~sergiodj/ubuntu/+source/samba:samba-merge-4.13.2

Last commit made on 2020-11-25
Get this branch:
git clone -b samba-merge-4.13.2 https://git.launchpad.net/~sergiodj/ubuntu/+source/samba
Only Sergio Durigan Junior can upload to this branch. If you are Sergio Durigan Junior please log in for upload directions.

Branch merges

Branch information

Name:
samba-merge-4.13.2
Repository:
lp:~sergiodj/ubuntu/+source/samba

Recent commits

df2f89b... by Sergio Durigan Junior

update-maintainer

d6cde95... by Sergio Durigan Junior

reconstruct-changelog

344b958... by Sergio Durigan Junior

merge-changelogs

a0cfd9b... by Sergio Durigan Junior

    - SECURITY UPDATE: Missing handle permissions check in ChangeNotify
      + debian/patches/CVE-2020-14318-*.patch: ensure change notifies can't
        get set unless the directory handle is open for SEC_DIR_LIST in
        source4/torture/smb2/notify.c, source3/smbd/notify.c.
      + CVE-2020-14318
    - SECURITY UPDATE: Unprivileged user can crash winbind
      + debian/patches/CVE-2020-14323-*.patch: fix invalid lookupsids DoS in
        source3/winbindd/winbindd_lookupsids.c,
        source4/torture/winbind/struct_based.c.
      + CVE-2020-14323
    - SECURITY UPDATE: DNS server crash via invalid records
      - debian/patches/CVE-2020-14383-*.patch: ensure variable initialization
        with NULL and do not crash when additional data not found in
        source4/rpc_server/dnsserver/dcerpc_dnsserver.c.
      + CVE-2020-14383
    [ Incorporated by upstream. ]

92b8c05... by Sergio Durigan Junior

  * Dropped changes:
    - SECURITY UPDATE: Unauthenticated domain controller compromise by
      subverting Netlogon cryptography (ZeroLogon)
      + debian/patches/zerologon-*.patch: backport upstream patches:
        + For compatibility reasons, allow specifying an insecure netlogon
          configuration per machine. See the following link for examples:
          https://www.samba.org/samba/security/CVE-2020-1472.html
        + Add additional server checks for the protocol attack in the
          client-specified challenge to provide some protection when
          'server schannel = no/auto' and avoid the false-positive results
          when running the proof-of-concept exploit.
    [ Incorporated by upstream. ]

825d3f4... by Andreas Hasenack

  * d/t/{util, smbclient-share-access-uring, cifs-share-access-uring}:
    guard uring tests with a kernel version check and skip if it's too old

a74a92b... by Andreas Hasenack

  * Add new DEP8 tests for the uring vfs module:
    - d/t/control: add smbclient-share-access-uring and
      cifs-share-access-uring tests
    - d/t/smbclient-share-access-uring: new test
    - d/t/cifs-share-access-uring: new test

a0d9d08... by Andreas Hasenack

  * d/control: enable the liburing vfs module, except on i386 where
    liburing is not available

0aa88e1... by Andreas Hasenack

  * Factor out common DEP8 test code into d/t/util and change the tests
    to source from it:
    - d/t/util: added
    - d/t/cifs-share-access, d/t/smbclient-share-access: source from
      util, use random share name and add set -x and set -u
    - d/t/smbclient-authenticated-share-list: source from util and add
      set -x and set -u

e2593fd... by Andreas Hasenack

  * d/t/smbclient-anonymous-share-list: add set -x and set -e