[SCM] Samba Shared Repository - branch v3-2-stable updated -
release-3-2-13
Karolin Seeger
kseeger at samba.org
Tue Jun 23 13:22:50 GMT 2009
The branch, v3-2-stable has been updated
via fcb091407ba003db807964f27a2b7cecc70896c7 (commit)
via c5a0590a2efb9c0e8565e822dfc7cea92af0bece (commit)
via d85b881d66841a5dac66a98a94f251f58d66d1c4 (commit)
via 0239c6555dbf515935fed7b958cfcce24810f07f (commit)
via 91ea0d3fa11fc209dc653dd09dfab6244fb80f0d (commit)
from a3d27deaa6c20d5764a511384d75ee481c92e13d (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable
- Log -----------------------------------------------------------------
commit fcb091407ba003db807964f27a2b7cecc70896c7
Author: Jeremy Allison <jra at samba.org>
Date: Fri Jun 19 11:00:41 2009 +0200
Bug 6488: acl_group_override() call in posix acls references an uninitialized variable. (cherry picked from commit f92195e3a1baaddda47a5d496f9488c8445b41ad)
commit c5a0590a2efb9c0e8565e822dfc7cea92af0bece
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Jun 22 23:04:29 2009 +0200
WHATSNEW: Update changes.
Karolin
commit d85b881d66841a5dac66a98a94f251f58d66d1c4
Author: Karolin Seeger <kseeger at samba.org>
Date: Fri Jun 19 09:20:04 2009 +0200
WHATSNEW: Update changes since 3.2.12.
Karolin
commit 0239c6555dbf515935fed7b958cfcce24810f07f
Author: Karolin Seeger <kseeger at samba.org>
Date: Thu Jun 18 10:28:13 2009 +0200
VERSION: Raise version number up to 3.2.13.
Karolin
commit 91ea0d3fa11fc209dc653dd09dfab6244fb80f0d
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 16 12:23:31 2009 +0200
Fix bug 6478
This is the part of checkin cfee2025 that is relevant to this bug.
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 1694 +++++++++++++++++++++++++++++++++++++++++++++-
source/VERSION | 2 +-
source/client/client.c | 40 +-
source/smbd/posix_acls.c | 22 +-
4 files changed, 1723 insertions(+), 35 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 2e98fdf..8b34c13 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,60 @@
==============================
+ Release Notes for Samba 3.2.13
+ June 23, 2009
+ ==============================
+
+
+This is a security release in order to address CVE-2009-1886 and CVE-2009-1888.
+
+ o CVE-2009-1886:
+ In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing
+ with file names treat user input as a format string to asprintf.
+ With a maliciously crafted file name smbclient can be made
+ to execute code triggered by the server.
+
+ o CVE-2009-1888:
+ In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data
+ value can potentially affect access control when "dos filemode"
+ is set to "yes".
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.2.12
+--------------------
+
+
+o Jeremy Allison <jra at samba.org>
+ * Fix for CVE-2009-1886.
+ * Fix for CVE-2009-1888.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.2 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ ==============================
Release Notes for Samba 3.2.12
June 16, 2009
==============================
@@ -99,8 +155,1642 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
+ ==============================
+ Release Notes for Samba 3.2.11
+ April 17, 2009
+ ==============================
+
+
+This is a maintenance release of the Samba 3.2 series.
+
+Major enhancements in 3.2.11 include:
+
+ o Fix domain logins for WinXP clients pre SP3 (bug #6263).
+ o Fix samr_OpenDomain access checks (bug #6089).
+ o Fix smbd crash for close_on_completion.
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.2.10
+--------------------
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 6089: Fix samr_OpenDomain access checks.
+ * BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with
+ "msdfs root" set to "yes".
+ * Allow pdbedit to change a user rid/sid.
+ * When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid.
+
+
+o Günther Deschner <gd at samba.org>
+ * BUG 6205: Correct sample smb.conf share configuration.
+ * BUG 6263: Fix domain logins for WinXP clients pre SP3.
+ * Fix resume command typo for "printing = vlp".
+
+
+o Volker Lendecke <vl at samba.org>
+ * Fix smbd crash for close_on_completion.
+ * Fix a memleak in an unlikely error path in change_notify_create().
+
+
+o Jim McDonough <jmcd at samba.org>
+ * Don't look up local user for remote changes, even when root.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.2 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ ==============================
+ Release Notes for Samba 3.2.10
+ April 1, 2009
+ ==============================
+
+
+This is a maintenance release of the Samba 3.2 series.
+
+In Samba 3.2.9, there is an issue while migrating passdb.tdb files from older
+Samba versions (e.g. 3.2.8). That causes panics of smbd child processes until
+the parent smbd is restarted once after converting the passdb.tdb file. This
+issue is fixed in Samba 3.2.10.
+
+Sorry for the inconveniences!
+
+######################################################################
+Changes
+#######
+
+Changes since 3.2.9
+-------------------
+
+
+o Michael Adam <obnox at samba.org>
+ * BUG #6195: Don't let smbd child processes panic.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.2 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 3.2.9
+ March 31, 2009
+ =============================
+
+
+This is a maintenance release of the Samba 3.2 series.
+
+Major enhancements included in Samba 3.2.9 are:
+
+ o Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb
+ correctly (bug #6195).
+ o Fix guest authentication in setups with "security = share" and
+ "guest ok = yes" when Winbind is running.
+ o Fix corruptions of source path in tar mode of smbclient (bug #6161).
+
+
+The original security announcement for this and past advisories can
+be found http://www.samba.org/samba/security/
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.2.8
+-------------------
+
+
+o Michael Adam <obnox at samba.org>
+ * Add script fill-templates.
+ * Make update-pkginfo callable from any directory.
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 6099: Samba returns incurrate capabilities list.
+ * BUG 6133: Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL
+ filesystem.
+ * BUG 6161: smbclient corrupts source path in tar mode.
+ * BUG 6195: Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb
+ correctly.
+ * BUG 6196: Unable to serve files with colons to Linux CIFS/VFS client.
+ * BUG 6224: nmbd waits 5 minutes at startup before checking if it needs to
+ run elections.
+ * Correctly use chroot().
+ * Parameterize in local.h the MAX_RPC_DATA_SIZE, and ensure
+ that "offered" read from the rpc packet in spoolss is under
+ that size.
+ * Fix Coverity ID 602.
+ * Backport the semantics of when to delete alternate data streams on a file
+ truncate.
+ * Allow set attributes on a stream fnum to be redirected to the base
+ filename.
+ * Fix use of streams modules with CIFSFS client.
+ * Fix more POSIX path lstat calls.
+ * Allow DFS client paths to work when POSIX pathnames have been
+ selected.
+ * Try and fix the build farm RAW-STREAMS errors.
+ * Ensure files starting with multiple dots are hidden.
+
+
+o Steven Danneman <steven.danneman at isilon.com>
+ * Fix guest auth when Winbind is running.
+
+
+o Günther Deschner <gd at samba.org>
+ * BUG 6102: NetQueryDisplayInformation could return wrong information.
+ * BUG 6193: Avoid messing with sync_context in fetch_database_to_ldif().
+ * Fix memleak in get_remote_printer_publishing_data().
+ * Add pidl in order to be able to regenerate librpc functions.
+ * Fix Coverity IDs 722, 762.
+
+
+o Steve French <smfrench at gmail.com>
+ * cifs mount fix for handling -V parameter.
+ * Fix guest mounts.
+
+
+o Holger Hetterich <hhetter at novell.com>
+ * Enable total anonymization in vfs_smb_traffic_analyzer.
+
+
+o Björn Jacke <bj at sernet.de>
+ * Enable IPv6 support for NetBSD and FreeBSD.
+ * Prefer gssapi header files from subdirectory.
+ * Fix build on old Heimdal based systems.
+ * Use parentheses in if condition to make negation clear.
+
+
+o Günter Kukkukk <linux at kukkukk.com>
+ * Don't try and delete a default ACL from a file.
+
+
+o Jeff Layton <jlayton at redhat.com>
+ * Initialize rc to 0 in main.
+
+
+o Volker Lendecke <vl at sernet.de>
+ * BUG 6100: Complete fix.
+ * BUG 6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped
+ members.
+ * BUG 6097: Fix smbd segfault.
+ * Fix remotely adding a share via MMC.
+ * Fix resume handle for _samr_EnumDomainGroups.
+ * Fix Coverity IDs 742, 744, 745, 879, 880.
+ * Fix a buffer handling bug when adding lots of registry keys.
+ * Fix a O(n^2) algorithm in regdb_fetch_keys().
+ * Fix an uninitialized variable warning.
+ * Fix a valgrind error / segfault in dns_register_smbd().
+ * Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog.
+ * Fix a malloc/talloc mismatch when cli_initialise() fails.
+ * Fix a valgrind error.
+ * Fix two memleaks in the encryption code.
+ * Fix gcc 4.4 compile warning.
+ * Fix a scary "fill_share_mode_lock failed" message.
+
+
+o Derrell Lipman <derrell at dworkin.(none)>
+ * BUG 6228: Fix SMBC_open_ctx failure due to path resolve failure doesn't
+ set errno.
+
+
+o Stefan Metzmacher <metze at samba.org
+ * BUG 6100: Implement _netr_LogonGetCapabilities() with
+ NT_STATUS_NOT_IMPLEMENTED.
+ * Add S-1-22-X-Y sids to the local token.
+ * Add idl for netr_LogonGetCapabilities().
+ * Fix the build on SLES8.
+ * Fix smb signing for fragmented trans/trans2/nttrans requests.
+
+
+o Glenn Machin <gmachin at sandia.gov>
+ * Don't miss an absolute pathname as a kerberos keytab path.
+
+
+o Shirish Pargaonkar <shirishpargaonkar at gmail.com>
+ * Clean-up entries in /etc/mtab after unmount.
+ * Add fakemount (-f) and nomtab (-n) flags to mount.cifs.
+
+
+o Ted Percival <ted.percival at quest.com>
+ * Fix a crash during name resolution when log level >= 10 and libc
+ segfaults if printf is passed NULL for a "%s" arg (e.g. Solaris).
+
+
+o Tim Prouty <tprouty at samba.org>
+ * Fix SMB_VFS_RECVFILE/SENDFILE macros.
+ * Parse_packet can return NULL which is then dereferenced in
+ match_mailslot_name.
+
+
+o Dan Sledz <dsledz at isilon.com>
+ * Fix double free caused by incorrect talloc_steal usage.
+
+
+o Aravind Srinivasan <aravind.srinivasan at isilon.com>
+ * Have nmbd check all available interfaces for WINS before failing.
+
+
+o Miguel Suarez <Miguel.Suarez at stratus.com>
+ * BUG 6085: Fix build of vfs_default on systems without utime support.
+
+
+o Yasuma Takeda <yasuma at osstech.co.jp>
+ * BUG 5920: The length of the memcpy was calculated wrong.
+ * BUG 6098: Fix the ads_find_dc() with "security = domain" when the DNS
+ server is invalid.
+
+
+o Andrew Tridgell <tridge at samba.org>
+ * Fix a bug in message handling for code the change notify code.
+
+
+o Jelmer Vernooij <jelmer at samba.org>
+ * Properly cast array length in print functions.
+
+
+o Bo Yang <boyang at novell.com>
+ * Initialize the id_map status in idmap_ldap to avoid surprise.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 3.2 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+----------------------------------------------------------------------
+
+
+ =============================
+ Release Notes for Samba 3.2.8
+ March 03, 2009
+ =============================
+
+
+This is a bug fix release of the Samba 3.2 series.
+
+Major enhancements included in Samba 3.2.8 are:
+
+ o Correctly detect if the current DC is the closest one.
+ o Add saf_join_store() function to memorize the DC used at join time.
+ This avoids problems caused by replication delays shortly after domain
+ joins.
+
+
+The original security announcement for this and past advisories can
+be found http://www.samba.org/samba/security/
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.2.7
+-------------------
+
+
+o Michael Adam <obnox at samba.org>
+ * BUG 6066: netinet/ip.h present but cannot be compiled under Solaris.
+ * Fix join by creating keytab after changing the config in libnet.
+ * Streamline logic of libnet_join_post_processing() in libnet_join.
+ * Fix build of [u]mount.cifs in the RHEL packaging.
+ * Fix distclean target and add realdistclean target in the docs build.
+ * Clean generated .png images and build/catalog.xml in "make clean".
+ * Fix detection of netinet/ip.h on Solaris 8.
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 4308: Excel save operation corrupts file ACLs.
+ * BUG 5979: Fix level 2 oplocks.
+ * BUG 5980: Fix race condition when granting level2 oplocks can cause break
+ notify to be missed.
+ * BUG 5986: Fix renaming of streams.
+ * BUG 5990: Strict allocate should be checked before ftruncate.
+ * BUG 6009: Setting "min receivefile size = 1" breaks writes.
+ * BUG 6016: Alternate Data Streams / Extended Attributes seem to conflict.
+ * BUG 6017: Fix magic scripts.
+ * BUG 6019: Fix file corruption in Clustered SMB/NFS environments managed via
+ CTDB.
+ * BUG 6021: smbclient du command does not recuse properly.
+ * BUG 6030: Add missing <th> header in Status page.
+ * BUG 6035: Fix possible race between fcntl F_SETLKW and alarm delivery.
+ * BUG 6040: Calling Samba print server with an aliased DNS-name fails.
+ * Fix race condition in alarm lock processing.
+ * Fix logic bug introduce in backport of ccache_regain_all_now.
+ * Fix crash bug in SWAT.
+ * Fix logic error in try_chown.
+ * Fix detection of dns_sd libraries.
+
+
+o Kai Blin <kai at samba.org>
+ * BUG 5953: Fix smbclient crashes.
+
+
+o Gerald (Jerry) Carter <jerry at samba.org>
+ * Fix "allow trusted domain" so it disables trusted domains.
+
+
+o Guenther Deschner <gd at samba.org>
+ * Fix buffer allocation in eventlog read call.
+ * Fix various invalid memcpy in read_package_entry().
+
+
+o SATOH Fumiyasu <fumiyas at osstech.co.jp>
+ * Variables for signals must be volatile sig_atomic_t in Winbind.
+ * Fix gmem->numgids and gmem->maxgids breakage on Solaris 64-bit.
+ * Fix a compile-time warning.
+ * Fix SIGBUS on non-x86 CPUs in libsmbclient.
+
+
+o Björn Jacke <bj at sernet.de>
+ * Correct the description of the "ldap timeout" parameter.
+ * Fix build with external dns_sd libraries.
+
+
+o Jeff Layton <jlayton at redhat.com>
+ * Allow mounts to ipv6 capable servers in mount.cifs.
+
+
+o Volker Lendecke <vl at sernet.de>
+ * BUG 5933: Fix incrementing/decrementing num_validated_vuids.
+ * BUG 5953: Make cli_send_smb_direct_writeX use writev.
+ * BUG 5965: Fix creation of the first share using SWAT.
+ * BUG 5969: Optimize smbclient put command.
+ * BUG 6014: mget shouldn't segfault without arguments.
+ * Fix error code when smbclient puts a file over an existing directory.
+ * Fix a valgrind error.
+ * Fix a "ignoring function call result" warning.
+ * Add sys_writev.
+ * Add write_data_iov.
+ * Make write_data use write_data_iov.
+ * Fix a memory leak in cups_pull_comment_location.
+ * Fix an ancient uninitialized variable read.
--
Samba Shared Repository
More information about the samba-cvs
mailing list