The annotated tag, samba-4.19.8 has been created at 084fbf672ced46a582eddb6fcea6e8831b8e8915 (tag) tagging 204b0f2d2f7bcdfac41b96f499920c3980088665 (commit) replaces samba-4.19.7 tagged by Jule Anger on Thu Aug 15 14:02:02 2024 +0200
- Log ----------------------------------------------------------------- samba: tag release samba-4.19.8 -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAma97joACgkQqplEL7aA tiBl3Q/7BJxRid5eaZMVs3LNNqm249jB821syGn69hT8tdch0Z97asBrCN8ExYV/ bAkvJMxfkDqVR/nRQ/abHuh79BYzu6heX9d5cM0yd6Z10RaVEO3V5jQAbYTeyQSN QoWBpdbL7H4KkEMG2sb9o4aLsZMiaLvU/jO3kbyZCDdxGPHIs0X7sTmxV2898uhk gFT/b99T0Eu2Nz/ZrQCvu5twDiq2L+RHCwGjf2vvgkOE0d24nRHu2bxw9xUEAMO5 zg1DIIpO1Grr6hROkYW+hNU6RbGw+z4vZEtuE4Tq6DPY/4xD9mYj5VS6szu9XgDj cGMwxkHj/V82h32cneaCOa/XNZ833QCBA2rqW4ls7rSuuOHsxO9M1AMAzaCjAOHP ljwXrl8hDb5zfMuCo13/2JSGVK/VYRchE0gFl08DKWFhf8GNtkM8HOitp/xiR67z LvolDMxWu9XCYRtiYjrnVWjyWLXQMomFat1ZeKTMP7HVhWC9mrEPciwyWBgvPF1/ b8Q4B2MoNN9q9Vr4J0d/xdUvZicgmCR7yOgt4zcEtBAZXMh4j6mo2Xb3P/a8CUAw wcaJnonbiExI1A6ikrcBg1IfjQ402njpLRuBPHIvHgf5NcaoCPgNFExvh+U33ZJ3 iNkORV+0aS+mDjSixzzx5WWGt0AyezWSfU3I9IgyQoTm5hBvMoI= =h3mD -----END PGP SIGNATURE----- Andreas Schneider (8): bootstrap: Fix runner tags bootstrap: Set git safe.directory bootstrap: Fix building CentOS 8 Stream container images gitlab-ci: Set git safe.directory for devel repo third_party: Update uid_wrapper to version 1.3.1 third_party: Update socket_wrapper to version 1.4.3 gitlab-ci: Also add the git directory for pipeline in the main mirror wafsamba: Fix ABI symbol name generation Andrew Bartlett (6): build: Add --vendor-name --vendor-patch-revision options to ./configure script/autobuild.py: Add test for --vendor-name and --vendor-patch-revision dsdb: Reduce minimum maxPwdAge from 1 day to nil python/tests/krb5: Prepare for PKINIT tests with UF_SMARTCARD_REQUIRED .gitlab-ci: Allow ext4 jobs to run on shared runners selftest: Allow MIT Krb5 1.21 to still start to fl2000dc Douglas Bagnall (18): buildtools: sanitise strange characters in vendor strings build: --vendor-suffix instead of --vendor-patch-revision --vendor-name docs-xml:manpages: allow for longer version strings cmdline:burn: '-U' does not imply secrets without '%' selftest: run the cmdline tests that we already have cmdline:tests: extend cmdline_burn tests cmdline:burn: do not retain false memories cmdline:burn: handle arguments separated from their --options cmdline:burn: always return true if burnt cmdline:burn: localise some variables cmdline:burn: do not burn options starting --user-*, --password-* cmdline: test_cmdline tests more burning cmdline:burn: use allowlist to ensure more passwords burn cmdline:burn: explicitly burn --username cmdline:burn: add a note about short option combinations cmdline: samba-tool test for bad option warning cmdline:burn: list commands to always burn; warn on unknown libcli:security: allow spaces after BAD: Günther Deschner (2): ctdb/ceph: Add optional namespace support for mutex helper ctdb/docs: Include ceph rados namespace support in man page Jo Sutton (6): tests/krb5: Add method to perform an armored AS‐REQ tests/krb5: Use __slots__ to indicate which attributes are used by classes tests/krb5: Fix PK-INIT test framework to allow expired password keys tests/krb5: Allow creation of disabled accounts for testing tests/krb5: Add tests for errors produced when logging in with unusable accounts third_party/heimdal: Import lorikeet-heimdal-202406240121 (commit 4315286377278234be2f3b6d52225a17b6116d54) Jones Syue (1): s3:ntlm_auth: make logs more consistent with length check Jule Anger (3): VERSION: Bump version up to Samba 4.19.8... WHATSNEW: Add release notes for Samba 4.19.8. VERSION: Disable GIT_SNAPSHOT for the 4.19.8 release. Noel Power (2): selftest: Add a python blackbox test for some misc (widelink) DFS tests s3/smbd: fix nested chdir into msdfs links on (widelinks = yes) share Pavel Filipenský (1): .gitlab-ci-main.yml: Add safe.directory '*' Ralph Boehme (1): third_party/heimdal: Import lorikeet-heimdal-202407041740 (commit 42ba2a6e5dd1bc14a8b5ada8c9b8ace85956f6a0) Stefan Metzmacher (49): BUG 15569 ldb: add missing ABI/pyldb-util-2.8.1.sigs python:tests/dns_base: generate a real signature in bad_sign_packet() python:tests/dns_base: use ndr_deepcopy() and ndr_pack() in verify_packet() python:tests/dns_base: let dns_transaction_tcp() handle short receives python:tests/dns_base: add self.assert_echoed_dns_error() python:tests/dns_tkey: make use of self.assert_echoed_dns_error() python:tests/dns_base: let tkey_trans() and sign_packet() take algorithm_name as argument python:tests/dns_base: let tkey_trans() take tkey_req_in_answers python:tests/dns_base: pass tkey_trans(expected_rcode) python:tests/dns_base: let dns_transaction_udp() take allow_{remaining,truncated}=True python:tests/dns_base: maintain a dict with tkey related state python:tests/dns_tkey: test TKEY with gss-tsig, gss.microsoft.com and invalid algorithms python:tests/dns_tkey: let us have test_update_gss_tsig_tkey_req_{additional,answers}() python:tests/dns_tkey: add gss.microsoft.com tsig updates python:tests/dns_tkey: test bad and changing tsig algorithms python:tests/dns_base: let verify_packet() work against Windows python:tests/dns_tkey: let test_update_tsig_windows() actually pass against windows 2022 python:tests/dns_base: add get_unpriv_creds() helper s4:selftest/tests: pass USERNAME_UNPRIV=$DOMAIN_USER to samba.tests.dns_tkey python:tests/dns_tkey: add test_update_tsig_record_access_denied() s4:dns_server: failed dns updates should result in REFUSED for ACCESS_DENIED s4:dns_server: only allow gss-tsig and gss.microsoft.com for TKEY s4:dns_server: only allow gss-tsig and gss.microsoft.com for TSIG s4:dns_server: use the client provided algorithm for the fake TSIG structure s4:dns_server: use tkey->algorithm if available in dns_sign_tsig() s4:dns_server: also search DNS_QTYPE_TKEY in the answers section if it's the last section s4:dns_server: dns_verify_tsig should return REFUSED on error s4:dns_server: correctly sign dns update responses with gss-tsig like Windows s4:dns_server: no-op dns updates with ACCESS_DENIED should be ignored s3:include: let nameserv.h be useable on its own s3:include: split out fstring.h s3:wscript: LIBNMB requires lp_ functions s3:libsmb/unexpected: don't use talloc_tos() in async code s3:libsmb/unexpected: pass nmbd_socket_dir from the callers of nb_packet_{server_create,reader_send}() s3:libsmb/dsgetdcname: use NETLOGON_NT_VERSION_AVOID_NT4EMUL libcli/nbt: add nbt_name_send_raw() s4:libcli/dgram: let the generic incoming handler also get unexpected mailslot messages s4:libcli/dgram: make use of socket_address_copy() s4:libcli/dgram: add nbt_dgram_send_raw() to send raw blobs s4:nbt_server: simulate nmbd and provide unexpected handling s4:torture/smb2: add smb2.ioctl.copy_chunk_bug15644 vfs_default: also call vfs_offload_token_ctx_init in vfswrap_offload_write_send testprogs/blackbox: let test_trust_token.sh check for S-1-18-1 with kerberos testprogs/blackbox: add test_ldap_token.sh to test "client use kerberos" and --use-kerberos auth/credentials: add cli_credentials_get_kerberos_state_obtained() helper auth/credentials: add tests for cli_credentials_get_kerberos_state[_obtained]() auth/credentials: don't ignore "client use kerberos" and --use-kerberos for machine accounts .gitlab-ci: make it explicit that some tests require ext4/5.15 kernel [v4-19-only] selftest: support for MIT krb5 1.21 Xavi Hernandez (1): Fix starvation of pending writes in CTDB queues ----------------------------------------------------------------------- -- Samba Shared Repository