The annotated tag, samba-4.18.9 has been created
at eeed84fa101a4f76d1c5b81fba82c2c403b86a87 (tag)
tagging 2669b77d97b55542b6f2bc80c72cf699399e8ec8 (commit)
replaces samba-4.18.8
tagged by Jule Anger
on Wed Nov 29 15:35:36 2023 +0100
- Log -----------------------------------------------------------------
samba: tag release samba-4.18.9
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmVnTDgACgkQqplEL7aA
tiDoHw//S4LC3VJpCXVANwoGxSWUD4h64QuTgMvBD1pxgAELLCkpS9SHxNY7SYa4
YUPCV3vWsbOvRk/ud1Zp1fuDGh4QRLx3cvG917A77iRkaGjlA7XzwhoCofi+4Hcb
7II26N+3aN7bI9c3kfmYW351EalT5Xg8vHDqEFODRjURZCW1SEF2Zah0HiMiJU/X
7DjesbQLQRgOKWs7VaWkbKDiFvLxoyhY8RqFtlMSYjZPk9qvYwJDTEXkUqvl3tp7
oI2ufB1Xi3w81ruwIv9GH0OpaDyiOTi5ivAcZ3NKKjMXbkYVU/gfQULEu5aTdSzJ
TKQtiqmkYmh6y5aBjPZedqIkdrVr3pbDBV80/JrgQPBJRQT1JZRT1Bn9ShPsL8D+
ALyx5V+Rnu7TTMaMrwOse5mefoVvszV/RY5EjBRn4hWhrKnQvkflcnn01LLy8HAn
+Tiyfxdx35EsYy7Rh15VwT1xwMHuRnY26SwtBex9e6c9NNDeZGOnzJAkRjSGnoBF
vJ9bzV9DilJEySfsWr7JABXKTCqvtpA6hC78j6jc9aNCZCUmEe0nHYiBjfD4P0mo
WBHICKQYcb/FkVX4N537hjRTkjLdfsZud3dh1erc8HeHUp06otvV2H8SQ//dIJD0
FrEW0Pb2R6EZS7QePWWEt9XoD5ZP2zY8JdunWtcajQYYfjIphAE=
=iIT/
-----END PGP SIGNATURE-----
Andreas Schneider (1):
CVE-2023-4154 s4:dsdb:tests: Fix code spelling
Andrew Bartlett (13):
CVE-2023-4154 dsdb: Remove remaining references to DC_MODE_RETURN_NONE
and DC_MODE_RETURN_ALL
CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice
CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force()
CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential
at the start
CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible
with DirSync ever.
CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive
matches once
CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE
behaviour
CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests
CVE-2023-4154: Unimplement the original DirSync behaviour without
LDAP_DIRSYNC_OBJECT_SECURITY
CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default
CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD
DC
CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in
conflict with AD DC
CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup
Björn Jacke (1):
system.c: fall back to become_root if CAP_DAC_OVERRIDE isn't usable
Christof Schmitt (17):
build: Add 'make printversion' to provide version string
vfs_gpfs: Use O_PATH for opening dirfd for stat with CAP_DAC_OVERRIDE
vfs_gpfs: Move fstatat with DAC_CAP_OVERRIDE to helper function
vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstat
vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstatat
nfs4_acls: Implement fstat with DAC_CAP_OVERRIDE
vfs_gpfs: Move fstatat_with_cap_dac_override to nfs4_acls.c
vfs_gpfs: Move stat_with_capability to nfs4_acls.c and rename function
vfs_gpfs: Move vfs_gpfs_stat to nfs4_acls.c and rename function
vfs_gpfs: Move vfs_gpfs_fstat to nfs4_acls.c and rename function
vfs_gpfs: Move vfs_gpfs_lstat to nfs4_acls.c and rename function
vfs_gpfs: Move vfs_gpfs_fstatat to nfs4_acls.c and rename function
nfs4_acls: Make fstatat_with_cap_dac_override static
nfs4_acls: Make stat_with_cap_dac_override static
nfs4_acls: Make fstat_with_cap_dac_override static
vfs_aixacl2: Call stat DAC_CAP_OVERRIDE functions
vfs_zfsacl: Call stat CAP_DAC_OVERRIDE functions
Jeremy Allison (3):
CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit
socket_dir.
CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow
bad pipenames with unix separators through to the UNIX domain socket code.
CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad
pipenames.
Joseph Sutton (2):
CVE-2023-4154 s4:dsdb:tests: Refactor confidential attributes test
CVE-2023-4154 s4-dsdb: Remove DSDB_ACL_CHECKS_DIRSYNC_FLAG
Jule Anger (6):
VERSION: Bump version up to Samba 4.18.8...
Merge tag 'samba-4.18.8' into v4-18-stable
Merge branch 'v4-18-stable' into v4-18-test
VERSION: Bump version up to Samba 4.18.9...
WHATSNEW: Add release notes for Samba 4.18.9.
VERSION: Disable GIT_SNAPSHOT for the 4.18.9 release.
Martin Schwenke (1):
ctdb-daemon: Call setproctitle_init()
Michael Adam (1):
gitignore: add WAF lockfile
Ralph Boehme (4):
CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file
CVE-2023-4091: smbd: use open_access_mask for access check in open_file()
s3: smbd: Ignore fstat() error on deleted stream in fd_close().
smbd: fix close order of base_fsp and stream_fsp in
smb_fname_fsp_destructor()
Stefan Metzmacher (13):
CVE-2023-4154 python:sd_utils: introduce update_aces_in_dacl() helper
CVE-2023-4154 python:sd_utils: add dacl_{prepend,append,delete}_aces()
helpers
CVE-2023-4154 py_security: allow idx argument to descriptor.[s|d]acl_add()
CVE-2023-4154 python/samba/ndr: add ndr_deepcopy() helper
CVE-2023-4154 replace: add ARRAY_INSERT_ELEMENT() helper
CVE-2023-4154 libcli/security: prepare security_descriptor_acl_add() to
place the ace at a position
CVE-2023-4154 libcli/security: add security_descriptor_[s|d]acl_insert()
helpers
CVE-2018-14628: python:descriptor: add get_deletedobjects_descriptor()
CVE-2018-14628: python:provision: make DELETEDOBJECTS_DESCRIPTOR
available in the ldif files
CVE-2018-14628: s4:setup: set the correct nTSecurityDescriptor on the
CN=Deleted Objects container
CVE-2018-14628: s4:dsdb: remove unused code in dirsync_filter_entry()
CVE-2018-14628: dbchecker: use get_deletedobjects_descriptor for missing
deleted objects container
CVE-2018-14628: python:descriptor: let samba-tool dbcheck fix the
nTSecurityDescriptor on CN=Deleted Objects containers
-----------------------------------------------------------------------
--
Samba Shared Repository
