_bug.cgi?id=12704 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Tue Mar 21 14:25:54 CET 2017 on sn-devel-144 (cherry picked from commit c0e196b2238914f88015c0f8a9073beee473120b) commit 177dba42d0625be450c0ffba6ee0be090fab615e Author: Amitay Isaacs Date: Tue Mar 14 16:12:55 2017 +1100 ctdb-readonly: Avoid a tight loop waiting for revoke to complete BUG: https://bugzilla.samba.org/show_bug.cgi?id=12697 During revoking readonly delegations, if one of the nodes disappears, then there is no point re-trying revoking readonly delegation. The database needs to be recovered
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1e0df57 libwbclient: add WBC_SID_NAME_LABEL via ac2622e libcli/security: add SID_NAME_LABEL to sid_type_lookup() via 1161e11 lsa.idl: add SID_NAME_LABEL via 3a5d76f netlogon.idl: make netr_LogonInfoClass public from 2901fe8 net: Don't crash if lsa_LookupPrivDisplayName returns NULL https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1e0df575bc32499f5249fe3fc78745bffdaff5a6 Author: Stefan Metzmacher Date: Mon Mar 20 13:56:03 2017 +0100 libwbclient: add WBC_SID_NAME_LABEL Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Thu Mar 23 12:55:26 CET 2017 on sn-devel-144 commit ac2622ee86eb1acab7e2d6e14fe5f277d5f52e1a Author: Stefan Metzmacher Date: Mon Mar 20 13:50:59 2017 +0100 libcli/security: add SID_NAME_LABEL to sid_type_lookup() Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison commit 1161e11d48f41e21720d3ba88dca2ef4321f29c5 Author: Stefan Metzmacher Date: Mon Mar 20 13:50:36 2017 +0100 lsa.idl: add SID_NAME_LABEL Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison commit 3a5d76f092bbacc2b5eee2de509761670c95531f Author: Stefan Metzmacher Date: Fri Mar 17 19:28:16 2017 +0100 netlogon.idl: make netr_LogonInfoClass public Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison --- Summary of changes: libcli/security/util_sid.c| 3 ++- librpc/idl/lsa.idl| 3 ++- librpc/idl/netlogon.idl | 2 +- nsswitch/libwbclient/tests/wbclient.c | 2 ++ nsswitch/libwbclient/wbc_sid.c| 1 + nsswitch/libwbclient/wbclient.h | 4 +++- 6 files changed, 11 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c index ac44876..0709a7a 100644 --- a/libcli/security/util_sid.c +++ b/libcli/security/util_sid.c @@ -189,7 +189,8 @@ static const struct { {SID_NAME_DELETED, "Deleted Account"}, {SID_NAME_INVALID, "Invalid Account"}, {SID_NAME_UNKNOWN, "UNKNOWN"}, - {SID_NAME_COMPUTER, "Computer"} + {SID_NAME_COMPUTER, "Computer"}, + {SID_NAME_LABEL, "Mandatory Label"} }; const char *sid_type_lookup(uint32_t sid_type) diff --git a/librpc/idl/lsa.idl b/librpc/idl/lsa.idl index 66a07e5..68569db 100644 --- a/librpc/idl/lsa.idl +++ b/librpc/idl/lsa.idl @@ -505,7 +505,8 @@ import "misc.idl", "security.idl"; SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */ SID_NAME_INVALID = 7, /* invalid account */ SID_NAME_UNKNOWN = 8, /* oops. */ - SID_NAME_COMPUTER = 9 /* machine */ + SID_NAME_COMPUTER = 9, /* machine */ + SID_NAME_LABEL= 10 /* Mandatory Label */ } lsa_SidType; typedef struct { diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl index 621d537..e4b499f 100644 --- a/librpc/idl/netlogon.idl +++ b/librpc/idl/netlogon.idl @@ -168,7 +168,7 @@ interface netlogon [size_is(length)] uint8 *data; } netr_GenericInfo; - typedef enum { + typedef [public] enum { NetlogonInteractiveInformation = 1, NetlogonNetworkInformation = 2, NetlogonServiceInformation = 3, diff --git a/nsswitch/libwbclient/tests/wbclient.c b/nsswitch/libwbclient/tests/wbclient.c index 0412bed..b3c93a1 100644 --- a/nsswitch/libwbclient/tests/wbclient.c +++ b/nsswitch/libwbclient/tests/wbclient.c @@ -216,6 +216,8 @@ static bool test_wbc_sidtypestring(struct torture_context *tctx) "SID_UNKNOWN", "SID_UNKNOWN failed"); torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_COMPUTER), "SID_COMPUTER", "SID_COMPUTER failed"); + torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_LABEL), +"SID_LABEL", "SID_LABEL failed"); return true; } diff --git a/nsswitch/libwbclient/wbc_sid.c b/nsswitch/libwbclient/wbc_sid.c index cc71b9e..baaeb60 100644 --- a/nsswitch/libwbclient/wbc_sid.c +++ b/nsswitch/libwbclient/wbc_sid.c @@ -1081,6 +1081,7 @@ const char* wbcSidTypeString(enum wbcSidType type) case WBC_SID_NAME_INVALID: return "SID_INVALID"; case WBC_SID_NAME_UNKNOWN: return "SID_UNKNOWN"; case WBC_SID_NAME_COMPUTER: return "SID_COMPUTER"; + case WBC_SID_NAME_LABEL:return "SID_LABEL"; default:return "Unknown type"; } } diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h index 77915b9..ed97a67 100644 --- a/nsswitch/libwbc
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 99988dd Fix hyper reference. from bb0605d Fix filename for the diff against the old versions. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 99988ddfc38199c9c9288061304037f355bd2639 Author: Karolin Seeger Date: Thu Mar 23 10:24:23 2017 +0100 Fix hyper reference. Signed-off-by: Karolin Seeger --- Summary of changes: posted_news/20170323-082106.4.6.1.body.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/posted_news/20170323-082106.4.6.1.body.html b/posted_news/20170323-082106.4.6.1.body.html index 53a9471..6d5369e 100644 --- a/posted_news/20170323-082106.4.6.1.body.html +++ b/posted_news/20170323-082106.4.6.1.body.html @@ -12,7 +12,7 @@ A https://download.samba.org/pub/samba/patches/samba-4.6.0-4.6.1.diffs. See https://www.samba.org/samba/history/samba-4.6.1.html";>the 4.6.1 release notes for more info. The 4.5.7 source code can be https://download.samba.org/pub/samba/stable/samba-4.5.7.tar.gz";>downloaded now. -A https://download.samba.org/pub/samba/patches/samba-4.5.6-4.5.7.diffs.gz>patch against Samba 4.5.6 is also available. +A https://download.samba.org/pub/samba/patches/samba-4.5.6-4.5.7.diffs.gz";>patch against Samba 4.5.6 is also available. See https://www.samba.org/samba/history/samba-4.5.7.html";>the 4.5.7 release notes for more info. The 4.4.12 source code can be https://download.samba.org/pub/samba/stable/samba-4.4.12.tar.gz";>downloaded now. -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-5-test updated
The branch, v4-5-test has been updated via d537977 VERSION: Up to Samba 4.5.8. via 28b3311 Merge tag 'samba-4.5.7' into v4-5-test via 3da28b8 VERSION: Disable GIT_SNAPSHOTS for the 4.5.7 release. via 818dd9e WHATSNEW: Add release notes for Samba 4.5.7. via 3bae150 CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function. via 444d49b CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races. via 7942f9d CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function. via 52a1765 CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing. via e413f14 CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system. via 2594b8b CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success. via 7e915c8 CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error. via 5e75a52 CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns. via 3e2bb3f CVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir(). via 039eb4a CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed. via 92f17bb CVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation for making robust. via 0d6b518 CVE-2017-2619: s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag via 5ef7df6 CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir() via cac3807 VERSION: Bump version up to 4.5.7... via 6226261 replace: Include sysmacros.h via 708b1e2 manpages/vfs_fruit: document global options via f70070c s4/torture: some tests for kernel oplocks via e103ad5 s3/selftest: adopt config.h check from source4 via a54aa79 s3/smbd: fix deferred open with streams and kernel oplocks via 1b5e504 s3/smbd: all callers of defer_open() pass a lck via 5f09845 s3/smbd: remove async_open arg from defer_open() via 5e02ff1 s3/smbd: fix schedule_async_open() timer via 6f7f844 s3/smbd: add and use retry_open() instead of defer_open() in two places via 8707c86 s3/smbd: simplify defer_open() via 32faf95 s3/smbd: req is already validated at the beginning of open_file_ntcreate() via 5263453 s3/smbd: add comments and some reformatting to open_file_ntcreate() via c0d2c63 s3/smbd: add const to get_lease_type() args via 8f4bb3a s3/wscript: fix Linux kernel oplock detection from 73f6042 smbd: Do an early exit on negprot failure https://git.samba.org/?p=samba.git;a=shortlog;h=v4-5-test - Log - commit d537977721ee10d198ced5fd6ab141fe0636e28e Author: Karolin Seeger Date: Thu Mar 23 10:20:48 2017 +0100 VERSION: Up to Samba 4.5.8. Signed-off-by: Karolin Seeger commit 28b331169739c50c0b0565dbae05e996ac967990 Merge: 6226261 3da28b8 Author: Karolin Seeger Date: Thu Mar 23 10:20:28 2017 +0100 Merge tag 'samba-4.5.7' into v4-5-test samba: tag release samba-4.5.7 commit 62262616abadb1dcf840ca3b864a3e4ed5e8db43 Author: Andreas Schneider Date: Thu Jan 5 09:34:36 2017 +0100 replace: Include sysmacros.h In the GNU C Library, "makedev" is defined by . For historical compatibility, it is currently defined by as well, but it is planned to remove this soon. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12686 Signed-off-by: Andreas Schneider Reviewed-by: Volker Lendecke (cherry picked from commit 0127bdd33b251a52c6ffc44b6cb3b82b16a80741) commit 708b1e20f9106743750c2febf52c8367d3875e80 Author: Ralph Boehme Date: Tue Mar 7 18:10:56 2017 +0100 manpages/vfs_fruit: document global options Some options MUST be set in the global section, better document that. Bug: https://bugzilla.samba.org/show_bug.cgi?id=12615 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 0c212c50b59081583572f807cf5214037d1517c4) commit f70070cb0e6b6623b706c192542c508c1c4ddffe Author: Ralph Boehme Date: Wed Mar 1 18:13:35 2017 +0100 s4/torture: some tests for kernel oplocks Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (backported from commit fd03420c4f59d3248b80d07a302d1404ce78b09f) commit e103ad524f307a15d09d573c1215a8dda001042f Author: Ralph Boehme Date: Wed Mar 8 07:18:36 2017 +0100 s3/selftest: adopt config.h check from source4 No change in behaviour. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (backported from commit 6e54d8d2bda2c9232676f8c08c626f22de50f52b) commit a54a
[SCM] Samba Shared Repository - annotated tag samba-4.5.7 created
The annotated tag, samba-4.5.7 has been created at 654a337c688983f5edad4538923668bdaa0d68af (tag) tagging 3da28b834460e8ac8a24853a03bc2317a7d16e53 (commit) replaces samba-4.5.6 tagged by Karolin Seeger on Thu Mar 23 09:16:07 2017 +0100 - Log - samba: tag release samba-4.5.7 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQBY04RHbzORW2Vot+oRAsDcAJoDPwStpkt8/+kYLsTqi207pGnjBgCfVOAA Pis1cagxxV5i5FNVxGtAqHY= =/iDu -END PGP SIGNATURE- Jeremy Allison (11): CVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation for making robust. CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed. CVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir(). CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns. CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error. CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success. CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system. CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing. CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function. CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races. CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function. Karolin Seeger (3): VERSION: Bump version up to 4.5.7... WHATSNEW: Add release notes for Samba 4.5.7. VERSION: Disable GIT_SNAPSHOTS for the 4.5.7 release. Ralph Boehme (2): CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir() CVE-2017-2619: s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-4-test updated
The branch, v4-4-test has been updated via 7086fb6 VERSION: Bump version up to 4.4.13. via f2ae4c7 Merge tag 'samba-4.4.12' into v4-4-test via 3f2864e VERSION: Disable GIT_SNAPSHOTS for the 4.4.12 release via df1ea2b WHATSNEW: Add release notes for Samba 4.4.12. via 9746c7e CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function. via a69b3e2 CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races. via 299cbc7 CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function. via 17b90d6 CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing. via 6165d9a CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system. via af839ae CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success. via 5915e2a CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error. via 8d82052 CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns. via ab1851e CVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir(). via 9178d6d CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed. via 203f454 CVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation for making robust. via 8b56019 CVE-2017-2619: s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag via d295ad1 CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir() via 2a6683c VERSION: Bump version up to Samba 4.4.12... from ca33b7c VERSION: Bump version up to Samba 4.4.12... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-4-test - Log - commit 7086fb6a4d509d2f740ddc61276f25c43c3a5567 Author: Karolin Seeger Date: Thu Mar 23 10:19:07 2017 +0100 VERSION: Bump version up to 4.4.13. Signed-off-by: Karolin Seeger commit f2ae4c7984e06f3109f7ea127f1b2aa5caaa2989 Merge: ca33b7c 3f2864e Author: Karolin Seeger Date: Thu Mar 23 10:18:52 2017 +0100 Merge tag 'samba-4.4.12' into v4-4-test samba: tag release samba-4.4.12 --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 75 - source3/smbd/dir.c | 148 - source3/smbd/open.c | 309 +--- source3/smbd/smb2_query_directory.c | 17 ++ source4/torture/smb2/dir.c | 12 +- 6 files changed, 497 insertions(+), 66 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index c11cddc..b076ad8 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=4 -SAMBA_VERSION_RELEASE=12 +SAMBA_VERSION_RELEASE=13 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 60ee82f..6ab5e5d 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,75 @@ == + Release Notes for Samba 4.4.12 + March 23, 2017 + == + + +This is a security release in order to address the following defect: + +o CVE-2017-2619 (Symlink race allows access outside share definition) + +=== +Details +=== + +o CVE-2017-2619: + All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to + a malicious client using a symlink race to allow access to areas of + the server file system not exported under the share definition. + + Samba uses the realpath() system call to ensure when a client requests + access to a pathname that it is under the exported share path on the + server file system. + + Clients that have write access to the exported part of the file system + via SMB1 unix extensions or NFS to create symlinks can race the server + by renaming a realpath() checked path and then creating a symlink. If + the client wins the race it can cause the server to access the new + symlink target after the exported share path check has been done. This + new symlink target can point to anywhere on the server file system. + + This is a difficult race to win, but theoretically possible. Note that + the proof of concept code supplied wins the race reliably only when + the server is slowed down using the strace utility running on the + server. Exploitation of this bug has not been seen in the wild. + + +Changes since 4.4.11: +- + +o Jeremy Allison + * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share + dir
[SCM] Samba Shared Repository - branch v4-6-test updated
The branch, v4-6-test has been updated via c47fee6 VERSION: Bump version up to 4.6.2. via 0cfe9fa Merge tag 'samba-4.6.1' into v4-6-test via 1a8f3cf VERSION: Disable GIT_SNAPSHOTS for the 4.6.1 release. via 2d44083 WHATSNEW: Add release notes for Samba 4.6.1. via d9475c9 CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function. via 22a8d4e CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races. via 86b913f CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function. via 49edefe CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing. via 7a61eb2 CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system. via 16de606 CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success. via e558347 CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error. via a98b3a1 CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns. via 556f7dd CVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir(). via a028e01 CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed. via 0eae801 CVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation for making robust. via 7609944 CVE-2017-2619: s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag via d7644e3 CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir() via 1325da1 VERSION: Bump version up to 4.6.1... via bef5582 s4:kdc: disable principal based autodetected referral detection via b84c967 HEIMDAL:kdc: make it possible to disable the principal based referral detection via f8ae8e8 s3:gse: Correctly handle external trusts with MIT via 73d13c0 s3:gse: Check if we have a target_princpal set we should use via c2b3115 s3:gse: Move setup of service_principal to update function via 3f67876 s3:gse: Pass down the gensec_security pointer via 38f3e64 krb5_wrap: Remove obsolete smb_krb5_get_principal_from_service_hostname() via bc50ac4 s3:gse: Use smb_krb5_get_realm_from_hostname() via 82898b8 s4:gensec_gssapi: Correctly handle external trusts with MIT via be1e158 s4:gensec_gssapi: Use smb_krb5_get_realm_from_hostname() via 43bc67a s4:gensec_gssapi: Move setup of service_principal to update function via 825bfed s4:gensec-gssapi: Create a helper function to setup server_principal via 97fa6c2 krb5_wrap: Make smb_krb5_get_realm_from_hostname() public via f3940ac krb5_wrap: pass client_realm to smb_krb5_get_realm_from_hostname() via ec8cf1c krb5_wrap: Try to guess the correct realm from the service hostname via eaebcde krb5_wrap: Do not return an empty realm from smb_krb5_get_realm_from_hostname() via 885 testprogs: Add kinit_trusts tests with smbclient4 via 9b10b35 testprogs: Use smbclient by default in test_kinit_trusts via 202604d s4:gensec_gssapi: require a realm in gensec_gssapi_client_start() via 22e473e s4:gensec_gssapi: the value gensec_get_target_principal() should overwrite gensec_get_target_hostname() via c6e5b84 replace: Include sysmacros.h via cc03f50 manpages/vfs_fruit: document global options via 5acfa04 s4/torture: some tests for kernel oplocks via 48a346f s3/selftest: adopt config.h check from source4 via b6cddc1 s3/smbd: fix deferred open with streams and kernel oplocks via b375bae s3/smbd: all callers of defer_open() pass a lck via eeed4ff s3/smbd: remove async_open arg from defer_open() via dcde5b1 s3/smbd: fix schedule_async_open() timer via 1d16e5f s3/smbd: add and use retry_open() instead of defer_open() in two places via dc328aa s3/smbd: simplify defer_open() via 93b789c s3/smbd: req is already validated at the beginning of open_file_ntcreate() via 26f7b6f s3/smbd: add comments and some reformatting to open_file_ntcreate() via d15c966 s3/smbd: add const to get_lease_type() args via 30495b1 s3/wscript: fix Linux kernel oplock detection from 1ad29ae lib/pthreadpool: fix a memory leak https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test - Log - commit c47fee64a6419894713fde18907aff68c7d4c000 Author: Karolin Seeger Date: Thu Mar 23 10:17:00 2017 +0100 VERSION: Bump version up to 4.6.2. Signed-off-by: Karolin Seeger commit 0cfe9fa893a6be61137855904bd2324438925965 Merge: bef5582 1a8f3cf Author: Karolin Seeger Date: Thu Mar 23 10:16:34 2017 +0100 Merge tag 'samba-4.6.1' into v4-6-test samba: tag release samba-4.6.1 commit bef55822f054e7c82bb9093821438b936c8703
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via bb0605d Fix filename for the diff against the old versions. from 358e1a3 NEWS[4.6.1]: Samba 4.6.1, 4.5.7 and 4.4.12 Security Releases Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit bb0605d75cd95714709f85594e08b50879cfc3f4 Author: Karolin Seeger Date: Thu Mar 23 10:07:22 2017 +0100 Fix filename for the diff against the old versions. Signed-off-by: Karolin Seeger --- Summary of changes: posted_news/20170323-082106.4.6.1.body.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/posted_news/20170323-082106.4.6.1.body.html b/posted_news/20170323-082106.4.6.1.body.html index dec66e5..53a9471 100644 --- a/posted_news/20170323-082106.4.6.1.body.html +++ b/posted_news/20170323-082106.4.6.1.body.html @@ -12,11 +12,11 @@ A https://download.samba.org/pub/samba/patches/samba-4.6.0-4.6.1.diffs. See https://www.samba.org/samba/history/samba-4.6.1.html";>the 4.6.1 release notes for more info. The 4.5.7 source code can be https://download.samba.org/pub/samba/stable/samba-4.5.7.tar.gz";>downloaded now. -A https://download.samba.org/pub/samba/patches/patch-4.5.6-4.5.7.diffs.gz";>patch against Samba 4.5.6 is also available. +A https://download.samba.org/pub/samba/patches/samba-4.5.6-4.5.7.diffs.gz>patch against Samba 4.5.6 is also available. See https://www.samba.org/samba/history/samba-4.5.7.html";>the 4.5.7 release notes for more info. The 4.4.12 source code can be https://download.samba.org/pub/samba/stable/samba-4.4.12.tar.gz";>downloaded now. -A https://download.samba.org/pub/samba/patches/patch-4.4.11-4.4.12.diffs.gz";>patch against Samba 4.4.11 is also available. +A https://download.samba.org/pub/samba/patches/samba-4.4.11-4.4.12.diffs.gz";>patch against Samba 4.4.11 is also available. See https://www.samba.org/samba/history/samba-4.4.11.html";>the 4.4.11 release notes for more info. -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-4-stable updated
The branch, v4-4-stable has been updated via 3f2864e VERSION: Disable GIT_SNAPSHOTS for the 4.4.12 release via df1ea2b WHATSNEW: Add release notes for Samba 4.4.12. via 9746c7e CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function. via a69b3e2 CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races. via 299cbc7 CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function. via 17b90d6 CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing. via 6165d9a CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system. via af839ae CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success. via 5915e2a CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error. via 8d82052 CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns. via ab1851e CVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir(). via 9178d6d CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed. via 203f454 CVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation for making robust. via 8b56019 CVE-2017-2619: s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag via d295ad1 CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir() via 2a6683c VERSION: Bump version up to Samba 4.4.12... from fcdc0fa VERSION: Disable GIT_SNAPSHOTS for the Samba 4.4.11 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-4-stable - Log - commit 3f2864eb8567682976a6a9aeaee3481be23d370d Author: Karolin Seeger Date: Fri Mar 17 09:15:05 2017 +0100 VERSION: Disable GIT_SNAPSHOTS for the 4.4.12 release CVE-2017-2619: Symlink race allows access outside share definition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Karolin Seeger commit df1ea2b0514826de0aed15f783dbdf74e2724d87 Author: Karolin Seeger Date: Fri Mar 17 09:13:29 2017 +0100 WHATSNEW: Add release notes for Samba 4.4.12. CVE-2017-2619: Symlink race allows access outside share definition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Karolin Seeger commit 9746c7e15afd85645f69dcefc290c4c63177b4e9 Author: Jeremy Allison Date: Thu Dec 15 13:06:31 2016 -0800 CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit a69b3e285ad50ce38c2c88133daabc11aae905cc Author: Jeremy Allison Date: Thu Dec 15 13:04:46 2016 -0800 CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 299cbc73e0ef0af696c7ee7752ed787f0af7761f Author: Jeremy Allison Date: Thu Dec 15 12:56:08 2016 -0800 CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 17b90d640ac941f00c93d0eefc81ac5e429faaf6 Author: Jeremy Allison Date: Thu Dec 15 12:52:13 2016 -0800 CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 6165d9a0158d40a971d7d72a379d1d436f1b30fb Author: Jeremy Allison Date: Mon Dec 19 12:35:32 2016 -0800 CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit af839aeb5a809d8eb1ec56d0f27e4716e2cbd24b Author: Jeremy Allison Date: Mon Dec 19 12:32:07 2016 -0800 CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 5915e2af1ac21879824b91ce185e6cc584ecdb1a Author: Jeremy Allison Date: Mon Dec 19 12:15:59 2016 -0800 CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 8d8205239b6f08c7b7d1f4a094579b19529fd9ba Author: Jeremy Allison Date: Mon Dec 19 12:13:20 2016 -0800 CVE-2017-2619: s3: smbd: OpenDir_fsp() use earl
[SCM] Samba Shared Repository - branch v4-5-stable updated
The branch, v4-5-stable has been updated via 3da28b8 VERSION: Disable GIT_SNAPSHOTS for the 4.5.7 release. via 818dd9e WHATSNEW: Add release notes for Samba 4.5.7. via 3bae150 CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function. via 444d49b CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races. via 7942f9d CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function. via 52a1765 CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing. via e413f14 CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system. via 2594b8b CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success. via 7e915c8 CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error. via 5e75a52 CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns. via 3e2bb3f CVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir(). via 039eb4a CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed. via 92f17bb CVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation for making robust. via 0d6b518 CVE-2017-2619: s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag via 5ef7df6 CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir() via cac3807 VERSION: Bump version up to 4.5.7... from 4a7d548 VERSION: Disable GIT_SNAPSHOTS for the 4.5.6 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-5-stable - Log - commit 3da28b834460e8ac8a24853a03bc2317a7d16e53 Author: Karolin Seeger Date: Fri Mar 17 11:45:00 2017 +0100 VERSION: Disable GIT_SNAPSHOTS for the 4.5.7 release. CVE-2017-2619: Symlink race allows access outside share definition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Karolin Seeger commit 818dd9eeb5ad7bea631be0b083ae7f77c2146491 Author: Karolin Seeger Date: Fri Mar 17 11:42:44 2017 +0100 WHATSNEW: Add release notes for Samba 4.5.7. CVE-2017-2619: Symlink race allows access outside share definition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Karolin Seeger commit 3bae1508a10689a688b30676bc108f449bc68ddc Author: Jeremy Allison Date: Thu Dec 15 13:06:31 2016 -0800 CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 444d49b6b6d3112c482952dd27d65b39128351ad Author: Jeremy Allison Date: Thu Dec 15 13:04:46 2016 -0800 CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 7942f9d0fe0a19ade1deb345d060197107835ebe Author: Jeremy Allison Date: Thu Dec 15 12:56:08 2016 -0800 CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 52a1765f9c2cac77c8d94ddb0e42dd66cba53678 Author: Jeremy Allison Date: Thu Dec 15 12:52:13 2016 -0800 CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit e413f14abdc26d2d214e06b5b4407b126a74ec4c Author: Jeremy Allison Date: Mon Dec 19 12:35:32 2016 -0800 CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 2594b8bdccb4aecc69c1e01399b006c1abc6d7ad Author: Jeremy Allison Date: Mon Dec 19 12:32:07 2016 -0800 CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 7e915c87a76e4eedcd2abcf84bbdb806e3232976 Author: Jeremy Allison Date: Mon Dec 19 12:15:59 2016 -0800 CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 5e75a5289c1a6bbb72ce6d82a6cf12e8ad2b5b24 Author: Jeremy Allison Date: Mon Dec 19 12:13:20 2016 -0800 CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns.
[SCM] Samba Shared Repository - branch v4-6-stable updated
The branch, v4-6-stable has been updated via 1a8f3cf VERSION: Disable GIT_SNAPSHOTS for the 4.6.1 release. via 2d44083 WHATSNEW: Add release notes for Samba 4.6.1. via d9475c9 CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function. via 22a8d4e CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races. via 86b913f CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function. via 49edefe CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing. via 7a61eb2 CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system. via 16de606 CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success. via e558347 CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error. via a98b3a1 CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns. via 556f7dd CVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir(). via a028e01 CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed. via 0eae801 CVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation for making robust. via 7609944 CVE-2017-2619: s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag via d7644e3 CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir() via 1325da1 VERSION: Bump version up to 4.6.1... from f17816a VERSION: Disable GIT_SNAPSHOTS for the 4.6.0 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-stable - Log - commit 1a8f3cfb4ebc21a0889c7692591ae41a46d7dfb2 Author: Karolin Seeger Date: Fri Mar 17 11:54:34 2017 +0100 VERSION: Disable GIT_SNAPSHOTS for the 4.6.1 release. CVE-2017-2619: Symlink race allows access outside share definition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Karolin Seeger commit 2d44083d28daccdf10934d6badb7a1ef55a90f4b Author: Karolin Seeger Date: Fri Mar 17 11:51:42 2017 +0100 WHATSNEW: Add release notes for Samba 4.6.1. CVE-2017-2619: Symlink race allows access outside share definition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Karolin Seeger commit d9475c95d2eb452f2527f351c1b825dfe45e0fae Author: Jeremy Allison Date: Thu Dec 15 13:06:31 2016 -0800 CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 22a8d4e802b50a73a78c39d12c33397808debbcd Author: Jeremy Allison Date: Thu Dec 15 13:04:46 2016 -0800 CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 86b913f59198d1a397f9136c221f74da0ee7f415 Author: Jeremy Allison Date: Thu Dec 15 12:56:08 2016 -0800 CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 49edefe2ebd9c43e90d4ff295a3fee65c375607a Author: Jeremy Allison Date: Thu Dec 15 12:52:13 2016 -0800 CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 7a61eb2f964b2930dad423bf23c9697ce2503914 Author: Jeremy Allison Date: Mon Dec 19 12:35:32 2016 -0800 CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit 16de60625cdc678c5d14020a6557cbac3d3bf13d Author: Jeremy Allison Date: Mon Dec 19 12:32:07 2016 -0800 CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit e558347120df675fcf65bd9ddba706405d8af3e9 Author: Jeremy Allison Date: Mon Dec 19 12:15:59 2016 -0800 CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Jeremy Allison Reviewed-by: Uri Simchoni commit a98b3a162160567092773cee82e6b396c9dae2cf Author: Jeremy Allison Date: Mon Dec 19 12:13:20 2016 -0800 CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns.
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 358e1a3 NEWS[4.6.1]: Samba 4.6.1, 4.5.7 and 4.4.12 Security Releases Available for Download from 68ec05c update archives site https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 358e1a36512d38b5acc4fb4dbc390a621d3f6b83 Author: Karolin Seeger Date: Thu Mar 23 09:20:22 2017 +0100 NEWS[4.6.1]: Samba 4.6.1, 4.5.7 and 4.4.12 Security Releases Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 3 + history/samba-4.4.12.html | 70 +++ history/samba-4.5.7.html| 70 +++ history/samba-4.6.1.html| 70 +++ history/security.html | 17 + posted_news/20170323-082106.4.6.1.body.html | 22 ++ posted_news/20170323-082106.4.6.1.headline.html | 4 ++ security/CVE-2017-2619.html | 93 + 8 files changed, 349 insertions(+) create mode 100644 history/samba-4.4.12.html create mode 100644 history/samba-4.5.7.html create mode 100644 history/samba-4.6.1.html create mode 100644 posted_news/20170323-082106.4.6.1.body.html create mode 100644 posted_news/20170323-082106.4.6.1.headline.html create mode 100644 security/CVE-2017-2619.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 46b504a..ffb1956 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,7 +9,9 @@ Release Notes + samba-4.6.1 samba-4.6.0 + samba-4.5.7 samba-4.5.6 samba-4.5.5 samba-4.5.4 @@ -17,6 +19,7 @@ samba-4.5.2 samba-4.5.1 samba-4.5.0 + samba-4.4.12 samba-4.4.11 samba-4.4.10 samba-4.4.9 diff --git a/history/samba-4.4.12.html b/history/samba-4.4.12.html new file mode 100644 index 000..935090e --- /dev/null +++ b/history/samba-4.4.12.html @@ -0,0 +1,70 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> +http://www.w3.org/1999/xhtml";> + +Samba 4.4.12 - Release Notes + + +Samba 4.4.12 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.4.12.tar.gz";>Samba 4.4.12 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.4.12.tar.asc";>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.4.11-4.4.12.diffs.gz";>Patch (gzipped) against Samba 4.4.11 +https://download.samba.org/pub/samba/patches/samba-4.4.11-4.4.12.diffs.asc";>Signature + + + + == + Release Notes for Samba 4.4.12 + March 23, 2017 + == + + +This is a security release in order to address the following defect: + +o CVE-2017-2619 (Symlink race allows access outside share definition) + +=== +Details +=== + +o CVE-2017-2619: + All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to + a malicious client using a symlink race to allow access to areas of + the server file system not exported under the share definition. + + Samba uses the realpath() system call to ensure when a client requests + access to a pathname that it is under the exported share path on the + server file system. + + Clients that have write access to the exported part of the file system + via SMB1 unix extensions or NFS to create symlinks can race the server + by renaming a realpath() checked path and then creating a symlink. If + the client wins the race it can cause the server to access the new + symlink target after the exported share path check has been done. This + new symlink target can point to anywhere on the server file system. + + This is a difficult race to win, but theoretically possible. Note that + the proof of concept code supplied wins the race reliably only when + the server is slowed down using the strace utility running on the + server. Exploitation of this bug has not been seen in the wild. + + +Changes since 4.4.11: +- + +o Jeremy Allison <j...@samba.org> + * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share + directory. + +o Ralph Boehme <s...@samba.org> + * BUG 12496: CVE-2017-2619: Symlink race permits opening files outside share + directory. + + + + + + diff --git a/history/samba-4.5.7.html b
[SCM] Samba Shared Repository - annotated tag samba-4.4.12 created
The annotated tag, samba-4.4.12 has been created at d10806a4af5430bd6ee31db1ee335ccba9215d60 (tag) tagging 3f2864eb8567682976a6a9aeaee3481be23d370d (commit) replaces samba-4.4.11 tagged by Karolin Seeger on Thu Mar 23 09:12:44 2017 +0100 - Log - samba: tag release samba-4.4.12 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQBY04N8bzORW2Vot+oRAtYcAJ0fK71YTWsyyBXyM/dWJ6lQi8XQnACeOZum JRlcRLhXCnNXZ47zSDHwTMU= =ag2T -END PGP SIGNATURE- Jeremy Allison (11): CVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation for making robust. CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed. CVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir(). CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns. CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error. CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success. CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system. CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing. CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function. CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races. CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function. Karolin Seeger (3): VERSION: Bump version up to Samba 4.4.12... WHATSNEW: Add release notes for Samba 4.4.12. VERSION: Disable GIT_SNAPSHOTS for the 4.4.12 release Ralph Boehme (2): CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir() CVE-2017-2619: s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-4.6.1 created
The annotated tag, samba-4.6.1 has been created at 90f5841f72744cea3145f06b1c99711c2c3fb19e (tag) tagging 1a8f3cfb4ebc21a0889c7692591ae41a46d7dfb2 (commit) replaces samba-4.6.0 tagged by Karolin Seeger on Thu Mar 23 09:19:58 2017 +0100 - Log - samba: tag release samba-4.6.1 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQBY04UubzORW2Vot+oRAl3GAJ0WIQXaLDiHn6mdNhuIsBwi8WHBswCfZzet l3K1PSH5fiSKlTWF5mzwG/4= =5aXb -END PGP SIGNATURE- Jeremy Allison (11): CVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation for making robust. CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed. CVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir(). CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns. CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error. CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success. CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system. CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing. CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function. CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races. CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function. Karolin Seeger (3): VERSION: Bump version up to 4.6.1... WHATSNEW: Add release notes for Samba 4.6.1. VERSION: Disable GIT_SNAPSHOTS for the 4.6.1 release. Ralph Boehme (2): CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir() CVE-2017-2619: s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag --- -- Samba Shared Repository