date:20171121

[SCM] Samba Shared Repository - branch master updated

2017-11-21 Thread Jeremy Allison

The branch, master has been updated
   via  76f370e libgpo: Fix CID 1422263 Resource leak
   via  4806f05 libgpo: Fix CID 1422262 Explicit null dereferenced
  from  33f88ab s3: smbd: Chain code can return uninitialized memory when 
talloc buffer is grown.

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 76f370edae59d11143edb5983e3277b33d9af422
Author: Volker Lendecke 
Date:   Tue Nov 21 20:41:47 2017 +0100

libgpo: Fix CID 1422263 Resource leak

Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Wed Nov 22 02:03:17 CET 2017 on sn-devel-144

commit 4806f0505e3ab6cd1aedd0e79c81e3a87afb9b18
Author: Volker Lendecke 
Date:   Tue Nov 21 20:30:08 2017 +0100

libgpo: Fix CID 1422262 Explicit null dereferenced

Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 

---

Summary of changes:
 libgpo/pygpo.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c
index a54ddb9..d7bb173 100644
--- a/libgpo/pygpo.c
+++ b/libgpo/pygpo.c
@@ -175,12 +175,16 @@ static int py_ads_init(ADS *self, PyObject *args, 
PyObject *kwds)
}
 
if (lp_obj) {
+   bool ok;
lp_ctx = pytalloc_get_type(lp_obj, struct loadparm_context);
if (lp_ctx == NULL) {
return -1;
}
+   ok = lp_load_initial_only(lp_ctx->szConfigFile);
+   if (!ok) {
+   return -1;
+   }
}
-   if (!lp_load_initial_only(lp_ctx->szConfigFile)) return -1;
 
if (self->cli_creds) {
realm = cli_credentials_get_realm(self->cli_creds);
@@ -244,6 +248,7 @@ static PyObject* py_ads_connect(ADS *self)
if (!strupper_m(self->ads_ptr->auth.realm)) {
PyErr_SetString(PyExc_SystemError, "Failed to strdup");
TALLOC_FREE(frame);
+   SAFE_FREE(passwd);
Py_RETURN_FALSE;
}
 
@@ -251,6 +256,7 @@ static PyObject* py_ads_connect(ADS *self)
if (!ADS_ERR_OK(status)) {
PyErr_SetString(PyExc_SystemError, "ads_connect() 
failed");
TALLOC_FREE(frame);
+   SAFE_FREE(passwd);
Py_RETURN_FALSE;
}
}


-- 
Samba Shared Repository

autobuild[sn-devel-144]: intermittent test failure detected

2017-11-21 Thread autobuild

The autobuild test system (on sn-devel-144) has detected an intermittent 
failing test in 
the current master tree.

The autobuild log of the failure is available here:

   http://git.samba.org/autobuild.flakey.sn-devel-144/2017-11-22-0108/flakey.log

The samba build logs are available here:

   
http://git.samba.org/autobuild.flakey.sn-devel-144/2017-11-22-0108/samba.stderr
   
http://git.samba.org/autobuild.flakey.sn-devel-144/2017-11-22-0108/samba.stdout
  
The top commit at the time of the failure was:

commit 33f88abe6b14cf86360efd98ab4b66520244c2a7
Author: Jeremy Allison 
Date:   Wed Sep 20 11:04:50 2017 -0700

s3: smbd: Chain code can return uninitialized memory when talloc buffer is 
grown.

Ensure we zero out unused grown area.

CVE-2017-15275

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13077

Signed-off-by: Jeremy Allison 

Autobuild-User(master): Karolin Seeger 
Autobuild-Date(master): Tue Nov 21 19:42:22 CET 2017 on sn-devel-144

[SCM] Samba Shared Repository - branch master updated

2017-11-21 Thread Karolin Seeger

The branch, master has been updated
   via  33f88ab s3: smbd: Chain code can return uninitialized memory when 
talloc buffer is grown.
   via  deda043 s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746
  from  8212c34 docs: Fix the "aio r/w size" smb.conf entries

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 33f88abe6b14cf86360efd98ab4b66520244c2a7
Author: Jeremy Allison 
Date:   Wed Sep 20 11:04:50 2017 -0700

s3: smbd: Chain code can return uninitialized memory when talloc buffer is 
grown.

Ensure we zero out unused grown area.

CVE-2017-15275

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13077

Signed-off-by: Jeremy Allison 

Autobuild-User(master): Karolin Seeger 
Autobuild-Date(master): Tue Nov 21 19:42:22 CET 2017 on sn-devel-144

commit deda04389a7e0baddb88d4d611a6f07926776b28
Author: Jeremy Allison 
Date:   Tue Sep 19 16:11:33 2017 -0700

s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746

When setting up the chain, always use 'next->' variables
not the 'req->' one.

Bug discovered by 连一汉 

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13041

Signed-off-by: Jeremy Allison 

---

Summary of changes:
 source3/smbd/process.c |  7 ---
 source3/smbd/reply.c   |  5 +
 source3/smbd/srvstr.c  | 14 ++
 3 files changed, 23 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 11a5ae8..b5f528f 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1855,12 +1855,13 @@ void smb_request_done(struct smb_request *req)
 
next->vuid = SVAL(req->outbuf, smb_uid);
next->tid  = SVAL(req->outbuf, smb_tid);
-   status = smb1srv_tcon_lookup(req->xconn, req->tid,
+   status = smb1srv_tcon_lookup(req->xconn, next->tid,
 now, );
+
if (NT_STATUS_IS_OK(status)) {
-   req->conn = tcon->compat;
+   next->conn = tcon->compat;
} else {
-   req->conn = NULL;
+   next->conn = NULL;
}
next->chain_fsp = req->chain_fsp;
next->inbuf = req->inbuf;
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 9c82ebf..623f83b 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -923,6 +923,11 @@ void reply_tcon_and_X(struct smb_request *req)
}
 
TALLOC_FREE(tcon);
+   /*
+* This tree id is gone. Make sure we can't re-use it
+* by accident.
+*/
+   req->tid = 0;
}
 
if ((passlen > MAX_PASS_LEN) || (passlen >= req->buflen)) {
diff --git a/source3/smbd/srvstr.c b/source3/smbd/srvstr.c
index 56dceba..c2d70b3 100644
--- a/source3/smbd/srvstr.c
+++ b/source3/smbd/srvstr.c
@@ -110,6 +110,20 @@ ssize_t message_push_string(uint8_t **outbuf, const char 
*str, int flags)
DEBUG(0, ("srvstr_push failed\n"));
return -1;
}
+
+   /*
+* Ensure we clear out the extra data we have
+* grown the buffer by, but not written to.
+*/
+   if (buf_size + result < buf_size) {
+   return -1;
+   }
+   if (grow_size < result) {
+   return -1;
+   }
+
+   memset(tmp + buf_size + result, '\0', grow_size - result);
+
set_message_bcc((char *)tmp, smb_buflen(tmp) + result);
 
*outbuf = tmp;


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

2017-11-21 Thread Volker Lendecke

The branch, master has been updated
   via  8212c34 docs: Fix the "aio r/w size" smb.conf entries
  from  c1b4a74 ctdb-common: Add async version of shutdown in sock_daemon

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 8212c34ae409f64615a53f9665134a3e7a04312d
Author: Volker Lendecke 
Date:   Mon Nov 20 17:18:44 2017 +0100

docs: Fix the "aio r/w size" smb.conf entries

Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Volker Lendecke 
Autobuild-Date(master): Tue Nov 21 15:45:20 CET 2017 on sn-devel-144

---

Summary of changes:
 docs-xml/smbdotconf/tuning/aioreadsize.xml  | 15 ++-
 docs-xml/smbdotconf/tuning/aiowritesize.xml | 18 ++
 2 files changed, 16 insertions(+), 17 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/smbdotconf/tuning/aioreadsize.xml 
b/docs-xml/smbdotconf/tuning/aioreadsize.xml
index 0c9cc52..c6028b8 100644
--- a/docs-xml/smbdotconf/tuning/aioreadsize.xml
+++ b/docs-xml/smbdotconf/tuning/aioreadsize.xml
@@ -3,20 +3,17 @@
  type="bytes"
  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc;>
 
-  If Samba has been built with asynchronous I/O support and this
-integer parameter is set to non-zero value,
-Samba will read from file asynchronously when size of request is bigger
+  If this integer parameter is set to a non-zero value,
+Samba will read from files asynchronously when the request size is bigger
 than this value. Note that it happens only for non-chained and non-chaining
 reads and when not using write cache.
-
-  Current implementation of asynchronous I/O in Samba 3.0 does support
-only up to 10 outstanding asynchronous requests, read and write 
combined.
-
+  The only reasonable values for this parameter are 0 (no async I/O) and
+1 (always do async I/O).
   write cache size
   aio write size
 
 
 0
-16384 Use asynchronous I/O for reads bigger 
than 16KB
-request size
+1Always do reads asynchronously
+  
 
diff --git a/docs-xml/smbdotconf/tuning/aiowritesize.xml 
b/docs-xml/smbdotconf/tuning/aiowritesize.xml
index c2ad118..8f42284 100644
--- a/docs-xml/smbdotconf/tuning/aiowritesize.xml
+++ b/docs-xml/smbdotconf/tuning/aiowritesize.xml
@@ -3,20 +3,22 @@
  type="bytes"
  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc;>
 
-  If Samba has been built with asynchronous I/O support and this
-integer parameter is set to non-zero value,
-Samba will write to file asynchronously when size of request is bigger
+  If this integer parameter is set to a non-zero value,
+Samba will write to files asynchronously when the request size is bigger
 than this value. Note that it happens only for non-chained and non-chaining
 reads and when not using write cache.
-
-  Current implementation of asynchronous I/O in Samba 3.0 does support
-only up to 10 outstanding asynchronous requests, read and write 
combined.
+  The only reasonable values for this parameter are 0 (no async I/O) and
+1 (always do async I/O).
+  Compared to  this parameter has
+a smaller effect, most writes should end up in the
+file system cache. Writes that require space allocation might
+benefit most from going asynchronous.
   
   write cache size
   aio read size
 
 
 0
-16384 Use asynchronous I/O for writes bigger 
than 16KB
-request size
+1Always do writes asynchronously
+
 


-- 
Samba Shared Repository

[SCM] Samba Website Repository - branch master updated

2017-11-21 Thread Karolin Seeger

The branch, master has been updated
   via  6e8322d NEWS[4.7.3]: Samba 4.7.3, 4.6.11 and 4.5.15 Security 
Releases Available
   via  ae93136 Add security advisories and update sec page.
   via  be7a5ac Add Samba 4.7.3, 4.6.11 and 4.5.15 to the list.
  from  2d46ea3 Add Samba 4.6.10 to the list.

https://git.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -
commit 6e8322ded20f63979871331ce2c61bd63210b59e
Author: Karolin Seeger <ksee...@samba.org>
Date:   Mon Nov 20 12:22:06 2017 +0100

NEWS[4.7.3]: Samba 4.7.3, 4.6.11 and 4.5.15 Security Releases Available

Signed-off-by: Karolin Seeger <ksee...@samba.org>

commit ae931363c7bfbe4dc41164d2bedcba7c8e407b93
Author: Karolin Seeger <ksee...@samba.org>
Date:   Tue Nov 21 08:54:45 2017 +0100

Add security advisories and update sec page.

Signed-off-by: Karolin Seeger <ksee...@samba.org>

commit be7a5ac1aa81c9ffe450e69c06c6b6424c275adf
Author: Karolin Seeger <ksee...@samba.org>
Date:   Tue Nov 21 08:42:36 2017 +0100

Add Samba 4.7.3, 4.6.11 and 4.5.15 to the list.

Signed-off-by: Karolin Seeger <ksee...@samba.org>

---

Summary of changes:
 history/header_history.html|  3 +
 history/samba-4.5.15.html  | 70 ++
 history/samba-4.6.11.html  | 70 ++
 history/samba-4.7.3.html   | 70 ++
 history/security.html      | 19 ++
 posted_news/20171121-080701.4.7.3.body.html    | 23 +++
 posted_news/20171121-080701.4.7.3.headline.html|  3 +
 .../{CVE-2017-7494.html => CVE-2017-14746.html}| 35 +--
 security/CVE-2017-15275.html   | 69 +
 9 files changed, 345 insertions(+), 17 deletions(-)
 create mode 100644 history/samba-4.5.15.html
 create mode 100644 history/samba-4.6.11.html
 create mode 100644 history/samba-4.7.3.html
 create mode 100644 posted_news/20171121-080701.4.7.3.body.html
 create mode 100644 posted_news/20171121-080701.4.7.3.headline.html
 copy security/{CVE-2017-7494.html => CVE-2017-14746.html} (51%)
 create mode 100644 security/CVE-2017-15275.html


Changeset truncated at 500 lines:

diff --git a/history/header_history.html b/history/header_history.html
index 10a2a78..fea500a 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,9 +9,11 @@
Release Notes


+   samba-4.7.3
samba-4.7.2
samba-4.7.1
samba-4.7.0
+   samba-4.6.11
samba-4.6.10
samba-4.6.9
samba-4.6.8
@@ -23,6 +25,7 @@
samba-4.6.2
samba-4.6.1
samba-4.6.0
+   samba-4.5.15
samba-4.5.14
samba-4.5.13
samba-4.5.12
diff --git a/history/samba-4.5.15.html b/history/samba-4.5.15.html
new file mode 100644
index 000..70db7a8
--- /dev/null
+++ b/history/samba-4.5.15.html
@@ -0,0 +1,70 @@
+http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;>
+http://www.w3.org/1999/xhtml;>
+
+Samba 4.5.15 - Release Notes
+
+
+Samba 4.5.15 Available for Download
+
+https://download.samba.org/pub/samba/stable/samba-4.5.15.tar.gz;>Samba 
4.5.15 (gzipped)
+https://download.samba.org/pub/samba/stable/samba-4.5.15.tar.asc;>Signature
+
+
+https://download.samba.org/pub/samba/patches/samba-4.5.14-4.5.15.diffs.gz;>Patch
 (gzipped) against Samba 4.5.14
+https://download.samba.org/pub/samba/patches/samba-4.5.14-4.5.15.diffs.asc;>Signature
+
+
+
+   ==
+   Release Notes for Samba 4.5.15
+  November 21, 2017
+   ==
+
+
+This is a security release in order to address the following defects:
+
+o  CVE-2017-14746 (Use-after-free vulnerability.)
+o  CVE-2017-15275 (Server heap memory information leak.)
+
+
+===
+Details
+===
+
+o  CVE-2017-14746:
+   All versions of Samba from 4.0.0 onwards are vulnerable to a use after
+   free vulnerability, where a malicious SMB1 request can be used to
+   control the contents of heap memory via a deallocated heap pointer. It
+   is possible this may be used to compromise the SMB server.
+
+o  CVE-2017-15275:
+   All versions of Samba from 3.6.0 onwards are vulnerable to a heap
+   memory information leak, where server allocated heap memory may be
+   returned to the client without being cleared.
+
+   There is no known vulnerability associated with this error, bu

[SCM] Samba Shared Repository - branch v4-7-stable updated

2017-11-21 Thread Karolin Seeger

The branch, v4-7-stable has been updated
   via  d0b59a5 VERSION: Disable GIT_SNAPSHOT for the 4.7.3 release.
   via  6dc9b5f WHATSNEW: Add release notes for Samba 4.7.3.
   via  8c08a4e s3: smbd: Chain code can return uninitialized memory when 
talloc buffer is grown.
   via  7e17418 s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746
   via  70d7a5c VERSION: Bump version up to 4.7.3...
  from  c5bb8ef VERSION: Disable GIT_SNAPSHOT for the 4.7.2 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-stable


- Log -
commit d0b59a548fe77dad16c410b43beecba4feb37214
Author: Karolin Seeger 
Date:   Mon Nov 20 12:16:01 2017 +0100

VERSION: Disable GIT_SNAPSHOT for the 4.7.3 release.

Signed-off-by: Karolin Seeger 

commit 6dc9b5f79fc46bcb9436cb31dad13d869eaf5ade
Author: Karolin Seeger 
Date:   Mon Nov 20 12:15:26 2017 +0100

WHATSNEW: Add release notes for Samba 4.7.3.

Signed-off-by: Karolin Seeger 

commit 8c08a4ec5f9795903703efaff4f7a89671fc355f
Author: Jeremy Allison 
Date:   Wed Sep 20 11:04:50 2017 -0700

s3: smbd: Chain code can return uninitialized memory when talloc buffer is 
grown.

Ensure we zero out unused grown area.

CVE-2017-15275

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13077

Signed-off-by: Jeremy Allison 

commit 7e174187f01e98c4c7eb81576e19b51a6d6f3273
Author: Jeremy Allison 
Date:   Tue Sep 19 16:11:33 2017 -0700

s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746

When setting up the chain, always use 'next->' variables
not the 'req->' one.

Bug discovered by 连一汉 

CVE-2017-14746

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13041

Signed-off-by: Jeremy Allison 

---

Summary of changes:
 VERSION|  2 +-
 WHATSNEW.txt   | 75 --
 source3/smbd/process.c |  7 +++--
 source3/smbd/reply.c   |  5 
 source3/smbd/srvstr.c  | 14 ++
 5 files changed, 97 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 2f5c246..7a17821 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=7
-SAMBA_VERSION_RELEASE=2
+SAMBA_VERSION_RELEASE=3
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8074a83..4e403ae 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,75 @@
=
+   Release Notes for Samba 4.7.3
+ November 21, 2017
+   =
+
+
+This is a security release in order to address the following defects:
+
+o  CVE-2017-14746 (Use-after-free vulnerability.)
+o  CVE-2017-15275 (Server heap memory information leak.)
+
+
+===
+Details
+===
+
+o  CVE-2017-14746:
+   All versions of Samba from 4.0.0 onwards are vulnerable to a use after
+   free vulnerability, where a malicious SMB1 request can be used to
+   control the contents of heap memory via a deallocated heap pointer. It
+   is possible this may be used to compromise the SMB server.
+
+o  CVE-2017-15275:
+   All versions of Samba from 3.6.0 onwards are vulnerable to a heap
+   memory information leak, where server allocated heap memory may be
+   returned to the client without being cleared.
+
+   There is no known vulnerability associated with this error, but
+   uncleared heap memory may contain previously used data that may help
+   an attacker compromise the server via other methods. Uncleared heap
+   memory may potentially contain password hashes or other high-value
+   data.
+
+For more details and workarounds, please see the security advisories:
+
+   o https://www.samba.org/samba/security/CVE-2017-14746.html
+   o https://www.samba.org/samba/security/CVE-2017-15275.html
+
+
+Changes since 4.7.2:
+
+
+o  Jeremy Allison 
+   * BUG 13041: CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug.
+   * BUG 13077: CVE-2017-15275: s3: smbd: Chain code can return uninitialized
+ memory when talloc buffer is grown.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to

[SCM] Samba Shared Repository - branch v4-6-stable updated

2017-11-21 Thread Karolin Seeger

The branch, v4-6-stable has been updated
   via  4878a25 VERSION: Disable GIT_SNAPSHOT for the 4.6.11 release
   via  a3a3053 WHATSNEW: Add release notes for Samba 4.6.11.
   via  3a6b1ba s3: smbd: Chain code can return uninitialized memory when 
talloc buffer is grown.
   via  3ef34e9 s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746
   via  8d7602d VERSION: Re-enable GIT_SNAPSHOT.
   via  1cd9157 VERSION: Bump version up to 4.6.11...
  from  a56f9ed VERSION: Disable GIT_SNAPSHOT for the 4.6.10 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-stable


- Log -
commit 4878a25aea72c0bbd43344ab68d72f88406aacb4
Author: Karolin Seeger 
Date:   Mon Nov 20 11:13:55 2017 +0100

VERSION: Disable GIT_SNAPSHOT for the 4.6.11 release

Signed-off-by: Karolin Seeger 

commit a3a30536fb31c2f48be448cd5b59f7a740855b5d
Author: Karolin Seeger 
Date:   Mon Nov 20 11:10:36 2017 +0100

WHATSNEW: Add release notes for Samba 4.6.11.

Signed-off-by: Karolin Seeger 

commit 3a6b1baeb84ada35745109a11dacab328a1d6a5b
Author: Jeremy Allison 
Date:   Wed Sep 20 11:04:50 2017 -0700

s3: smbd: Chain code can return uninitialized memory when talloc buffer is 
grown.

Ensure we zero out unused grown area.

CVE-2017-15275

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13077

Signed-off-by: Jeremy Allison 

commit 3ef34e983d79746d47c5a894d5325e1a8618dc7a
Author: Jeremy Allison 
Date:   Tue Sep 19 16:11:33 2017 -0700

s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746

When setting up the chain, always use 'next->' variables
not the 'req->' one.

Bug discovered by 连一汉 

CVE-2017-14746

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13041

Signed-off-by: Jeremy Allison 

commit 8d7602dd0defb30dce6b0c4ac5adc67ba936b84b
Author: Karolin Seeger 
Date:   Mon Nov 20 11:09:57 2017 +0100

VERSION: Re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit 1cd91577aed6c9952cd2d88905ba1173e679df05
Author: Karolin Seeger 
Date:   Tue Nov 14 13:01:58 2017 +0100

VERSION: Bump version up to 4.6.11...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 
(cherry picked from commit b196d0efcfaad6ea42ed0873b430ff3d416dd731)

---

Summary of changes:
 VERSION|  2 +-
 WHATSNEW.txt   | 75 --
 source3/smbd/process.c |  7 +++--
 source3/smbd/reply.c   |  5 
 source3/smbd/srvstr.c  | 14 ++
 5 files changed, 97 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 4ccbdb5..c0e85a2 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=6
-SAMBA_VERSION_RELEASE=10
+SAMBA_VERSION_RELEASE=11
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 375d340..8199d91 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,75 @@
==
+   Release Notes for Samba 4.6.11
+  November 21, 2017
+   =
+
+
+This is a security release in order to address the following defects:
+
+o  CVE-2017-14746 (Use-after-free vulnerability.)
+o  CVE-2017-15275 (Server heap memory information leak.)
+
+
+===
+Details
+===
+
+o  CVE-2017-14746:
+   All versions of Samba from 4.0.0 onwards are vulnerable to a use after
+   free vulnerability, where a malicious SMB1 request can be used to
+   control the contents of heap memory via a deallocated heap pointer. It
+   is possible this may be used to compromise the SMB server.
+
+o  CVE-2017-15275:
+   All versions of Samba from 3.6.0 onwards are vulnerable to a heap
+   memory information leak, where server allocated heap memory may be
+   returned to the client without being cleared.
+
+   There is no known vulnerability associated with this error, but
+   uncleared heap memory may contain previously used data that may help
+   an attacker compromise the server via other methods. Uncleared heap
+   memory may potentially contain password hashes or other high-value
+   data.
+
+For more details and workarounds, please see the security advisories:
+
+   o https://www.samba.org/samba/security/CVE-2017-14746.html
+   o https://www.samba.org/samba/security/CVE-2017-15275.html
+
+
+Changes since 4.6.10:

[SCM] Samba Shared Repository - branch v4-5-stable updated

2017-11-21 Thread Karolin Seeger

The branch, v4-5-stable has been updated
   via  f333815 VERSION: Disable GIT_SNAPSHOT for the 4.5.15 release.
   via  d7526d6 WHATSNEW: Add release notes for Samba 4.5.15.
   via  c1a22e5 s3: smbd: Chain code can return uninitialized memory when 
talloc buffer is grown.
   via  007f5b5 s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746
   via  bd200ea python: use communicate to fix Popen deadlock
   via  c28d922 blackbox tests: method to check specific exit codes
   via  21811ac VERSION: Bump version up to 4.5.15...
  from  f261c9a VERSION: Disable GIT_SNAPSHOTS for the 4.5.14 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-5-stable


- Log -
commit f333815481d8f5354f605751b627379ed3b8ae6e
Author: Karolin Seeger 
Date:   Fri Nov 17 11:29:01 2017 +0100

VERSION: Disable GIT_SNAPSHOT for the 4.5.15 release.

Signed-off-by: Karolin Seeger 

commit d7526d66f5412c3421a95e716183eea7c7f50d14
Author: Karolin Seeger 
Date:   Fri Nov 17 11:28:17 2017 +0100

WHATSNEW: Add release notes for Samba 4.5.15.

Signed-off-by: Karolin Seeger 

commit c1a22e59f87783d88dfbaeeb132b89be166b2754
Author: Jeremy Allison 
Date:   Wed Sep 20 11:04:50 2017 -0700

s3: smbd: Chain code can return uninitialized memory when talloc buffer is 
grown.

Ensure we zero out unused grown area.

CVE-2017-15275

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13077

Signed-off-by: Jeremy Allison 

commit 007f5b54d76bf69f441cc277b7f41f478e258aab
Author: Jeremy Allison 
Date:   Tue Sep 19 16:11:33 2017 -0700

s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746

When setting up the chain, always use 'next->' variables
not the 'req->' one.

Bug discovered by 连一汉 

CVE-2017-14746

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13041

Signed-off-by: Jeremy Allison 

commit bd200ea5d2fb7e3948fae8fbeb114de557a14313
Author: Joe Guo 
Date:   Fri Sep 15 16:13:26 2017 +1200

python: use communicate to fix Popen deadlock

`Popen.wait()` will deadlock when using stdout=PIPE and/or stderr=PIPE and 
the
child process generates large output to a pipe such that it blocks waiting 
for
the OS pipe buffer to accept more data. Use communicate() to avoid that.

Signed-off-by: Joe Guo 
Reviewed-by: Douglas Bagnall 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Thu Oct 19 09:27:16 CEST 2017 on sn-devel-144

(cherry picked from commit 5dc773a5b00834c7a53130a73a48f49048bd55e8)

Autobuild-User(v4-5-test): Stefan Metzmacher 
Autobuild-Date(v4-5-test): Tue Nov 14 14:35:22 CET 2017 on sn-devel-144

commit c28d92278842b5b29f954996c6e45d61cd5c35a8
Author: Gary Lockyer 
Date:   Wed Aug 16 13:52:25 2017 +1200

blackbox tests: method to check specific exit codes

Signed-off-by: Gary Lockyer 
Reviewed-by: Douglas Bagnall 
Reviewed-by: Garming Sam 
(cherry picked from commit 74ebcf6dfc84b6aab6838fa99e12808eb6b913d9)

commit 21811ac6882ccb8def448f80a03b699cae81a251
Author: Karolin Seeger 
Date:   Wed Sep 20 13:03:53 2017 +0200

VERSION: Bump version up to 4.5.15...

and re-enable GIT_SNAPSHOTS.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION|  2 +-
 WHATSNEW.txt   | 75 --
 python/samba/tests/__init__.py | 25 ++
 source3/smbd/process.c |  7 ++--
 source3/smbd/reply.c   |  5 +++
 source3/smbd/srvstr.c  | 14 
 6 files changed, 115 insertions(+), 13 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 7d102b0..d874810 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=5
-SAMBA_VERSION_RELEASE=14
+SAMBA_VERSION_RELEASE=15
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index ea845c3..b245e30 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,75 @@
==
+   Release Notes for Samba 4.5.15
+  November 21, 2017
+

[SCM] Samba Shared Repository - annotated tag samba-4.7.3 created

2017-11-21 Thread Karolin Seeger

The annotated tag, samba-4.7.3 has been created
at  dd18d593546e2e5651558da657928e50f76d1e61 (tag)
   tagging  d0b59a548fe77dad16c410b43beecba4feb37214 (commit)
  replaces  samba-4.7.2
 tagged by  Karolin Seeger
on  Mon Nov 20 12:21:46 2017 +0100

- Log -
samba: tag release samba-4.7.3
-BEGIN PGP SIGNATURE-

iEYEABECAAYFAloSusoACgkQbzORW2Vot+qBBACgiqGoaIV7Oar9el8lfK1JSSMJ
ZU4An08CQbXY4lcYMZXPXVGLVgjzSXOq
=/6r8
-END PGP SIGNATURE-

Jeremy Allison (2):
  s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746
  s3: smbd: Chain code can return uninitialized memory when talloc buffer 
is grown.

Karolin Seeger (3):
  VERSION: Bump version up to 4.7.3...
  WHATSNEW: Add release notes for Samba 4.7.3.
  VERSION: Disable GIT_SNAPSHOT for the 4.7.3 release.

---


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - annotated tag samba-4.6.11 created

2017-11-21 Thread Karolin Seeger

The annotated tag, samba-4.6.11 has been created
at  9edc89a482ec1915d76f7ae5de6732ad9c74b6bd (tag)
   tagging  4878a25aea72c0bbd43344ab68d72f88406aacb4 (commit)
  replaces  samba-4.6.10
 tagged by  Karolin Seeger
on  Mon Nov 20 12:05:59 2017 +0100

- Log -
samba: tag release samba-4.6.11
-BEGIN PGP SIGNATURE-

iEYEABECAAYFAloStxcACgkQbzORW2Vot+ri8ACfZXlfqg5bb5j1vEAwruWeTCpG
uQIAn3qZnhg4a8gYqBi5YaT8+mivJJvT
=t3Xd
-END PGP SIGNATURE-

Jeremy Allison (2):
  s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746
  s3: smbd: Chain code can return uninitialized memory when talloc buffer 
is grown.

Karolin Seeger (4):
  VERSION: Bump version up to 4.6.11...
  VERSION: Re-enable GIT_SNAPSHOT.
  WHATSNEW: Add release notes for Samba 4.6.11.
  VERSION: Disable GIT_SNAPSHOT for the 4.6.11 release

---


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - annotated tag samba-4.5.15 created

2017-11-21 Thread Karolin Seeger

The annotated tag, samba-4.5.15 has been created
at  1f2f62060c81bd2e8283f1f8a46d974315e96c99 (tag)
   tagging  f333815481d8f5354f605751b627379ed3b8ae6e (commit)
  replaces  samba-4.5.14
 tagged by  Karolin Seeger
on  Fri Nov 17 12:14:03 2017 +0100

- Log -
samba: tag release samba-4.5.15
-BEGIN PGP SIGNATURE-

iEYEABECAAYFAloOxHsACgkQbzORW2Vot+qKnACgp6xmL5YU6X98gqxS7qGXJ6wD
FQEAoIwuPbGmNtBGTnMYAezfSwo8ltR9
=7k7G
-END PGP SIGNATURE-

Gary Lockyer (1):
  blackbox tests: method to check specific exit codes

Jeremy Allison (2):
  s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746
  s3: smbd: Chain code can return uninitialized memory when talloc buffer 
is grown.

Joe Guo (1):
  python: use communicate to fix Popen deadlock

Karolin Seeger (3):
  VERSION: Bump version up to 4.5.15...
  WHATSNEW: Add release notes for Samba 4.5.15.
  VERSION: Disable GIT_SNAPSHOT for the 4.5.15 release.

---


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

autobuild[sn-devel-144]: intermittent test failure detected

[SCM] Samba Shared Repository - branch master updated

[SCM] Samba Shared Repository - branch master updated

[SCM] Samba Website Repository - branch master updated

[SCM] Samba Shared Repository - branch v4-7-stable updated

[SCM] Samba Shared Repository - branch v4-6-stable updated

[SCM] Samba Shared Repository - branch v4-5-stable updated

[SCM] Samba Shared Repository - annotated tag samba-4.7.3 created

[SCM] Samba Shared Repository - annotated tag samba-4.6.11 created

[SCM] Samba Shared Repository - annotated tag samba-4.5.15 created

11 matches

Site Navigation

Mail list logo

Footer information