[SCM] Samba Shared Repository - annotated tag samba-4.4.1 created

Stefan Metzmacher metze at samba.org
Tue Apr 12 19:14:41 UTC 2016


The annotated tag, samba-4.4.1 has been created
        at  871b646dd46b692598911c511728027d9df377db (tag)
   tagging  c8180d1f65fe205e8847b08355622e8cec162a1d (commit)
  replaces  samba-4.4.0
 tagged by  Karolin Seeger
        on  Wed Mar 30 12:38:10 2016 +0200

- Log -----------------------------------------------------------------
samba: tag release samba-4.4.1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQBW+6ySbzORW2Vot+oRAhw4AKCGlG/HSGvt7MgEbS8pIQRvkcMXJwCePlo8
LwzMpUpcMXEy1OaO36XWvXc=
=GvKj
-----END PGP SIGNATURE-----

Christian Ambach (1):
      s4:torture/ntlmssp fix a compiler warning

G√ľnther Deschner (13):
      ntlmssp: add some missing defines from MS-NLMP to our IDL.
      ntlmssp: fix copy/paste typo in CHALLENGE_MESSAGE in IDL.
      ntlmssp: properly document version defines in IDL (from MS-NLMP).
      ntlmssp: when pulling messages it is important to clear memory first.
      s4-torture: fill in ntlmssp_NEGOTIATE_MESSAGE_check().
      s4-torture: activate testing of CHALLENGE and AUTHENTICATE ntlmssp messages.
      s4-torture: flesh out ntlmssp_CHALLENGE_MESSAGE_check().
      s4-torture: add ndr pullpush validation for NTLMSSP CHALLENGE and AUTHENTICATE messages.
      s4-torture: flesh out ntlmssp_AUTHENTICATE_MESSAGE_check().
      auth/ntlmssp: use ndr_push_AV_PAIR_LIST in gensec_ntlmssp_server_negotiate().
      s4-smb_server: check for return code of cli_credentials_set_machine_account().
      s3-auth: check for return code of cli_credentials_set_machine_account().
      CVE-2016-2111: s3:rpc_server/netlogon: always go through netr_creds_server_step_check()

Jeremy Allison (1):
      CVE-2015-5370: s3:rpc_server: ensure that the message ordering doesn't violate the spec

Karolin Seeger (1):
      VERSION: Bump version up to 4.0.1...

Ralph Boehme (8):
      CVE-2016-2114: libcli/smb: let mandatory signing imply allowed signing
      CVE-2016-2114: s3:smbd: enforce "server signing = mandatory"
      CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULT
      CVE-2016-2115: net: use SMB_SIGNING_IPC_DEFAULT
      CVE-2016-2115: s3:lib/netapi: use SMB_SIGNING_IPC_DEFAULT
      CVE-2016-2115: s3:auth_domain: use SMB_SIGNING_IPC_DEFAULT
      CVE-2016-2115: s3:libnet: use SMB_SIGNING_IPC_DEFAULT
      CVE-2016-2115: s3:libsmb: use SMB_SIGNING_IPC_DEFAULT and lp_client_ipc_{min,max}_protocol()

Stefan Metzmacher (298):
      lib/util_net: move ipv6 linklocal handling into interpret_string_addr_internal()
      lib/util_net: add support for .ipv6-literal.net
      s3:test_smbclient_auth.sh: test using the ip address in the unc path (incl. ipv6-literal.net)
      s3:selftest: run samba3.blackbox.smbclient_auth.plain also with $SERVER_IPV6
      epmapper.idl: make epm_twr_t available in python bindings
      dcerpc.idl: make WERROR RPC faults available in ndr_print output
      librpc/rpc: add error mappings for NO_CALL_ACTIVE, OUT_OF_RESOURCES and BAD_STUB_DATA
      s4:librpc/rpc: map alter context SEC_PKG_ERROR to NT_STATUS_LOGON_FAILURE
      s3:libads: remove unused ads_connect_gc()
      wscript_configure_system_mitkrb5: add configure checks for GSS_KRB5_CRED_NO_CI_FLAGS_X
      s3:librpc/gse: make use of GSS_C_EMPTY_BUFFER in gse_init_client
      s3:librpc/gse: fix debug message in gse_init_client()
      s3:librpc/gse: set GSS_KRB5_CRED_NO_CI_FLAGS_X in gse_init_client() if available
      s3:librpc/gse: correctly support GENSEC_FEATURE_SESSION_KEY
      s3:librpc/gse: don't log gss_acquire_creds failed at level 0
      s3:librpc/gse: implement gensec_gse_max_{input,wrapped}_size()
      s4:pygensec: make sig_size() and sign/check_packet() available
      auth/gensec: keep a pointer to a possible child/sub gensec_security context
      auth/gensec: handle gensec_security_by_sasl_name(NULL, ...)
      auth/gensec: make gensec_security_by_name() public
      s3:auth_generic: add auth_generic_client_start_by_name()
      s3:auth_generic: add auth_generic_client_start_by_sasl()
      auth/ntlmssp: keep ntlmssp_state->server.netbios_domain on the correct talloc context
      auth/ntlmssp: add gensec_ntlmssp_server_domain()
      s3:ntlm_auth: fix --use-cached-creds with ntlmssp-client-1
      s3:torture/test_ntlm_auth.py: replace tabs with whitespaces
      s3:torture/test_ntlm_auth.py: add --client-use-cached-creds option
      s3:tests/test_ntlm_auth_s3: test ntlmssp-client-1 with cached credentials
      winbindd: pass an memory context to do_ntlm_auth_with_stored_pw()
      s3:auth_generic: make use of the top level NTLMSSP client code
      s3:ntlmssp: remove unused libsmb/ntlmssp_wrap.c
      auth/ntlmssp: provide a "ntlmssp_resume_ccache" backend
      auth/gensec: add GENSEC_FEATURE_NTLM_CCACHE define
      auth/ntlmssp: implement GENSEC_FEATURE_NTLM_CCACHE
      s3:auth_generic: add "ntlmssp_resume_ccache" backend in auth_generic_client_prepare()
      winbindd: make use of ntlmssp_resume_ccache backend for WINBINDD_CCACHE_NTLMAUTH
      s3:ntlm_auth: also use gensec for "ntlmssp-client-1" and "gss-spnego-client"
      auth/ntlmssp: split out a debug_ntlmssp_flags_raw() that's more complete
      auth/ntlmssp: NTLMSSP_NEGOTIATE_VERSION is not a negotiated option
      auth/ntlmssp: define all client neg_flags in gensec_ntlmssp_client_start()
      auth/ntlmssp: set NTLMSSP_ANONYMOUS for anonymous authentication
      auth/ntlmssp: don't send domain and workstation in the NEGOTIATE_MESSAGE
      auth/ntlmssp: add ntlmssp_version_blob()
      auth/ntlmssp: let the client always include NTLMSSP_NEGOTIATE_VERSION
      auth/ntlmssp: use ntlmssp_version_blob() in the server
      security.idl: add LSAP_TOKEN_INFO_INTEGRITY
      ntlmssp.idl: MsAvRestrictions is MsvAvSingleHost now
      ntlmssp.idl: make AV_PAIR_LIST public
      librpc/ndr: add ndr_ntlmssp_find_av() helper function
      auth/gensec: add GENSEC_FEATURE_LDAP_STYLE define
      auth/ntlmssp: implement GENSEC_FEATURE_LDAP_STYLE
      auth/ntlmssp: add more compat for GENSEC_FEATURE_LDAP_STYLE
      auth/ntlmssp: remove ntlmssp_unwrap() fallback for LDAP
      s4:libcli/ldap: make use of GENSEC_FEATURE_LDAP_STYLE
      s4:libcli/ldap: fix retry authentication after a bad password
      s4:selftest: we don't need to run ldap test with --option=socket:testnonblock=true
      s4:selftest: simplify the loops over samba4.ldb.ldap
      s4:ldap_server: make use of GENSEC_FEATURE_LDAP_STYLE
      s3:libads: add missing TALLOC_FREE(frame) in error path
      s3:libads: make use of GENSEC_FEATURE_LDAP_STYLE
      s3:libads: make use of GENSEC_OID_SPNEGO in ads_sasl_spnego_ntlmssp_bind()
      s3:libads: provide a generic ads_sasl_spnego_gensec_bind() function
      s3:libads: don't pass given_principal to ads_generate_service_principal() anymore.
      s3:libads: keep service and hostname separately in ads_service_principal
      s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos
      s3:libsmb: make use gensec based SPNEGO/NTLMSSP
      s3:libsmb: unused ntlmssp.c
      s3:libsmb: let cli_session_setup_ntlmssp*() use gensec_update_send/recv()
      s3:libsmb: provide generic cli_session_setup_gensec_send/recv() pair
      s3:libsmb: call cli_state_remote_realm() within cli_session_setup_spnego_send()
      s3:libsmb: make use of cli_session_setup_gensec*() for Kerberos
      s3:libsmb: remove unused cli_session_setup_kerberos*() functions
      s3:libsmb: remove unused functions in clispnego.c
      s4:torture/rpc: do testjoin only via ncalrpc or ncacn_np
      s4:torture: the backupkey tests need to use ncacn_np: for LSA calls
      s4:selftest: run rpc.samr over ncacn_np instead of ncacn_ip_tcp
      s4:torture:samba3rpc: use an authenticated SMB connection and an anonymous DCERPC connection on top
      s4:librpc/rpc: dcerpc_generic_session_key() should only be available on local transports
      s4:rpc_server/samr: hide a possible NO_USER_SESSION_KEY error
      s4:rpc_server: dcesrv_generic_session_key should only work on local transports
      selftest: s!addc.samba.example.com!addom.samba.example.com!
      selftest: add some helper scripts to mange a CA
      selftest: add config and script to create a samba.example.com CA
      selftest: add CA-samba.example.com (non-binary) files
      selftest: mark commands in manage-CA-samba.example.com.sh as DONE
      selftest: add Samba::prepare_keyblobs() helper function
      selftest: use Samba::prepare_keyblobs() and use the certs from the new CA
      selftest: set tls crlfile if it exist
      selftest: setup information of new samba.example.com CA in the client environment
      s3:selftest: rpc.samr.passwords.validate should run with [seal] in order to be realistic
      s3:test_rpcclient_samlogon.sh: test samlogon with schannel
      s4:torture/netlogon: add/use test_SetupCredentialsPipe() helper function
      s4:torture/rpc/samr: use DCERPC_SEAL in setup_schannel_netlogon_pipe()
      s4:torture/rpc/samlogon: use DCERPC_SEAL for netr_LogonSamLogonEx and validation level 6
      s4:torture/rpc: correctly use torture_skip() for test_ManyGetDCName() without NCACN_NP
      s4:torture/rpc/schannel: don't use validation level 6 without privacy
      auth/gensec: make sure gensec_security_by_auth_type() returns NULL for AUTH_TYPE_NONE
      auth/gensec: split out a gensec_verify_dcerpc_auth_level() function
      s4:rpc_server: require access to the machine account credentials
      s4:selftest: run rpc.netlogon.admin also over ncalrpc and ncacn_ip_tcp
      s3:rpc_server/samr: correctly handle session_extract_session_key() failures
      s3:ntlm_auth: pass manage_squid_request() needs a valid struct ntlm_auth_state from within get_password()
      CVE-2016-2110: auth/ntlmssp: let ntlmssp_handle_neg_flags() return NTSTATUS
      CVE-2016-2110: auth/ntlmssp: maintain conf_flags and required_flags variables
      CVE-2016-2110: auth/ntlmssp: split allow_lm_response from allow_lm_key
      CVE-2016-2110: auth/ntlmssp: don't allow a downgrade from NTLMv2 to LM_AUTH
      CVE-2016-2110: auth/ntlmssp: don't let ntlmssp_handle_neg_flags() change ntlmssp_state->use_ntlmv2
      CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require flags depending on the requested features
      CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require NTLM2 (EXTENDED_SESSIONSECURITY) when using ntlmv2
      CVE-2016-2110: winbindd: add new_spnego to the WINBINDD_CCACHE_NTLMAUTH response
      CVE-2016-2110: libcli/auth: use enum spnego_negResult instead of uint8_t
      CVE-2016-2110: libcli/auth: add SPNEGO_REQUEST_MIC to enum spnego_negResult
      CVE-2016-2110: auth/gensec: fix the client side of a new_spnego exchange
      CVE-2016-2110: auth/gensec: fix the client side of a spnego downgrade
      CVE-2016-2110: auth/gensec: require spnego mechListMIC exchange for new_spnego backends
      CVE-2016-2110: auth/gensec: add gensec_may_reset_crypto() infrastructure
      CVE-2016-2110: auth/ntlmssp: call ntlmssp_sign_init if we provide GENSEC_FEATURE_SIGN
      CVE-2016-2110: auth/ntlmssp: implement gensec_ntlmssp_may_reset_crypto()
      CVE-2016-2110: auth/credentials: clear the LMv2 key for NTLMv2 in cli_credentials_get_ntlm_response()
      CVE-2016-2110: auth/credentials: pass server_timestamp to cli_credentials_get_ntlm_response()
      CVE-2016-2110: libcli/auth: pass server_timestamp to SMBNTLMv2encrypt_hash()
      CVE-2016-2110: ntlmssp.idl: add NTLMSSP_MIC_{OFFSET,SIZE}
      CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC checking (as server)
      CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC generation (as client)
      CVE-2016-2111: auth/gensec: require DCERPC_AUTH_LEVEL_INTEGRITY or higher in schannel_update()
      CVE-2016-2111: auth/gensec: correctly report GENSEC_FEATURE_{SIGN,SEAL} in schannel_have_feature()
      CVE-2016-2111: s4:rpc_server: implement 'server schannel = yes' restriction
      CVE-2016-2111: s4:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
      CVE-2016-2111: s3:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
      CVE-2016-2111: s4:torture/rpc: fix rpc.samba3.netlogon ntlmv2 test
      CVE-2016-2111: s4:torture/rpc: fix rpc.pac ntlmv2 test
      CVE-2016-2111: libcli/auth: add NTLMv2_RESPONSE_verify_netlogon_creds() helper function
      CVE-2016-2111: s4:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
      CVE-2016-2111: s3:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
      CVE-2016-2111: s4:torture/raw: don't use ntlmv2 for dos connection in raw.samba3badpath
      CVE-2016-2111: s4:torture/base: don't use ntlmv2 for dos connection in base.samba3error
      CVE-2016-2111: s4:libcli: don't allow the LANMAN2 session setup without "client lanman auth = yes"
      CVE-2016-2111: s4:param: use "client use spnego" to initialize options->use_spnego
      CVE-2016-2111: s4:libcli: don't send a raw NTLMv2 response when we want to use spnego
      CVE-2016-2111: s3:libsmb: don't send a raw NTLMv2 response when we want to use spnego
      CVE-2016-2111: docs-xml: document the new "client NTLMv2 auth" and "client use spnego" interaction
      CVE-2016-2111: docs-xml: add "raw NTLMv2 auth" defaulting to "yes"
      CVE-2016-2111: s3:auth: implement "raw NTLMv2 auth" checks
      CVE-2016-2111: s4:smb_server: implement "raw NTLMv2 auth" checks
      CVE-2016-2111: selftest:Samba3: use "raw NTLMv2 auth = yes" for nt4_dc
      CVE-2016-2111: docs-xml/smbdotconf: default "raw NTLMv2 auth" to "no"
      CVE-2016-2112: s3:libads: make sure we detect downgrade attacks
      CVE-2016-2112: s4:libcli/ldap: honour "client ldap sasl wrapping" option
      CVE-2016-2112: s4:libcli/ldap: make sure we detect downgrade attacks
      CVE-2016-2112: s4:libcli/ldap: auto upgrade to SIGN after STRONG_AUTH_REQUIRED
      CVE-2016-2112: s4:selftest: use --option=clientldapsaslwrapping=plain for plain connections
      CVE-2016-2112: s4:ldap_server: reduce scope of old_session_info variable
      CVE-2016-2112: docs-xml: add "ldap server require strong auth" option
      CVE-2016-2112: s4:ldap_server: implement "ldap server require strong auth" option
      CVE-2016-2112: s4:selftest: run samba4.ldap.bind against fl2008r2dc
      CVE-2016-2112: selftest: servers with explicit "ldap server require strong auth" options
      CVE-2016-2112: s4:selftest: run some ldap test against ad_dc_ntvfs, fl2008r2dc and fl2003dc
      CVE-2016-2112: docs-xml: change the default of "ldap server require strong auth" to "yes"
      CVE-2016-2113: s4:lib/tls: create better certificates and sign the host cert with the ca cert
      CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verification
      CVE-2016-2113: docs-xml: add "tls verify peer" option defaulting to "no_check"
      CVE-2016-2113: s4:selftest: explicitly use '--option="tlsverifypeer=no_check" for some ldaps tests
      CVE-2016-2113: s4:libcli/ldap: verify the server certificate and hostname if configured
      CVE-2016-2113: s4:librpc/rpc: verify the rpc_proxy certificate and hostname if configured
      CVE-2016-2113: selftest: test all "tls verify peer" combinations with ldaps
      CVE-2016-2113: selftest: use "tls verify peer = no_check"
      CVE-2016-2113: docs-xml: let "tls verify peer" default to "as_strict_as_possible"
      CVE-2016-2114: s4:smb2_server: fix session setup with required signing
      CVE-2016-2114: s3:smbd: use the correct default values for "smb signing"
      CVE-2016-2114: docs-xml: let the "smb signing" documentation reflect the reality
      CVE-2016-2115: docs-xml: add "client ipc min protocol" and "client ipc max protocol" options
      CVE-2016-2115: docs-xml: add "client ipc signing" option
      CVE-2016-2115: s4:libcli/raw: add smbcli_options.min_protocol
      CVE-2016-2115: s4:libcli/smb2: use the configured min_protocol
      CVE-2016-2115: s4:libcli/raw: limit maxprotocol to NT1 in smb_raw_negotiate*()
      CVE-2016-2115: s4:libcli/raw: pass the minprotocol to smb_raw_negotiate*()
      CVE-2016-2115: s4:librpc/rpc: make use of "client ipc *" options for ncacn_np
      CVE-2016-2115: s3:winbindd: use lp_client_ipc_{min,max}_protocol()
      CVE-2016-2115: s3:winbindd: use lp_client_ipc_signing()
      CVE-2016-2115: s3:libsmb: let SMB_SIGNING_IPC_DEFAULT use "client ipc min/max protocol"
      CVE-2016-2115: docs-xml: always default "client ipc signing" to "mandatory"
      CVE-2016-2118: s4:rpc_server: make it possible to define a min_auth_level on a presentation context
      CVE-2016-2118: s4:rpc_server/drsuapi: require DCERPC_AUTH_LEVEL_PRIVACY
      CVE-2016-2118: s4:rpc_server/backupkey: require DCERPC_AUTH_LEVEL_PRIVACY
      CVE-2016-2118: python:tests/dcerpc: use [sign] for dnsserver tests
      CVE-2016-2118: s4:rpc_server/dnsserver: require at least DCERPC_AUTH_LEVEL_INTEGRITY
      CVE-2016-2118: s3: rpcclient: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
      CVE-2016-2118: librpc: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
      CVE-2016-2118: s4:librpc: use integrity by default for authenticated binds
      CVE-2016-2118: docs-xml: add "allow dcerpc auth level connect" defaulting to "yes"
      CVE-2016-2118: s4:rpc_server: make use of "allow dcerpc auth level connect"
      CVE-2016-2118: s4:rpc_server/lsa: reject DCERPC_AUTH_LEVEL_CONNECT by default
      CVE-2016-2118: s4:rpc_server/samr: reject DCERPC_AUTH_LEVEL_CONNECT by default
      CVE-2016-2118: s4:rpc_server/netlogon: reject DCERPC_AUTH_LEVEL_CONNECT by default
      CVE-2016-2118: s4:rpc_server/epmapper: allow DCERPC_AUTH_LEVEL_CONNECT by default
      CVE-2016-2118: s4:rpc_server/mgmt: allow DCERPC_AUTH_LEVEL_CONNECT by default
      CVE-2016-2118: s4:rpc_server/rpcecho: allow DCERPC_AUTH_LEVEL_CONNECT by default
      CVE-2016-2118: s3:rpc_server: make use of "allow dcerpc auth level connect"
      CVE-2016-2118: s3:rpc_server/{samr,lsa,netlogon}: reject DCERPC_AUTH_LEVEL_CONNECT by default
      CVE-2016-2118: s3:rpc_server/{epmapper,echo}: allow DCERPC_AUTH_LEVEL_CONNECT by default
      CVE-2016-2118: docs-xml: default "allow dcerpc auth level connect" to "no"
      CVE-2016-2118: s4:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
      CVE-2016-2118: s3:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
      CVE-2015-5370: dcerpc.idl: add DCERPC_{NCACN_PAYLOAD,FRAG}_MAX_SIZE defines
      CVE-2015-5370: librpc/rpc: simplify and harden dcerpc_pull_auth_trailer()
      CVE-2015-5370: s3:librpc/rpc: don't call dcerpc_pull_auth_trailer() if auth_length is 0
      CVE-2015-5370: s4:librpc/rpc: send a dcerpc_sec_verification_trailer if needed
      CVE-2015-5370: s4:librpc/rpc: maintain dcecli_security->auth_{type,level,context_id}
      CVE-2015-5370: s4:librpc/rpc: use auth_context_id = 1
      CVE-2015-5370: s4:librpc/rpc: use a local auth_info variable in ncacn_push_request_sign()
      CVE-2015-5370: s4:librpc/rpc: avoid using hs->p->conn->security_state.auth_info in dcerpc_bh_auth_info()
      CVE-2015-5370: s4:librpc/rpc: avoid using c->security_state.auth_info in ncacn_pull_request_auth()
      CVE-2015-5370: s4:librpc/rpc: always use ncacn_pull_request_auth() for DCERPC_PKT_RESPONSE pdus
      CVE-2015-5370: s4:librpc/rpc: avoid dereferencing sec->auth_info in dcerpc_request_prepare_vt()
      CVE-2015-5370: s4:librpc/rpc: simplify checks if gensec is used in dcerpc_ship_next_request()
      CVE-2015-5370: s4:librpc/rpc: avoid using dcecli_security->auth_info and use per request values
      CVE-2015-5370: s4:librpc/rpc: finally verify the server uses the expected auth_{type,level,context_id} values
      CVE-2015-5370: librpc/rpc: add a dcerpc_verify_ncacn_packet_header() helper function
      CVE-2015-5370: s3:rpc_client: move AS/U hack to the top of cli_pipe_validate_current_pdu()
      CVE-2015-5370: s3:rpc_client: remove useless frag_length check in rpc_api_pipe_got_pdu()
      CVE-2015-5370: s4:librpc/rpc: make use of dcerpc_map_ack_reason() in dcerpc_bind_recv_handler()
      CVE-2015-5370: s4:librpc/rpc: handle DCERPC_PKT_FAULT before anything else in dcerpc_alter_context_recv_handler()
      CVE-2015-5370: s4:librpc/rpc: use dcerpc_verify_ncacn_packet_header() to verify BIND_ACK,ALTER_RESP,RESPONSE pdus
      CVE-2015-5370: s4:librpc/rpc: protect dcerpc_request_recv_data() against too large payloads
      CVE-2015-5370: s4:rpc_server: make use of talloc_zero()
      CVE-2015-5370: s4:rpc_server: no authentication is indicated by pkt->auth_length == 0
      CVE-2015-5370: s4:rpc_server: check the result of dcerpc_pull_auth_trailer() in dcesrv_auth_bind()
      CVE-2015-5370: s4:rpc_server: maintain dcesrv_auth->auth_{type,level,context_id}
      CVE-2015-5370: s4:rpc_server: make use of dce_call->conn->auth_state.auth_* in dcesrv_request()
      CVE-2015-5370: s4:rpc_server/lsa: make use of dce_call->conn->auth_state.auth_{level,type}
      CVE-2015-5370: s4:rpc_server/samr: make use of dce_call->conn->auth_state.auth_level
      CVE-2015-5370: s4:rpc_server/netlogon: make use of dce_call->conn->auth_state.auth_{level,type}
      CVE-2015-5370: s4:rpc_server: correctly maintain dcesrv_connection->max_{recv,xmit}_frag
      CVE-2015-5370: s4:rpc_server: avoid ZERO_STRUCT() in dcesrv_fault()
      CVE-2015-5370: s4:rpc_server: set alloc_hint = 24 in dcesrv_fault()
      CVE-2015-5370: s4:rpc_server: fill context_id in dcesrv_fault()
      CVE-2015-5370: s4:rpc_server: split out a dcesrv_fault_with_flags() helper function
      CVE-2015-5370: s4:rpc_server: add some padding to dcesrv_bind_nak() responses
      CVE-2015-5370: s4:rpc_server: return the correct secondary_address in dcesrv_bind()
      CVE-2015-5370: s4:rpc_server: make dcesrv_process_ncacn_packet() static
      CVE-2015-5370: s4:rpc_server: add infrastructure to terminate a connection after a response
      CVE-2015-5370: s4:rpc_server: verify the protocol headers before processing pdus
      CVE-2015-5370: s4:rpc_server: ensure that the message ordering doesn't violate the spec
      CVE-2015-5370: s4:rpc_server: maintain in and out struct dcerpc_auth per dcesrv_call_state
      CVE-2015-5370: s4:rpc_server: make sure alter_context and auth3 can't change auth_{type,level,context_id}
      CVE-2015-5370: s4:rpc_server: let invalid request fragments disconnect the connection with a protocol error
      CVE-2015-5370: s4:rpc_server: remove pointless dcesrv_find_context() from dcesrv_bind()
      CVE-2015-5370: s4:rpc_server: don't derefence an empty ctx_list array in dcesrv_alter()
      CVE-2015-5370: s4:rpc_server: changing an existing presentation context via alter_context is a protocol error
      CVE-2015-5370: s4:rpc_server: fix the order of error checking in dcesrv_alter()
      CVE-2015-5370: s4:rpc_server: failing authentication should generate a SEC_PKG_ERROR
      CVE-2015-5370: s4:rpc_server: let a failing auth3 mark the authentication as invalid
      CVE-2015-5370: s4:rpc_server: disconnect after a failing dcesrv_auth_request()
      CVE-2015-5370: s4:rpc_server: give the correct reject reasons for invalid auth_level values
      CVE-2015-5370: s4:rpc_server: check frag_length for requests
      CVE-2015-5370: s4:rpc_server: limit allocation and alloc_hint to 4 MByte
      CVE-2015-5370: s4:rpc_server: only allow one fragmented call_id at a time
      CVE-2015-5370: s4:rpc_server: the assoc_group is relative to the connection (association)
      CVE-2015-5370: s4:rpc_server: reject DCERPC_PFC_FLAG_PENDING_CANCEL with DCERPC_FAULT_NO_CALL_ACTIVE
      CVE-2015-5370: librpc/rpc: don't allow pkt->auth_length == 0 in dcerpc_pull_auth_trailer()
      CVE-2015-5370: s3:librpc/rpc: remove auth trailer and possible padding within dcerpc_check_auth()
      CVE-2015-5370: s3:librpc/rpc: let dcerpc_check_auth() auth_{type,level} against the expected values.
      CVE-2015-5370: s3:rpc_client: make use of dcerpc_pull_auth_trailer()
      CVE-2015-5370: s3:rpc_client: make use of dcerpc_verify_ncacn_packet_header() in cli_pipe_validate_current_pdu()
      CVE-2015-5370: s3:rpc_client: protect rpc_api_pipe_got_pdu() against too large payloads
      CVE-2015-5370: s3:rpc_client: verify auth_{type,level} in rpc_pipe_bind_step_one_done()
      CVE-2015-5370: s3:rpc_server: make use of dcerpc_pull_auth_trailer() in api_pipe_{bind_req,alter_context,bind_auth3}()
      CVE-2015-5370: s3:rpc_server: let a failing sec_verification_trailer mark the connection as broken
      CVE-2015-5370: s3:rpc_server: just call pipe_auth_generic_bind() in api_pipe_bind_req()
      CVE-2015-5370: s3:rpc_server: don't ignore failures of dcerpc_push_ncacn_packet()
      CVE-2015-5370: s3:rpc_server: don't allow auth3 if the authentication was already finished
      CVE-2015-5370: s3:rpc_server: let a failing auth3 mark the authentication as invalid
      CVE-2015-5370: s3:rpc_server: make sure auth_level isn't changed by alter_context or auth3
      CVE-2015-5370: s3:rpc_server: use 'alter' instead of 'bind' for variables in api_pipe_alter_context()
      CVE-2015-5370: s3:rpc_server: verify presentation context arrays
      CVE-2015-5370: s3:rpc_server: make use of dcerpc_verify_ncacn_packet_header() to verify incoming pdus
      CVE-2015-5370: s3:rpc_server: disconnect the connection after a fatal FAULT pdu
      CVE-2015-5370: s3:rpc_server: let a failing BIND mark the connection as broken
      CVE-2015-5370: s3:rpc_server: use DCERPC_NCA_S_PROTO_ERROR FAULTs for protocol errors
      CVE-2015-5370: s3:librpc/rpc: remove unused dcerpc_pull_dcerpc_auth()
      CVE-2015-5370: s3:rpc_server: check the transfer syntax in check_bind_req() first
      CVE-2015-5370: s3:rpc_server: don't allow an existing context to be changed in check_bind_req()
      CVE-2015-5370: s3:rpc_client: pass struct pipe_auth_data to create_rpc_{bind_auth3,alter_context}()
      CVE-2015-5370: s3:librpc/rpc: add auth_context_id to struct pipe_auth_data
      CVE-2015-5370: s3:rpc_client: make use of pipe_auth_data->auth_context_id
      CVE-2015-5370: s3:rpc_server: make use of pipe_auth_data->auth_context_id
      CVE-2015-5370: s3:librpc/rpc: make use of auth->auth_context_id in dcerpc_add_auth_footer()
      CVE-2015-5370: s3:librpc/rpc: verify auth_context_id in dcerpc_check_auth()
      CVE-2015-5370: s3:rpc_client: verify auth_context_id in rpc_pipe_bind_step_one_done()
      CVE-2015-5370: s3:rpc_server: verify auth_context_id in api_pipe_{bind_auth3,alter_context}
      CVE-2015-5370: libcli/smb: use a max timeout of 1 second in tstream_smbXcli_np_destructor()
      CVE-2015-5370: s3:rpc_client: disconnect connection on protocol errors
      CVE-2015-5370: s4:librpc/rpc: call dcerpc_connection_dead() on protocol errors
      CVE-2015-5370: python/samba/tests: add infrastructure to do raw protocol tests for DCERPC
      CVE-2015-5370: python/samba/tests: add some dcerpc raw_protocol tests
      CVE-2015-5370: s4:selftest: run samba.tests.dcerpc.raw_protocol against ad_dc
      WHATSNEW: Add release notes for Samba 4.4.1.
      VERSION: Disable git snapshots for the 4.4.1 release.

Volker Lendecke (3):
      spnego: Correctly check asn1_tag_remaining retval
      libsmb: Fix CID 1356312 Explicit null dereferenced
      libads: Fix CID 1356316 Uninitialized pointer read

-----------------------------------------------------------------------


-- 
Samba Shared Repository



More information about the samba-cvs mailing list