Fixes
o CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify.
o CVE-2020-14323: Unprivileged user can crash winbind.
o CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily
crafted records.
Release notes:
https://www.samba.org/samba/history/samba-4.11.14.html (bugfix-only)
https://www.samba.org/samba/history/samba-4.11.15.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Version 4.11.11 fixed
o CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC
LDAP Server with ASQ, VLV and paged_results.
o CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume
excessive CPU
o CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with
paged_results and VLV.
o CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd.
Version 4.11.12 was a bugfix-only release.
Version 4.11.13 fixes CVE-2020-1472.
Release notes:
https://www.samba.org/samba/history/samba-4.11.11.htmlhttps://www.samba.org/samba/history/samba-4.11.12.htmlhttps://www.samba.org/samba/security/CVE-2020-1472.html
Rebased patches 0001 & 0002.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
host-python3 is a mandatory dependency since bump to version 4.10.0 and
5ddff307b4
because buildtools/bin/waf shebang is set to "/usr/bin/env python3"
Fixes:
- http://autobuild.buildroot.org/results/2634eb7824beb34f485cf40670f6959515f008ad
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes: https://www.samba.org/samba/history/samba-4.11.5.html
This is a security release in order to address the following defects:
CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
Directory not automatic.
CVE-2019-14907: Crash after failed character conversion at log level 3
or above.
CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD
DC.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Samba does not need python on the target for file server functionality.
It does need it for the Active Directory Domain Controller feature,
which is already configured in buildroot as optional and already depends
on python3 since commit 4485a75859.
An unnecessary target python greatly increases the size of the target
filesystem. A somewhat minimal configuration with a samba server shunk
from an 82 MB rootfs to 53 MB with this patch.
Signed-off-by: Trent Piepho <trent.piepho@synapse.com>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Version 4.11.3 fixes
CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
management server (dnsserver).
CVE-2019-14870: DelegationNotAllowed not being enforced in protocol
transition on Samba AD DC.
Changelog:
https://www.samba.org/samba/history/samba-4.11.3.htmlhttps://www.samba.org/samba/history/samba-4.11.4.html
Removed patches applied upstream, rebased patch 0002.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This fixes the following warning from `make check-package`:
package/samba4/samba4.mk:34: line contains trailing whitespace
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
python3 is mandatory since version 4.11 and
63d20d7822
The only way to build samba4 without python3 is to disable python
bindings through --disable-python option
Fixes:
- http://autobuild.buildroot.org/results/c4bb3d41fa07e38f0360a563bdcb4a368740cfe5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Added patches from upstream bug tracker to fix cross-compile problems,
removed patches applied upstream and rebase remaining patches.
The dependency to gnutls is now mandatory:
https://blog.cryptomilk.org/2019/10/02/samba-and-gnutls/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This is a security release in order to address the following defects:
o CVE-2019-10218: Client code can return filenames containing path
separators.
o CVE-2019-14833: Samba AD DC check password script does not receive
the full password.
o CVE-2019-14847: User with "get changes" permission can crash AD DC
LDAP server via dirsync.
Release notes: https://www.samba.org/samba/history/samba-4.10.10.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Release notes: https://www.samba.org/samba/history/samba-4.10.8.html
Fixes CVE-2019-10197
Combination of parameters and permissions can allow user
to escape from the share path definition.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since version 4.10.0 the waf build system does not correctly take the values
from the cross answers file when configuring for the target machine,
resulting in wrong values, e.g.:
```
Checking for rpath library support : not found
```
Looking into sambas config.log shows that the check for rpath library
support aborts because of in internal exception.
The result is that the shared library libsmbclient.so does not have a
correct rpath section in its ELF header:
```
Library rpath: [/usr/lib]
```
This is incorrect, as libsmbclient links to secondary libraries located
in /usr/lib/samba.
When linking mpd (with libsmbclient feature enabled) against
libsmbclient, the linker does not find the secondary libraries for
libsmbclient and fails with:
```
/usr/lfs/v0/rc-buildroot-test/scripts/instance-2/output/host/opt/ext-toolchain/bin/../lib/gcc/powerpc64le-buildroot-linux-gnu/7.4.0/../../../../powerpc64le-buildroot-linux-gnu/bin/ld: warning: libcli-ldap-common-samba4.so, needed by /usr/lfs/v0/rc-buildroot-test/scripts/instance-2/output/host/usr/bin/../powerpc64le-buildroot-linux-gnu/sysroot/usr/lib/libsmbclient.so, not found (try using -rpath or -rpath-link)
[skip]
/usr/lfs/v0/rc-buildroot-test/scripts/instance-2/output/host/opt/ext-toolchain/bin/../lib/gcc/powerpc64le-buildroot-linux-gnu/7.4.0/../../../../powerpc64le-buildroot-linux-gnu/bin/ld: /usr/lfs/v0/rc-buildroot-test/scripts/instance-2/output/host/usr/bin/../powerpc64le-buildroot-linux-gnu/sysroot/usr/lib/libsamdb.so.0: undefined reference to `sec_privilege_id'
[skip]
```
The bug has been reported upstream [1]. Setting `WAF_NO_PREFORK=1` fixes
the internal exception by disabling the usage of pre-forked processes
which somehow fails in cross-compiling environment.
Now, the configuration takes the correct values from the cross answers file:
```
Checking for rpath library support : yes
```
And leads to a correct rpath entry in the ELF header:
```
Library rpath: [/usr/lib/samba:/usr/lib]
```
And fixes the build of with libsmbclient feature enabled.
Fixes:
http://autobuild.buildroot.net/results/1678a6c5e5c9ee44b7a90d059d95c5d385d75132/http://autobuild.buildroot.net/results/ba11b09c0d99b005c71ddd4db7fa4caa5e68af9c/
[1] https://bugzilla.samba.org/show_bug.cgi?id=13846
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes: https://www.samba.org/samba/history/samba-4.10.6.html
Updated and rebased patch 0002, added various cross-compile patches.
Added python3 support:
https://www.samba.org/samba/history/samba-4.10.0.html
"Samba 4.10 still has support for Python 2, however, Python 3 will be
used by default, i.e. 'configure' & 'make' will execute using python3."
Renamed json configure option:
c98f997192
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop third patch which is not upstreamable and set XSLTPROC to false
instead to disable documentation
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch is not needed since version 4.9.0 and
859698d29b
which solved the issue by avoiding calling this function.
Also renumber the remaining patches.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Use system version of cmocka instead of the embedded one
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
CVE-2018-16860: The checksum validation in the S4U2Self handler in the
embedded Heimdal KDC did not first confirm that the checksum was keyed,
allowing replacement of the requested target (client) principal.
For more details, see the advisory:
https://www.samba.org/samba/security/CVE-2018-16860.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes: https://www.samba.org/samba/history/samba-4.9.5.html
Fixes CVE-2019-3824:
ldb: Out of bound read in ldb_wildcard_compare
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression
- CVE-2018-16853: Fix S4U2Self crash with MIT KDC build
- CVE-2018-16853: Do not segfault if client is not set
For more info, see the release notes:
https://www.samba.org/samba/history/samba-4.9.4.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: mention security impact, add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2018-14629:
All versions of Samba from 4.0.0 onwards are vulnerable to infinite
query recursion caused by CNAME loops. Any dns record can be added via
ldap by an unprivileged user using the ldbadd tool, so this is a
security issue.
- CVE-2018-16841:
When configured to accept smart-card authentication, Samba's KDC will call
talloc_free() twice on the same memory if the principal in a validly signed
certificate does not match the principal in the AS-REQ.
This is only possible after authentication with a trusted certificate.
talloc is robust against further corruption from a double-free with
talloc_free() and directly calls abort(), terminating the KDC process.
There is no further vulnerability associated with this issue, merely a
denial of service.
- CVE-2018-16851:
During the processing of an LDAP search before Samba's AD DC returns
the LDAP entries to the client, the entries are cached in a single
memory object with a maximum size of 256MB. When this size is
reached, the Samba process providing the LDAP service will follow the
NULL pointer, terminating the process.
There is no further vulnerability associated with this issue, merely a
denial of service.
- CVE-2018-16852:
During the processing of an DNS zone in the DNS management DCE/RPC server,
the internal DNS server or the Samba DLZ plugin for BIND9, if the
DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS
property is set, the server will follow a NULL pointer and terminate.
There is no further vulnerability associated with this issue, merely a
denial of service.
- CVE-2018-16853:
A user in a Samba AD domain can crash the KDC when Samba is built in the
non-default MIT Kerberos configuration.
With this advisory we clarify that the MIT Kerberos build of the Samba
AD DC is considered experimental. Therefore the Samba Team will not
issue security patches for this configuration.
- CVE-2018-16857:
AD DC Configurations watching for bad passwords (to restrict brute forcing
of passwords) in a window of more than 3 minutes may not watch for bad
passwords at all.
For more details, see the release notes:
https://www.samba.org/samba/history/samba-4.9.3.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since version 4.8.0 and
080d590de1,
the systemd files (nmd.service, ...) are not available in packaging/systemd
Indeed, they are built in bin/default/packaging/systemd
So use the new --systemd-install-services configure option to install
these files
Fixes:
- http://autobuild.buildroot.org/results/a09a065c523931c1892e81a99c57521fbe095d8b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes: https://www.samba.org/samba/history/samba-4.9.0.html
Added optional dependency to libarchive to fix configure error:
Checking for libarchive existence
Checking for header archive.h : no
/home/buildroot/br5/output/build/samba4-4.9.0/source3/wscript:225:
error: libarchive support not found. Try installing libarchive-dev or
libarchive-devel. Otherwise, use --without-libarchive to build without
libarchive support. libarchive support is required for the smbclient
tar-file mode
Disabled gpgme support to fix configure error:
Checking for program gpgme-config : not found
Checking for library gpgme : not found
Checking for gpgme_new : not found
/home/buildroot/br5/output/build/samba4-4.9.0/source4/dsdb/samdb/ldb_modules/wscript:40:
error: GPGME support not found. Try installing libgpgme11-dev or
gpgme-devel and python-gpgme. Otherwise, use --without-gpgme to build
without GPGME support or --without-ad-dc to build without the Samba AD
DC. GPGME support is required for the GPG encrypted password sync
feature
Buildroot has no python-gpgme package atm so we disable this option
for now.
Disabled experimental LMDB LDB backend as well, this also needed an
addition to samba4-cache.txt.
AD DC support needs jansson, for details see release notes.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes: https://www.samba.org/samba/history/samba-4.8.4.html
Fixes
o CVE-2018-1139 (Weak authentication protocol allowed.)
o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.)
o CVE-2018-10858 (Insufficient input validation on client directory
listing in libsmbclient.)
o CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
server.)
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>