[SCM] Samba Shared Repository - branch v4-7-test updated

Stefan Metzmacher metze at samba.org
Wed Jul 12 14:36:04 UTC 2017


The branch, v4-7-test has been updated
       via  3d9dddb VERSION: Bump version up to 4.6.0rc3...
       via  27d4dfb VERSION: Disable GIT_SNAPSHOTS for the 4.7.0rc2 release
       via  95a3381 WHATSNEW: Add release notes for Samba 4.7.0rc2
       via  4e809d0 CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
      from  766c59d VERSION: Bump version up to 4.7.0rc2...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -----------------------------------------------------------------
commit 3d9dddbbc5bab2958a041c496ae0d08a8e370c07
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jul 12 12:04:45 2017 +0200

    VERSION: Bump version up to 4.6.0rc3...
    
    and re-enable git snapshots.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(v4-7-test): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(v4-7-test): Wed Jul 12 16:35:11 CEST 2017 on sn-devel-144

commit 27d4dfbbbeca0a47cf18508555cac38f02737301
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jul 12 12:03:28 2017 +0200

    VERSION: Disable GIT_SNAPSHOTS for the 4.7.0rc2 release
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>

commit 95a33818676bee5fc7cc41f5ba0f3d42e212b401
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Jul 12 11:58:15 2017 +0200

    WHATSNEW: Add release notes for Samba 4.7.0rc2
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>

commit 4e809d074146a7d65922060f0ba978d89f34e971
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date:   Wed Apr 12 15:40:42 2017 -0400

    CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
    
    In _krb5_extract_ticket() the KDC-REP service name must be obtained from
    encrypted version stored in 'enc_part' instead of the unencrypted version
    stored in 'ticket'.  Use of the unecrypted version provides an
    opportunity for successful server impersonation and other attacks.
    
    Identified by Jeffrey Altman, Viktor Duchovni and Nico Williams.
    
    Change-Id: I45ef61e8a46e0f6588d64b5bd572a24c7432547c
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12894
    (based on heimdal commit 6dd3eb836bbb80a00ffced4ad57077a1cdf227ea)
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 VERSION                           | 2 +-
 WHATSNEW.txt                      | 9 ++++++++-
 source4/heimdal/lib/krb5/ticket.c | 4 ++--
 3 files changed, 11 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 46eea4a..bf2f52f 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
 # e.g. SAMBA_VERSION_RC_RELEASE=1                      #
 #  ->  "3.0.0rc1"                                      #
 ########################################################
-SAMBA_VERSION_RC_RELEASE=2
+SAMBA_VERSION_RC_RELEASE=3
 
 ########################################################
 # To mark SVN snapshots this should be set to 'yes'    #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8ef5428..73daedf 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
 Release Announcements
 =====================
 
-This is the first release candidate of Samba 4.7.  This is *not*
+This is the second release candidate of Samba 4.7.  This is *not*
 intended for production environments and is designed for testing
 purposes only.  Please report any defects via the Samba bug reporting
 system at https://bugzilla.samba.org/.
@@ -283,6 +283,13 @@ KNOWN ISSUES
 https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.7#Release_blocking_bugs
 
 
+CHANGES SINCE 4.7.0rc1
+======================
+
+o  Jeffrey Altman <jaltman at secure-endpoints.com>
+   * BUG 12894: CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
+
+
 #######################################
 Reporting bugs & Development Discussion
 #######################################
diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c
index 064bbfb..5a317c7 100644
--- a/source4/heimdal/lib/krb5/ticket.c
+++ b/source4/heimdal/lib/krb5/ticket.c
@@ -641,8 +641,8 @@ _krb5_extract_ticket(krb5_context context,
     /* check server referral and save principal */
     ret = _krb5_principalname2krb5_principal (context,
 					      &tmp_principal,
-					      rep->kdc_rep.ticket.sname,
-					      rep->kdc_rep.ticket.realm);
+					      rep->enc_part.sname,
+					      rep->enc_part.srealm);
     if (ret)
 	goto out;
     if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){


-- 
Samba Shared Repository



More information about the samba-cvs mailing list