[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 3a17115 Add Samba 4.11.7 to the list. via 710bb0c NEWS[4.11.7]: Samba 4.11.7 Available for Download from 7045c7c Remove OpenIQ support listing https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 3a171156387f2c1604aec470d949c39a2fd385cf Author: Karolin Seeger Date: Tue Mar 10 11:05:02 2020 +0100 Add Samba 4.11.7 to the list. Signed-off-by: Karolin Seeger commit 710bb0c9bd44efccdf975485c49c209095a6e9e2 Author: Karolin Seeger Date: Tue Mar 10 11:03:48 2020 +0100 NEWS[4.11.7]: Samba 4.11.7 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.11.7.html| 63 posted_news/20200310-100444.4.11.7.body.html | 13 + posted_news/20200310-100444.4.11.7.headline.html | 3 ++ 4 files changed, 80 insertions(+) create mode 100644 history/samba-4.11.7.html create mode 100644 posted_news/20200310-100444.4.11.7.body.html create mode 100644 posted_news/20200310-100444.4.11.7.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index fec8857..d0bd3d0 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -10,6 +10,7 @@ samba-4.12.0 + samba-4.11.7 samba-4.11.6 samba-4.11.5 samba-4.11.4 diff --git a/history/samba-4.11.7.html b/history/samba-4.11.7.html new file mode 100644 index 000..6ba9dd0 --- /dev/null +++ b/history/samba-4.11.7.html @@ -0,0 +1,63 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.11.7 - Release Notes + + +Samba 4.11.7 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.11.7.tar.gz;>Samba 4.11.7 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.11.7.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.11.6-4.11.7.diffs.gz;>Patch (gzipped) against Samba 4.11.6 +https://download.samba.org/pub/samba/patches/samba-4.11.6-4.11.7.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.11.7 + March 10, 2020 + == + + +This is the latest stable release of the Samba 4.11 release series. + + +Changes since 4.11.6: +- + +o Jeremy Allison j...@samba.org + * BUG 14239: s3: lib: nmblib. Clean up and harden nmb packet processing. + * BUG 14283: s3: VFS: full_audit. Use system session_info if called from a + temporary share definition. + +o Andrew Bartlett abart...@samba.org + * BUG 14258: dsdb: Correctly handle memory in objectclass_attrs. + * BUG 14270: ldb: version 2.0.9, Samba 4.11 and later give incorrect results + for SCOPE_ONE searches. + +o Volker Lendecke v...@samba.org + * BUG 14247: auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences. + * BUG 14285: smbd: Handle EINTR from open(2) properly. + +o Stefan Metzmacher me...@samba.org + * BUG 14247: winbind member (source3) fails local SAM auth with empty domain + name. + * BUG 14265: winbindd: Handling missing idmap in getgrgid(). + +o Andreas Schneider a...@samba.org + * BUG 14253: lib:util: Log mkdir error on correct debug levels. + * BUG 14266: wafsamba: Do not use rU as the U is deprecated in + Python 3.9. + +o Martin Schwenke mar...@meltin.net + * BUG 14274: ctdb-tcp: Make error handling for outbound connection + consistent. + + + + + + diff --git a/posted_news/20200310-100444.4.11.7.body.html b/posted_news/20200310-100444.4.11.7.body.html new file mode 100644 index 000..c4adb8c --- /dev/null +++ b/posted_news/20200310-100444.4.11.7.body.html @@ -0,0 +1,13 @@ + +10 March 2020 +Samba 4.11.7 Available for Download + +This is the latest stable release of the Samba 4.11 release series. + + +The uncompressed tarball has been signed using GnuPG (ID 6F33915B6568B7EA). +The source code can be https://download.samba.org/pub/samba/stable/samba-4.11.7.tar.gz;>downloaded now. +A https://download.samba.org/pub/samba/patches/samba-4.11.6-4.11.7.diffs.gz;>patch against Samba 4.11.6 is also available. +See https://www.samba.org/samba/history/samba-4.11.7.html;>the release notes for more info. + + diff --git a/posted_news/20200310-100444.4.11.7.headline.html b/posted_news/20200310-100444.4.11.7.headline.html new file mode 100644 index 000..5cd5267 --- /dev/null +++ b/posted_news/20200310-100444.4.11.7.headline.html @@ -0,0 +1,3 @@ + + 10 March
[SCM] Samba Shared Repository - branch v4-11-stable updated
The branch, v4-11-stable has been updated via 664f5488733 VERSION: Disable GIT_SNAPSHOT for the 4.11.7 release. via 9e3a577b275 WHATSNEW: Add release notes for Samba 4.11.7. via 2a9db8e77b4 selftest: Test behaviour of DNS scavenge with an existing dNSTombstoned value via c130ca2bcc3 dsdb: Correctly handle memory in objectclass_attrs via 8cb7818a405 ldb: version 2.0.9 via 17c43b99622 ldb: Add tests aimed at the SCOPE_ONELEVEL bug in particular via b81fd260ebb ldb: Fix search with scope ONE and small result sets via 811d8057973 ldb: Ensure @IDXONE modes is tested in ldb.python (apy.py) tests via e7ed0a80885 ldb: Add tests aimed at the SCOPE_ONELEVEL particular via 880c2d747aa ldb: Add tests for one-level indexes in conjunction with other indexes via a95a8c7eaa4 smbd: Separate aio_pthread indicator from normal EINTR via a33656c9df2 lib: Map EINPROGRESS->NT_STATUS_MORE_PROCESSING_REQUIRED via 64b2eda07fc test: Show that smbd does not handle EINTR from open() correctly via 0232cc46a35 test: Intercept open in vfs_error_inject via ea1e73c2281 wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9 via 370278fca39 s3: VFS: full_audit. Use system session_info if called from a temporary share definition. via 4ee5642bea3 auth: Fix CID 1458418 Null pointer dereferences (REVERSE_INULL) via 40b7c3c99ae auth: Fix CID 1458420 Null pointer dereferences (REVERSE_INULL) via 972d4418ae0 ctdb-tcp: Make error handling for outbound connection consistent via 70a36a668ca winbindd: handling missing idmap in getgrgid() via f778dc20b5a s3:auth_sam: map an empty domain or '.' to the local SAM name via c880f3539a1 s3:selftest: test authentication with an empty userdomain and upn names via 58d1613609c s3:auth_sam: introduce effective_domain helper variables via f8e11e6ca9a s3:auth_sam: make sure we never handle empty usernames via 5f8e3650f06 s3:auth_sam: unify the debug messages of all auth_sam*_auth() functions via 2db313bdb57 s3:auth_sam: replace confusing FALL_THROUGH; with break; via 5f57256cf52 script/release.sh: Don't use quotations any longer. via 0fbf07f0508 s4:torture: Skip the deltest20 as user root via 394e414b2dc lib:util: Log mkdir error on correct debug levels via 9349e689a86 s3: lib: nmblib. Clean up and harden nmb packet processing. via 040e0051e2b VERSION: Bump version up to 4.11.7... via f5fa58a4177 VERSION: Disable GIT_SNAPSHOT for the 4.11.6 release. via 9ec0da774e3 WHATSNEW: Add release notes for Samba 4.11.6. via 79e7d1328ea smbd: Fix the build with clang via bbacbd5f3f2 script/release.sh: make it possible to run from a git worktree via c5f61b9dd0a VERSION: Bump version up to 4.11.6. via 5f735302220 Merge tag 'samba-4.11.5' into v4-11-test via c5dee3fcee6 libsmbclient: If over SMB1 first try to do a posix stat on the file. via e82e78b8747 s3:libsmb: Add a setup_stat_from_stat_ex() function via 8936e2d0274 s3:libsmb: Return a 'struct stat' buffer for SMBC_getatr() via 2db3606327f s3:libsmb: Add try_posixinfo to SMBSRV struct. Only enable for SMB1 with UNIX for now. via fa22e5b6133 s3:libsmb: Generate the inode only based on the path component via 260d66aa0aa s3: libsmb: Move setting all struct stat fields into setup_stat(). via 4eb710e3298 s3: libsmb: Move setting st->st_ino into setup_stat. via 463a2df2de7 s3: libsmb: Change generate_inode()/setup_stat() to modern coding standards. via ee215ff101d ctdb-tests: Skip some tests that don't work with IPv6 via 103d94566f1 ctdb-scripts: Strip square brackets when gathering connection info via 890513b5b3c librpc: Fix string length checking in ndr_pull_charset_to_null() via 1d28d27070a source4/utils/oLschema2ldif: include stdint.h before cmocka.h via 3889444e008 lib/ldb/tests: include stdint.h before cmocka.h via 67e429d86ae vfs_ceph_snapshots: fix root relative path handling via 54a028bd32b upgradedns: ensure lmdb lock files linked via 75d088aede5 test upgradedns: ensure lmdb lock files linked via 276a07d8eff docs-xml/winbindnssinfo: clarify interaction with idmap_ad etc. via 3659b26bcb4 s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir via db5c0d6c05b Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero. via a7505aabbe9 pygpo: use correct method flags via 5a75d981409 VERSION: Bump version up to 4.11.5... from 01a4dd8ea2b VERSION: Disable GIT_SNAPSHOT for the 4.11.5 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-stable - Log -
[SCM] Samba Shared Repository - annotated tag samba-4.11.7 created
The annotated tag, samba-4.11.7 has been created at 70544f005ae4dce514a0c636aee7f35f19a4de72 (tag) tagging 664f548873302a0ed34cd29be7c84dcabbb6ed8c (commit) replaces samba-4.11.6 tagged by Karolin Seeger on Tue Mar 10 11:03:34 2020 +0100 - Log - samba: tag release samba-4.11.7 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXmdl9gAKCRBvM5FbZWi3 6tPSAJ9HAcqrQKehLNczqJx7I0Ahns1dawCgsk9Mdt0Vob0m+pkOSBeRUU5U4tI= =F3D6 -END PGP SIGNATURE- Andreas Schneider (3): lib:util: Log mkdir error on correct debug levels s4:torture: Skip the deltest20 as user root wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9 Andrew Bartlett (8): ldb: Add tests for one-level indexes in conjunction with other indexes ldb: Add tests aimed at the SCOPE_ONELEVEL particular ldb: Ensure @IDXONE modes is tested in ldb.python (apy.py) tests ldb: Fix search with scope ONE and small result sets ldb: Add tests aimed at the SCOPE_ONELEVEL bug in particular ldb: version 2.0.9 dsdb: Correctly handle memory in objectclass_attrs selftest: Test behaviour of DNS scavenge with an existing dNSTombstoned value Jeremy Allison (2): s3: lib: nmblib. Clean up and harden nmb packet processing. s3: VFS: full_audit. Use system session_info if called from a temporary share definition. Karolin Seeger (4): VERSION: Bump version up to 4.11.7... script/release.sh: Don't use quotations any longer. WHATSNEW: Add release notes for Samba 4.11.7. VERSION: Disable GIT_SNAPSHOT for the 4.11.7 release. Martin Schwenke (1): ctdb-tcp: Make error handling for outbound connection consistent Stefan Metzmacher (7): s3:auth_sam: replace confusing FALL_THROUGH; with break; s3:auth_sam: unify the debug messages of all auth_sam*_auth() functions s3:auth_sam: make sure we never handle empty usernames s3:auth_sam: introduce effective_domain helper variables s3:selftest: test authentication with an empty userdomain and upn names s3:auth_sam: map an empty domain or '.' to the local SAM name winbindd: handling missing idmap in getgrgid() Volker Lendecke (6): auth: Fix CID 1458420 Null pointer dereferences (REVERSE_INULL) auth: Fix CID 1458418 Null pointer dereferences (REVERSE_INULL) test: Intercept open in vfs_error_inject test: Show that smbd does not handle EINTR from open() correctly lib: Map EINPROGRESS->NT_STATUS_MORE_PROCESSING_REQUIRED smbd: Separate aio_pthread indicator from normal EINTR --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via 46e19f9f402 VERSION: Bump version up to 4.11.7... via 664f5488733 VERSION: Disable GIT_SNAPSHOT for the 4.11.7 release. via 9e3a577b275 WHATSNEW: Add release notes for Samba 4.11.7. from 2a9db8e77b4 selftest: Test behaviour of DNS scavenge with an existing dNSTombstoned value https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit 46e19f9f40258855d84e747bcb02019262e72057 Author: Karolin Seeger Date: Tue Mar 10 10:55:01 2020 +0100 VERSION: Bump version up to 4.11.7... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 664f548873302a0ed34cd29be7c84dcabbb6ed8c Author: Karolin Seeger Date: Tue Mar 10 10:54:25 2020 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.11.7 release. Signed-off-by: Karolin Seeger commit 9e3a577b27508fa97491d5cf7d26cb926607f73e Author: Karolin Seeger Date: Tue Mar 10 10:53:56 2020 +0100 WHATSNEW: Add release notes for Samba 4.11.7. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 68 ++-- 2 files changed, 67 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 2ec627c3196..a1204edbed7 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=11 -SAMBA_VERSION_RELEASE=7 +SAMBA_VERSION_RELEASE=8 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 6f635618bb2..89e730b605e 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,67 @@ + == + Release Notes for Samba 4.11.7 + March 10, 2020 + == + + +This is the latest stable release of the Samba 4.11 release series. + + +Changes since 4.11.6: +- + +o Jeremy Allison + * BUG 14239: s3: lib: nmblib. Clean up and harden nmb packet processing. + * BUG 14283: s3: VFS: full_audit. Use system session_info if called from a + temporary share definition. + +o Andrew Bartlett + * BUG 14258: dsdb: Correctly handle memory in objectclass_attrs. + * BUG 14270: ldb: version 2.0.9, Samba 4.11 and later give incorrect results + for SCOPE_ONE searches. + +o Volker Lendecke + * BUG 14247: auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences. + * BUG 14285: smbd: Handle EINTR from open(2) properly. + +o Stefan Metzmacher + * BUG 14247: winbind member (source3) fails local SAM auth with empty domain + name. + * BUG 14265: winbindd: Handling missing idmap in getgrgid(). + +o Andreas Schneider + * BUG 14253: lib:util: Log mkdir error on correct debug levels. + * BUG 14266: wafsamba: Do not use 'rU' as the 'U' is deprecated in + Python 3.9. + +o Martin Schwenke + * BUG 14274: ctdb-tcp: Make error handling for outbound connection + consistent. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + == Release Notes for Samba 4.11.6 January 28, 2020 @@ -67,8 +131,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + == Release Notes for Samba 4.11.5 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 43b343786e3 selftest: Export DC conf path for special cases via 1905ed84f8a selftest: Test behaviour of DNS scavenge with an existing dNSTombstoned value via 4bc3641a083 dsdb: Correctly handle memory in objectclass_attrs from 9b805c08442 wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 43b343786e36cc440df993ae78d241f2fbea1ac1 Author: Tim Beale Date: Mon Feb 11 17:15:22 2019 +1300 selftest: Export DC conf path for special cases In a few rare cases, a test needs to assert aspects both client-side and server-side aspects. A typical example would be the audit logging, which is exercising client-side behaviour, but also asserting the server-side logging. Usually this has involved a kludge in tests.py to either use socket-wrapper explicitly, or hardcode in the server smb.conf path. This patch exposes the existing SERVERCONFFILE env variable to the tests. DC_SERVERCONFFILE has been added for 2 DC testenvs, where we need the PDC's smb.conf. The benefit of doing this way is the filepath/testenv-dependency logic is all self-contained with the Perl code, and it doesn't bleed out into tests.py as well. Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett (cherry picked from commit aeadf75c24a4af4143e389e2b27d3a90899fb638) Fixes autobuild with the patches for BUG: https://bugzilla.samba.org/show_bug.cgi?id=14285 Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Wed Mar 4 11:26:37 UTC 2020 on sn-devel-144 commit 1905ed84f8a1c05e08a95c104d3a0200d35bd08c Author: Andrew Bartlett Date: Thu Jan 30 16:44:05 2020 +1300 selftest: Test behaviour of DNS scavenge with an existing dNSTombstoned value BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Thu Feb 6 16:24:25 UTC 2020 on sn-devel-184 (cherry picked from commit c8e3c78d4f2a6f3e122fe458aa6835772290a700) commit 4bc3641a083b2e23d4b291aec033fc5d8f0989ef Author: Andrew Bartlett Date: Thu Jan 30 16:41:39 2020 +1300 dsdb: Correctly handle memory in objectclass_attrs el->values is caller-provided memory that should be thought of as constant, it should not be assumed to be a talloc context. Otherwise, if the caller gives constant memory or a stack pointer we will get an abort() in talloc when it expects a talloc magic in the memory preceeding the el->values. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 3657bbc21182d764ddfcd603025f24ec240fd263) --- Summary of changes: python/samba/tests/dns.py | 39 ++ selftest/selftest.pl | 7 selftest/target/Samba4.pm | 6 source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 17 +- 4 files changed, 68 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py index 6fa97d05504..531f0c47d84 100644 --- a/python/samba/tests/dns.py +++ b/python/samba/tests/dns.py @@ -1504,26 +1504,51 @@ class TestZones(DNSTest): name, txt = 'agingtest', ['test txt'] name2, txt2 = 'agingtest2', ['test txt2'] name3, txt3 = 'agingtest3', ['test txt3'] +name4, txt4 = 'agingtest4', ['test txt4'] +name5, txt5 = 'agingtest5', ['test txt5'] self.dns_update_record(name, txt) self.dns_update_record(name2, txt) self.dns_update_record(name2, txt2) self.dns_update_record(name3, txt) self.dns_update_record(name3, txt2) + +# Create a tomb stoned record. +self.dns_update_record(name4, txt4) +self.dns_tombstone(name4, txt4, self.zone) +records = self.ldap_get_records(name4) +self.assertTrue("dNSTombstoned" in records[0]) +self.assertEqual(records[0]["dNSTombstoned"][0], b"TRUE") + +# Create an un-tombstoned record, with dnsTombstoned: FALSE +self.dns_update_record(name5, txt5) +self.dns_tombstone(name5, txt5, self.zone) +self.dns_update_record(name5, txt5) +records = self.ldap_get_records(name5) +self.assertTrue("dNSTombstoned" in records[0]) +self.assertEqual(records[0]["dNSTombstoned"][0], b"FALSE") + last_add = self.dns_update_record(nam
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via f3b2fc8 Add Samba 4.12.0 to the list. via 5e29b90 NEWS[4.12.0]: Samba 4.12.0 Available for Download from 4791250 NEWS[4.12.0rc4]: Samba 4.12.0rc4 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit f3b2fc83991e52c72adf8aac0e2a6d4de4be7e6b Author: Karolin Seeger Date: Tue Mar 3 11:13:26 2020 +0100 Add Samba 4.12.0 to the list. Signed-off-by: Karolin Seeger commit 5e29b90ecff2968038cbc53838213f24b3e8ccc2 Author: Karolin Seeger Date: Tue Mar 3 11:11:37 2020 +0100 NEWS[4.12.0]: Samba 4.12.0 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.12.0.html| 354 +++ posted_news/20200303-101249.4.12.0.body.html | 12 + posted_news/20200303-101249.4.12.0.headline.html | 3 + 4 files changed, 370 insertions(+) create mode 100644 history/samba-4.12.0.html create mode 100644 posted_news/20200303-101249.4.12.0.body.html create mode 100644 posted_news/20200303-101249.4.12.0.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index c700772..fec8857 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.12.0 samba-4.11.6 samba-4.11.5 samba-4.11.4 diff --git a/history/samba-4.12.0.html b/history/samba-4.12.0.html new file mode 100644 index 000..d14aa5f --- /dev/null +++ b/history/samba-4.12.0.html @@ -0,0 +1,354 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.12.0 - Release Notes + + +Samba 4.12.0 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.12.0.tar.gz;>Samba 4.12.0 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.12.0.tar.asc;>Signature + + + + == + Release Notes for Samba 4.12.0 + March 03, 2019 + == + + +This is the first stable release of the Samba 4.12 release series. +Please read the release notes carefully before upgrading. + + +NEW FEATURES/CHANGES + + +Python 3.5 Required +--- + +Sambas minimum runtime requirement for python was raised to Python +3.4 with samba 4.11. Samba 4.12 raises this minimum version to Python +3.5 both to access new features and because this is the oldest version +we test with in our CI infrastructure. + +(Build time support for the file server with Python 2.6 has not +changed) + +Removing in-tree cryptography: GnuTLS 3.4.7 required + + +Samba is making efforts to remove in-tree cryptographic functionality, +and to instead rely on externally maintained libraries. To this end, +Samba has chosen GnuTLS as our standard cryptographic provider. + +Samba now requires GnuTLS 3.4.7 to be installed (including development +headers at build time) for all configurations, not just the Samba AD +DC. + +Thanks to this work Samba no longer ships an in-tree DES +implementation and on GnuTLS 3.6.5 or later Samba will include no +in-tree cryptography other than the MD4 hash and that +implemented in our copy of Heimdal. + +Using GnuTLS for SMB3 encryption you will notice huge performance and copy +speed improvements. Tests with the CIFS Kernel client from Linux Kernel 5.3 +show a 3x speed improvement for writing and a 2.5x speed improvement for reads! + +NOTE WELL: The use of GnuTLS means that Samba will honour the +system-wide FIPS mode (a reference to the US FIPS-140 cryptographic +standard) and so will not operate in many still common situations if +this system-wide parameter is in effect, as many of our protocols rely +on outdated cryptography. + +A future Samba version will mitigate this to some extent where good +cryptography effectively wraps bad cryptography, but for now that above +applies. + +zlib library is now required to build Samba +--- + +Samba no longer includes a local copy of zlib in our source tarball. +By removing this we do not need to ship (even where we did not +build) the old, broken zip encryption code found there. + +New Spotlight backend for Elasticsearch +--- + +Support for the macOS specific Spotlight search protocol has been enhanced +significantly. Starting with 4.12 Samba supports using Elasticsearch as search +backend. Various new parameters have been added
[SCM] Samba Shared Repository - branch v4-12-stable updated
The branch, v4-12-stable has been updated via 21679048604 VERSION: Disable GIT_SNAPSHOT for the 4.12.0 release... via a1b4c4a0d9d WHATSNEW: Add release notes for Samba 4.12.0. via a99445e298c selftest: Test behaviour of DNS scavenge with an existing dNSTombstoned value via c6b90fbcee0 dsdb: Correctly handle memory in objectclass_attrs via 201489edf9d VERSION: Bump version up to 4.12.0rc5... from e629b9230ea VERSION: Disable GIT_SNAPSHOT for th Samba 4.12.0rc4 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-stable - Log - --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 24 +++-- python/samba/tests/dns.py | 39 ++ source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 17 +- 4 files changed, 69 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 42b5b48af5e..5fcdb65ffb9 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=4 +SAMBA_VERSION_RC_RELEASE= # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b58cba6aebf..82525ebff0a 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,16 +1,11 @@ -Release Announcements -= + == + Release Notes for Samba 4.12.0 + March 03, 2019 + == -This is the fourth release candidate of Samba 4.12. This is *not* -intended for production environments and is designed for testing -purposes only. Please report any defects via the Samba bug reporting -system at https://bugzilla.samba.org/. -Samba 4.12 will be the next version of the Samba suite. - - -UPGRADING -= +This is the first stable release of the Samba 4.12 release series. +Please read the release notes carefully before upgrading. NEW FEATURES/CHANGES @@ -270,6 +265,13 @@ smb.conf changes spotlight backend Newnoindex +CHANGES SINCE 4.12.0rc4 +=== + +o Andrew Bartlett + * BUG 14258: dsdb: Correctly handle memory in objectclass_attrs. + + CHANGES SINCE 4.12.0rc3 === diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py index 1dd1f549a33..bc05076c615 100644 --- a/python/samba/tests/dns.py +++ b/python/samba/tests/dns.py @@ -1523,26 +1523,51 @@ class TestZones(DNSTest): name, txt = 'agingtest', ['test txt'] name2, txt2 = 'agingtest2', ['test txt2'] name3, txt3 = 'agingtest3', ['test txt3'] +name4, txt4 = 'agingtest4', ['test txt4'] +name5, txt5 = 'agingtest5', ['test txt5'] self.dns_update_record(name, txt) self.dns_update_record(name2, txt) self.dns_update_record(name2, txt2) self.dns_update_record(name3, txt) self.dns_update_record(name3, txt2) + +# Create a tomb stoned record. +self.dns_update_record(name4, txt4) +self.dns_tombstone(name4, txt4, self.zone) +records = self.ldap_get_records(name4) +self.assertTrue("dNSTombstoned" in records[0]) +self.assertEqual(records[0]["dNSTombstoned"][0], b"TRUE") + +# Create an un-tombstoned record, with dnsTombstoned: FALSE +self.dns_update_record(name5, txt5) +self.dns_tombstone(name5, txt5, self.zone) +self.dns_update_record(name5, txt5) +records = self.ldap_get_records(name5) +self.assertTrue("dNSTombstoned" in records[0]) +self.assertEqual(records[0]["dNSTombstoned"][0], b"FALSE") + last_add = self.dns_update_record(name3, txt3) def mod_ts(rec): self.assertTrue(rec.dwTimeStamp > 0) if rec.data.str == txt: rec.dwTimeStamp -= interval * 5 + +def mod_ts_all(rec): +rec.dwTimeStamp -= interval * 5 self.ldap_modify_dnsrecs(name, mod_ts) self.ldap_modify_dnsrecs(name2, mod_ts) self.ldap_modify_dnsrecs(name3, mod_ts) +self.ldap_modify_dnsrecs(name5, mod_ts_all) self.assertTrue(callable(getattr(dsdb, '_scavenge_dns_records', None))) dsdb._scavenge_dns_records(self.samdb) recs = self.ldap_get_dns_records(name) self.assertEqual(len(recs), 1) self.assertEqual(recs[0].wType, dnsp.DNS_TYPE_TOMBSTONE) +records = self.ldap_get_records(name) +
[SCM] Samba Shared Repository - annotated tag samba-4.12.0 created
The annotated tag, samba-4.12.0 has been created at f59f3b58283a06703cbe0376a06db5c0d7ea22e2 (tag) tagging 21679048604ab7d74f70cc378e1dcaebbaa9d561 (commit) replaces samba-4.12.0rc4 tagged by Karolin Seeger on Tue Mar 3 11:11:25 2020 +0100 - Log - samba: tag release samba-4.12.0 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXl4tTQAKCRBvM5FbZWi3 6vMeAJ9ep10hSUUhi2leVdCOGzguzx3c7ACfaURc5LKxqMbA1o/8PAUfanfAUIs= =3gWU -END PGP SIGNATURE- Andrew Bartlett (2): dsdb: Correctly handle memory in objectclass_attrs selftest: Test behaviour of DNS scavenge with an existing dNSTombstoned value Karolin Seeger (3): VERSION: Bump version up to 4.12.0rc5... WHATSNEW: Add release notes for Samba 4.12.0. VERSION: Disable GIT_SNAPSHOT for the 4.12.0 release... --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-12-test updated
The branch, v4-12-test has been updated via fdc2f7d218a VERSION: Bump version up to 4.12.1... via 21679048604 VERSION: Disable GIT_SNAPSHOT for the 4.12.0 release... via a1b4c4a0d9d WHATSNEW: Add release notes for Samba 4.12.0. from a99445e298c selftest: Test behaviour of DNS scavenge with an existing dNSTombstoned value https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test - Log - commit fdc2f7d218aeb6fe33bc064b34b2228f949280e0 Author: Karolin Seeger Date: Tue Mar 3 10:58:57 2020 +0100 VERSION: Bump version up to 4.12.1... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 21679048604ab7d74f70cc378e1dcaebbaa9d561 Author: Karolin Seeger Date: Tue Mar 3 10:47:25 2020 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.12.0 release... and bump version up to 4.12.0. Signed-off-by: Karolin Seeger commit a1b4c4a0d9d927d6568b158ce5eba58f36990be2 Author: Karolin Seeger Date: Tue Mar 3 10:45:39 2020 +0100 WHATSNEW: Add release notes for Samba 4.12.0. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 4 ++-- WHATSNEW.txt | 24 +--- 2 files changed, 15 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 08f47fd9b60..c3706df8449 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=12 -SAMBA_VERSION_RELEASE=0 +SAMBA_VERSION_RELEASE=1 # If a official release has a serious bug # @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=5 +SAMBA_VERSION_RC_RELEASE= # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b58cba6aebf..82525ebff0a 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,16 +1,11 @@ -Release Announcements -= + == + Release Notes for Samba 4.12.0 + March 03, 2019 + == -This is the fourth release candidate of Samba 4.12. This is *not* -intended for production environments and is designed for testing -purposes only. Please report any defects via the Samba bug reporting -system at https://bugzilla.samba.org/. -Samba 4.12 will be the next version of the Samba suite. - - -UPGRADING -= +This is the first stable release of the Samba 4.12 release series. +Please read the release notes carefully before upgrading. NEW FEATURES/CHANGES @@ -270,6 +265,13 @@ smb.conf changes spotlight backend Newnoindex +CHANGES SINCE 4.12.0rc4 +=== + +o Andrew Bartlett + * BUG 14258: dsdb: Correctly handle memory in objectclass_attrs. + + CHANGES SINCE 4.12.0rc3 === -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-12-stable updated
The branch, v4-12-stable has been updated via e629b9230ea VERSION: Disable GIT_SNAPSHOT for th Samba 4.12.0rc4 release. via 0f1d595cac3 WHATSNEW: Add release notes for Samba 4.12.0rc4. via 20195a35bbb ldb: version 2.1.1 via f83104fbfc4 ldb: Add tests aimed at the SCOPE_ONELEVEL bug in particular via 81bdcf9ee4e ldb: Fix search with scope ONE and small result sets via c521913e426 ldb: Ensure @IDXONE modes is tested in ldb.python (apy.py) tests via 71c072c385f ldb: Add tests aimed at the SCOPE_ONELEVEL particular via ea4c35f1d42 ldb: Add tests for one-level indexes in conjunction with other indexes via a21688e7d48 smbd: Separate aio_pthread indicator from normal EINTR via 1a47b0fd1d3 lib: Map EINPROGRESS->NT_STATUS_MORE_PROCESSING_REQUIRED via dcdfa4a752e test: Show that smbd does not handle EINTR from open() correctly via 670b83a1e6d test: Intercept open in vfs_error_inject via 9b6e4da57d7 WHATSNEW: Announce new Spotlight backend for Elasticsearch via 828b834706f WHATSNEW: samba-tool improvements via 0b964d99aa4 WHATSNEW: Add zlib and fuzzing notes via 537acf2a185 build: Do not check if system perl modules should be bundled via da44630885e pidl/wscript: configure should insist on Parse::Yapp::Driver via 339566feb72 s3: DFS: Don't allow link deletion on a read-only share. via 5a794f3bf8c s3: DFS: Don't allow link creation on a read-only share. via f72bb650ec3 VERSION: Bump version up to 4.12.0rc4... via 3a807493547 VERSION: Disable GIT_SNAPSHOT for the 4.12.0rc3 release. via 5987adfa00c VERSION: Add release notes for Samba 4.12.0rc3. via 19d74ce5f5b WHATSNEW.txt update explaining SMB_VFS_CREATE_DFS_PATHAT() / SMB_VFS_READ_DFS_PATHAT(). via 6c886973fa0 s3: DFS: Remove is_msdfs_link_internal() - no longer used. via bbbfc6b8acd s3: DFS: Change the last use of is_msdfs_link_internal() -> SMB_VFS_READ_DFS_PATHAT() inside form_junctions(). via 8690880313a s3: DFS: Replace calls to is_msdfs_link_internal() inside dfs_path_lookup() with SMB_VFS_READ_DFS_PATHAT(). via 92722a1b63a s3: DFS: Change dfs_path_lookup() to return struct referral list and count directly. via 007c96ab6e2 s3: DFS: Parse the returned target path in dfs_path_lookup(). via 967e0e15fc9 s3: DFS: Change simple is_msdfs_link() call to use SMB_VFS_READ_DFS_PATHAT(). via ce94b410867 s3: VFS: vfs_time_audit: Add read_dfs_pathat(). via 2633e182133 s3: VFS: vfs_full_audit: Add read_dfs_pathat(). via dfabe8e731e s3: VFS: catia: Add read_dfs_pathat(). via 895c06ccec2 s3: VFS: cap: Add cap_read_dfs_pathat(). via 13c6e747da1 s3: VFS: shadow_copy2: Add shadow_copy2_read_dfs_pathat(). via 5c8f5a48df7 s3: VFS: gluster: Add vfs_gluster_read_dfs_pathat(). via 7bbfc1c3a8c s3: VFS: ceph: Add vfswrap_ceph_read_dfs_pathat(). via 6fae0415d55 s3: VFS: Add SMB_VFS_READ_DFS_PATHAT(). via 6d5220f23cf s3: smbd: dfs: Clean up exits / talloc heirarchy in parse_msdfs_symlink(). via b4285b8d1b1 s3: smbd: dfs: Make parameter names consistent. via c13c6e44918 s3: smbd: dfs: Allow parse_msdfs_symlink() to be called with NULL pointers. via 2f2794a7241 s3: smbd: dfs: Apply some README.Coding to parse_msdfs_symlink(). via 9f87784686d s3: smbd: dfs: Make parse_msdfs_symlink() external. via 3ff14a2e5a3 s3: smbd: dfs: Move lp_msdfs_shuffle_referrals() call out of parse_msdfs_symlink(). via 7f034780869 s3: smbd: dfs: Cleanup, reformat calls to parse_msdfs_symlink() via 1ba9c318ae1 s3: VFS: Implement create_dfs_pathat() in cap via ce3bf591e2f s3: VFS: Implement create_dfs_pathat() in catia. via 59815861b2e WHATSNEW: announce vfs_io_uring via a1486fb2837 s3:modules: add vfs_io_uring module via ac78557df8e bootstrap: replace libaio-dev/libaio-devel with liburing-dev/liburing-devel via 40c84bfcdd2 lib/replace: remove unused check for aio.h via 9463a387831 lib: Fix a shutdown crash with "clustering = yes" via fd63e94a282 lib: Introduce messaging_context->per_process_talloc_ctx via 1b4db22b160 lib: Add a TALLOC_CTX to base register_msg_pool_usage() on via 60deff09d09 lib: Simplify register_msg_pool_usage() via 46ff9e1bca8 auth: Fix CID 1458418 Null pointer dereferences (REVERSE_INULL) via 1e61aa6d46f auth: Fix CID 1458420 Null pointer dereferences (REVERSE_INULL) via 3e222ac6b93 ctdb-tcp: Make error handling for outbound connection consistent via b1fba6c7a06 winbindd: handling missing idmap in getgrgid() via 7163ae8a772 bootstrap: Remove un-used dependency python3-crypto via 9c1b614e11a s3:auth_sam: map an empty domain or '.' to the local SAM name via 2b56b5a05af s3:selftest: test
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via 2a9db8e77b4 selftest: Test behaviour of DNS scavenge with an existing dNSTombstoned value via c130ca2bcc3 dsdb: Correctly handle memory in objectclass_attrs from 8cb7818a405 ldb: version 2.0.9 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit 2a9db8e77b45186e1f090f2425644c75e73d3559 Author: Andrew Bartlett Date: Thu Jan 30 16:44:05 2020 +1300 selftest: Test behaviour of DNS scavenge with an existing dNSTombstoned value BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Thu Feb 6 16:24:25 UTC 2020 on sn-devel-184 (cherry picked from commit c8e3c78d4f2a6f3e122fe458aa6835772290a700) Autobuild-User(v4-11-test): Karolin Seeger Autobuild-Date(v4-11-test): Wed Feb 26 13:53:10 UTC 2020 on sn-devel-184 commit c130ca2bcc3793e47d203b10867644b473d2a64c Author: Andrew Bartlett Date: Thu Jan 30 16:41:39 2020 +1300 dsdb: Correctly handle memory in objectclass_attrs el->values is caller-provided memory that should be thought of as constant, it should not be assumed to be a talloc context. Otherwise, if the caller gives constant memory or a stack pointer we will get an abort() in talloc when it expects a talloc magic in the memory preceeding the el->values. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 3657bbc21182d764ddfcd603025f24ec240fd263) --- Summary of changes: python/samba/tests/dns.py | 39 ++ source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 17 +- 2 files changed, 55 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py index 275d4fcd692..52bd708963b 100644 --- a/python/samba/tests/dns.py +++ b/python/samba/tests/dns.py @@ -1504,26 +1504,51 @@ class TestZones(DNSTest): name, txt = 'agingtest', ['test txt'] name2, txt2 = 'agingtest2', ['test txt2'] name3, txt3 = 'agingtest3', ['test txt3'] +name4, txt4 = 'agingtest4', ['test txt4'] +name5, txt5 = 'agingtest5', ['test txt5'] self.dns_update_record(name, txt) self.dns_update_record(name2, txt) self.dns_update_record(name2, txt2) self.dns_update_record(name3, txt) self.dns_update_record(name3, txt2) + +# Create a tomb stoned record. +self.dns_update_record(name4, txt4) +self.dns_tombstone(name4, txt4, self.zone) +records = self.ldap_get_records(name4) +self.assertTrue("dNSTombstoned" in records[0]) +self.assertEqual(records[0]["dNSTombstoned"][0], b"TRUE") + +# Create an un-tombstoned record, with dnsTombstoned: FALSE +self.dns_update_record(name5, txt5) +self.dns_tombstone(name5, txt5, self.zone) +self.dns_update_record(name5, txt5) +records = self.ldap_get_records(name5) +self.assertTrue("dNSTombstoned" in records[0]) +self.assertEqual(records[0]["dNSTombstoned"][0], b"FALSE") + last_add = self.dns_update_record(name3, txt3) def mod_ts(rec): self.assertTrue(rec.dwTimeStamp > 0) if rec.data.str == txt: rec.dwTimeStamp -= interval * 5 + +def mod_ts_all(rec): +rec.dwTimeStamp -= interval * 5 self.ldap_modify_dnsrecs(name, mod_ts) self.ldap_modify_dnsrecs(name2, mod_ts) self.ldap_modify_dnsrecs(name3, mod_ts) +self.ldap_modify_dnsrecs(name5, mod_ts_all) self.assertTrue(callable(getattr(dsdb, '_scavenge_dns_records', None))) dsdb._scavenge_dns_records(self.samdb) recs = self.ldap_get_dns_records(name) self.assertEqual(len(recs), 1) self.assertEqual(recs[0].wType, dnsp.DNS_TYPE_TOMBSTONE) +records = self.ldap_get_records(name) +self.assertTrue("dNSTombstoned" in records[0]) +self.assertEqual(records[0]["dNSTombstoned"][0], b"TRUE") recs = self.ldap_get_dns_records(name2) self.assertEqual(len(recs), 1) @@ -1537,6 +1562,20 @@ class TestZones(DNSTest): self.assertEqual(recs[0].wType, dnsp.DNS_TYPE_TXT) self.assertEqual(recs[1].wType, dnsp.DNS_TYPE_TXT) +recs = self.ldap_get_dns_records(name4) +self.assertEqual(len(recs), 1) +self.assertEqual(recs[0].wType, dnsp.DNS_TYPE_TOMBSTONE) +records = self.ldap_get_records
[SCM] Samba Shared Repository - branch v4-12-test updated
The branch, v4-12-test has been updated via a99445e298c selftest: Test behaviour of DNS scavenge with an existing dNSTombstoned value via c6b90fbcee0 dsdb: Correctly handle memory in objectclass_attrs from 201489edf9d VERSION: Bump version up to 4.12.0rc5... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test - Log - commit a99445e298ca41d6ca3cea2012e22c2f90aaf903 Author: Andrew Bartlett Date: Thu Jan 30 16:44:05 2020 +1300 selftest: Test behaviour of DNS scavenge with an existing dNSTombstoned value BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Thu Feb 6 16:24:25 UTC 2020 on sn-devel-184 (cherry picked from commit c8e3c78d4f2a6f3e122fe458aa6835772290a700) Autobuild-User(v4-12-test): Karolin Seeger Autobuild-Date(v4-12-test): Wed Feb 26 12:35:59 UTC 2020 on sn-devel-184 commit c6b90fbcee065d5eb0f48b64a3f74db1d291ec83 Author: Andrew Bartlett Date: Thu Jan 30 16:41:39 2020 +1300 dsdb: Correctly handle memory in objectclass_attrs el->values is caller-provided memory that should be thought of as constant, it should not be assumed to be a talloc context. Otherwise, if the caller gives constant memory or a stack pointer we will get an abort() in talloc when it expects a talloc magic in the memory preceeding the el->values. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 3657bbc21182d764ddfcd603025f24ec240fd263) --- Summary of changes: python/samba/tests/dns.py | 39 ++ source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 17 +- 2 files changed, 55 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py index 1dd1f549a33..bc05076c615 100644 --- a/python/samba/tests/dns.py +++ b/python/samba/tests/dns.py @@ -1523,26 +1523,51 @@ class TestZones(DNSTest): name, txt = 'agingtest', ['test txt'] name2, txt2 = 'agingtest2', ['test txt2'] name3, txt3 = 'agingtest3', ['test txt3'] +name4, txt4 = 'agingtest4', ['test txt4'] +name5, txt5 = 'agingtest5', ['test txt5'] self.dns_update_record(name, txt) self.dns_update_record(name2, txt) self.dns_update_record(name2, txt2) self.dns_update_record(name3, txt) self.dns_update_record(name3, txt2) + +# Create a tomb stoned record. +self.dns_update_record(name4, txt4) +self.dns_tombstone(name4, txt4, self.zone) +records = self.ldap_get_records(name4) +self.assertTrue("dNSTombstoned" in records[0]) +self.assertEqual(records[0]["dNSTombstoned"][0], b"TRUE") + +# Create an un-tombstoned record, with dnsTombstoned: FALSE +self.dns_update_record(name5, txt5) +self.dns_tombstone(name5, txt5, self.zone) +self.dns_update_record(name5, txt5) +records = self.ldap_get_records(name5) +self.assertTrue("dNSTombstoned" in records[0]) +self.assertEqual(records[0]["dNSTombstoned"][0], b"FALSE") + last_add = self.dns_update_record(name3, txt3) def mod_ts(rec): self.assertTrue(rec.dwTimeStamp > 0) if rec.data.str == txt: rec.dwTimeStamp -= interval * 5 + +def mod_ts_all(rec): +rec.dwTimeStamp -= interval * 5 self.ldap_modify_dnsrecs(name, mod_ts) self.ldap_modify_dnsrecs(name2, mod_ts) self.ldap_modify_dnsrecs(name3, mod_ts) +self.ldap_modify_dnsrecs(name5, mod_ts_all) self.assertTrue(callable(getattr(dsdb, '_scavenge_dns_records', None))) dsdb._scavenge_dns_records(self.samdb) recs = self.ldap_get_dns_records(name) self.assertEqual(len(recs), 1) self.assertEqual(recs[0].wType, dnsp.DNS_TYPE_TOMBSTONE) +records = self.ldap_get_records(name) +self.assertTrue("dNSTombstoned" in records[0]) +self.assertEqual(records[0]["dNSTombstoned"][0], b"TRUE") recs = self.ldap_get_dns_records(name2) self.assertEqual(len(recs), 1) @@ -1556,6 +1581,20 @@ class TestZones(DNSTest): self.assertEqual(recs[0].wType, dnsp.DNS_TYPE_TXT) self.assertEqual(recs[1].wType, dnsp.DNS_TYPE_TXT) +recs = self.ldap_get_dns_records(name4) +self.assertEqual(len(recs), 1) +self.assertEqual(recs[0].wType, dnsp.DNS_TYPE_TOMBSTONE) +
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via 8cb7818a405 ldb: version 2.0.9 via 17c43b99622 ldb: Add tests aimed at the SCOPE_ONELEVEL bug in particular via b81fd260ebb ldb: Fix search with scope ONE and small result sets via 811d8057973 ldb: Ensure @IDXONE modes is tested in ldb.python (apy.py) tests via e7ed0a80885 ldb: Add tests aimed at the SCOPE_ONELEVEL particular via 880c2d747aa ldb: Add tests for one-level indexes in conjunction with other indexes from a95a8c7eaa4 smbd: Separate aio_pthread indicator from normal EINTR https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit 8cb7818a40564e2af2090e9b775ac4d770d3aae5 Author: Andrew Bartlett Date: Wed Feb 26 10:29:20 2020 +1300 ldb: version 2.0.9 * Bug 14270: Samba 4.11 and later give incorrect results for SCOPE_ONE searches Signed-off-by: Andrew Bartlett Autobuild-User(v4-11-test): Karolin Seeger Autobuild-Date(v4-11-test): Wed Feb 26 10:08:45 UTC 2020 on sn-devel-184 commit 17c43b99622f518bd816e26ae9885cd48918f0a9 Author: Andrew Bartlett Date: Wed Feb 12 16:28:01 2020 +1300 ldb: Add tests aimed at the SCOPE_ONELEVEL bug in particular BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 0b8ab0200805127e36eeb2affe561f3aee59604a) commit b81fd260ebb76f135c6e68b052fdcf61e4142a2e Author: Andrew Bartlett Date: Fri Feb 7 16:56:13 2020 +1300 ldb: Fix search with scope ONE and small result sets This changes the LDB behaviour in the combination of a SCOPE_ONE search and an index returning less than 10 results. After b6b5b5fe355fee2a4096e9214831cb88c7a2a4c6 the list->strict flag became set to false in all cases, rather than being left to the value set by the caller. This changes the ldb_kv_index_dn_one() code to force strict mode on success instead. Thanks to Marcus Granér, ICEYE Oy for reporting. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 3c7261c43da491b57f50e0e64d7050d85c6b973e) commit 811d8057973bf8c6109dd158debbe9bc436c Author: Andrew Bartlett Date: Wed Feb 12 13:44:44 2020 +1300 ldb: Ensure @IDXONE modes is tested in ldb.python (apy.py) tests Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit ec34a7095705592279647c5046a000e0bf052d1a) commit e7ed0a8088543abc9d83edbcc907357218a049c4 Author: Andrew Bartlett Date: Wed Feb 12 11:45:36 2020 +1300 ldb: Add tests aimed at the SCOPE_ONELEVEL particular BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 167676973b7f1db563da04d54e8ce5668034081c) commit 880c2d747aac276ef27834cf5661152591f8fc30 Author: Andrew Bartlett Date: Mon Feb 10 14:08:29 2020 +1300 ldb: Add tests for one-level indexes in conjunction with other indexes BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 17bd63dbea7f6e6358f81f0ac5b9392b2321bb32) --- Summary of changes: lib/ldb/ABI/{ldb-2.0.5.sigs => ldb-2.0.9.sigs} | 0 ...yldb-util-1.1.10.sigs => pyldb-util-2.0.9.sigs} | 0 lib/ldb/ldb_key_value/ldb_kv_index.c | 21 +- lib/ldb/tests/python/api.py| 499 - lib/ldb/wscript| 2 +- 5 files changed, 511 insertions(+), 11 deletions(-) copy lib/ldb/ABI/{ldb-2.0.5.sigs => ldb-2.0.9.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-2.0.9.sigs} (100%) Changeset truncated at 500 lines: diff --git a/lib/ldb/ABI/ldb-2.0.5.sigs b/lib/ldb/ABI/ldb-2.0.9.sigs similarity index 100% copy from lib/ldb/ABI/ldb-2.0.5.sigs copy to lib/ldb/ABI/ldb-2.0.9.sigs diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util-2.0.9.sigs similarity index 100% copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs copy to lib/ldb/ABI/pyldb-util-2.0.9.sigs diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c index 0853b28fe40..8e756c1a8e5 100644 --- a/lib/ldb/ldb_key_value/ldb_kv_index.c +++ b/lib/ldb/ldb_key_value/ldb_kv_index.c @@ -2113,16 +2113,19 @@ static int ldb_kv_index_dn_one(struct ldb_module *module, struct dn_list *list, enum key_truncation *truncation) { - /* -* Ensure we do not shortcut on intersection for this list. -
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 4791250 NEWS[4.12.0rc4]: Samba 4.12.0rc4 Available for Download from e2b4c59 NEWS[4.12.0rc3]: Samba 4.12.0rc3 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 4791250158ce453071160baf70c810b85d435793 Author: Karolin Seeger Date: Wed Feb 26 08:47:37 2020 +0100 NEWS[4.12.0rc4]: Samba 4.12.0rc4 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: posted_news/20200226-074825.4.12.0rc4.body.html | 12 posted_news/20200226-074825.4.12.0rc4.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20200226-074825.4.12.0rc4.body.html create mode 100644 posted_news/20200226-074825.4.12.0rc4.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20200226-074825.4.12.0rc4.body.html b/posted_news/20200226-074825.4.12.0rc4.body.html new file mode 100644 index 000..1583eb9 --- /dev/null +++ b/posted_news/20200226-074825.4.12.0rc4.body.html @@ -0,0 +1,12 @@ + +26 February 2020 +Samba 4.12.0rc4 Available for Download + +This is the fourth release candidate of the upcoming Samba 4.12 release series. + + +The uncompressed tarball has been signed using GnuPG (ID 6F33915B6568B7EA). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.12.0rc4.tar.gz;>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.12.0rc4.WHATSNEW.txt;>the release notes for more info. + + diff --git a/posted_news/20200226-074825.4.12.0rc4.headline.html b/posted_news/20200226-074825.4.12.0rc4.headline.html new file mode 100644 index 000..2c8715b --- /dev/null +++ b/posted_news/20200226-074825.4.12.0rc4.headline.html @@ -0,0 +1,3 @@ + + 26 February 2020 Samba 4.12.0rc4 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - annotated tag samba-4.12.0rc4 created
The annotated tag, samba-4.12.0rc4 has been created at 9944b478dd46cb017625acce1be26eba045e2b7e (tag) tagging e629b9230ea64b4f098589cdbf5edb25f62e9ae8 (commit) replaces samba-4.12.0rc3 tagged by Karolin Seeger on Wed Feb 26 08:47:24 2020 +0100 - Log - samba: tag release samba-4.12.0rc4 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXlYijAAKCRBvM5FbZWi3 6tSMAJsFkjqmTr+IV1Mjo0YhSYZ4B9CvVgCdGZihcXg8jdAGZKY+ELpJvVSDiSI= =EfLP -END PGP SIGNATURE- Andrew Bartlett (8): build: Do not check if system perl modules should be bundled WHATSNEW: Add zlib and fuzzing notes WHATSNEW: samba-tool improvements ldb: Add tests for one-level indexes in conjunction with other indexes ldb: Add tests aimed at the SCOPE_ONELEVEL particular ldb: Ensure @IDXONE modes is tested in ldb.python (apy.py) tests ldb: Fix search with scope ONE and small result sets ldb: Add tests aimed at the SCOPE_ONELEVEL bug in particular Douglas Bagnall (1): pidl/wscript: configure should insist on Parse::Yapp::Driver Jeremy Allison (2): s3: DFS: Don't allow link creation on a read-only share. s3: DFS: Don't allow link deletion on a read-only share. Karolin Seeger (3): VERSION: Bump version up to 4.12.0rc4... WHATSNEW: Add release notes for Samba 4.12.0rc4. VERSION: Disable GIT_SNAPSHOT for th Samba 4.12.0rc4 release. Ralph Boehme (1): WHATSNEW: Announce new Spotlight backend for Elasticsearch Stefan Metzmacher (1): ldb: version 2.1.1 Volker Lendecke (4): test: Intercept open in vfs_error_inject test: Show that smbd does not handle EINTR from open() correctly lib: Map EINPROGRESS->NT_STATUS_MORE_PROCESSING_REQUIRED smbd: Separate aio_pthread indicator from normal EINTR --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-12-test updated
The branch, v4-12-test has been updated via 201489edf9d VERSION: Bump version up to 4.12.0rc5... via e629b9230ea VERSION: Disable GIT_SNAPSHOT for th Samba 4.12.0rc4 release. via 0f1d595cac3 WHATSNEW: Add release notes for Samba 4.12.0rc4. from 20195a35bbb ldb: version 2.1.1 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test - Log - commit 201489edf9d95c72ad786f1c6e6169a335e474a0 Author: Karolin Seeger Date: Wed Feb 26 08:38:24 2020 +0100 VERSION: Bump version up to 4.12.0rc5... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit e629b9230ea64b4f098589cdbf5edb25f62e9ae8 Author: Karolin Seeger Date: Wed Feb 26 08:37:26 2020 +0100 VERSION: Disable GIT_SNAPSHOT for th Samba 4.12.0rc4 release. Signed-off-by: Karolin Seeger commit 0f1d595cac33e2596f2e047244150925ece60a99 Author: Karolin Seeger Date: Tue Feb 25 09:57:47 2020 +0100 WHATSNEW: Add release notes for Samba 4.12.0rc4. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 82 ++-- 2 files changed, 53 insertions(+), 31 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 067d3ce3120..08f47fd9b60 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=4 +SAMBA_VERSION_RC_RELEASE=5 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index d3ef2a3f95b..b58cba6aebf 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the third release candidate of Samba 4.12. This is *not* +This is the fourth release candidate of Samba 4.12. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -87,10 +87,10 @@ Note that when upgrading existing installations that are using the previous default Spotlight backend Gnome Tracker must explicitly set "spotlight backend = tracker" as the new default is "noindex". -"net ads kerberos pac save" and "net eventlog export" +'net ads kerberos pac save' and 'net eventlog export' - -The "net ads kerberos pac save" and "net eventlog export" tools will +The 'net ads kerberos pac save' and 'net eventlog export' tools will no longer silently overwrite an existing file during data export. If the filename given exits, an error will be shown. @@ -105,10 +105,10 @@ parsing code. A large number of issues have been found and fixed thanks to this effort. -samba-tool improvements add contacts as member to groups - +'samba-tool' improvements add contacts as member to groups +-- -Previously "samba-tool group addmemers" can just add users, groups and +Previously 'samba-tool group addmemers' can just add users, groups and computers as members to groups. But also contacts can be members of groups. Samba 4.12 adds the functionality to add contacts to groups. Since contacts have no sAMAccountName, it's possible that @@ -116,19 +116,19 @@ there are more than one contact with the same name in different organizational units. Therefore it's necessary to have an option to handle group members by their DN. -To get the DN of an object there is now the --full-dn option available +To get the DN of an object there is now the "--full-dn" option available for all necessary commands. The MS Windows UI allows to search for specific types of group members when searching for new members for a group. This feature is included -here with the new samba-tool group addmembers --object-type=OBJECTYPE +here with the new samba-tool group addmembers "--object-type=OBJECTYPE" option. The different types are selected accordingly to the Windows UI. The default samba-toole behaviour shouldn't be changed. Allow filtering by OU or subtree in samba-tool -- -A new --base-dn and --member-base-dn option is added to relevant +A new "--base-dn" and "--member-base-dn" option is added to relevant samba-tool user, group and ou management commands to allow operation on just one part of the AD tree, such as a single OU. @@
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via a95a8c7eaa4 smbd: Separate aio_pthread indicator from normal EINTR via a33656c9df2 lib: Map EINPROGRESS->NT_STATUS_MORE_PROCESSING_REQUIRED via 64b2eda07fc test: Show that smbd does not handle EINTR from open() correctly via 0232cc46a35 test: Intercept open in vfs_error_inject via ea1e73c2281 wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9 from 370278fca39 s3: VFS: full_audit. Use system session_info if called from a temporary share definition. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit a95a8c7eaa46d5c8c485de714f0a97e307e49f7e Author: Volker Lendecke Date: Thu Feb 20 14:13:35 2020 +0100 smbd: Separate aio_pthread indicator from normal EINTR According to Posix and the Linux open(2) manpage, the open-syscall can return EINTR. If that happens, core smbd saw this as an indication that aio_pthread's open function was doing its job. With a real EINTR without aio_pthread this meant we ended up in a server_exit after 20 seconds, because there was nobody to do the retry. EINTR is mapped to NT_STATUS_RETRY. Handle this by just retrying after a second. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14285 Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Feb 20 22:14:25 UTC 2020 on sn-devel-184 (cherry picked from commit aebe427b77b5315eb5d2b05b8c72824ca0389723) Autobuild-User(v4-11-test): Karolin Seeger Autobuild-Date(v4-11-test): Tue Feb 25 22:24:54 UTC 2020 on sn-devel-184 commit a33656c9df2cde3ff1cfc6b0427c7dfb2b140cae Author: Volker Lendecke Date: Thu Feb 20 10:25:16 2020 +0100 lib: Map EINPROGRESS->NT_STATUS_MORE_PROCESSING_REQUIRED Bug: https://bugzilla.samba.org/show_bug.cgi?id=14285 Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison (cherry picked from commit 4a943d842a51674425f0c4019f823ef0a9d09f49) commit 64b2eda07fcf3ee38a344848297c2a0f8a13748b Author: Volker Lendecke Date: Wed Feb 19 15:25:38 2020 +0100 test: Show that smbd does not handle EINTR from open() correctly Bug: https://bugzilla.samba.org/show_bug.cgi?id=14285 Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison (cherry picked from commit 7bbba73b30f06304e9a2ad48e853d9ec8171dd30) commit 0232cc46a35a57b4c3ccdb7d4222ec0c9f3fca38 Author: Volker Lendecke Date: Wed Feb 19 14:44:11 2020 +0100 test: Intercept open in vfs_error_inject Bug: https://bugzilla.samba.org/show_bug.cgi?id=14285 Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison (cherry picked from commit 305204a241b74c599f4f6a064cac6608afd9c893) commit ea1e73c2281ea3e7849fd30002c42d858b19b968 Author: Andreas Schneider Date: Wed Feb 5 16:58:26 2020 +0100 wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9 See https://docs.python.org/3.9/whatsnew/3.9.html#changes-in-the-python-api "open(), io.open(), codecs.open() and fileinput.FileInput no longer accept 'U' (“universal newline”) in the file mode. This flag was deprecated since Python 3.3. In Python 3, the “universal newline” is used by default when a file is open in text mode. The newline parameter of open() controls how universal newlines works." BUG: https://bugzilla.samba.org/show_bug.cgi?id=14266 Signed-off-by: Andreas Schneider Reviewed-by: Douglas Bagnall Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Thu Feb 6 07:30:13 UTC 2020 on sn-devel-184 (cherry picked from commit 52722746a5eb40c309ba59f78bd8e3d897417bdc) --- Summary of changes: buildtools/wafsamba/samba_utils.py | 2 +- source3/lib/errmap_unix.c | 1 + source3/modules/vfs_aio_pthread.c | 2 +- source3/modules/vfs_error_inject.c | 17 + source3/script/tests/test_open_eintr.sh | 66 + source3/selftest/tests.py | 9 + source3/smbd/open.c | 38 +-- 7 files changed, 122 insertions(+), 13 deletions(-) create mode 100755 source3/script/tests/test_open_eintr.sh Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_utils.py b/buildtools/wafsamba/samba_utils.py index ad97de1859b..be022adc8f5 100644 --- a/buildtools/wafsamba/samba_utils.py +++ b/buildtools/wafsamba/samba_utils.py @@ -700,7 +700,7 @@ def PROCESS_SEPARATE_RULE(self, rule): cache[node] = True self.pre_recurse(node) try: -function_code = node.read('rU', None) +function_code = node.read('r', None)
[SCM] Samba Shared Repository - branch v4-12-test updated
The branch, v4-12-test has been updated via 20195a35bbb ldb: version 2.1.1 via f83104fbfc4 ldb: Add tests aimed at the SCOPE_ONELEVEL bug in particular via 81bdcf9ee4e ldb: Fix search with scope ONE and small result sets via c521913e426 ldb: Ensure @IDXONE modes is tested in ldb.python (apy.py) tests via 71c072c385f ldb: Add tests aimed at the SCOPE_ONELEVEL particular via ea4c35f1d42 ldb: Add tests for one-level indexes in conjunction with other indexes via a21688e7d48 smbd: Separate aio_pthread indicator from normal EINTR via 1a47b0fd1d3 lib: Map EINPROGRESS->NT_STATUS_MORE_PROCESSING_REQUIRED via dcdfa4a752e test: Show that smbd does not handle EINTR from open() correctly via 670b83a1e6d test: Intercept open in vfs_error_inject from 9b6e4da57d7 WHATSNEW: Announce new Spotlight backend for Elasticsearch https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test - Log - commit 20195a35bbbd7f6c89315f7e8f2d1fa84e4b4010 Author: Stefan Metzmacher Date: Tue Feb 25 11:06:27 2020 +0100 ldb: version 2.1.1 * Bug 14270: Samba 4.11 and later give incorrect results for SCOPE_ONE searches Signed-off-by: Stefan Metzmacher Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Tue Feb 25 12:59:02 UTC 2020 on sn-devel-184 (cherry picked from commit 0ca46a37268c8219192abc3ab5f2546a02ed8862) Autobuild-User(v4-12-test): Karolin Seeger Autobuild-Date(v4-12-test): Tue Feb 25 21:09:41 UTC 2020 on sn-devel-184 commit f83104fbfc4ae4bfd2b37f398bf591474aa64c49 Author: Andrew Bartlett Date: Wed Feb 12 16:28:01 2020 +1300 ldb: Add tests aimed at the SCOPE_ONELEVEL bug in particular BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 0b8ab0200805127e36eeb2affe561f3aee59604a) commit 81bdcf9ee4e26e7b9d40b26c2195cb6f7a786d80 Author: Andrew Bartlett Date: Fri Feb 7 16:56:13 2020 +1300 ldb: Fix search with scope ONE and small result sets This changes the LDB behaviour in the combination of a SCOPE_ONE search and an index returning less than 10 results. After b6b5b5fe355fee2a4096e9214831cb88c7a2a4c6 the list->strict flag became set to false in all cases, rather than being left to the value set by the caller. This changes the ldb_kv_index_dn_one() code to force strict mode on success instead. Thanks to Marcus Granér, ICEYE Oy for reporting. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 3c7261c43da491b57f50e0e64d7050d85c6b973e) commit c521913e4268b5b406c5439a58b1049d605c45cf Author: Andrew Bartlett Date: Wed Feb 12 13:44:44 2020 +1300 ldb: Ensure @IDXONE modes is tested in ldb.python (apy.py) tests Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit ec34a7095705592279647c5046a000e0bf052d1a) commit 71c072c385f9f6a79a11b12bfcbeb0677d10b6a9 Author: Andrew Bartlett Date: Wed Feb 12 11:45:36 2020 +1300 ldb: Add tests aimed at the SCOPE_ONELEVEL particular BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 167676973b7f1db563da04d54e8ce5668034081c) commit ea4c35f1d42247e2ac19c77249d6e9432b1c7c58 Author: Andrew Bartlett Date: Mon Feb 10 14:08:29 2020 +1300 ldb: Add tests for one-level indexes in conjunction with other indexes BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 17bd63dbea7f6e6358f81f0ac5b9392b2321bb32) commit a21688e7d4878fc3d5c80a87d12b1534acc34378 Author: Volker Lendecke Date: Thu Feb 20 14:13:35 2020 +0100 smbd: Separate aio_pthread indicator from normal EINTR According to Posix and the Linux open(2) manpage, the open-syscall can return EINTR. If that happens, core smbd saw this as an indication that aio_pthread's open function was doing its job. With a real EINTR without aio_pthread this meant we ended up in a server_exit after 20 seconds, because there was nobody to do the retry. EINTR is mapped to NT_STATUS_RETRY. Handle this by just retrying after a second. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14285 Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Feb 20 22:14:25 UTC 2020 on sn-devel-184 (cherry picked from commit aebe427b77b5315eb5d2b05b8c72824ca0389723)
[SCM] Samba Shared Repository - annotated tag ldb-2.1.1 created
The annotated tag, ldb-2.1.1 has been created at 5361662f22edec0a6e1cafb1036bc4188185c658 (tag) tagging 0ca46a37268c8219192abc3ab5f2546a02ed8862 (commit) replaces samba-4.12.0rc1 tagged by Karolin Seeger on Tue Feb 25 15:13:02 2020 +0100 - Log - ldb: tag release ldb-2.1.1 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAl5VK24ACgkQR5ORYRMI QCXAJQgAvnh+ACPN5Za/38vTTmqCul1BplTYwiZzOowEemWSIcbdFEQd01qIY2dU ZZXJd85hQAXrX6HXo/agABi55rTaCyZ1REebavc8JCQgzphdu/8mzjQtjujo/qRJ fW4P020nR/cSPmzu9qFIH7SnsiUMWnIgF3IxhfPiqF5VsO43o+d+GNw0hS5wy/Cd QHL1jNhksIAEJziEUu5N0eOJgj3wUavpOD/lJddbj43HkGHDs8C5gEATnwgh4aIN pDugR3aS9E5bXh3DwjZuXaibx/9PmkygEsyHlG2WWtImaR+VMHUHbbIF9iRq5OhQ x7WhaT1+XEyBrk9KpHU5pjGkD+k1vg== =CrDF -END PGP SIGNATURE- Amitay Isaacs (1): ctdb-common: Remove signed/unsigned comparisons Andreas Schneider (25): nsswitch: Fix username in wbinfo -K output selftest: Add user joe selftest: Add a group 'Samba Users' selftest: Make 'Samba Users' the primary group of joe nsswitch:tests: Add test to check correct group lookup with samlogon cache lib:util: Log mkdir error on correct debug levels s4:torture: Skip the deltest20 as user root libcli:smb: Improve check for gnutls_aead_cipher_(en|de)cryptv2 wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9 s3:lib: Use a static buffer for (local|remote)_machine s3:lib: Remove unneded call to set_local_machine_name() s3:tests: Add smbclient test for 'force create mode = 0664' s3:tests: Add test for a dropbox with dir mode 0733 lib:util: Add bytearray.h lib:util: Add test to verify old and new macros are the same lib:util: Use _DATA_BYTE(_CONST) from bytearray.h lib:util: Use PULL_LE_(U16|U32) for SVAL and IVAL lib:util: Use PUSH_LE_(U16|U32) for S(S|I)VAL lib:util: Use PUSH_LE_(U16|U32) for S(I|S)VALS lib:util: Use (PULL|PUSH)_BE_(U16|U32|U64) for R*VAL* lib:util: Add comments to use bytearray.h to byteorder.h librpc:ndr: Use bytearray.h in ndr_basic.c librpc:ndr: Remove byteorder.h from libndr.h lib:util: Do not expose internal header files lib:util: Add (PULL|PUSH)_(BE|LE)_I(8|16|32|64) byterarray macros Andrew Bartlett (12): build: Do not check if system perl modules should be bundled bootstrap: Remove un-used dependency python3-crypto source4/scripting/bin: Swap machine account password scripts dsdb: Correctly handle memory in objectclass_attrs selftest: Test behaviour of DNS scavenge with an existing dNSTombstoned value auth/credentials: Test connecting to LDAP with a "virtual user" style account s4-auth: Allow simple bind login of a user with an @ in the samAccountName ldb: Add tests for one-level indexes in conjunction with other indexes ldb: Add tests aimed at the SCOPE_ONELEVEL particular ldb: Ensure @IDXONE modes is tested in ldb.python (apy.py) tests ldb: Fix search with scope ONE and small result sets ldb: Add tests aimed at the SCOPE_ONELEVEL bug in particular Christof Schmitt (8): vfs_gpfs: Remove call to linux_set_lease_capability vfs_gpfs: Reformat function definition of vfs_gpfs_setlease vfs_gpfs: Remove function call from "if" statement vfs_gpfs: Change lease helper function to only provide mapping vfs_gpfs: Cleanup lease mapping function smbd: Remove unused function linux_set_lease_capability smbd: Remove unused define vfs_gpfs: Preserve errno across unbecome_root call David Mulder (1): s4:torture: Convert samba4.base.charset test to smb2 Douglas Bagnall (17): pidl/wscript: configure should insist on Parse::Yapp::Driver selftest: enable perl warnings selftest/target/samba: avoid overwriting $pkinitdir selftest: avoid redeclaring perl variables selftest/s4: properly initialise an empty hash selftest/s4: don't put pcap file in / by default selftest/s4: remove illegal function signature selftest/s3: actually close parent copy of smbd's STDIN selftest/s3: prefer empty string over undef to add nothing to config selftest/target/samba: add missing methods selftest/target/samba: do not look for undef environment selftest: avoid comparison against undefined value selftest: simplify logic in setup_env nmblib: avoid undefined behaviour in handle_name_ptrs() pytests: heed assertEquals deprecation warning en-masse python: use raw string for regex with escape samba-tool gpo: tighter matching for ini names Gary Lockyer (8): librpc ndr: Heap-buffer-overflow in lzxpress_decompress librpc ndr tests: uint32 overflow in NDR_PULL_ALIGN librpc ndr: NDR_PULL_ALIGN check for unsigned overflow librpc ndr test
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0ca46a37268 ldb: version 2.1.1 via 0b8ab020080 ldb: Add tests aimed at the SCOPE_ONELEVEL bug in particular via 3c7261c43da ldb: Fix search with scope ONE and small result sets via ec34a709570 ldb: Ensure @IDXONE modes is tested in ldb.python (apy.py) tests via 167676973b7 ldb: Add tests aimed at the SCOPE_ONELEVEL particular via 17bd63dbea7 ldb: Add tests for one-level indexes in conjunction with other indexes from a2692b64946 lib:util: Add (PULL|PUSH)_(BE|LE)_I(8|16|32|64) byterarray macros https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0ca46a37268c8219192abc3ab5f2546a02ed8862 Author: Stefan Metzmacher Date: Tue Feb 25 11:06:27 2020 +0100 ldb: version 2.1.1 * Bug 14270: Samba 4.11 and later give incorrect results for SCOPE_ONE searches Signed-off-by: Stefan Metzmacher Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Tue Feb 25 12:59:02 UTC 2020 on sn-devel-184 commit 0b8ab0200805127e36eeb2affe561f3aee59604a Author: Andrew Bartlett Date: Wed Feb 12 16:28:01 2020 +1300 ldb: Add tests aimed at the SCOPE_ONELEVEL bug in particular BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher commit 3c7261c43da491b57f50e0e64d7050d85c6b973e Author: Andrew Bartlett Date: Fri Feb 7 16:56:13 2020 +1300 ldb: Fix search with scope ONE and small result sets This changes the LDB behaviour in the combination of a SCOPE_ONE search and an index returning less than 10 results. After b6b5b5fe355fee2a4096e9214831cb88c7a2a4c6 the list->strict flag became set to false in all cases, rather than being left to the value set by the caller. This changes the ldb_kv_index_dn_one() code to force strict mode on success instead. Thanks to Marcus Granér, ICEYE Oy for reporting. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher commit ec34a7095705592279647c5046a000e0bf052d1a Author: Andrew Bartlett Date: Wed Feb 12 13:44:44 2020 +1300 ldb: Ensure @IDXONE modes is tested in ldb.python (apy.py) tests Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher commit 167676973b7f1db563da04d54e8ce5668034081c Author: Andrew Bartlett Date: Wed Feb 12 11:45:36 2020 +1300 ldb: Add tests aimed at the SCOPE_ONELEVEL particular BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher commit 17bd63dbea7f6e6358f81f0ac5b9392b2321bb32 Author: Andrew Bartlett Date: Mon Feb 10 14:08:29 2020 +1300 ldb: Add tests for one-level indexes in conjunction with other indexes BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher --- Summary of changes: lib/ldb/ABI/{ldb-2.0.5.sigs => ldb-2.1.1.sigs} | 0 ...pyldb-util-2.1.0.sigs => pyldb-util-2.1.1.sigs} | 0 lib/ldb/ldb_key_value/ldb_kv_index.c | 21 +- lib/ldb/tests/python/api.py| 499 - lib/ldb/wscript| 2 +- 5 files changed, 511 insertions(+), 11 deletions(-) copy lib/ldb/ABI/{ldb-2.0.5.sigs => ldb-2.1.1.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-2.1.0.sigs => pyldb-util-2.1.1.sigs} (100%) Changeset truncated at 500 lines: diff --git a/lib/ldb/ABI/ldb-2.0.5.sigs b/lib/ldb/ABI/ldb-2.1.1.sigs similarity index 100% copy from lib/ldb/ABI/ldb-2.0.5.sigs copy to lib/ldb/ABI/ldb-2.1.1.sigs diff --git a/lib/ldb/ABI/pyldb-util-2.1.0.sigs b/lib/ldb/ABI/pyldb-util-2.1.1.sigs similarity index 100% copy from lib/ldb/ABI/pyldb-util-2.1.0.sigs copy to lib/ldb/ABI/pyldb-util-2.1.1.sigs diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c index 059abef6748..a7e341552ea 100644 --- a/lib/ldb/ldb_key_value/ldb_kv_index.c +++ b/lib/ldb/ldb_key_value/ldb_kv_index.c @@ -2113,16 +2113,19 @@ static int ldb_kv_index_dn_one(struct ldb_module *module, struct dn_list *list, enum key_truncation *truncation) { - /* -* Ensure we do not shortcut on intersection for this list. -* We must never be lazy and return an entry not in this -* list. This allows the index for -* SCOPE_ONELEVEL to be trusted. -*/ - - list->strict = true; - return ldb_kv_index_dn_attr( + int ret = ldb_kv_index_dn_attr( module, ldb_kv, LDB_KV_IDXONE, parent_dn, list, truncation); + if (
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 9b805c08442 wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9 from ee7e298bd70 s3: VFS: full_audit. Use system session_info if called from a temporary share definition. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 9b805c084429d7b351114b91b78f46433793d28a Author: Andreas Schneider Date: Wed Feb 5 16:58:26 2020 +0100 wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9 See https://docs.python.org/3.9/whatsnew/3.9.html#changes-in-the-python-api "open(), io.open(), codecs.open() and fileinput.FileInput no longer accept 'U' (“universal newline”) in the file mode. This flag was deprecated since Python 3.3. In Python 3, the “universal newline” is used by default when a file is open in text mode. The newline parameter of open() controls how universal newlines works." BUG: https://bugzilla.samba.org/show_bug.cgi?id=14266 Signed-off-by: Andreas Schneider Reviewed-by: Douglas Bagnall Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Thu Feb 6 07:30:13 UTC 2020 on sn-devel-184 (cherry picked from commit 52722746a5eb40c309ba59f78bd8e3d897417bdc) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Mon Feb 24 11:28:18 UTC 2020 on sn-devel-144 --- Summary of changes: buildtools/wafsamba/samba_utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_utils.py b/buildtools/wafsamba/samba_utils.py index bc36d1f194d..086040ebfee 100644 --- a/buildtools/wafsamba/samba_utils.py +++ b/buildtools/wafsamba/samba_utils.py @@ -687,7 +687,7 @@ def PROCESS_SEPARATE_RULE(self, rule): cache[node] = True self.pre_recurse(node) try: -function_code = node.read('rU', None) +function_code = node.read('r', None) exec(compile(function_code, node.abspath(), 'exec'), self.exec_dict) finally: self.post_recurse(node) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-12-test updated
The branch, v4-12-test has been updated via 9b6e4da57d7 WHATSNEW: Announce new Spotlight backend for Elasticsearch via 828b834706f WHATSNEW: samba-tool improvements via 0b964d99aa4 WHATSNEW: Add zlib and fuzzing notes from 537acf2a185 build: Do not check if system perl modules should be bundled https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test - Log - commit 9b6e4da57d73136cc1a2e3bce198ce3ff327269f Author: Ralph Boehme Date: Thu Feb 20 14:19:04 2020 +0100 WHATSNEW: Announce new Spotlight backend for Elasticsearch Signed-off-by: Ralph Boehme Reviewed-by: Karolin Seeger Autobuild-User(v4-12-test): Karolin Seeger Autobuild-Date(v4-12-test): Fri Feb 21 10:46:08 UTC 2020 on sn-devel-184 commit 828b834706f2656b9b669dd6c87f81bedc5b10be Author: Andrew Bartlett Date: Fri Feb 21 13:04:39 2020 +1300 WHATSNEW: samba-tool improvements This text is based on https://gitlab.com/samba-team/samba/-/merge_requests/1015 by Björn Baumbach, just re-worked a little to suit the WHATSNEW. I wrote the second section Signed-off-by: Andrew Bartlett Reviewed-by: Karolin Seeger commit 0b964d99aa451f9becefca38da80e2b07b4ff63e Author: Andrew Bartlett Date: Fri Feb 21 12:24:02 2020 +1300 WHATSNEW: Add zlib and fuzzing notes Signed-off-by: Andrew Bartlett Reviewed-by: Karolin Seeger --- Summary of changes: WHATSNEW.txt | 73 1 file changed, 73 insertions(+) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index ab161cbe811..d3ef2a3f95b 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -57,6 +57,35 @@ A future Samba version will mitigate this to some extent where good cryptography effectively wraps bad cryptography, but for now that above applies. +zlib library is now required to build Samba +--- + +Samba no longer includes a local copy of zlib in our source tarball. +By removing this we do not need to ship (even where we did not +build) the old, broken zip encryption code found there. + +New Spotlight backend for Elasticsearch +--- + +Support for the macOS specific Spotlight search protocol has been enhanced +significantly. Starting with 4.12 Samba supports using Elasticsearch as search +backend. Various new parameters have been added to configure this: + + spotlight backend = noindex | elasticsearch | tracker + elasticsearch:address = ADDRESS + elasticsearch:port = PORT + elasticsearch:use tls = BOOLEAN + elasticsearch:index = INDEXNAME + elasticsearch:mappings = PATH + elasticsearch:max results = NUMBER + +Samba also ships a Spotlight client command "mdfind" which can be used to search +any SMB server that runs the Spotlight RPC service. See the manpage of mdfind +for details. + +Note that when upgrading existing installations that are using the previous +default Spotlight backend Gnome Tracker must explicitly set "spotlight backend = +tracker" as the new default is "noindex". "net ads kerberos pac save" and "net eventlog export" - @@ -65,6 +94,44 @@ The "net ads kerberos pac save" and "net eventlog export" tools will no longer silently overwrite an existing file during data export. If the filename given exits, an error will be shown. +Fuzzing +--- + +A large number of fuzz targets have been added to Samba, and Samba has +been registered in Google's oss-fuzz cloud fuzzing service. In +particular, we now have good fuzzing coverage of our generated NDR +parsing code. + +A large number of issues have been found and fixed thanks to this +effort. + +samba-tool improvements add contacts as member to groups + + +Previously "samba-tool group addmemers" can just add users, groups and +computers as members to groups. But also contacts can be members of +groups. Samba 4.12 adds the functionality to add contacts to +groups. Since contacts have no sAMAccountName, it's possible that +there are more than one contact with the same name in different +organizational units. Therefore it's necessary to have an option to +handle group members by their DN. + +To get the DN of an object there is now the --full-dn option available +for all necessary commands. + +The MS Windows UI allows to search for specific types of group members +when searching for new members for a group. This feature is included +here with the new samba-tool group addmembers --object-type=OBJECTYPE +option. The different types are selected accordingly to the Windows +UI. The default samba-toole b
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via 370278fca39 s3: VFS: full_audit. Use system session_info if called from a temporary share definition. from 4ee5642bea3 auth: Fix CID 1458418 Null pointer dereferences (REVERSE_INULL) https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit 370278fca390c2cdbd4fe523a27208bfa094a81a Author: Jeremy Allison Date: Wed Feb 19 13:20:14 2020 -0800 s3: VFS: full_audit. Use system session_info if called from a temporary share definition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14283 Signed-off-by: Jeremy Allison Autobuild-User(v4-11-test): Karolin Seeger Autobuild-Date(v4-11-test): Fri Feb 21 09:20:14 UTC 2020 on sn-devel-184 --- Summary of changes: source3/modules/vfs_full_audit.c | 20 1 file changed, 16 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index a442563115c..bdeff2aae46 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -478,6 +478,7 @@ static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn) { char *prefix = NULL; char *result; + const struct auth_session_info *session_info = conn->session_info; prefix = talloc_strdup(ctx, lp_parm_const_string(SNUM(conn), "full_audit", @@ -485,13 +486,24 @@ static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn) if (!prefix) { return NULL; } + + if (session_info == NULL) { + /* +* conn->session_info can be NULL if we're +* called from a temporary conn created in +* the MSDFS and other code. It's been created +* by root so just use the system session. +*/ + session_info = get_session_info_system(); + } + result = talloc_sub_full(ctx, lp_servicename(talloc_tos(), SNUM(conn)), - conn->session_info->unix_info->unix_name, + session_info->unix_info->unix_name, conn->connectpath, - conn->session_info->unix_token->gid, - conn->session_info->unix_info->sanitized_username, - conn->session_info->info->domain_name, + session_info->unix_token->gid, + session_info->unix_info->sanitized_username, + session_info->info->domain_name, prefix); TALLOC_FREE(prefix); return result; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via ee7e298bd70 s3: VFS: full_audit. Use system session_info if called from a temporary share definition. from 3230cf3e23e auth: Fix CID 1458418 Null pointer dereferences (REVERSE_INULL) https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit ee7e298bd707755d04c3802fe45099e8e25b6c93 Author: Jeremy Allison Date: Wed Feb 19 13:20:14 2020 -0800 s3: VFS: full_audit. Use system session_info if called from a temporary share definition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14283 Signed-off-by: Jeremy Allison Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Thu Feb 20 15:31:20 UTC 2020 on sn-devel-144 --- Summary of changes: source3/modules/vfs_full_audit.c | 20 1 file changed, 16 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index 8b04e55444e..14d4e1fbe6d 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -478,6 +478,7 @@ static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn) { char *prefix = NULL; char *result; + const struct auth_session_info *session_info = conn->session_info; prefix = talloc_strdup(ctx, lp_parm_const_string(SNUM(conn), "full_audit", @@ -485,13 +486,24 @@ static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn) if (!prefix) { return NULL; } + + if (session_info == NULL) { + /* +* conn->session_info can be NULL if we're +* called from a temporary conn created in +* the MSDFS and other code. It's been created +* by root so just use the system session. +*/ + session_info = get_session_info_system(); + } + result = talloc_sub_full(ctx, lp_servicename(talloc_tos(), SNUM(conn)), - conn->session_info->unix_info->unix_name, + session_info->unix_info->unix_name, conn->connectpath, - conn->session_info->unix_token->gid, - conn->session_info->unix_info->sanitized_username, - conn->session_info->info->domain_name, + session_info->unix_token->gid, + session_info->unix_info->sanitized_username, + session_info->info->domain_name, prefix); TALLOC_FREE(prefix); return result; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-12-test updated
The branch, v4-12-test has been updated via 537acf2a185 build: Do not check if system perl modules should be bundled via da44630885e pidl/wscript: configure should insist on Parse::Yapp::Driver via 339566feb72 s3: DFS: Don't allow link deletion on a read-only share. via 5a794f3bf8c s3: DFS: Don't allow link creation on a read-only share. from f72bb650ec3 VERSION: Bump version up to 4.12.0rc4... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test - Log - commit 537acf2a185c7b8ee76c7a55cb9d9dad6417d153 Author: Andrew Bartlett Date: Mon Feb 3 09:51:12 2020 +1300 build: Do not check if system perl modules should be bundled We do not ship any perl modules in third_party at this time, so this check is pointless and breaks the build for --bundled-libraries=ALL. As reported by aaptel on https://gitlab.com/samba-team/samba/-/merge_requests/1104#note_281050331 This changes our autobuild script to cover this case in the samba-static job. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14284 Signed-off-by: Andrew Bartlett Reviewed-by: Gary Lockyer (cherry picked from commit cf4984947b39e9f6f8afd29de8a760703bf9e092) Autobuild-User(v4-12-test): Karolin Seeger Autobuild-Date(v4-12-test): Thu Feb 20 12:58:46 UTC 2020 on sn-devel-184 commit da44630885eb51f54c4814dcac1c94f11a149642 Author: Douglas Bagnall Date: Sun Feb 2 16:05:38 2020 +1300 pidl/wscript: configure should insist on Parse::Yapp::Driver following 83ffe6752d589180eac96d7b8e7d1a54e3476bfd, you get a build error if you lack a system perl Parse::Yapp. Let's make it a configure failure instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14284 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Sun Feb 2 10:09:11 UTC 2020 on sn-devel-184 (cherry picked from commit af47a77673f58cc6436798b250c90be0e325d20e) commit 339566feb72edc3b1fc39d2c7fb5bf05c11a88a5 Author: Jeremy Allison Date: Thu Feb 6 16:20:59 2020 -0800 s3: DFS: Don't allow link deletion on a read-only share. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14269 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit 0450593e38d62fe0b925d789486517ade31fe3c6) commit 5a794f3bf8cfae04fab8ef2e5136ee470d8fa60e Author: Jeremy Allison Date: Thu Feb 6 15:55:13 2020 -0800 s3: DFS: Don't allow link creation on a read-only share. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14269 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit b4195cd488e1366887acfea6ae03bf4198514a15) --- Summary of changes: pidl/wscript | 17 +++-- script/autobuild.py | 2 +- source3/smbd/msdfs.c | 21 + 3 files changed, 29 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/pidl/wscript b/pidl/wscript index d1b8278990a..50fe12c013d 100644 --- a/pidl/wscript +++ b/pidl/wscript @@ -2,27 +2,20 @@ import os, string from samba_utils import MODE_755 -from waflib import Logs +from waflib import Logs, Errors # This function checks if a perl module is installed on the system. def check_system_perl_module(conf, module, version=None): -bundle_name = module.replace('::', '_') module_check = module # Create module string with version if version: module_check = module + ' ' + str(version) -# Check if we have to bundle it. -if conf.LIB_MUST_BE_BUNDLED(bundle_name.lower()): -return False - # Check for system perl module if conf.check_perl_module(module_check) is None: return False -conf.define('USING_SYSTEM_%s' % bundle_name.upper(), 1) - return True def options(opt): @@ -30,10 +23,14 @@ def options(opt): def configure(conf): # Check if perl(Parse::Yapp::Driver) is available. -check_system_perl_module(conf, "Parse::Yapp::Driver", 1.05) +if not check_system_perl_module(conf, +"Parse::Yapp::Driver", +1.05): +raise Errors.WafError('perl module "Parse::Yapp::Driver" not found') # yapp is used for building the parser -conf.find_program('yapp', var='YAPP') +if not conf.find_program('yapp', var='YAPP'): +raise Errors.WafError('yapp not found') def build(bld): diff --git a/script/autobuild.py b/script/autobuild.py index 2a0b7da53e5..f5cf2a85ca0 100755 --- a/script/autobuild.py +++ b/script/autobuild.py @@ -623,7 +623,7 @@ tasks = { # retry with nonshared smbd and smbtorture ("no
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 3230cf3e23e auth: Fix CID 1458418 Null pointer dereferences (REVERSE_INULL) via 11f214df1e3 auth: Fix CID 1458420 Null pointer dereferences (REVERSE_INULL) from 7f836b10103 ctdb-tcp: Make error handling for outbound connection consistent https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 3230cf3e23ea49dd30300932c345590379840917 Author: Volker Lendecke Date: Wed Feb 12 15:40:32 2020 +0100 auth: Fix CID 1458418 Null pointer dereferences (REVERSE_INULL) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher (cherry picked from commit ef0350221e194a3dd3350eab02b38baeb32d8fd3) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Wed Feb 19 13:01:32 UTC 2020 on sn-devel-144 commit 11f214df1e3e0e75985e6fdc00568ed41342ffe6 Author: Volker Lendecke Date: Wed Feb 12 15:39:54 2020 +0100 auth: Fix CID 1458420 Null pointer dereferences (REVERSE_INULL) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher (cherry picked from commit 503fc8f2ba662ecbec0788bd1710440464dc5cfd) --- Summary of changes: source3/auth/auth_sam.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index cdb8453b311..f9764d87e3c 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -77,12 +77,13 @@ static NTSTATUS auth_samstrict_auth(const struct auth_context *auth_context, const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info) { - const char *effective_domain = user_info->mapped.domain_name; + const char *effective_domain = NULL; bool is_local_name, is_my_domain; if (!user_info || !auth_context) { return NT_STATUS_LOGON_FAILURE; } + effective_domain = user_info->mapped.domain_name; if (user_info->mapped.account_name == NULL || user_info->mapped.account_name[0] == '\0') @@ -181,12 +182,13 @@ static NTSTATUS auth_sam_netlogon3_auth(const struct auth_context *auth_context, const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info) { - const char *effective_domain = user_info->mapped.domain_name; + const char *effective_domain = NULL; bool is_my_domain; if (!user_info || !auth_context) { return NT_STATUS_LOGON_FAILURE; } + effective_domain = user_info->mapped.domain_name; if (user_info->mapped.account_name == NULL || user_info->mapped.account_name[0] == '\0') -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via e2b4c59 NEWS[4.12.0rc3]: Samba 4.12.0rc3 Available for Download from 3a09e92 Revert "css: Try to have red headlines in the news box." https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit e2b4c5924d914a5c8cb17b802f27b7ee99e09af5 Author: Karolin Seeger Date: Wed Feb 19 11:14:29 2020 +0100 NEWS[4.12.0rc3]: Samba 4.12.0rc3 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: posted_news/20200219-101527.4.12.0rc3.body.html | 12 posted_news/20200219-101527.4.12.0rc3.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20200219-101527.4.12.0rc3.body.html create mode 100644 posted_news/20200219-101527.4.12.0rc3.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20200219-101527.4.12.0rc3.body.html b/posted_news/20200219-101527.4.12.0rc3.body.html new file mode 100644 index 000..166b5db --- /dev/null +++ b/posted_news/20200219-101527.4.12.0rc3.body.html @@ -0,0 +1,12 @@ + +19 February 2020 +Samba 4.12.0rc3 Available for Download + +This is the third release candidate of the upcoming Samba 4.12 release series. + + +The uncompressed tarball has been signed using GnuPG (ID 6F33915B6568B7EA). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.12.0rc3.tar.gz;>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.12.0rc3.WHATSNEW.txt;>the release notes for more info. + + diff --git a/posted_news/20200219-101527.4.12.0rc3.headline.html b/posted_news/20200219-101527.4.12.0rc3.headline.html new file mode 100644 index 000..72419ad --- /dev/null +++ b/posted_news/20200219-101527.4.12.0rc3.headline.html @@ -0,0 +1,3 @@ + + 19 February 2020 Samba 4.12.0rc3 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - annotated tag samba-4.12.0rc3 created
The annotated tag, samba-4.12.0rc3 has been created at d5bf4a120daf5c0a9b437137920ced84ad1d2ded (tag) tagging 3a807493547d4bf88719634a85f06ed5f733d101 (commit) replaces samba-4.12.0rc2 tagged by Karolin Seeger on Wed Feb 19 11:13:43 2020 +0100 - Log - samba: tag release samba-4.12.0rc3 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXk0KVwAKCRBvM5FbZWi3 6tMvAJ4+WJFxG4/9drL14TRmiVZTf/i6mgCdHWKgAIu9mihBldzW5eGTQNWqH38= =qq9V -END PGP SIGNATURE- Andreas Schneider (2): libcli:smb: Improve check for gnutls_aead_cipher_(en|de)cryptv2 wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9 Andrew Bartlett (1): bootstrap: Remove un-used dependency python3-crypto Jeremy Allison (24): s3: VFS: Implement create_dfs_pathat() in catia. s3: VFS: Implement create_dfs_pathat() in cap s3: smbd: dfs: Cleanup, reformat calls to parse_msdfs_symlink() s3: smbd: dfs: Move lp_msdfs_shuffle_referrals() call out of parse_msdfs_symlink(). s3: smbd: dfs: Make parse_msdfs_symlink() external. s3: smbd: dfs: Apply some README.Coding to parse_msdfs_symlink(). s3: smbd: dfs: Allow parse_msdfs_symlink() to be called with NULL pointers. s3: smbd: dfs: Make parameter names consistent. s3: smbd: dfs: Clean up exits / talloc heirarchy in parse_msdfs_symlink(). s3: VFS: Add SMB_VFS_READ_DFS_PATHAT(). s3: VFS: ceph: Add vfswrap_ceph_read_dfs_pathat(). s3: VFS: gluster: Add vfs_gluster_read_dfs_pathat(). s3: VFS: shadow_copy2: Add shadow_copy2_read_dfs_pathat(). s3: VFS: cap: Add cap_read_dfs_pathat(). s3: VFS: catia: Add read_dfs_pathat(). s3: VFS: vfs_full_audit: Add read_dfs_pathat(). s3: VFS: vfs_time_audit: Add read_dfs_pathat(). s3: DFS: Change simple is_msdfs_link() call to use SMB_VFS_READ_DFS_PATHAT(). s3: DFS: Parse the returned target path in dfs_path_lookup(). s3: DFS: Change dfs_path_lookup() to return struct referral list and count directly. s3: DFS: Replace calls to is_msdfs_link_internal() inside dfs_path_lookup() with SMB_VFS_READ_DFS_PATHAT(). s3: DFS: Change the last use of is_msdfs_link_internal() -> SMB_VFS_READ_DFS_PATHAT() inside form_junctions(). s3: DFS: Remove is_msdfs_link_internal() - no longer used. WHATSNEW.txt update explaining SMB_VFS_CREATE_DFS_PATHAT() / SMB_VFS_READ_DFS_PATHAT(). Karolin Seeger (4): VERSION: Bump version up to 4.12.0rc3... WHATSNEW: Add some more changes since 4.11. VERSION: Add release notes for Samba 4.12.0rc3. VERSION: Disable GIT_SNAPSHOT for the 4.12.0rc3 release. Martin Schwenke (1): ctdb-tcp: Make error handling for outbound connection consistent Stefan Metzmacher (12): libcli:smb: Don't use forward declartions for GnuTLS typedefs s3:auth_sam: replace confusing FALL_THROUGH; with break; s3:auth_sam: unify the debug messages of all auth_sam*_auth() functions s3:auth_sam: make sure we never handle empty usernames s3:auth_sam: introduce effective_domain helper variables s3:selftest: test authentication with an empty userdomain and upn names s3:auth_sam: map an empty domain or '.' to the local SAM name winbindd: handling missing idmap in getgrgid() lib/replace: remove unused check for aio.h bootstrap: replace libaio-dev/libaio-devel with liburing-dev/liburing-devel s3:modules: add vfs_io_uring module WHATSNEW: announce vfs_io_uring Volker Lendecke (6): auth: Fix CID 1458420 Null pointer dereferences (REVERSE_INULL) auth: Fix CID 1458418 Null pointer dereferences (REVERSE_INULL) lib: Simplify register_msg_pool_usage() lib: Add a TALLOC_CTX to base register_msg_pool_usage() on lib: Introduce messaging_context->per_process_talloc_ctx lib: Fix a shutdown crash with "clustering = yes" --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-12-test updated
The branch, v4-12-test has been updated via f72bb650ec3 VERSION: Bump version up to 4.12.0rc4... via 3a807493547 VERSION: Disable GIT_SNAPSHOT for the 4.12.0rc3 release. via 5987adfa00c VERSION: Add release notes for Samba 4.12.0rc3. from 19d74ce5f5b WHATSNEW.txt update explaining SMB_VFS_CREATE_DFS_PATHAT() / SMB_VFS_READ_DFS_PATHAT(). https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test - Log - commit f72bb650ec393d12e7c5dbb7290970506f097184 Author: Karolin Seeger Date: Wed Feb 19 11:09:30 2020 +0100 VERSION: Bump version up to 4.12.0rc4... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 3a807493547d4bf88719634a85f06ed5f733d101 Author: Karolin Seeger Date: Wed Feb 19 11:08:49 2020 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.12.0rc3 release. Signed-off-by: Karolin Seeger commit 5987adfa00c17391bdfe27937eac258fa9ae53fb Author: Karolin Seeger Date: Wed Feb 19 11:08:16 2020 +0100 VERSION: Add release notes for Samba 4.12.0rc3. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 28 +++- 2 files changed, 28 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 2e3b9b6b2fb..067d3ce3120 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=3 +SAMBA_VERSION_RC_RELEASE=4 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 78beb5ac12c..ab161cbe811 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the second release candidate of Samba 4.12. This is *not* +This is the third release candidate of Samba 4.12. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -195,6 +195,32 @@ smb.conf changes spotlight backend Newnoindex +CHANGES SINCE 4.12.0rc2 +=== + +o Jeremy Allison + * BUG 14282: Set getting and setting of MS-DFS redirects on the filesystem + to go through two new VFS functions SMB_VFS_CREATE_DFS_PATHAT() and + SMB_VFS_READ_DFS_PATHAT(). + +o Andrew Bartlett + * BUG 14255: bootstrap: Remove un-used dependency python3-crypto. + +o Volker Lendecke + * BUG 14247: Fix CID 1458418 and 1458420. + * BUG 14281: lib: Fix a shutdown crash with "clustering = yes". + +o Stefan Metzmacher + * BUG 14247: Winbind member (source3) fails local SAM auth with empty domain + name. + * BUG 14265: winbindd: Handle missing idmap in getgrgid(). + * BUG 14271: Don't use forward declaration for GnuTLS typedefs. + * BUG 14280: Add io_uring vfs module. + +o Andreas Schneider + * BUG 14250: libcli:smb: Improve check for gnutls_aead_cipher_(en|de)cryptv2. + + CHANGES SINCE 4.12.0rc1 === -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-12-test updated
The branch, v4-12-test has been updated via 19d74ce5f5b WHATSNEW.txt update explaining SMB_VFS_CREATE_DFS_PATHAT() / SMB_VFS_READ_DFS_PATHAT(). via 6c886973fa0 s3: DFS: Remove is_msdfs_link_internal() - no longer used. via bbbfc6b8acd s3: DFS: Change the last use of is_msdfs_link_internal() -> SMB_VFS_READ_DFS_PATHAT() inside form_junctions(). via 8690880313a s3: DFS: Replace calls to is_msdfs_link_internal() inside dfs_path_lookup() with SMB_VFS_READ_DFS_PATHAT(). via 92722a1b63a s3: DFS: Change dfs_path_lookup() to return struct referral list and count directly. via 007c96ab6e2 s3: DFS: Parse the returned target path in dfs_path_lookup(). via 967e0e15fc9 s3: DFS: Change simple is_msdfs_link() call to use SMB_VFS_READ_DFS_PATHAT(). via ce94b410867 s3: VFS: vfs_time_audit: Add read_dfs_pathat(). via 2633e182133 s3: VFS: vfs_full_audit: Add read_dfs_pathat(). via dfabe8e731e s3: VFS: catia: Add read_dfs_pathat(). via 895c06ccec2 s3: VFS: cap: Add cap_read_dfs_pathat(). via 13c6e747da1 s3: VFS: shadow_copy2: Add shadow_copy2_read_dfs_pathat(). via 5c8f5a48df7 s3: VFS: gluster: Add vfs_gluster_read_dfs_pathat(). via 7bbfc1c3a8c s3: VFS: ceph: Add vfswrap_ceph_read_dfs_pathat(). via 6fae0415d55 s3: VFS: Add SMB_VFS_READ_DFS_PATHAT(). via 6d5220f23cf s3: smbd: dfs: Clean up exits / talloc heirarchy in parse_msdfs_symlink(). via b4285b8d1b1 s3: smbd: dfs: Make parameter names consistent. via c13c6e44918 s3: smbd: dfs: Allow parse_msdfs_symlink() to be called with NULL pointers. via 2f2794a7241 s3: smbd: dfs: Apply some README.Coding to parse_msdfs_symlink(). via 9f87784686d s3: smbd: dfs: Make parse_msdfs_symlink() external. via 3ff14a2e5a3 s3: smbd: dfs: Move lp_msdfs_shuffle_referrals() call out of parse_msdfs_symlink(). via 7f034780869 s3: smbd: dfs: Cleanup, reformat calls to parse_msdfs_symlink() via 1ba9c318ae1 s3: VFS: Implement create_dfs_pathat() in cap via ce3bf591e2f s3: VFS: Implement create_dfs_pathat() in catia. via 59815861b2e WHATSNEW: announce vfs_io_uring via a1486fb2837 s3:modules: add vfs_io_uring module via ac78557df8e bootstrap: replace libaio-dev/libaio-devel with liburing-dev/liburing-devel via 40c84bfcdd2 lib/replace: remove unused check for aio.h via 9463a387831 lib: Fix a shutdown crash with "clustering = yes" via fd63e94a282 lib: Introduce messaging_context->per_process_talloc_ctx via 1b4db22b160 lib: Add a TALLOC_CTX to base register_msg_pool_usage() on via 60deff09d09 lib: Simplify register_msg_pool_usage() from 46ff9e1bca8 auth: Fix CID 1458418 Null pointer dereferences (REVERSE_INULL) https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test - Log - commit 19d74ce5f5b649d7f75c18f4430331c948d7e96c Author: Jeremy Allison Date: Tue Feb 18 16:23:22 2020 -0800 WHATSNEW.txt update explaining SMB_VFS_CREATE_DFS_PATHAT() / SMB_VFS_READ_DFS_PATHAT(). Signed-off-by: Jeremy Allison Autobuild-User(v4-12-test): Karolin Seeger Autobuild-Date(v4-12-test): Wed Feb 19 07:52:15 UTC 2020 on sn-devel-184 commit 6c886973fa07f88db0ddd31e0cc28e05ad988000 Author: Jeremy Allison Date: Wed Feb 12 13:54:08 2020 -0800 s3: DFS: Remove is_msdfs_link_internal() - no longer used. All DFS links are now read through the VFS and not via symlink calls. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14282 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Feb 18 22:34:16 UTC 2020 on sn-devel-184 (cherry picked from commit 9ee1320049cf148a2bb102bbdee4a4bcc24c0de1) commit bbbfc6b8acd4187959c1905768f0e05792302091 Author: Jeremy Allison Date: Wed Feb 12 13:52:58 2020 -0800 s3: DFS: Change the last use of is_msdfs_link_internal() -> SMB_VFS_READ_DFS_PATHAT() inside form_junctions(). is_msdfs_link_internal() is no longer used. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14282 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit 94068b5438013479b0426fea7f83bbd7f8f935e9) commit 8690880313af37fd4d003f216fa6d16a9ee1ea9e Author: Jeremy Allison Date: Wed Feb 12 13:41:56 2020 -0800 s3: DFS: Replace calls to is_msdfs_link_internal() inside dfs_path_lookup() with SMB_VFS_READ_DFS_PATHAT(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14282 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit 3c77a9e7116bc3f1e3c9bf89c28a32bdb6cdffe1) commit 92722a1b63a6209516d8d6fd606fde4b8d51e25f Author: Jeremy Allison Date: Wed Feb 12 13:17:51 2020 -0800
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via 4ee5642bea3 auth: Fix CID 1458418 Null pointer dereferences (REVERSE_INULL) via 40b7c3c99ae auth: Fix CID 1458420 Null pointer dereferences (REVERSE_INULL) from 972d4418ae0 ctdb-tcp: Make error handling for outbound connection consistent https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit 4ee5642bea361a3308df4743c69e6f10052a262a Author: Volker Lendecke Date: Wed Feb 12 15:40:32 2020 +0100 auth: Fix CID 1458418 Null pointer dereferences (REVERSE_INULL) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher (cherry picked from commit ef0350221e194a3dd3350eab02b38baeb32d8fd3) Autobuild-User(v4-11-test): Karolin Seeger Autobuild-Date(v4-11-test): Wed Feb 19 06:19:13 UTC 2020 on sn-devel-184 commit 40b7c3c99aeb858100f0d14913fc2c03bcdcdb98 Author: Volker Lendecke Date: Wed Feb 12 15:39:54 2020 +0100 auth: Fix CID 1458420 Null pointer dereferences (REVERSE_INULL) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher (cherry picked from commit 503fc8f2ba662ecbec0788bd1710440464dc5cfd) --- Summary of changes: source3/auth/auth_sam.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index cdb8453b311..f9764d87e3c 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -77,12 +77,13 @@ static NTSTATUS auth_samstrict_auth(const struct auth_context *auth_context, const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info) { - const char *effective_domain = user_info->mapped.domain_name; + const char *effective_domain = NULL; bool is_local_name, is_my_domain; if (!user_info || !auth_context) { return NT_STATUS_LOGON_FAILURE; } + effective_domain = user_info->mapped.domain_name; if (user_info->mapped.account_name == NULL || user_info->mapped.account_name[0] == '\0') @@ -181,12 +182,13 @@ static NTSTATUS auth_sam_netlogon3_auth(const struct auth_context *auth_context, const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info) { - const char *effective_domain = user_info->mapped.domain_name; + const char *effective_domain = NULL; bool is_my_domain; if (!user_info || !auth_context) { return NT_STATUS_LOGON_FAILURE; } + effective_domain = user_info->mapped.domain_name; if (user_info->mapped.account_name == NULL || user_info->mapped.account_name[0] == '\0') -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-12-test updated
The branch, v4-12-test has been updated via 46ff9e1bca8 auth: Fix CID 1458418 Null pointer dereferences (REVERSE_INULL) via 1e61aa6d46f auth: Fix CID 1458420 Null pointer dereferences (REVERSE_INULL) via 3e222ac6b93 ctdb-tcp: Make error handling for outbound connection consistent from b1fba6c7a06 winbindd: handling missing idmap in getgrgid() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test - Log - commit 46ff9e1bca8645deb3b9b5d9630358b0cee8f607 Author: Volker Lendecke Date: Wed Feb 12 15:40:32 2020 +0100 auth: Fix CID 1458418 Null pointer dereferences (REVERSE_INULL) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher (cherry picked from commit ef0350221e194a3dd3350eab02b38baeb32d8fd3) Autobuild-User(v4-12-test): Karolin Seeger Autobuild-Date(v4-12-test): Tue Feb 18 09:27:36 UTC 2020 on sn-devel-184 commit 1e61aa6d46f1bc37e5ec8f1f8499e5078c316bc4 Author: Volker Lendecke Date: Wed Feb 12 15:39:54 2020 +0100 auth: Fix CID 1458420 Null pointer dereferences (REVERSE_INULL) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher (cherry picked from commit 503fc8f2ba662ecbec0788bd1710440464dc5cfd) commit 3e222ac6b9329dfbf34f124fae0b0f64d2cd76ac Author: Martin Schwenke Date: Tue Jan 28 16:49:14 2020 +1100 ctdb-tcp: Make error handling for outbound connection consistent If we can't bind the local end of an outgoing connection then something has gone wrong. Retrying is better than failing into a zombie state. The interface might come back up and/or the address my be reconfigured. While here, do the same thing for the other (potentially transient) failures. The unknown address family failure is special but just handle it via a retry. Technically it can't happen because the node address parsing can only return values with address family AF_INET or AF_INET6. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14274 RN: Retry inter-node TCP connections on more transient failures Reported-by: 耿纪超 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit a40fc709cc972dadb40efbf1394b10fae3cfcc07) --- Summary of changes: ctdb/tcp/tcp_connect.c | 36 +--- source3/auth/auth_sam.c | 6 -- 2 files changed, 21 insertions(+), 21 deletions(-) Changeset truncated at 500 lines: diff --git a/ctdb/tcp/tcp_connect.c b/ctdb/tcp/tcp_connect.c index f54086fcd3c..559442f14bf 100644 --- a/ctdb/tcp/tcp_connect.c +++ b/ctdb/tcp/tcp_connect.c @@ -181,16 +181,14 @@ void ctdb_tcp_node_connect(struct tevent_context *ev, struct tevent_timer *te, tnode->out_fd = socket(sock_out.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); if (tnode->out_fd == -1) { DBG_ERR("Failed to create socket\n"); - return; + goto failed; } ret = set_blocking(tnode->out_fd, false); if (ret != 0) { DBG_ERR("Failed to set socket non-blocking (%s)\n", strerror(errno)); - close(tnode->out_fd); - tnode->out_fd = -1; - return; + goto failed; } set_close_on_exec(tnode->out_fd); @@ -222,32 +220,22 @@ void ctdb_tcp_node_connect(struct tevent_context *ev, struct tevent_timer *te, sockout_size = sizeof(sock_out.ip6); break; default: - DEBUG(DEBUG_ERR, (__location__ " unknown family %u\n", - sock_in.sa.sa_family)); - close(tnode->out_fd); - tnode->out_fd = -1; - return; + DBG_ERR("Unknown address family %u\n", sock_in.sa.sa_family); + /* Can't happen to due to address parsing restrictions */ + goto failed; } ret = bind(tnode->out_fd, (struct sockaddr *)_in, sockin_size); if (ret == -1) { DBG_ERR("Failed to bind socket (%s)\n", strerror(errno)); - close(tnode->out_fd); - tnode->out_fd = -1; - return; + goto failed; } ret = connect(tnode->out_fd, (struct sockaddr *)_out, sockout_size); if (ret != 0 && errno != EINPROGRESS) { - ctdb_tcp_stop_connection(node); - tnode->connect_te = tevent_add_timer(ctdb->ev, -
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 7f836b10103 ctdb-tcp: Make error handling for outbound connection consistent from f3eebacb127 winbindd: handling missing idmap in getgrgid() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 7f836b101030b4cf76eeb729acab29ad3e413961 Author: Martin Schwenke Date: Tue Jan 28 16:49:14 2020 +1100 ctdb-tcp: Make error handling for outbound connection consistent If we can't bind the local end of an outgoing connection then something has gone wrong. Retrying is better than failing into a zombie state. The interface might come back up and/or the address my be reconfigured. While here, do the same thing for the other (potentially transient) failures. The unknown address family failure is special but just handle it via a retry. Technically it can't happen because the node address parsing can only return values with address family AF_INET or AF_INET6. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14274 RN: Retry inter-node TCP connections on more transient failures Reported-by: 耿纪超 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit a40fc709cc972dadb40efbf1394b10fae3cfcc07) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Mon Feb 17 15:50:11 UTC 2020 on sn-devel-144 --- Summary of changes: ctdb/tcp/tcp_connect.c | 36 +--- 1 file changed, 17 insertions(+), 19 deletions(-) Changeset truncated at 500 lines: diff --git a/ctdb/tcp/tcp_connect.c b/ctdb/tcp/tcp_connect.c index 0b5d021480a..e0167740602 100644 --- a/ctdb/tcp/tcp_connect.c +++ b/ctdb/tcp/tcp_connect.c @@ -183,16 +183,14 @@ void ctdb_tcp_node_connect(struct tevent_context *ev, struct tevent_timer *te, tnode->out_fd = socket(sock_out.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); if (tnode->out_fd == -1) { DBG_ERR("Failed to create socket\n"); - return; + goto failed; } ret = set_blocking(tnode->out_fd, false); if (ret != 0) { DBG_ERR("Failed to set socket non-blocking (%s)\n", strerror(errno)); - close(tnode->out_fd); - tnode->out_fd = -1; - return; + goto failed; } set_close_on_exec(tnode->out_fd); @@ -224,32 +222,22 @@ void ctdb_tcp_node_connect(struct tevent_context *ev, struct tevent_timer *te, sockout_size = sizeof(sock_out.ip6); break; default: - DEBUG(DEBUG_ERR, (__location__ " unknown family %u\n", - sock_in.sa.sa_family)); - close(tnode->out_fd); - tnode->out_fd = -1; - return; + DBG_ERR("Unknown address family %u\n", sock_in.sa.sa_family); + /* Can't happen to due to address parsing restrictions */ + goto failed; } ret = bind(tnode->out_fd, (struct sockaddr *)_in, sockin_size); if (ret == -1) { DBG_ERR("Failed to bind socket (%s)\n", strerror(errno)); - close(tnode->out_fd); - tnode->out_fd = -1; - return; + goto failed; } ret = connect(tnode->out_fd, (struct sockaddr *)_out, sockout_size); if (ret != 0 && errno != EINPROGRESS) { - ctdb_tcp_stop_connection(node); - tnode->connect_te = tevent_add_timer(ctdb->ev, -tnode, -timeval_current_ofs(1, 0), -ctdb_tcp_node_connect, -node); - return; + goto failed; } /* non-blocking connect - wait for write event */ @@ -268,6 +256,16 @@ void ctdb_tcp_node_connect(struct tevent_context *ev, struct tevent_timer *te, timeval_current_ofs(1, 0), ctdb_tcp_node_connect, node); + + return; + +failed: + ctdb_tcp_stop_connection(node); + tnode->connect_te = tevent_add_timer(ctdb->ev, +tnode, +timeval_current_ofs(1, 0), +ctdb_tcp_node_connect, +node); } /* -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via 972d4418ae0 ctdb-tcp: Make error handling for outbound connection consistent from 70a36a668ca winbindd: handling missing idmap in getgrgid() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit 972d4418ae01684d447061812fa5b4e03820f454 Author: Martin Schwenke Date: Tue Jan 28 16:49:14 2020 +1100 ctdb-tcp: Make error handling for outbound connection consistent If we can't bind the local end of an outgoing connection then something has gone wrong. Retrying is better than failing into a zombie state. The interface might come back up and/or the address my be reconfigured. While here, do the same thing for the other (potentially transient) failures. The unknown address family failure is special but just handle it via a retry. Technically it can't happen because the node address parsing can only return values with address family AF_INET or AF_INET6. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14274 RN: Retry inter-node TCP connections on more transient failures Reported-by: 耿纪超 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit a40fc709cc972dadb40efbf1394b10fae3cfcc07) Autobuild-User(v4-11-test): Karolin Seeger Autobuild-Date(v4-11-test): Mon Feb 17 13:13:01 UTC 2020 on sn-devel-184 --- Summary of changes: ctdb/tcp/tcp_connect.c | 36 +--- 1 file changed, 17 insertions(+), 19 deletions(-) Changeset truncated at 500 lines: diff --git a/ctdb/tcp/tcp_connect.c b/ctdb/tcp/tcp_connect.c index a75f35a809e..04897f44249 100644 --- a/ctdb/tcp/tcp_connect.c +++ b/ctdb/tcp/tcp_connect.c @@ -183,16 +183,14 @@ void ctdb_tcp_node_connect(struct tevent_context *ev, struct tevent_timer *te, tnode->out_fd = socket(sock_out.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); if (tnode->out_fd == -1) { DBG_ERR("Failed to create socket\n"); - return; + goto failed; } ret = set_blocking(tnode->out_fd, false); if (ret != 0) { DBG_ERR("Failed to set socket non-blocking (%s)\n", strerror(errno)); - close(tnode->out_fd); - tnode->out_fd = -1; - return; + goto failed; } set_close_on_exec(tnode->out_fd); @@ -224,32 +222,22 @@ void ctdb_tcp_node_connect(struct tevent_context *ev, struct tevent_timer *te, sockout_size = sizeof(sock_out.ip6); break; default: - DEBUG(DEBUG_ERR, (__location__ " unknown family %u\n", - sock_in.sa.sa_family)); - close(tnode->out_fd); - tnode->out_fd = -1; - return; + DBG_ERR("Unknown address family %u\n", sock_in.sa.sa_family); + /* Can't happen to due to address parsing restrictions */ + goto failed; } ret = bind(tnode->out_fd, (struct sockaddr *)_in, sockin_size); if (ret == -1) { DBG_ERR("Failed to bind socket (%s)\n", strerror(errno)); - close(tnode->out_fd); - tnode->out_fd = -1; - return; + goto failed; } ret = connect(tnode->out_fd, (struct sockaddr *)_out, sockout_size); if (ret != 0 && errno != EINPROGRESS) { - ctdb_tcp_stop_connection(node); - tnode->connect_te = tevent_add_timer(ctdb->ev, -tnode, -timeval_current_ofs(1, 0), -ctdb_tcp_node_connect, -node); - return; + goto failed; } /* non-blocking connect - wait for write event */ @@ -268,6 +256,16 @@ void ctdb_tcp_node_connect(struct tevent_context *ev, struct tevent_timer *te, timeval_current_ofs(1, 0), ctdb_tcp_node_connect, node); + + return; + +failed: + ctdb_tcp_stop_connection(node); + tnode->connect_te = tevent_add_timer(ctdb->ev, +tnode, +timeval_current_ofs(1, 0), +ctdb_tcp_node_connect, +node); } /* -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via 70a36a668ca winbindd: handling missing idmap in getgrgid() via f778dc20b5a s3:auth_sam: map an empty domain or '.' to the local SAM name via c880f3539a1 s3:selftest: test authentication with an empty userdomain and upn names via 58d1613609c s3:auth_sam: introduce effective_domain helper variables via f8e11e6ca9a s3:auth_sam: make sure we never handle empty usernames via 5f8e3650f06 s3:auth_sam: unify the debug messages of all auth_sam*_auth() functions via 2db313bdb57 s3:auth_sam: replace confusing FALL_THROUGH; with break; from 5f57256cf52 script/release.sh: Don't use quotations any longer. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit 70a36a668caf4e3e1dbfb1aad991b13608032a74 Author: Stefan Metzmacher Date: Wed Jan 22 17:00:07 2020 + winbindd: handling missing idmap in getgrgid() A similar hunk was added via commit 89f753c1fc824fef29aebb7d783ab7e09cd1f04e ("winbind: Use xids2sids in getpwuid"), but it was missing in commit e2dda192e7f8b65a5f02120be56cf0f07d03679f ("winbind: Use xids2sids in getgrgid") BUG: https://bugzilla.samba.org/show_bug.cgi?id=14265 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Wed Feb 5 17:56:58 UTC 2020 on sn-devel-184 (cherry picked from commit 4d0bda9467ac3f45f85f48a281cdb173ce1064eb) Autobuild-User(v4-11-test): Karolin Seeger Autobuild-Date(v4-11-test): Tue Feb 11 13:08:14 UTC 2020 on sn-devel-184 commit f778dc20b5af18b46260bc2f3791605f1874f38b Author: Stefan Metzmacher Date: Thu Jan 23 16:21:43 2020 +0100 s3:auth_sam: map an empty domain or '.' to the local SAM name When a domain member gets an empty domain name or '.', it should not forward the authentication to domain controllers of the primary domain. But we need to keep passing UPN account names with an empty domain to the DCs as a domain member. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit 590df382bea44eec2dbfd2a28c659b0a29188bca) commit c880f3539a11ee96235ca1505e3ca6a8a62ba388 Author: Stefan Metzmacher Date: Tue Feb 4 11:32:05 2020 +0100 s3:selftest: test authentication with an empty userdomain and upn names BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit a9eeea6ef78cc44c8423c7125fa1376921060018) commit 58d1613609cc4358e822adbe484e8c7d0da770c7 Author: Stefan Metzmacher Date: Thu Jan 23 16:21:43 2020 +0100 s3:auth_sam: introduce effective_domain helper variables BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit a63e2a312c761093fedb09bd234b6736485a930a) commit f8e11e6ca9ace9c1abf2eaa7dd7038852591ea07 Author: Stefan Metzmacher Date: Thu Jan 23 16:17:30 2020 +0100 s3:auth_sam: make sure we never handle empty usernames BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit 01b8374e7942141e7f6cbdec7623c981a008e4c1) commit 5f8e3650f06ff1d768ee2e11515a2051f8febd29 Author: Stefan Metzmacher Date: Thu Jan 23 16:13:59 2020 +0100 s3:auth_sam: unify the debug messages of all auth_sam*_auth() functions BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit 72ef8d3a52c1ab07c079a4c014ba8ac7bff528f7) commit 2db313bdb57acb67733e51021a19bd42d245ea75 Author: Stefan Metzmacher Date: Thu Jan 23 15:48:39 2020 +0100 s3:auth_sam: replace confusing FALL_THROUGH; with break; There's no real logic change here, but is makes it easier to understand. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit 85b168c6dac88f5065c0ec6e925937439f2c12ed) --- Summary of changes: python/samba/tests/auth_log_winbind.py | 4 +- selftest/knownfail.d/empty-domain-name | 7 +++ source3/auth/auth_sam.c| 83 ++ source3/selftest/tests.py | 8 source3/winbindd/winbindd_getgrgid.c | 4 ++ 5 files changed, 95 insertions(+), 11 deletions(-) create mode 100644 selftest/knownfail.d/empty-domain-name Changeset truncated
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via f3eebacb127 winbindd: handling missing idmap in getgrgid() via 8d069f20ec1 s3:auth_sam: map an empty domain or '.' to the local SAM name via f1b3a95852a s3:selftest: test authentication with an empty userdomain and upn names via f4706d85b95 s3:auth_sam: introduce effective_domain helper variables via 731ae2864d8 s3:auth_sam: make sure we never handle empty usernames via 33b37926b25 s3:auth_sam: unify the debug messages of all auth_sam*_auth() functions via d5fa47e02ff s3:auth_sam: replace confusing FALL_THROUGH; with break; from 105e48e2712 script/release.sh: Don't use quotations any longer. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit f3eebacb127d11598cdeb22e27edd6dcc133b741 Author: Stefan Metzmacher Date: Wed Jan 22 17:00:07 2020 + winbindd: handling missing idmap in getgrgid() A similar hunk was added via commit 89f753c1fc824fef29aebb7d783ab7e09cd1f04e ("winbind: Use xids2sids in getpwuid"), but it was missing in commit e2dda192e7f8b65a5f02120be56cf0f07d03679f ("winbind: Use xids2sids in getgrgid") BUG: https://bugzilla.samba.org/show_bug.cgi?id=14265 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Wed Feb 5 17:56:58 UTC 2020 on sn-devel-184 (cherry picked from commit 4d0bda9467ac3f45f85f48a281cdb173ce1064eb) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Tue Feb 11 12:26:52 UTC 2020 on sn-devel-144 commit 8d069f20ec164bb5e6ff19ea33c6e65246ef1bb9 Author: Stefan Metzmacher Date: Thu Jan 23 16:21:43 2020 +0100 s3:auth_sam: map an empty domain or '.' to the local SAM name When a domain member gets an empty domain name or '.', it should not forward the authentication to domain controllers of the primary domain. But we need to keep passing UPN account names with an empty domain to the DCs as a domain member. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit 590df382bea44eec2dbfd2a28c659b0a29188bca) commit f1b3a95852a1338d85712ba0e83a2664a6445f91 Author: Stefan Metzmacher Date: Tue Feb 4 11:32:05 2020 +0100 s3:selftest: test authentication with an empty userdomain and upn names BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit a9eeea6ef78cc44c8423c7125fa1376921060018) commit f4706d85b9515eea110f636b73e3cd17ac38a914 Author: Stefan Metzmacher Date: Thu Jan 23 16:21:43 2020 +0100 s3:auth_sam: introduce effective_domain helper variables BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit a63e2a312c761093fedb09bd234b6736485a930a) commit 731ae2864d84e27fc1466852eb88976b1e11c67d Author: Stefan Metzmacher Date: Thu Jan 23 16:17:30 2020 +0100 s3:auth_sam: make sure we never handle empty usernames BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit 01b8374e7942141e7f6cbdec7623c981a008e4c1) commit 33b37926b253e0408a03f5fa04a8231c472f08d5 Author: Stefan Metzmacher Date: Thu Jan 23 16:13:59 2020 +0100 s3:auth_sam: unify the debug messages of all auth_sam*_auth() functions BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit 72ef8d3a52c1ab07c079a4c014ba8ac7bff528f7) commit d5fa47e02ffa8bff32456ac1c34b40f0169addbf Author: Stefan Metzmacher Date: Thu Jan 23 15:48:39 2020 +0100 s3:auth_sam: replace confusing FALL_THROUGH; with break; There's no real logic change here, but is makes it easier to understand. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit 85b168c6dac88f5065c0ec6e925937439f2c12ed) --- Summary of changes: selftest/knownfail.d/empty-domain-name | 7 +++ source3/auth/auth_sam.c| 83 ++ source3/selftest/tests.py | 8 source3/winbindd/winbindd_getgrgid.c | 4 ++ 4 files changed, 93 insertions(+), 9 deletions(-) create mode 100644 selftest/knownfail.d/empty-domain-name Changeset truncated at 500 lines: diff --git a/selftest/knownfail.d/
[SCM] Samba Shared Repository - branch v4-12-test updated
The branch, v4-12-test has been updated via b1fba6c7a06 winbindd: handling missing idmap in getgrgid() via 7163ae8a772 bootstrap: Remove un-used dependency python3-crypto via 9c1b614e11a s3:auth_sam: map an empty domain or '.' to the local SAM name via 2b56b5a05af s3:selftest: test authentication with an empty userdomain and upn names via c579ab09a9b s3:auth_sam: introduce effective_domain helper variables via f9ac1033177 s3:auth_sam: make sure we never handle empty usernames via 88b89f0a3d1 s3:auth_sam: unify the debug messages of all auth_sam*_auth() functions via 5d852de752b s3:auth_sam: replace confusing FALL_THROUGH; with break; from 9a177304331 libcli:smb: Don't use forward declartions for GnuTLS typedefs https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test - Log - commit b1fba6c7a066e577e637acc0f8968c2ec264f0ea Author: Stefan Metzmacher Date: Wed Jan 22 17:00:07 2020 + winbindd: handling missing idmap in getgrgid() A similar hunk was added via commit 89f753c1fc824fef29aebb7d783ab7e09cd1f04e ("winbind: Use xids2sids in getpwuid"), but it was missing in commit e2dda192e7f8b65a5f02120be56cf0f07d03679f ("winbind: Use xids2sids in getgrgid") BUG: https://bugzilla.samba.org/show_bug.cgi?id=14265 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Wed Feb 5 17:56:58 UTC 2020 on sn-devel-184 (cherry picked from commit 4d0bda9467ac3f45f85f48a281cdb173ce1064eb) Autobuild-User(v4-12-test): Karolin Seeger Autobuild-Date(v4-12-test): Tue Feb 11 10:01:33 UTC 2020 on sn-devel-184 commit 7163ae8a7720f4acfb818666bc8a31abddf447b0 Author: Andrew Bartlett Date: Sat Dec 14 06:59:45 2019 +1300 bootstrap: Remove un-used dependency python3-crypto This became unused in bbeef554f2c15e739f6095fcb57d9ef6646b411c (except for repl_cleartext_pwd.py, a development script) and we now use GnuTLS via a Samba wrapper. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14255 Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider (cherry picked from commit 446c92017369007139af7532dae8503f9db40d48) commit 9c1b614e11a3fdf418f87f03f6df5be0a7706330 Author: Stefan Metzmacher Date: Thu Jan 23 16:21:43 2020 +0100 s3:auth_sam: map an empty domain or '.' to the local SAM name When a domain member gets an empty domain name or '.', it should not forward the authentication to domain controllers of the primary domain. But we need to keep passing UPN account names with an empty domain to the DCs as a domain member. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit 590df382bea44eec2dbfd2a28c659b0a29188bca) commit 2b56b5a05af48bc7c233c8289c80aadd96c268b4 Author: Stefan Metzmacher Date: Tue Feb 4 11:32:05 2020 +0100 s3:selftest: test authentication with an empty userdomain and upn names BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit a9eeea6ef78cc44c8423c7125fa1376921060018) commit c579ab09a9b1b3f4832ad9785bf659d319086b45 Author: Stefan Metzmacher Date: Thu Jan 23 16:21:43 2020 +0100 s3:auth_sam: introduce effective_domain helper variables BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit a63e2a312c761093fedb09bd234b6736485a930a) commit f9ac1033177bef15cb911723ef877beaa83a9517 Author: Stefan Metzmacher Date: Thu Jan 23 16:17:30 2020 +0100 s3:auth_sam: make sure we never handle empty usernames BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit 01b8374e7942141e7f6cbdec7623c981a008e4c1) commit 88b89f0a3d1cb5e7c0734e231631cc475c7588b9 Author: Stefan Metzmacher Date: Thu Jan 23 16:13:59 2020 +0100 s3:auth_sam: unify the debug messages of all auth_sam*_auth() functions BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit 72ef8d3a52c1ab07c079a4c014ba8ac7bff528f7) commit 5d852de752b18a470fd07108a6f7f59bb0e753c8 Author: Stefan Metzmacher Date: Thu Jan 23 15:48:39 2020 +0100 s3:auth_sam: replace confusing FALL_THROUGH; with break; There's no real logic change here, but is makes it easier to understand. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 3a09e92 Revert "css: Try to have red headlines in the news box." via 22b195b Revert "Make headlines in news box clickable." from 2b34684 Make headlines in news box clickable. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 3a09e92b1ebdab7a5b31537d0a7ffafa69a7663a Author: Karolin Seeger Date: Tue Feb 11 10:27:34 2020 +0100 Revert "css: Try to have red headlines in the news box." This reverts commit 2b4e03f99a8a3e58ca80d8a9ef1951300ee22329. commit 22b195bd2d251825655fed44806a825f3e594ef6 Author: Karolin Seeger Date: Tue Feb 11 10:27:25 2020 +0100 Revert "Make headlines in news box clickable." This reverts commit 2b346848a9325ec88b1ef4c646948d0f71967f89. --- Summary of changes: index.html | 4 ++-- style/2010/grey/screen.css | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/index.html b/index.html index c51eea2..be6752a 100644 --- a/index.html +++ b/index.html @@ -49,7 +49,7 @@ - Donations + Donations Nowadays, the Samba Team @@ -62,7 +62,7 @@ - Latest News + Latest News diff --git a/style/2010/grey/screen.css b/style/2010/grey/screen.css index b899529..93fc28e 100644 --- a/style/2010/grey/screen.css +++ b/style/2010/grey/screen.css @@ -505,7 +505,6 @@ body * { #bd #specialBoxNews h5 { font-weight: normal; - color: #c9; } #bd .specialBox .specialBoxContent { -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 2b34684 Make headlines in news box clickable. via 2b4e03f css: Try to have red headlines in the news box. from 8a4185c NEWS[sambaXP_2020]: sambaXP 2020 https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 2b346848a9325ec88b1ef4c646948d0f71967f89 Author: Karolin Seeger Date: Tue Feb 11 10:10:46 2020 +0100 Make headlines in news box clickable. Signed-off-by: Karolin Seeger commit 2b4e03f99a8a3e58ca80d8a9ef1951300ee22329 Author: Karolin Seeger Date: Tue Feb 11 10:10:18 2020 +0100 css: Try to have red headlines in the news box. Signed-off-by: Karolin Seeger --- Summary of changes: index.html | 4 ++-- style/2010/grey/screen.css | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/index.html b/index.html index be6752a..c51eea2 100644 --- a/index.html +++ b/index.html @@ -49,7 +49,7 @@ - Donations + Donations Nowadays, the Samba Team @@ -62,7 +62,7 @@ - Latest News + Latest News diff --git a/style/2010/grey/screen.css b/style/2010/grey/screen.css index 93fc28e..b899529 100644 --- a/style/2010/grey/screen.css +++ b/style/2010/grey/screen.css @@ -505,6 +505,7 @@ body * { #bd #specialBoxNews h5 { font-weight: normal; + color: #c9; } #bd .specialBox .specialBoxContent { -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 8a4185c NEWS[sambaXP_2020]: sambaXP 2020 from 9a8f9d0 NEWS[4.12.0rc2]: Samba 4.12.0rc2 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 8a4185c21e92808402a7c31f0b3ed4d9a749689d Author: Karolin Seeger Date: Tue Feb 11 09:04:39 2020 +0100 NEWS[sambaXP_2020]: sambaXP 2020 Signed-off-by: Karolin Seeger --- Summary of changes: posted_news/20200211-075658.sambaXP_2020.body.html | 18 ++ posted_news/20200211-075658.sambaXP_2020.headline.html | 3 +++ 2 files changed, 21 insertions(+) create mode 100644 posted_news/20200211-075658.sambaXP_2020.body.html create mode 100644 posted_news/20200211-075658.sambaXP_2020.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20200211-075658.sambaXP_2020.body.html b/posted_news/20200211-075658.sambaXP_2020.body.html new file mode 100644 index 000..664fd86 --- /dev/null +++ b/posted_news/20200211-075658.sambaXP_2020.body.html @@ -0,0 +1,18 @@ + +11 February 2020 +sambaXP 2020 + +The 19th International User and Developer Conference sambaXP will take place +from 26th - 28th of May 2020 in Göttingen, Germany. +https://sambaxp.org/#c2;>Registration is open. If you would like to +give a presentation, you can https://sambaxp.org/#c11;>submit your +paper until February 29th. + + +New for this year's event: the Microsoft SMB3 Interoperability Lab (IO Lab) + from May 24th-29th, 2020, co-located with SambaXP! +The purpose of the IO Lab is for vendor s to bring their implementations of SMB3 +to test, identify, and fix bugs in a collaborative setting with the goal of +providing a forum in which companies can develop interoperable products. + + diff --git a/posted_news/20200211-075658.sambaXP_2020.headline.html b/posted_news/20200211-075658.sambaXP_2020.headline.html new file mode 100644 index 000..22870cc --- /dev/null +++ b/posted_news/20200211-075658.sambaXP_2020.headline.html @@ -0,0 +1,3 @@ + + 11 February 2020 sambaXP 2020 + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-12-test updated
The branch, v4-12-test has been updated via 9a177304331 libcli:smb: Don't use forward declartions for GnuTLS typedefs from d0a0bcf67c8 wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test - Log - commit 9a177304331a0a7eeef236cbdfc59330cead3c7d Author: Stefan Metzmacher Date: Thu Feb 6 15:36:35 2020 +0100 libcli:smb: Don't use forward declartions for GnuTLS typedefs BUG: https://bugzilla.samba.org/show_bug.cgi?id=14271 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Fri Feb 7 13:48:27 UTC 2020 on sn-devel-184 (cherry picked from commit 3894f878183e645421ec440afd8e010218a58eef) Autobuild-User(v4-12-test): Karolin Seeger Autobuild-Date(v4-12-test): Mon Feb 10 10:10:46 UTC 2020 on sn-devel-184 --- Summary of changes: libcli/smb/smb2_signing.c | 5 +++-- libcli/smb/smb2_signing.h | 19 --- 2 files changed, 15 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c index 7b33a42526e..623fc23fb18 100644 --- a/libcli/smb/smb2_signing.c +++ b/libcli/smb/smb2_signing.c @@ -20,6 +20,9 @@ #include "includes.h" #include "system/filesys.h" +#include +#include +#define SMB2_SIGNING_KEY_GNUTLS_TYPES 1 #include "../libcli/smb/smb_common.h" #include "../lib/crypto/crypto.h" #include "lib/util/iov_buf.h" @@ -30,8 +33,6 @@ #endif #include "lib/crypto/gnutls_helpers.h" -#include -#include int smb2_signing_key_destructor(struct smb2_signing_key *key) { diff --git a/libcli/smb/smb2_signing.h b/libcli/smb/smb2_signing.h index e28b5c8de9a..ca22de9dbfa 100644 --- a/libcli/smb/smb2_signing.h +++ b/libcli/smb/smb2_signing.h @@ -22,16 +22,21 @@ #define _LIBCLI_SMB_SMB2_SIGNING_H_ struct iovec; - /* Forward declaration of GnuTLS typedefs */ -struct hmac_hd_st; -typedef struct hmac_hd_st* gnutls_hmac_hd_t; -struct api_aead_cipher_hd_st; -typedef struct api_aead_cipher_hd_st *gnutls_aead_cipher_hd_t; struct smb2_signing_key { - gnutls_hmac_hd_t hmac_hnd; - gnutls_aead_cipher_hd_t cipher_hnd; DATA_BLOB blob; + union { +#ifdef SMB2_SIGNING_KEY_GNUTLS_TYPES + gnutls_hmac_hd_t hmac_hnd; +#endif + void *__hmac_hnd; + }; + union { +#ifdef SMB2_SIGNING_KEY_GNUTLS_TYPES + gnutls_aead_cipher_hd_t cipher_hnd; +#endif + void *__cipher_hnd; + }; }; int smb2_signing_key_destructor(struct smb2_signing_key *key); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-12-test updated
The branch, v4-12-test has been updated via d0a0bcf67c8 wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9 from 044a1fee5f7 WHATSNEW: Add some more changes since 4.11. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test - Log - commit d0a0bcf67c8b9a1d4fd9482e82c809e950140087 Author: Andreas Schneider Date: Wed Feb 5 16:58:26 2020 +0100 wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9 See https://docs.python.org/3.9/whatsnew/3.9.html#changes-in-the-python-api "open(), io.open(), codecs.open() and fileinput.FileInput no longer accept 'U' (“universal newline”) in the file mode. This flag was deprecated since Python 3.3. In Python 3, the “universal newline” is used by default when a file is open in text mode. The newline parameter of open() controls how universal newlines works." BUG: https://bugzilla.samba.org/show_bug.cgi?id=14266 Signed-off-by: Andreas Schneider Reviewed-by: Douglas Bagnall Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Thu Feb 6 07:30:13 UTC 2020 on sn-devel-184 (cherry picked from commit 52722746a5eb40c309ba59f78bd8e3d897417bdc) Autobuild-User(v4-12-test): Karolin Seeger Autobuild-Date(v4-12-test): Thu Feb 6 13:10:31 UTC 2020 on sn-devel-184 --- Summary of changes: buildtools/wafsamba/samba_utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_utils.py b/buildtools/wafsamba/samba_utils.py index 4a5a34abae7..f9eae73ae44 100644 --- a/buildtools/wafsamba/samba_utils.py +++ b/buildtools/wafsamba/samba_utils.py @@ -682,7 +682,7 @@ def PROCESS_SEPARATE_RULE(self, rule): cache[node] = True self.pre_recurse(node) try: -function_code = node.read('rU', None) +function_code = node.read('r', None) exec(compile(function_code, node.abspath(), 'exec'), self.exec_dict) finally: self.post_recurse(node) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-12-test updated
The branch, v4-12-test has been updated via 044a1fee5f7 WHATSNEW: Add some more changes since 4.11. from 8e4c08ded7b libcli:smb: Improve check for gnutls_aead_cipher_(en|de)cryptv2 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test - Log - commit 044a1fee5f7b7bef00e39bea2c4cd0caf8589d37 Author: Karolin Seeger Date: Wed Feb 5 10:43:43 2020 +0100 WHATSNEW: Add some more changes since 4.11. Mention new parameter 'spotlight backend' and note that vfs_netatalk has been removed. Signed-off-by: Karolin Seeger Autobuild-User(v4-12-test): Karolin Seeger Autobuild-Date(v4-12-test): Wed Feb 5 11:40:25 UTC 2020 on sn-devel-184 --- Summary of changes: WHATSNEW.txt | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index ba464ef8dd0..9a521a973a9 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -110,7 +110,6 @@ make changes to the DNS Zone and nudging the 'named' server if a new DC was added to the domain. Administrators using BIND9_FLATFILE will need to maintain this manually from now on. - Retiring DES encryption types in Kerberos. -- With this release, support for DES encryption types has been removed from @@ -129,6 +128,12 @@ Heimdal-DC: removal of weak-crypto. Following removal of DES encryption types from Samba, the embedded Heimdal build has been updated to not compile weak crypto code (HEIM_WEAK_CRYPTO). +vfs_netatalk: The netatalk VFS module has been removed. +--- + +The netatalk VFS module has been removed. It was unmaintained and is not needed +any more. + CTDB changes @@ -150,6 +155,7 @@ smb.conf changes nfs4:acedupChanged defaultmerge rndc command Removed write cache size Removed + spotlight backend Newnoindex CHANGES SINCE 4.12.0rc1 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-12-test updated
The branch, v4-12-test has been updated via 8e4c08ded7b libcli:smb: Improve check for gnutls_aead_cipher_(en|de)cryptv2 from 75977baa43e VERSION: Bump version up to 4.12.0rc3... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test - Log - commit 8e4c08ded7b81755ff3754e386b8790165d811a4 Author: Andreas Schneider Date: Fri Jan 24 16:34:42 2020 +0100 libcli:smb: Improve check for gnutls_aead_cipher_(en|de)cryptv2 This is available since version 3.6.10, but 3.6.10 has a bug which got fixed in 3.6.11, see: https://gitlab.com/gnutls/gnutls/-/merge_requests/1085 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14250 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Tue Feb 4 06:44:00 UTC 2020 on sn-devel-184 (cherry picked from commit d459ca04fc46a52276a860e73ae9ec8f813c260e) Autobuild-User(v4-12-test): Karolin Seeger Autobuild-Date(v4-12-test): Wed Feb 5 08:45:30 UTC 2020 on sn-devel-184 --- Summary of changes: libcli/smb/smb2_signing.c | 7 ++- wscript_configure_system_gnutls | 15 +-- 2 files changed, 15 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c index 7561a7a858d..7b33a42526e 100644 --- a/libcli/smb/smb2_signing.c +++ b/libcli/smb/smb2_signing.c @@ -478,9 +478,7 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key, 0, 16 - iv_size); -/* gnutls_aead_cipher_encryptv2() has a bug in version 3.6.10 */ -#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) && \ -GNUTLS_VERSION_NUMBER > 0x03060a +#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) { uint8_t tag[tag_size]; giovec_t auth_iov[1]; @@ -682,8 +680,7 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key, } /* gnutls_aead_cipher_encryptv2() has a bug in version 3.6.10 */ -#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) && \ -GNUTLS_VERSION_NUMBER > 0x03060a +#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) { giovec_t auth_iov[1]; diff --git a/wscript_configure_system_gnutls b/wscript_configure_system_gnutls index f6d9ac3c65e..b2b955f3c90 100644 --- a/wscript_configure_system_gnutls +++ b/wscript_configure_system_gnutls @@ -1,5 +1,8 @@ from waflib import Options +def parse_version(v): +return tuple(map(int, (v.split("." + gnutls_min_required_version = "3.4.7" gnutls_required_version = gnutls_min_required_version @@ -9,14 +12,22 @@ conf.CHECK_CFG(package='gnutls', msg='Checking for GnuTLS >= %s' % gnutls_required_version, mandatory=True) +gnutls_version = conf.cmd_and_log(conf.env.PKGCONFIG + ['--modversion', 'gnutls']).strip() + # Define gnutls as a system library conf.SET_TARGET_TYPE('gnutls', 'SYSLIB') # Check for gnutls_pkcs7_get_embedded_data_oid (>= 3.5.5) required by libmscat conf.CHECK_FUNCS_IN('gnutls_pkcs7_get_embedded_data_oid', 'gnutls') -# Check for gnutls_aead_cipher_encryptv2 (>= 3.6.10) -conf.CHECK_FUNCS_IN('gnutls_aead_cipher_encryptv2', 'gnutls') +# Check for gnutls_aead_cipher_encryptv2 +# +# This is available since version 3.6.10, but 3.6.10 has a bug which got fixed +# in 3.6.11, see: +# +# https://gitlab.com/gnutls/gnutls/-/merge_requests/1085 +if (parse_version('3.6.10') != parse_version(gnutls_version)): +conf.CHECK_FUNCS_IN('gnutls_aead_cipher_encryptv2', 'gnutls') if conf.CHECK_VALUEOF('GNUTLS_CIPHER_AES_128_CFB8', headers='gnutls/gnutls.h'): conf.DEFINE('HAVE_GNUTLS_AES_CFB8', 1) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 105e48e2712 script/release.sh: Don't use quotations any longer. from 677362ca796 lib:util: Log mkdir error on correct debug levels https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 105e48e2712e7293b1c5826fd0dedf639ed44544 Author: Karolin Seeger Date: Tue Jan 28 11:48:53 2020 +0100 script/release.sh: Don't use quotations any longer. Signed-off-by: Karolin Seeger Reviewed-by: Stefan Metzmacher Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Mon Feb 3 12:45:39 UTC 2020 on sn-devel-184 (cherry picked from commit f699df32cdbae4fbc585c259828029c74163323b) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Tue Feb 4 14:40:59 UTC 2020 on sn-devel-144 --- Summary of changes: script/release.sh | 26 -- 1 file changed, 26 deletions(-) Changeset truncated at 500 lines: diff --git a/script/release.sh b/script/release.sh index 6c3ba0d4add..507d5931a6a 100755 --- a/script/release.sh +++ b/script/release.sh @@ -193,26 +193,6 @@ verify_samba_stable() { load_samba_stable_versions - test x"${product}" = x"samba-stable" && { - test -f "announce.${tagname}.quotation.txt" || { - echo "" - echo "announce.${tagname}.quotation.txt missing!" - echo "" - echo "Please create it and retry" - echo "" - echo "The content should look like this:" - echo "cat announce.${tagname}.quotation.txt" - echo '==' - echo '"Some text' - echo ' from someone."' - echo '' - echo ' The author' - echo '==' - echo "" - return 1 - } - } - test -n "${oldtagname}" || { return 0 } @@ -793,11 +773,6 @@ announcement_samba_stable() { return 1 } - test -f "announce.${tagname}.quotation.txt" || { - echo "announce.${tagname}.quotation.txt missing!" - return 1 - } - local release_url="${download_url}samba/stable/" local patch_url="${download_url}samba/patches/" @@ -840,7 +815,6 @@ announcement_samba_stable() { local headlimit=$(expr ${top} - 1 ) local taillimit=$(expr ${headlimit} - \( ${skip} - 1 \)) - cat "announce.${tagname}.quotation.txt" echo "" echo "" echo "Release Announcements" -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via 5f57256cf52 script/release.sh: Don't use quotations any longer. from 0fbf07f0508 s4:torture: Skip the deltest20 as user root https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit 5f57256cf52aeb3f934645a1d71e3841eac0a37d Author: Karolin Seeger Date: Tue Jan 28 11:48:53 2020 +0100 script/release.sh: Don't use quotations any longer. Signed-off-by: Karolin Seeger Reviewed-by: Stefan Metzmacher Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Mon Feb 3 12:45:39 UTC 2020 on sn-devel-184 (cherry picked from commit f699df32cdbae4fbc585c259828029c74163323b) Autobuild-User(v4-11-test): Karolin Seeger Autobuild-Date(v4-11-test): Tue Feb 4 11:53:54 UTC 2020 on sn-devel-184 --- Summary of changes: script/release.sh | 26 -- 1 file changed, 26 deletions(-) Changeset truncated at 500 lines: diff --git a/script/release.sh b/script/release.sh index 6c3ba0d4add..507d5931a6a 100755 --- a/script/release.sh +++ b/script/release.sh @@ -193,26 +193,6 @@ verify_samba_stable() { load_samba_stable_versions - test x"${product}" = x"samba-stable" && { - test -f "announce.${tagname}.quotation.txt" || { - echo "" - echo "announce.${tagname}.quotation.txt missing!" - echo "" - echo "Please create it and retry" - echo "" - echo "The content should look like this:" - echo "cat announce.${tagname}.quotation.txt" - echo '==' - echo '"Some text' - echo ' from someone."' - echo '' - echo ' The author' - echo '==' - echo "" - return 1 - } - } - test -n "${oldtagname}" || { return 0 } @@ -793,11 +773,6 @@ announcement_samba_stable() { return 1 } - test -f "announce.${tagname}.quotation.txt" || { - echo "announce.${tagname}.quotation.txt missing!" - return 1 - } - local release_url="${download_url}samba/stable/" local patch_url="${download_url}samba/patches/" @@ -840,7 +815,6 @@ announcement_samba_stable() { local headlimit=$(expr ${top} - 1 ) local taillimit=$(expr ${headlimit} - \( ${skip} - 1 \)) - cat "announce.${tagname}.quotation.txt" echo "" echo "" echo "Release Announcements" -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 9a8f9d0 NEWS[4.12.0rc2]: Samba 4.12.0rc2 Available for Download from 67ee9b1 donations: Update example conference. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 9a8f9d0ea50eab95b7173c643db3309ff679ae32 Author: Karolin Seeger Date: Tue Feb 4 11:15:50 2020 +0100 NEWS[4.12.0rc2]: Samba 4.12.0rc2 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: posted_news/20200204-101650.4.12.0rc2.body.html | 12 posted_news/20200204-101650.4.12.0rc2.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20200204-101650.4.12.0rc2.body.html create mode 100644 posted_news/20200204-101650.4.12.0rc2.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20200204-101650.4.12.0rc2.body.html b/posted_news/20200204-101650.4.12.0rc2.body.html new file mode 100644 index 000..3506fcc --- /dev/null +++ b/posted_news/20200204-101650.4.12.0rc2.body.html @@ -0,0 +1,12 @@ + +04 February 2020 +Samba 4.12.0rc2 Available for Download + +This is the second release candidate of the upcoming Samba 4.12 release series. + + +The uncompressed tarball has been signed using GnuPG (ID 6F33915B6568B7EA). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.12.0rc2.tar.gz;>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.12.0rc2.WHATSNEW.txt;>the release notes for more info. + + diff --git a/posted_news/20200204-101650.4.12.0rc2.headline.html b/posted_news/20200204-101650.4.12.0rc2.headline.html new file mode 100644 index 000..e0261b5 --- /dev/null +++ b/posted_news/20200204-101650.4.12.0rc2.headline.html @@ -0,0 +1,3 @@ + + 04 February 2020 Samba 4.12.0rc2 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - annotated tag samba-4.12.0rc2 created
The annotated tag, samba-4.12.0rc2 has been created at 978c681d557335b2a394245c6495a6cc88000ba2 (tag) tagging b017377c930bd0d8e8d9ae6814cc5755c69842fd (commit) replaces samba-4.12.0rc1 tagged by Karolin Seeger on Tue Feb 4 11:15:30 2020 +0100 - Log - samba: tag release samba-4.12.0rc2 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXjlEQgAKCRBvM5FbZWi3 6oEpAKC6zkH1aYyM1C6GxfJysblP4v/A2wCfSkodac6lRuLB0V1UoVbWLvVImy0= =OYlp -END PGP SIGNATURE- Andreas Schneider (2): lib:util: Log mkdir error on correct debug levels s4:torture: Skip the deltest20 as user root Jeremy Allison (1): s3: lib: nmblib. Clean up and harden nmb packet processing. Karolin Seeger (3): script/release.sh: Don't use quotations any longer. WHATSNEW: Add release notes for Samba 4.12.0rc2. VERSION: Disable GIT_SNAPSHOT for the 4.12.0rc2 release. Stefan Metzmacher (2): VERSION: Bump version up to 4.12.0rc2... script/release.sh: make it possible to run from a git worktree --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-12-test updated
The branch, v4-12-test has been updated via 75977baa43e VERSION: Bump version up to 4.12.0rc3... via b017377c930 VERSION: Disable GIT_SNAPSHOT for the 4.12.0rc2 release. via 74b22159448 WHATSNEW: Add release notes for Samba 4.12.0rc2. via f17d3edbb64 script/release.sh: Don't use quotations any longer. from 7b1be793de0 s4:torture: Skip the deltest20 as user root https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test - Log - commit 75977baa43eda4160515813839f4d79b1b6f7878 Author: Karolin Seeger Date: Tue Feb 4 11:09:35 2020 +0100 VERSION: Bump version up to 4.12.0rc3... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit b017377c930bd0d8e8d9ae6814cc5755c69842fd Author: Karolin Seeger Date: Tue Feb 4 11:08:41 2020 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.12.0rc2 release. Signed-off-by: Karolin Seeger commit 74b22159448c0e82886c03318aec6cffaa465003 Author: Karolin Seeger Date: Tue Feb 4 11:08:05 2020 +0100 WHATSNEW: Add release notes for Samba 4.12.0rc2. Signed-off-by: Karolin Seeger commit f17d3edbb6414c104687baa19d5dff9f47b55013 Author: Karolin Seeger Date: Tue Jan 28 11:48:53 2020 +0100 script/release.sh: Don't use quotations any longer. Signed-off-by: Karolin Seeger Reviewed-by: Stefan Metzmacher Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Mon Feb 3 12:45:39 UTC 2020 on sn-devel-184 (cherry picked from commit f699df32cdbae4fbc585c259828029c74163323b) --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 13 - script/release.sh | 26 -- 3 files changed, 13 insertions(+), 28 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 78a4c77be70..2e3b9b6b2fb 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=2 +SAMBA_VERSION_RC_RELEASE=3 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 0854a63e1c7..ba464ef8dd0 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the first release candidate of Samba 4.12. This is *not* +This is the second release candidate of Samba 4.12. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -151,6 +151,17 @@ smb.conf changes rndc command Removed write cache size Removed + +CHANGES SINCE 4.12.0rc1 +=== + +o Jeremy Allison + * BUG 14239: s3: lib: nmblib. Clean up and harden nmb packet processing. + +o Andreas Schneider + * BUG 14253: lib:util: Log mkdir error on correct debug levels. + + KNOWN ISSUES diff --git a/script/release.sh b/script/release.sh index 6c3ba0d4add..507d5931a6a 100755 --- a/script/release.sh +++ b/script/release.sh @@ -193,26 +193,6 @@ verify_samba_stable() { load_samba_stable_versions - test x"${product}" = x"samba-stable" && { - test -f "announce.${tagname}.quotation.txt" || { - echo "" - echo "announce.${tagname}.quotation.txt missing!" - echo "" - echo "Please create it and retry" - echo "" - echo "The content should look like this:" - echo "cat announce.${tagname}.quotation.txt" - echo '==' - echo '"Some text' - echo ' from someone."' - echo '' - echo ' The author' - echo '==' - echo "" - return 1 - } - } - test -n "${oldtagname}" || { return 0 } @@ -793,11 +773,6 @@ announcement_samba_stable() { return 1 } - test -f "announce.${tagname}.quotation.txt" || { - echo "announce.${tagname}.quotation.txt missing!" - return 1 -
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 677362ca796 lib:util: Log mkdir error on correct debug levels via 9fd10a2cacd s4:torture: Skip the deltest20 as user root via 55177a44258 s3: lib: nmblib. Clean up and harden nmb packet processing. from 9dca42f43b3 VERSION: Bump version up to 4.10.14... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 677362ca7961ae93ad9de537bea10de842b3534d Author: Andreas Schneider Date: Mon Jan 27 14:58:10 2020 +0100 lib:util: Log mkdir error on correct debug levels For smbd we want an error and for smbclient we only want it in NOTICE debug level. The default log level of smbclient is log level 1 so we need notice to not spam the user. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14253 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner Autobuild-User(master): Günther Deschner Autobuild-Date(master): Mon Jan 27 15:55:24 UTC 2020 on sn-devel-184 (cherry picked from commit 0ad6a243b259d284064c0c5abcc7d430d55be7e1) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Mon Feb 3 14:10:49 UTC 2020 on sn-devel-144 commit 9fd10a2cacd753de75a9dcb9a2ee0f7f38fb2b97 Author: Andreas Schneider Date: Thu Jan 30 16:18:25 2020 +0100 s4:torture: Skip the deltest20 as user root The test is meant to be run as a user and not root. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14257 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Thu Jan 30 16:54:33 UTC 2020 on sn-devel-184 (cherry picked from commit 677bc1b18420e717154dc73f632044239ac3ff9e) commit 55177a44258dceee3aa3ae4966f56f422a9a5aad Author: Jeremy Allison Date: Fri Jan 17 13:49:48 2020 -0800 s3: lib: nmblib. Clean up and harden nmb packet processing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14239 OSS-FUZZ: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20156 OSS-FUZZ: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20157 Credit to oss-fuzz. No security implications. Signed-off-by: Jeremy Allison Pair programmed with: Douglas Bagnall Reviewed-by: Douglas Bagnall Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Jan 21 23:33:41 UTC 2020 on sn-devel-184 (cherry picked from commit ad236bb7590e423b4c69fe6028f2f3495977f48b) --- Summary of changes: lib/util/util.c| 7 +-- source3/libsmb/nmblib.c| 12 source4/torture/basic/delete.c | 4 3 files changed, 17 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/util.c b/lib/util/util.c index dc1772c839e..3a1c8738581 100644 --- a/lib/util/util.c +++ b/lib/util/util.c @@ -200,9 +200,12 @@ _PUBLIC_ bool directory_create_or_exist(const char *dname, old_umask = umask(0); ret = mkdir(dname, dir_perms); if (ret == -1 && errno != EEXIST) { - DBG_WARNING("mkdir failed on directory %s: %s\n", + int dbg_level = geteuid() == 0 ? DBGLVL_ERR : DBGLVL_NOTICE; + + DBG_PREFIX(dbg_level, + ("mkdir failed on directory %s: %s\n", dname, - strerror(errno)); + strerror(errno))); umask(old_umask); return false; } diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c index 727939575a7..0681450bae2 100644 --- a/source3/libsmb/nmblib.c +++ b/source3/libsmb/nmblib.c @@ -192,10 +192,14 @@ static int parse_nmb_name(char *inbuf,int ofs,int length, struct nmb_name *name) m = ubuf[offset]; - if (!m) - return(0); - if ((m & 0xC0) || offset+m+2 > length) - return(0); + /* m must be 32 to exactly fill in the 16 bytes of the netbios name */ + if (m != 32) { + return 0; + } + /* Cannot go past length. */ + if (offset+m+2 > length) { + return 0; + } memset((char *)name,'\0',sizeof(*name)); diff --git a/source4/torture/basic/delete.c b/source4/torture/basic/delete.c index a8c4e3fa3f1..d14d5a55746 100644 --- a/source4/torture/basic/delete.c +++ b/source4/torture/basic/delete.c @@ -1865,6 +1865,10 @@ static bool deltest20(struct torture_context *tctx, struct smbcli_state *cli1, s NTSTATUS status; int ret; + if (geteuid() == 0) { + torture_skip(tctx, "This test doesn't work as user root."); + } + del_clean_area(cli1, cli2); /* Tes
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f699df32cdb script/release.sh: Don't use quotations any longer. from af47a77673f pidl/wscript: configure should insist on Parse::Yapp::Driver https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f699df32cdbae4fbc585c259828029c74163323b Author: Karolin Seeger Date: Tue Jan 28 11:48:53 2020 +0100 script/release.sh: Don't use quotations any longer. Signed-off-by: Karolin Seeger Reviewed-by: Stefan Metzmacher Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Mon Feb 3 12:45:39 UTC 2020 on sn-devel-184 --- Summary of changes: script/release.sh | 26 -- 1 file changed, 26 deletions(-) Changeset truncated at 500 lines: diff --git a/script/release.sh b/script/release.sh index 6c3ba0d4add..507d5931a6a 100755 --- a/script/release.sh +++ b/script/release.sh @@ -193,26 +193,6 @@ verify_samba_stable() { load_samba_stable_versions - test x"${product}" = x"samba-stable" && { - test -f "announce.${tagname}.quotation.txt" || { - echo "" - echo "announce.${tagname}.quotation.txt missing!" - echo "" - echo "Please create it and retry" - echo "" - echo "The content should look like this:" - echo "cat announce.${tagname}.quotation.txt" - echo '==' - echo '"Some text' - echo ' from someone."' - echo '' - echo ' The author' - echo '==' - echo "" - return 1 - } - } - test -n "${oldtagname}" || { return 0 } @@ -793,11 +773,6 @@ announcement_samba_stable() { return 1 } - test -f "announce.${tagname}.quotation.txt" || { - echo "announce.${tagname}.quotation.txt missing!" - return 1 - } - local release_url="${download_url}samba/stable/" local patch_url="${download_url}samba/patches/" @@ -840,7 +815,6 @@ announcement_samba_stable() { local headlimit=$(expr ${top} - 1 ) local taillimit=$(expr ${headlimit} - \( ${skip} - 1 \)) - cat "announce.${tagname}.quotation.txt" echo "" echo "" echo "Release Announcements" -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 67ee9b1 donations: Update example conference. from ed5e94d Add Samba 4.11.6. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 67ee9b1cc29c16ec2c6300be63c5ce19ce64be98 Author: Karolin Seeger Date: Mon Feb 3 08:43:02 2020 +0100 donations: Update example conference. Signed-off-by: Karolin Seeger --- Summary of changes: donations.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/donations.html b/donations.html index efd39af..dcafd94 100755 --- a/donations.html +++ b/donations.html @@ -55,8 +55,8 @@ major Samba related conferences and expenses for running the main samba.org site. We occasionally have other expenses (eg. small pieces of hardware and books) but that is less common. -A good example of our travel expenses is the CIFS conference in -San Jose. We usually have between ten and fifteen team members +A good example of our travel expenses is the Storage Developer Conference +(SDC) in Santa Clara. We usually have between ten and fifteen team members attending each year and while most of them are covered by the company they work for, we do need to provide international travel and accomodation for some of them. -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-12-test updated
The branch, v4-12-test has been updated via 7b1be793de0 s4:torture: Skip the deltest20 as user root via 01afd3a9b6d lib:util: Log mkdir error on correct debug levels via 601b95285ce s3: lib: nmblib. Clean up and harden nmb packet processing. from 814be2888b3 script/release.sh: make it possible to run from a git worktree https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test - Log - commit 7b1be793de0da79c3533d221547d19aa89104414 Author: Andreas Schneider Date: Thu Jan 30 16:18:25 2020 +0100 s4:torture: Skip the deltest20 as user root The test is meant to be run as a user and not root. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14257 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Thu Jan 30 16:54:33 UTC 2020 on sn-devel-184 (cherry picked from commit 677bc1b18420e717154dc73f632044239ac3ff9e) Autobuild-User(v4-12-test): Karolin Seeger Autobuild-Date(v4-12-test): Fri Jan 31 13:57:54 UTC 2020 on sn-devel-184 commit 01afd3a9b6daaa38fa42410341ed49bb843daed1 Author: Andreas Schneider Date: Mon Jan 27 14:58:10 2020 +0100 lib:util: Log mkdir error on correct debug levels For smbd we want an error and for smbclient we only want it in NOTICE debug level. The default log level of smbclient is log level 1 so we need notice to not spam the user. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14253 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner Autobuild-User(master): Günther Deschner Autobuild-Date(master): Mon Jan 27 15:55:24 UTC 2020 on sn-devel-184 (cherry picked from commit 0ad6a243b259d284064c0c5abcc7d430d55be7e1) commit 601b95285ce2e30ddfee8bbea4a3ea2d9030947b Author: Jeremy Allison Date: Fri Jan 17 13:49:48 2020 -0800 s3: lib: nmblib. Clean up and harden nmb packet processing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14239 OSS-FUZZ: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20156 OSS-FUZZ: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20157 Credit to oss-fuzz. No security implications. Signed-off-by: Jeremy Allison Pair programmed with: Douglas Bagnall Reviewed-by: Douglas Bagnall Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Jan 21 23:33:41 UTC 2020 on sn-devel-184 (cherry picked from commit ad236bb7590e423b4c69fe6028f2f3495977f48b) --- Summary of changes: lib/util/util.c| 7 +-- source3/libsmb/nmblib.c| 12 source4/torture/basic/delete.c | 4 3 files changed, 17 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/util.c b/lib/util/util.c index 3bdeded5c1b..0d9ffe5cb7b 100644 --- a/lib/util/util.c +++ b/lib/util/util.c @@ -353,9 +353,12 @@ _PUBLIC_ bool directory_create_or_exist(const char *dname, old_umask = umask(0); ret = mkdir(dname, dir_perms); if (ret == -1 && errno != EEXIST) { - DBG_WARNING("mkdir failed on directory %s: %s\n", + int dbg_level = geteuid() == 0 ? DBGLVL_ERR : DBGLVL_NOTICE; + + DBG_PREFIX(dbg_level, + ("mkdir failed on directory %s: %s\n", dname, - strerror(errno)); + strerror(errno))); umask(old_umask); return false; } diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c index b6dca800e94..84cbb054b8e 100644 --- a/source3/libsmb/nmblib.c +++ b/source3/libsmb/nmblib.c @@ -192,10 +192,14 @@ static int parse_nmb_name(char *inbuf,int ofs,int length, struct nmb_name *name) m = ubuf[offset]; - if (!m) - return(0); - if ((m & 0xC0) || offset+m+2 > length) - return(0); + /* m must be 32 to exactly fill in the 16 bytes of the netbios name */ + if (m != 32) { + return 0; + } + /* Cannot go past length. */ + if (offset+m+2 > length) { + return 0; + } memset((char *)name,'\0',sizeof(*name)); diff --git a/source4/torture/basic/delete.c b/source4/torture/basic/delete.c index a8c4e3fa3f1..d14d5a55746 100644 --- a/source4/torture/basic/delete.c +++ b/source4/torture/basic/delete.c @@ -1865,6 +1865,10 @@ static bool deltest20(struct torture_context *tctx, struct smbcli_state *cli1, s NTSTATUS status; int ret; + if (geteuid() == 0) { + torture_skip(tctx, "This test doesn't work as user root."); + } + del_clean_area(cli1, cl
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via 0fbf07f0508 s4:torture: Skip the deltest20 as user root via 394e414b2dc lib:util: Log mkdir error on correct debug levels via 9349e689a86 s3: lib: nmblib. Clean up and harden nmb packet processing. from 040e0051e2b VERSION: Bump version up to 4.11.7... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit 0fbf07f050832185e3d30bffcd8f05b116e1c0bd Author: Andreas Schneider Date: Thu Jan 30 16:18:25 2020 +0100 s4:torture: Skip the deltest20 as user root The test is meant to be run as a user and not root. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14257 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Thu Jan 30 16:54:33 UTC 2020 on sn-devel-184 (cherry picked from commit 677bc1b18420e717154dc73f632044239ac3ff9e) Autobuild-User(v4-11-test): Karolin Seeger Autobuild-Date(v4-11-test): Fri Jan 31 12:31:10 UTC 2020 on sn-devel-184 commit 394e414b2dcdac88189eec19f228ac7bae5e3170 Author: Andreas Schneider Date: Mon Jan 27 14:58:10 2020 +0100 lib:util: Log mkdir error on correct debug levels For smbd we want an error and for smbclient we only want it in NOTICE debug level. The default log level of smbclient is log level 1 so we need notice to not spam the user. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14253 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner Autobuild-User(master): Günther Deschner Autobuild-Date(master): Mon Jan 27 15:55:24 UTC 2020 on sn-devel-184 (cherry picked from commit 0ad6a243b259d284064c0c5abcc7d430d55be7e1) commit 9349e689a865ca36acd379968d2cbd490772bc3b Author: Jeremy Allison Date: Fri Jan 17 13:49:48 2020 -0800 s3: lib: nmblib. Clean up and harden nmb packet processing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14239 OSS-FUZZ: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20156 OSS-FUZZ: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20157 Credit to oss-fuzz. No security implications. Signed-off-by: Jeremy Allison Pair programmed with: Douglas Bagnall Reviewed-by: Douglas Bagnall Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Jan 21 23:33:41 UTC 2020 on sn-devel-184 (cherry picked from commit ad236bb7590e423b4c69fe6028f2f3495977f48b) --- Summary of changes: lib/util/util.c| 7 +-- source3/libsmb/nmblib.c| 12 source4/torture/basic/delete.c | 4 3 files changed, 17 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/util.c b/lib/util/util.c index 3bdeded5c1b..0d9ffe5cb7b 100644 --- a/lib/util/util.c +++ b/lib/util/util.c @@ -353,9 +353,12 @@ _PUBLIC_ bool directory_create_or_exist(const char *dname, old_umask = umask(0); ret = mkdir(dname, dir_perms); if (ret == -1 && errno != EEXIST) { - DBG_WARNING("mkdir failed on directory %s: %s\n", + int dbg_level = geteuid() == 0 ? DBGLVL_ERR : DBGLVL_NOTICE; + + DBG_PREFIX(dbg_level, + ("mkdir failed on directory %s: %s\n", dname, - strerror(errno)); + strerror(errno))); umask(old_umask); return false; } diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c index 727939575a7..0681450bae2 100644 --- a/source3/libsmb/nmblib.c +++ b/source3/libsmb/nmblib.c @@ -192,10 +192,14 @@ static int parse_nmb_name(char *inbuf,int ofs,int length, struct nmb_name *name) m = ubuf[offset]; - if (!m) - return(0); - if ((m & 0xC0) || offset+m+2 > length) - return(0); + /* m must be 32 to exactly fill in the 16 bytes of the netbios name */ + if (m != 32) { + return 0; + } + /* Cannot go past length. */ + if (offset+m+2 > length) { + return 0; + } memset((char *)name,'\0',sizeof(*name)); diff --git a/source4/torture/basic/delete.c b/source4/torture/basic/delete.c index a8c4e3fa3f1..d14d5a55746 100644 --- a/source4/torture/basic/delete.c +++ b/source4/torture/basic/delete.c @@ -1865,6 +1865,10 @@ static bool deltest20(struct torture_context *tctx, struct smbcli_state *cli1, s NTSTATUS status; int ret; + if (geteuid() == 0) { + torture_skip(tctx, "This test doesn't work as user root."); + } + del_clean_area(cli1, cli2); /* Tes
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via ed5e94d Add Samba 4.11.6. via 548a3e3 NEWS[4.11.6]: Samba 4.11.6 Available for Download from cfa2c81 Add Samba 4.10.13. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit ed5e94df580d5cb7123597634c263e64a2d08be2 Author: Karolin Seeger Date: Tue Jan 28 11:25:32 2020 +0100 Add Samba 4.11.6. Signed-off-by: Karolin Seeger commit 548a3e3e5435f78e14e231c60a0ef7c85aa620f1 Author: Karolin Seeger Date: Tue Jan 28 11:23:58 2020 +0100 NEWS[4.11.6]: Samba 4.11.6 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.11.6.html| 71 posted_news/20200128-102511.4.11.6.body.html | 13 + posted_news/20200128-102511.4.11.6.headline.html | 3 + 4 files changed, 88 insertions(+) create mode 100644 history/samba-4.11.6.html create mode 100644 posted_news/20200128-102511.4.11.6.body.html create mode 100644 posted_news/20200128-102511.4.11.6.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 2212cce..c700772 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.11.6 samba-4.11.5 samba-4.11.4 samba-4.11.3 diff --git a/history/samba-4.11.6.html b/history/samba-4.11.6.html new file mode 100644 index 000..e5d7cd6 --- /dev/null +++ b/history/samba-4.11.6.html @@ -0,0 +1,71 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.11.6 - Release Notes + + +Samba 4.11.6 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.11.6.tar.gz;>Samba 4.11.6 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.11.6.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.11.5-4.11.6.diffs.gz;>Patch (gzipped) against Samba 4.11.5 +https://download.samba.org/pub/samba/patches/samba-4.11.5-4.11.6.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.11.6 + January 28, 2020 + == + + +This is the latest stable release of the Samba 4.11 release series. + + +Changes since 4.11.5: +- + +o Douglas Bagnall douglas.bagn...@catalyst.net.nz + * BUG 14209: pygpo: Use correct method flags. + +o David Disseldorp dd...@samba.org + * BUG 14216: vfs_ceph_snapshots: Fix root relative path handling. + +o Torsten Fohrer torsten.foh...@sbe.de + * BUG 14209: Avoiding bad call flags with python 3.8, using METH_NOARGS + instead of zero. + +o Fabrice Fontaine fontaine.fabr...@gmail.com + * BUG 14218: source4/utils/oLschema2ldif: Include stdint.h before cmocka.h. + +o Bjrn Jacke bja...@samba.org + * BUG 14122: docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc. + +o Volker Lendecke v...@samba.org + * BUG 14251: smbd: Fix the build with clang. + +o Gary Lockyer g...@catalyst.net.nz + * BUG 14199: upgradedns: Ensure lmdb lock files linked. + +o Anoop C S anoo...@redhat.com + * BUG 14182: s3: VFS: glusterfs: Reset nlinks for symlink entries during + readdir. + +o Andreas Schneider a...@samba.org + * BUG 14101: smbc_stat() doesnt return the correct st_mode and also the + uid/gid is not filled (SMBv1) file. + * BUG 14219: librpc: Fix string length checking in + ndr_pull_charset_to_null(). + +o Martin Schwenke mar...@meltin.net + * BUG 14227: ctdb-scripts: Strip square brackets when gathering connection + info. + + + + + + diff --git a/posted_news/20200128-102511.4.11.6.body.html b/posted_news/20200128-102511.4.11.6.body.html new file mode 100644 index 000..82f8e54 --- /dev/null +++ b/posted_news/20200128-102511.4.11.6.body.html @@ -0,0 +1,13 @@ + +28 January 2020 +Samba 4.11.6 Available for Download + +This is the latest stable release of the Samba 4.11 release series. + + +The uncompressed tarball has been signed using GnuPG (ID 6F33915B6568B7EA). +The source code can be https://download.samba.org/pub/samba/stable/samba-4.11.6.tar.gz;>downloaded now. +A https://download.samba.org/pub/samba/patches/samba-4.11.5-4.11.6.diffs.gz;>patch against Samba 4.11.5 is also available. +See https://www.samba.org/samba/history/samba-4.11.6.html;>the release notes for more info. + + diff --git a/posted_news/20200128-102511.4.11.6.headline.html b/posted_news/20200128-102511.4.11.6.headline.html new file mode 100644 index 000..
[SCM] Samba Shared Repository - annotated tag samba-4.11.6 created
The annotated tag, samba-4.11.6 has been created at 5ff8009752d86397a9114e6e551a914bba538ac6 (tag) tagging f5fa58a41774667a153dece74ed7e4a09689f0ad (commit) replaces samba-4.11.5 tagged by Karolin Seeger on Tue Jan 28 11:23:49 2020 +0100 - Log - samba: tag release samba-4.11.6 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXjALtQAKCRBvM5FbZWi3 6r6yAKCE0RSUMPZp4Np1TMvrCdgnLFcc9ACgyFCsemzB3t1AhXqkAbHCmWvzSoc= =Pd5p -END PGP SIGNATURE- Andreas Schneider (6): librpc: Fix string length checking in ndr_pull_charset_to_null() s3:libsmb: Generate the inode only based on the path component s3:libsmb: Add try_posixinfo to SMBSRV struct. Only enable for SMB1 with UNIX for now. s3:libsmb: Return a 'struct stat' buffer for SMBC_getatr() s3:libsmb: Add a setup_stat_from_stat_ex() function libsmbclient: If over SMB1 first try to do a posix stat on the file. Anoop C S (1): s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir Björn Jacke (1): docs-xml/winbindnssinfo: clarify interaction with idmap_ad etc. David Disseldorp (1): vfs_ceph_snapshots: fix root relative path handling Douglas Bagnall (1): pygpo: use correct method flags Fabrice Fontaine (2): lib/ldb/tests: include stdint.h before cmocka.h source4/utils/oLschema2ldif: include stdint.h before cmocka.h Gary Lockyer (2): test upgradedns: ensure lmdb lock files linked upgradedns: ensure lmdb lock files linked Jeremy Allison (3): s3: libsmb: Change generate_inode()/setup_stat() to modern coding standards. s3: libsmb: Move setting st->st_ino into setup_stat. s3: libsmb: Move setting all struct stat fields into setup_stat(). Karolin Seeger (5): VERSION: Bump version up to 4.11.5... Merge tag 'samba-4.11.5' into v4-11-test VERSION: Bump version up to 4.11.6. WHATSNEW: Add release notes for Samba 4.11.6. VERSION: Disable GIT_SNAPSHOT for the 4.11.6 release. Martin Schwenke (2): ctdb-scripts: Strip square brackets when gathering connection info ctdb-tests: Skip some tests that don't work with IPv6 Stefan Metzmacher (1): script/release.sh: make it possible to run from a git worktree Torsten Fohrer (1): Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero. Volker Lendecke (1): smbd: Fix the build with clang --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via 040e0051e2b VERSION: Bump version up to 4.11.7... via f5fa58a4177 VERSION: Disable GIT_SNAPSHOT for the 4.11.6 release. via 9ec0da774e3 WHATSNEW: Add release notes for Samba 4.11.6. from 79e7d1328ea smbd: Fix the build with clang https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit 040e0051e2b707aa744bccc536442d6497ce7024 Author: Karolin Seeger Date: Tue Jan 28 11:13:25 2020 +0100 VERSION: Bump version up to 4.11.7... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit f5fa58a41774667a153dece74ed7e4a09689f0ad Author: Karolin Seeger Date: Tue Jan 28 11:09:48 2020 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.11.6 release. Signed-off-by: Karolin Seeger commit 9ec0da774e37fa1caae647f6d0bb5fc468e180b4 Author: Karolin Seeger Date: Tue Jan 28 11:08:58 2020 +0100 WHATSNEW: Add release notes for Samba 4.11.6. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 76 ++-- 2 files changed, 75 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 0f54515c8b9..2ec627c3196 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=11 -SAMBA_VERSION_RELEASE=6 +SAMBA_VERSION_RELEASE=7 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 99272550643..6f635618bb2 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,75 @@ + == + Release Notes for Samba 4.11.6 + January 28, 2020 + == + + +This is the latest stable release of the Samba 4.11 release series. + + +Changes since 4.11.5: +- + +o Douglas Bagnall + * BUG 14209: pygpo: Use correct method flags. + +o David Disseldorp + * BUG 14216: vfs_ceph_snapshots: Fix root relative path handling. + +o Torsten Fohrer + * BUG 14209: Avoiding bad call flags with python 3.8, using METH_NOARGS + instead of zero. + +o Fabrice Fontaine + * BUG 14218: source4/utils/oLschema2ldif: Include stdint.h before cmocka.h. + +o Björn Jacke + * BUG 14122: docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc. + +o Volker Lendecke + * BUG 14251: smbd: Fix the build with clang. + +o Gary Lockyer + * BUG 14199: upgradedns: Ensure lmdb lock files linked. + +o Anoop C S + * BUG 14182: s3: VFS: glusterfs: Reset nlinks for symlink entries during + readdir. + +o Andreas Schneider + * BUG 14101: smbc_stat() doesn't return the correct st_mode and also the + uid/gid is not filled (SMBv1) file. + * BUG 14219: librpc: Fix string length checking in + ndr_pull_charset_to_null(). + +o Martin Schwenke + * BUG 14227: ctdb-scripts: Strip square brackets when gathering connection + info. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + == Release Notes for Samba 4.11.5 January 21, 2020 @@ -67,8 +139,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + == Release Notes for Samba 4.11.4 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via 79e7d1328ea smbd: Fix the build with clang from bbacbd5f3f2 script/release.sh: make it possible to run from a git worktree https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit 79e7d1328ea9d7495c0761f4b5058736c838d4c3 Author: Volker Lendecke Date: Wed Jul 31 10:42:24 2019 +0200 smbd: Fix the build with clang clang correctly complains that "close_fsp" is used uninitialized if "get_posix_fsp" fails and we end up in "goto out;". BUG: https://bugzilla.samba.org/show_bug.cgi?id=14251 Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison (cherry picked from commit a8a1ca3f83dce6d725392989cbc97271cbf52f4a) Autobuild-User(v4-11-test): Karolin Seeger Autobuild-Date(v4-11-test): Mon Jan 27 10:53:50 UTC 2020 on sn-devel-184 --- Summary of changes: source3/smbd/trans2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index b0616f15ade..8164c8fd213 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -4848,7 +4848,7 @@ static NTSTATUS smb_query_posix_acl(connection_struct *conn, unsigned int size_needed = 0; NTSTATUS status; bool ok; - bool close_fsp; + bool close_fsp = false; /* * Ensure we always operate on a file descriptor, not just -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via cfa2c81 Add Samba 4.10.13. via 3c7ea61 NEWS[4.10.13]: Samba 4.10.13 Available for Download from bb3a6d6 NEWS[4.12.0rc1]: Samba 4.12.0rc1 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit cfa2c8112c7f3df4131d3bdc974770ed9d549519 Author: Karolin Seeger Date: Thu Jan 23 16:45:12 2020 +0100 Add Samba 4.10.13. Signed-off-by: Karolin Seeger commit 3c7ea61e7146e05db8fd0f1d0e2cdd7733dab231 Author: Karolin Seeger Date: Thu Jan 23 16:41:08 2020 +0100 NEWS[4.10.13]: Samba 4.10.13 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.10.13.html| 100 ++ posted_news/20200123-154448.4.10.13.body.html | 13 +++ posted_news/20200123-154448.4.10.13.headline.html | 3 + 4 files changed, 117 insertions(+) create mode 100644 history/samba-4.10.13.html create mode 100644 posted_news/20200123-154448.4.10.13.body.html create mode 100644 posted_news/20200123-154448.4.10.13.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 6afeebd..2212cce 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -15,6 +15,7 @@ samba-4.11.2 samba-4.11.1 samba-4.11.0 + samba-4.10.13 samba-4.10.12 samba-4.10.11 samba-4.10.10 diff --git a/history/samba-4.10.13.html b/history/samba-4.10.13.html new file mode 100644 index 000..1767418 --- /dev/null +++ b/history/samba-4.10.13.html @@ -0,0 +1,100 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.10.13 - Release Notes + + +Samba 4.10.13 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.10.13.tar.gz;>Samba 4.10.13 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.10.13.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.10.12-4.10.13.diffs.gz;>Patch (gzipped) against Samba 4.10.12 +https://download.samba.org/pub/samba/patches/samba-4.10.12-4.10.13.diffs.asc;>Signature + + + + === + Release Notes for Samba 4.10.13 + January 23, 2020 + === + + +This is the latest stable release of the Samba 4.10 release series. + + +Changes since 4.10.12 +-- + +o Jeremy Allison j...@samba.org + * BUG 14161: s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesnt return an + inode number. + * BUG 14174: s3: utils: smbtree. Ensure we dont call cli_RNetShareEnum() + on an SMB1 connection. + * BUG 14176: s3: libsmb: Ensure return from net_share_enum_rpc() sets + cli-raw_status on error. + * BUG 14189: s3: smbd: SMB2 - Ensure we use the correct session_id if + encrypting an interim response. + * BUG 14205: s3: smbd: Only set xconn-smb1.negprot.done = true after + supported_protocols[protocol].proto_reply_fn() succeeds. + +o Douglas Bagnall douglas.bagn...@catalyst.net.nz + * BUG 14209: pygpo: Use correct method flags. + +o Ralph Boehme s...@samba.org + * BUG 13925: s3: Remove now unneeded call to cmdline_messaging_context(). + * BUG 14069: Incomplete conversion of former parametric options. + * BUG 14070: Fix sync dosmode fallback in async dosmode codepath. + * BUG 14171: vfs_fruit returns capped resource fork length. + * BUG 13745: s3:printing: Fix %J substition. + +o Isaac Boukris ibouk...@gmail.com + * BUG 14116: libnet_join: Add SPNs for additional-dns-hostnames entries. + +o Torsten Fohrer torsten.foh...@sbe.de + * BUG 14209: Avoiding bad call flags with python 3.8, using METH_NOARGS + instead of zero. + +o Bjrn Jacke bja...@samba.org + * BUG 14122: docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc. + +o Volker Lendecke v...@samba.org + * BUG 14175: ctdb-tcp: Close inflight connecting TCP sockets after fork. + +o Stefan Metzmacher me...@samba.org + * BUG 14153: s4:dirsync: Fix interaction of dirsync and extended_dn controls. + +o Gary Lockyer g...@catalyst.net.nz + * BUG 14199: upgradedns: Ensure lmdb lock files linked. + +o Anoop C S anoo...@redhat.com + * BUG 14182: s3: VFS: glusterfs: Reset nlinks for symlink entries during + readdir. + +o Christof Schmitt c...@samba.org + * BUG 14140: wscript: Remove checks for shm_open and shmget. + +o Andreas Schneider a...@samba.org + * BUG 14101: libsmbclient: smbc_stat() doesnt return the correct st_mode + an
[SCM] Samba Shared Repository - branch v4-10-stable updated
The branch, v4-10-stable has been updated via 9678370227a VERSION: Disable GIT_SNAPSHOT for the 4.10.13 release. via 5630c60aea4 WHATSNEW: Add release notes for Samba 4.10.13. via 969123b4ab8 script/release.sh: make it possible to run from a git worktree via 1c330a18d45 VERSION: Bump version up to 4.10.13. via a69b3905140 Merge tag 'samba-4.10.12' into v4-10-test via b2800628a6b ctdb-tests: Skip some tests that don't work with IPv6 via 57390cc5a36 ctdb-scripts: Strip square brackets when gathering connection info via 6a109e3ddb3 librpc: Fix string length checking in ndr_pull_charset_to_null() via fe015ece4ee upgradedns: ensure lmdb lock files linked via 78fb3cb0051 test upgradedns: ensure lmdb lock files linked via decce5e6e19 docs-xml/winbindnssinfo: clarify interaction with idmap_ad etc. via a2f8fdb4109 libsmbclient: If over SMB1 first try to do a posix stat on the file. via 6ae62c26ef9 s3:libsmb: Add a setup_stat_from_stat_ex() function via 0d32af6001d s3:libsmb: Return a 'struct stat' buffer for SMBC_getatr() via 9c7ec52a017 s3:libsmb: Add try_posixinfo to SMBSRV struct. Only enable for SMB1 with UNIX for now. via 9cb73280894 s3:libsmb: Generate the inode only based on the path component via 745f563d4c7 s3: libsmb: Move setting all struct stat fields into setup_stat(). via ee236c2f307 s3: libsmb: Move setting st->st_ino into setup_stat. via 06b0e8d3ae1 s3: libsmb: Change generate_inode()/setup_stat() to modern coding standards. via b5e8ba021bf s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir via 30352214311 Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero. via edeed08a04c pygpo: use correct method flags via bbeb73b40b8 VERSION: Bump version up to 4.10.12. via 2757c0711d0 s3: smbd: Only set xconn->smb1.negprot.done = true after supported_protocols[protocol].proto_reply_fn() succeeds. via d8d661aabfd python: tests. Add test for fuzzing smbd crash bug. via a622ad439bd s3: smbd: Ensure we exit if supported_protocols[protocol].proto_reply_fn() fails. via fb1beba0091 s3: smbd: Change (*proto_reply_fn()) to return an NTSTATUS. via 2feddd181dd s3: smbd: Change reply_smb20xx() to return NTSTATUS. via 100caebe0b7 s3: smbd: Ensure we exit on smbd_smb2_process_negprot() fail. via 546a2e935a5 s3: smbd: Allow smbd_smb2_process_negprot() to return NTSTATUS as it can fail. via 41c9250320d s3: smbd: SMB2 - Ensure we use the correct session_id if encrypting an interim response. via 8f9a2afd469 Merge tag 'samba-4.10.11' into v4-10-test via cc58e4b1899 heimdal-build: avoid hard-coded /usr/include/heimdal in asn1_compile-generated code. via 939a0c8bb24 ctdb-tcp: Close inflight connecting TCP sockets after fork via 47b1e70b6aa ctdb-tcp: Drop tracking of file descriptor for incoming connections via 39f93ff7121 ctdb-tcp: Avoid orphaning the TCP incoming queue via 5eb95d0d088 ctdb-tcp: Check incoming queue to see if incoming connection is up via 471835acb08 s3: libsmb: Ensure return from net_share_enum_rpc() sets cli->raw_status on error. via 0b6c23def7b s3: utils: smbtree. Ensure we don't call cli_RNetShareEnum() on an SMB1 connection. via dd946f54f6f s3: libsmb: Ensure we don't call cli_RNetShareEnum() on an SMB1 connection. via 7fe9b58d665 s3:printing: Fix %J substition via c7013a9f905 s3:printing: add a DEBUG statement via 136a1553f6c s3:lib: factor out talloc_sub_advanced() from talloc_sub_full() via 3a9fa54ca0e s3: rename talloc_sub_advanced() to talloc_sub_full() via eb304625299 s3: remove unused function standard_sub_advanced() via 046fe483012 s3: replace standard_sub_advanced with talloc_sub_advanced in one place via 2f6ec2e6aa5 s3:printing: fix a long line via 33142a8fe9b lib/adouble: pass filesize to ad_unpack() via 2a61a6b7c37 lib/adouble: drop ad_data reallocate logic via f3482d9efc8 vfs_fruit: README.Coding fix: multi-line if expression via 5f4e4ff16a8 vfs_fruit: fix a long line via d3a81333a8f torture: expand test "vfs.fruit.resource fork IO" to check size via e6129b8930b s3:smbd: Fix sync dosmode fallback in async dosmode codepath via 5ba5a1dc780 s3:smbd: Incomplete conversion of former parametric options via 47466691ccb s3: remove now unneeded call to cmdline_messaging_context() via 459ead6d8f0 s3:dbwrap: initialize messaging before getting the ctdb connection via 466b19feef4 libnet_join: add SPNs for additional-dns-hostnames entries via d57753e3476 docs-xml: add "additional dns hostnames" smb.conf option via 3d9240bf3cf libnet_join_set_machine_spn: simplify adding uniq
[SCM] Samba Shared Repository - annotated tag samba-4.10.13 created
The annotated tag, samba-4.10.13 has been created at 55a5c999f6171c9ed8a878458dac506be30e2f1c (tag) tagging 9678370227a74de83a1a80689c17a5e11a16c598 (commit) replaces samba-4.10.12 tagged by Karolin Seeger on Thu Jan 23 16:40:53 2020 +0100 - Log - samba: tag release samba-4.10.13 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXim+hQAKCRBvM5FbZWi3 6vF7AKCprSwbP8NLSf7nG4oMXV7Mjd0u3QCdGAs0s7FQg5m7q2O2Sunzl5iwZhM= =Yfbk -END PGP SIGNATURE- Andreas Schneider (7): replace: Only link libnsl and libsocket if requrired s3:libsmb: Generate the inode only based on the path component s3:libsmb: Add try_posixinfo to SMBSRV struct. Only enable for SMB1 with UNIX for now. s3:libsmb: Return a 'struct stat' buffer for SMBC_getatr() s3:libsmb: Add a setup_stat_from_stat_ex() function libsmbclient: If over SMB1 first try to do a posix stat on the file. librpc: Fix string length checking in ndr_pull_charset_to_null() Anoop C S (1): s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir Björn Jacke (2): waf: print the library name in which we search for a function docs-xml/winbindnssinfo: clarify interaction with idmap_ad etc. Christof Schmitt (1): wscript: Remove checks for shm_open and shmget Douglas Bagnall (1): pygpo: use correct method flags Gary Lockyer (2): test upgradedns: ensure lmdb lock files linked upgradedns: ensure lmdb lock files linked Isaac Boukris (6): libnet_join: build dnsHostName from netbios name and lp_dnsdomain() libnet_join_set_machine_spn: improve style and make a bit room for indentation libnet_join_set_machine_spn: simplify memory handling libnet_join_set_machine_spn: simplify adding uniq spn to array docs-xml: add "additional dns hostnames" smb.conf option libnet_join: add SPNs for additional-dns-hostnames entries Jeremy Allison (16): s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesn't return an inode number. s3: torture: Ensure SMB1 cli_qpathinfo2() doesn't return an inode number. s3: libsmb: Ensure we don't call cli_RNetShareEnum() on an SMB1 connection. s3: utils: smbtree. Ensure we don't call cli_RNetShareEnum() on an SMB1 connection. s3: libsmb: Ensure return from net_share_enum_rpc() sets cli->raw_status on error. s3: smbd: SMB2 - Ensure we use the correct session_id if encrypting an interim response. s3: smbd: Allow smbd_smb2_process_negprot() to return NTSTATUS as it can fail. s3: smbd: Ensure we exit on smbd_smb2_process_negprot() fail. s3: smbd: Change reply_smb20xx() to return NTSTATUS. s3: smbd: Change (*proto_reply_fn()) to return an NTSTATUS. s3: smbd: Ensure we exit if supported_protocols[protocol].proto_reply_fn() fails. python: tests. Add test for fuzzing smbd crash bug. s3: smbd: Only set xconn->smb1.negprot.done = true after supported_protocols[protocol].proto_reply_fn() succeeds. s3: libsmb: Change generate_inode()/setup_stat() to modern coding standards. s3: libsmb: Move setting st->st_ino into setup_stat. s3: libsmb: Move setting all struct stat fields into setup_stat(). Karolin Seeger (9): VERSION: Bump version up to 4.10.10... Merge tag 'samba-4.10.10' into v4-10-test VERSION: Bump version up to 4.10.11. Merge tag 'samba-4.10.11' into v4-10-test VERSION: Bump version up to 4.10.12. Merge tag 'samba-4.10.12' into v4-10-test VERSION: Bump version up to 4.10.13. WHATSNEW: Add release notes for Samba 4.10.13. VERSION: Disable GIT_SNAPSHOT for the 4.10.13 release. Martin Schwenke (5): ctdb-tcp: Check incoming queue to see if incoming connection is up ctdb-tcp: Avoid orphaning the TCP incoming queue ctdb-tcp: Drop tracking of file descriptor for incoming connections ctdb-scripts: Strip square brackets when gathering connection info ctdb-tests: Skip some tests that don't work with IPv6 Ralph Boehme (16): s3:dbwrap: initialize messaging before getting the ctdb connection s3: remove now unneeded call to cmdline_messaging_context() s3:smbd: Incomplete conversion of former parametric options s3:smbd: Fix sync dosmode fallback in async dosmode codepath torture: expand test "vfs.fruit.resource fork IO" to check size vfs_fruit: fix a long line vfs_fruit: README.Coding fix: multi-line if expression lib/adouble: drop ad_data reallocate logic lib/adouble: pass filesize to ad_unpack() s3:printing: fix a long line s3: replace standard_sub_advanced with talloc_sub_advanced in one place s3: remove unused function standard_sub_advanced() s3: rename talloc_sub_advanced() to talloc_sub_full() s3:lib: factor out talloc_sub_advanced() fr
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 9dca42f43b3 VERSION: Bump version up to 4.10.14... via 9678370227a VERSION: Disable GIT_SNAPSHOT for the 4.10.13 release. via 5630c60aea4 WHATSNEW: Add release notes for Samba 4.10.13. from 969123b4ab8 script/release.sh: make it possible to run from a git worktree https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 9dca42f43b3ebea74ec20d9b8b0452fe23649443 Author: Karolin Seeger Date: Thu Jan 23 16:17:55 2020 +0100 VERSION: Bump version up to 4.10.14... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 9678370227a74de83a1a80689c17a5e11a16c598 Author: Karolin Seeger Date: Thu Jan 23 16:17:03 2020 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.10.13 release. Signed-off-by: Karolin Seeger commit 5630c60aea45059c297491aa3b661d074748978d Author: Karolin Seeger Date: Thu Jan 23 16:15:55 2020 +0100 WHATSNEW: Add release notes for Samba 4.10.13. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 105 +-- 2 files changed, 104 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 0d742c7bf2e..97931963662 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=10 -SAMBA_VERSION_RELEASE=13 +SAMBA_VERSION_RELEASE=14 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 82e54d46a79..fae7ac01244 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,104 @@ + === + Release Notes for Samba 4.10.13 + January 23, 2020 + === + + +This is the latest stable release of the Samba 4.10 release series. + + +Changes since 4.10.12 +-- + +o Jeremy Allison + * BUG 14161: s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesn't return an + inode number. + * BUG 14174: s3: utils: smbtree. Ensure we don't call cli_RNetShareEnum() + on an SMB1 connection. + * BUG 14176: s3: libsmb: Ensure return from net_share_enum_rpc() sets + cli->raw_status on error. + * BUG 14189: s3: smbd: SMB2 - Ensure we use the correct session_id if + encrypting an interim response. + * BUG 14205: s3: smbd: Only set xconn->smb1.negprot.done = true after + supported_protocols[protocol].proto_reply_fn() succeeds. + +o Douglas Bagnall + * BUG 14209: pygpo: Use correct method flags. + +o Ralph Boehme + * BUG 13925: s3: Remove now unneeded call to cmdline_messaging_context(). + * BUG 14069: Incomplete conversion of former parametric options. + * BUG 14070: Fix sync dosmode fallback in async dosmode codepath. + * BUG 14171: vfs_fruit returns capped resource fork length. + * BUG 13745: s3:printing: Fix %J substition. + +o Isaac Boukris + * BUG 14116: libnet_join: Add SPNs for additional-dns-hostnames entries. + +o Torsten Fohrer + * BUG 14209: Avoiding bad call flags with python 3.8, using METH_NOARGS + instead of zero. + +o Björn Jacke + * BUG 14122: docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc. + +o Volker Lendecke + * BUG 14175: ctdb-tcp: Close inflight connecting TCP sockets after fork. + +o Stefan Metzmacher + * BUG 14153: s4:dirsync: Fix interaction of dirsync and extended_dn controls. + +o Gary Lockyer + * BUG 14199: upgradedns: Ensure lmdb lock files linked. + +o Anoop C S + * BUG 14182: s3: VFS: glusterfs: Reset nlinks for symlink entries during + readdir. + +o Christof Schmitt + * BUG 14140: wscript: Remove checks for shm_open and shmget. + +o Andreas Schneider + * BUG 14101: libsmbclient: smbc_stat() doesn't return the correct st_mode + and also the uid/gid is not filled (SMBv1). + * BUG 14168: replace: Only link libnsl and libsocket if required. + * BUG 14219: librpc: Fix string length checking in + ndr_pull_charset_to_null(). + +o Uri Simchoni + * BUG 13856: heimdal-build: Avoid hard-coded /usr/include/heimdal in + asn1_compile-generated code. + +o Martin Schwenke + * BUG 14175: ctdb-tcp: Drop tracking of file descriptor for incoming + connections. + * BUG 14227: ctdb-scripts: Strip square brackets when gathering connection + info. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 13658324a3a CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone via 34a8cee348d CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs via 86023642c39 repl_meta_data: Only reset replMetaData entry for name if we made a conflict name here via 9e126852a69 repl_meta_data: Do not set *rename = true unless there has been a conflict on the incoming DN via 512ea17983e repl_meta_data: Add comment explaining what is being renamed after the conflict is resolved via 2b1828276b3 CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs via b7030f9a8bd CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename via 4c62210098d CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. via 520d2ae187e CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN via 3f3791765c6 CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children via 5d714c1cea1 CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here via 545d205e5b2 CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction via febe15ab2e1 selftest: Add test to confirm ACL inheritence really happens via d64670bab82 CVE-2019-14902 selftest: Add test for a special case around replicated renames via 7b19e221aee CVE-2019-14902 selftest: Add test for replication of inherited security descriptors from 558bd7c83d0 util: Add detection of libunwind https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 13658324a3ab30213ff50c21308f287ef3a131fd Author: Gary Lockyer Date: Mon Dec 16 13:57:47 2019 +1300 CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone ldb_msg_add_empty reallocates the underlying element array, leaving old_el pointing to freed memory. This patch takes two defensive copies of the ldb message, and performs the updates on them rather than the ldb messages in the result. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14050 Signed-off-by: Gary Lockyer Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Tue Jan 21 11:38:38 UTC 2020 on sn-devel-184 commit 34a8cee348d3dfea18e92a4ae829ae797a652192 Author: Andrew Bartlett Date: Fri Nov 29 20:58:47 2019 +1300 CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs The string may be in another charset, or may be sensitive and certainly may not be terminated. It is not safe to just print. Found by Robert Święcki using a fuzzer he wrote for smbd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208 Signed-off-by: Andrew Bartlett commit 86023642c3961f00d0e4e6c71086739d9d568276 Author: Andrew Bartlett Date: Fri Dec 6 18:26:11 2019 +1300 repl_meta_data: Only reset replMetaData entry for name if we made a conflict name here We previously set it for any rename Signed-off-by: Andrew Bartlett commit 9e126852a6912e545641a506491f425a987e3b80 Author: Andrew Bartlett Date: Fri Dec 6 18:15:16 2019 +1300 repl_meta_data: Do not set *rename = true unless there has been a conflict on the incoming DN The normal case of a partner-sent rename is not a cause for updating the replPropertyMetaData Signed-off-by: Andrew Bartlett commit 512ea17983e7cca78778d493c75b4401a438dfbb Author: Andrew Bartlett Date: Fri Dec 6 17:55:13 2019 +1300 repl_meta_data: Add comment explaining what is being renamed after the conflict is resolved Signed-off-by: Andrew Bartlett commit 2b1828276b365a30131ac6ea543ac344941b8088 Author: Andrew Bartlett Date: Thu Dec 12 14:44:57 2019 +1300 CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs We can not process on the basis of a DN, as the DN may have changed in a rename, not only that this module can see, but also from repl_meta_data below. Therefore remove all the complex tree-based change processing, leaving only a tree-based sort of the possible objects to be changed, and a single stopped_dn variable containing the DN to stop processing below (after a no-op change). BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett commit b7030f9a8bd67f454c17d065d9af9199748aa6d3 Author: Andrew Bartlett Date: Fri Dec 6 18:26:42 2019 +1300 CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename Previously if there was a conflict, but the incoming object
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 7b47e920325 VERSION: Bump version up to 4.9.19. via ebad1b499f0 Merge tag 'samba-4.9.18' into v4-9-test via 5f8ef2f9eec VERSION: Disable GIT_SNAPSHOT for the 4.9.18 release. via 4e6475813f9 WHATSNEW: Add release notes for Samba 4.9.18. via 55fb0c2f67e CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone via ad0e68d354a CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs via 030fa9e5455 CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is never read warning via 16b377276ee CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs via 7071888d5b5 CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename via 9e6b09e0fd5 CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. via 9ac2b09fa5a CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN via 0fa9a362e55 CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children via 589d1e4846b CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here via 17215b36b22 CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction via 4afff32debe selftest: Add test to confirm ACL inheritence really happens via c5a005a4538 CVE-2019-14902 selftest: Add test for a special case around replicated renames via 77d55b64af6 CVE-2019-14902 selftest: Add test for replication of inherited security descriptors via 052a54a54f7 VERSION: Bump version up to Samba 4.9.18... from 5d91d4cdbeb VERSION: Bump version up to Samba 4.9.18... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 7b47e92032519cd2df26089f2688c52d5112cd7a Author: Karolin Seeger Date: Tue Jan 21 11:07:22 2020 +0100 VERSION: Bump version up to 4.9.19. Signed-off-by: Karolin Seeger commit ebad1b499f05731c506d0bcf14d95283d8289b33 Merge: 5d91d4cdbeb 5f8ef2f9eec Author: Karolin Seeger Date: Tue Jan 21 11:06:47 2020 +0100 Merge tag 'samba-4.9.18' into v4-9-test samba: tag release samba-4.9.18 --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 76 - lib/util/charset/convert_string.c | 33 +- source4/dsdb/kcc/scavenge_dns_records.c | 51 ++- source4/dsdb/samdb/ldb_modules/acl_util.c | 4 +- source4/dsdb/samdb/ldb_modules/descriptor.c | 291 + source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 55 +++- source4/dsdb/samdb/samdb.h | 2 +- source4/selftest/tests.py | 5 + source4/torture/drs/python/repl_secdesc.py | 400 10 files changed, 750 insertions(+), 169 deletions(-) create mode 100644 source4/torture/drs/python/repl_secdesc.py Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index e7c3f48ba86..bc59724074c 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=9 -SAMBA_VERSION_RELEASE=18 +SAMBA_VERSION_RELEASE=19 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index c1f544b2c5c..d9ee3b40646 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,75 @@ + == + Release Notes for Samba 4.9.18 + January 21, 2020 + == + + +This is a security release in order to address the following defects: + +o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD + Directory not automatic. +o CVE-2019-14907: Crash after failed character conversion at log level 3 or + above. +o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. + + +=== +Details +=== + +o CVE-2019
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 1c330a18d45 VERSION: Bump version up to 4.10.13. via a69b3905140 Merge tag 'samba-4.10.12' into v4-10-test via 06f7473fe56 VERSION: Disable GIT_SNAPSHOT for the 4.10.12 release. via 8e1313322ce WHATSNEW: Add release notes for Samba 4.11.5. via ed516929162 CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone via 7deeb0c93bb CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs via 28e6066e5db CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is never read warning via 90c1563cb83 CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs via d257c764a7b CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename via cf95287171e CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. via efb7ac7efe0 CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN via f3e3e8deb46 CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children via 8092b27908c CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here via 17e6091b99a CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction via 62e098fec23 selftest: Add test to confirm ACL inheritence really happens via 9480a26697e CVE-2019-14902 selftest: Add test for a special case around replicated renames via e7eeb725858 CVE-2019-14902 selftest: Add test for replication of inherited security descriptors via a4c62918730 VERSION: Re-enable GIT_SNAPSHOT. via 32d2cd1f5b5 VERSION: Bump version up to 4.10.12. from b2800628a6b ctdb-tests: Skip some tests that don't work with IPv6 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 1c330a18d459f649f594dd7b0e9f0bd7406a6b26 Author: Karolin Seeger Date: Tue Jan 21 11:05:28 2020 +0100 VERSION: Bump version up to 4.10.13. Signed-off-by: Karolin Seeger commit a69b3905140e62b5271936958f1b7ab6c425ded5 Merge: b2800628a6b 06f7473fe56 Author: Karolin Seeger Date: Tue Jan 21 11:05:05 2020 +0100 Merge tag 'samba-4.10.12' into v4-10-test samba: tag release samba-4.10.12 --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 76 - lib/util/charset/convert_string.c | 33 +- source4/dsdb/kcc/scavenge_dns_records.c | 51 ++- source4/dsdb/samdb/ldb_modules/acl_util.c | 4 +- source4/dsdb/samdb/ldb_modules/descriptor.c | 291 + source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 55 +++- source4/dsdb/samdb/samdb.h | 2 +- source4/selftest/tests.py | 6 + source4/torture/drs/python/repl_secdesc.py | 400 10 files changed, 751 insertions(+), 169 deletions(-) create mode 100644 source4/torture/drs/python/repl_secdesc.py Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 95e454cceea..0d742c7bf2e 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=10 -SAMBA_VERSION_RELEASE=12 +SAMBA_VERSION_RELEASE=13 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 6b3fbc88d50..82e54d46a79 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,75 @@ + === + Release Notes for Samba 4.10.12 + January 21, 2020 + === + + +This is a security release in order to address the following defects: + +o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD + Directory not automatic. +o CVE-2019-14907: Crash after failed character conversion at log level 3 or + above. +o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. + + +=== +Details +=== + +o CVE-2019-14902: + The implementation of ACL inheritance in the Samba AD DC was not complete, + and so absent a 'full-sync' replication, ACLs could get out of sync between + domain controllers. + +o CVE-2019-14907: + When processing untrusted string input Samba can read past the end of the + allocated buffer when printing a "Conversion error" message to the logs. + +o CVE-2019-19344: + During DNS zone scavenging (of expired dynamic entries) there is a re
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via c5f61b9dd0a VERSION: Bump version up to 4.11.6. via 5f735302220 Merge tag 'samba-4.11.5' into v4-11-test via 01a4dd8ea2b VERSION: Disable GIT_SNAPSHOT for the 4.11.5 release. via 16f159bdd2d WHATSNEW: Add release notes for Samba 4.11.5. via a56fb1c0427 CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone via 0010822597d CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs via 5884a973309 CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs via da1d3a0c03c CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename via febccb4845e CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. via 2cf368d0023 CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN via dc1b30c8316 CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children via 68a91b11e40 CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here via 971247385a4 CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction via 50498111ac0 selftest: Add test to confirm ACL inheritence really happens via 59a7bbe0c15 CVE-2019-14902 selftest: Add test for a special case around replicated renames via 6b6a993e6af CVE-2019-14902 selftest: Add test for replication of inherited security descriptors via 98761ff1b2e VERSION: Bump version up to 4.11.5... from c5dee3fcee6 libsmbclient: If over SMB1 first try to do a posix stat on the file. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit c5f61b9dd0a0624ba91f1ee9277c653ebb38a3e6 Author: Karolin Seeger Date: Tue Jan 21 11:02:17 2020 +0100 VERSION: Bump version up to 4.11.6. Signed-off-by: Karolin Seeger commit 5f73530222071af7cf6d9fa044cde86217fec112 Merge: c5dee3fcee6 01a4dd8ea2b Author: Karolin Seeger Date: Tue Jan 21 11:01:42 2020 +0100 Merge tag 'samba-4.11.5' into v4-11-test samba: tag release samba-4.11.5 --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 76 - lib/util/charset/convert_string.c | 38 +-- source4/dsdb/kcc/scavenge_dns_records.c | 51 ++- source4/dsdb/samdb/ldb_modules/acl_util.c | 4 +- source4/dsdb/samdb/ldb_modules/descriptor.c | 291 + source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 55 +++- source4/dsdb/samdb/samdb.h | 2 +- source4/selftest/tests.py | 5 + source4/torture/drs/python/repl_secdesc.py | 400 10 files changed, 752 insertions(+), 172 deletions(-) create mode 100644 source4/torture/drs/python/repl_secdesc.py Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 7bbd4754860..0f54515c8b9 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=11 -SAMBA_VERSION_RELEASE=5 +SAMBA_VERSION_RELEASE=6 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 830081446ab..99272550643 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,75 @@ + == + Release Notes for Samba 4.11.5 + January 21, 2020 + == + + +This is a security release in order to address the following defects: + +o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD + Directory not automatic. +o CVE-2019-14907: Crash after failed character conversion at log level 3 or + above. +o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. + + +=== +Details +=== + +o CVE-2019-14902: + The implementation
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 23dc692 NEWS[4.11.5]: Samba 4.11.5, 4.10.12 and 4.9.18 Security Releases Available from 1f2b0f6 Add Samba 4.11.4. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 23dc692e9585ed8a3005dbb7d0d834cef27431ba Author: Karolin Seeger Date: Tue Jan 14 09:54:01 2020 +0100 NEWS[4.11.5]: Samba 4.11.5, 4.10.12 and 4.9.18 Security Releases Available Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 3 + history/samba-4.10.12.html | 71 +++ history/samba-4.11.5.html| 71 +++ history/samba-4.9.18.html| 71 +++ history/security.html| 23 + posted_news/20200121-090843.4.11.5.body.html | 33 +++ posted_news/20200121-090843.4.11.5.headline.html | 4 + security/CVE-2019-14902.html | 108 +++ security/CVE-2019-14907.html | 83 + security/CVE-2019-19344.html | 87 ++ 10 files changed, 554 insertions(+) create mode 100644 history/samba-4.10.12.html create mode 100644 history/samba-4.11.5.html create mode 100644 history/samba-4.9.18.html create mode 100644 posted_news/20200121-090843.4.11.5.body.html create mode 100644 posted_news/20200121-090843.4.11.5.headline.html create mode 100644 security/CVE-2019-14902.html create mode 100644 security/CVE-2019-14907.html create mode 100644 security/CVE-2019-19344.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 8a663ae..6afeebd 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,11 +9,13 @@ Release Notes + samba-4.11.5 samba-4.11.4 samba-4.11.3 samba-4.11.2 samba-4.11.1 samba-4.11.0 + samba-4.10.12 samba-4.10.11 samba-4.10.10 samba-4.10.9 @@ -26,6 +28,7 @@ samba-4.10.2 samba-4.10.1 samba-4.10.0 + samba-4.9.18 samba-4.9.17 samba-4.9.16 samba-4.9.15 diff --git a/history/samba-4.10.12.html b/history/samba-4.10.12.html new file mode 100644 index 000..cf86c8a --- /dev/null +++ b/history/samba-4.10.12.html @@ -0,0 +1,71 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.10.12 - Release Notes + + +Samba 4.10.12 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.10.12.tar.gz;>Samba 4.10.12 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.10.12.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.10.11-4.10.12.diffs.gz;>Patch (gzipped) against Samba 4.10.11 +https://download.samba.org/pub/samba/patches/samba-4.10.11-4.10.12.diffs.asc;>Signature + + + + === + Release Notes for Samba 4.10.12 + January 21, 2020 + === + + +This is a security release in order to address the following defects: + +o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD + Directory not automatic. +o CVE-2019-14907: Crash after failed character conversion at log level 3 or + above. +o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. + + +=== +Details +=== + +o CVE-2019-14902: + The implementation of ACL inheritance in the Samba AD DC was not complete, + and so absent a full-sync replication, ACLs could get out of sync between + domain controllers. + +o CVE-2019-14907: + When processing untrusted string input Samba can read past the end of the + allocated buffer when printing a Conversion error message to the logs. + +o CVE-2019-19344: + During DNS zone scavenging (of expired dynamic entries) there is a read of + memory after it has been freed. + +For more details and workarounds, please refer to the security advisories. + + +Changes since 4.10.11 +-- + +o Andrew Bartlett abart...@samba.org + * BUG 12497: CVE-2019-14902: Replication of ACLs down subtree on AD Directory + not automatic. + * BUG 14208: CVE-2019-14907: lib/util: Do not print the failed to convert + string into the logs. + +o Gary Lockyer g.
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via 5f8ef2f9eec VERSION: Disable GIT_SNAPSHOT for the 4.9.18 release. via 4e6475813f9 WHATSNEW: Add release notes for Samba 4.9.18. via 55fb0c2f67e CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone via ad0e68d354a CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs via 030fa9e5455 CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is never read warning via 16b377276ee CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs via 7071888d5b5 CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename via 9e6b09e0fd5 CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. via 9ac2b09fa5a CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN via 0fa9a362e55 CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children via 589d1e4846b CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here via 17215b36b22 CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction via 4afff32debe selftest: Add test to confirm ACL inheritence really happens via c5a005a4538 CVE-2019-14902 selftest: Add test for a special case around replicated renames via 77d55b64af6 CVE-2019-14902 selftest: Add test for replication of inherited security descriptors via 052a54a54f7 VERSION: Bump version up to Samba 4.9.18... from 631a49647b7 VERSION: Disable GIT_SNAPSHOT for the 4.9.17 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - commit 5f8ef2f9eecbc6c6c405bdb55ed685ad83008c11 Author: Karolin Seeger Date: Fri Jan 10 16:30:15 2020 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.9.18 release. o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. o CVE-2019-14907: Crash after failed character conversion at log level 3 or above. o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. Signed-off-by: Karolin Seeger commit 4e6475813f9e5a32207244857fd11f330a49a65b Author: Karolin Seeger Date: Fri Jan 10 11:58:31 2020 +0100 WHATSNEW: Add release notes for Samba 4.9.18. o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. o CVE-2019-14907: Crash after failed character conversion at log level 3 or above. o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. Signed-off-by: Karolin Seeger commit 55fb0c2f67ef1906c942729c00f9f918dd92a658 Author: Gary Lockyer Date: Mon Dec 16 13:57:47 2019 +1300 CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone ldb_msg_add_empty reallocates the underlying element array, leaving old_el pointing to freed memory. This patch takes two defensive copies of the ldb message, and performs the updates on them rather than the ldb messages in the result. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14050 Signed-off-by: Gary Lockyer commit ad0e68d354ad33c577dbf146fc4a1b8254857558 Author: Andrew Bartlett Date: Fri Nov 29 20:58:47 2019 +1300 CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs The string may be in another charset, or may be sensitive and certainly may not be terminated. It is not safe to just print. Found by Robert Święcki using a fuzzer he wrote for smbd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208 Signed-off-by: Andrew Bartlett (adapted from master commit) commit 030fa9e5455125e30b71c90be80baadb657d8993 Author: Noel Power Date: Fri May 24 13:37:00 2019 + CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is never read warning Fixes: lib/util/charset/convert_string.c:301:5: warning: Value stored to 'reason' is never read <--[clang] BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208 Signed-off-by: Noel Power Reviewed-by: Gary Lockyer g...@catalyst.net.nz (cherry picked from commit add47e288bc80c1bf45765d1588a9fa5998ea677) commit 16b377276ee82c04d069666e53deaa95a7633dd4 Author: Andrew Bartlett Date: Thu Dec 12 14:44:57 2019 +1300 CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs We can not process on the basis of a DN, as the DN may have changed in a rename, not only that this module can see, but also from repl_meta_data below. Therefo
[SCM] Samba Shared Repository - annotated tag samba-4.9.18 created
The annotated tag, samba-4.9.18 has been created at 9ccbee36aac2bbaad4d7ef3309ac558176d8325a (tag) tagging 5f8ef2f9eecbc6c6c405bdb55ed685ad83008c11 (commit) replaces samba-4.9.17 tagged by Karolin Seeger on Tue Jan 14 09:59:25 2020 +0100 - Log - samba: tag release samba-4.9.18 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXh2C7QAKCRBvM5FbZWi3 6mMqAKC3cXHx2BbXAOltLJ1XRqupYxIF5wCdEBY4+na7u9VHhOUsFvfyDbiI3rU= =ShVP -END PGP SIGNATURE- Andrew Bartlett (11): CVE-2019-14902 selftest: Add test for replication of inherited security descriptors CVE-2019-14902 selftest: Add test for a special case around replicated renames selftest: Add test to confirm ACL inheritence really happens CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs Gary Lockyer (1): CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone Karolin Seeger (3): VERSION: Bump version up to Samba 4.9.18... WHATSNEW: Add release notes for Samba 4.9.18. VERSION: Disable GIT_SNAPSHOT for the 4.9.18 release. Noel Power (1): CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is never read warning --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-stable updated
The branch, v4-10-stable has been updated via 06f7473fe56 VERSION: Disable GIT_SNAPSHOT for the 4.10.12 release. via 8e1313322ce WHATSNEW: Add release notes for Samba 4.11.5. via ed516929162 CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone via 7deeb0c93bb CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs via 28e6066e5db CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is never read warning via 90c1563cb83 CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs via d257c764a7b CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename via cf95287171e CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. via efb7ac7efe0 CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN via f3e3e8deb46 CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children via 8092b27908c CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here via 17e6091b99a CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction via 62e098fec23 selftest: Add test to confirm ACL inheritence really happens via 9480a26697e CVE-2019-14902 selftest: Add test for a special case around replicated renames via e7eeb725858 CVE-2019-14902 selftest: Add test for replication of inherited security descriptors via a4c62918730 VERSION: Re-enable GIT_SNAPSHOT. via 32d2cd1f5b5 VERSION: Bump version up to 4.10.12. from d644dfea6f2 VERSION: Disable GIT_SNAPSHOT for the 4.10.11 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-stable - Log - commit 06f7473fe565b3e2fd9413cbdcc77439d9907735 Author: Karolin Seeger Date: Thu Jan 9 12:51:27 2020 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.10.12 release. o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. o CVE-2019-14907: Crash after failed character conversion at log level 3 or above. o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. Signed-off-by: Karolin Seeger commit 8e1313322ce62b1dbd56957faa849e83d7c9ddfe Author: Karolin Seeger Date: Thu Jan 9 12:48:31 2020 +0100 WHATSNEW: Add release notes for Samba 4.11.5. o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. o CVE-2019-14907: Crash after failed character conversion at log level 3 or above. o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. Signed-off-by: Karolin Seeger commit ed5169291628b663c6d641f3c9e8d89bb84f91ac Author: Gary Lockyer Date: Mon Dec 16 13:57:47 2019 +1300 CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone ldb_msg_add_empty reallocates the underlying element array, leaving old_el pointing to freed memory. This patch takes two defensive copies of the ldb message, and performs the updates on them rather than the ldb messages in the result. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14050 Signed-off-by: Gary Lockyer commit 7deeb0c93bb5da014ea3d259ab9dbd63e8be72cb Author: Andrew Bartlett Date: Fri Nov 29 20:58:47 2019 +1300 CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs The string may be in another charset, or may be sensitive and certainly may not be terminated. It is not safe to just print. Found by Robert Święcki using a fuzzer he wrote for smbd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208 Signed-off-by: Andrew Bartlett (adapted from master commit) commit 28e6066e5db61ca0a375fd8712385c0d1761b257 Author: Noel Power Date: Fri May 24 13:37:00 2019 + CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is never read warning Fixes: lib/util/charset/convert_string.c:301:5: warning: Value stored to 'reason' is never read <--[clang] Signed-off-by: Noel Power Reviewed-by: Gary Lockyer g...@catalyst.net.nz (cherry picked from commit add47e288bc80c1bf45765d1588a9fa5998ea677) commit 90c1563cb83a59fb4d9b997fbde76bcec1092c29 Author: Andrew Bartlett Date: Thu Dec 12 14:44:57 2019 +1300 CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs We can not process on the basis of a DN, as the DN may have changed in a rename, not only that this module can see, but also from repl_meta_data below.
[SCM] Samba Shared Repository - annotated tag samba-4.10.12 created
The annotated tag, samba-4.10.12 has been created at dde19178d82ea800356b3b0544a1226af75a1f97 (tag) tagging 06f7473fe565b3e2fd9413cbdcc77439d9907735 (commit) replaces samba-4.10.11 tagged by Karolin Seeger on Tue Jan 14 09:56:55 2020 +0100 - Log - samba: tag release samba-4.10.12 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXh2CVwAKCRBvM5FbZWi3 6t2fAJ0X60FriEfN9NI3ssMsCid0VnOyYwCgn2YJuJ7a9qzVZskT5Gwn8YKNVGc= =bT2i -END PGP SIGNATURE- Andrew Bartlett (11): CVE-2019-14902 selftest: Add test for replication of inherited security descriptors CVE-2019-14902 selftest: Add test for a special case around replicated renames selftest: Add test to confirm ACL inheritence really happens CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs Gary Lockyer (1): CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone Karolin Seeger (4): VERSION: Bump version up to 4.10.12. VERSION: Re-enable GIT_SNAPSHOT. WHATSNEW: Add release notes for Samba 4.11.5. VERSION: Disable GIT_SNAPSHOT for the 4.10.12 release. Noel Power (1): CVE-2019-14907 lib/util/charset: clang: Fix Value stored to 'reason' is never read warning --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-11-stable updated
The branch, v4-11-stable has been updated via 01a4dd8ea2b VERSION: Disable GIT_SNAPSHOT for the 4.11.5 release. via 16f159bdd2d WHATSNEW: Add release notes for Samba 4.11.5. via a56fb1c0427 CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone via 0010822597d CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs via 5884a973309 CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs via da1d3a0c03c CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename via febccb4845e CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. via 2cf368d0023 CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN via dc1b30c8316 CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children via 68a91b11e40 CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here via 971247385a4 CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction via 50498111ac0 selftest: Add test to confirm ACL inheritence really happens via 59a7bbe0c15 CVE-2019-14902 selftest: Add test for a special case around replicated renames via 6b6a993e6af CVE-2019-14902 selftest: Add test for replication of inherited security descriptors via 98761ff1b2e VERSION: Bump version up to 4.11.5... from a3e0dc33741 VERSION: Disable GIT_SNAPSHOT for the 4.11.4 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-stable - Log - commit 01a4dd8ea2b7503270221beef02d21b0a2bc5ffa Author: Karolin Seeger Date: Wed Jan 8 11:55:21 2020 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.11.5 release. o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. o CVE-2019-14907: Crash after failed character conversion at log level 3 or above. o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. Signed-off-by: Karolin Seeger commit 16f159bdd2dc1fadcfa5920f895eb32f2ccdc73c Author: Karolin Seeger Date: Wed Jan 8 11:53:55 2020 +0100 WHATSNEW: Add release notes for Samba 4.11.5. o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic. o CVE-2019-14907: Crash after failed character conversion at log level 3 or above. o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC. Signed-off-by: Karolin Seeger commit a56fb1c04278e27381d5eaf52ec1036fceae411f Author: Gary Lockyer Date: Mon Dec 16 13:57:47 2019 +1300 CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone ldb_msg_add_empty reallocates the underlying element array, leaving old_el pointing to freed memory. This patch takes two defensive copies of the ldb message, and performs the updates on them rather than the ldb messages in the result. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14050 Signed-off-by: Gary Lockyer commit 0010822597db4b26858f2a03ea09e070854da782 Author: Andrew Bartlett Date: Fri Nov 29 20:58:47 2019 +1300 CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs The string may be in another charset, or may be sensitive and certainly may not be terminated. It is not safe to just print. Found by Robert Święcki using a fuzzer he wrote for smbd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208 Signed-off-by: Andrew Bartlett commit 5884a9733099f5be05e2de5d3452a882b5c35c27 Author: Andrew Bartlett Date: Thu Dec 12 14:44:57 2019 +1300 CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs We can not process on the basis of a DN, as the DN may have changed in a rename, not only that this module can see, but also from repl_meta_data below. Therefore remove all the complex tree-based change processing, leaving only a tree-based sort of the possible objects to be changed, and a single stopped_dn variable containing the DN to stop processing below (after a no-op change). BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 Signed-off-by: Andrew Bartlett commit da1d3a0c03c002f6d2ffc6cfc7c0c15a4baa1000 Author: Andrew Bartlett Date: Fri Dec 6 18:26:42 2019 +1300 CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename Previously if there was a conflict, but the incoming object would still win, this was not marked as a rename, and so inheritence was no
[SCM] Samba Shared Repository - annotated tag samba-4.11.5 created
The annotated tag, samba-4.11.5 has been created at a24064bd0fa285f9e9267ce97bef1d2832ee872f (tag) tagging 01a4dd8ea2b7503270221beef02d21b0a2bc5ffa (commit) replaces samba-4.11.4 tagged by Karolin Seeger on Tue Jan 14 09:53:44 2020 +0100 - Log - samba: tag release samba-4.11.5 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXh2BmAAKCRBvM5FbZWi3 6rKYAKCpA6mL2dMK5YnnsxtatX/R63hN7gCfYFXs8eqau1AKGkJFeqCURQJOvAc= =tGpQ -END PGP SIGNATURE- Andrew Bartlett (11): CVE-2019-14902 selftest: Add test for replication of inherited security descriptors CVE-2019-14902 selftest: Add test for a special case around replicated renames selftest: Add test to confirm ACL inheritence really happens CVE-2019-14902 dsdb: Explain that descriptor_sd_propagation_recursive() is proctected by a transaction CVE-2019-14902 dsdb: Add comments explaining why SD propagation needs to be done here CVE-2019-14902 dsdb: Ensure we honour both change->force_self and change->force_children CVE-2019-14902 repl_meta_data: schedule SD propagation to a renamed DN CVE-2019-14902 repl_meta_data: Fix issue where inherited Security Descriptors were not replicated. CVE-2019-14902 repl_meta_data: Set renamed = true (and so do SD inheritance) after any rename CVE-2019-14902 dsdb: Change basis of descriptor module deferred processing to be GUIDs CVE-2019-14907 lib/util: Do not print the failed to convert string into the logs Gary Lockyer (1): CVE-2019-19344 kcc dns scavenging: Fix use after free in dns_tombstone_records_zone Karolin Seeger (3): VERSION: Bump version up to 4.11.5... WHATSNEW: Add release notes for Samba 4.11.5. VERSION: Disable GIT_SNAPSHOT for the 4.11.5 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via c5dee3fcee6 libsmbclient: If over SMB1 first try to do a posix stat on the file. via e82e78b8747 s3:libsmb: Add a setup_stat_from_stat_ex() function via 8936e2d0274 s3:libsmb: Return a 'struct stat' buffer for SMBC_getatr() via 2db3606327f s3:libsmb: Add try_posixinfo to SMBSRV struct. Only enable for SMB1 with UNIX for now. via fa22e5b6133 s3:libsmb: Generate the inode only based on the path component via 260d66aa0aa s3: libsmb: Move setting all struct stat fields into setup_stat(). via 4eb710e3298 s3: libsmb: Move setting st->st_ino into setup_stat. via 463a2df2de7 s3: libsmb: Change generate_inode()/setup_stat() to modern coding standards. from ee215ff101d ctdb-tests: Skip some tests that don't work with IPv6 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit c5dee3fcee618c471d6bec02340eddef5dd68855 Author: Andreas Schneider Date: Mon Nov 25 11:11:13 2019 +0100 libsmbclient: If over SMB1 first try to do a posix stat on the file. Disable in future, if server doesn't support this. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Thu Dec 19 15:44:25 UTC 2019 on sn-devel-184 (cherry picked from commit 8b04590e4d8f817ad6d194bb9d622c18734e3011) Autobuild-User(v4-11-test): Karolin Seeger Autobuild-Date(v4-11-test): Wed Jan 15 10:33:14 UTC 2020 on sn-devel-184 commit e82e78b8747110b73231fdc83e18a43a06f71404 Author: Andreas Schneider Date: Mon Nov 25 11:10:49 2019 +0100 s3:libsmb: Add a setup_stat_from_stat_ex() function BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit b3e3cb3bbd86a53b48ee009adf811d48dd50dc8b) commit 8936e2d0274f5601f97e69aaaf2f92965dd00ddd Author: Andreas Schneider Date: Mon Nov 25 11:09:52 2019 +0100 s3:libsmb: Return a 'struct stat' buffer for SMBC_getatr() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit 0fe9dc5219beaf605da9c7922053f7324507b50e) commit 2db3606327fc4a1a19c294b87e8da6e2eb12e703 Author: Andreas Schneider Date: Mon Nov 25 11:06:57 2019 +0100 s3:libsmb: Add try_posixinfo to SMBSRV struct. Only enable for SMB1 with UNIX for now. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit bf9a3a7aa1913238ae2c997ce00369d0dbae3a08) commit fa22e5b613345fb80f8ea47332139c328c550f5b Author: Andreas Schneider Date: Wed Dec 18 13:27:26 2019 +0100 s3:libsmb: Generate the inode only based on the path component Currently we use the full smb url which includes also username and password. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit ea51a426e506bd6456814ecddcb63441859f9d89) commit 260d66aa0aa9868a826c9e6e96b937e94da9a3fd Author: Jeremy Allison Date: Fri Oct 18 10:48:55 2019 -0700 s3: libsmb: Move setting all struct stat fields into setup_stat(). That way we only have one place where a struct stat is synthesised for libsmbclient callers. Signed-off-by: Jeremy Allison Reviewed-by: Andreas Schneider (cherry picked from commit 1f0715c0e5e6ff371e3b393a0b35222c8b6f49bc) commit 4eb710e329827b4de9365fed8b02055e96d368cf Author: Jeremy Allison Date: Fri Oct 18 09:34:02 2019 -0700 s3: libsmb: Move setting st->st_ino into setup_stat. Signed-off-by: Puran Chand Signed-off-by: Jeremy Allison Reviewed-by: Andreas Schneider (cherry picked from commit 7d3b4f47be0359b496087fc40f89b815c7958dd6) commit 463a2df2de78f4110cb1b765293a94ebbd111658 Author: Jeremy Allison Date: Fri Oct 18 09:24:38 2019 -0700 s3: libsmb: Change generate_inode()/setup_stat() to modern coding standards. Change setup_stat() to be void. It doesn't return anything. Export so it can be used by upcoming smbc_readdirplus2() call. Remove unused SMBCCTX *context parameters. Remove unused talloc_stackframe(). Signed-off-by: Puran Chand Signed-off-by: Jeremy Allison Reviewed-by: Andreas Schneider (cherry picked from commit d44a84295b46cc6c540a9730a615a59c1f22a277) --- Summary of changes: source3/include/libsmb_internal.h | 22 +-- source3/libsmb/libsmb_dir.c | 31 - source3/libsmb/libsmb_
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via b2800628a6b ctdb-tests: Skip some tests that don't work with IPv6 via 57390cc5a36 ctdb-scripts: Strip square brackets when gathering connection info via 6a109e3ddb3 librpc: Fix string length checking in ndr_pull_charset_to_null() via fe015ece4ee upgradedns: ensure lmdb lock files linked via 78fb3cb0051 test upgradedns: ensure lmdb lock files linked via decce5e6e19 docs-xml/winbindnssinfo: clarify interaction with idmap_ad etc. via a2f8fdb4109 libsmbclient: If over SMB1 first try to do a posix stat on the file. via 6ae62c26ef9 s3:libsmb: Add a setup_stat_from_stat_ex() function via 0d32af6001d s3:libsmb: Return a 'struct stat' buffer for SMBC_getatr() via 9c7ec52a017 s3:libsmb: Add try_posixinfo to SMBSRV struct. Only enable for SMB1 with UNIX for now. via 9cb73280894 s3:libsmb: Generate the inode only based on the path component via 745f563d4c7 s3: libsmb: Move setting all struct stat fields into setup_stat(). via ee236c2f307 s3: libsmb: Move setting st->st_ino into setup_stat. via 06b0e8d3ae1 s3: libsmb: Change generate_inode()/setup_stat() to modern coding standards. from b5e8ba021bf s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit b2800628a6b0494d0e7c82a89ae288fdd0ae36f5 Author: Martin Schwenke Date: Thu Nov 28 14:00:58 2019 +1100 ctdb-tests: Skip some tests that don't work with IPv6 See the comments added to the tests. It may be possible to rewrite these so they do something sane for IPv6... some other time. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14227 RN: Fix IPv6 issues (NFS connection tracking, tests) Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs Autobuild-User(master): Amitay Isaacs Autobuild-Date(master): Fri Jan 3 00:00:55 UTC 2020 on sn-devel-184 (backported from commit 9edf15afc219a1a782ec1e4d29909361bbabc744) Signed-off-by: Martin Schwenke Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Tue Jan 14 12:46:17 UTC 2020 on sn-devel-144 commit 57390cc5a367376917f2c9a4545098742f7baccc Author: Martin Schwenke Date: Fri Dec 13 11:09:04 2019 +1100 ctdb-scripts: Strip square brackets when gathering connection info ss added square brackets around IPv6 addresses in versions > 4.12.0 via commit aba9c23a6e1cb134840c998df14888dca469a485. CentOS 7 added this feature somewhere mid-release. So, backward compatibility is obviously needed. As per the comment protocol/protocol_util.c should probably print and parse such square brackets. However, for backward compatibility the brackets would have to be stripped in both places in update_tickles()... or added to the ss output when missing. Best to leave this until we have a connection tracking daemon. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14227 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit 693080abe4d8bec96280af5a6aa668251a98ec5d) commit 6a109e3ddb355ec91e136f8b8dfbd29631ce25e8 Author: Andreas Schneider Date: Mon Dec 16 15:50:17 2019 +0100 librpc: Fix string length checking in ndr_pull_charset_to_null() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14219 Pair-Programmed-With: Guenther Deschner Signed-off-by: Guenther Deschner Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit f11e207e01c52566c47e350ff240fe95392de0c3) commit fe015ece4ee1b61efb97319156bfa85f299e8ffb Author: Gary Lockyer Date: Thu Dec 19 16:31:46 2019 +1300 upgradedns: ensure lmdb lock files linked Ensure that the '-lock' files for the dns partitions as well as the data files are linked when running samba_dnsupgrade --dns-backend=BIND9_DLZ failure to create these links can cause corruption of the corresponding data file. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14199 Signed-off-by: Gary Lockyer Reviewed-by: Andrew Bartlett (cherry picked from commit 0bd479140c18ab79479ced4f25f366744c3afe18) commit 78fb3cb005154482748c529e0c8dc47b7563504d Author: Gary Lockyer Date: Thu Dec 19 16:31:24 2019 +1300 test upgradedns: ensure lmdb lock files linked Add tests to check that the '-lock' files for the dns partitions as well as the data files are linked when running samba_dnsupgrade --dns-backend=BIND9_DLZ failure to create these links can cause corruption of the corresponding data file. Changes to python/samba/tests/__init__.py adding run_command manually copied from
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via ee215ff101d ctdb-tests: Skip some tests that don't work with IPv6 via 103d94566f1 ctdb-scripts: Strip square brackets when gathering connection info via 890513b5b3c librpc: Fix string length checking in ndr_pull_charset_to_null() via 1d28d27070a source4/utils/oLschema2ldif: include stdint.h before cmocka.h via 3889444e008 lib/ldb/tests: include stdint.h before cmocka.h via 67e429d86ae vfs_ceph_snapshots: fix root relative path handling via 54a028bd32b upgradedns: ensure lmdb lock files linked via 75d088aede5 test upgradedns: ensure lmdb lock files linked via 276a07d8eff docs-xml/winbindnssinfo: clarify interaction with idmap_ad etc. from 3659b26bcb4 s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit ee215ff101d6e3de23264fbbca9c9753a4751413 Author: Martin Schwenke Date: Thu Nov 28 14:00:58 2019 +1100 ctdb-tests: Skip some tests that don't work with IPv6 See the comments added to the tests. It may be possible to rewrite these so they do something sane for IPv6... some other time. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14227 RN: Fix IPv6 issues (NFS connection tracking, tests) Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs Autobuild-User(master): Amitay Isaacs Autobuild-Date(master): Fri Jan 3 00:00:55 UTC 2020 on sn-devel-184 (backported from commit 9edf15afc219a1a782ec1e4d29909361bbabc744) Signed-off-by: Martin Schwenke Autobuild-User(v4-11-test): Karolin Seeger Autobuild-Date(v4-11-test): Tue Jan 14 10:28:01 UTC 2020 on sn-devel-184 commit 103d94566f15d2fdf880cfb5f654896c67d02a42 Author: Martin Schwenke Date: Fri Dec 13 11:09:04 2019 +1100 ctdb-scripts: Strip square brackets when gathering connection info ss added square brackets around IPv6 addresses in versions > 4.12.0 via commit aba9c23a6e1cb134840c998df14888dca469a485. CentOS 7 added this feature somewhere mid-release. So, backward compatibility is obviously needed. As per the comment protocol/protocol_util.c should probably print and parse such square brackets. However, for backward compatibility the brackets would have to be stripped in both places in update_tickles()... or added to the ss output when missing. Best to leave this until we have a connection tracking daemon. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14227 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit 693080abe4d8bec96280af5a6aa668251a98ec5d) commit 890513b5b3cf8c8b14fc21c1f095b9d4a3f94e04 Author: Andreas Schneider Date: Mon Dec 16 15:50:17 2019 +0100 librpc: Fix string length checking in ndr_pull_charset_to_null() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14219 Pair-Programmed-With: Guenther Deschner Signed-off-by: Guenther Deschner Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit f11e207e01c52566c47e350ff240fe95392de0c3) commit 1d28d27070a7ade82283dab11c9ef7cadfbf54fb Author: Fabrice Fontaine Date: Mon Dec 16 10:28:53 2019 +0100 source4/utils/oLschema2ldif: include stdint.h before cmocka.h This fix the following build failure: In file included from /home/fabrice/buildroot/output/host/opt/ext-toolchain/lib/gcc/mips64el-buildroot-linux-uclibc/5.5.0/include/stdint.h:9:0, from /home/fabrice/buildroot/output/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/inttypes.h:27, from ../../lib/replace/../replace/replace.h:64, from ../../source4/include/includes.h:23, from ../../source4/utils/oLschema2ldif/test.c:25: /home/fabrice/buildroot/output/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/stdint.h:122:27: error: conflicting types for ‘uintptr_t’ typedef unsigned long int uintptr_t; ^ In file included from ../../source4/utils/oLschema2ldif/test.c:23:0: /home/fabrice/buildroot/output/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/cmocka.h:132:28: note: previous declaration of ‘uintptr_t’ was here typedef unsigned int uintptr_t; Fixes: - http://autobuild.buildroot.org/results/9507739b3d5d51024ee9c60b74c2f85d5004e7e2 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14218 Signed-off-by: Fabrice Fontaine Reviewed-by: Uri Simchoni Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Wed Dec 18 16:57:52 UTC 2019 on sn-devel-184 (cherry picked from com
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via b5e8ba021bf s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir via 30352214311 Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero. via edeed08a04c pygpo: use correct method flags from bbeb73b40b8 VERSION: Bump version up to 4.10.12. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit b5e8ba021bfeb98275d2d739cf9cbb4893d81997 Author: Anoop C S Date: Tue Nov 12 19:58:43 2019 +0530 s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir On receiving an already initialized stat_ex buffer for readdir() call we invoke readdirplus() GlusterFS API, an optimized variant of readdir(), which then returns stat information along with dir entry result. But for symlink entries we don't know if link or target info is needed. In that case it is better to leave this decision back to caller by resetting nlinks value inside stat information to make it invalid. This was also preventing us from displaying msdfs link as directories inside the share. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14182 Signed-off-by: Anoop C S Reviewed-by: Günther Deschner Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Dec 17 21:53:07 UTC 2019 on sn-devel-184 (cherry picked from commit fca2d3e0d1fa5af59e7b729f7c1d126f7b81e149) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Thu Dec 19 13:46:00 UTC 2019 on sn-devel-144 commit 3035221431130867923a7b85974f1d5faa4b568f Author: Torsten Fohrer Date: Sun Dec 15 16:58:40 2019 +0100 Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero. (C) SBE network solutions GmbH BUG: https://bugzilla.samba.org/show_bug.cgi?id=14209 Signed-off-by: Torsten Fohrer Reviewed-by: Douglas Bagnall Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Dec 18 14:33:58 UTC 2019 on sn-devel-184 (cherry picked from commit f0eb1e623f76d3dbd0c22f96cabebd1041c147df) commit edeed08a04c33e1bf77e6a4b6a24e739b60132bb Author: Douglas Bagnall Date: Tue Dec 3 11:17:26 2019 +1300 pygpo: use correct method flags The METH_KEYWORDS argument must always be combined with METH_VARARGS. In Python up to 3.7 this was checked at runtime, and as we had no callers to get_unix_path() in Python we never noticed. In Python 3.8 it is checked at import time, and everyone notices even if they aren't directly using GPOs. Found and reported by Val Kulkov. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14209 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett (cherry picked from commit 12cccf3447333dfd4f5e437cd57ca5ec68724fdd) --- Summary of changes: libgpo/pygpo.c | 2 +- source3/modules/vfs_glusterfs.c | 5 - source4/auth/gensec/pygensec.c | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c index 4db8cad7ca4..b8dfcd5572f 100644 --- a/libgpo/pygpo.c +++ b/libgpo/pygpo.c @@ -117,7 +117,7 @@ out: } static PyMethodDef GPO_methods[] = { - {"get_unix_path", (PyCFunction)py_gpo_get_unix_path, METH_KEYWORDS, + {"get_unix_path", (PyCFunction)py_gpo_get_unix_path, METH_VARARGS | METH_KEYWORDS, NULL }, {NULL} }; diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c index f2f9ab8e32c..cf51f5dd06b 100644 --- a/source3/modules/vfs_glusterfs.c +++ b/source3/modules/vfs_glusterfs.c @@ -560,7 +560,10 @@ static struct dirent *vfs_gluster_readdir(struct vfs_handle_struct *handle, } if (sbuf != NULL) { - smb_stat_ex_from_stat(sbuf, ); + SET_STAT_INVALID(*sbuf); + if (!S_ISLNK(stat.st_mode)) { + smb_stat_ex_from_stat(sbuf, ); + } } END_PROFILE(syscall_readdir); diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c index d27fe28648a..c9f3fd3b489 100644 --- a/source4/auth/gensec/pygensec.c +++ b/source4/auth/gensec/pygensec.c @@ -659,7 +659,7 @@ static PyMethodDef py_gensec_security_methods[] = { "S.have_feature()\n Return True if GENSEC negotiated a particular feature." }, { "set_max_update_size", (PyCFunction)py_gensec_set_max_update_size, METH_VARARGS, "S.set_max_update_size(max_size) \n Some mechs can fragment update packets, needs to be use before the mech is started." }, - { "max_u
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via 3659b26bcb4 s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir via db5c0d6c05b Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero. via a7505aabbe9 pygpo: use correct method flags from 5a75d981409 VERSION: Bump version up to 4.11.5... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit 3659b26bcb4a3592534a88d1e59712bb272b0d92 Author: Anoop C S Date: Tue Nov 12 19:58:43 2019 +0530 s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir On receiving an already initialized stat_ex buffer for readdir() call we invoke readdirplus() GlusterFS API, an optimized variant of readdir(), which then returns stat information along with dir entry result. But for symlink entries we don't know if link or target info is needed. In that case it is better to leave this decision back to caller by resetting nlinks value inside stat information to make it invalid. This was also preventing us from displaying msdfs link as directories inside the share. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14182 Signed-off-by: Anoop C S Reviewed-by: Günther Deschner Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Dec 17 21:53:07 UTC 2019 on sn-devel-184 (cherry picked from commit fca2d3e0d1fa5af59e7b729f7c1d126f7b81e149) Autobuild-User(v4-11-test): Karolin Seeger Autobuild-Date(v4-11-test): Thu Dec 19 09:52:17 UTC 2019 on sn-devel-184 commit db5c0d6c05b7d15ca0503642bb7741bf57d2d489 Author: Torsten Fohrer Date: Sun Dec 15 16:58:40 2019 +0100 Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero. (C) SBE network solutions GmbH BUG: https://bugzilla.samba.org/show_bug.cgi?id=14209 Signed-off-by: Torsten Fohrer Reviewed-by: Douglas Bagnall Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Dec 18 14:33:58 UTC 2019 on sn-devel-184 (cherry picked from commit f0eb1e623f76d3dbd0c22f96cabebd1041c147df) commit a7505aabbe9710a0b025f40ffd5c4db1a6d78ed0 Author: Douglas Bagnall Date: Tue Dec 3 11:17:26 2019 +1300 pygpo: use correct method flags The METH_KEYWORDS argument must always be combined with METH_VARARGS. In Python up to 3.7 this was checked at runtime, and as we had no callers to get_unix_path() in Python we never noticed. In Python 3.8 it is checked at import time, and everyone notices even if they aren't directly using GPOs. Found and reported by Val Kulkov. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14209 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett (cherry picked from commit 12cccf3447333dfd4f5e437cd57ca5ec68724fdd) --- Summary of changes: libgpo/pygpo.c | 2 +- source3/modules/vfs_glusterfs.c | 5 - source4/auth/gensec/pygensec.c | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c index 581d20e0649..97bbb3ec528 100644 --- a/libgpo/pygpo.c +++ b/libgpo/pygpo.c @@ -118,7 +118,7 @@ out: static PyMethodDef GPO_methods[] = { {"get_unix_path", PY_DISCARD_FUNC_SIG(PyCFunction, py_gpo_get_unix_path), - METH_KEYWORDS, + METH_VARARGS | METH_KEYWORDS, NULL }, {NULL} }; diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c index 8827bf018ab..f23a8821add 100644 --- a/source3/modules/vfs_glusterfs.c +++ b/source3/modules/vfs_glusterfs.c @@ -564,7 +564,10 @@ static struct dirent *vfs_gluster_readdir(struct vfs_handle_struct *handle, } if (sbuf != NULL) { - smb_stat_ex_from_stat(sbuf, ); + SET_STAT_INVALID(*sbuf); + if (!S_ISLNK(stat.st_mode)) { + smb_stat_ex_from_stat(sbuf, ); + } } END_PROFILE(syscall_readdir); diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c index b2c1e9c279a..c866180edb3 100644 --- a/source4/auth/gensec/pygensec.c +++ b/source4/auth/gensec/pygensec.c @@ -678,7 +678,7 @@ static PyMethodDef py_gensec_security_methods[] = { "S.have_feature()\n Return True if GENSEC negotiated a particular feature." }, { "set_max_update_size", (PyCFunction)py_gensec_set_max_update_size, METH_VARARGS, "S.set_max_update_size(max_size) \n Some mechs can fragment update packets, needs to be use before the mech is started." }, -
[SCM] Samba Shared Repository - branch v4-11-stable updated
The branch, v4-11-stable has been updated via a3e0dc33741 VERSION: Disable GIT_SNAPSHOT for the 4.11.4 release. via 36da9ac22d8 s3: smbd: Only set xconn->smb1.negprot.done = true after supported_protocols[protocol].proto_reply_fn() succeeds. via cfa22afe0a7 python: tests. Add test for fuzzing smbd crash bug. via 5f8fef17042 s3: smbd: Ensure we exit if supported_protocols[protocol].proto_reply_fn() fails. via e76ceea1deb s3: smbd: Change (*proto_reply_fn()) to return an NTSTATUS. via ce67f60822e s3: smbd: Change reply_smb20xx() to return NTSTATUS. via cff1d4c3421 s3: smbd: Ensure we exit on smbd_smb2_process_negprot() fail. via 0521333d477 s3: smbd: Allow smbd_smb2_process_negprot() to return NTSTATUS as it can fail. via a7fa51a7a56 s3: smbd: SMB2 - Ensure we use the correct session_id if encrypting an interim response. via b4fd49a46b2 VERSION: Bump version up to 4.11.4. via e81ef10bbf5 Merge tag 'samba-4.11.3' into v4-11-test via 91f39dbda15 smbd: Increase a debug level via ec4381228f3 heimdal-build: avoid hard-coded /usr/include/heimdal in asn1_compile-generated code. via c37b94fd0a7 ldb: Release ldb 2.0.8 via 1c8ac011360 autobuild: harden samba-xc test suite via b7894c151ab wafsamba: pass environment to cross-execute tests via 98dc227dce9 wafsamba: avoid pre-forking if cross-compilation is enabled via e1a0813aa5c wafsamba: use test_args instead of exec_args to support cross-compilation via b691110c267 waf: upgrade to 2.0.18 via 70c829304e0 ctdb-tcp: Close inflight connecting TCP sockets after fork via 0b78c29a0fa ctdb-tcp: Drop tracking of file descriptor for incoming connections via 77deaadca8e ctdb-tcp: Avoid orphaning the TCP incoming queue via bc152b8473a ctdb-tcp: Check incoming queue to see if incoming connection is up via 3e5b173ef44 gitlab-ci: Run samba-fileserver-heimdalkrb5 via 7d7e6326493 bootstrap: Add heimdal-multidev for Debian and Ubuntu via af83d6adf94 autobuild: Add test for build with system heimdal library via ce4ab72c01f krb5_plugin: Fix developer build with newer heimdal system library via 060ff2dd504 krb5_plugin: Use C99 initializer via 95f267704e7 selftest: system-heimdal: workaround upstream "host" canon bug via 83299928bbf wscript: Fix build with system heimdal via 9010e9f373e s3: libsmb: Ensure return from net_share_enum_rpc() sets cli->raw_status on error. via 78ead63dbff s3: utils: smbtree. Ensure we don't call cli_RNetShareEnum() on an SMB1 connection. via 4b249abae3b s3: libsmb: Ensure we don't call cli_RNetShareEnum() on an SMB1 connection. via 5d8e92a5727 s3:printing: Fix %J substition via 1f504300bf3 s3:printing: add a DEBUG statement via cbd6426ad51 s3:lib: factor out talloc_sub_advanced() from talloc_sub_full() via 90c90fc8a25 s3: rename talloc_sub_advanced() to talloc_sub_full() via 58ea968c752 s3: remove unused function standard_sub_advanced() via 69faa68148b s3: replace standard_sub_advanced with talloc_sub_advanced in one place via b4e5ae5bcba s3:printing: fix a long line via ce18ef9e545 lib/adouble: pass filesize to ad_unpack() via c00a8959b6f lib/adouble: drop ad_data reallocate logic via 1fa47717494 vfs_fruit: README.Coding fix: multi-line if expression via d47b2cb8a22 vfs_fruit: fix a long line via fb118393f39 torture: expand test "vfs.fruit.resource fork IO" to check size via 8c5e4161fa4 s3:smbd: Fix sync dosmode fallback in async dosmode codepath via eacdde195ac s3:smbd: Incomplete conversion of former parametric options via 098ddd6fe4e s3: remove now unneeded call to cmdline_messaging_context() via ac3cb59fd4f s3:dbwrap: initialize messaging before getting the ctdb connection via b30b3073f9c libnet_join: add SPNs for additional-dns-hostnames entries via 35da7673e88 docs-xml: add "additional dns hostnames" smb.conf option via 526ad3a904a libnet_join_set_machine_spn: simplify adding uniq spn to array via 3f9a9b95dd1 libnet_join_set_machine_spn: simplify memory handling via 2e7683c937e libnet_join_set_machine_spn: improve style and make a bit room for indentation via 0b3503a436a libnet_join: build dnsHostName from netbios name and lp_dnsdomain() via 79c2fd908d4 s4:dirsync: fix interaction of dirsync and extended_dn controls via b62705398d1 s4:tests/dirsync: add tests for dirsync with extended_dn via 2958016c30a replace: Only link libnsl and libsocket if requrired via 4aa37b8e722 s3: torture: Ensure SMB1 cli_qpathinfo2() doesn't return an inode number. via 509f11547f3 s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesn't return an inode number. via
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 1f2b0f6 Add Samba 4.11.4. via 193b989 NEWS[4.11.4]: Samba 4.11.4 Available for Download from 9ffc16f Fix link to 4.10 and 4.9 patches. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 1f2b0f6b8c3ffde0d0815e86f38e78c2d84873e4 Author: Karolin Seeger Date: Mon Dec 16 16:03:55 2019 +0100 Add Samba 4.11.4. Signed-off-by: Karolin Seeger commit 193b9899be91e2bc754e269e4363742f5aa0fec2 Author: Karolin Seeger Date: Mon Dec 16 16:02:30 2019 +0100 NEWS[4.11.4]: Samba 4.11.4 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.11.4.html| 80 posted_news/20191216-150336.4.11.4.body.html | 13 posted_news/20191216-150336.4.11.4.headline.html | 3 + 4 files changed, 97 insertions(+) create mode 100644 history/samba-4.11.4.html create mode 100644 posted_news/20191216-150336.4.11.4.body.html create mode 100644 posted_news/20191216-150336.4.11.4.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 2fc4ab6..8a663ae 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.11.4 samba-4.11.3 samba-4.11.2 samba-4.11.1 diff --git a/history/samba-4.11.4.html b/history/samba-4.11.4.html new file mode 100644 index 000..f74f3c6 --- /dev/null +++ b/history/samba-4.11.4.html @@ -0,0 +1,80 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.11.4 - Release Notes + + +Samba 4.11.4 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.11.4.tar.gz;>Samba 4.11.4 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.11.4.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.11.3-4.11.4.diffs.gz;>Patch (gzipped) against Samba 4.11.3 +https://download.samba.org/pub/samba/patches/samba-4.11.3-4.11.4.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.11.4 + December 16, 2019 + == + + +This is the latest stable release of the Samba 4.11 release series. + + +Changes since 4.11.3: +- + +o Jeremy Allison j...@samba.org + * BUG 14161: s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesnt return an inode + number. + * BUG 14174: s3: utils: smbtree. Ensure we dont call cli_RNetShareEnum() + on an SMB1 connection. + * BUG 14176: NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in + SMBC_opendir_ctx. + * BUG 14189: s3: smbd: SMB2 - Ensure we use the correct session_id if + encrypting an interim response. + * BUG 14205: Prevent smbd crash after invalid SMB1 negprot. + +o Ralph Boehme s...@samba.org + * BUG 13745: s3:printing: Fix %J substition. + * BUG 13925: s3: Remove now unneeded call to cmdline_messaging_context(). + * BUG 14069: Incomplete conversion of former parametric options. + * BUG 14070: Fix sync dosmode fallback in async dosmode codepath. + * BUG 14171: vfs_fruit returns capped resource fork length. + +o Isaac Boukris ibouk...@gmail.com + * BUG 14116: libnet_join: Add SPNs for additional-dns-hostnames entries. + +o Volker Lendecke v...@samba.org + * BUG 14211: smbd: Increase a debug level. + +o Stefan Metzmacher me...@samba.org + * BUG 14153: Prevent azure ad connect from reporting discovery errors: + reference-value-not-ldap-conformant. + +o Christof Schmitt c...@samba.org + * BUG 14179: krb5_plugin: Fix developer build with newer heimdal system + library. + +o Andreas Schneider a...@samba.org + * BUG 14168: replace: Only link libnsl and libsocket if requrired. + +o Martin Schwenke mar...@meltin.net + * BUG 14175: ctdb: Incoming queue can be orphaned causing communication + breakdown. + +o Uri Simchoni u...@samba.org + * BUG 13846: ldb: Release ldb 2.0.8. Cross-compile will not take + cross-answers or cross-execute. + * BUG 13856: heimdal-build: Avoid hard-coded /usr/include/heimdal in + asn1_compile-generated code. + + + + + + diff --git a/posted_news/20191216-150336.4.11.4.body.html b/posted_news/20191216-150336.4.11.4.body.html new file mode 100644 index 000..36d25e6 --- /dev/null +++ b/posted_news/20191216-150336.4.11.4.body.html @@ -0,0 +1,13 @@ + +16 December 2019 +Samba 4.11.4 Available for Download + +This is the latest stable release of the Samba 4
[SCM] Samba Shared Repository - annotated tag samba-4.11.4 created
The annotated tag, samba-4.11.4 has been created at 506d287e5a77f1247c8d157414422cfd667c73dd (tag) tagging a3e0dc33741044f68788796fe669b6a5f0004ea7 (commit) replaces ldb-2.0.8 tagged by Karolin Seeger on Mon Dec 16 16:02:14 2019 +0100 - Log - samba: tag release samba-4.11.4 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXfecdgAKCRBvM5FbZWi3 6hPVAJ9SZW+YpagB7FIBmz7bT8jlFQHz9gCfXIGMLw1X2ckUm8FoLqCCSEq1ALc= =bPIW -END PGP SIGNATURE- Andrew Bartlett (5): CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in dcesrv_DnssrvEnumRecords CVE-2019-14861: s4-rpc_server: Remove special case for @ in dns_build_tree() CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords) CVE-2019-14861: Test to demonstrate the bug s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_local Isaac Boukris (4): samba-tool: add user-sensitive command to set not-delegated flag CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag Jeremy Allison (8): s3: smbd: SMB2 - Ensure we use the correct session_id if encrypting an interim response. s3: smbd: Allow smbd_smb2_process_negprot() to return NTSTATUS as it can fail. s3: smbd: Ensure we exit on smbd_smb2_process_negprot() fail. s3: smbd: Change reply_smb20xx() to return NTSTATUS. s3: smbd: Change (*proto_reply_fn()) to return an NTSTATUS. s3: smbd: Ensure we exit if supported_protocols[protocol].proto_reply_fn() fails. python: tests. Add test for fuzzing smbd crash bug. s3: smbd: Only set xconn->smb1.negprot.done = true after supported_protocols[protocol].proto_reply_fn() succeeds. Karolin Seeger (7): VERSION: Bump version up to 4.11.3. VERSION: Re-enable GIT_SNAPSHOT. WHATSNEW: Add release notes for Samba 4.11.3. VERSION: Disable GIT_SNAPSHOT for the 4.11.3 release. Merge tag 'samba-4.11.3' into v4-11-test VERSION: Bump version up to 4.11.4. VERSION: Disable GIT_SNAPSHOT for the 4.11.4 release. Uri Simchoni (1): heimdal-build: avoid hard-coded /usr/include/heimdal in asn1_compile-generated code. Volker Lendecke (1): smbd: Increase a debug level --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via 5a75d981409 VERSION: Bump version up to 4.11.5... via a3e0dc33741 VERSION: Disable GIT_SNAPSHOT for the 4.11.4 release. from 36da9ac22d8 s3: smbd: Only set xconn->smb1.negprot.done = true after supported_protocols[protocol].proto_reply_fn() succeeds. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit 5a75d9814091631001be8d7d8ccec66ea6380cfb Author: Karolin Seeger Date: Mon Dec 16 15:54:00 2019 +0100 VERSION: Bump version up to 4.11.5... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit a3e0dc33741044f68788796fe669b6a5f0004ea7 Author: Karolin Seeger Date: Mon Dec 16 15:53:05 2019 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.11.4 release. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 85 ++-- 2 files changed, 84 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index cb2725e300c..7bbd4754860 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=11 -SAMBA_VERSION_RELEASE=4 +SAMBA_VERSION_RELEASE=5 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 8bafa38b47c..830081446ab 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,84 @@ + == + Release Notes for Samba 4.11.4 + December 16, 2019 + == + + +This is the latest stable release of the Samba 4.11 release series. + + +Changes since 4.11.3: +- + +o Jeremy Allison + * BUG 14161: s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesn't return an inode + number. + * BUG 14174: s3: utils: smbtree. Ensure we don't call cli_RNetShareEnum() + on an SMB1 connection. + * BUG 14176: NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in + SMBC_opendir_ctx. + * BUG 14189: s3: smbd: SMB2 - Ensure we use the correct session_id if + encrypting an interim response. + * BUG 14205: Prevent smbd crash after invalid SMB1 negprot. + +o Ralph Boehme + * BUG 13745: s3:printing: Fix %J substition. + * BUG 13925: s3: Remove now unneeded call to cmdline_messaging_context(). + * BUG 14069: Incomplete conversion of former parametric options. + * BUG 14070: Fix sync dosmode fallback in async dosmode codepath. + * BUG 14171: vfs_fruit returns capped resource fork length. + +o Isaac Boukris + * BUG 14116: libnet_join: Add SPNs for additional-dns-hostnames entries. + +o Volker Lendecke + * BUG 14211: smbd: Increase a debug level. + +o Stefan Metzmacher + * BUG 14153: Prevent azure ad connect from reporting discovery errors: + reference-value-not-ldap-conformant. + +o Christof Schmitt + * BUG 14179: krb5_plugin: Fix developer build with newer heimdal system + library. + +o Andreas Schneider + * BUG 14168: replace: Only link libnsl and libsocket if requrired. + +o Martin Schwenke + * BUG 14175: ctdb: Incoming queue can be orphaned causing communication + breakdown. + +o Uri Simchoni + * BUG 13846: ldb: Release ldb 2.0.8. Cross-compile will not take + cross-answers or cross-execute. + * BUG 13856: heimdal-build: Avoid hard-coded /usr/include/heimdal in + asn1_compile-generated code. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + == Release Notes for Samba 4.11.3 December 10, 2019 @@ -57,8 +138,8 @@ database (https://bugzilla.samba.org/). == -Release notes for olde
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via bbeb73b40b8 VERSION: Bump version up to 4.10.12. via 2757c0711d0 s3: smbd: Only set xconn->smb1.negprot.done = true after supported_protocols[protocol].proto_reply_fn() succeeds. via d8d661aabfd python: tests. Add test for fuzzing smbd crash bug. via a622ad439bd s3: smbd: Ensure we exit if supported_protocols[protocol].proto_reply_fn() fails. via fb1beba0091 s3: smbd: Change (*proto_reply_fn()) to return an NTSTATUS. via 2feddd181dd s3: smbd: Change reply_smb20xx() to return NTSTATUS. via 100caebe0b7 s3: smbd: Ensure we exit on smbd_smb2_process_negprot() fail. via 546a2e935a5 s3: smbd: Allow smbd_smb2_process_negprot() to return NTSTATUS as it can fail. via 41c9250320d s3: smbd: SMB2 - Ensure we use the correct session_id if encrypting an interim response. from 8f9a2afd469 Merge tag 'samba-4.10.11' into v4-10-test https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit bbeb73b40b885364a9ccf9108d4a930eaba0686c Author: Karolin Seeger Date: Mon Dec 16 09:03:42 2019 +0100 VERSION: Bump version up to 4.10.12. Signed-off-by: Karolin Seeger Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Mon Dec 16 11:27:12 UTC 2019 on sn-devel-144 commit 2757c0711d02c2135afb161dac70d2150b18190b Author: Jeremy Allison Date: Tue Nov 26 12:53:09 2019 -0800 s3: smbd: Only set xconn->smb1.negprot.done = true after supported_protocols[protocol].proto_reply_fn() succeeds. Otherwise we can end up with negprot.done set, but without smbXsrv_connection_init_tables() being called. This can cause a client self-crash. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205 Signed-off-by: Jeremy Allison Reviewed-by: Volker Lendecke Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Dec 4 21:27:24 UTC 2019 on sn-devel-184 (cherry picked from commit 8db0c1bff6f42feabd2e4d9dfb13ae12cc29607b) commit d8d661aabfdb04b8a472b85e6cc3fba0dd490c23 Author: Jeremy Allison Date: Mon Dec 2 17:23:21 2019 -0800 python: tests. Add test for fuzzing smbd crash bug. Mark knownfail for now. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205 Signed-off-by: Jeremy Allison Reviewed-by: Andrew Bartlett (cherry picked from commit 46899ecf836d350c0c29b615869851da7d0ad6fb) commit a622ad439bd109bc5ce6e388d4c7daab8547a540 Author: Jeremy Allison Date: Tue Nov 26 12:46:16 2019 -0800 s3: smbd: Ensure we exit if supported_protocols[protocol].proto_reply_fn() fails. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205 Signed-off-by: Jeremy Allison Reviewed-by: Volker Lendecke (cherry picked from commit e84910d919e02feab2a297fccbbf95f333e32119) commit fb1beba0091179554d19ac9e76efa068df169652 Author: Jeremy Allison Date: Tue Nov 26 12:43:25 2019 -0800 s3: smbd: Change (*proto_reply_fn()) to return an NTSTATUS. That way the caller can know if the negprot really succeeded or not. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205 Signed-off-by: Jeremy Allison Reviewed-by: Volker Lendecke (cherry picked from commit f4caa4159bd3db5127e114718e606867348a4f47) commit 2feddd181dd5eea71580c2dcbb99c4c174d183d1 Author: Jeremy Allison Date: Tue Nov 26 12:21:06 2019 -0800 s3: smbd: Change reply_smb20xx() to return NTSTATUS. Not yet used. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205 Signed-off-by: Jeremy Allison Reviewed-by: Volker Lendecke (cherry picked from commit 836219c479b047403d2b0839a6b92ad637dbaea0) commit 100caebe0b793a210090f15d882d6e534461980a Author: Jeremy Allison Date: Tue Nov 26 12:17:29 2019 -0800 s3: smbd: Ensure we exit on smbd_smb2_process_negprot() fail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205 Signed-off-by: Jeremy Allison Reviewed-by: Volker Lendecke (cherry picked from commit a2d81d77c111379cbb6bd732c717307974eace0a) commit 546a2e935a54f430bb3e2642a2d552cbca666990 Author: Jeremy Allison Date: Tue Nov 26 12:14:29 2019 -0800 s3: smbd: Allow smbd_smb2_process_negprot() to return NTSTATUS as it can fail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205 Signed-off-by: Jeremy Allison Reviewed-by: Volker Lendecke (cherry picked from commit 868bc05cf5d575e20edcce241e3af1d0fa6d9824) commit 41c9250320de81d2d6e1d0ceab3c1846c4c52248 Author: Jeremy Allison Date: Thu Nov 7 12:02:13 2019 -0800 s3: smbd: SMB2 - Ensure we use the correct session_id if encrypting an interim response. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14189 Signed-off-by: Jeremy Allison Reviewed-by: Stefan Metzmacher (cherry
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via 36da9ac22d8 s3: smbd: Only set xconn->smb1.negprot.done = true after supported_protocols[protocol].proto_reply_fn() succeeds. via cfa22afe0a7 python: tests. Add test for fuzzing smbd crash bug. via 5f8fef17042 s3: smbd: Ensure we exit if supported_protocols[protocol].proto_reply_fn() fails. via e76ceea1deb s3: smbd: Change (*proto_reply_fn()) to return an NTSTATUS. via ce67f60822e s3: smbd: Change reply_smb20xx() to return NTSTATUS. via cff1d4c3421 s3: smbd: Ensure we exit on smbd_smb2_process_negprot() fail. via 0521333d477 s3: smbd: Allow smbd_smb2_process_negprot() to return NTSTATUS as it can fail. via a7fa51a7a56 s3: smbd: SMB2 - Ensure we use the correct session_id if encrypting an interim response. from b4fd49a46b2 VERSION: Bump version up to 4.11.4. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit 36da9ac22d893219bfeff2e019b332716e4733ca Author: Jeremy Allison Date: Tue Nov 26 12:53:09 2019 -0800 s3: smbd: Only set xconn->smb1.negprot.done = true after supported_protocols[protocol].proto_reply_fn() succeeds. Otherwise we can end up with negprot.done set, but without smbXsrv_connection_init_tables() being called. This can cause a client self-crash. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205 Signed-off-by: Jeremy Allison Reviewed-by: Volker Lendecke Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Dec 4 21:27:24 UTC 2019 on sn-devel-184 (cherry picked from commit 8db0c1bff6f42feabd2e4d9dfb13ae12cc29607b) Autobuild-User(v4-11-test): Karolin Seeger Autobuild-Date(v4-11-test): Fri Dec 13 12:30:57 UTC 2019 on sn-devel-184 commit cfa22afe0a77cd56f25b6b7aa93f36a790ed6deb Author: Jeremy Allison Date: Mon Dec 2 17:23:21 2019 -0800 python: tests. Add test for fuzzing smbd crash bug. Mark knownfail for now. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205 Signed-off-by: Jeremy Allison Reviewed-by: Andrew Bartlett (cherry picked from commit 46899ecf836d350c0c29b615869851da7d0ad6fb) commit 5f8fef17042d9795b42b2d4c6ec7e1b6f2568be0 Author: Jeremy Allison Date: Tue Nov 26 12:46:16 2019 -0800 s3: smbd: Ensure we exit if supported_protocols[protocol].proto_reply_fn() fails. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205 Signed-off-by: Jeremy Allison Reviewed-by: Volker Lendecke (cherry picked from commit e84910d919e02feab2a297fccbbf95f333e32119) commit e76ceea1debfcd5d530fe89dab1ebea27bc7ea60 Author: Jeremy Allison Date: Tue Nov 26 12:43:25 2019 -0800 s3: smbd: Change (*proto_reply_fn()) to return an NTSTATUS. That way the caller can know if the negprot really succeeded or not. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205 Signed-off-by: Jeremy Allison Reviewed-by: Volker Lendecke (cherry picked from commit f4caa4159bd3db5127e114718e606867348a4f47) commit ce67f60822ea626df8e69022b139b20bc9637a3d Author: Jeremy Allison Date: Tue Nov 26 12:21:06 2019 -0800 s3: smbd: Change reply_smb20xx() to return NTSTATUS. Not yet used. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205 Signed-off-by: Jeremy Allison Reviewed-by: Volker Lendecke (cherry picked from commit 836219c479b047403d2b0839a6b92ad637dbaea0) commit cff1d4c3421cbf56e128e5a57a9cc495a51a1f1f Author: Jeremy Allison Date: Tue Nov 26 12:17:29 2019 -0800 s3: smbd: Ensure we exit on smbd_smb2_process_negprot() fail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205 Signed-off-by: Jeremy Allison Reviewed-by: Volker Lendecke (cherry picked from commit a2d81d77c111379cbb6bd732c717307974eace0a) commit 0521333d47737c8e2af0883590fa5384dcd045c9 Author: Jeremy Allison Date: Tue Nov 26 12:14:29 2019 -0800 s3: smbd: Allow smbd_smb2_process_negprot() to return NTSTATUS as it can fail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205 Signed-off-by: Jeremy Allison Reviewed-by: Volker Lendecke (cherry picked from commit 868bc05cf5d575e20edcce241e3af1d0fa6d9824) commit a7fa51a7a56236ffc29d65055ac42a5969299fc8 Author: Jeremy Allison Date: Thu Nov 7 12:02:13 2019 -0800 s3: smbd: SMB2 - Ensure we use the correct session_id if encrypting an interim response. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14189 Signed-off-by: Jeremy Allison Reviewed-by: Stefan Metzmacher (cherry picked from commit eae1a45d09ef54dd6b59803eedca672ae9433902) --- Summary of changes: python/samba/tests/smbd_fuzztest.py | 77 + selftest/te
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 73f43626062 CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag via 84de46f5347 CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self via df72956adee CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed via aa17d5fcaf7 samba-tool: add user-sensitive command to set not-delegated flag via aaf037dfb34 CVE-2019-14861: Test to demonstrate the bug via defb2373251 CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords) via 4333e41c224 CVE-2019-14861: s4-rpc_server: Remove special case for @ in dns_build_tree() via a25a2e4513e CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in dcesrv_DnssrvEnumRecords from 8b06cabc7d7 bootstrap: Add chrpath as a required package https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 73f436260620a97e307110ec45311e9e5dd321ce Author: Isaac Boukris Date: Thu Nov 21 11:12:48 2019 +0100 CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag Signed-off-by: Isaac Boukris Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Tue Dec 10 10:44:01 UTC 2019 on sn-devel-184 commit 84de46f5347288a3683ba083f529137efa8028e9 Author: Isaac Boukris Date: Mon Oct 28 02:54:09 2019 +0200 CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self Signed-off-by: Isaac Boukris commit df72956adee55fbe60d49bd9d58d9df53d4f2198 Author: Isaac Boukris Date: Wed Oct 30 15:59:16 2019 +0100 CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed Signed-off-by: Isaac Boukris commit aa17d5fcaf7fe0f628856cda902cbd8be7e6ecb4 Author: Isaac Boukris Date: Sun Oct 27 14:02:00 2019 +0200 samba-tool: add user-sensitive command to set not-delegated flag Signed-off-by: Isaac Boukris commit aaf037dfb3454cea048489b23ad96c415096dddf Author: Andrew Bartlett Date: Wed Oct 30 11:50:57 2019 +1300 CVE-2019-14861: Test to demonstrate the bug This test does not fail every time, but when it does it casues a segfault which takes out the rpc_server master process, as this hosts the dnsserver pipe. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138 Signed-off-by: Andrew Bartlett commit defb23732515e3c638d0081f5e4043fbb35d303c Author: Andrew Bartlett Date: Tue Oct 29 14:15:36 2019 +1300 CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords) dns_name_compare() had logic to put @ and the top record in the tree being enumerated first, but if a domain had both then this would break the older qsort() implementation in ldb_qsort() and cause a read of memory before the base pointer. By removing this special case (not required as the base pointer is already seperatly located, no matter were it is in the returned records) the crash is avoided. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138 Signed-off-by: Andrew Bartlett commit 4333e41c2243781ae788db8ee7fa6897b0a7e334 Author: Andrew Bartlett Date: Mon Oct 21 12:12:10 2019 +1300 CVE-2019-14861: s4-rpc_server: Remove special case for @ in dns_build_tree() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138 Signed-off-by: Andrew Bartlett commit a25a2e4513e48d0408b1f5e78ada0b3569d3426d Author: Andrew Bartlett Date: Tue Oct 29 17:25:28 2019 +1300 CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in dcesrv_DnssrvEnumRecords The sort behaviour for child records is not correct in Samba so we add a flapping entry. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138 Signed-off-by: Andrew Bartlett --- Summary of changes: python/samba/netcmd/user.py | 58 ++ python/samba/tests/dcerpc/dnsserver.py | 148 selftest/flapping.d/dnsserver | 2 + source4/heimdal/kdc/krb5tgs.c | 58 ++ source4/kdc/mit_samba.c | 5 + source4/kdc/sdb_to_kdb.c| 17 +-- source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 21 ++-- source4/rpc_server/dnsserver/dnsdata.c | 28 ++--- source4/rpc_server/dnsserver/dnsserver.h| 4 +- source4/selftest/tests.py | 1 + testprogs/blackbox/test_s4u_heimdal.sh | 73 11 files changed, 351 insertions(+), 64 deletions(-) create mode 100644 selftest/flapping.d/dnsserver create mode 100755 testprogs/blackbox/test_s4u_heimdal.sh Changeset truncated at 500 lines: diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py index fb8da3d3d51..86a7a45b24e 100644 --- a/python/samba
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via b4fd49a46b2 VERSION: Bump version up to 4.11.4. via e81ef10bbf5 Merge tag 'samba-4.11.3' into v4-11-test via 7fc8563c2f6 VERSION: Disable GIT_SNAPSHOT for the 4.11.3 release. via a694a009147 WHATSNEW: Add release notes for Samba 4.11.3. via 1ccab20c59b CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag via fbc1f000cf7 CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self via fc0127db4b9 CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed via fbd7a4c08fd samba-tool: add user-sensitive command to set not-delegated flag via b69ee283de5 s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_local via fae319523b0 CVE-2019-14861: Test to demonstrate the bug via 2318a4a7233 CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords) via 67b41bd CVE-2019-14861: s4-rpc_server: Remove special case for @ in dns_build_tree() via 9324b7a9e4c CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in dcesrv_DnssrvEnumRecords via 026fd23cf91 VERSION: Re-enable GIT_SNAPSHOT. via dff88803584 VERSION: Bump version up to 4.11.3. from 91f39dbda15 smbd: Increase a debug level https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit b4fd49a46b245463eed45477fee9081e2e3c1e3a Author: Karolin Seeger Date: Tue Dec 10 10:26:08 2019 +0100 VERSION: Bump version up to 4.11.4. Signed-off-by: Karolin Seeger commit e81ef10bbf5579e24a7eaa33a775d3da74dd6dd0 Merge: 91f39dbda15 7fc8563c2f6 Author: Karolin Seeger Date: Tue Dec 10 10:25:47 2019 +0100 Merge tag 'samba-4.11.3' into v4-11-test samba: tag release samba-4.11.3 --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 66 ++- python/samba/netcmd/user.py | 58 ++ python/samba/tests/dcerpc/dnsserver.py | 148 selftest/flapping.d/dnsserver | 2 + source4/heimdal/kdc/krb5tgs.c | 58 ++ source4/kdc/mit_samba.c | 5 + source4/kdc/sdb_to_kdb.c| 17 +-- source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 21 ++-- source4/rpc_server/dnsserver/dnsdata.c | 28 ++--- source4/rpc_server/dnsserver/dnsserver.h| 4 +- source4/selftest/tests.py | 1 + source4/torture/drs/python/samba_tool_drs.py| 3 +- testprogs/blackbox/test_s4u_heimdal.sh | 73 14 files changed, 418 insertions(+), 68 deletions(-) create mode 100644 selftest/flapping.d/dnsserver create mode 100755 testprogs/blackbox/test_s4u_heimdal.sh Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index e9cc49c7f77..cb2725e300c 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=11 -SAMBA_VERSION_RELEASE=3 +SAMBA_VERSION_RELEASE=4 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 8c6db3b3034..8bafa38b47c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,65 @@ + == + Release Notes for Samba 4.11.3 + December 10, 2019 + == + + +This is a security release in order to address the following defects: + +o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS + management server (dnsserver). +o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition + on Samba AD DC. + + +=== +Details +=== + +o CVE-2019-14861: + An authenticated user can crash the DCE/RPC DNS management server by creating + records with matching the zone name. + +o CVE-2019-14870: + The DelegationNotAllowed Kerberos feature restriction was not being applied + when processing protocol transition requests (S4U2Self), in the AD DC KDC. + +For more details and workarounds, please refer to the security advisories. + + +Changes since 4.11.2: +- + +o Andrew Bartlett + * BUG 14138: CVE-2019-14861: Fix DNSServer RPC server crash. + +o Isaac Boukris + * BUG 14187: CVE-2019-14870: DelegationNotAllowed not being enforced. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #s
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 8f9a2afd469 Merge tag 'samba-4.10.11' into v4-10-test via d644dfea6f2 VERSION: Disable GIT_SNAPSHOT for the 4.10.11 release. via aa4577474f1 WHATSNEW: Add release notes for Samba 4.10.11. via 8330f54718e CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag via 3ec39df607f CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self via 534fd4b6ec3 CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed via c706fb4430d samba-tool: add user-sensitive command to set not-delegated flag via d38677abd92 s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_local via 329b78ed92c CVE-2019-14861: Test to demonstrate the bug via 181feb7a6be CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords) via 1cc564ada17 CVE-2019-14861: s4-rpc_server: Remove special case for @ in dns_build_tree() via a67944da822 CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in dcesrv_DnssrvEnumRecords via 97f0deb4e38 VERSION: Re-enable GIT_SNAPSHOT. via 9378520acaa VERSION: Bump version up to 4.10.11. from cc58e4b1899 heimdal-build: avoid hard-coded /usr/include/heimdal in asn1_compile-generated code. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 8f9a2afd4696df34432c86d5e7b09be0f0cea048 Merge: cc58e4b1899 d644dfea6f2 Author: Karolin Seeger Date: Tue Dec 10 10:24:44 2019 +0100 Merge tag 'samba-4.10.11' into v4-10-test samba: tag release samba-4.10.11 --- Summary of changes: WHATSNEW.txt| 66 ++- python/samba/netcmd/user.py | 58 ++ python/samba/tests/dcerpc/dnsserver.py | 148 selftest/flapping.d/dnsserver | 3 + source4/heimdal/kdc/krb5tgs.c | 58 ++ source4/kdc/mit_samba.c | 5 + source4/kdc/sdb_to_kdb.c| 17 +-- source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 21 ++-- source4/rpc_server/dnsserver/dnsdata.c | 28 ++--- source4/rpc_server/dnsserver/dnsserver.h| 4 +- source4/selftest/tests.py | 1 + source4/torture/drs/python/samba_tool_drs.py| 3 +- testprogs/blackbox/test_s4u_heimdal.sh | 73 13 files changed, 418 insertions(+), 67 deletions(-) create mode 100644 selftest/flapping.d/dnsserver create mode 100755 testprogs/blackbox/test_s4u_heimdal.sh Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 83a4f3b994d..6b3fbc88d50 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,65 @@ + === + Release Notes for Samba 4.10.11 + December 10, 2019 + === + + +This is a security release in order to address the following defects: + +o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS + management server (dnsserver). +o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition + on Samba AD DC. + + +=== +Details +=== + +o CVE-2019-14861: + An authenticated user can crash the DCE/RPC DNS management server by creating + records with matching the zone name. + +o CVE-2019-14870: + The DelegationNotAllowed Kerberos feature restriction was not being applied + when processing protocol transition requests (S4U2Self), in the AD DC KDC. + +For more details and workarounds, please refer to the security advisories. + + +Changes since 4.10.10: +-- + +o Andrew Bartlett + * BUG 14138: CVE-2019-14861: Fix DNSServer RPC server crash. + +o Isaac Boukris + * BUG 14187: CVE-2019-14870: DelegationNotAllowed not being enforced. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older r
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 5d91d4cdbeb VERSION: Bump version up to Samba 4.9.18... via 631a49647b7 VERSION: Disable GIT_SNAPSHOT for the 4.9.17 release. via 2d9d1c3a0f1 WHATSNEW: Add release notes for Samba 4.9.17. via 277ab21fcf3 CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag via d0d4954b9b4 CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self via 5249cad8b43 CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed via 80ea4bde850 samba-tool: add user-sensitive command to set not-delegated flag via 38db53fa5e9 s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_local via 90073f0abc4 CVE-2019-14861: Test to demonstrate the bug via 16405fecc40 CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords) via 51fa9a6a805 CVE-2019-14861: s4-rpc_server: Remove special case for @ in dns_build_tree() via 9501741466b CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in dcesrv_DnssrvEnumRecords via 2636162d9a0 VERSION: Bump version up to 4.9.17... from f2c73b4e6bc VERSION: Disable GIT_SNAPSHOT for th 4.9.16 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 5d91d4cdbeb0921257c6f6701cc6f963ab629842 Author: Karolin Seeger Date: Tue Dec 10 10:21:10 2019 +0100 VERSION: Bump version up to Samba 4.9.18... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 4 +- WHATSNEW.txt| 66 ++- python/samba/netcmd/user.py | 59 ++ python/samba/tests/dcerpc/dnsserver.py | 148 selftest/flapping.d/dnsserver | 2 + source4/heimdal/kdc/krb5tgs.c | 58 ++ source4/kdc/mit_samba.c | 5 + source4/kdc/sdb_to_kdb.c| 17 +-- source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 21 ++-- source4/rpc_server/dnsserver/dnsdata.c | 28 ++--- source4/rpc_server/dnsserver/dnsserver.h| 4 +- source4/selftest/tests.py | 1 + source4/torture/drs/python/samba_tool_drs.py| 3 +- testprogs/blackbox/test_s4u_heimdal.sh | 73 14 files changed, 420 insertions(+), 69 deletions(-) create mode 100644 selftest/flapping.d/dnsserver create mode 100755 testprogs/blackbox/test_s4u_heimdal.sh Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index c705308b199..e7c3f48ba86 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=9 -SAMBA_VERSION_RELEASE=16 +SAMBA_VERSION_RELEASE=18 # If a official release has a serious bug # @@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE= # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # -> "3.0.0-SVN-build-199" # -SAMBA_VERSION_IS_GIT_SNAPSHOT=no +SAMBA_VERSION_IS_GIT_SNAPSHOT=yes # This is for specifying a release nickname# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 0203038f0c5..c1f544b2c5c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,65 @@ + == + Release Notes for Samba 4.9.17 + December 10, 2019 + == + + +This is a security release in order to address the following defects: + +o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS + management server (dnsserver). +o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition + on Samba AD DC. + + +=== +Details +=== + +o CVE-2019-14861: + An authenticated user can crash the DCE/RPC DNS management server by creating + records with matching the zone name. + +o CVE-2019-14870: + The DelegationNotAllowed Kerberos feature restriction was not being applied + when processing protocol transition requests (S4U2Self), in the AD DC KDC. + +For more details and workarounds, please refer to the security advisories. + + +Changes since 4.9.16: +- + +o Andrew Bartlett + * BUG 14138: CVE-2019-14861: Fix DNSServer RPC server crash. + +o Isaac Boukris + * BUG 14187: CVE-2019-14870: DelegationNotAllowed not being enforced. + + +### +Reporting bugs & Devel
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 9ffc16f Fix link to 4.10 and 4.9 patches. from 2edcdd8 NEWS[4.11.3]: Samba 4.11.3 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 9ffc16f82cb6d12187d8c33cc43fcb0dd2194200 Author: Karolin Seeger Date: Tue Dec 10 09:53:12 2019 +0100 Fix link to 4.10 and 4.9 patches. Signed-off-by: Karolin Seeger --- Summary of changes: history/security.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/history/security.html b/history/security.html index f8ad8e5..33e2be9 100755 --- a/history/security.html +++ b/history/security.html @@ -31,9 +31,9 @@ link to full release notes for each release. patch for Samba 4.11.2 - + patch for Samba 4.10.10 - + patch for Samba 4.9.16 CVE-2019-14861 and CVE-2019-14870. Please see announcements for -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 2edcdd8 NEWS[4.11.3]: Samba 4.11.3 Available for Download from 7f9b2f0 Add Samba 4.9.16. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 2edcdd8eccf15058e7261918c9a7efe0f8b4c7fe Author: Karolin Seeger Date: Tue Dec 10 09:07:41 2019 +0100 NEWS[4.11.3]: Samba 4.11.3 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 3 + history/samba-4.10.11.html | 61 history/samba-4.11.3.html| 61 history/samba-4.9.17.html| 61 history/security.html| 22 ++ posted_news/20191210-081835.4.11.3.body.html | 31 posted_news/20191210-081835.4.11.3.headline.html | 4 ++ security/CVE-2019-14861.html | 89 +++ security/CVE-2019-14870.html | 91 9 files changed, 423 insertions(+) create mode 100644 history/samba-4.10.11.html create mode 100644 history/samba-4.11.3.html create mode 100644 history/samba-4.9.17.html create mode 100644 posted_news/20191210-081835.4.11.3.body.html create mode 100644 posted_news/20191210-081835.4.11.3.headline.html create mode 100644 security/CVE-2019-14861.html create mode 100644 security/CVE-2019-14870.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 21b3518..2fc4ab6 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,9 +9,11 @@ Release Notes + samba-4.11.3 samba-4.11.2 samba-4.11.1 samba-4.11.0 + samba-4.10.11 samba-4.10.10 samba-4.10.9 samba-4.10.8 @@ -23,6 +25,7 @@ samba-4.10.2 samba-4.10.1 samba-4.10.0 + samba-4.9.17 samba-4.9.16 samba-4.9.15 samba-4.9.14 diff --git a/history/samba-4.10.11.html b/history/samba-4.10.11.html new file mode 100644 index 000..388c54d --- /dev/null +++ b/history/samba-4.10.11.html @@ -0,0 +1,61 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.10.11 - Release Notes + + +Samba 4.10.11 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.10.11.tar.gz;>Samba 4.10.11 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.10.11.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.10.10-4.10.11.diffs.gz;>Patch (gzipped) against Samba 4.10.10 +https://download.samba.org/pub/samba/patches/samba-4.10.10-4.10.11.diffs.asc;>Signature + + + + === + Release Notes for Samba 4.10.11 + December 10, 2019 + === + + +This is a security release in order to address the following defects: + +o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS + management server (dnsserver). +o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition + on Samba AD DC. + + +=== +Details +=== + +o CVE-2019-14861: + An authenticated user can crash the DCE/RPC DNS management server by creating + records with matching the zone name. + +o CVE-2019-14870: + The DelegationNotAllowed Kerberos feature restriction was not being applied + when processing protocol transition requests (S4U2Self), in the AD DC KDC. + +For more details and workarounds, please refer to the security advisories. + + +Changes since 4.10.10: +-- + +o Andrew Bartlett abart...@samba.org + * BUG 14138: CVE-2019-14861: Fix DNSServer RPC server crash. + +o Isaac Boukris ibouk...@gmail.com + * BUG 14187: CVE-2019-14870: DelegationNotAllowed not being enforced. + + + + + + diff --git a/history/samba-4.11.3.html b/history/samba-4.11.3.html new file mode 100644 index 000..01c81e4 --- /dev/null +++ b/history/samba-4.11.3.html @@ -0,0 +1,61 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.11.3 - Release Notes + + +Samba 4.11.3 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.11.3.tar.gz;>Samba 4.11.3 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.11.3.tar.asc;>Signature + + +https://downlo
[SCM] Samba Shared Repository - branch v4-11-stable updated
The branch, v4-11-stable has been updated via 7fc8563c2f6 VERSION: Disable GIT_SNAPSHOT for the 4.11.3 release. via a694a009147 WHATSNEW: Add release notes for Samba 4.11.3. via 1ccab20c59b CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag via fbc1f000cf7 CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self via fc0127db4b9 CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed via fbd7a4c08fd samba-tool: add user-sensitive command to set not-delegated flag via b69ee283de5 s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_local via fae319523b0 CVE-2019-14861: Test to demonstrate the bug via 2318a4a7233 CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords) via 67b41bd CVE-2019-14861: s4-rpc_server: Remove special case for @ in dns_build_tree() via 9324b7a9e4c CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in dcesrv_DnssrvEnumRecords via 026fd23cf91 VERSION: Re-enable GIT_SNAPSHOT. via dff88803584 VERSION: Bump version up to 4.11.3. from df2b97d12e6 VERSION: Disable GIT_SNAPSHOT for the 4.11.2 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-stable - Log - commit 7fc8563c2f6381c0389cdbb8c833e9bb89ec068b Author: Karolin Seeger Date: Wed Dec 4 10:03:55 2019 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.11.3 release. Signed-off-by: Karolin Seeger commit a694a00914754b4142db6abf8d3f661f86a6e969 Author: Karolin Seeger Date: Wed Dec 4 10:02:16 2019 +0100 WHATSNEW: Add release notes for Samba 4.11.3. o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS management server (dnsserver). o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition on Samba AD DC. Signed-off-by: Karolin Seeger commit 1ccab20c59b651173e76918a6b84290a5be4a27d Author: Isaac Boukris Date: Thu Nov 21 11:12:48 2019 +0100 CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag Signed-off-by: Isaac Boukris commit fbc1f000cf76f2172d63c9cdf4889fd83a087b14 Author: Isaac Boukris Date: Mon Oct 28 02:54:09 2019 +0200 CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self Signed-off-by: Isaac Boukris commit fc0127db4b9f2fb21cb72b6f4cddd8de6167f555 Author: Isaac Boukris Date: Wed Oct 30 15:59:16 2019 +0100 CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed Signed-off-by: Isaac Boukris commit fbd7a4c08fdb1988d2657760e3d4578785724c45 Author: Isaac Boukris Date: Sun Oct 27 14:02:00 2019 +0200 samba-tool: add user-sensitive command to set not-delegated flag Signed-off-by: Isaac Boukris commit b69ee283de5de1f560a73ad63c10f7974afeb9f8 Author: Andrew Bartlett Date: Fri Nov 1 06:53:56 2019 +1300 s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_local This test often flaps in Samba 4.9 (where more tests and DCs run in the environment) with obj_1 being 3. This is quite OK, we just need to see some changes get replicated, not 0 changes. Signed-off-by: Andrew Bartlett Reviewed-by: Douglas Bagnall (cherry picked from commit 4ae0f9ce0f5ada99cf1d236377e5a1234c879ae3) commit fae319523b07ba7a53bf7cfdbb4ea7f9d7d01981 Author: Andrew Bartlett Date: Wed Oct 30 11:50:57 2019 +1300 CVE-2019-14861: Test to demonstrate the bug This test does not fail every time, but when it does it casues a segfault which takes out the rpc_server master process, as this hosts the dnsserver pipe. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138 Signed-off-by: Andrew Bartlett commit 2318a4a7233d63a262d3e095dd2ea2b87b047bd6 Author: Andrew Bartlett Date: Tue Oct 29 14:15:36 2019 +1300 CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords) dns_name_compare() had logic to put @ and the top record in the tree being enumerated first, but if a domain had both then this would break the older qsort() implementation in ldb_qsort() and cause a read of memory before the base pointer. By removing this special case (not required as the base pointer is already seperatly located, no matter were it is in the returned records) the crash is avoided. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138 Signed-off-by: Andrew Bartlett commit 67b41bd07898399b5a66739796b04dbdf33a Author: Andrew Bartlett Date: Mon Oct 21 12:12:10 2019 +1300 CVE-2019-14861: s4-rpc_server: Remove special case for @ in dns_build_tree() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138 Signed-off-by: Andrew Bartlett commit
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via 631a49647b7 VERSION: Disable GIT_SNAPSHOT for the 4.9.17 release. via 2d9d1c3a0f1 WHATSNEW: Add release notes for Samba 4.9.17. via 277ab21fcf3 CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag via d0d4954b9b4 CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self via 5249cad8b43 CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed via 80ea4bde850 samba-tool: add user-sensitive command to set not-delegated flag via 38db53fa5e9 s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_local via 90073f0abc4 CVE-2019-14861: Test to demonstrate the bug via 16405fecc40 CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords) via 51fa9a6a805 CVE-2019-14861: s4-rpc_server: Remove special case for @ in dns_build_tree() via 9501741466b CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in dcesrv_DnssrvEnumRecords via 2636162d9a0 VERSION: Bump version up to 4.9.17... from f2c73b4e6bc VERSION: Disable GIT_SNAPSHOT for th 4.9.16 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - commit 631a49647b76cc203917fa8d32e11ab3935106b3 Author: Karolin Seeger Date: Fri Nov 29 12:21:03 2019 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.9.17 release. o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS management server (dnsserver). o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition on Samba AD DC. Signed-off-by: Karolin Seeger commit 2d9d1c3a0f1b58239ed6cb37b8e3f716373c87fd Author: Karolin Seeger Date: Fri Nov 29 12:19:48 2019 +0100 WHATSNEW: Add release notes for Samba 4.9.17. o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS management server (dnsserver). o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition on Samba AD DC. Signed-off-by: Karolin Seeger commit 277ab21fcf31bf60458410994e188d9c236963a3 Author: Isaac Boukris Date: Thu Nov 21 11:12:48 2019 +0100 CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag BUG: https://bugzilla.samba.org/show_bug.cgi?id=14187 Signed-off-by: Isaac Boukris commit d0d4954b9b4643678b6f465959dd69de0faafd07 Author: Isaac Boukris Date: Mon Oct 28 02:54:09 2019 +0200 CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self Signed-off-by: Isaac Boukris commit 5249cad8b435d162584f010f492568d6f4526662 Author: Isaac Boukris Date: Wed Oct 30 15:59:16 2019 +0100 CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed Signed-off-by: Isaac Boukris commit 80ea4bde850048474d23f13fa5bf1149b7cc6859 Author: Isaac Boukris Date: Sun Oct 27 14:02:00 2019 +0200 samba-tool: add user-sensitive command to set not-delegated flag Signed-off-by: Isaac Boukris commit 38db53fa5e930e6bc739f5ac8b7160048b6dd7d6 Author: Andrew Bartlett Date: Fri Nov 1 06:53:56 2019 +1300 s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_local This test often flaps in Samba 4.9 (where more tests and DCs run in the environment) with obj_1 being 3. This is quite OK, we just need to see some changes get replicated, not 0 changes. Signed-off-by: Andrew Bartlett Reviewed-by: Douglas Bagnall (cherry picked from commit 4ae0f9ce0f5ada99cf1d236377e5a1234c879ae3) commit 90073f0abc495c4b5bd05322b71667c534ee9dd8 Author: Andrew Bartlett Date: Wed Oct 30 11:50:57 2019 +1300 CVE-2019-14861: Test to demonstrate the bug This test does not fail every time, but when it does it casues a segfault which takes out the rpc_server master process, as this hosts the dnsserver pipe. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138 Signed-off-by: Andrew Bartlett commit 16405fecc403517574915a49de5f4abcaa964e21 Author: Andrew Bartlett Date: Tue Oct 29 14:15:36 2019 +1300 CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords) dns_name_compare() had logic to put @ and the top record in the tree being enumerated first, but if a domain had both then this would break the older qsort() implementation in ldb_qsort() and cause a read of memory before the base pointer. By removing this special case (not required as the base pointer is already seperatly located, no matter were it is in the returned records) the crash is avoided. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138 Signed-off-by: Andrew Bartlett commit 51fa9a6a805e4221120847ee9dcab6796021175a Author
[SCM] Samba Shared Repository - branch v4-10-stable updated
The branch, v4-10-stable has been updated via d644dfea6f2 VERSION: Disable GIT_SNAPSHOT for the 4.10.11 release. via aa4577474f1 WHATSNEW: Add release notes for Samba 4.10.11. via 8330f54718e CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag via 3ec39df607f CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self via 534fd4b6ec3 CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed via c706fb4430d samba-tool: add user-sensitive command to set not-delegated flag via d38677abd92 s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_local via 329b78ed92c CVE-2019-14861: Test to demonstrate the bug via 181feb7a6be CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords) via 1cc564ada17 CVE-2019-14861: s4-rpc_server: Remove special case for @ in dns_build_tree() via a67944da822 CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in dcesrv_DnssrvEnumRecords via 97f0deb4e38 VERSION: Re-enable GIT_SNAPSHOT. via 9378520acaa VERSION: Bump version up to 4.10.11. from e6f6df7658d VERSION: Disable GIT_SNAPSHOT for the 4.10.10 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-stable - Log - commit d644dfea6f2a55b2c205a4f268372b72a06757d1 Author: Karolin Seeger Date: Tue Dec 3 12:54:00 2019 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.10.11 release. o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS management server (dnsserver). o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition on Samba AD DC. Signed-off-by: Karolin Seeger commit aa4577474f16614edf6436bc54d487bece478309 Author: Karolin Seeger Date: Tue Dec 3 12:52:58 2019 +0100 WHATSNEW: Add release notes for Samba 4.10.11. o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS management server (dnsserver). o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol transition on Samba AD DC. Signed-off-by: Karolin Seeger commit 8330f54718ef2ba464d01c4eaf029d10fde0f977 Author: Isaac Boukris Date: Thu Nov 21 11:12:48 2019 +0100 CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag Signed-off-by: Isaac Boukris commit 3ec39df607f66c2fdfec507d86da1bb41dd5fbab Author: Isaac Boukris Date: Mon Oct 28 02:54:09 2019 +0200 CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self Signed-off-by: Isaac Boukris commit 534fd4b6ec31bfd0b12254cdd754a9a772876b6c Author: Isaac Boukris Date: Wed Oct 30 15:59:16 2019 +0100 CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed Signed-off-by: Isaac Boukris commit c706fb4430d2ffa9e5e15885f7466f306be601b3 Author: Isaac Boukris Date: Sun Oct 27 14:02:00 2019 +0200 samba-tool: add user-sensitive command to set not-delegated flag Signed-off-by: Isaac Boukris commit d38677abd9285d571ecacce9f53dfc543836524c Author: Andrew Bartlett Date: Fri Nov 1 06:53:56 2019 +1300 s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_local This test often flaps in Samba 4.9 (where more tests and DCs run in the environment) with obj_1 being 3. This is quite OK, we just need to see some changes get replicated, not 0 changes. Signed-off-by: Andrew Bartlett Reviewed-by: Douglas Bagnall (cherry picked from commit 4ae0f9ce0f5ada99cf1d236377e5a1234c879ae3) commit 329b78ed92cc8d08ca2ca88653890a8a60aa1a7b Author: Andrew Bartlett Date: Wed Oct 30 11:50:57 2019 +1300 CVE-2019-14861: Test to demonstrate the bug This test does not fail every time, but when it does it casues a segfault which takes out the rpc_server master process, as this hosts the dnsserver pipe. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138 Signed-off-by: Andrew Bartlett commit 181feb7a6beb061affe93e494eda33be951842d4 Author: Andrew Bartlett Date: Tue Oct 29 14:15:36 2019 +1300 CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords) dns_name_compare() had logic to put @ and the top record in the tree being enumerated first, but if a domain had both then this would break the older qsort() implementation in ldb_qsort() and cause a read of memory before the base pointer. By removing this special case (not required as the base pointer is already seperatly located, no matter were it is in the returned records) the crash is avoided. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138 Signed-off-by: Andrew Bartlett commit 1cc564ada17215f32d1b6163984b2c6cb8d5646b Author
[SCM] Samba Shared Repository - annotated tag samba-4.9.17 created
The annotated tag, samba-4.9.17 has been created at 9c0c8cf5b3971b9298c73092b80ca9a00dd121d1 (tag) tagging 631a49647b76cc203917fa8d32e11ab3935106b3 (commit) replaces samba-4.9.16 tagged by Karolin Seeger on Tue Dec 10 09:15:19 2019 +0100 - Log - samba: tag release samba-4.9.17 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXe9UFwAKCRBvM5FbZWi3 6rm4AJ9FkSAIrZAgxnlSNvzWYKkgEqQlTACbB/lkvZdEmtEAsENaQYS8sUtV8NQ= =4rwh -END PGP SIGNATURE- Andrew Bartlett (5): CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in dcesrv_DnssrvEnumRecords CVE-2019-14861: s4-rpc_server: Remove special case for @ in dns_build_tree() CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords) CVE-2019-14861: Test to demonstrate the bug s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_local Isaac Boukris (4): samba-tool: add user-sensitive command to set not-delegated flag CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag Karolin Seeger (3): VERSION: Bump version up to 4.9.17... WHATSNEW: Add release notes for Samba 4.9.17. VERSION: Disable GIT_SNAPSHOT for the 4.9.17 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-4.10.11 created
The annotated tag, samba-4.10.11 has been created at a7d2d99c64c3c4023d306d7173474a079a3c202a (tag) tagging d644dfea6f2a55b2c205a4f268372b72a06757d1 (commit) replaces samba-4.10.10 tagged by Karolin Seeger on Tue Dec 10 09:10:16 2019 +0100 - Log - samba: tag release samba-4.10.11 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXe9S6AAKCRBvM5FbZWi3 6k98AJ9gMbX6g7kuSa4fBkzbotPl4Hei5ACfbDx4xEedt2wwpsHBeGc1Lb+fUd0= =Rsqz -END PGP SIGNATURE- Andrew Bartlett (5): CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in dcesrv_DnssrvEnumRecords CVE-2019-14861: s4-rpc_server: Remove special case for @ in dns_build_tree() CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords) CVE-2019-14861: Test to demonstrate the bug s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_local Isaac Boukris (4): samba-tool: add user-sensitive command to set not-delegated flag CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag Karolin Seeger (4): VERSION: Bump version up to 4.10.11. VERSION: Re-enable GIT_SNAPSHOT. WHATSNEW: Add release notes for Samba 4.10.11. VERSION: Disable GIT_SNAPSHOT for the 4.10.11 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-4.11.3 created
The annotated tag, samba-4.11.3 has been created at 4a305a696c53fa8eb2f40a18b041b7e11a3e01e0 (tag) tagging 7fc8563c2f6381c0389cdbb8c833e9bb89ec068b (commit) replaces samba-4.11.2 tagged by Karolin Seeger on Tue Dec 10 09:07:24 2019 +0100 - Log - samba: tag release samba-4.11.3 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXe9SPAAKCRBvM5FbZWi3 6ozFAKDBaE9sSnUPEk9OEw7SJKPyCMJUKQCgqaQzqsckEsDd8HTatIDCs/huGbE= =P7Sw -END PGP SIGNATURE- Andrew Bartlett (5): CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in dcesrv_DnssrvEnumRecords CVE-2019-14861: s4-rpc_server: Remove special case for @ in dns_build_tree() CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in ldb_qsort() via dcesrv_DnssrvEnumRecords) CVE-2019-14861: Test to demonstrate the bug s4-torture: Reduce flapping in SambaToolDrsTests.test_samba_tool_replicate_local Isaac Boukris (4): samba-tool: add user-sensitive command to set not-delegated flag CVE-2019-14870: heimdal: add S4U test for delegation_not_allowed CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2Self CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag Karolin Seeger (4): VERSION: Bump version up to 4.11.3. VERSION: Re-enable GIT_SNAPSHOT. WHATSNEW: Add release notes for Samba 4.11.3. VERSION: Disable GIT_SNAPSHOT for the 4.11.3 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via 91f39dbda15 smbd: Increase a debug level via ec4381228f3 heimdal-build: avoid hard-coded /usr/include/heimdal in asn1_compile-generated code. via c37b94fd0a7 ldb: Release ldb 2.0.8 via 1c8ac011360 autobuild: harden samba-xc test suite via b7894c151ab wafsamba: pass environment to cross-execute tests via 98dc227dce9 wafsamba: avoid pre-forking if cross-compilation is enabled via e1a0813aa5c wafsamba: use test_args instead of exec_args to support cross-compilation via b691110c267 waf: upgrade to 2.0.18 from 70c829304e0 ctdb-tcp: Close inflight connecting TCP sockets after fork https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit 91f39dbda151f6a2768b6e5eff59f931f303721f Author: Volker Lendecke Date: Tue Jul 9 20:04:03 2019 +0200 smbd: Increase a debug level This is not a real error, it happens when the share mode record is not around. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14211 Signed-off-by: Volker Lendecke Reviewed-by: Uri Simchoni (cherry picked from commit 4b05fe7ca73dae30807680f0e0401340bfb2c738) Autobuild-User(v4-11-test): Karolin Seeger Autobuild-Date(v4-11-test): Wed Dec 4 10:15:19 UTC 2019 on sn-devel-184 commit ec4381228f33f04362cd05bdba330ffc89c0e162 Author: Uri Simchoni Date: Sun Oct 20 21:36:11 2019 +0300 heimdal-build: avoid hard-coded /usr/include/heimdal in asn1_compile-generated code. This fixes a cross-compilation issue, as cross-compilers (rightly) complain if host include directories are in the include path. The fix is taken from buildroot (https://github.com/buildroot/buildroot/blob/8b11b96f41a6ffa76556c9bf03a863955871ee57/package/samba4/0006-heimdal_build-wscript_build-do-not-add-host-include-.patch) where it was applied by Bernd Kuhls . This reverts some of 3fe2bfddda6149f6bf7402720226e9285f479fef, but building Samba's bundled Heimdal with a system roken is not supported anyway. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13856 Signed-off-by: Uri Simchoni Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Sun Dec 1 10:22:01 UTC 2019 on sn-devel-184 (cherry picked from commit 27fc062d7ea2207242d5a2c9933f3de5fa206488) commit c37b94fd0a7b24df93b664ad4c2d197c516c9dce Author: Uri Simchoni Date: Thu Nov 28 21:19:51 2019 +0200 ldb: Release ldb 2.0.8 * Upgrade waf to version 2.0.18 to match the rest of Samba 4.11.x BUG: https://bugzilla.samba.org/show_bug.cgi?id=13846 Signed-off-by: Uri Simchoni commit 1c8ac011360541bd0d1c3675ae8a99fd21dd5ab7 Author: Uri Simchoni Date: Wed Oct 9 21:53:43 2019 +0300 autobuild: harden samba-xc test suite Add more checks which directly test the behavior of --cross-answers and --cross-execute. Previous test tested things in a round-about way, checking that running in all three modes (native, cross-execute, cross-answers) yields the same result. It was vulnerable to a degradation in which cross-compilation modes didn't work at all and were running native tests, which is what happened with the upgrade of waf. The added tests check the following: - That cross-excute with cross-answers sets the cross-answers file - That the content of cross-answers file actually affects the build configuration - That a missing line in cross-answers fails the build BUG: https://bugzilla.samba.org/show_bug.cgi?id=13846 Signed-off-by: Uri Simchoni Reviewed-by: Andrew Bartlett Autobuild-User(master): Uri Simchoni Autobuild-Date(master): Sun Oct 20 13:29:58 UTC 2019 on sn-devel-184 (cherry picked from commit 649d15bb969b6d27fd4554f49600366bb3df4712) commit b7894c151ab2c10774a4cedde82b97fd5da26307 Author: Uri Simchoni Date: Mon Oct 7 00:37:41 2019 +0300 wafsamba: pass environment to cross-execute tests This can come in handy for cross-execute scripts in general, and is particularly required by the samba-xc test for cross-answers / cross-execute, because Samba sets LD_LIBRARY_PATH during rpath checks, and the test program needs that in order to successfully run. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13846 Signed-off-by: Uri Simchoni Reviewed-by: Andrew Bartlett (cherry picked from commit fdfd69840902f4b13db2a204a0ca87a578b61b85) commit 98dc227dce980307ec58bd326b773e41272d4c98 Author: Uri Simchoni Date: Mon Oct 7 00:37:31 2019 +0300 wafsamba: avoid pre-forking if cross-compilation is enabled Waf supports pre-forking to run configuration tests, but this doesn't play well with Samba's cross-compilation support, because Samba
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via cc58e4b1899 heimdal-build: avoid hard-coded /usr/include/heimdal in asn1_compile-generated code. from 939a0c8bb24 ctdb-tcp: Close inflight connecting TCP sockets after fork https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit cc58e4b1899d5b89edbf4848efac2e21edd6f259 Author: Uri Simchoni Date: Sun Oct 20 21:36:11 2019 +0300 heimdal-build: avoid hard-coded /usr/include/heimdal in asn1_compile-generated code. This fixes a cross-compilation issue, as cross-compilers (rightly) complain if host include directories are in the include path. The fix is taken from buildroot (https://github.com/buildroot/buildroot/blob/8b11b96f41a6ffa76556c9bf03a863955871ee57/package/samba4/0006-heimdal_build-wscript_build-do-not-add-host-include-.patch) where it was applied by Bernd Kuhls . This reverts some of 3fe2bfddda6149f6bf7402720226e9285f479fef, but building Samba's bundled Heimdal with a system roken is not supported anyway. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13856 Signed-off-by: Uri Simchoni Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Sun Dec 1 10:22:01 UTC 2019 on sn-devel-184 (cherry picked from commit 27fc062d7ea2207242d5a2c9933f3de5fa206488) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Tue Dec 3 15:06:08 UTC 2019 on sn-devel-144 --- Summary of changes: source4/heimdal_build/wscript_build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source4/heimdal_build/wscript_build b/source4/heimdal_build/wscript_build index 45938b88315..e896c3e9454 100644 --- a/source4/heimdal_build/wscript_build +++ b/source4/heimdal_build/wscript_build @@ -131,7 +131,7 @@ def HEIMDAL_ASN1(name, source, samba_cflags = CURRENT_CFLAGS(bld, name, ''), depends_on = '', samba_deps = to_list('roken replace'), -samba_includes = includes + ["/usr/include/heimdal"], +samba_includes = includes, local_include = True) -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 7f9b2f0 Add Samba 4.9.16. via aded62c NEWS[4.9.16]: Samba 4.9.16 Available for Download from a90d7ae Dentar wants to be removed https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 7f9b2f03dc78ab798b5bd95f491c66fabff4fa76 Author: Karolin Seeger Date: Wed Nov 27 11:46:43 2019 +0100 Add Samba 4.9.16. Signed-off-by: Karolin Seeger commit aded62cd1eb698dfb5c4a6151e6d1c3259cef24f Author: Karolin Seeger Date: Wed Nov 27 11:45:28 2019 +0100 NEWS[4.9.16]: Samba 4.9.16 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.9.16.html| 44 posted_news/20191127-104623.4.9.16.body.html | 13 +++ posted_news/20191127-104623.4.9.16.headline.html | 3 ++ 4 files changed, 61 insertions(+) create mode 100644 history/samba-4.9.16.html create mode 100644 posted_news/20191127-104623.4.9.16.body.html create mode 100644 posted_news/20191127-104623.4.9.16.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index c43c286..21b3518 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -23,6 +23,7 @@ samba-4.10.2 samba-4.10.1 samba-4.10.0 + samba-4.9.16 samba-4.9.15 samba-4.9.14 samba-4.9.13 diff --git a/history/samba-4.9.16.html b/history/samba-4.9.16.html new file mode 100644 index 000..d8a7205 --- /dev/null +++ b/history/samba-4.9.16.html @@ -0,0 +1,44 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.9.16 - Release Notes + + +Samba 4.9.16 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.9.16.tar.gz;>Samba 4.9.16 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.9.16.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.9.15-4.9.16.diffs.gz;>Patch (gzipped) against Samba 4.9.15 +https://download.samba.org/pub/samba/patches/samba-4.9.15-4.9.16.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.9.16 + November 27, 2019 + == + + +This is an additional bug fix release to address bug #14175 (CTDB: Incoming +queue can be orphaned causing communication breakdown). Please see +https://bugzilla.samba.org/show_bug.cgi?id=14175 for details. + + +Changes since 4.9.15: +- + +o Volker Lendecke v...@samba.org + * BUG 14175: ctdb: Avoid communication breakdown on node reconnect. + +o Martin Schwenke mar...@meltin.net + * BUG 14175: ctdb: Incoming queue can be orphaned causing communication + breakdown. + + + + + + diff --git a/posted_news/20191127-104623.4.9.16.body.html b/posted_news/20191127-104623.4.9.16.body.html new file mode 100644 index 000..46a5803 --- /dev/null +++ b/posted_news/20191127-104623.4.9.16.body.html @@ -0,0 +1,13 @@ + +27 November 2019 +Samba 4.9.16 Available for Download + +This is the latest stable release of the Samba 4.9 release series. + + +The uncompressed tarball has been signed using GnuPG (ID 6F33915B6568B7EA). +The source code can be https://download.samba.org/pub/samba/stable/samba-4.9.16.tar.gz;>downloaded now. +A https://download.samba.org/pub/samba/patches/samba-4.9.15-4.9.16.diffs.gz;>patch against Samba 4.9.15 is also available. +See https://www.samba.org/samba/history/samba-4.9.16.html;>the release notes for more info. + + diff --git a/posted_news/20191127-104623.4.9.16.headline.html b/posted_news/20191127-104623.4.9.16.headline.html new file mode 100644 index 000..131cee8 --- /dev/null +++ b/posted_news/20191127-104623.4.9.16.headline.html @@ -0,0 +1,3 @@ + + 27 November 2019 Samba 4.9.16 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via f2c73b4e6bc VERSION: Disable GIT_SNAPSHOT for th 4.9.16 release. via a1b939d6282 WHATSNEW: Add release notes for Samba 4.9.16. via 2927573cfef Merge tag 'samba-4.9.15' into v4-9-test via 92b73cf0bf0 ctdb-tcp: Close inflight connecting TCP sockets after fork via 0dcb2efb8f8 ctdb-tcp: Drop tracking of file descriptor for incoming connections via 14406d123ab ctdb-tcp: Avoid orphaning the TCP incoming queue via 20b823fc255 ctdb-tcp: Check incoming queue to see if incoming connection is up via 2d1f566ef95 VERSION: Bump version up to 4.9.16. via 5942df08644 VERSION: Bump version up to 4.9.15... from 0d69a39c463 VERSION: Disable GIT_SNAPSHOT for the 4.9.15 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - commit f2c73b4e6bcfba4ea58cea999e6c83bd61d86bb3 Author: Karolin Seeger Date: Tue Nov 26 13:15:43 2019 +0100 VERSION: Disable GIT_SNAPSHOT for th 4.9.16 release. Signed-off-by: Karolin Seeger commit a1b939d628248125cd12ad4e5653f4e2967d5669 Author: Karolin Seeger Date: Tue Nov 26 13:13:17 2019 +0100 WHATSNEW: Add release notes for Samba 4.9.16. Signed-off-by: Karolin Seeger commit 2927573cfef0d0856fa82f28f4e655b280372bff Merge: 92b73cf0bf0 0d69a39c463 Author: Karolin Seeger Date: Tue Nov 26 13:03:54 2019 +0100 Merge tag 'samba-4.9.15' into v4-9-test samba: tag release samba-4.9.15 Signed-off-by: Karolin Seeger commit 92b73cf0bf028321b99eba942b76d494c6a96e2b Author: Volker Lendecke Date: Thu Nov 7 15:26:01 2019 +0100 ctdb-tcp: Close inflight connecting TCP sockets after fork Commit c68b6f96f26 changed the talloc hierarchy such that outgoing TCP sockets while sitting in the async connect() syscall are not freed via ctdb_tcp_shutdown() anymore, they are hanging off a longer-running structure. Free this structure as well. If an outgoing TCP socket leaks into a long-running child process (possibly the recovery daemon), this connection will never be closed as seen by the destination node. Because with recent changes incoming connections will not be accepted as long as any incoming connection is alive, with that socket leak into the recovery daemon we will never again be able to successfully connect to the node that is affected by this leak. Further attempts to connect will be discarded by the destination as long as the recovery daemon keeps this socket alive. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14175 RN: Avoid communication breakdown on node reconnect Signed-off-by: Martin Schwenke Signed-off-by: Volker Lendecke Reviewed-by: Amitay Isaacs (cherry picked from commit a6d99d9e5c5bc58e6d56be7a6c1dbc7c8d1a882f) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Wed Nov 20 14:58:33 UTC 2019 on sn-devel-144 commit 0dcb2efb8f828606d22742100491fb7b8f61a340 Author: Martin Schwenke Date: Tue Oct 29 17:28:22 2019 +1100 ctdb-tcp: Drop tracking of file descriptor for incoming connections This file descriptor is owned by the incoming queue. It will be closed when the queue is torn down. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14175 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit bf47bc18bb8a94231870ef821c0352b7a15c2e28) commit 14406d123ab4587715ca97114e933f3ae1e31c17 Author: Martin Schwenke Date: Tue Oct 29 15:29:11 2019 +1100 ctdb-tcp: Avoid orphaning the TCP incoming queue CTDB's incoming queue handling does not check whether an existing queue exists, so can overwrite the pointer to the queue. This used to be harmless until commit c68b6f96f26664459187ab2fbd56767fb31767e0 changed the read callback to use a parent structure as the callback data. Instead of cleaning up an orphaned queue on disconnect, as before, this will now free the new queue. At first glance it doesn't seem possible that 2 incoming connections from the same node could be processed before the intervening disconnect. However, the incoming connections and disconnect occur on different file descriptors. The queue can become orphaned on node A when the following sequence occurs: 1. Node A comes up 2. Node A accepts an incoming connection from node B 3. Node B processes a timeout before noticing that outgoing the queue is writable 4. Node B tears down the outgoing connection to node A 5. Node B initiates a new connection to node A 6. Node A accepts an incoming connection from node B Node A processes then the disconnect of the old incoming connection from (2) but tears down the new incoming connection from (6). This then occurs until