=============================
Release Notes for Samba 4.6.8
September 20, 2017
=============================
This is a security release in order to address the following defects:
o CVE-2017-12150 (SMB1/2/3 connections may not require signing where they
should)
o CVE-2017-12151 (SMB3 connections don't keep encryption across DFS redirects)
o CVE-2017-12163 (Server memory information leak over SMB1)
=======
Details
=======
o CVE-2017-12150:
A man in the middle attack may hijack client connections.
o CVE-2017-12151:
A man in the middle attack can read and may alter confidential
documents transferred via a client connection, which are reached
via DFS redirect when the original connection used SMB3.
o CVE-2017-12163:
Client with write access to a share can cause server memory contents to be
written into a file or printer.
For more details and workarounds, please see the security advisories:
o https://www.samba.org/samba/security/CVE-2017-12150.html
o https://www.samba.org/samba/security/CVE-2017-12151.html
o https://www.samba.org/samba/security/CVE-2017-12163.html
Changes since 4.6.7:
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 12836: s3: smbd: Fix a read after free if a chained SMB1 call goes
async.
* BUG 13020: CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from
writing server memory to file.
o Ralph Boehme <slow@samba.org>
* BUG 12885: s3/smbd: Let non_widelink_open() chdir() to directories
directly.
o Stefan Metzmacher <metze@samba.org>
* BUG 12996: CVE-2017-12151: Keep required encryption across SMB3 dfs
redirects.
* BUG 12997: CVE-2017-12150: Some code path don't enforce smb signing
when they should.
Clean-up:
Removed double USE_LIBTOOL=yes.
Pass external CFLAGS and LDFLAGS.
Put PREFIX in patches, removing SUBST.
Do not override optimisation with OPT=-O2.
Changes in version 0.3.0.11 - 2017-09-18
Tor 0.3.0.11 backports a collection of bugfixes from Tor the 0.3.1
series.
Most significantly, it includes a fix for TROVE-2017-008, a
security bug that affects hidden services running with the
SafeLogging option disabled. For more information, see
https://trac.torproject.org/projects/tor/ticket/23490
o Minor features (code style, backport from 0.3.1.7):
- Add "Falls through" comments to our codebase, in order to silence
GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
Stieger. Closes ticket 22446.
o Minor features:
- Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
Country database.
o Minor bugfixes (compilation, backport from 0.3.1.7):
- Avoid compiler warnings in the unit tests for calling tor_sscanf()
with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
o Minor bugfixes (controller, backport from 0.3.1.7):
- Do not crash when receiving a HSPOST command with an empty body.
Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
- Do not crash when receiving a POSTDESCRIPTOR command with an empty
body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
o Minor bugfixes (file limits, osx, backport from 0.3.1.5-alpha):
- When setting the maximum number of connections allowed by the OS,
always allow some extra file descriptors for other files. Fixes
bug 22797; bugfix on 0.2.0.10-alpha.
o Minor bugfixes (logging, relay, backport from 0.3.1.6-rc):
- Remove a forgotten debugging message when an introduction point
successfully establishes a hidden service prop224 circuit with
a client.
- Change three other log_warn() for an introduction point to
protocol warnings, because they can be failure from the network
and are not relevant to the operator. Fixes bug 23078; bugfix on
0.3.0.1-alpha and 0.3.0.2-alpha.
ChangeLog:
- BUG/MINOR: peers: peer synchronization issue (with several peers sections).
- BUG/MINOR: lua: In error case, the safe mode is not removed
- BUG/MINOR: lua: executes the function destroying the Lua session in safe mode
- BUG/MAJOR: lua/socket: resources not detroyed when the socket is aborted
- BUG/MEDIUM: lua: bad memory access
- DOC: update CONTRIBUTING regarding optional parts and message format
- DOC: update the list of OpenSSL versions in the README
- MINOR: tools: add a portable timegm() alternative
- BUILD: lua: replace timegm() with my_timegm() to fix build on Solaris 10
- DOC: Updated 51Degrees git URL to point to a stable version.
- BUG/MINOR: http: Set the response error state in http_sync_res_state
- MINOR: http: Reorder/rewrite checks in http_resync_states
- MINOR: http: Switch requests/responses in TUNNEL mode only by checking txn flags
- BUG/MEDIUM: http: Switch HTTP responses in TUNNEL mode when body length is undefined
- BUG/MAJOR: http: Fix possible infinity loop in http_sync_(req|res)_state
- BUG/MINOR: lua: Fix Server.get_addr() port values
- BUG/MINOR: lua: Correctly use INET6_ADDRSTRLEN in Server.get_addr()
- BUG/MINOR: lua: always detach the tcp/http tasks before freeing them
- BUG/MINOR: lua: Fix bitwise logic for hlua_server_check_* functions.
Pkgsrc changes:
* Unbound now needs flex >= 2.6.4 to build, or at least 2.6.3 is a no-go,
so depend on the pkgsrc version which is already 2.6.4.
Upstream changes:
Features:
* unbound-control dump_infra prints port number for address if not 53.
* Fix#1344: RFC6761-reserved domains: test. and invalid.
* Fix#1349: allow suppression of pidfiles (from Daniel Kahn Gillmor).
With the -p option unbound does not create a pidfile.
* Added stats for queries that have been ratelimited by domain
recursion.
* Patch to show DNSCrypt status in help output, from Carsten
Strotmann.
* Fix#1407: Add ECS options check to unbound-checkconf.
* Fix#1415: [dnscrypt] shared secret cache, patch from
Manu Bretelle.
Bug Fixes:
* fixup of dnscrypt_cert_chacha test (from Manu Bretelle).
* First fix for zero b64 and hex text zone format in sldns.
* Better fixup of dnscrypt_cert_chacha test for different escapes.
* Fix that infra cache host hash does not change after reconfig.
* Fix python example0 return module wait instead of error for pass.
* enhancement for hardened-tls for DNS over TLS. Removed duplicated
security settings.
* Fix for unbound-checkconf, check ipsecmod-hook if ipsecmod is turned
on.
* Fix#1331: libunbound segfault in threaded mode when context is
deleted.
* Fix pythonmod link line option flag.
* Fix openssl 1.1.0 load of ssl error strings from ssl init.
* Fix 1332: Bump verbosity of failed chown'ing of the control socket.
* Redirect all localhost names to localhost address for RFC6761.
* Fix#1350: make cachedb backend configurable (from JINMEI Tatuya).
* Fix tests to use .tdir (from Manu Bretelle) instead of .tpkg.
* upgrade aclocal(pkg.m4 0.29.1), config.guess(2016-10-02),
config.sub(2016-09-05).
* annotate case statement fallthrough for gcc 7.1.1.
* flex output from flex 2.6.1.
* snprintf of thread number does not warn about truncated string.
* squelch TCP fast open error on FreeBSD when kernel has it disabled,
unless verbosity is high.
* remove warning from windows compile.
* Fix compile with libnettle
* Fix DSA configure switch (--disable dsa) for libnettle and libnss.
* Fix#1365: Add Ed25519 support using libnettle.
* Fix#1394: mix of serve-expired and response-ip could cause a crash.
* Remove unused iter_env member (ip6arpa_dname)
* Do not reset rrset.bogus stats when called using stats_noreset.
* Do not add rrset_bogus and query ratelimiting stats per thread, these
module stats are global.
* Fix#1397: Recursive DS lookups for AS112 zones names should recurse.
* Fix#1398: make cachedb secret configurable.
* Remove spaces from Makefile.
* Fix issue on macOX 10.10 where TCP fast open is detected but not
implemented causing TCP to fail. The fix allows fallback to regular
TCP in this case and is also more robust for cases where connectx()
fails for some reason.
* Fix#1402: squelch invalid argument error for fd_set_block on windows.
* Fix to reclaim tcp handler when it is closed due to dnscrypt buffer
allocation failure.
* Fix#1415: patch to free dnscrypt environment on reload.
* iana portlist update
* Small fixes for the shared secret cache patch.
* Fix WKS records on kvm autobuild host, with default protobyname
entries for udp and tcp.
* Fix#1414: fix segfault on parse failure and log_replies.
* zero qinfo in handle_request, this zeroes local_alias and also the
qname member.
* new keys and certs for dnscrypt tests.
* fixup WKS test on buildhost without servicebyname.
* updated contrib/fastrpz.patch to apply with configparser changes.
* Fix 1416: qname-minimisation breaks TLSA lookups with CNAMEs.
* Fix#1424: cachedb:testframe is not thread safe.
* Fix#1417: [dnscrypt] shared secret cache counters, and works when
dnscrypt is not enabled. And cache size configuration option.
* Fix#1418: [ip ratelimit] initialize slabhash using
ip-ratelimit-slabs.
* Recommend 1472 buffer size in unbound.conf
* Fix#1412: QNAME minimisation strict mode not honored
* Fix#1434: Fix windows openssl 1.1.0 linking.
* Add dns64 for client-subnet in unbound-checkconf.
4.6.7 (2017/08/09): the latest stable release of the Samba 4.6 release series.
Changes since 4.6.6
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 12836: s3: smbd: Fix a read after free if a chained SMB1 call goes async.
o Andrew Bartlett <abartlet@samba.org>
* BUG 11392: s4-cldap/netlogon: Match Windows 2012R2 and return
NETLOGON_NT_VERSION_5 when version unspecified.
o Ralph Boehme <slow@samba.org>
* BUG 12885: s3/smbd: Let non_widelink_open() chdir() to directories directly.
* BUG 12910: s3/notifyd: Ensure notifyd doesn't return from
smbd_notifyd_init.
o Günther Deschner <gd@samba.org>
* BUG 12840: vfs_fruit: Add fruit:model = <modelname> parametric option.
o David Disseldorp <ddiss@samba.org>
* BUG 12911: vfs_ceph: Fix cephwrap_chdir().
o Dustin L. Howett
* BUG 12720: idmap_ad: Retry query_user exactly once if we get
TLDAP_SERVER_DOWN.
o Thomas Jarosch <thomas.jarosch@intra2net.com>
* BUG 12927: s3: libsmb: Fix use-after-free when accessing pointer *p.
o Volker Lendecke <vl@samba.org>
* BUG 12925: smbd: Fix a connection run-down race condition.
o Stefan Metzmacher <metze@samba.org>
* BUG 12782: winbindd changes the local password and gets
NT_STATUS_WRONG_PASSWORD for the remote change.
* BUG 12890: s3:smbd: consistently use talloc_tos() memory for
rpc_pipe_open_interface().
o Noel Power <noel.power@suse.com>
* BUG 12937: smbcacls: Don't fail against a directory on Windows using SMB2.
o Arvid Requate <requate@univention.de>
* BUG 11392: s4-dsdb/netlogon: Allow missing ntver in cldap ping.
o Garming Sam <garming@catalyst.net.nz>
* BUG 12813: dnsserver: Stop dns_name_equal doing OOB read.
o Andreas Schneider <asn@samba.org>
* BUG 12886: s3:client: The smbspool krb5 wrapper needs negotiate for
authentication.
o Martin Schwenke <martin@meltin.net>
* BUG 12898: ctdb-common: Set close-on-exec when creating PID file.
4.6.6 (2017/07/12): security release in order to address the following defect:
o CVE-2017-11103 (Orpheus' Lyre mutual authentication validation bypass)
Changes since 4.6.5:
---------------------
o Jeffrey Altman <jaltman@secure-endpoints.com>
* BUG 12894: CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
4.6.5 (2017/06/06): the latest stable release of the Samba 4.6 release series.
Changes since 4.6.4:
---------------------
o Jeremy Allison <jra@samba.org>
* BUG 12804: s3: VFS: Catia: Ensure path name is also converted.
o Christian Ambach <ambi@samba.org>
* BUG 12765: s3:smbcacls add prompt for password.
o Ralph Boehme <slow@samba.org>
* BUG 12562: vfs_acl_xattr|tdb: Ensure create mask is at least 0666 if
ignore_system_acls is set.
* BUG 12702: Wrong sid->uid mapping for SIDs residing in sIDHistory.
* BUG 12749: vfs_fruit: lp_case_sensitive() does not return a bool.
* BUG 12766: s3/smbd: Update exclusive oplock optimisation to the lease area.
* BUG 12798: s3/smbd: Fix exclusive lease optimisation.
o Alexander Bokovoy <ab@samba.org>
* BUG 12751: Allow passing trusted domain password as plain-text to PASSDB
layer.
* BUG 12764: systemd: Fix detection of libsystemd.
o Amitay Isaacs <amitay@gmail.com>
* BUG 12697: ctdb-readonly: Avoid a tight loop waiting for revoke to
complete.
* BUG 12770: ctdb-logging: Initialize DEBUGLEVEL before changing the value.
o Shilpa Krishnareddy <skrishnareddy@panzura.com>
* BUG 12756: notify: Fix ordering of events in notifyd.
o Volker Lendecke <vl@samba.org>
* BUG 12757: idmap_rfc2307: Lookup of more than two SIDs fails.
o Stefan Metzmacher <metze@samba.org>
* BUG 12767: samba-tool: Let 'samba-tool user syncpasswords' report deletions
immediately.
o Doug Nazar <nazard@nazar.ca>
* BUG 12760: s3: smbd: inotify_map_mask_to_filter incorrectly indexes an
array.
o Andreas Schneider <asn@samba.org>
* BUG 12687: vfs_expand_msdfs tries to open the remote address as a file
path.
o Martin Schwenke <martin@meltin.net>
* BUG 12802: 'ctdb nodestatus' incorrectly displays status for all nodes with
wrong exit code.
* BUG 12814: ctdb-common: Fix crash in logging initialisation.
1.5.0 2017/04/09
* fix attachments case
* chat.postMessage argument error only if both text and attachments are missing
* RealTime::Client has some information(self, team, channels, ...)
* @url was not, set rtm_start_response["url"] to @url to work properly
1.6.0 2017/07/12
* recognize multiple dot on endpoint
0.06 2016-09-11
Fix some failing tests.
0.05 2016-08-22
Fix strict mode. Thanks to whosgonna.
0.04 2013-09-09
Fix broken length handling. Thanks to Erik Østlyngen.
2.19 2017-05-11T13:02:47Z
commit aac1b06c1e3b0d73ca964794bab0c444d454ebcc
Author: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Date: Thu May 11 18:40:13 2017 +0900
don't run command when the port is empty
Test::TCP do hack on Windows for checking port used.
https://github.com/tokuhirom/Test-TCP/commit/0f4510d8
But this way always return 0 with succeeded with empty port. This is not
expected behavior. So this change fix to call check_port if the port is
not defined.
fixes#60
2.18 2017-04-24T06:00:25Z
- let the kernel select an empty port #59https://github.com/tokuhirom/Test-TCP/pull/59
(i110)
version 3.37 (2017-07-11)
[ENHANCEMENTS]
* Layer3::Juniper fixed to return os_ver for JUNOS 14.x and higher
version 3.36 (2017-06-28)
[ENHANCEMENTS]
* Migrate to Module::Build for distribution maintenance
version 3.35 (2017-06-28)
[ENHANCEMENTS]
* Include loading of LLDP-EXT-MED-MIB in LLDP.pm
[BUG FIXES]
* #180 support CiscoConfig on Nexus (sf.net:scratchfury)
* #50 remove interface specific part from vrf interfaces on IOS (W. Vandersmissen)
* #211 f5 class should respect UseEnums when faking i_type
version 3.34 (2016-11-20)
[ENHANCEMENTS]
* Support Cisco IPS Modules homed on the Cisco ASA (M. Kraus)
[BUG FIXES]
* Serial number on Nexus 9372 (genereic check for ID before using) (M. Caines)
1.11 Mon Sep 11 08:00:00 EDT 2017
- Updated to new module layout (lib/).
- Remove .cvsignore
- Added simple t\*.t tests.
- Makefile.PL: updated version dependencies
- Cisco.pm:
Added 'use warnings;'.
Added warnings() to fix RT 48904.
Added fhopen() to fix RT 19285.
Added POD for last_cmd.
Updated new() to fix RT 19260.
Updated _normalize() to fix RT 7796, 39882, 102753, 118170.
Changed check for '' instead of not defined for $en_level to catch
enable() success or failure.
Changed @out to $out[] in cmd() to fix RT 2592.
Changed prompt_append() to _prompt_append() [private].
Changed re_sans_delims() to _re_sans_delims() [private].
- test.pl: make Term::ReadKey conditional.
2.009 Aug 09 2017
- Several long awaited fixes
- Log when a child exits abnormally. RT #86815
- Added delete-child hook
- Add cleanup_dead_child_hook to PreFork server
- Removed stray warn
- Use File::Temp instead of POSIX::tmpnam
- UNIX read_until to allow for SSL under unix sockets
0.7 2017-08-26 Ben Bullock <bkb@cpan.org>
* Documentation rewrite
0.6 2017-08-25 Ben Bullock <bkb@cpan.org>
* Changed format of ChangeLog to follow CPAN::Changes::Spec,
which means it will be displayed nicely by MetaCPAN.
0.5 2017-08-24 Ben Bullock <bkb@cpan.org>
* Add licence information to POD documentation
0.4 2017-08-24 Ben Bullock <bkb@cpan.org>
* Add contributors and licence information
* Add documentation
* Remove RFCs from distro
0.3 2017-08-24 Ben Bullock <bkb@cpan.org>
* Add meta files to distribution
* in_network altered
* Documentation updates
Changes in 0.22
---------------
- RT 108273 remove PREREQ_FATAL
Changes in 0.21
---------------
- Fix bug relating to scopes and change required field. It's a temporary Fix
until something more permanent can be put into place; effectively, it just
forces the change-required field to match properly.
Changes in 0.20
---------------
- Add capability to get any number of fields starting with a specific string.
- Misc fixes and documentation amendments from Miniconf NYC.
Changes in 0.19
---------------
- Add 'scopes' capability to fields.
Changes in 0.18
---------------
- Bugfix Github issue #1 regarding expression concatenation.
- Bugfix Github issue #4 regarding perldoc parse problems in Net::Gnats.
- Fixed stubbed subroutines which caused test failures for Perl 5.10.1.
- Added additional tests and documentation for Net::Gnats::Command.
- Added additional tests and documentation for Net::Gnats::Command::ADMV.
- Removed dead code from Net::Gnats::Session.
- Bugfix Github issue #6 regarding wrong type returned for query() method.
- Added additional tests and documentation for Net::Gnats get_field_type.
Changes in 0.17
---------------
- Added ability to submit a PR from a PR object.
Changes in 0.16
---------------
- Set consistent versioning across all modules.
- Added 'strictures' to PREREQ_PM.
Changes in 0.15
---------------
- Completely reworked sessions and issuing commands.
- Comprehensive tests, removing all stubs.
- Known issue: attachments not managed
- Known issue: after submit of PR, new PR number not captured into the PR object.
0.90 2017-08-24
- Adding some Pagination helpers (warthog9)
0.89 2017-07-22
- rebuild
0.88 2017-07-22
- Add option to pass in OTP token (bentglasstube)
- Add support for review requests (waniji)
- Add two new methods for filter views of org members (grantm)
0.87 2017-05-23
- new GitHub GraphQL API
0.86 2016-12-03
- Add support for organization membership (alexm)
0.85 2016-09-01
- adding support for passing permission to add_team_repos #75 (allandrick, Leigh Hart)
0.84 2016-05-03
- fix json in upload_asset
- minor Doc fixes and CI (JJ)
0.38 2017/03/30 08:30:00
- Bug Id: 120802. PreserveTimestamp bugs with _mfmt() & _mdtm(). I pulled
the arguments off the stack in the wrong order. Corrected this.
- Added instructions on how to install this module in an alternate location
to the README file.
0.37 2017/03/27 08:30:00
- Found an issue with size() function when it gets the file size via "STAT".
Found a server where "STAT" returned the results in a different format.
- Removed duplicate setting of {help_cmds_no_syntax_available} key in _help().
- Bug Id: 120623. Missed the 2nd half of the ticket. When Croak=>1 is turned
on to not treat the failure of "SITE HELP" as a fatal error!
0.36 2017/03/20 08:30:00
- Updated the copyright & version number.
- Added additional module versions to the logs in BEGIN.
- Bug Id: 120341. Turns out the latest release of IO-Socket-SSL broke
this module. (v2.046 broken, v2.012 worked) Looks like the start_SSL()
call is removing my "_FTPSSL_arguments" hash entry.
- Bug Id: 120623. The OverrideHELP option had issues. Shouldn't have called
_feat() or _site_help() for =>1 or =>\@lst. So removed in _help()!
- Bug Id: 120621. Request for a new feature of allowing objects that inherit
from IO::Handle wherever it asks for a GLOB! put/get/DebugLogFile/etc ...
Implemented via new helper function _isa_glob(). Also updated POD.
- Updated README section on using client certificates.
- Updated t/20-certificate.t to use a callback & updated the %certificate
hash.
Revision history for Net-eBay
0.60 Added support for submitFindingRequest function to work with eBay finding API. In Progress
0.61 added submitPaginatedFindingRequest with obvious functionality (takes all work out of pagination).
--- 0.009 (2017-07-24)
+ Cleaner way to handle both arrays of strings and Net::DNS::Packet objects,
courtesy of NLNETLABS (Dick Franks) in RT 122542 - thanks!
+ Extend tests to cover non-mocked queries too
--- 0.008 (2017-07-21)
* Add Scalar::Util to deps
--- 0.007 (2017-07-19)
* Fix handling pre-prepared ::Packet objects passed to send()
+ Additional tests
--- 0.006 (2017-07-16)
* Don't demand 5.10, work on perl >= 5.6
* No taint mode flag in t/01-basic.t
* Avoid problems with our $VERSION = '...' on one line
All these courtesy of Dick Franks (rwfranks) - thanks!
--- 0.005 (2017-07-13)
* Remove debian/ subdir as per RT #108522
* Regenerate README via pod2readme
* Fix version number in changelog entry below - d'oh - and remove
use of deprecated qv()
* Import rcode list from Net::DNS - RT 96390
--- 0.004 (2017-07-13)
* BIGPRESH taking over maintainership of this seemingly orphaned but
very useful distribution. Plan to fix various RT tickets.
* Fix RT 109266 - avoid deprecated make_query_packet() call
Recog is a framework for identifying products, services, operating
systems, and hardware by matching fingerprints against data returned
from various network probes. Recog makes it simply to extract useful
information from web server banners, snmp system description fields,
and a whole lot more.
Changes 2.2.2:
- Sending empty messages no longer hangs. Instead an empty message is sent correctly.
- Fixed compatibility issues in UTF-8 encoding behavior between Py2/Py3
Core Server
- Process responsible for running the autoheal partition handling
strategy could run into a deadlock with its peers, preventing autoheal
from completing.
- Garbage collection of mirrored queue metrics on nodes that did not
host a master or mirror for a queue affected delivery and
acknowledgement rates. This could result in rates being 0 or negative
when they should not be.
- Stats emission could prevent queue mirrors from performing garbage
collection and consume memory even when they were empty.
- RABBITMQ_SCHEDULER_BIND_TYPE and RABBITMQ_DISTRIBUTION_BUFFER_SIZE now
can be set via rabbitmq-env.conf.
Shovel Management Plugin
- Passwords in source and destination URIs are now redacted out.
Federation Management Plugin
- Passwords in upstream URIs are now redacted out.
The full release of TigerVNC 1.8.0 is now available. Lots of changes
have been made since the last release, but the highlights are:
- Overhaul of the Java client to match the look and behaviour
of the native client
- Initial work for multi-threaded decoding in the Java client
- vncconfig no longer needed for clipboard with Xvnc/libvnc.so
- vncserver has system wide config support
- Reduced CPU usage in the native viewer on macOS
- macOS requirement raised to 10.6
- Full support for alpha cursors in Xvnc/libvnc.so and both viewers
