| Age | Commit message (Collapse) | Author |
|---|
|
This is a security release in order to address the following defects:
CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD
DC LDAP Server with ASQ, VLV and paged_results.
CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
excessive CPU
CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
paged_results and VLV.
CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.
Also backport 3 patches to fix build error with musl.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1609df11530ebb73de863d0c705e16107015dbe3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This is seen with glibc 2.32 where these names are also defined
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5cf2665446f3fdc16b484c64afffaa0ac8373a35)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
It is unnecessary, and libbsd uses the "BSD-4-Clause" license, which can
be problematic.
To make it deterministic, a patch is introduced to allow libbsd support
to be disabled. It resembles similar patches in, e.g., libldb,
libtalloc, libtdb and libtevent.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Guest accounts for Samba are a known potential vulnerability
(see https://www.tenable.com/plugins/nessus/26919) where info
about the host can be obtained without proper access. The option
"map to guest = bad user" allows login attempts with usernames
that don't exist to map to the guest account, while the
"restrict anonymous" value (implicitly set to 0 before this patch)
would allow any queries to obtain user and group list information.
Raise the default security level by setting "restrict anonymous"
to "1" and "map to guest" to "never" to avoid providing user/group
info to unauthenticated users and reject login attempts with an
invalid password, respectively.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Do not use nested functions ( main inside main )
Use global scope for __thread variables
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
1. switch to python3, from 4.10.x, samba support both python2 and python3,
and from 4.11.x, python2 will be dropped.
2. fix cross-compile problem caused by waf
3. disable lmdb
4. refresh patch
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
* This includes security fixes that adresses the following defects:
CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
Internal DNS server)
CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported))
CVE-2019-3880 (Save registry file outside share as unprivileged user)
* Upstreamed patch removed:
0001-ldb-Refuse-to-build-Samba-against-a-newer-minor-vers.patch
* Extended PACKAGECONFIG ad-dc to be able to build MIT Kerberos
see https://bugzilla.samba.org/show_bug.cgi?id=13678
Signed-off-by: Johannes Pointner <johannes.pointner@br-automation.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
There is the same issue as for libldb, the header has conflicting defs
for unitptr_t. Fix it as done for the other recipe.
Fix
/cmocka/cmocka.h:126:28: error: conflicting types for 'uintptr_t'
typedef unsigned int uintptr_t;
^~~~~~~~~
Signed-off-by: Andrea Adami <andrea.adami@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
LDB 1.4.0 breaks Samba < 4.9 therefore use internal version
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
For 16-do-not-check-xsltproc-manpages.patch devtool created a heavy monster
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
last update left the musl builds broken since the
patch was not forward ported
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
ad-dc code is built and krb5 is used. If booting using systemd,
'nmb' and 'smb' are started. 'samba' is not.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
This includes a security fix that adresses the following defect:
CVE-2017-7494 (Remote code execution from a writable share)
* Detail release note:
- https://www.samba.org/samba/history/samba-4.6.5.html
* Remove 00-fix-typos-in-man-pages.patch which has been fixed
upstream a long time ago
Signed-off-by: Johannes Pointner <johannes.pointner@br-automation.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
Yi Zhao
Khem Raj
Peter Kjellerstedt
Trevor Gamblin
Changqing Li
Johannes Pointner
Andrea Adami
Andreas Müller
Joe Slater