Package: samba / 2:4.2.14+dfsg-0+deb8u9

Metadata

Package Version Patches format
samba 2:4.2.14+dfsg-0+deb8u9 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
05_share_ldb_module | (download)

source4/param/wscript_build | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

---
07_private_lib | (download)

buildtools/wafsamba/samba_utils.py | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 always specify rpath for private libraries
bug_221618_precise 64bit prototype.patch | (download)

source3/include/libsmbclient.h | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 64 bit fix for libsmbclient
bug_601406_fix perl path in example.patch | (download)

examples/misc/wall.perl | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix path to perl binary in example file
pam examples.patch | (download)

source3/pam_smbpass/README | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix examples directory location  in pam_smbpass readme
README_nosmbldap tools.patch | (download)

examples/LDAP/README | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 mention smbldap-tools package in examples/ldap/readme
smbclient pager.patch | (download)

source3/include/local.h | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 use the pager alternative as pager is pager is undefined
usershare.patch | (download)

docs/manpages/net.8 | 4 2 + 2 - 0 !
source3/param/loadparm.c | 2 1 + 1 - 0 !
2 files changed, 3 insertions(+), 3 deletions(-)

 enable net usershares by default at build time
 Enable net usershares by default at build time, with a limit of
 100, and update the corresponding documentation.
VERSION.patch | (download)

VERSION | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 add "debian" as vendor suffix
waf_smbpasswd_location | (download)

dynconfig/wscript | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 add build option for default smbpasswd location
add so version to private libraries | (download)

buildtools/wafsamba/wafsamba.py | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 add so version number to private libraries for dpkg-shlibdeps
xsltproc_dont_build_smb.conf.5.patch | (download)

docs-xml/wscript_build | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 don't build smb.conf.5 manpage
 This is a temporary workaround for a bug in xsltproc, which crashes on some
 architectures when building the smb.conf.5 manpage
heimdal rfc3454.txt | (download)

source4/heimdal/lib/wind/rfc3454.txt-table | 7074 7074 + 0 - 0 !
source4/heimdal_build/wscript_build | 6 3 + 3 - 0 !
2 files changed, 7077 insertions(+), 3 deletions(-)

 patch in symbol table from rfc3454, for heimdal scripts.
no_wrapper | (download)

wscript | 8 5 + 3 - 0 !
wscript_build | 9 6 + 3 - 0 !
2 files changed, 11 insertions(+), 6 deletions(-)

 don't build with wrappers, as selftest is unused
ctdb_sockpath.patch | (download)

ctdb/wscript | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
Fix privacy breach on google.com.patch | (download)

ctdb/web/footer.html | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 [patch] fix privacy breach on google.com

And make the bar1.jpg relative

decrease min ldb version.patch | (download)

lib/ldb/wscript | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
backupkey.patch | (download)

source4/rpc_server/backupkey/dcesrv_backupkey.c | 28 22 + 6 - 0 !
1 file changed, 22 insertions(+), 6 deletions(-)

 [patch 1/5] backupkey: slightly simplify
 bkrp_do_retrieve_server_wrap_key

Signed-off-by: Volker Lendecke <vl@samba.org>
fix_pam_smbpass.patch | (download)

source3/pam_smbpass/pam_smb_auth.c | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

---
disable socketwrapper.diff | (download)

ctdb/wscript | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

---
unprivate samba debug.patch | (download)

lib/util/wscript_build | 5 2 + 3 - 0 !
1 file changed, 2 insertions(+), 3 deletions(-)

---
ctdb Fix detection of gnukfreebsd.patch | (download)

ctdb/wscript | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] ctdb: fix detection of gnukfreebsd

GNU/kFreeBSD's platform name is 'gnukfreebsd', not just 'kfreebsd'.

s3 libsmb Fix error where short name length was read.patch | (download)

source3/libsmb/clilist.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] s3: libsmb: fix error where short name length was read as 2
 bytes, should be 1.

Reported by Thomas Dvorachek <tdvorachek@yahoo.com> from a Windows 10 server.
Confirmed in MS-CIFS 2.2.8.1.7.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11822

Signed-off-by: Jeremy Allison <jra@samba.org>
security 2016 12 19.patch | (download)

auth/kerberos/kerberos_pac.c | 22 22 + 0 - 0 !
librpc/ndr/ndr_dnsp.c | 9 9 + 0 - 0 !
source3/librpc/crypto/gse.c | 1 0 + 1 - 0 !
source4/auth/gensec/gensec_gssapi.c | 2 1 + 1 - 0 !
source4/scripting/bin/nsupdate-gss | 2 1 + 1 - 0 !
5 files changed, 33 insertions(+), 3 deletions(-)

 [patch 1/5] cve-2016-2123: fix dns vuln zdi-can-3995

Thanks to Trend Micro's Zero Day Initiative and Frederic Besler for finding
this vulnerability with a PoC and a good analysis.

Signed-off-by: Volker Lendecke <vl@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12409

CVE 2017 2619.patch | (download)

source3/include/proto.h | 1 1 + 0 - 0 !
source3/lib/util.c | 139 139 + 0 - 0 !
source3/modules/vfs_dirsort.c | 4 4 + 0 - 0 !
source3/modules/vfs_shadow_copy2.c | 1011 736 + 275 - 0 !
source3/modules/vfs_streams_depot.c | 3 2 + 1 - 0 !
source3/modules/vfs_streams_xattr.c | 50 25 + 25 - 0 !
source3/smbd/dir.c | 172 122 + 50 - 0 !
source3/smbd/filename.c | 150 150 + 0 - 0 !
source3/smbd/open.c | 309 286 + 23 - 0 !
source3/smbd/service.c | 102 2 + 100 - 0 !
source3/smbd/smb2_find.c | 17 17 + 0 - 0 !
source4/torture/smb2/dir.c | 12 10 + 2 - 0 !
12 files changed, 1494 insertions(+), 476 deletions(-)

 [patch 01/37] cve-2017-2619: s3/smbd: re-open directory after
 dptr_CloseDir()

dptr_CloseDir() will close and invalidate the fsp's file descriptor, we
have to reopen it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Ralph Bohme <slow@samba.org>

bug 12721 4.2.patch | (download)

source3/smbd/filename.c | 2 1 + 1 - 0 !
source3/smbd/open.c | 2 1 + 1 - 0 !
source3/smbd/proto.h | 4 3 + 1 - 0 !
source3/smbd/vfs.c | 40 37 + 3 - 0 !
4 files changed, 42 insertions(+), 6 deletions(-)

 [patch 1/3] s3: smbd: fix incorrect logic exposed by fix for the
 security bug 12496 (CVE-2017-2619).

In a UNIX filesystem, the names "." and ".." by definition can *never*
be symlinks - they are already reserved names.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
fix shadow_copy2 42 backport.patch | (download)

source3/modules/vfs_shadow_copy2.c | 33 31 + 2 - 0 !
1 file changed, 31 insertions(+), 2 deletions(-)

 [patch 1/2] vfs_shadow_copy: handle non-existant files and wildcards

During path checking, the vfs connectpath_fn is called to
determine the share's root, relative to the file being
queried (for example, in snapshot file this may be other
than the share's "usual" root directory). connectpath_fn
must be able to answer this question even if the path does
not exist and its parent does exist. The convention in this
case is that this refers to a yet-uncreated file under the parent
and all queries are relative to the parent.

This also serves as a workaround for the case where connectpath_fn
has to handle wildcards, as with the case of SMB1 trans2 findfirst.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12172

Signed-off-by: Uri Simchoni <uri@samba.org>
shadow_copy2_tests_42.patch | (download)

libcli/smb/smb2cli_create.c | 1 1 + 0 - 0 !
selftest/target/Samba3.pm | 80 80 + 0 - 0 !
source3/libsmb/cli_smb2_fnum.c | 285 284 + 1 - 0 !
source3/libsmb/cli_smb2_fnum.h | 6 6 + 0 - 0 !
source3/libsmb/clifile.c | 13 12 + 1 - 0 !
source3/libsmb/clistr.c | 43 43 + 0 - 0 !
source3/libsmb/proto.h | 4 4 + 0 - 0 !
source3/script/tests/test_shadow_copy.sh | 402 376 + 26 - 0 !
source3/selftest/tests.py | 5 4 + 1 - 0 !
9 files changed, 810 insertions(+), 29 deletions(-)

 [patch 01/10] vfs_shadow_copy2: add a blackbox test suite

Add a blackbox test suite for vfs_shadow_copy2, testing
parameters mountpoint, basedir, snapdir, snapdirseverywhere,
and testing correct wide-link processing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11580

Signed-off-by: Uri Simchoni <uri@samba.org>
Fix deadlock when re joining a domain.patch | (download)

source3/libads/kerberos_keytab.c | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

 [patch] libads: fix deadlock when re-joining a domain and updating
 keytab

When updating the system keytab as a result of joining a domain,
if the keytb had prior entries, ads_keytab_create_default tries to
update those entries. However, it starts updating before freeing the
cursor which was used for finding those entries, and hence causes
an an attempt to write-lock the keytab while a read-lock exists.

To reproduce configure smb.conf for ads domain member and run this twice:
net ads join -U <credentials> '--option=kerberos method=secrets and keytab'

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
CVE 2017 7494.patch | (download)

source3/rpc_server/srv_pipe.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 [patch] cve-2017-7494: rpc_server3: refuse to open pipe names with /
 inside

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780

Signed-off-by: Volker Lendecke <vl@samba.org>
CVE 2017 11103 Orpheus Lyre KDC REP service name val.patch | (download)

source4/heimdal/lib/krb5/ticket.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 [patch] cve-2017-11103: orpheus' lyre kdc-rep service name validation

In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'.  Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.

Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.

CVE 2017 12150 v4 4.patches.metze02.txt | (download)

auth/credentials/credentials.c | 16 16 + 0 - 0 !
libcli/smb/smbXcli_base.c | 5 5 + 0 - 0 !
libcli/smb/smbXcli_base.h | 1 1 + 0 - 0 !
libgpo/gpo_fetch.c | 2 1 + 1 - 0 !
source3/lib/util_cmdline.c | 3 3 + 0 - 0 !
source3/libsmb/clidfs.c | 2 2 + 0 - 0 !
source3/libsmb/pylibsmb.c | 2 1 + 1 - 0 !
7 files changed, 29 insertions(+), 2 deletions(-)

 [patch 1/6] cve-2017-12150: s3:lib:
 get_cmdline_auth_info_signing_state smb_encrypt SMB_SIGNING_REQUIRED

This is an addition to the fixes for CVE-2015-5296.

It applies to smb2mount -e, smbcacls -e and smbcquotas -e.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997

Signed-off-by: Stefan Metzmacher <metze@samba.org>

CVE 2017 12151 v4 4.patches.metze02.txt | (download)

source3/libsmb/clidfs.c | 4 2 + 2 - 0 !
source3/libsmb/clientgen.c | 13 13 + 0 - 0 !
source3/libsmb/libsmb_context.c | 2 1 + 1 - 0 !
source3/libsmb/proto.h | 1 1 + 0 - 0 !
4 files changed, 17 insertions(+), 3 deletions(-)

 [patch 1/2] cve-2017-12151: s3:libsmb: add
 cli_state_is_encryption_on() helper function

This allows to check if the current cli_state uses encryption
(either via unix extentions or via SMB3).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996

Signed-off-by: Stefan Metzmacher <metze@samba.org>

CVE 2017 12163 all metze01.patch.txt | (download)

source3/smbd/reply.c | 50 50 + 0 - 0 !
1 file changed, 50 insertions(+)

 [patch] cve-2017-12163: s3:smbd: prevent client short smb1 write from
 writing server memory to file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13020

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3 smbd Chain code can return uninitialized memory w.patch | (download)

source3/smbd/srvstr.c | 14 14 + 0 - 0 !
1 file changed, 14 insertions(+)

 [patch] s3: smbd: chain code can return uninitialized memory when
 talloc buffer is grown.

Ensure we zero out unused grown area.

CVE-2017-15275

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13077

Signed-off-by: Jeremy Allison <jra@samba.org>

s3 smbd Fix SMB1 use after free crash bug. CVE 2017 .patch | (download)

source3/smbd/process.c | 7 4 + 3 - 0 !
source3/smbd/reply.c | 5 5 + 0 - 0 !
2 files changed, 9 insertions(+), 3 deletions(-)

 [patch] s3: smbd: fix smb1 use-after-free crash bug. cve-2017-14746
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When setting up the chain, always use 'next->' variables
not the 'req->' one.

Bug discovered by  <lianyihan@360.cn>

CVE-2017-14746

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13041

Signed-off-by: Jeremy Allison <jra@samba.org>