The annotated tag, ldb-2.9.1 has been created at 2e3dd126db9e838111631315974785e95d88ceb5 (tag) tagging 3dd39600da3c0bedeae9f033c1333eb6b0f4ff33 (commit) replaces samba-4.20.1 tagged by Jule Anger on Wed Jun 19 16:27:02 2024 +0200
- Log ----------------------------------------------------------------- ldb: tag release ldb-2.9.1 -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmZy6rYACgkQR5ORYRMI QCVCHAgAgyck8/vg928tsREA62mDVyuyJDUPVooaDJ7vEMRyG44czXbNA4QnAGsh NMfmKbJWc2TfGpMbj60mgFWVFHHb7/KF+kAdrMAU6uKNjSlGzPAq3TFDpgPMDxW0 lm4rfm75SlDBh4hEOwYE5gnh+5mlHcf5Vmgl6CoOjePg70qgFevLEi6rWV85ZDuE 33PSidVprZ17m4faP4eqs0j5aHhEA/COo6vP9MeumgjwElWuvuvsVadxeEdi1jeR hyGrbLTclWQtjaY/NqZAN3qcj8ECxW2GMRWHYeb35Hsv0wW6bAv24PmDAAK7dB2w 5nGW2HMvmik2/7xIoEHW0oZQIX4oUg== =1NWc -----END PGP SIGNATURE----- Andreas Schneider (10): python: Fix NtVer check for site_dn_for_machine() s3:libads: Allow get_kdc_ip_string() to lookup the KDCs IP s3:libads: Do not fail if we don't get an IP passed down s3:winbind: Fix idmap_ad creating an invalid local krb5.conf bootstrap: Fix runner tags bootstrap: Set git safe.directory bootstrap: Fix building CentOS 8 Stream container images gitlab-ci: Set git safe.directory for devel repo third_party: Update uid_wrapper to version 1.3.1 third_party: Update socket_wrapper to version 1.4.3 Andrew Bartlett (3): .gitlab-ci: Remove tags no longer provided by gitlab.com build: Add --vendor-name --vendor-patch-revision options to ./configure script/autobuild.py: Add test for --vendor-name and --vendor-patch-revision Douglas Bagnall (69): pidl:Typelist: resolveType(): don't mistake a reference for a name buildtools:pidl: avoid hash randomisation in pidl examples:winexe: reproducible builds with zero timestamp examples:winexe: embed Samba version as exe timestamp ldb: avoid out of bounds read and write in ldb_qsort() lib/fuzzing/decode_ndr_X_crash: guess the pipe from filename util:tsort.h: add a macro for safely comparing numbers ldb: add NUMERIC_CMP macro to ldb.h ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare_base() ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare() s4:ntvfs: use NUMERIC_CMP in stream_name_cmp s4:dsdb:mod:operational: use NUMERIC_CMP in pso_compare s4: use numeric_cmp in dns_common_sort_zones() util:binsearch: user NUMERIC_CMP() torture:charset: use < and > assertions for strcasecmp_m torture:charset: use < and > assertions for strncasecmp_m torture:charset: test more of strcasecmp_m util:charset:util_str: use NUMERIC_CMP in strcasecmp_m_handle util:test: test_ms_fn_match_protocol_no_wildcard: allow -1 util:charset:codepoints: condepoint_cmpi uses NUMERIC_CMP() util:charset:codepoints: codepoint_cmpi warning about non-transitivity s3:libsmb:namequery: note intransitivity in addr_compare() s3:libsmb:namequery: use NUMERIC_CMP in addr_compare lib/torture: add assert_int_{less,greater} macros util: charset:util_str: use NUMERIC_CMP in strncasecmp_m_handle ldb:attrib_handlers: ldb_comparison_Boolean uses NUMERIC_CMP() ldb:attrib_handlers: ldb_comparison_binary uses NUMERIC_CMP() util:datablob: avoid non-transitive comparison in data_blob_cmp() ldb: avoid non-transitive comparison in ldb_val_cmp() ldb: reduce non-transitive comparisons in ldb_msg_element_compare() libcli/security: use NUMERIC_CMP in dom_sid_compare() libcli/security: use NUMERIC_CMP in dom_sid_compare_auth() s3:lib:util_tdb: use NUMERIC_CMP() in tdb_data_cmp() s4:rpc_server: compare_SamEntry() uses NUMERIC_CMP() s4:dns_server: use NUMERIC_CMP in rec_cmp() s4:wins: use NUMERIC_CMP in winsdb_addr_sort_list() s4:wins: winsdb_addr_sort_list() uses NUMERIC_CMP() s4:wins: use NUMERIC_CMP in nbtd_wins_randomize1Clist_sort() s3:util:net_registry: registry_value_cmp() uses NUMERIC_CMP() s3:smbcacls: use NUMERIC_CMP in ace_compare s3:util:sharesec ace_compare() uses NUMERIC_CMP() s3:libsmb_xattr: ace_compare() uses NUMERIC_CMP() ldb:mod:sort: rearrange NULL checks ldb:sort: check that elements have values ldb:sort: generalise both-NULL check to equality check ldb:dn: make ldb_dn_compare() self-consistent s3:brlock: use NUMERIC_CMP in #ifdef-zeroed lock_compare s3:mod:posixacl_xattr: use NUMERIC_CMP in posixacl_xattr_entry_compare s3:mod:vfs_vxfs: use NUMERIC_CMP in vxfs_ace_cmp dsdb:schema: use NUMERIC_CMP in place of uint32_cmp s3:rpc:wkssvc_nt: dom_user_cmp uses NUMERIC_CMP gensec: sort_gensec uses NUMERIC_CMP lib/socket: rearrange iface_comp() to use NUMERIC_CMP s3:libsmb:nmblib: use NUMERIC_CMP in status_compare s4:rpcsrv:dnsserver: make dns_name_compare transitive with NULLs s4:rpcsrv:samr: improve a comment in compare_msgRid ldb-samba: ldif-handlers: make ldif_comparison_objectSid() accurate ldb-samba:ldif_handlers: dn_link_comparison semi-sorts deleted objects ldb-samba:ldif_handlers: dn_link_comparison semi-sorts invalid DNs ldb-samba:ldif_handlers: dn_link_comparison correctly sorts deleted objects ldb-samba:ldif_handlers: dn_link_comparison leaks less ldb-samba:ldif_handlers: dn_link_comparison: sort invalid DNs ldb:attrib_handlers: make ldb_comparison_Boolean more consistent ldb: avoid NULL deref in ldb_db_compare s4:dsdb:mod: repl_md: make message_sort transitive s4:dsdb:mod: repl_md: message sort uses NUMERIC_CMP() ldb:attrib_handlers: use NUMERIC_CMP in ldb_comparison_fold ldb:attrib_handlers: reduce non-transitive behaviour in ldb_comparison_fold s3:smbcacls: fix ace_compare Günther Deschner (2): ctdb/ceph: Add optional namespace support for mutex helper ctdb/docs: Include ceph rados namespace support in man page Jeremy Allison (2): s3/torture: Add test for widelink case insensitivity on a MSDFS share. s3: vfs_widelinks: Allow case insensitivity to work on DFS widelinks shares. Jule Anger (2): VERSION: Bump version up to Samba 4.20.2... BUG 15569 ldb: Release LDB 2.9.1 Noel Power (2): selftest: Add a python blackbox test for some misc (widelink) DFS tests s3/smbd: fix nested chdir into msdfs links on (widelinks = yes) share Stefan Metzmacher (70): .gitlab-ci-main.yml: debug kernel details of the current runner tests/ntacls: unblock failing gitlab pipelines because test_setntacl_forcenative smbXcli_base: add hacks to test anonymous signing and encryption s4:libcli/smb2: add hack to test anonymous signing and encryption s4:torture/smb2: add smb2.session.anon-{encryption{1,2,},signing{1,2}} s3:utils: remove unused signing_flags in connections_forall() s3:lib: let sessionid_traverse_read() report if the session was authenticated s3:utils: let connections_forall_read() report if the session was authenticated s3:utils: let smbstatus also report AES-256 encryption types for tcons s3:utils: let smbstatus also report partial tcon signing/encryption s3:smbd: allow anonymous encryption after one authenticated session setup s3:utils: let smbstatus report anonymous signing/encryption explicitly s4:dsdb/repl: let drepl_out_helpers.c always go via dreplsrv_out_drsuapi_send() s3:libsmb: allow store_cldap_reply() to work with a ipv6 response s3:libads: avoid changing ADS->server.workgroup s3:include: let nameserv.h be useable on its own s3:include: split out fstring.h s3:wscript: LIBNMB requires lp_ functions s3:libsmb/unexpected: don't use talloc_tos() in async code s3:libsmb/unexpected: pass nmbd_socket_dir from the callers of nb_packet_{server_create,reader_send}() s3:libsmb/dsgetdcname: use NETLOGON_NT_VERSION_AVOID_NT4EMUL libcli/nbt: add nbt_name_send_raw() s4:libcli/dgram: let the generic incoming handler also get unexpected mailslot messages s4:libcli/dgram: make use of socket_address_copy() s4:libcli/dgram: add nbt_dgram_send_raw() to send raw blobs s4:nbt_server: simulate nmbd and provide unexpected handling python:tests/dns_base: generate a real signature in bad_sign_packet() python:tests/dns_base: use ndr_deepcopy() and ndr_pack() in verify_packet() python:tests/dns_base: let dns_transaction_tcp() handle short receives python:tests/dns_base: add self.assert_echoed_dns_error() python:tests/dns_tkey: make use of self.assert_echoed_dns_error() python:tests/dns_base: let tkey_trans() and sign_packet() take algorithm_name as argument python:tests/dns_base: let tkey_trans() take tkey_req_in_answers python:tests/dns_base: pass tkey_trans(expected_rcode) python:tests/dns_base: let dns_transaction_udp() take allow_{remaining,truncated}=True python:tests/dns_base: maintain a dict with tkey related state python:tests/dns_tkey: test TKEY with gss-tsig, gss.microsoft.com and invalid algorithms python:tests/dns_tkey: let us have test_update_gss_tsig_tkey_req_{additional,answers}() python:tests/dns_tkey: add gss.microsoft.com tsig updates python:tests/dns_tkey: test bad and changing tsig algorithms python:tests/dns_base: let verify_packet() work against Windows python:tests/dns_tkey: let test_update_tsig_windows() actually pass against windows 2022 python:tests/dns_base: add get_unpriv_creds() helper s4:selftest/tests: pass USERNAME_UNPRIV=$DOMAIN_USER to samba.tests.dns_tkey python:tests/dns_tkey: add test_update_tsig_record_access_denied() s4:dns_server: failed dns updates should result in REFUSED for ACCESS_DENIED s4:dns_server: only allow gss-tsig and gss.microsoft.com for TKEY s4:dns_server: only allow gss-tsig and gss.microsoft.com for TSIG s4:dns_server: use the client provided algorithm for the fake TSIG structure s4:dns_server: use tkey->algorithm if available in dns_sign_tsig() s4:dns_server: also search DNS_QTYPE_TKEY in the answers section if it's the last section s4:dns_server: dns_verify_tsig should return REFUSED on error s4:dns_server: correctly sign dns update responses with gss-tsig like Windows s4:dns_server: no-op dns updates with ACCESS_DENIED should be ignored s4:torture/smb2: add smb2.ioctl.copy_chunk_bug15644 vfs_default: also call vfs_offload_token_ctx_init in vfswrap_offload_write_send test_recycle.sh: make sure we don't see panics on the log files TMP-REPRODUCE: vfs_recycle: demonstrate memory corruption in recycle_unlink_internal() vfs_recycle: don't unlink on allocation failure vfs_recycle: directly allocate smb_fname_final->base_name vfs_recycle: use a talloc_stackframe() in recycle_unlink_internal() vfs_recycle: use the correct return in SMB_VFS_HANDLE_GET_DATA() vfs_recycle: fix memory hierarchy Revert "TMP-REPRODUCE: vfs_recycle: demonstrate memory corruption in recycle_unlink_internal()" vfs_recycle: remember resolved config->repository in vfs_recycle_connect() testprogs/blackbox: let test_trust_token.sh check for S-1-18-1 with kerberos testprogs/blackbox: add test_ldap_token.sh to test "client use kerberos" and --use-kerberos auth/credentials: add cli_credentials_get_kerberos_state_obtained() helper auth/credentials: add tests for cli_credentials_get_kerberos_state[_obtained]() auth/credentials: don't ignore "client use kerberos" and --use-kerberos for machine accounts ----------------------------------------------------------------------- -- Samba Shared Repository