update 4.13.8 (2021-04-29) to 4.13.9 (2021-05-11)
release notes: https://www.samba.org/samba/history/samba-4.13.9.html
This is the latest stable release of the Samba 4.13 release series.
Changes since 4.13.8
--------------------
o Jeremy Allison <jra@samba.org>
* BUG 14696: s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success.
o Andrew Bartlett <abartlet@samba.org>
* BUG 14689: Add documentation for dsdb_group_audit and dsdb_group_json_audit
to "log level", synchronise "log level" in smb.conf with the code.
o Ralph Boehme <slow@samba.org>
* BUG 14672: Fix smbd panic when two clients open same file.
* BUG 14675: Fix memory leak in the RPC server.
* BUG 14679: s3: smbd: Fix deferred renames.
o Samuel Cabrero <scabrero@samba.org>
* BUG 14675: s3-iremotewinspool: Set the per-request memory context.
o Volker Lendecke <vl@samba.org>
* BUG 14675: rpc_server3: Fix a memleak for internal pipes.
o Stefan Metzmacher <metze@samba.org>
* BUG 11899: third_party: Update socket_wrapper to version 1.3.2.
* BUG 14640: third_party: Update socket_wrapper to version 1.3.3.
o Christof Schmitt <cs@samba.org>
* BUG 14663: idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
conflict.
o Martin Schwenke <martin@meltin.net
* BUG 14288: Fix the build on OmniOS.
update 4.1.7 (2021-03-24) to 4.18.8 (2021-04-29)
release notes: https://www.samba.org/samba/history/samba-4.13.8.html
==
This is a security release in order to address the following defect:
o CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries
in the Samba file server process token.
=======
Details
=======
o CVE-2021-20254:
The Samba smbd file server must map Windows group identities (SIDs) into unix
group ids (gids). The code that performs this had a flaw that could allow it
to read data beyond the end of the array in the case where a negative cache
entry had been added to the mapping cache. This could cause the calling code
to return those values into the process token that stores the group
membership for a user.
Most commonly this flaw caused the calling code to crash, but an alert user
(Peter Eriksson, IT Department, Linköping University) found this flaw by
noticing an unprivileged user was able to delete a file within a network
share that they should have been disallowed access to.
Analysis of the code paths has not allowed us to discover a way for a
remote user to be able to trigger this flaw reproducibly or on demand,
but this CVE has been issued out of an abundance of caution.
Changes since 4.13.7
--------------------
o Volker Lendecke <vl@samba.org>
* BUG 14571: CVE-2021-20254: Fix buffer overrun in sids_to_unixids().
update 1.0.20200827 to 1.0.20210223
log: https://git.zx2c4.com/wireguard-tools/log/
announce: https://www.mail-archive.com/wireguard@lists.zx2c4.com/msg06037.html
--
A new version, v1.0.20210223, of wireguard-tools has been tagged in the git
repository, containing various required userspace utilities, such as the
wg(8) and wg-quick(8) commands and documentation.
== Changes ==
* wg-quick: android: do not free iterated pointer
* wg-quick: openbsd: no use for userspace support
* embeddable-wg-library: sync latest from netlink.h
* wincompat: recent mingw has inet_ntop/inet_pton
* wincompat: add resource and manifest and enable lto
* wincompat: do not elevate by default
* completion: add help and syncconf completions
* sticky-sockets: do not use SO_REUSEADDR
* man: LOG_LEVEL variables changed name
* ipc: do not use fscanf with trailing \n
* ipc: read trailing responses after set operation
This release contains commits from: Jason A. Donenfeld.
