[SCM] Samba Shared Repository - branch master updated

[Andrew Tridgell]

The branch, master has been updated
   via  fff3f29 s4-ldb: two DNs only match if they have the same deletion 
status
   via  7367787 talloc: check block count aftter references test
   via  2331610 s4-samdb: save the url in the samdb class
   via  37799b0 s4-dsdb: extend the extended_dn_in module to handle DN links
   via  23598d5 ldb: rule_id in ldb_parse_tree should be const
   via  849d042 ldb: added a new always-fail ldap extended match OID
   via  e07ca09 ldb: changed DN matching rules to obey GUID/SID/string 
ordering
   via  7b5f0a7 s4-dsdb: handle search expressions containing extended DNs
   via  d4a1f6a s4-dsdb: added dn_format attribute of a dsdb_attribute
   via  d669e83 s4-dsdb: fixed outgoing one way link DNs
   via  a74f467 s4-dsdb: setup a one_way_link attribute on schema attributes
   via  fc40769 s4-dsdb: fixed a warning on dsdb_delete()
   via  d10553a s4-dsdb: make requests for STORAGE_FORMAT control 
non-critical
   via  a8293a5 ldb: added signatures for 1.1.2
   via  39576e9 ldb: raise minor version
   via  841d17f ldb: added ldb_parse_tree_walk()
   via  4ba8069 ldb: added ldb_dn_replace_components()
  from  ed59f21 s3-ntlmssp void function cannot return value

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit fff3f290736f0b75903bfefeb961ee935930303b
Author: Andrew Tridgell 
Date:   Thu Aug 4 14:59:47 2011 +1000

s4-ldb: two DNs only match if they have the same deletion status

Autobuild-User: Andrew Tridgell 
Autobuild-Date: Thu Aug  4 09:34:08 CEST 2011 on sn-devel-104

commit 73677875b46251f59b66c9713f1decc89bd2ea3e
Author: Andrew Tridgell 
Date:   Thu Aug 4 12:07:19 2011 +1000

talloc: check block count aftter references test

Pair-Programmed-With: Amitay Isaacs 

commit 2331610a2e33498527070c45debfea418a97717d
Author: Andrew Tridgell 
Date:   Wed Aug 3 11:31:45 2011 +1000

s4-samdb: save the url in the samdb class

this is useful for debugging, so we know which database we are dealing
with

Pair-Programmed-With: Amitay Isaacs 

commit 37799b0644af6d0135af52f07414efd52bbe697e
Author: Andrew Tridgell 
Date:   Tue Aug 2 17:19:16 2011 +1000

s4-dsdb: extend the extended_dn_in module to handle DN links

this replaces DN components in incoming filter expressions with the
full extended DN of the target, which allows search expressions based
on  and  DNs, as well as fixing the problem with one-way
links in search expressions

Pair-Programmed-With: Andrew Bartlett 

commit 23598d56ff7a0bf9cb55606da0ede234e12dbc57
Author: Andrew Tridgell 
Date:   Tue Aug 2 17:17:13 2011 +1000

ldb: rule_id in ldb_parse_tree should be const

this allows assignment to a constant string without allocation

Pair-Programmed-With: Andrew Bartlett 

commit 849d042dd88e8e7de2748524b054b350af06a859
Author: Andrew Tridgell 
Date:   Tue Aug 2 17:16:44 2011 +1000

ldb: added a new always-fail ldap extended match OID

this is used when rewriting filter rules to replace a filter rule with
one that is guaranteed not to match

Pair-Programmed-With: Andrew Bartlett 

commit e07ca09a7bac30b99b0033a59746ba166e429aec
Author: Andrew Tridgell 
Date:   Tue Aug 2 17:15:28 2011 +1000

ldb: changed DN matching rules to obey GUID/SID/string ordering

when matching two DNs, the GUID takes priority, then the SID, then the
string component

Pair-Programmed-With: Andrew Bartlett 
Pair-Programmed-With: Amitay Isaacs 

commit 7b5f0a7120c91989976d2f946ad1af9d6dc934c7
Author: Andrew Tridgell 
Date:   Mon Aug 1 17:48:53 2011 +1000

s4-dsdb: handle search expressions containing extended DNs

this allows for searches like member=

Pair-Programmed-With: Andrew Bartlett 
Pair-Programmed-With: Amitay Isaacs 

commit d4a1f6a42b06a5d63a789cad438cfde693df24a7
Author: Andrew Tridgell 
Date:   Mon Aug 1 17:47:34 2011 +1000

s4-dsdb: added dn_format attribute of a dsdb_attribute

this is faster than string comparisons during searches at runtime

Pair-Programmed-With: Andrew Bartlett 
Pair-Programmed-With: Amitay Isaacs 

commit d669e83857600ec59afc5b11c0286f28fceb0d0a
Author: Andrew Tridgell 
Date:   Mon Aug 1 13:55:58 2011 +1000

s4-dsdb: fixed outgoing one way link DNs

when we return a DN which is a one way link, fix the string DN
component by searching for the GUID and replacing the DN components

Pair-Programmed-With: Amitay Isaacs 
Pair-Programmed-With: Andrew Bartlett 

commit a74f4673eda682bbca4adfed8a924b16114a0dcd
Author: Andrew Tridgell 
Date:   Mon Aug 1 13:54:58 2011 +1000

s4-dsdb: setup a one_way_link attribute on schema attributes

this allows us to quickly determine if a DN is a one way link

Pair-Programmed-With: Andrew Bartlett

[SCM] Samba Shared Repository - annotated tag samba-3.5.11 created

[Karolin Seeger]

The annotated tag, samba-3.5.11 has been created
at  81d8fbb6c75b92d80d09700a21a5cc6092f5b145 (tag)
   tagging  439b006e73b330dd84e4b65e25142063a9be25f9 (commit)
  replaces  samba-3.5.10
 tagged by  Karolin Seeger
on  Wed Aug 3 20:29:55 2011 +0200

- Log -
tag samba-3.5.11
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.15 (GNU/Linux)

iD8DBQBOOZOubzORW2Vot+oRAisOAJ44n2cnj/8G4ZKG7BP8IY6karHW7QCgq71E
BCKgzzKq9Gu2r6KWIu6KBkk=
=hk9H
-END PGP SIGNATURE-

Andrew Bartlett (2):
  s3-docs Add documentation for 'client use spnego principal'
  s3-WHATSNEW 3.5.9 Add information on kerberos change

Björn Jacke (1):
  libreplace: include sys/file.h only when available

David Disseldorp (1):
  s3: increase the log level for missing PIDs on SIGCHLD

Gregor Beck (5):
  s3:smbldap: use smbldap_state as memory context for idle event
  s3:smbldap: free the idle event scheduled in smbldap_open in smbldap_close
  s3:smbldap: let smbldap_free_struct do what it claims to
  s3:smbldap: add a destructor to smbldap_state, just in case
  s3:smbldap: make smbldap_connect_system self contained

Jeremy Allison (2):
  Fix bug #8254 - "acl check permissions = no" does not work in all cases
  Fix bug 7462 - Non-standard SA_RESETHAND is used in 
...lib/tevent/tevent_sig

Karolin Seeger (4):
  VERSION: Bump version up to 3.5.11.
  WHATSNEW: Start release notes for 3.5.11.
  WHATSNEW: Formatting.
  WHATSNEW: Add changes since 3.5.10.

Michael Adam (1):
  docs: fix the missing parameter description section in the smb.conf 
manpage

Stefan Metzmacher (3):
  s3:nmbd_packets: make sure create_listen_fdset() returns initialized data 
(bug #8276)
  s3:nmbd_subnetdb: close all sockets attached to a subnet in 
close_subnet() (bug #8276)
  s3:librpc/gen_ndr: regen after wbint.idl changes

Volker Lendecke (3):
  s3: Fix bug 8238 -- KB2536276 prevents access to shares
  s3: explicitly pass domain_sid to wbint_LookupRids() (bug #7841)
  s3: Test for "__attribute__((destructor))"

---


-- 
Samba Shared Repository

[SCM] Samba Website Repository - branch master updated

[Karolin Seeger]

The branch, master has been updated
   via  0fe97f9 Announce Samba 3.5.11.
  from  6b4160b Add reference to CVE-2010-0728.

http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -
commit 0fe97f926577b5152abe1af20906ea17f3f7bc20
Author: Karolin Seeger 
Date:   Wed Aug 3 20:44:42 2011 +0200

Announce Samba 3.5.11.

Karolin

---

Summary of changes:
 generated_news/latest_10_bodies.html|   28 -
 generated_news/latest_10_headlines.html |4 +-
 generated_news/latest_2_bodies.html |   25 ---
 history/header_history.html |1 +
 history/samba-3.5.11.html   |   67 +++
 latest_stable_release.html  |6 +-
 6 files changed, 91 insertions(+), 40 deletions(-)
 create mode 100755 history/samba-3.5.11.html


Changeset truncated at 500 lines:

diff --git a/generated_news/latest_10_bodies.html 
b/generated_news/latest_10_bodies.html
index a951037..1f62438 100644
--- a/generated_news/latest_10_bodies.html
+++ b/generated_news/latest_10_bodies.html
@@ -1,3 +1,12 @@
+   04 August 2011
+   Samba 3.5.11 Available for Download
+   This is the latest stable release of the Samba 3.5 series.
+
+The uncompressed tarballs and patch files have been signed
+using GnuPG (ID 6568B7EA).  The source code can be
+http://samba.org/samba/ftp/stable/samba-3.5.11.tar.gz";>downloaded
+now. A http://samba.org/samba/ftp/patches/patch-3.5.10-3.5.11.diffs.gz";>patch 
against Samba 3.5.10 is also available. See http://samba.org/samba/history/samba-3.5.11.html";>the release notes for 
more info.
+
26 July 2011
Samba 3.6.0rc3 Available for Download
Samba 3.6.0rc3 is available for download.  This is the
@@ -146,22 +155,3 @@ using GnuPG (ID 6568B7EA).  The source code can be
 http://www.samba.org/samba/ftp/stable/samba-3.4.13.tar.gz";>downloaded 
now.
 See http://www.samba.org/samba/history/samba-3.4.13.html";>the release 
notes for more
 info.
-
-   12 April 2011
-   Samba 3.6.0pre2 Available for Download
-   Samba 3.6.0pre2 is available for download.  This is a
- preview of the next upgrade production release version of Samba.
- It is intended for testing purposes only.  Please test and
- https://bugzilla.samba.org/";>report any bugs that you
- find.  Please read the changes in the
- http://samba.org/samba/ftp/pre/WHATSNEW-3-6-0pre2.txt";>Release 
Notes
- for details on new features and difference in behavior from
- previous releases.
-
- The http://samba.org/samba/ftp/pre/samba-3.6.0pre2.tar.gz";>Samba 
3.6.0pre2
- source code can be downloaded now.  The http://samba.org/samba/ftp/pre/samba-3.6.0pre2.tar.asc";>GnuPG
- signature is for the uncompressed tarball.
- Precompiled packages will
- be made available on a volunteer basis and can be found in the
- http://samba.org/samba/ftp/Binary_Packages/";>Binary_Packages 
download area.
diff --git a/generated_news/latest_10_headlines.html 
b/generated_news/latest_10_headlines.html
index bb56c4f..d088e00 100644
--- a/generated_news/latest_10_headlines.html
+++ b/generated_news/latest_10_headlines.html
@@ -1,4 +1,6 @@
 
+04 August 2011 Samba 3.5.11 Available for 
Download
+
 26 July 2011 Samba 3.6.0rc3 Available for 
Download
 
 26 July 2011 Samba 3.5.10 Available for 
Download
@@ -16,6 +18,4 @@
 26 April 2011 Samba 3.6.0pre3 Available for 
Download
 
 21 April 2011 Samba 3.4.13 Available for 
Download
-
-12 April 2011 Samba 3.6.0pre2 Available for 
Download
 
diff --git a/generated_news/latest_2_bodies.html 
b/generated_news/latest_2_bodies.html
index 7378a9c..4567114 100644
--- a/generated_news/latest_2_bodies.html
+++ b/generated_news/latest_2_bodies.html
@@ -1,3 +1,12 @@
+   04 August 2011
+   Samba 3.5.11 Available for Download
+   This is the latest stable release of the Samba 3.5 series.
+
+The uncompressed tarballs and patch files have been signed
+using GnuPG (ID 6568B7EA).  The source code can be
+http://samba.org/samba/ftp/stable/samba-3.5.11.tar.gz";>downloaded
+now. A http://samba.org/samba/ftp/patches/patch-3.5.10-3.5.11.diffs.gz";>patch 
against Samba 3.5.10 is also available. See http://samba.org/samba/history/samba-3.5.11.html";>the release notes for 
more info.
+
26 July 2011
Samba 3.6.0rc3 Available for Download
Samba 3.6.0rc3 is available for download.  This is the
@@ -18,19 +27,3 @@ be made available on a volunteer basis and can be found in 
the
 http://samba.org/samba/ftp/Binary_Packages/";>Binary_Packages download
 area.
 
-
-
-   26 July 2011
-   Samba 3.5.10 Available for Download
-
-This is a security release in order to address
-http://www.samba.org/samba/security/CVE-2011-2522";>CVE-2011-2522
-(Cross-Site Request Forgery in SWAT) and
-http://www.samba.org/samba/security/CVE-2011-2694

[SCM] Samba Shared Repository - branch master updated

[Andreas Schneider]

The branch, master has been updated
   via  68e7b93 s4-librpc: Fix double free.
  from  fff3f29 s4-ldb: two DNs only match if they have the same deletion 
status

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 68e7b9307adabd9e3e12e95e0995051d366d8cf5
Author: Andreas Schneider 
Date:   Wed Aug 3 23:44:45 2011 +0200

s4-librpc: Fix double free.

Autobuild-User: Andreas Schneider 
Autobuild-Date: Thu Aug  4 12:31:18 CEST 2011 on sn-devel-104

---

Summary of changes:
 source4/librpc/rpc/dcerpc_smb.c  |   11 ++-
 source4/librpc/rpc/dcerpc_smb2.c |   13 +++--
 2 files changed, 13 insertions(+), 11 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/librpc/rpc/dcerpc_smb.c b/source4/librpc/rpc/dcerpc_smb.c
index 395e067..c231295 100644
--- a/source4/librpc/rpc/dcerpc_smb.c
+++ b/source4/librpc/rpc/dcerpc_smb.c
@@ -79,6 +79,7 @@ struct smb_read_state {
 */
 static void smb_read_callback(struct smbcli_request *req)
 {
+   struct dcecli_connection *c;
struct smb_private *smb;
struct smb_read_state *state;
union smb_read *io;
@@ -88,11 +89,12 @@ static void smb_read_callback(struct smbcli_request *req)
state = talloc_get_type(req->async.private_data, struct smb_read_state);
smb = talloc_get_type(state->c->transport.private_data, struct 
smb_private);
io = state->io;
+   c = state->c;
 
status = smb_raw_read_recv(state->req, io);
if (NT_STATUS_IS_ERR(status)) {
-   pipe_dead(state->c, status);
talloc_free(state);
+   pipe_dead(c, status);
return;
}
 
@@ -101,8 +103,8 @@ static void smb_read_callback(struct smbcli_request *req)
if (state->received < 16) {
DEBUG(0,("dcerpc_smb: short packet (length %d) in read 
callback!\n",
 (int)state->received));
-   pipe_dead(state->c, NT_STATUS_INFO_LENGTH_MISMATCH);
talloc_free(state);
+   pipe_dead(c, NT_STATUS_INFO_LENGTH_MISMATCH);
return;
}
 
@@ -110,7 +112,6 @@ static void smb_read_callback(struct smbcli_request *req)
 
if (frag_length <= state->received) {
DATA_BLOB data = state->data;
-   struct dcecli_connection *c = state->c;
data.length = state->received;
talloc_steal(state->c, data.data);
talloc_free(state);
@@ -128,8 +129,8 @@ static void smb_read_callback(struct smbcli_request *req)
 
state->req = smb_raw_read_send(smb->tree, io);
if (state->req == NULL) {
-   pipe_dead(state->c, NT_STATUS_NO_MEMORY);
talloc_free(state);
+   pipe_dead(c, NT_STATUS_NO_MEMORY);
return;
}
 
@@ -257,7 +258,7 @@ static NTSTATUS smb_send_trans_request(struct 
dcecli_connection *c, DATA_BLOB *b
struct smb_trans_state *state;
uint16_t max_data;
 
-   state = talloc(smb, struct smb_trans_state);
+   state = talloc(c, struct smb_trans_state);
if (state == NULL) {
return NT_STATUS_NO_MEMORY;
}
diff --git a/source4/librpc/rpc/dcerpc_smb2.c b/source4/librpc/rpc/dcerpc_smb2.c
index 50aed8c..59ee7a8 100644
--- a/source4/librpc/rpc/dcerpc_smb2.c
+++ b/source4/librpc/rpc/dcerpc_smb2.c
@@ -78,6 +78,7 @@ struct smb2_read_state {
 */
 static void smb2_read_callback(struct smb2_request *req)
 {
+   struct dcecli_connection *c;
struct smb2_private *smb;
struct smb2_read_state *state;
struct smb2_read io;
@@ -86,26 +87,27 @@ static void smb2_read_callback(struct smb2_request *req)
 
state = talloc_get_type(req->async.private_data, struct 
smb2_read_state);
smb = talloc_get_type(state->c->transport.private_data, struct 
smb2_private);
+   c = state->c;
 
status = smb2_read_recv(req, state, &io);
if (NT_STATUS_IS_ERR(status)) {
-   pipe_dead(state->c, status);
talloc_free(state);
+   pipe_dead(c, status);
return;
}
 
if (!data_blob_append(state, &state->data, 
  io.out.data.data, io.out.data.length)) {
-   pipe_dead(state->c, NT_STATUS_NO_MEMORY);
talloc_free(state);
+   pipe_dead(c, NT_STATUS_NO_MEMORY);
return;
}
 
if (state->data.length < 16) {
DEBUG(0,("dcerpc_smb2: short packet (length %d) in read 
callback!\n",
 (int)state->data.length));
-   pipe_dead(state->c, NT_STATUS_INFO_LENGTH_MISMATCH);
talloc_free(state);
+   pipe_dead(c, NT_STATUS_INFO_LENGTH_MISMATCH);
return;
}
 
@@ -113,7 +115,6 

[SCM] Samba Shared Repository - branch master updated

[Björn Jacke]

The branch, master has been updated
   via  d3b4d75 s3/swat: use strlcat instead of strncat to fix build on old 
Linux distros
  from  68e7b93 s4-librpc: Fix double free.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit d3b4d75364210e2d2a4a1cd806f28b0021f22909
Author: Björn Jacke 
Date:   Thu Aug 4 16:25:08 2011 +0200

s3/swat: use strlcat instead of strncat to fix build on old Linux distros

SLES 9's glibc for example had weird macros where the use of strncat 
resulted
in the use of strcat which we don't allow.

Signed-off-by: Stefan Metzmacher 

Autobuild-User: Björn Jacke 
Autobuild-Date: Thu Aug  4 17:50:24 CEST 2011 on sn-devel-104

---

Summary of changes:
 source3/web/swat.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/web/swat.c b/source3/web/swat.c
index f955466..69d9fec 100644
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -175,7 +175,7 @@ void get_xsrf_token(const char *username, const char *pass,
char tmp[3];
 
snprintf(tmp, sizeof(tmp), "%02x", token[i]);
-   strncat(token_str, tmp, sizeof(tmp));
+   strlcat(token_str, tmp, sizeof(tmp));
}
 }
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Günther Deschner]

The branch, master has been updated
   via  a7438cc s3-nmbd: fix talloc/malloc mismatch in 
create_listen_pollfds().
  from  d3b4d75 s3/swat: use strlcat instead of strncat to fix build on old 
Linux distros

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit a7438cce4e99761303aca0ef1bc65ca2cdf2bb98
Author: Günther Deschner 
Date:   Thu Aug 4 17:32:22 2011 +0200

s3-nmbd: fix talloc/malloc mismatch in create_listen_pollfds().

Guenther

Autobuild-User: Günther Deschner 
Autobuild-Date: Thu Aug  4 19:06:39 CEST 2011 on sn-devel-104

---

Summary of changes:
 source3/nmbd/nmbd_packets.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/nmbd/nmbd_packets.c b/source3/nmbd/nmbd_packets.c
index 0324c9d..c7ecfc6 100644
--- a/source3/nmbd/nmbd_packets.c
+++ b/source3/nmbd/nmbd_packets.c
@@ -1723,7 +1723,7 @@ static bool create_listen_pollfds(struct pollfd **pfds,
if (fds == NULL) {
DEBUG(1, ("create_listen_pollfds: malloc fail for attrs. "
  "size %d\n", count));
-   SAFE_FREE(fds);
+   TALLOC_FREE(fds);
return true;
}
 


-- 
Samba Shared Repository

[SCM] Samba Website Repository - branch master updated

[Karolin Seeger]

The branch, master has been updated
   via  2399813 WHATSNEW: Remove wrong entry from the release notes.
  from  0fe97f9 Announce Samba 3.5.11.

http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -
commit 2399813ceb88654b9cd75519e48c13b7136626cc
Author: Karolin Seeger 
Date:   Thu Aug 4 21:34:54 2011 +0200

WHATSNEW: Remove wrong entry from the release notes.

This one was added by accident.

Karolin

---

Summary of changes:
 history/samba-3.5.11.html |1 -
 1 files changed, 0 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/history/samba-3.5.11.html b/history/samba-3.5.11.html
index 2990710..bea86e8 100755
--- a/history/samba-3.5.11.html
+++ b/history/samba-3.5.11.html
@@ -59,7 +59,6 @@ o   Volker Lendecke 
 
 o   Stefan Metzmacher 
 * BUG 7841: Make WINBINDD_LOOKUPRIDS ask the right domain.
-* BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open.
 * BUG 8276: Close all sockets attached to a subnet in close_subnet().
 
 


-- 
Samba Website Repository

[SCM] Samba Shared Repository - branch v3-5-test updated

[Karolin Seeger]

The branch, v3-5-test has been updated
   via  f5233d9 WHATSNEW: Remove wrong entry.
   via  b9c7ca1 WHATSNEW: Start release notes for 3.5.12.
   via  be1ba33 VERSION: Bump version up to 3.5.12.
  from  529bfe1 WHATSNEW: Add changes since 3.5.10.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -
commit f5233d9179d1c8817f2f227f7fc7fad54d78bc73
Author: Karolin Seeger 
Date:   Thu Aug 4 21:40:47 2011 +0200

WHATSNEW: Remove wrong entry.

This one was added by accident, sorry!

Karolin

commit b9c7ca1abbbd5017a2b143e2ae91fa82ff598475
Author: Karolin Seeger 
Date:   Thu Aug 4 21:38:26 2011 +0200

WHATSNEW: Start release notes for 3.5.12.

Karolin

commit be1ba3365ad5369b4a72c4343e9237d7d69b1992
Author: Karolin Seeger 
Date:   Thu Aug 4 21:35:51 2011 +0200

VERSION: Bump version up to 3.5.12.

Karolin

---

Summary of changes:
 WHATSNEW.txt|   48 
 source3/VERSION |2 +-
 2 files changed, 45 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 36dfb70..367f0a3 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,46 @@
==
+   Release Notes for Samba 3.5.12
+  , 2011
+   ==
+
+
+This is the latest stable release of Samba 3.5.
+
+Major enhancements in Samba 3.5.12 include:
+
+o  
+
+Changes since 3.5.11:
+
+
+
+o  
+
+
+##
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
+   ==
Release Notes for Samba 3.5.11
   August 4, 2011
==
@@ -10,7 +52,6 @@ Major enhancements in Samba 3.5.11 include:
 
 o  Fix access to Samba shares when Windows security patch KB2536276 is 
installed
(bug #7460).
-o  Fix DoS in Winbind and smbd with many file descriptors open (bug #7949).
 o  Fix Winbind panics if verify_idpool() fails (bug #8253).
 
 
@@ -45,7 +86,6 @@ o   Volker Lendecke 
 
 o   Stefan Metzmacher 
 * BUG 7841: Make WINBINDD_LOOKUPRIDS ask the right domain.
-* BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open.
 * BUG 8276: Close all sockets attached to a subnet in close_subnet().
 
 
@@ -69,8 +109,8 @@ database (https://bugzilla.samba.org/).
 ==
 
 
-Release notes for older releases follow:
-
+--
+
 
==
Release Notes for Samba 3.5.10
diff --git a/source3/VERSION b/source3/VERSION
index 83bb2ce..a419c0d 100644
--- a/source3/VERSION
+++ b/source3/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=3
 SAMBA_VERSION_MINOR=5
-SAMBA_VERSION_RELEASE=11
+SAMBA_VERSION_RELEASE=12
 
 
 # Bug fix releases use a letter for the patch revision #


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-5-stable updated

[Karolin Seeger]

The branch, v3-5-stable has been updated
   via  3683bdf WHATSNEW: Remove wrong entry.
   via  6f2f4c3 WHATSNEW: Start release notes for 3.5.12.
   via  f5b4554 VERSION: Bump version up to 3.5.12.
  from  439b006 WHATSNEW: Add changes since 3.5.10.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable


- Log -
commit 3683bdfe062468bb201cef4d37e1f18acc886216
Author: Karolin Seeger 
Date:   Thu Aug 4 21:40:47 2011 +0200

WHATSNEW: Remove wrong entry.

This one was added by accident, sorry!

Karolin
(cherry picked from commit f5233d9179d1c8817f2f227f7fc7fad54d78bc73)

commit 6f2f4c36284ef61230d491fa627bc4c55478ec4f
Author: Karolin Seeger 
Date:   Thu Aug 4 21:38:26 2011 +0200

WHATSNEW: Start release notes for 3.5.12.

Karolin
(cherry picked from commit b9c7ca1abbbd5017a2b143e2ae91fa82ff598475)

commit f5b4554e01c1caed1c3c49da456d710c205d98e3
Author: Karolin Seeger 
Date:   Thu Aug 4 21:35:51 2011 +0200

VERSION: Bump version up to 3.5.12.

Karolin
(cherry picked from commit be1ba3365ad5369b4a72c4343e9237d7d69b1992)

---

Summary of changes:
 WHATSNEW.txt|   48 
 source3/VERSION |2 +-
 2 files changed, 45 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 36dfb70..367f0a3 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,46 @@
==
+   Release Notes for Samba 3.5.12
+  , 2011
+   ==
+
+
+This is the latest stable release of Samba 3.5.
+
+Major enhancements in Samba 3.5.12 include:
+
+o  
+
+Changes since 3.5.11:
+
+
+
+o  
+
+
+##
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
+   ==
Release Notes for Samba 3.5.11
   August 4, 2011
==
@@ -10,7 +52,6 @@ Major enhancements in Samba 3.5.11 include:
 
 o  Fix access to Samba shares when Windows security patch KB2536276 is 
installed
(bug #7460).
-o  Fix DoS in Winbind and smbd with many file descriptors open (bug #7949).
 o  Fix Winbind panics if verify_idpool() fails (bug #8253).
 
 
@@ -45,7 +86,6 @@ o   Volker Lendecke 
 
 o   Stefan Metzmacher 
 * BUG 7841: Make WINBINDD_LOOKUPRIDS ask the right domain.
-* BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open.
 * BUG 8276: Close all sockets attached to a subnet in close_subnet().
 
 
@@ -69,8 +109,8 @@ database (https://bugzilla.samba.org/).
 ==
 
 
-Release notes for older releases follow:
-
+--
+
 
==
Release Notes for Samba 3.5.10
diff --git a/source3/VERSION b/source3/VERSION
index 3558afc..faec6d4 100644
--- a/source3/VERSION
+++ b/source3/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=3
 SAMBA_VERSION_MINOR=5
-SAMBA_VERSION_RELEASE=11
+SAMBA_VERSION_RELEASE=12
 
 
 # Bug fix releases use a letter for the patch revision #


-- 
Samba Shared Repository

[SCM] Samba Website Repository - branch master updated

[Karolin Seeger]

The branch, master has been updated
   via  34720bb WHATSNEW: Remove second part of the wrong entry.
  from  2399813 WHATSNEW: Remove wrong entry from the release notes.

http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -
commit 34720bb13de06de8796d6631996defc1870dbea8
Author: Karolin Seeger 
Date:   Thu Aug 4 21:46:56 2011 +0200

WHATSNEW: Remove second part of the wrong entry.

Karolin

---

Summary of changes:
 history/samba-3.5.11.html |1 -
 1 files changed, 0 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/history/samba-3.5.11.html b/history/samba-3.5.11.html
index bea86e8..37b75ca 100755
--- a/history/samba-3.5.11.html
+++ b/history/samba-3.5.11.html
@@ -24,7 +24,6 @@ Major enhancements in Samba 3.5.11 include:
 
 o  Fix access to Samba shares when Windows security patch KB2536276 is 
installed
(bug #7460).
-o  Fix DoS in Winbind and smbd with many file descriptors open (bug #7949).
 o  Fix Winbind panics if verify_idpool() fails (bug #8253).
 
 


-- 
Samba Website Repository

[SCM] CTDB repository - branch 1.0.114 updated - ctdb-1.0.114.3-2-gd40c71a

[Ronnie Sahlberg]

The branch, 1.0.114 has been updated
   via  d40c71a3922ec7223d1d203cb451a2d71b75164d (commit)
  from  0c3f11a949f99d44dbe53831ccba8784b328d178 (commit)

http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.0.114


- Log -
commit d40c71a3922ec7223d1d203cb451a2d71b75164d
Author: David Disseldorp 
Date:   Sun Jul 31 03:14:54 2011 +0200

io: Make queue_io_read() safe for reentry

queue_io_read() may be reentered via the queue callback, recoverd is
particularly guilty of this.

queue_io_read() is not safe for reentry if more than one packet is
received and partial chunks follow - data read off the pipe on re-entry
is assumed to be the start-of-packet four byte length. This leads to a
wrongly aligned stream and the notorious "Invalid packet of length 0"
errors.

This change fixes queue_io_read() to be safe under reentry, only a
single packet is processed per call.

https://bugzilla.samba.org/show_bug.cgi?id=8319

---

Summary of changes:
 common/ctdb_io.c |  130 ++
 1 files changed, 62 insertions(+), 68 deletions(-)


Changeset truncated at 500 lines:

diff --git a/common/ctdb_io.c b/common/ctdb_io.c
index b7feed9..9d7ce08 100644
--- a/common/ctdb_io.c
+++ b/common/ctdb_io.c
@@ -64,12 +64,17 @@ int ctdb_queue_length(struct ctdb_queue *queue)
 
 /*
   called when an incoming connection is readable
+  This function MUST be safe for reentry via the queue callback!
 */
 static void queue_io_read(struct ctdb_queue *queue)
 {
int num_ready = 0;
+   uint32_t sz_bytes_req;
+   uint32_t pkt_size;
+   uint32_t pkt_bytes_remaining;
+   uint32_t to_read;
ssize_t nread;
-   uint8_t *data, *data_base;
+   uint8_t *data;
 
if (ioctl(queue->fd, FIONREAD, &num_ready) != 0) {
return;
@@ -79,88 +84,77 @@ static void queue_io_read(struct ctdb_queue *queue)
goto failed;
}
 
-
-   queue->partial.data = talloc_realloc_size(queue, queue->partial.data, 
- num_ready + 
queue->partial.length);
-
if (queue->partial.data == NULL) {
-   DEBUG(DEBUG_ERR,("read error alloc failed for %u\n", 
-num_ready + queue->partial.length));
-   goto failed;
-   }
-
-   nread = read(queue->fd, queue->partial.data + queue->partial.length, 
num_ready);
-   if (nread <= 0) {
-   DEBUG(DEBUG_ERR,("read error nread=%d\n", (int)nread));
-   goto failed;
+   /* starting fresh, allocate buf for size bytes */
+   sz_bytes_req = sizeof(pkt_size);
+   queue->partial.data = talloc_size(queue, sz_bytes_req);
+   if (queue->partial.data == NULL) {
+   DEBUG(DEBUG_ERR,("read error alloc failed for %u\n",
+sz_bytes_req));
+   goto failed;
+   }
+   } else if (queue->partial.length < sizeof(pkt_size)) {
+   /* yet to find out the packet length */
+   sz_bytes_req = sizeof(pkt_size) - queue->partial.length;
+   } else {
+   /* partial packet, length known, full buf allocated */
+   sz_bytes_req = 0;
}
-
-
data = queue->partial.data;
-   nread += queue->partial.length;
-
-   queue->partial.data = NULL;
-   queue->partial.length = 0;
-
-   if (nread >= 4 && *(uint32_t *)data == nread) {
-   /* it is the responsibility of the incoming packet
-function to free 'data' */
-   queue->callback(data, nread, queue->private_data);
-   return;
-   }
-
-   data_base = data;
-
-   while (nread >= 4 && *(uint32_t *)data <= nread) {
-   /* we have at least one packet */
-   uint8_t *d2;
-   uint32_t len;
-   bool destroyed = false;
 
-   len = *(uint32_t *)data;
-   if (len == 0) {
-   /* bad packet! treat as EOF */
-   DEBUG(DEBUG_CRIT,("Invalid packet of length 0\n"));
-   goto failed;
-   }
-   d2 = talloc_memdup(queue, data, len);
-   if (d2 == NULL) {
-   DEBUG(DEBUG_ERR,("read error memdup failed for %u\n", 
len));
-   /* sigh */
+   if (sz_bytes_req > 0) {
+   to_read = MIN(sz_bytes_req, num_ready);
+   nread = read(queue->fd, data + queue->partial.length,
+to_read);
+   if (nread <= 0) {
+   DEBUG(DEBUG_ERR,("read error nread=%d\n", (int)nread));
goto failed;
}
+   queue->partial.

[SCM] CTDB repository - branch 1.2 updated - ctdb-1.9.1-458-g8ec198b

[Ronnie Sahlberg]

The branch, 1.2 has been updated
   via  8ec198b2fd2d33420714a154af99417c31cb6a9c (commit)
   via  b335a9c97c890641971e0ca667966a9e3d13d831 (commit)
  from  c05dafca4f9885fdd7e00ab2845c85367d3d069d (commit)

http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.2


- Log -
commit 8ec198b2fd2d33420714a154af99417c31cb6a9c
Author: David Disseldorp 
Date:   Sun Jul 31 03:14:54 2011 +0200

io: Make queue_io_read() safe for reentry

queue_io_read() may be reentered via the queue callback, recoverd is
particularly guilty of this.

queue_io_read() is not safe for reentry if more than one packet is
received and partial chunks follow - data read off the pipe on re-entry
is assumed to be the start-of-packet four byte length. This leads to a
wrongly aligned stream and the notorious "Invalid packet of length 0"
errors.

This change fixes queue_io_read() to be safe under reentry, only a
single packet is processed per call.

https://bugzilla.samba.org/show_bug.cgi?id=8319

commit b335a9c97c890641971e0ca667966a9e3d13d831
Author: Ronnie Sahlberg 
Date:   Fri Aug 5 10:03:34 2011 +1000

Remove a log message about setting linkstate for an unknown interface.
sometimes we do want to try to set the linkstate for interfaces that are 
not in use by public addresses right now (but posisbly by other mechanisms) and 
these messages just spam the logs

S1026357

---

Summary of changes:
 common/ctdb_io.c   |  137 ++--
 server/ctdb_takeover.c |2 -
 2 files changed, 63 insertions(+), 76 deletions(-)


Changeset truncated at 500 lines:

diff --git a/common/ctdb_io.c b/common/ctdb_io.c
index 81f9451..0f44b87 100644
--- a/common/ctdb_io.c
+++ b/common/ctdb_io.c
@@ -81,12 +81,17 @@ static void dump_packet(unsigned char *data, size_t len)
 
 /*
   called when an incoming connection is readable
+  This function MUST be safe for reentry via the queue callback!
 */
 static void queue_io_read(struct ctdb_queue *queue)
 {
int num_ready = 0;
-   ssize_t nread, totread, partlen;
-   uint8_t *data, *data_base;
+   uint32_t sz_bytes_req;
+   uint32_t pkt_size;
+   uint32_t pkt_bytes_remaining;
+   uint32_t to_read;
+   ssize_t nread;
+   uint8_t *data;
 
if (ioctl(queue->fd, FIONREAD, &num_ready) != 0) {
return;
@@ -96,93 +101,77 @@ static void queue_io_read(struct ctdb_queue *queue)
goto failed;
}
 
-
-   queue->partial.data = talloc_realloc_size(queue, queue->partial.data, 
- num_ready + 
queue->partial.length);
-
if (queue->partial.data == NULL) {
-   DEBUG(DEBUG_ERR,("%s: read error alloc failed for %u\n",
-   queue->name, num_ready + queue->partial.length));
-   goto failed;
-   }
-
-   nread = read(queue->fd, queue->partial.data + queue->partial.length, 
num_ready);
-   if (nread <= 0) {
-   DEBUG(DEBUG_ERR,("%s: read error nread=%d\n",
-queue->name, (int)nread));
-   goto failed;
+   /* starting fresh, allocate buf for size bytes */
+   sz_bytes_req = sizeof(pkt_size);
+   queue->partial.data = talloc_size(queue, sz_bytes_req);
+   if (queue->partial.data == NULL) {
+   DEBUG(DEBUG_ERR,("read error alloc failed for %u\n",
+sz_bytes_req));
+   goto failed;
+   }
+   } else if (queue->partial.length < sizeof(pkt_size)) {
+   /* yet to find out the packet length */
+   sz_bytes_req = sizeof(pkt_size) - queue->partial.length;
+   } else {
+   /* partial packet, length known, full buf allocated */
+   sz_bytes_req = 0;
}
-   totread = nread;
-   partlen = queue->partial.length;
-
data = queue->partial.data;
-   nread += queue->partial.length;
-
-   queue->partial.data = NULL;
-   queue->partial.length = 0;
-
-   if (nread >= 4 && *(uint32_t *)data == nread) {
-   /* it is the responsibility of the incoming packet
-function to free 'data' */
-   queue->callback(data, nread, queue->private_data);
-   return;
-   }
 
-   data_base = data;
-
-   while (nread >= 4 && *(uint32_t *)data <= nread) {
-   /* we have at least one packet */
-   uint8_t *d2;
-   uint32_t len;
-   bool destroyed = false;
-
-   len = *(uint32_t *)data;
-   if (len == 0) {
-   /* bad packet! treat as EOF */
-   DEBUG(DEBUG_CRIT,("%s: Invalid packet of length

[SCM] CTDB repository - branch master updated - ctdb-1.10-274-g9ea41d2

[Ronnie Sahlberg]

The branch, master has been updated
   via  9ea41d2fab612772f861270c8a59c01c43bd3a4c (commit)
   via  f2fe0a090a9650910ebe49514b3ca01dc593bea3 (commit)
  from  c5f6e44b92210519d4bfc24611cae3f9978cc2e5 (commit)

http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master


- Log -
commit 9ea41d2fab612772f861270c8a59c01c43bd3a4c
Author: David Disseldorp 
Date:   Sun Jul 31 03:14:54 2011 +0200

io: Make queue_io_read() safe for reentry

queue_io_read() may be reentered via the queue callback, recoverd is
particularly guilty of this.

queue_io_read() is not safe for reentry if more than one packet is
received and partial chunks follow - data read off the pipe on re-entry
is assumed to be the start-of-packet four byte length. This leads to a
wrongly aligned stream and the notorious "Invalid packet of length 0"
errors.

This change fixes queue_io_read() to be safe under reentry, only a
single packet is processed per call.

https://bugzilla.samba.org/show_bug.cgi?id=8319

commit f2fe0a090a9650910ebe49514b3ca01dc593bea3
Author: Ronnie Sahlberg 
Date:   Fri Aug 5 10:03:34 2011 +1000

Remove a log message about setting linkstate for an unknown interface.
sometimes we do want to try to set the linkstate for interfaces that are 
not in use by public addresses right now (but posisbly by other mechanisms) and 
these messages just spam the logs

S1026357

---

Summary of changes:
 common/ctdb_io.c   |  137 ++--
 server/ctdb_takeover.c |2 -
 2 files changed, 63 insertions(+), 76 deletions(-)


Changeset truncated at 500 lines:

diff --git a/common/ctdb_io.c b/common/ctdb_io.c
index 81f9451..0f44b87 100644
--- a/common/ctdb_io.c
+++ b/common/ctdb_io.c
@@ -81,12 +81,17 @@ static void dump_packet(unsigned char *data, size_t len)
 
 /*
   called when an incoming connection is readable
+  This function MUST be safe for reentry via the queue callback!
 */
 static void queue_io_read(struct ctdb_queue *queue)
 {
int num_ready = 0;
-   ssize_t nread, totread, partlen;
-   uint8_t *data, *data_base;
+   uint32_t sz_bytes_req;
+   uint32_t pkt_size;
+   uint32_t pkt_bytes_remaining;
+   uint32_t to_read;
+   ssize_t nread;
+   uint8_t *data;
 
if (ioctl(queue->fd, FIONREAD, &num_ready) != 0) {
return;
@@ -96,93 +101,77 @@ static void queue_io_read(struct ctdb_queue *queue)
goto failed;
}
 
-
-   queue->partial.data = talloc_realloc_size(queue, queue->partial.data, 
- num_ready + 
queue->partial.length);
-
if (queue->partial.data == NULL) {
-   DEBUG(DEBUG_ERR,("%s: read error alloc failed for %u\n",
-   queue->name, num_ready + queue->partial.length));
-   goto failed;
-   }
-
-   nread = read(queue->fd, queue->partial.data + queue->partial.length, 
num_ready);
-   if (nread <= 0) {
-   DEBUG(DEBUG_ERR,("%s: read error nread=%d\n",
-queue->name, (int)nread));
-   goto failed;
+   /* starting fresh, allocate buf for size bytes */
+   sz_bytes_req = sizeof(pkt_size);
+   queue->partial.data = talloc_size(queue, sz_bytes_req);
+   if (queue->partial.data == NULL) {
+   DEBUG(DEBUG_ERR,("read error alloc failed for %u\n",
+sz_bytes_req));
+   goto failed;
+   }
+   } else if (queue->partial.length < sizeof(pkt_size)) {
+   /* yet to find out the packet length */
+   sz_bytes_req = sizeof(pkt_size) - queue->partial.length;
+   } else {
+   /* partial packet, length known, full buf allocated */
+   sz_bytes_req = 0;
}
-   totread = nread;
-   partlen = queue->partial.length;
-
data = queue->partial.data;
-   nread += queue->partial.length;
-
-   queue->partial.data = NULL;
-   queue->partial.length = 0;
-
-   if (nread >= 4 && *(uint32_t *)data == nread) {
-   /* it is the responsibility of the incoming packet
-function to free 'data' */
-   queue->callback(data, nread, queue->private_data);
-   return;
-   }
 
-   data_base = data;
-
-   while (nread >= 4 && *(uint32_t *)data <= nread) {
-   /* we have at least one packet */
-   uint8_t *d2;
-   uint32_t len;
-   bool destroyed = false;
-
-   len = *(uint32_t *)data;
-   if (len == 0) {
-   /* bad packet! treat as EOF */
-   DEBUG(DEBUG_CRIT,("%s: Invalid packet of