The annotated tag, samba-4.19.8 has been created
at 084fbf672ced46a582eddb6fcea6e8831b8e8915 (tag)
tagging 204b0f2d2f7bcdfac41b96f499920c3980088665 (commit)
replaces samba-4.19.7
tagged by Jule Anger
on Thu Aug 15 14:02:02 2024 +0200
- Log -----------------------------------------------------------------
samba: tag release samba-4.19.8
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAma97joACgkQqplEL7aA
tiBl3Q/7BJxRid5eaZMVs3LNNqm249jB821syGn69hT8tdch0Z97asBrCN8ExYV/
bAkvJMxfkDqVR/nRQ/abHuh79BYzu6heX9d5cM0yd6Z10RaVEO3V5jQAbYTeyQSN
QoWBpdbL7H4KkEMG2sb9o4aLsZMiaLvU/jO3kbyZCDdxGPHIs0X7sTmxV2898uhk
gFT/b99T0Eu2Nz/ZrQCvu5twDiq2L+RHCwGjf2vvgkOE0d24nRHu2bxw9xUEAMO5
zg1DIIpO1Grr6hROkYW+hNU6RbGw+z4vZEtuE4Tq6DPY/4xD9mYj5VS6szu9XgDj
cGMwxkHj/V82h32cneaCOa/XNZ833QCBA2rqW4ls7rSuuOHsxO9M1AMAzaCjAOHP
ljwXrl8hDb5zfMuCo13/2JSGVK/VYRchE0gFl08DKWFhf8GNtkM8HOitp/xiR67z
LvolDMxWu9XCYRtiYjrnVWjyWLXQMomFat1ZeKTMP7HVhWC9mrEPciwyWBgvPF1/
b8Q4B2MoNN9q9Vr4J0d/xdUvZicgmCR7yOgt4zcEtBAZXMh4j6mo2Xb3P/a8CUAw
wcaJnonbiExI1A6ikrcBg1IfjQ402njpLRuBPHIvHgf5NcaoCPgNFExvh+U33ZJ3
iNkORV+0aS+mDjSixzzx5WWGt0AyezWSfU3I9IgyQoTm5hBvMoI=
=h3mD
-----END PGP SIGNATURE-----
Andreas Schneider (8):
bootstrap: Fix runner tags
bootstrap: Set git safe.directory
bootstrap: Fix building CentOS 8 Stream container images
gitlab-ci: Set git safe.directory for devel repo
third_party: Update uid_wrapper to version 1.3.1
third_party: Update socket_wrapper to version 1.4.3
gitlab-ci: Also add the git directory for pipeline in the main mirror
wafsamba: Fix ABI symbol name generation
Andrew Bartlett (6):
build: Add --vendor-name --vendor-patch-revision options to ./configure
script/autobuild.py: Add test for --vendor-name and
--vendor-patch-revision
dsdb: Reduce minimum maxPwdAge from 1 day to nil
python/tests/krb5: Prepare for PKINIT tests with UF_SMARTCARD_REQUIRED
.gitlab-ci: Allow ext4 jobs to run on shared runners
selftest: Allow MIT Krb5 1.21 to still start to fl2000dc
Douglas Bagnall (18):
buildtools: sanitise strange characters in vendor strings
build: --vendor-suffix instead of --vendor-patch-revision --vendor-name
docs-xml:manpages: allow for longer version strings
cmdline:burn: '-U' does not imply secrets without '%'
selftest: run the cmdline tests that we already have
cmdline:tests: extend cmdline_burn tests
cmdline:burn: do not retain false memories
cmdline:burn: handle arguments separated from their --options
cmdline:burn: always return true if burnt
cmdline:burn: localise some variables
cmdline:burn: do not burn options starting --user-*, --password-*
cmdline: test_cmdline tests more burning
cmdline:burn: use allowlist to ensure more passwords burn
cmdline:burn: explicitly burn --username
cmdline:burn: add a note about short option combinations
cmdline: samba-tool test for bad option warning
cmdline:burn: list commands to always burn; warn on unknown
libcli:security: allow spaces after BAD:
Günther Deschner (2):
ctdb/ceph: Add optional namespace support for mutex helper
ctdb/docs: Include ceph rados namespace support in man page
Jo Sutton (6):
tests/krb5: Add method to perform an armored AS‐REQ
tests/krb5: Use __slots__ to indicate which attributes are used by classes
tests/krb5: Fix PK-INIT test framework to allow expired password keys
tests/krb5: Allow creation of disabled accounts for testing
tests/krb5: Add tests for errors produced when logging in with unusable
accounts
third_party/heimdal: Import lorikeet-heimdal-202406240121 (commit
4315286377278234be2f3b6d52225a17b6116d54)
Jones Syue (1):
s3:ntlm_auth: make logs more consistent with length check
Jule Anger (3):
VERSION: Bump version up to Samba 4.19.8...
WHATSNEW: Add release notes for Samba 4.19.8.
VERSION: Disable GIT_SNAPSHOT for the 4.19.8 release.
Noel Power (2):
selftest: Add a python blackbox test for some misc (widelink) DFS tests
s3/smbd: fix nested chdir into msdfs links on (widelinks = yes) share
Pavel Filipenský (1):
.gitlab-ci-main.yml: Add safe.directory '*'
Ralph Boehme (1):
third_party/heimdal: Import lorikeet-heimdal-202407041740 (commit
42ba2a6e5dd1bc14a8b5ada8c9b8ace85956f6a0)
Stefan Metzmacher (49):
BUG 15569 ldb: add missing ABI/pyldb-util-2.8.1.sigs
python:tests/dns_base: generate a real signature in bad_sign_packet()
python:tests/dns_base: use ndr_deepcopy() and ndr_pack() in
verify_packet()
python:tests/dns_base: let dns_transaction_tcp() handle short receives
python:tests/dns_base: add self.assert_echoed_dns_error()
python:tests/dns_tkey: make use of self.assert_echoed_dns_error()
python:tests/dns_base: let tkey_trans() and sign_packet() take
algorithm_name as argument
python:tests/dns_base: let tkey_trans() take tkey_req_in_answers
python:tests/dns_base: pass tkey_trans(expected_rcode)
python:tests/dns_base: let dns_transaction_udp() take
allow_{remaining,truncated}=True
python:tests/dns_base: maintain a dict with tkey related state
python:tests/dns_tkey: test TKEY with gss-tsig, gss.microsoft.com and
invalid algorithms
python:tests/dns_tkey: let us have
test_update_gss_tsig_tkey_req_{additional,answers}()
python:tests/dns_tkey: add gss.microsoft.com tsig updates
python:tests/dns_tkey: test bad and changing tsig algorithms
python:tests/dns_base: let verify_packet() work against Windows
python:tests/dns_tkey: let test_update_tsig_windows() actually pass
against windows 2022
python:tests/dns_base: add get_unpriv_creds() helper
s4:selftest/tests: pass USERNAME_UNPRIV=$DOMAIN_USER to
samba.tests.dns_tkey
python:tests/dns_tkey: add test_update_tsig_record_access_denied()
s4:dns_server: failed dns updates should result in REFUSED for
ACCESS_DENIED
s4:dns_server: only allow gss-tsig and gss.microsoft.com for TKEY
s4:dns_server: only allow gss-tsig and gss.microsoft.com for TSIG
s4:dns_server: use the client provided algorithm for the fake TSIG
structure
s4:dns_server: use tkey->algorithm if available in dns_sign_tsig()
s4:dns_server: also search DNS_QTYPE_TKEY in the answers section if it's
the last section
s4:dns_server: dns_verify_tsig should return REFUSED on error
s4:dns_server: correctly sign dns update responses with gss-tsig like
Windows
s4:dns_server: no-op dns updates with ACCESS_DENIED should be ignored
s3:include: let nameserv.h be useable on its own
s3:include: split out fstring.h
s3:wscript: LIBNMB requires lp_ functions
s3:libsmb/unexpected: don't use talloc_tos() in async code
s3:libsmb/unexpected: pass nmbd_socket_dir from the callers of
nb_packet_{server_create,reader_send}()
s3:libsmb/dsgetdcname: use NETLOGON_NT_VERSION_AVOID_NT4EMUL
libcli/nbt: add nbt_name_send_raw()
s4:libcli/dgram: let the generic incoming handler also get unexpected
mailslot messages
s4:libcli/dgram: make use of socket_address_copy()
s4:libcli/dgram: add nbt_dgram_send_raw() to send raw blobs
s4:nbt_server: simulate nmbd and provide unexpected handling
s4:torture/smb2: add smb2.ioctl.copy_chunk_bug15644
vfs_default: also call vfs_offload_token_ctx_init in
vfswrap_offload_write_send
testprogs/blackbox: let test_trust_token.sh check for S-1-18-1 with
kerberos
testprogs/blackbox: add test_ldap_token.sh to test "client use kerberos"
and --use-kerberos
auth/credentials: add cli_credentials_get_kerberos_state_obtained() helper
auth/credentials: add tests for
cli_credentials_get_kerberos_state[_obtained]()
auth/credentials: don't ignore "client use kerberos" and --use-kerberos
for machine accounts
.gitlab-ci: make it explicit that some tests require ext4/5.15 kernel
[v4-19-only] selftest: support for MIT krb5 1.21
Xavi Hernandez (1):
Fix starvation of pending writes in CTDB queues
-----------------------------------------------------------------------
--
Samba Shared Repository
