Package: samba / 2:4.2.14+dfsg-0+deb8u9
Metadata
Package | Version | Patches format |
---|---|---|
samba | 2:4.2.14+dfsg-0+deb8u9 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
05_share_ldb_module | (download) |
source4/param/wscript_build |
5 3 + 2 - 0 ! |
--- |
07_private_lib | (download) |
buildtools/wafsamba/samba_utils.py |
2 1 + 1 - 0 ! |
always specify rpath for private libraries |
bug_221618_precise 64bit prototype.patch | (download) |
source3/include/libsmbclient.h |
10 10 + 0 - 0 ! |
64 bit fix for libsmbclient |
bug_601406_fix perl path in example.patch | (download) |
examples/misc/wall.perl |
2 1 + 1 - 0 ! |
fix path to perl binary in example file |
pam examples.patch | (download) |
source3/pam_smbpass/README |
2 1 + 1 - 0 ! |
fix examples directory location in pam_smbpass readme |
README_nosmbldap tools.patch | (download) |
examples/LDAP/README |
3 3 + 0 - 0 ! |
mention smbldap-tools package in examples/ldap/readme |
smbclient pager.patch | (download) |
source3/include/local.h |
2 1 + 1 - 0 ! |
use the pager alternative as pager is pager is undefined |
usershare.patch | (download) |
docs/manpages/net.8 |
4 2 + 2 - 0 ! |
enable net usershares by default at build time Enable net usershares by default at build time, with a limit of 100, and update the corresponding documentation. |
VERSION.patch | (download) |
VERSION |
2 1 + 1 - 0 ! |
add "debian" as vendor suffix |
waf_smbpasswd_location | (download) |
dynconfig/wscript |
2 2 + 0 - 0 ! |
add build option for default smbpasswd location |
add so version to private libraries | (download) |
buildtools/wafsamba/wafsamba.py |
3 3 + 0 - 0 ! |
add so version number to private libraries for dpkg-shlibdeps |
xsltproc_dont_build_smb.conf.5.patch | (download) |
docs-xml/wscript_build |
2 1 + 1 - 0 ! |
don't build smb.conf.5 manpage This is a temporary workaround for a bug in xsltproc, which crashes on some architectures when building the smb.conf.5 manpage |
heimdal rfc3454.txt | (download) |
source4/heimdal/lib/wind/rfc3454.txt-table |
7074 7074 + 0 - 0 ! |
patch in symbol table from rfc3454, for heimdal scripts. |
no_wrapper | (download) |
wscript |
8 5 + 3 - 0 ! |
don't build with wrappers, as selftest is unused |
ctdb_sockpath.patch | (download) |
ctdb/wscript |
2 1 + 1 - 0 ! |
--- |
Fix privacy breach on google.com.patch | (download) |
ctdb/web/footer.html |
4 2 + 2 - 0 ! |
[patch] fix privacy breach on google.com And make the bar1.jpg relative |
decrease min ldb version.patch | (download) |
lib/ldb/wscript |
2 1 + 1 - 0 ! |
--- |
backupkey.patch | (download) |
source4/rpc_server/backupkey/dcesrv_backupkey.c |
28 22 + 6 - 0 ! |
[patch 1/5] backupkey: slightly simplify bkrp_do_retrieve_server_wrap_key Signed-off-by: Volker Lendecke <vl@samba.org> |
fix_pam_smbpass.patch | (download) |
source3/pam_smbpass/pam_smb_auth.c |
1 0 + 1 - 0 ! |
--- |
disable socketwrapper.diff | (download) |
ctdb/wscript |
6 4 + 2 - 0 ! |
--- |
unprivate samba debug.patch | (download) |
lib/util/wscript_build |
5 2 + 3 - 0 ! |
--- |
ctdb Fix detection of gnukfreebsd.patch | (download) |
ctdb/wscript |
2 1 + 1 - 0 ! |
[patch] ctdb: fix detection of gnukfreebsd GNU/kFreeBSD's platform name is 'gnukfreebsd', not just 'kfreebsd'. |
s3 libsmb Fix error where short name length was read.patch | (download) |
source3/libsmb/clilist.c |
2 1 + 1 - 0 ! |
[patch] s3: libsmb: fix error where short name length was read as 2 bytes, should be 1. Reported by Thomas Dvorachek <tdvorachek@yahoo.com> from a Windows 10 server. Confirmed in MS-CIFS 2.2.8.1.7. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11822 Signed-off-by: Jeremy Allison <jra@samba.org> |
security 2016 12 19.patch | (download) |
auth/kerberos/kerberos_pac.c |
22 22 + 0 - 0 ! |
[patch 1/5] cve-2016-2123: fix dns vuln zdi-can-3995 Thanks to Trend Micro's Zero Day Initiative and Frederic Besler for finding this vulnerability with a PoC and a good analysis. Signed-off-by: Volker Lendecke <vl@samba.org> Bug: https://bugzilla.samba.org/show_bug.cgi?id=12409 |
CVE 2017 2619.patch | (download) |
source3/include/proto.h |
1 1 + 0 - 0 ! |
[patch 01/37] cve-2017-2619: s3/smbd: re-open directory after dptr_CloseDir() dptr_CloseDir() will close and invalidate the fsp's file descriptor, we have to reopen it. Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496 Signed-off-by: Ralph Bohme <slow@samba.org> |
bug 12721 4.2.patch | (download) |
source3/smbd/filename.c |
2 1 + 1 - 0 ! |
[patch 1/3] s3: smbd: fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017-2619). In a UNIX filesystem, the names "." and ".." by definition can *never* be symlinks - they are already reserved names. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721 Signed-off-by: Jeremy Allison <jra@samba.org> |
fix shadow_copy2 42 backport.patch | (download) |
source3/modules/vfs_shadow_copy2.c |
33 31 + 2 - 0 ! |
[patch 1/2] vfs_shadow_copy: handle non-existant files and wildcards During path checking, the vfs connectpath_fn is called to determine the share's root, relative to the file being queried (for example, in snapshot file this may be other than the share's "usual" root directory). connectpath_fn must be able to answer this question even if the path does not exist and its parent does exist. The convention in this case is that this refers to a yet-uncreated file under the parent and all queries are relative to the parent. This also serves as a workaround for the case where connectpath_fn has to handle wildcards, as with the case of SMB1 trans2 findfirst. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12172 Signed-off-by: Uri Simchoni <uri@samba.org> |
shadow_copy2_tests_42.patch | (download) |
libcli/smb/smb2cli_create.c |
1 1 + 0 - 0 ! |
[patch 01/10] vfs_shadow_copy2: add a blackbox test suite Add a blackbox test suite for vfs_shadow_copy2, testing parameters mountpoint, basedir, snapdir, snapdirseverywhere, and testing correct wide-link processing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11580 Signed-off-by: Uri Simchoni <uri@samba.org> |
Fix deadlock when re joining a domain.patch | (download) |
source3/libads/kerberos_keytab.c |
5 3 + 2 - 0 ! |
[patch] libads: fix deadlock when re-joining a domain and updating keytab When updating the system keytab as a result of joining a domain, if the keytb had prior entries, ads_keytab_create_default tries to update those entries. However, it starts updating before freeing the cursor which was used for finding those entries, and hence causes an an attempt to write-lock the keytab while a read-lock exists. To reproduce configure smb.conf for ads domain member and run this twice: net ads join -U <credentials> '--option=kerberos method=secrets and keytab' Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> |
CVE 2017 7494.patch | (download) |
source3/rpc_server/srv_pipe.c |
5 5 + 0 - 0 ! |
[patch] cve-2017-7494: rpc_server3: refuse to open pipe names with / inside Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780 Signed-off-by: Volker Lendecke <vl@samba.org> |
CVE 2017 11103 Orpheus Lyre KDC REP service name val.patch | (download) |
source4/heimdal/lib/krb5/ticket.c |
4 2 + 2 - 0 ! |
[patch] cve-2017-11103: orpheus' lyre kdc-rep service name validation In _krb5_extract_ticket() the KDC-REP service name must be obtained from encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unecrypted version provides an opportunity for successful server impersonation and other attacks. Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams. |
CVE 2017 12150 v4 4.patches.metze02.txt | (download) |
auth/credentials/credentials.c |
16 16 + 0 - 0 ! |
[patch 1/6] cve-2017-12150: s3:lib: get_cmdline_auth_info_signing_state smb_encrypt SMB_SIGNING_REQUIRED This is an addition to the fixes for CVE-2015-5296. It applies to smb2mount -e, smbcacls -e and smbcquotas -e. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997 Signed-off-by: Stefan Metzmacher <metze@samba.org> |
CVE 2017 12151 v4 4.patches.metze02.txt | (download) |
source3/libsmb/clidfs.c |
4 2 + 2 - 0 ! |
[patch 1/2] cve-2017-12151: s3:libsmb: add cli_state_is_encryption_on() helper function This allows to check if the current cli_state uses encryption (either via unix extentions or via SMB3). BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996 Signed-off-by: Stefan Metzmacher <metze@samba.org> |
CVE 2017 12163 all metze01.patch.txt | (download) |
source3/smbd/reply.c |
50 50 + 0 - 0 ! |
[patch] cve-2017-12163: s3:smbd: prevent client short smb1 write from writing server memory to file. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13020 Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> |
s3 smbd Chain code can return uninitialized memory w.patch | (download) |
source3/smbd/srvstr.c |
14 14 + 0 - 0 ! |
[patch] s3: smbd: chain code can return uninitialized memory when talloc buffer is grown. Ensure we zero out unused grown area. CVE-2017-15275 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13077 Signed-off-by: Jeremy Allison <jra@samba.org> |
s3 smbd Fix SMB1 use after free crash bug. CVE 2017 .patch | (download) |
source3/smbd/process.c |
7 4 + 3 - 0 ! |
[patch] s3: smbd: fix smb1 use-after-free crash bug. cve-2017-14746 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When setting up the chain, always use 'next->' variables not the 'req->' one. Bug discovered by <lianyihan@360.cn> CVE-2017-14746 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13041 Signed-off-by: Jeremy Allison <jra@samba.org> |