[SCM] Samba Shared Repository - branch master updated

Andreas Schneider asn at samba.org
Mon Nov 4 14:20:02 UTC 2019 

The branch, master has been updated
       via  831796b2d7c gitlab-ci: Run 'samba' tests also with MIT Kerberos
       via  176d0f0364b libcli:smb: Do not use gnutls_aead_cipher_encryptv2() with GnuTLS 3.6.10
      from  03205663b3e CVE-2019-14847 dsdb: Correct behaviour of ranged_results when combined with dirsync

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 831796b2d7c1ee13d17238b5b4a2c3d56ab6eaaf
Author: Andreas Schneider <asn at samba.org>
Date:   Mon Nov 4 07:47:15 2019 +0100

    gitlab-ci: Run 'samba' tests also with MIT Kerberos
    
    This runs the tests of the ktest environment.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Alexander Bokovoy <ab at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Mon Nov  4 14:19:17 UTC 2019 on sn-devel-184

commit 176d0f0364bc1deb3c8df2f3bb928e01f89f216b
Author: Andreas Schneider <asn at samba.org>
Date:   Mon Nov 4 08:40:34 2019 +0100

    libcli:smb: Do not use gnutls_aead_cipher_encryptv2() with GnuTLS 3.6.10
    
    The gnutls_aead_cipher_encryptv2() implementation was released with a
    bug. This wont be fixed before 3.6.11.
    
    See https://gitlab.com/gnutls/gnutls/merge_requests/1085
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Alexander Bokovoy <ab at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 .gitlab-ci.yml            |  3 +++
 libcli/smb/smb2_signing.c |  8 ++++++--
 script/autobuild.py       | 52 +++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 61 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c3b99db9952..3d26c956fde 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -110,6 +110,9 @@ others:
 samba:
   extends: .shared_template
 
+samba-mitkrb5:
+  extends: .shared_template
+
 samba-none-env:
   extends: .shared_template
 
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index 166ab9d83ff..7561a7a858d 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -478,7 +478,9 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key,
 	       0,
 	       16 - iv_size);
 
-#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2
+/* gnutls_aead_cipher_encryptv2() has a bug in version 3.6.10 */
+#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) && \
+    GNUTLS_VERSION_NUMBER > 0x03060a
 	{
 		uint8_t tag[tag_size];
 		giovec_t auth_iov[1];
@@ -679,7 +681,9 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key,
 		}
 	}
 
-#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2
+/* gnutls_aead_cipher_encryptv2() has a bug in version 3.6.10 */
+#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) && \
+    GNUTLS_VERSION_NUMBER > 0x03060a
 	{
 		giovec_t auth_iov[1];
 
diff --git a/script/autobuild.py b/script/autobuild.py
index 14a8b218dae..adeea22a34d 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -122,6 +122,7 @@ cleanup_list = []
 builddirs = {
     "ctdb": "ctdb",
     "samba": ".",
+    "samba-mitkrb5": ".",
     "samba-nt4": ".",
     "samba-fileserver": ".",
     "samba-admem": ".",
@@ -267,6 +268,57 @@ tasks = {
         ("clean", "make clean"),
         ],
 
+    # We have 'test' before 'install' because, 'test' should work without 'install (runs all the other envs)'
+    "samba-mitkrb5": [
+        ("random-sleep", random_sleep(300, 900)),
+        ("configure", "./configure.developer --with-selftest-prefix=./bin/ab --with-system-mitkrb5 --with-experimental-mit-ad-dc" + samba_configure_params),
+        ("make", "make -j"),
+        ("test", make_test(exclude_envs=[
+            "none",
+            "nt4_dc",
+            "nt4_dc_schannel",
+            "nt4_member",
+            "ad_dc",
+            "ad_dc_backup",
+            "ad_dc_ntvfs",
+            "ad_dc_default",
+            "ad_dc_slowtests",
+            "ad_dc_no_nss",
+            "ad_dc_no_ntlm",
+            "fl2003dc",
+            "fl2008dc",
+            "fl2008r2dc",
+            "ad_member",
+            "ad_member_idmap_rid",
+            "ad_member_idmap_ad",
+            "ad_member_rfc2307",
+            "chgdcpass",
+            "vampire_2000_dc",
+            "fl2000dc",
+            "fileserver",
+            "maptoguest",
+            "simpleserver",
+            "backupfromdc",
+            "restoredc",
+            "renamedc",
+            "offlinebackupdc",
+            "labdc",
+            "preforkrestartdc",
+            "proclimitdc",
+            "promoted_dc",
+            "vampire_dc",
+            "rodc",
+            "ad_dc_default",
+            "ad_dc_slowtests",
+            "schema_pair_dc",
+            "schema_dc",
+            ])),
+        ("lcov", LCOV_CMD),
+        ("install", "make install"),
+        ("check-clean-tree", "script/clean-source-tree.sh"),
+        ("clean", "make clean"),
+        ],
+
     "samba-nt4": [
         ("random-sleep", random_sleep(300, 900)),
         ("configure", "./configure.developer --without-ads --with-selftest-prefix=./bin/ab" + samba_configure_params),


-- 
Samba Shared Repository

More information about the samba-cvs mailing list