[SCM] Samba Shared Repository - branch v4-0-stable updated
Karolin Seeger
kseeger at samba.org
Tue May 27 11:23:17 MDT 2014
The branch, v4-0-stable has been updated
via 98b4a34 VERSION: Disable git snapshots for the 4.0.18 release.
via 8a0fcbc WHATSNEW: Add release notes for Samba 4.0.18.
via 97a3274 bug #10609: CVE-2014-0239 Don't reply to replies
via d4b0b74 pidl/lib/wscript_build: make use of PERL_LIB_INSTALL_DIR
via d6043d6 script/autobuild: make use of --with-perl-{arch,lib}-install-dir
via 0e430f8 wafsamba: Fail with error message if perl doesn't provide valid dirs.
via 86830d9 wafsamba: If perl can't provide defaults, define them.
via 39ae6a7 FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end
via 101ae20 FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to zero
via 7d90c1b s3: smbd : Fix wildcard unlink to fail if we get an error rather than trying to continue.
via cc20cef s3: smbd: Remove open_file_fchmod().
via 9b62ae8 s3: smbd: change file_set_dosmode() to use get_file_handle_for_metadata() instead of open_file_fchmod().
via d3b8149 s3: smbd : Ensure file_new doesn't call into smbXsrv_open_create() for INTERNAL_OPEN_ONLY.
via 25aacde s3 : smbd : Protect all possible code paths from fsp->op == NULL.
via c412f62 byteorder: do not assume PowerPC is big-endian
via 92f894d Fix an empty if statement.
via a9a345f Minor typo fix in source3/wscript.
via 4386827 s3: smbd - smb1 - fix read of deleted memory in reply_writeclose().
via deadf70 lib-util: rename memdup to smb_memdup and fix all callers (bug #10556)
via 3d6e3ac build: fix ordering problems with lib-provided and internal RPATHs
via 0953816 Revert "tevent: fix crash bug in tevent_queue_immediate_trigger()"
via f0d41fb s3-lib/util: fix logic inside set_namearray loops.
via 9057b42 s3-lib/util: fix read across end of namelist string
via 0583bf5 s3-nmbd: reset debug settings after reading config file (bug #10239)
via 1559d43 VERSION: Bump version number up to 4.0.18...
from 52eee62 WHATSNEW: Add release notes for Samba 4.0.17.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 100 +++++++++++++++++++++++++++++++-
buildtools/wafadmin/Tools/config_c.py | 13 ++++
buildtools/wafadmin/Tools/perl.py | 52 ++++++++++++----
lib/tevent/tevent_queue.c | 4 -
lib/util/byteorder.h | 10 ++-
lib/util/samba_util.h | 2 +-
lib/util/util.c | 2 +-
pidl/lib/wscript_build | 4 +-
python/samba/tests/dns.py | 29 +++++++++
script/autobuild.py | 4 +-
source3/lib/interface.c | 4 +-
source3/lib/smbldap.c | 2 +-
source3/lib/util.c | 33 +++++++----
source3/libsmb/clirap.c | 4 +-
source3/locking/brlock.c | 18 +++++-
source3/modules/vfs_default.c | 6 +-
source3/nmbd/nmbd.c | 4 +
source3/passdb/secrets.c | 2 +-
source3/smbd/aio.c | 10 +++
source3/smbd/dosmode.c | 104 +++++++++++++++++++++++++++++----
source3/smbd/files.c | 5 +-
source3/smbd/open.c | 47 ++++-----------
source3/smbd/proto.h | 3 -
source3/smbd/reply.c | 27 +++++----
source3/smbd/scavenger.c | 3 +
source3/smbd/seal.c | 2 +-
source3/smbd/sec_ctx.c | 4 +-
source3/winbindd/winbindd_cache.c | 2 +-
source3/wscript | 2 +-
source4/dns_server/dns_server.c | 6 ++
source4/libnet/libnet_domain.c | 2 +-
source4/smbd/process_thread.c | 4 +-
33 files changed, 391 insertions(+), 125 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 8a57f26..c0e07f7 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=0
-SAMBA_VERSION_RELEASE=17
+SAMBA_VERSION_RELEASE=18
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8ae476c..0320288 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,100 @@
==============================
+ Release Notes for Samba 4.0.18
+ May 27, 2014
+ ==============================
+
+
+This is the latest stable release of Samba 4.0.
+
+Please note that this bug fix release also addresses two minor security issues
+without being a dedicated security release:
+
+ o CVE-2014-0239: dns: Don't reply to replies (bug #10609).
+ o CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response
+ (bug #10549).
+
+For more details including security advisories and patches, please see
+
+ http://www.samba.org/samba/history/security.html
+
+
+ Changes since 4.0.17:
+---------------------
+
+o Michael Adam <obnox at samba.org>
+ * BUG 10548: build: Fix ordering problems with lib-provided and internal
+ RPATHs.
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 10577: SMB1 wildcard unlink fail can leave a retry record on the open
+ retry queue.
+ * BUG 10564: Fix lock order violation and file lost.
+
+
+o Björn Baumbach <bb at sernet.de>
+ * BUG 10239: s3-nmbd: Reset debug settings after reading config file.
+ * BUG 10544: s3-lib/util: set_namearray reads across end of namelist
+ string.
+ * BUG 10556: lib-util: Rename memdup to smb_memdup and fix all callers.
+
+
+o Kai Blin <kai at samba.org>
+ * BUG 10609: CVE-2014-0239: dns: Don't reply to replies.
+
+
+o David Disseldorp <ddiss at samba.org>
+ * BUG 10590: byteorder: Do not assume PowerPC is big-endian.
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 10472: script/autobuild: Make use of
+ '--with-perl-{arch,lib}-install-dir'.
+
+
+o Noel Power <nopower at suse.com>
+ * BUG 10554: Fix read of deleted memory in reply_writeclose()'.
+
+
+o Jose A. Rivera <jarrpa at redhat.com>
+ * BUG 10151: Extra ':' in msg for Waf Cross Compile Build System with
+ Cross-answers command.
+ * BUG 10348: Fix empty body in if-statement in continue_domain_open_lookup.
+
+
+o Christof Schmitt <christof.schmitt at us.ibm.com>
+ * BUG 10549: CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS
+ response.
+
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 10472: wafsamba: Fix the installation on FreeBSD.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.0 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ ==============================
Release Notes for Samba 4.0.17
April 15, 2014
==============================
@@ -109,8 +205,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
==============================
Release Notes for Samba 4.0.16
diff --git a/buildtools/wafadmin/Tools/config_c.py b/buildtools/wafadmin/Tools/config_c.py
index a32d8aa..d0bc617 100644
--- a/buildtools/wafadmin/Tools/config_c.py
+++ b/buildtools/wafadmin/Tools/config_c.py
@@ -73,6 +73,19 @@ def parse_flags(line, uselib, env):
app('CCFLAGS_' + uselib, x)
app('CXXFLAGS_' + uselib, x)
app('LINKFLAGS_' + uselib, x)
+ #
+ # NOTE on special treatment of -Wl,-R and -Wl,-rpath:
+ #
+ # It is important to not put a library provided RPATH
+ # into the LINKFLAGS but in the RPATH instead, since
+ # the provided LINKFLAGS get prepended to our own internal
+ # RPATH later, and hence can potentially lead to linking
+ # in too old versions of our internal libs.
+ #
+ elif x.startswith('-Wl,-R'):
+ app('RPATH_' + uselib, x[6:])
+ elif x.startswith('-Wl,-rpath,'):
+ app('RPATH_' + uselib, x[11:])
elif x.startswith('-Wl'):
app('LINKFLAGS_' + uselib, x)
elif x.startswith('-m') or x.startswith('-f'):
diff --git a/buildtools/wafadmin/Tools/perl.py b/buildtools/wafadmin/Tools/perl.py
index 8f13e28..0f34e79 100644
--- a/buildtools/wafadmin/Tools/perl.py
+++ b/buildtools/wafadmin/Tools/perl.py
@@ -98,27 +98,53 @@ def check_perl_ext_devel(conf):
conf.env.EXTUTILS_TYPEMAP = read_out('print "$Config{privlib}/ExtUtils/typemap"')
conf.env.perlext_PATTERN = '%s.' + read_out('print $Config{dlext}')[0]
- if getattr(Options.options, 'perl_vendorarch_dir', None):
- conf.env.PERL_VENDORARCH_DIR = Options.options.perl_vendorarch_dir
- else:
- conf.env.PERL_VENDORARCH_DIR = read_out('print $Config{vendorarch}')[0]
-
- if getattr(Options.options, 'perl_vendorlib_dir', None):
- conf.env.PERL_VENDORLIB_DIR = Options.options.perl_vendorlib_dir
- else:
- conf.env.PERL_VENDORLIB_DIR = read_out('print $Config{vendorlib}')[0]
+ def try_any(keys):
+ for k in keys:
+ conf.start_msg("Checking for perl $Config{%s}:" % k)
+ try:
+ v = read_out('print $Config{%s}' % k)[0]
+ conf.end_msg("'%s'" % (v), 'GREEN')
+ return v
+ except IndexError:
+ conf.end_msg(False, 'YELLOW')
+ pass
+ return None
+
+ perl_arch_install_dir = None
+ if getattr(Options.options, 'perl_arch_install_dir', None):
+ perl_arch_install_dir = Options.options.perl_arch_install_dir
+ if perl_arch_install_dir is None:
+ perl_arch_install_dir = try_any(['vendorarch', 'sitearch', 'archlib'])
+ if perl_arch_install_dir is None:
+ conf.fatal('No perl arch install directory autodetected.' +
+ 'Please define it with --with-perl-arch-install-dir.')
+ conf.start_msg("PERL_ARCH_INSTALL_DIR: ")
+ conf.end_msg("'%s'" % (perl_arch_install_dir), 'GREEN')
+ conf.env.PERL_ARCH_INSTALL_DIR = perl_arch_install_dir
+
+ perl_lib_install_dir = None
+ if getattr(Options.options, 'perl_lib_install_dir', None):
+ perl_lib_install_dir = Options.options.perl_lib_install_dir
+ if perl_lib_install_dir is None:
+ perl_lib_install_dir = try_any(['vendorlib', 'sitelib', 'privlib'])
+ if perl_lib_install_dir is None:
+ conf.fatal('No perl lib install directory autodetected. ' +
+ 'Please define it with --with-perl-lib-install-dir.')
+ conf.start_msg("PERL_LIB_INSTALL_DIR: ")
+ conf.end_msg("'%s'" % (perl_lib_install_dir), 'GREEN')
+ conf.env.PERL_LIB_INSTALL_DIR = perl_lib_install_dir
def set_options(opt):
opt.add_option("--with-perl-binary", type="string", dest="perlbinary", help = 'Specify alternate perl binary', default=None)
- opt.add_option("--with-perl-vendorarch",
+ opt.add_option("--with-perl-arch-install-dir",
type="string",
- dest="perl_vendorarch_dir",
+ dest="perl_arch_install_dir",
help = ('Specify directory where to install arch specific files'),
default=None)
- opt.add_option("--with-perl-vendorlib",
+ opt.add_option("--with-perl-lib-install-dir",
type="string",
- dest="perl_vendorlib_dir",
+ dest="perl_lib_install_dir",
help = ('Specify directory where to install vendor specific files'),
default=None)
diff --git a/lib/tevent/tevent_queue.c b/lib/tevent/tevent_queue.c
index e324680..eeb922f 100644
--- a/lib/tevent/tevent_queue.c
+++ b/lib/tevent/tevent_queue.c
@@ -144,10 +144,6 @@ static void tevent_queue_immediate_trigger(struct tevent_context *ev,
return;
}
- if (!q->list) {
- return;
- }
-
q->list->triggered = true;
q->list->trigger(q->list->req, q->list->private_data);
}
diff --git a/lib/util/byteorder.h b/lib/util/byteorder.h
index 58cd68a..297be52 100644
--- a/lib/util/byteorder.h
+++ b/lib/util/byteorder.h
@@ -89,10 +89,12 @@ it also defines lots of intermediate macros, just ignore those :-)
/*
- on powerpc we can use the magic instructions to load/store
- in little endian
-*/
-#if (defined(__powerpc__) && defined(__GNUC__))
+ * On powerpc we can use the magic instructions to load/store in little endian.
+ * The instructions are reverse-indexing, so assume a big endian Power
+ * processor. Power8 can be big or little endian, so we need to explicitly
+ * check.
+ */
+#if (defined(__powerpc__) && defined(__GNUC__) && HAVE_BIG_ENDIAN)
static __inline__ uint16_t ld_le16(const uint16_t *addr)
{
uint16_t val;
diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h
index 311e99d..c061721 100644
--- a/lib/util/samba_util.h
+++ b/lib/util/samba_util.h
@@ -725,7 +725,7 @@ char *smb_xstrndup(const char *s, size_t n);
/**
Like strdup but for memory.
**/
-_PUBLIC_ void *memdup(const void *p, size_t size);
+_PUBLIC_ void *smb_memdup(const void *p, size_t size);
/**
* Write a password to the log file.
diff --git a/lib/util/util.c b/lib/util/util.c
index f63720c..697c9bf 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -622,7 +622,7 @@ char *smb_xstrndup(const char *s, size_t n)
Like strdup but for memory.
**/
-_PUBLIC_ void *memdup(const void *p, size_t size)
+_PUBLIC_ void *smb_memdup(const void *p, size_t size)
{
void *p2;
if (size == 0)
diff --git a/pidl/lib/wscript_build b/pidl/lib/wscript_build
index 5023e07..54b3170 100644
--- a/pidl/lib/wscript_build
+++ b/pidl/lib/wscript_build
@@ -1,7 +1,7 @@
#!/usr/bin/env python
# install the pidl modules
-bld.INSTALL_FILES(bld.env.PERL_VENDORLIB_DIR,
+bld.INSTALL_FILES(bld.env.PERL_LIB_INSTALL_DIR,
'''
Parse/Pidl.pm
Parse/Pidl/Samba4.pm
@@ -32,6 +32,6 @@ bld.INSTALL_FILES(bld.env.PERL_VENDORLIB_DIR,
flat=False)
if not bld.CONFIG_SET('USING_SYSTEM_PARSE_YAPP_DRIVER'):
- bld.INSTALL_FILES(bld.env.PERL_VENDORLIB_DIR,
+ bld.INSTALL_FILES(bld.env.PERL_LIB_INSTALL_DIR,
'Parse/Yapp/Driver.pm',
flat=False)
diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py
index f2c5685..79e4158 100644
--- a/python/samba/tests/dns.py
+++ b/python/samba/tests/dns.py
@@ -833,6 +833,35 @@ class TestInvalidQueries(DNSTest):
self.assertEquals(response.answers[0].rdata,
os.getenv('SERVER_IP'))
+ def test_one_a_reply(self):
+ "send a reply instead of a query"
+
+ p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
+ questions = []
+
+ name = "%s.%s" % ('fakefakefake', self.get_dns_domain())
+ q = self.make_name_question(name, dns.DNS_QTYPE_A, dns.DNS_QCLASS_IN)
+ print "asking for ", q.name
+ questions.append(q)
+
+ self.finish_name_packet(p, questions)
+ p.operation |= dns.DNS_FLAG_REPLY
+ s = None
+ try:
+ send_packet = ndr.ndr_pack(p)
+ s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
+ host=os.getenv('SERVER_IP')
+ s.connect((host, 53))
+ tcp_packet = struct.pack('!H', len(send_packet))
+ tcp_packet += send_packet
+ s.send(tcp_packet, 0)
+ recv_packet = s.recv(0xffff + 2, 0)
+ self.assertEquals(0, len(recv_packet))
+ finally:
+ if s is not None:
+ s.close()
+
+
if __name__ == "__main__":
import unittest
unittest.main()
diff --git a/script/autobuild.py b/script/autobuild.py
index cb822ff..76e777c 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -232,7 +232,9 @@ class builder(object):
self.cmd = self.cmd.replace("${PYTHON_PREFIX}", get_python_lib(standard_lib=1, prefix=self.prefix))
self.cmd = self.cmd.replace("${PREFIX}", "--prefix=%s" % self.prefix)
self.cmd = self.cmd.replace("${PREFIX_DIR}", "%s" % self.prefix)
- self.cmd = self.cmd.replace("${PERL_VENDOR_LIB}", "--with-perl-vendorlib=%s/share/perl5" % self.prefix)
+ perl_vendor_lib = "--with-perl-arch-install-dir=%s/share/perl5 " % self.prefix
+ perl_vendor_lib += "--with-perl-lib-install-dir=%s/lib/perl5" % self.prefix
+ self.cmd = self.cmd.replace("${PERL_VENDOR_LIB}", perl_vendor_lib)
# if self.output_mime_type == "text/x-subunit":
# self.cmd += " | %s --immediate" % (os.path.join(os.path.dirname(__file__), "selftest/format-subunit"))
print '%s: [%s] Running %s' % (self.name, self.stage, self.cmd)
diff --git a/source3/lib/interface.c b/source3/lib/interface.c
index 39dc9cb..3edeae5 100644
--- a/source3/lib/interface.c
+++ b/source3/lib/interface.c
@@ -503,10 +503,10 @@ void load_interfaces(void)
total_probed = get_interfaces(talloc_tos(), &ifaces);
if (total_probed > 0) {
- probed_ifaces = (struct iface_struct *)memdup(ifaces,
+ probed_ifaces = (struct iface_struct *)smb_memdup(ifaces,
sizeof(ifaces[0])*total_probed);
if (!probed_ifaces) {
- DEBUG(0,("ERROR: memdup failed\n"));
+ DEBUG(0,("ERROR: smb_memdup failed\n"));
exit(1);
}
}
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index 5dd6d8d..7c6b8ee 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -353,7 +353,7 @@ static void smbldap_set_mod_internal(LDAPMod *** modlist, int modop, const char
mods[i]->mod_bvalues[j] = SMB_MALLOC_P(struct berval);
SMB_ASSERT(mods[i]->mod_bvalues[j] != NULL);
- mods[i]->mod_bvalues[j]->bv_val = (char *)memdup(blob->data, blob->length);
+ mods[i]->mod_bvalues[j]->bv_val = (char *)smb_memdup(blob->data, blob->length);
SMB_ASSERT(mods[i]->mod_bvalues[j]->bv_val != NULL);
mods[i]->mod_bvalues[j]->bv_len = blob->length;
diff --git a/source3/lib/util.c b/source3/lib/util.c
index d543c7f..7095da9 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1060,6 +1060,7 @@ void set_namearray(name_compare_entry **ppname_array, const char *namelist_in)
{
char *name_end;
char *namelist;
+ char *namelist_end;
char *nameptr;
int num_entries = 0;
int i;
@@ -1076,12 +1077,14 @@ void set_namearray(name_compare_entry **ppname_array, const char *namelist_in)
}
nameptr = namelist;
+ namelist_end = &namelist[strlen(namelist)];
+
/* We need to make two passes over the string. The
first to count the number of elements, the second
to split it.
*/
- while(*nameptr) {
+ while(nameptr <= namelist_end) {
if ( *nameptr == '/' ) {
/* cope with multiple (useless) /s) */
nameptr++;
@@ -1093,11 +1096,13 @@ void set_namearray(name_compare_entry **ppname_array, const char *namelist_in)
/* find the next '/' or consume remaining */
name_end = strchr_m(nameptr, '/');
- if (name_end == NULL)
- name_end = (char *)nameptr + strlen(nameptr);
-
- /* next segment please */
- nameptr = name_end + 1;
+ if (name_end == NULL) {
+ /* Point nameptr at the terminating '\0' */
+ nameptr += strlen(nameptr);
+ } else {
+ /* next segment please */
+ nameptr = name_end + 1;
+ }
num_entries++;
}
@@ -1115,7 +1120,7 @@ void set_namearray(name_compare_entry **ppname_array, const char *namelist_in)
/* Now copy out the names */
nameptr = namelist;
i = 0;
- while(*nameptr) {
+ while(nameptr <= namelist_end) {
if ( *nameptr == '/' ) {
/* cope with multiple (useless) /s) */
nameptr++;
@@ -1127,10 +1132,9 @@ void set_namearray(name_compare_entry **ppname_array, const char *namelist_in)
/* find the next '/' or consume remaining */
name_end = strchr_m(nameptr, '/');
- if (name_end)
+ if (name_end != NULL) {
*name_end = '\0';
- else
- name_end = nameptr + strlen(nameptr);
+ }
(*ppname_array)[i].is_wild = ms_has_wild(nameptr);
if(((*ppname_array)[i].name = SMB_STRDUP(nameptr)) == NULL) {
@@ -1139,8 +1143,13 @@ void set_namearray(name_compare_entry **ppname_array, const char *namelist_in)
return;
}
- /* next segment please */
- nameptr = name_end + 1;
+ if (name_end == NULL) {
+ /* Point nameptr at the terminating '\0' */
+ nameptr += strlen(nameptr);
+ } else {
+ /* next segment please */
+ nameptr = name_end + 1;
+ }
i++;
}
diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c
index 7c185ef..40d5f67 100644
--- a/source3/libsmb/clirap.c
+++ b/source3/libsmb/clirap.c
@@ -67,14 +67,14 @@ bool cli_api(struct cli_state *cli,
* talloc
*/
- *rparam = (char *)memdup(my_rparam, num_my_rparam);
+ *rparam = (char *)smb_memdup(my_rparam, num_my_rparam);
if (*rparam == NULL) {
goto fail;
}
*rprcnt = num_my_rparam;
TALLOC_FREE(my_rparam);
- *rdata = (char *)memdup(my_rdata, num_my_rdata);
+ *rdata = (char *)smb_memdup(my_rdata, num_my_rdata);
if (*rdata == NULL) {
goto fail;
}
diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c
index 43abb98..1a912c7 100644
--
Samba Shared Repository
More information about the samba-cvs
mailing list