Package: samba / 2:4.5.16+dfsg-1+deb9u2

Metadata

Package Version Patches format
samba 2:4.5.16+dfsg-1+deb9u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
05_share_ldb_module | (download)

source4/param/wscript_build | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

---
07_private_lib | (download)

buildtools/wafsamba/samba_utils.py | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 always specify rpath for private libraries
bug_221618_precise 64bit prototype.patch | (download)

source3/include/libsmbclient.h | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 64 bit fix for libsmbclient
README_nosmbldap tools.patch | (download)

examples/LDAP/README | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 mention smbldap-tools package in examples/ldap/readme
smbclient pager.patch | (download)

source3/include/local.h | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 use the pager alternative as pager is pager is undefined
usershare.patch | (download)

docs-xml/smbdotconf/misc/usersharemaxshares.xml | 2 1 + 1 - 0 !
docs/manpages/net.8 | 4 2 + 2 - 0 !
lib/param/loadparm.c | 2 2 + 0 - 0 !
source3/param/loadparm.c | 2 1 + 1 - 0 !
4 files changed, 6 insertions(+), 4 deletions(-)

 enable net usershares by default at build time
 Enable net usershares by default at build time, with a limit of
 100, and update the corresponding documentation.
VERSION.patch | (download)

VERSION | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 add "debian" as vendor suffix
add so version to private libraries | (download)

buildtools/wafsamba/wafsamba.py | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 add so version number to private libraries for dpkg-shlibdeps
xsltproc_dont_build_smb.conf.5.patch | (download)

docs-xml/wscript_build | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 don't build smb.conf.5 manpage
 This is a temporary workaround for a bug in xsltproc, which crashes on some
 architectures when building the smb.conf.5 manpage
heimdal rfc3454.txt | (download)

source4/heimdal/lib/wind/rfc3454.txt-table | 7074 7074 + 0 - 0 !
source4/heimdal_build/wscript_build | 6 3 + 3 - 0 !
2 files changed, 7077 insertions(+), 3 deletions(-)

 patch in symbol table from rfc3454, for heimdal scripts.
no_build_env.patch | (download)

source3/script/build_env.sh | 11 0 + 11 - 0 !
1 file changed, 11 deletions(-)

 [patch] remove unreproducible build environment


no_build_system.patch | (download)

buildtools/wafsamba/wscript | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 drop host-specific define that prevents reproducible builds

Skip raw.write tests.patch | (download)

selftest/quick | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 skip raw.write tests for now as they fail on 32-bit


systemd syslog.target is obsolete.patch | (download)

packaging/systemd/nmb.service | 2 1 + 1 - 0 !
packaging/systemd/samba.service | 2 1 + 1 - 0 !
packaging/systemd/smb.service | 2 1 + 1 - 0 !
packaging/systemd/winbind.service | 2 1 + 1 - 0 !
4 files changed, 4 insertions(+), 4 deletions(-)

 systemd: syslog.target is obsolete

After=syslog.target is unnecessary by now because syslog is socket-activated and will therefore be started when needed.

Ref: https://lintian.debian.org/tags/systemd-service-file-refers-to-obsolete-target.html

Add documentation to systemd Unit files.patch | (download)

ctdb/config/ctdb.service | 1 1 + 0 - 0 !
packaging/systemd/nmb.service | 1 1 + 0 - 0 !
packaging/systemd/samba.service | 1 1 + 0 - 0 !
packaging/systemd/smb.service | 1 1 + 0 - 0 !
packaging/systemd/winbind.service | 1 1 + 0 - 0 !
5 files changed, 5 insertions(+)

 add documentation to systemd unit files


fix_kill_path_in_units.patch | (download)

packaging/systemd/nmb.service | 2 1 + 1 - 0 !
packaging/systemd/samba.service | 2 1 + 1 - 0 !
packaging/systemd/smb.service | 2 1 + 1 - 0 !
packaging/systemd/winbind.service | 2 1 + 1 - 0 !
4 files changed, 4 insertions(+), 4 deletions(-)

 fix kill path

Debian-bug: https://bugs.debian.org/828730


nmbd requires a working network.patch | (download)

packaging/systemd/nmb.service | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 nmbd requires a working network

Bug-Debian: https://bugs.debian.org/698056
Bug-Debian: https://bugs.debian.org/842056
Bug-Debian: https://bugs.debian.org/840608
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1635491


provision Update root DNS servers list.patch | (download)

python/samba/provision/sambadns.py | 14 11 + 3 - 0 !
1 file changed, 11 insertions(+), 3 deletions(-)

 [patch] provision: update root dns servers list

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
CVE 2018 10919.patch | (download)

libcli/security/access_check.c | 126 91 + 35 - 0 !
selftest/knownfail.d/acl | 2 1 + 1 - 0 !
selftest/knownfail.d/confidential_attr | 30 15 + 15 - 0 !
source4/dsdb/samdb/ldb_modules/acl_read.c | 351 307 + 44 - 0 !
source4/dsdb/tests/python/acl.py | 68 68 + 0 - 0 !
source4/dsdb/tests/python/confidential_attr.py | 1077 1051 + 26 - 0 !
source4/dsdb/tests/python/ldap.py | 9 9 + 0 - 0 !
source4/selftest/tests.py | 3 3 + 0 - 0 !
8 files changed, 1545 insertions(+), 121 deletions(-)

 [patch 01/11] cve-2018-10919 security: move object-specific access
 checks into separate function

Object-specific access checks refer to a specific section of the
MS-ADTS, and the code closely matches the spec. We need to extend this
logic to properly handle the Control-Access Right (CR), so it makes
sense to split the logic out into its own function.

This patch just moves the code, and should not alter the logic (apart
from ading in the boolean grant_access return variable.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
CVE 2018 10858 4.6.patch | (download)

source3/libsmb/libsmb_dir.c | 57 50 + 7 - 0 !
source3/libsmb/libsmb_path.c | 11 8 + 3 - 0 !
2 files changed, 58 insertions(+), 10 deletions(-)

 [patch 1/2] libsmb: ensure smbc_urlencode() can't overwrite passed in
 buffer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13453

CVE-2018-10858: Insufficient input validation on client directory
		listing in libsmbclient.

Signed-off-by: Jeremy Allison <jra@samba.org>
CVE 2018 14629 v4 5.patch | (download)

python/samba/tests/dns.py | 120 120 + 0 - 0 !
python/samba/tests/dns_forwarder.py | 11 8 + 3 - 0 !
selftest/knownfail.d/dns | 19 17 + 2 - 0 !
source4/dns_server/dns_query.c | 35 26 + 9 - 0 !
4 files changed, 171 insertions(+), 14 deletions(-)

 [patch 1/4] cve-2018-14629 dns: cname loop prevention using counter

Count number of answers generated by internal DNS query routine and stop at
20 to match Microsoft's loop prevention mechanism.

(backport to Samba 4.5)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
CVE 2018 16841 master.patch | (download)

source4/kdc/db-glue.c | 6 3 + 3 - 0 !
testprogs/blackbox/test_pkinit_heimdal.sh | 8 8 + 0 - 0 !
2 files changed, 11 insertions(+), 3 deletions(-)

 [patch 1/2] cve-2018-16841 heimdal: fix segfault on pkinit with
 mis-matching principal

In Heimdal KRB5_KDC_ERR_CLIENT_NAME_MISMATCH is an enum, so we tried to double-free
mem_ctx.

This was introduced in 9a0263a7c316112caf0265237bfb2cfb3a3d370d for the
MIT KDC effort.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
CVE 2018 16851 master.patch | (download)

source4/ldap_server/ldap_server.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 [patch] cve-2018-16851 ldap_server: check ret before manipulating
 blob

In the case of hitting the talloc ~256MB limit, this causes a crash in
the server.

Note that you would actually need to load >256MB of data into the LDAP.
Although there is some generated/hidden data which would help you reach that
limit (descriptors and RMD blobs).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13674

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
fix rmdir.patch | (download)

source3/libsmb/cli_smb2_fnum.c | 136 135 + 1 - 0 !
source3/libsmb/cli_smb2_fnum.h | 7 7 + 0 - 0 !
2 files changed, 142 insertions(+), 1 deletion(-)

 s3:libsmb: add cli_smb2_delete_on_close*()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
s3 ntlm_auth fix memory leak in manage_gensec_reques.patch | (download)

source3/utils/ntlm_auth.c | 15 9 + 6 - 0 !
1 file changed, 9 insertions(+), 6 deletions(-)

 [patch] s3:ntlm_auth: fix memory leak in manage_gensec_request()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12736

Signed-off-by: Stefan Metzmacher <metze@samba.org>
CVE 2019 3880 v4 5 02.patch | (download)

source3/rpc_server/winreg/srv_winreg_nt.c | 96 6 + 90 - 0 !
1 file changed, 6 insertions(+), 90 deletions(-)

 [patch] cve-2019-3880 s3: rpc: winreg: remove implementations of
 SaveKey/RestoreKey.

The were not using VFS backend calls and could only work
locally, and were unsafe against symlink races and other
security issues.

If the incoming handle is valid, return WERR_BAD_PATHNAME.

[MS-RRP] states "The format of the file name is implementation-specific"
so ensure we don't allow this.

As reported by Michael Hanselmann.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851

Signed-off-by: Jeremy Allison <jra@samba.org>
CVE 2018 16860 v4 5 06.patch | (download)

selftest/knownfail.d/mitm-s4u2self | 1152 576 + 576 - 0 !
source4/heimdal/kdc/krb5tgs.c | 7 7 + 0 - 0 !
source4/torture/krb5/kdc-canon-heimdal.c | 115 111 + 4 - 0 !
3 files changed, 694 insertions(+), 580 deletions(-)

 [patch 1/2] cve-2018-16860 selftest: add test for s4u2self with
 unkeyed checksum

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>