Revisions of samba
David Mulder (dmulder)
accepted
request 1149633
from
David Mulder (dmulder)
(revision 689)
- Update to 4.19.5 * Windows 2016 fails to restore previous version of a file from a shadow_copy2 snapshot; (bso#13688). * Symlinks on AIX are broken in 4.19 (and a few version before that); (bso#15549). * Fake directory create times has no effect; (bso#12421). * ctime mixed up with mtime by smbd; (bso#15550). * samba-gpupdate --rsop fails if machine is not in a site; (bso#15548). * gpupdate: The root cert import when NDES is not available is broken; (bso#15557). * samba-gpupdate should print a useful message if cepces-submit can't be found; (bso#15552). * samba-gpupdate logging doesn't work; (bso#15558). * smbpasswd reset permissions only if not 0600; (bso#15555).
Samuel Cabrero (scabrero)
accepted
request 1138091
from
Noel Power (npower)
(revision 688)
Fri Jan 10 12:01:49 UTC 2024 - Noel Power <nopower@suse.com> - Remove -x from bash shebang update-apparmor-samba-profile; (bsc#1218431). - Update to 4.19.4 * net changesecretpw cannot set the machine account password if secrets.tdb is empty; (bso#13577). * For generating doc, take, if defined, env XML_CATALOG_FILES; (bso#15540). * Trivial C typo in nsswitch/winbind_nss_netbsd.c; (bso#15541). * vfs_linux_xfs is incorrectly named; (bso#15542). * systemd stumbled over copyright-message at smbd startup; (bso#15377). * Following intermediate abolute share-local symlinks is broken; (bso#15505). * ctdb RELEASE_IP causes a crash in release_ip if a connection to a non-public address disconnects first; (bso#15523). * shadow_copy2 broken when current fileset's directories are removed; (bso#15544). * smbd does not detect ctdb public ipv6 addresses for multichannel exclusion; (bso#15534). * 'force user = localunixuser' doesn't work if 'allow trusted domains = no' is set; (bso#15469). * smbget debug logging doesn't work; (bso#15525). * smget: username in the smburl and interactive password entry doesn't work; (bso#15532). * smbget auth function doesn't set values for password prompt correctly; (bso#15538). * Unable to copy and write files from clients to Ceph cluster via SMB Linux gateway with Ceph VFS module; (bso#15440).
James McDonough (jmcdough)
accepted
request 1120339
from
David Mulder (dmulder)
(revision 687)
- packaging: samba-tool domain provision requires python3-Markdown; (bsc#1216519).
David Mulder (dmulder)
accepted
request 1118340
from
Samuel Cabrero (scabrero)
(revision 686)
- Update to 4.19.2 * Use-after-free in aio_del_req_from_fsp during smbd shutdown after failed IPC FSCTL_PIPE_TRANSCEIVE; (bso#15423). * clidfs.c do_connect() missing a "return" after a cli_shutdown() call; (bso#15426). * macOS mdfind returns only 50 results; (bso#15463). * GETREALFILENAME_CACHE can modify incoming new filename with previous cache entry value; (bso#15481). * libnss_winbind causes memory corruption since samba-4.18, impacts sendmail, zabbix, potentially more; (bso#15464). * ctdbd: setproctitle not initialized messages flooding logs; (bso#15479). * CVE-2023-5568 Heap buffer overflow with freshness tokens in the Heimdal KDC in Samba 4.19; (bso#15491). * The heimdal KDC doesn't detect s4u2self correctly when fast is in use; (bso#15477). - packaging: Remove /etc/slp.reg.d from samba spec file; (bsc#1216160) - use systemd-logind rather than utmp for y2038 safety; (bsc#1216159).
David Mulder (dmulder)
accepted
request 1116864
from
Noel Power (npower)
(revision 685)
- CVE-2023-4091: samba: Client can truncate file with read-only permissions; (bsc#1215904); (bso#15439). - CVE-2023-42669: samba: rpcecho, enabled and running in AD DC, allows blocking sleep on request; (bso#1215905); (bso#15474). - CVE-2023-42670: samba: The procedure number is out of range when starting Active Directory Users and Computers; (bsc#1215906); (bso#15473). - CVE-2023-3961: samba: Unsanitized client pipe name passed to local_np_connect(); (bsc#1215907); (bso#15422). - CVE-2023-4154: samba: dirsync allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES; (bsc#1215908); (bso#15424).
David Mulder (dmulder)
accepted
request 1114416
from
Noel Power (npower)
(revision 684)
- Update to 4.19.0 * File doesn't show when user doesn't have permission if aio_pthread is loaded; (bso#15453). * ctdb_killtcp fails to work with --enable-pcap and libpcap ≥ 1.9.1; (bso#15451). * Logging to stdout/stderr with DEBUG_SYSLOG_FORMAT_ALWAYS can log to syslog; (bso#15460). * ‘samba-tool domain level raise’ fails unless given a URL; (bso#15458). * reply_sesssetup_and_X() can dereference uninitialized tmp pointer; (bso#15420). * missing return in reply_exit_done(); (bso#15430). * TREE_CONNECT without SETUP causes smbd to use uninitialized pointer; (bso#15432). * Avoid infinite loop in initial user sync with Azure AD Connect when synchronising a large Samba AD domain; (bso#15401). * Samba replication logs show (null) DN; (bso#15407). * 2-3min delays at reconnect with smb2_validate_sequence_number: bad message_id 2; (bso#15346). * DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed; (bso#15446). * CID 1539212 causes real issue when output contains only newlines; (bso#15438). * KDC encodes INT64 claims incorrectly; (bso#15452). * mdssvc: Do an early talloc_free() in _mdssvc_open(); (bso#15449). * Windows client join fails if a second container CN=System exists somewhere; (bso#9959). * regression DFS not working with widelinks = true;
Noel Power (npower)
accepted
request 1108160
from
Samuel Cabrero (scabrero)
(revision 683)
- Update to 4.18.6 * reply_sesssetup_and_X() can dereference uninitialized tmp pointer; (bso#15420); * Missing return in reply_exit_done(); (bso#15430); * post-exec password redaction for samba-tool is more reliable for fully random passwords as it no longer uses regular expressions containing the password value itself; (bso#15289); * Windows client join fails if a second container CN=System exists somewhere; (bso#9959); * Spotlight sometimes returns no results on latest macOS; (bso#15342); * Renaming results in NT_STATUS_SHARING_VIOLATION if previously attempted to remove the destination; (bso#15417); * Spotlight results return wrong date in result list; (bso#15427); * "net offlinejoin provision" does not work as non-root user; (bso#15414); * rpcserver no longer accepts double backslash in dfs pathname; (bso#15400); * cm_prepare_connection() calls close(fd) for the second time; (bso#15433); * 2-3min delays at reconnect with smb2_validate_sequence_number: bad message_id 2; (bso#15346); * samba-tool ntacl get segfault if aio_pthread appended; (bso#15441); * DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed; (bso#15446); * Python tarfile extraction needs change to avoid a warning (CVE-2007-4559 mitigation); (bso#15390); * Regression DFS not working with widelinks = true; (bso#15435); * mdssvc: Do an early talloc_free() in _mdssvc_open(); (bso#15449);
David Mulder (dmulder)
accepted
request 1103193
from
Samuel Cabrero (scabrero)
(revision 682)
- Move libcluster-samba4.so from samba-libs to samba-client-libs; (bsc#1213940);
David Mulder (dmulder)
accepted
request 1099578
from
Noel Power (npower)
(revision 681)
- Update to 4.18.5 * CVE-2022-2127: lm_resp_len not checked properly in winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174). * CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173). * CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172). * CVE-2023-34968: Spotlight server-side Share Path Disclosure; (bso#15388); (bsc#1213171). * CVE-2023-3347: Samba doesn't require SMB2+ signing if `server signing = mandatory` is set; (bso#15397); (bsc#1213170). * secure channel faulty since Windows 10/11 update 07/2023; (bso#15418); (bsc#1213384). - Update to 4.18.4 * Backport --pidl-developer fixes; (bso#15404). * Named crashes on DLZ zone update; (bso#14030). * smbcacls and smbcquotas do not check // before the server; (bso#2312). * cli_list loops 100% CPU against pre-lanman2 servers; (bso#15382). * smbclient leaks fds with showacls; (bso#15391). * smbd returns NOT_FOUND when creating files on a r/o filesystem; (bso#15402). * NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and causes test timeouts; (bso#15355). * net ads lookup (with unspecified realm) fails; (bso#15384). * Register Samba processes with GPFS; (bso#15381). * Python tarfile extraction needs change to avoid a warning (CVE-2007-4559 mitigation); (bso#15390).
David Mulder (dmulder)
accepted
request 1091720
from
Noel Power (npower)
(revision 680)
- Update to 4.18.3 * Symlinks to files can have random DOS mode information in a directory listing; (bso#15375). * vfs_fruit might cause a failing open for delete; (bso#15378). * winbind recurses into itself via rpcd_lsad; (bso#15361). * wbinfo -u fails on ad dc with >1000 users; (bso#15366). * DS ACEs might be inherited to unrelated object classes; (bso#15338). * a lot of messages: get_static_share_mode_data: get_static_share_mode_data_fn failed: NT_STATUS_NOT_FOUND; (bso#15362). * aes256 smb3 encryption algorithms are not allowed in smb3_sid_parse(); (bso#15374). * Setting veto files = /.*/ break listing directories; (bso#15360). * "samba-tool domain provision" does not run interactive mode if no arguments are given; (bso#15363). * dsgetdcname: assumes local system uses IPv4; (bso#15325). - Update to 4.18.2 * Log flood: smbd_calculate_access_mask_fsp: Access denied: message level should be lower; (bso#15302). * Floating point exception (FPE) via cli_pull_send at source3/libsmb/clireadwrite.c; (bso#15306). * test_tstream_more_tcp_user_timeout_spin fails intermittently on Rackspace GitLab runners; (bso#15328). * Reduce flapping of ridalloc test; (bso#15329). * large_ldap test is unreliable; (bso#15351). * New filename parser doesn't check veto files smb.conf parameter; (bso#15143). * mdssvc may crash when initializing; (bso#15354).
James McDonough (jmcdough)
accepted
request 1075680
from
Noel Power (npower)
(revision 679)
- Update to 4.18.1 * CVE-2023-0225: AD DC "dnsHostname" attribute can be deleted by unprivileged authenticated users. (bso#15276);(bsc#1209483). * CVE-2023-0614: Access controlled AD LDAP attributes can be discovered (bso#15270); (bsc#1209485). * CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords in cleartext(bso#15315);(bsc#1209481). * ldb wildcard matching makes excessive allocations; (bso#15331). * large_ldap test is inefficient; (bso#15332).
Noel Power (npower)
accepted
request 1066228
from
Samuel Cabrero (scabrero)
(revision 677)
- Update to 4.17.5 * smbc_getxattr() return value is incorrect; (bso#14808); * Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled correctly; (bso#15172); * synthetic_pathref AFP_AfpInfo failed errors; (bso#15210); * samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC when there is only an AAAA record for the DC in DNS; (bso#15226); * smbd crashes if an FSCTL request is done on a stream handle; (bso#15236); * DFS links don't work anymore on Mac clients since 4.17; (bso#15277); * vfs_virusfilter segfault on access, directory edgecase (accessing NULL value); (bso#15283); * CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) based SChannel on NETLOGON (additional changes); (bso#15240); * %U for include directive doesn't work for share listing (netshareenum); (bso#15243); * Shares missing from netshareenum response in samba 4.17.4; (bso#15266); * ctdb: use-after-free in run_proc; (bso#15269); * irpc_destructor may crash during shutdown; (bso#15280); * auth3_generate_session_info_pac leaks wbcAuthUserInfo; (bso#15286); * smbclient segfaults with use after free on an optimized build; (bso#15268); * smbstatus leaking files in msg.sock and msg.lock; (bso#15282); * Leak in wbcCtxPingDc2; (bso#15164); * Access based share enum does not work in Samba 4.16+; (bso#15265); * Crash during share enumeration; (bso#15267); * rep_listxattr on FreeBSD does not properly check for reads off end of returned buffer; (bso#15271); * Avoid relying on C89 features in a few places; (bso#15281); - named crashes on DLZ zone update; (bso#14030); (bsc#1206996);
Paulo Alcantara (pauloac)
accepted
request 1060504
from
Noel Power (npower)
(revision 676)
- libdsdb-module-samba4 should be packaged as part of samba-libs and not samba-ad-dc-libs. Additionally no need for it to be removed conditionally. - Clean up logic for PAM migration settings in spec file.
Samuel Cabrero (scabrero)
accepted
request 1057016
from
Noel Power (npower)
(revision 675)
- Migration of PAM settings to /usr/lib/pam.d. - Change with_dc default to 0 (for non TW builds).
Noel Power (npower)
accepted
request 1043954
from
Samuel Cabrero (scabrero)
(revision 674)
- Update to 4.17.4 * CVE-2022-44640 Upstream Heimdal free of user-controlled pointer in FAST; (bsc#14929); * CVE-2021-20251 Bad password count not incremented atomically; (bsc#14611); * CVE-2022-42898 krb5_pac_parse() buffer parsing vulnerability; (bsc#15203); * CVE-2022-37966 rc4-hmac Kerberos session keys issued to modern servers; (bso#15237); * CVE-2022-37967 Kerberos constrained delegation ticket forgery possible against Samba AD DC; (bso#15231); * CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided; (bso#15240); * pam_winbind uses time_t and pointers assuming they are of the same size; (bso#15224); * Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219); * filter-subunit is inefficient with large numbers of knownfails; (bso#15258); * smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories; (bso#15252); * The KDC logic arround msDs-supportedEncryptionTypes differs from Windows; (bso#13135); * libnet: change_password() doesn't work with dcerpc_samr_ChangePasswordUser4(); (bso#15206); * Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219); * Memory leak in snprintf replacement functions; (bso#15230); * RODC doesn't reset badPwdCount reliable via an RWDC (CVE-2021-20251 regression); (bso#15253);
Samuel Cabrero (scabrero)
accepted
request 1039372
from
David Mulder (dmulder)
(revision 673)
- Introduce without-smb1-server spec flag; (bsc#1205104);
Noel Power (npower)
accepted
request 1036404
from
Samuel Cabrero (scabrero)
(revision 671)
- CVE-2022-42898: Samba buffer overflow vulnerabilities on 32-bit systems; (bsc#1205126); (bso#15203); ue Nov 8 17:20:21 UTC 2022 - Ben Greiner <code@bnavigator.de> - Replace obsolete python-gpgme with python-gpg * Upstream replaced it in v4.9.5 -- bso#13728
Samuel Cabrero (scabrero)
accepted
request 1031207
from
Noel Power (npower)
(revision 670)
- Update to 4.17.2 * CVE-2022-3592 [SECURITY] samba: Wide links protection broken; (bso#15207); (bsc#1204499). * CVE-2022-3437 [SECURITY] samba: Buffer overflow in Heimdal unwrap_des3();(bso#15134); (bsc#1204254).
Displaying revisions 1 - 20 of 689