The annotated tag, samba-4.17.12 has been created at 36405229bc9403e863e27adb989a1edbb73d1680 (tag) tagging 7ec207cd4146919e4ee88e5522647c169baf6922 (commit) replaces samba-4.17.11 tagged by Jule Anger on Tue Oct 10 10:45:44 2023 +0200
- Log ----------------------------------------------------------------- samba: tag release samba-4.17.12 -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmUlDzgACgkQqplEL7aA tiASJQ//WxiQUbGR6gEZ4JHJHyU+KcUZp9McUdbFDqsvug+jotMUDP+sGGqYVtCV KN0LfJdqgrElAR+7Q25nJcYs/ra++cdNGgo+DO7vgRQgOBqOcZtaRs4pw/0n32Is RKgZPB26jkChKJupUauUlr8Gyg9mLJjac3UO5nIJ+MnlFJ/vWjaJ/mWnISRP3oeH 7Kl4oPV3ZH22cmK1xA9Bpnwn1UaNfaPDsmZ0urXtzEJ/qWnTJQ2HQNb1jMwlMNJk PCovqT74DkW1zCzwpu2TU9wcnM3+iobH2+wVsAfZtBtz9fUEhAUohpEvEqpc2mNx Q0q2+0n3tugvdAD+nkFSXmuOWwBK+7VEPMmWH9ATq/WofPTgJa9nj77notMEwq4A mUQLpdISsY1rWGh6p+N+yBmOTY8Wv+rb+E9iD7sbUWnGTPPFUVGQyDTkdPJqYtPV vsSJkrbs4XwuDX06eR3ZuB398Zcc/V2ZxmwYIhnJ67LtihfecKEN70z6+d6YRbdF hjp6JvQGgoYFtIS/KaRtWqpU1ybrmsbS0kqZm+jk5uBAT7dpF/KBHf4TYCNnqEFv U4ZDUg9wKULQIvSrDC7pTxMe/NB1B4eHIJX/8/yhNplTVeN2jdTcIjUfTKQBDsBS Mu5dDwF2p2n9Xbyyx/O/p54GhJoj7AOvk9EQJDaL3VbMkEfCYnA= =eRgP -----END PGP SIGNATURE----- Andreas Schneider (1): CVE-2023-4154 s4:dsdb:tests: Fix code spelling Andrew Bartlett (13): CVE-2023-4154 dsdb: Remove remaining references to DC_MODE_RETURN_NONE and DC_MODE_RETURN_ALL CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force() CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential at the start CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever. CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive matches once CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE behaviour CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup Christian Merten (2): CVE-2023-4154 libcli security_descriptor: Add function to delete a given ace from a security descriptor CVE-2023-4154 librpc ndr/py_security: Export ACE deletion functions to python Jeremy Allison (3): CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit socket_dir. CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow bad pipenames with unix separators through to the UNIX domain socket code. CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames. Joseph Sutton (2): CVE-2023-4154 s4:dsdb:tests: Refactor confidential attributes test CVE-2023-4154 s4-dsdb: Remove DSDB_ACL_CHECKS_DIRSYNC_FLAG Jule Anger (3): VERSION: Bump version up to Samba 4.17.12... WHATSNEW: Add release notes for Samba 4.17.12. VERSION: Disable GIT_SNAPSHOT for the 4.17.12 release. Ralph Boehme (2): CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file CVE-2023-4091: smbd: use open_access_mask for access check in open_file() Stefan Metzmacher (7): CVE-2023-4154 python:sd_utils: introduce update_aces_in_dacl() helper CVE-2023-4154 python:sd_utils: add dacl_{prepend,append,delete}_aces() helpers CVE-2023-4154 py_security: allow idx argument to descriptor.[s|d]acl_add() CVE-2023-4154 python/samba/ndr: add ndr_deepcopy() helper CVE-2023-4154 replace: add ARRAY_INSERT_ELEMENT() helper CVE-2023-4154 libcli/security: prepare security_descriptor_acl_add() to place the ace at a position CVE-2023-4154 libcli/security: add security_descriptor_[s|d]acl_insert() helpers ----------------------------------------------------------------------- -- Samba Shared Repository