summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* VERSION: Bump version up to 3.6.26.v3-6-stableKarolin Seeger2015-02-231-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Add release notes for Samba 3.6.25.samba-3.6.25Karolin Seeger2015-02-221-2/+74
| | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077 CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server could lead to security vulnerability. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10549 CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response Signed-off-by: Karolin Seeger <kseeger@samba.org>
* auth: Make sure that creds_out is initialized with NULL.Andreas Schneider2015-02-221-0/+4
| | | | | | | | | | | | This is an additional patch for CVE-2015-0240. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32 Pair-Programmed-With: Michael Adam <obnox@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3-netlogon: Make sure we do not deference a NULL pointer.Andreas Schneider2015-02-221-1/+6
| | | | | | | | | | | | This is an additional patch for CVE-2015-0240. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32 Pair-Programmed-With: Michael Adam <obnox@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an ↵Jeremy Allison2015-02-221-1/+5
| | | | | | | | | uninitialized pointer. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2014-0178 patch for 3.6Jiří Šašek2014-09-181-3/+3
| | | | | | | | | | Samba 3.6.23 patch for: FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to, zero ...derived from Christof Schmitt <christof.schmitt@us.ibm.com>'s patch for Samba 4.0 http://www.samba.org/samba/ftp/patches/security/samba-4.0.17-CVE-2014-0178-CVE-2014-0239.patch Bug: https://bugzilla.samba.org/show_bug.cgi?id=10549 CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response
* VERSION: Bump version up to 3.6.25.Karolin Seeger2014-06-231-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Add release notes for Samba 3.6.24.samba-3.6.24Karolin Seeger2014-06-231-2/+59
| | | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10633 CVE-2014-0244: nmbd denial of service Bug: https://bugzilla.samba.org/show_bug.cgi?id=10654 CVE-2014-3493: Segmentation fault in smbd_marshall_dir_entry()'s SMB_FIND_FILE_UNIX handler because push_ascii() has returned(uint32_t)-1 via srvstr_push(), incrementing p by 4GB Signed-off-by: Karolin Seeger <kseeger@samba.org>
* s3: smbd - fix processing of packets with invalid DOS charset conversions.Jeremy Allison2014-06-233-10/+14
| | | | | | | | | | Bug 10654 - Segmentation fault in smbd_marshall_dir_entry()'s SMB_FIND_FILE_UNIX handler https://bugzilla.samba.org/show_bug.cgi?id=10654 Signed-off-by: Jeremy Allison <jra@samba.org> CVE-2014-3493
* s3: nmbd: Fix bug 10633 - nmbd denial of serviceJeremy Allison2014-06-231-5/+2
| | | | | | | | | | | | | | The Linux kernel has a bug in that it can give spurious wakeups on a non-blocking UDP socket for a non-deliverable packet. When nmbd was changed to use non-blocking sockets it became vulnerable to a spurious wakeup from poll/epoll. Fix sys_recvfile() to return on EWOULDBLOCK/EAGAIN. CVE-2014-0244 Signed-off-by: Jeremy Allison <jra@samba.org>
* VERSION: Bump version number up to 3.6.24.Karolin Seeger2014-03-111-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Add release notes for Samba 3.6.23.samba-3.6.23Karolin Seeger2014-03-111-2/+56
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 CVE-2013-4496: Password lockout not enforced for SAMR password changes Signed-off-by: Karolin Seeger <kseeger@samba.org>
* CVE-2013-4496:samr: Remove ChangePasswordUserAndrew Bartlett2014-03-114-537/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This old password change mechanism does not provide the plaintext to validate against password complexity, and it is not used by modern clients. The missing features in both implementations (by design) were: - the password complexity checks (no plaintext) - the minimum password length (no plaintext) Additionally, the source3 version did not check: - the minimum password age - pdb_get_pass_can_change() which checks the security descriptor for the 'user cannot change password' setting. - the password history - the output of the 'passwd program' if 'unix passwd sync = yes'. Finally, the mechanism was almost useless, as it was incorrectly only made available to administrative users with permission to reset the password. It is removed here so that it is not mistakenly reinstated in the future. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case.Stefan Metzmacher2014-03-111-0/+1
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated ↵Andrew Bartlett2014-03-112-16/+129
| | | | | | | | | | | | | password changes Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* VERSION: Bump version up to 3.6.23.Karolin Seeger2013-12-101-1/+1
| | | | Signed-off-by: Karolin Seeger <kseeger@samba.org>
* WHATSNEW: Add release notes for Samba 3.0.22.samba-3.6.22Karolin Seeger2013-12-061-2/+96
| | | | | | | | | | | | Bug 10185 - CVE-2013-4408: DCERPC frag_len not checked BUG: https://bugzilla.samba.org/show_bug.cgi?id=10185 Bug 10306 - CVE-2012-6150: Fail authentication if user isn't member of *any* require_membership_of specified groups BUG: https://bugzilla.samba.org/show_bug.cgi?id=10306 (BUG: https://bugzilla.samba.org/show_bug.cgi?id=10300) Signed-off-by: Karolin Seeger <kseeger@samba.org>
* CVE-2012-6150: Fail authentication for single group name which cannot be ↵Noel Power2013-12-051-0/+6
| | | | | | | | | | | | | | | converted to sid furthermore if more than one name is supplied and no sid is converted then also fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10300 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10306 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> [ddiss@samba.org: fixed incorrect bugzilla tag I added to master commit]
* CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked.Jeremy Allison2013-12-056-5/+62
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.Jeremy Allison2013-12-0521-46/+370
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
* CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked.Jeremy Allison2013-12-058-8/+110
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
* CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply.Jeremy Allison2013-12-054-6/+39
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2013-4408:libcli/util: add some size verification to ↵Stefan Metzmacher2013-12-051-0/+5
| | | | | | | | | tstream_read_pdu_blob_done() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2013-4408:s3:util_tsock: add some overflow detection to ↵Stefan Metzmacher2013-12-051-0/+5
| | | | | | | | | tstream_read_packet_done() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler()Stefan Metzmacher2013-12-051-0/+5
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2013-4408:s4:dcerpc_sock: check for invalid frag_len within ↵Stefan Metzmacher2013-12-051-0/+6
| | | | | | | | | sock_complete_packet() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2013-4408:s4:dcerpc_smb2: check for invalid frag_len in ↵Stefan Metzmacher2013-12-051-0/+6
| | | | | | | | | send_read_request_continue() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2013-4408:s4:dcerpc_smb: check for invalid frag_len in ↵Stefan Metzmacher2013-12-051-0/+6
| | | | | | | | | send_read_request_continue() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2013-4408:s4:dcerpc: check for invalid frag_len in ncacn_pull()Stefan Metzmacher2013-12-051-0/+4
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2013-4408:s3:rpc_client: verify frag_len at least contains the header sizeStefan Metzmacher2013-12-051-0/+8
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2013-4408:s3:rpc_client: check for invalid frag_len in ↵Stefan Metzmacher2013-12-051-0/+4
| | | | | | | | | dcerpc_pull_ncacn_packet() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2013-4408:librpc: check for invalid frag_len within ↵Stefan Metzmacher2013-12-051-0/+9
| | | | | | | | | | | | dcerpc_read_ncacn_packet_next_vector() We should do this explicit instead of relying on tstream_readv_pdu_ask_for_next_vector() to catch the overflow. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2013-4408:librpc: check for invalid frag_len within ↵Stefan Metzmacher2013-12-051-0/+5
| | | | | | | | | dcerpc_read_ncacn_packet_done() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* VERSION: Bump version up to 3.6.22.Karolin Seeger2013-11-291-1/+1
| | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org> (cherry picked from commit d57a4d130bcbf88b7f060439a33797be89353e29)
* WHATSNEW: Add release notes for Samba 3.6.21.samba-3.6.21Karolin Seeger2013-11-281-2/+62
| | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org> (cherry picked from commit c458263e352328db49becec65157e9ec477bdacc)
* spoolss: accept XPS_PASS datatype used by Windows 8Arvid Requate2013-11-281-1/+7
| | | | | | | | | | | | | The new v4 driver model used in Windows 8 declares print jobs intended to bypass the XPS processing layer by setting datatype to "XPS_PASS" instead of "RAW". BUG: https://bugzilla.samba.org/show_bug.cgi?id=10267 Reviewed-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit b2815b4c8c3e436a79fb7f07be285a417fd6e8cb) (cherry picked from commit 4cfd6597bceeb0ef10d14bb7a48badd2264e85a6)
* xattr: fix listing EAs on *BSD for non-root usersJeremy Allison2013-11-281-0/+4
| | | | | | | | | | | | Thanks to Stefan Rompf for reporting. This fixes bug #10247 Back-ported to 3.6.next from master commit 374b2cfde74e0c61f4b2da724b30d0e430596092 Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit d984e764073df34729e5410026d6fa618699126f)
* Fix bug #10118 - Samba is chatty about being unable to open a printer.Korobkin2013-11-281-1/+1
| | | | (cherry picked from commit 906db4fe8e6de2de67afa4655603e67d887c370b)
* nsswitch: Fix short writes in winbind_write_sockVolker Lendecke2013-11-281-2/+2
| | | | | | | | | | | | We set the socket to nonblocking and don't handle EAGAIN right. We do a poll anyway, so wait for writability, which should fix this. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10195 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit c6909887c26d4e827633acd50b11cf08c6aee0f7) Signed-off-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 3dfbea723553b268008063b280c808bb30951fdc)
* s3-winbind: Send online/offline message of the domain to the parent.Andreas Schneider2013-11-281-0/+22
| | | | | | | | | | | | | https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Oct 11 13:37:56 CEST 2013 on sn-devel-104 (cherry picked from commit 275f6586c4d4547978c6ff2f04670b0d8f89fd4b) (cherry picked from commit 80a5575849c903a3cb4a9bd74f029e5b7c293aa3)
* s3-winbind: Register handlers for domain online/offline messages.Andreas Schneider2013-11-282-0/+11
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit fc5941622010843d823b5c245eccc68d1d3bce19) (cherry picked from commit 920f8013ad5c57aaa941d5c7aea335726ed0bbae)
* s3-winbind: Add functions for domain online/offline handling.Andreas Schneider2013-11-282-0/+50
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 447ec17a6bec814a2ac5cadb74dbef5789f07c52) (cherry picked from commit 2d226b2717d0a30186636d17a8d890e1b7de8151)
* idl: Add a new message for winbind domain states.Andreas Schneider2013-11-281-0/+2
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 1a884636542ba0e54c6d209662a5d1613d727a85) (cherry picked from commit 272a22e2dba836f60a1f628206c14fe1a24f49c5)
* Fix bug #10187 - Missing talloc_free can leak stackframe in error path.Jeremy Allison2013-11-281-2/+3
| | | | | | | | | | | Fix error path. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Oct 9 03:50:56 CEST 2013 on sn-devel-104 (cherry picked from commit 63f370bdbad94d6aba7a4783d4238fcfc524b055)
* Fix is_legal_name() to not emit character conversion error messages.Jeremy Allison2013-11-281-4/+5
| | | | | | | | | | Using next_codepoint() does the same check, but without the conversion message. Signed-off-by: Jeremy Allison <jra@samba.org> Fix bug #10139 - valid utf8 filenames cause "invalid conversion error" messages. (cherry picked from commit ee0ef2a5b4b06fdb723a5232f90212fda5e853d1)
* s3: smb2 server - fix bug 10167 smb2 breaks "smb encryption = mandatoryJeremy Allison2013-11-281-0/+9
| | | | | | | | Refuse an SMB2 tcon on a share wher eencryption is required. SMB2 doesn't support this. Signed-off-by: Jeremy Allison <jra@samba.org> (cherry picked from commit e00a2c90847b3c85f089b4f3c96ec6c66b949576)
* VERSION: Bump version up to 3.6.21.Karolin Seeger2013-11-111-1/+1
| | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org> (cherry picked from commit c2287276eb6533586ca1eac8b445ac1f93bcee98)
* WHATSNEW: Add release notes for Samba 3.6.20.samba-3.6.20Karolin Seeger2013-11-111-5/+26
| | | | | | Bug 10235 - CVE-2013-4475: No access check verification on stream files. Signed-off-by: Karolin Seeger <kseeger@samba.org>
* Fix bug #10229 - No access check verification on stream files.Jeremy Allison2013-11-071-0/+61
| | | | | | | | | | | | | | https://bugzilla.samba.org/show_bug.cgi?id=10229 We need to check if the requested access mask could be used to open the underlying file (if it existed), as we're passing in zero for the access mask to the base filename. Signed-off-by: Jeremy Allison <jra@samba.org> Fix Bug #10235 - CVE-2013-4475: No access check verification on stream files. https://bugzilla.samba.org/show_bug.cgi?id=10235
* WHATSNEW: Start release notes for Samba 3.6.20.Karolin Seeger2013-10-021-2/+44
| | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org> (cherry picked from commit b63dbd748636adfe5c98050133b14c2b61396d11)
View Lorry Controller Status