This is a security release in order to address the following defects:
o CVE-2019-10218: Client code can return filenames containing path
separators.
o CVE-2019-14833: Samba AD DC check password script does not receive
the full password.
o CVE-2019-14847: User with "get changes" permission can crash AD DC
LDAP server via dirsync.
Release notes: https://www.samba.org/samba/history/samba-4.10.10.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Release notes: https://www.samba.org/samba/history/samba-4.10.8.html
Fixes CVE-2019-10197
Combination of parameters and permissions can allow user
to escape from the share path definition.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since version 4.10.0 the waf build system does not correctly take the values
from the cross answers file when configuring for the target machine,
resulting in wrong values, e.g.:
```
Checking for rpath library support : not found
```
Looking into sambas config.log shows that the check for rpath library
support aborts because of in internal exception.
The result is that the shared library libsmbclient.so does not have a
correct rpath section in its ELF header:
```
Library rpath: [/usr/lib]
```
This is incorrect, as libsmbclient links to secondary libraries located
in /usr/lib/samba.
When linking mpd (with libsmbclient feature enabled) against
libsmbclient, the linker does not find the secondary libraries for
libsmbclient and fails with:
```
/usr/lfs/v0/rc-buildroot-test/scripts/instance-2/output/host/opt/ext-toolchain/bin/../lib/gcc/powerpc64le-buildroot-linux-gnu/7.4.0/../../../../powerpc64le-buildroot-linux-gnu/bin/ld: warning: libcli-ldap-common-samba4.so, needed by /usr/lfs/v0/rc-buildroot-test/scripts/instance-2/output/host/usr/bin/../powerpc64le-buildroot-linux-gnu/sysroot/usr/lib/libsmbclient.so, not found (try using -rpath or -rpath-link)
[skip]
/usr/lfs/v0/rc-buildroot-test/scripts/instance-2/output/host/opt/ext-toolchain/bin/../lib/gcc/powerpc64le-buildroot-linux-gnu/7.4.0/../../../../powerpc64le-buildroot-linux-gnu/bin/ld: /usr/lfs/v0/rc-buildroot-test/scripts/instance-2/output/host/usr/bin/../powerpc64le-buildroot-linux-gnu/sysroot/usr/lib/libsamdb.so.0: undefined reference to `sec_privilege_id'
[skip]
```
The bug has been reported upstream [1]. Setting `WAF_NO_PREFORK=1` fixes
the internal exception by disabling the usage of pre-forked processes
which somehow fails in cross-compiling environment.
Now, the configuration takes the correct values from the cross answers file:
```
Checking for rpath library support : yes
```
And leads to a correct rpath entry in the ELF header:
```
Library rpath: [/usr/lib/samba:/usr/lib]
```
And fixes the build of with libsmbclient feature enabled.
Fixes:
http://autobuild.buildroot.net/results/1678a6c5e5c9ee44b7a90d059d95c5d385d75132/http://autobuild.buildroot.net/results/ba11b09c0d99b005c71ddd4db7fa4caa5e68af9c/
[1] https://bugzilla.samba.org/show_bug.cgi?id=13846
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes: https://www.samba.org/samba/history/samba-4.10.6.html
Updated and rebased patch 0002, added various cross-compile patches.
Added python3 support:
https://www.samba.org/samba/history/samba-4.10.0.html
"Samba 4.10 still has support for Python 2, however, Python 3 will be
used by default, i.e. 'configure' & 'make' will execute using python3."
Renamed json configure option:
c98f997192
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop third patch which is not upstreamable and set XSLTPROC to false
instead to disable documentation
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch is not needed since version 4.9.0 and
859698d29b
which solved the issue by avoiding calling this function.
Also renumber the remaining patches.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Use system version of cmocka instead of the embedded one
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
CVE-2018-16860: The checksum validation in the S4U2Self handler in the
embedded Heimdal KDC did not first confirm that the checksum was keyed,
allowing replacement of the requested target (client) principal.
For more details, see the advisory:
https://www.samba.org/samba/security/CVE-2018-16860.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes: https://www.samba.org/samba/history/samba-4.9.5.html
Fixes CVE-2019-3824:
ldb: Out of bound read in ldb_wildcard_compare
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression
- CVE-2018-16853: Fix S4U2Self crash with MIT KDC build
- CVE-2018-16853: Do not segfault if client is not set
For more info, see the release notes:
https://www.samba.org/samba/history/samba-4.9.4.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: mention security impact, add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2018-14629:
All versions of Samba from 4.0.0 onwards are vulnerable to infinite
query recursion caused by CNAME loops. Any dns record can be added via
ldap by an unprivileged user using the ldbadd tool, so this is a
security issue.
- CVE-2018-16841:
When configured to accept smart-card authentication, Samba's KDC will call
talloc_free() twice on the same memory if the principal in a validly signed
certificate does not match the principal in the AS-REQ.
This is only possible after authentication with a trusted certificate.
talloc is robust against further corruption from a double-free with
talloc_free() and directly calls abort(), terminating the KDC process.
There is no further vulnerability associated with this issue, merely a
denial of service.
- CVE-2018-16851:
During the processing of an LDAP search before Samba's AD DC returns
the LDAP entries to the client, the entries are cached in a single
memory object with a maximum size of 256MB. When this size is
reached, the Samba process providing the LDAP service will follow the
NULL pointer, terminating the process.
There is no further vulnerability associated with this issue, merely a
denial of service.
- CVE-2018-16852:
During the processing of an DNS zone in the DNS management DCE/RPC server,
the internal DNS server or the Samba DLZ plugin for BIND9, if the
DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS
property is set, the server will follow a NULL pointer and terminate.
There is no further vulnerability associated with this issue, merely a
denial of service.
- CVE-2018-16853:
A user in a Samba AD domain can crash the KDC when Samba is built in the
non-default MIT Kerberos configuration.
With this advisory we clarify that the MIT Kerberos build of the Samba
AD DC is considered experimental. Therefore the Samba Team will not
issue security patches for this configuration.
- CVE-2018-16857:
AD DC Configurations watching for bad passwords (to restrict brute forcing
of passwords) in a window of more than 3 minutes may not watch for bad
passwords at all.
For more details, see the release notes:
https://www.samba.org/samba/history/samba-4.9.3.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since version 4.8.0 and
080d590de1,
the systemd files (nmd.service, ...) are not available in packaging/systemd
Indeed, they are built in bin/default/packaging/systemd
So use the new --systemd-install-services configure option to install
these files
Fixes:
- http://autobuild.buildroot.org/results/a09a065c523931c1892e81a99c57521fbe095d8b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes: https://www.samba.org/samba/history/samba-4.9.0.html
Added optional dependency to libarchive to fix configure error:
Checking for libarchive existence
Checking for header archive.h : no
/home/buildroot/br5/output/build/samba4-4.9.0/source3/wscript:225:
error: libarchive support not found. Try installing libarchive-dev or
libarchive-devel. Otherwise, use --without-libarchive to build without
libarchive support. libarchive support is required for the smbclient
tar-file mode
Disabled gpgme support to fix configure error:
Checking for program gpgme-config : not found
Checking for library gpgme : not found
Checking for gpgme_new : not found
/home/buildroot/br5/output/build/samba4-4.9.0/source4/dsdb/samdb/ldb_modules/wscript:40:
error: GPGME support not found. Try installing libgpgme11-dev or
gpgme-devel and python-gpgme. Otherwise, use --without-gpgme to build
without GPGME support or --without-ad-dc to build without the Samba AD
DC. GPGME support is required for the GPG encrypted password sync
feature
Buildroot has no python-gpgme package atm so we disable this option
for now.
Disabled experimental LMDB LDB backend as well, this also needed an
addition to samba4-cache.txt.
AD DC support needs jansson, for details see release notes.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Release notes: https://www.samba.org/samba/history/samba-4.8.4.html
Fixes
o CVE-2018-1139 (Weak authentication protocol allowed.)
o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.)
o CVE-2018-10858 (Insufficient input validation on client directory
listing in libsmbclient.)
o CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
server.)
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit reformats
0002-patch-source3__libads__kerberos_keytab.c.patch as a Git-formatted
patch.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
CVE-2018-1050: Vulnerability to a denial of service attack when the RPC
spoolss service is configured to be run as an external daemon.
https://www.samba.org/samba/security/CVE-2018-1050.html
CVE-2018-1057: Authenticated users might change any other users'
passwords, including administrative users and privileged service
accounts (eg Domain Controllers).
https://www.samba.org/samba/security/CVE-2018-1057.html
Add clnt_create() test result to cache to fix cross configure breakage.
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This merges the next branch accumulated during the 2017.11 release
cycle back into the master branch.
A few conflicts had to be resolved:
- In the DEVELOPERS file, because Fabrice Fontaine was added as a
developer for libupnp in master, and for libupnp18 in
next. Resolution is simple: add him for both.
- linux/Config.in, because we updated the 4.13.x release used by
default in master, while we moved to 4.14 in next. Resolution: use
4.14.
- package/libupnp/libupnp.hash: a hash for the license file was added
in master, while the package was bumped into next. Resolution: keep
the hash for the license file, and keep the hash for the newest
version of libupnp.
- package/linux-headers/Config.in.host: default version of the kernel
headers for 4.13 was bumped to the latest 4.13.x in master, but was
changed to 4.14 in next. Resolution: use 4.14.
- package/samba4/: samba was bumped to 4.6.11 in master for security
reasons, but was bumped to 4.7.3 in next. Resolution: keep 4.7.3.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
If the Buildroot tree is read-only, then cache.txt is copied read-only into
the build directory, and the configuration step fails. Fix this in the
same way we do in other places, by opening permissions as we copy the file
using $(INSTALL).
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes the following security issues:
- CVE-2017-14746:
All versions of Samba from 4.0.0 onwards are vulnerable to a use after
free vulnerability, where a malicious SMB1 request can be used to
control the contents of heap memory via a deallocated heap pointer. It
is possible this may be used to compromise the SMB server.
- CVE-2017-15275:
All versions of Samba from 3.6.0 onwards are vulnerable to a heap
memory information leak, where server allocated heap memory may be
returned to the client without being cleared.
There is no known vulnerability associated with this error, but
uncleared heap memory may contain previously used data that may help
an attacker compromise the server via other methods. Uncleared heap
memory may potentially contain password hashes or other high-value
data.
For more details, see the release notes:
https://www.samba.org/samba/history/samba-4.6.11.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Quoting release notes
https://www.samba.org/samba/history/samba-4.6.10.html
"This is an additional bugfix release to address a possible data
corruption issue. Please update immediately! For details, please see
https://bugzilla.samba.org/show_bug.cgi?id=13130
Samba 4.6.0 and newer is affected by this issue."
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
samba4 picks up dbus as dependency if it was built before:
Checking for dbus : yes
Checking for header dbus/dbus.h : yes
Checking for library dbus-1 : yes
There is no configure option to control dbus support so we just make
sure dbus is built before samba4 to have reproducible builds.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
