[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via bf5ac945151 smbtorture: extend rpc.lsa to lookup machine over forest-wide LookupNames via d89fc30dab1 lookup_name: allow own domain lookup when flags == 0 via 4fd7914eed9 torture/rpc/lsa: allow testing different lookup levels from 2627724e1b2 Revert "s3:messages: protect against usage of wrapper tevent_context objects for messaging" https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit bf5ac945151b83f7eb3158e0d18aec97c712c8ba Author: Alexander Bokovoy Date: Sat Aug 10 11:53:12 2019 +0300 smbtorture: extend rpc.lsa to lookup machine over forest-wide LookupNames Add a simple test to resolve DOMAIN\MACHINE$ via LSA LookupNames3 using LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 level. This level would pass zero lookup flags to lookup_name(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14091 Signed-off-by: Alexander Bokovoy Reviewed-by: Andreas Schneider Autobuild-User(master): Alexander Bokovoy Autobuild-Date(master): Wed Aug 14 13:07:42 UTC 2019 on sn-devel-184 (cherry picked from commit 4d276a93fc624dc04d880f5b4157f272d3555be6) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Fri Aug 16 14:18:35 UTC 2019 on sn-devel-144 commit d89fc30dab1a2747209b5837f036175affb502ca Author: Alexander Bokovoy Date: Thu Aug 1 15:48:58 2019 +0300 lookup_name: allow own domain lookup when flags == 0 In 2007, we've added support for multiple lookup levels for LSA LookupNames family of calls. However, forest-wide lookups, as described in MS-LSAT 2.2.16, never worked because flags passed to lookup_name() were always set to zero, expecting at least default lookup on a DC to apply. lookup_name() was instead treating zero flags as 'skip all checks'. Allow at least own domain lookup in case domain name is the same. This should allow FreeIPA DC to respond to LSA LookupNames3 calls from a trusted AD DC side. For the reference, below is a request Windows Server 2016 domain controller sends to FreeIPA domain controller when attempting to look up a user from a trusted forest root domain that attemps to login to the domain controller. Notice the level in the lsa_LookupNames3 call and resulting flags in lookup_name(). [2019/08/03 07:14:24.156065, 1, pid=23639, effective(967001000, 967001000), real(967001000, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:471(ndr_print_function_debug) lsa_LookupNames3: struct lsa_LookupNames3 in: struct lsa_LookupNames3 handle : * handle: struct policy_handle handle_type : 0x (0) uuid : 004c---455d-3018575c num_names: 0x0001 (1) names: ARRAY(1) names: struct lsa_String length : 0x000a (10) size : 0x000c (12) string : * string : 'XS\ab' sids : * sids: struct lsa_TransSidArray3 count: 0x (0) sids : NULL level: LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 (6) count: * count: 0x (0) lookup_options : LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0) client_revision : LSA_CLIENT_REVISION_2 (2) [2019/08/03 07:14:24.156189, 6, pid=23639, effective(967001000, 967001000), real(967001000, 0), class=rpc_srv] ../../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal) Found policy hnd[0] [] 00 00 00 00 4C 00 00 00 00 00 00 00 45 5D 30 18 L... E]0. [0010] 57 5C 00 00W\.. [2019/08/03 07:14:24.156228, 4, pid=23639, effective(967001000, 967001000), real(967001000, 0)] ../../source3/smbd/sec_ctx.c:215(push_sec_ctx) push_sec_ctx(967001000, 967001000) : sec_ctx_stack_ndx = 2 [2019/08/03 07:14:24.156246, 4, pid=23639, effective(967001000, 967001000), real(967001000, 0)] ../../source3/smbd/uid.c:552(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2019/08/03 07:14:24.156259, 4, pid=23639, effective(967001000, 967001000), real(967001000, 0)] ../../source3/smbd/sec_ctx.c:319(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2019/08/03 07:14:24.15627
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 2627724e1b2 Revert "s3:messages: protect against usage of wrapper tevent_context objects for messaging" via 5a3fa18389b Revert "s3:messages: allow messaging_{dgm,ctdb}_register_tevent_context() to use wrapper tevent_context" via a4ad9d6e7cf Revert "s3:messages: allow messaging_dgm_ref() to use wrapper tevent_context" via 116c4a79456 Revert "s3:messages: allow messaging_filtered_read_send() to use wrapper tevent_context" via 9daacf18383 Revert "s4:messaging: make sure only imessaging_client_init() can be used with a wrapper tevent_context wrapper" via de909ff8860 ctdb-config: depend on /etc/ctdb/nodes file via 97727eefe49 vfs_catia: pass stat info to synthetic_smb_fname() via db44860c93d samba-tool: add 'import samba.drs_utils' to fsmo.py via f1eeb8e63af samba-tool: use only one LDAP modify for dns partition fsmo role transfer via 8fb77c2d1c8 s4:torture:fsmo.py: remove unused 'net_cmd' variable via 6b9d7481fe8 samba-tool: fix replication after dns partition fsmo role transfer via cf5002e0345 s4:torture:fsmo.py: test role transfers of dns partitions via 043675f3a0c dnsp.idl: fix payload for DSPROPERTY_ZONE_DELETED_FROM_HOSTNAME via 8ce25bdb054 dnsp.idl: fix the dnsp_dns_addr_array definition via b59569126d9 dnsp.idl: fix dnsp_ip4_array definition via d9b747c0ca0 s4:torture: add local.ndr.dnsp tests via 4fd604b1657 dbcheck: fallback to the default tombstoneLifetime of 180 days via 9af7a1ccb33 lib/util: remove unused prototypes in debug.h via bdc11a6b825 lib/util: fix call to dbghdrclass() for DEBUGC() from f7a5adf0256 s4/libnet: Fix joining a Windows pre-2008R2 DC https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 2627724e1b2bba9f814c4a7dd767b878d5371291 Author: Ralph Boehme Date: Thu Dec 27 12:48:30 2018 +0100 Revert "s3:messages: protect against usage of wrapper tevent_context objects for messaging" This reverts commit 7f2afc20e1b6397c364a98d1be006377c95e4665. See the discussion in https://lists.samba.org/archive/samba-technical/2018-December/131731.html for the reasoning behind this revert. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14033 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke Reviewed-by: Stefan Metzmacher (cherry picked from commit 2a62a98f5c7107f2f83c0bfc2892243d83e2c88a) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Thu Aug 8 11:20:26 UTC 2019 on sn-devel-144 commit 5a3fa18389b76bb31541e8b93de8353fa6b548d7 Author: Ralph Boehme Date: Thu Dec 27 12:45:42 2018 +0100 Revert "s3:messages: allow messaging_{dgm,ctdb}_register_tevent_context() to use wrapper tevent_context" This reverts commit 660cf86639753edaa7a7a21a5b5ae207ae7d4260. See the discussion in https://lists.samba.org/archive/samba-technical/2018-December/131731.html for the reasoning behind this revert. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14033 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke Reviewed-by: Stefan Metzmacher (cherry picked from commit 1c3676f3aa9c1564eb140a24ced5ee72b859b87f) commit a4ad9d6e7cfdd1be1ea71f08ce5b6c404260281e Author: Ralph Boehme Date: Thu Dec 27 12:45:28 2018 +0100 Revert "s3:messages: allow messaging_dgm_ref() to use wrapper tevent_context" This reverts commit 9dc332060cf5f249ea887dbc60ec7a39b6f91120. See the discussion in https://lists.samba.org/archive/samba-technical/2018-December/131731.html for the reasoning behind this revert. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14033 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke Reviewed-by: Stefan Metzmacher (cherry picked from commit 26107832cd9d200fb171ef1f991d7ef5478cac18) commit 116c4a79456c235980813f2d4ea732188ebf42b3 Author: Ralph Boehme Date: Thu Dec 27 12:45:15 2018 +0100 Revert "s3:messages: allow messaging_filtered_read_send() to use wrapper tevent_context" This reverts commit 2b05f1098187e00166649c8ea7c63e6901b9d242. See the discussion in https://lists.samba.org/archive/samba-technical/2018-December/131731.html for the reasoning behind this revert. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14033 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke Reviewed-by: Stefan Metzmacher (cherry picked from commit e2a5272ac6831b407a0c51bb8615252ec68be6a8) commit 9daacf183831851f4f33fa075dbabf4a99566323 Author: Ralph Boehme Date: Thu Dec 27 12:41:25 2018 +0100
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via bf28f9d7bef tests/drs_no_dns: Check dbcheck and ldapcmp pass via bf70fc09852 tests: Add samba_upgradedns to the list of possible cmds via 1d2c7ee7061 netcmd: Allow drs replicate --local to create partitions via 9dac4d85ad0 join: Use a specific attribute order for the DsAddEntry nTDSDSA object via f839423bdab ctdb-config: depend on /etc/ctdb/nodes file via b0ebe62fe51 vfs_catia: pass stat info to synthetic_smb_fname() via 376bed3a0e6 samba-tool: add 'import samba.drs_utils' to fsmo.py via 7788b9f3039 samba-tool: use only one LDAP modify for dns partition fsmo role transfer via 4d7ce477eb0 s4:torture:fsmo.py: remove unused 'net_cmd' variable via cfce211fff1 samba-tool: fix replication after dns partition fsmo role transfer via 65c4f412509 s4:torture:fsmo.py: test role transfers of dns partitions via b2849a889f3 dnsp.idl: fix payload for DSPROPERTY_ZONE_DELETED_FROM_HOSTNAME via d2087e4b480 dnsp.idl: fix the dnsp_dns_addr_array definition via e7dfe3f7f77 dnsp.idl: fix dnsp_ip4_array definition via 7dbde4521fe s4:torture: add local.ndr.dnsp tests via bbe41dc7806 dbcheck: fallback to the default tombstoneLifetime of 180 days via c51d810ee99 third_party: Update waf to version 2.0.17 via 1dcb5dc3844 lib/util: set current_msg_{level,class} also during a DEBUGADD[C]() call via 823d57094b9 lib/util: remove unused prototypes in debug.h via fdec94ba7c4 lib/util: fix call to dbghdrclass() for DEBUGC() from b56e010af12 s4/libnet: Fix joining a Windows pre-2008R2 DC https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit bf28f9d7bef49d91ebe86a59b70da5add025def5 Author: Garming Sam Date: Wed Jul 24 14:53:33 2019 +1200 tests/drs_no_dns: Check dbcheck and ldapcmp pass When joining a DC without DNS partitions, make sure that the alternate flow of creating them afterwards results in a database with everything that is necessary. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14051 RN: Allow a DC join without DNS partitions, to add them later Signed-off-by: Garming Sam Reviewed-by: Andrew Bartlett (cherry picked from commit 35c54007e6183829d9d85a24b3bd95f469739ad3) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Thu Aug 8 11:15:54 UTC 2019 on sn-devel-144 commit bf70fc0985259ce3ea97f1b2bcc48b9518a24e41 Author: Garming Sam Date: Wed Jul 24 15:13:43 2019 +1200 tests: Add samba_upgradedns to the list of possible cmds This will be used to test the replication scenario with no DNS partitions BUG: https://bugzilla.samba.org/show_bug.cgi?id=14051 Signed-off-by: Garming Sam Reviewed-by: Andrew Bartlett (cherry picked from commit 7d2875bd70cf727730be8dc705bfd01eac6f) commit 1d2c7ee7061461940a2952b6855db85a21afa494 Author: Garming Sam Date: Wed Jul 24 15:18:40 2019 +1200 netcmd: Allow drs replicate --local to create partitions Currently, neither the offline (--local) or online (normal replica sync) methods allow partition creation post-join. This overrides the Python default to not create the DB, which allows TDB + MDB to work. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14051 Signed-off-by: Garming Sam Reviewed-by: Andrew Bartlett (cherry picked from commit d90ccce59754bc833027c06683afac25f7a8d474) commit 9dac4d85ad0dc52f5b08f048c529f386a0b436c8 Author: Tim Beale Date: Wed Jul 24 11:00:01 2019 +1200 join: Use a specific attribute order for the DsAddEntry nTDSDSA object Joining a Windows domain can throw an error if the HasMasterNCs attribute occurs before msDS-HasMasterNCs. This patch changes the attribute order so that msDS-HasMasterNCs is always first. Previously on python2, the dictionary hash order was arbitrary but constant. By luck, msDS-HasMasterNCs was always before HasMasterNCs, so we never noticed any problem. With python3, the dictionary hash order now changes everytime you run the command, so the order is unpredictable. To enforce a order, we can change to use an OrderedDict, which will return the keys in the order they're added. I've asked Microsoft to clarify the protocol requirement here WRT attribute order. However, in the meantime we may as well fix the problem for users. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14046 RN: When trying to join a Windows domain (with functional level 2008R2) as an AD domain controller, the 'samba-tool domain join' command could throw a python exception: 'RuntimeError ("DsAddEntry failed")'. When this problem occurred, you would also see the message "Ds
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via 62e65124e9d smbd: Fix use-after-free from exit_server_common() via 6b4c51d0c94 WHATSNEW: Add link to 2012 Windows compatibility wiki page via 02352ebbef6 WHATSNEW: Make it clearer how the AD database changes will affect users via 97a742fe761 tests/drs_no_dns: Check dbcheck and ldapcmp pass via c7a5694f4f8 tests: Add samba_upgradedns to the list of possible cmds via 8a09ea3c70f netcmd: Allow drs replicate --local to create partitions via 816053b7bba join: Use a specific attribute order for the DsAddEntry nTDSDSA object via 636f7dedd40 tests/ldap: Use TLDAP to check the extended DN return via a1d0ce447e7 tests/tldap: Actually check the paging return code via 23f8a8ee71b tldap: Paged searches fail when they get to the end via dd36cafdb96 tldap: Make memcpy of no controls safe via b95186a5332 ldap_server: Regression in 0559430ab6e5c48d6e853fda0d8b63f2e149015c via 122d7afb50e WHATSNEW: document new debug encryption smb.conf param via 98051741ea5 WHATSNEW: add CephFS Snapshot Integration section via f2c40f4d41a gp_inf: Read/write files with a UTF-16LE BOM in GptTmpl.inf via 29fa37b717c partition: reversing partition unlocking via 6877eabea8f partition: correcting lock ordering from 1c64a2e37b6 WHATSNEW: preview release -> release candidate https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit 62e65124e9d720d5dd27d822e7a25df24ea9f81b Author: Volker Lendecke Date: Wed Jul 31 14:17:02 2019 +0200 smbd: Fix use-after-free from exit_server_common() We need to keep the smbXsrv_connection structures around until all pending requests have had their chance to clean up behind them. If you look at srv_send_smb(), it's exactly prepared already to just drop anything on the floor when the transport has been declared dead: if (!NT_STATUS_IS_OK(xconn->transport.status)) { /* * we're not supposed to do any io */ return true; } Bug: https://bugzilla.samba.org/show_bug.cgi?id=14064 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Thu Aug 1 15:39:13 UTC 2019 on sn-devel-184 (cherry picked from commit c226dc6e8a18343031829c35552e557903593daf) Autobuild-User(v4-11-test): Karolin Seeger Autobuild-Date(v4-11-test): Wed Aug 7 12:53:51 UTC 2019 on sn-devel-184 commit 6b4c51d0c94a34ccd310f4c0e470f043407659d6 Author: Tim Beale Date: Mon Jul 29 10:35:23 2019 +1200 WHATSNEW: Add link to 2012 Windows compatibility wiki page There's now a lot more info on the wiki on Windows 2012 compatibility, and how the schema is just a small part of overall compatibility. Link to this wiki page from the WHATSNEW, so users can read more about this. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14057 Signed-off-by: Tim Beale commit 02352ebbef6dd5669cb28369a3c7e7579c796384 Author: Tim Beale Date: Mon Jul 29 10:14:06 2019 +1200 WHATSNEW: Make it clearer how the AD database changes will affect users The release notes currently just have a brief mention of a new LDB pack format. They don't really cover how this change will actually affect AD users when upgrading (or more specifically downgrading) with v4.11. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14057 Signed-off-by: Tim Beale commit 97a742fe7617d153e38aac5ad6c887c79a6e2447 Author: Garming Sam Date: Wed Jul 24 14:53:33 2019 +1200 tests/drs_no_dns: Check dbcheck and ldapcmp pass When joining a DC without DNS partitions, make sure that the alternate flow of creating them afterwards results in a database with everything that is necessary. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14051 RN: Allow a DC join without DNS partitions, to add them later Signed-off-by: Garming Sam Reviewed-by: Andrew Bartlett (cherry picked from commit 35c54007e6183829d9d85a24b3bd95f469739ad3) commit c7a5694f4f81676f89969464645c9ff021680eb2 Author: Garming Sam Date: Wed Jul 24 15:13:43 2019 +1200 tests: Add samba_upgradedns to the list of possible cmds This will be used to test the replication scenario with no DNS partitions BUG: https://bugzilla.samba.org/show_bug.cgi?id=14051 Signed-off-by: Garming Sam Reviewed-by: Andrew Bartlett (cherry picked from commit 7d2875bd70cf727730be8dc705bfd01eac6f) commit 8a09ea3c70f95a577ed42123ebe8d3ab26f2c39d Author: Garming Sam Date: Wed Jul 24 15:18:40 2019 +1200 netcmd: Allow drs replicate --local to create partitions Currently, n
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via eebcc88ddf9 doc: improve vfs objects parameter description from bed7fc5a1b5 wafsamba: change --picky-developer into --disable-warnings-as-errors https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit eebcc88ddf93466a3c98c023e86de23aba9875c1 Author: Björn Jacke Date: Mon Aug 5 17:16:32 2019 +0200 doc: improve vfs objects parameter description Signed-off-by: Bjoern Jacke Reviewed-by: Karolin Seeger Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Tue Aug 6 13:40:21 UTC 2019 on sn-devel-184 --- Summary of changes: docs-xml/smbdotconf/vfs/vfsobjects.xml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/vfs/vfsobjects.xml b/docs-xml/smbdotconf/vfs/vfsobjects.xml index 05903baf1c6..f8f33b55f56 100644 --- a/docs-xml/smbdotconf/vfs/vfsobjects.xml +++ b/docs-xml/smbdotconf/vfs/vfsobjects.xml @@ -7,8 +7,9 @@ This parameter specifies the backend names which are used for Samba VFS I/O operations. By default, normal disk I/O operations are used but these can be overloaded - with one or more VFS objects. - + with one or more VFS objects. Be aware that the definition of this + parameter will overwrite a possible previous definition of the + vfs objects parameter. extd_audit recycle -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via b56e010af12 s4/libnet: Fix joining a Windows pre-2008R2 DC via 4743188456f vfs:glusterfs_fuse: treat ENOATTR as ENOENT via 01a7df07fc9 vfs:glusterfs: treat ENOATTR as ENOENT via 27bd08f36bd dsdb: Handle DB corner-case where PSO container doesn't exist via 1f0870a7b28 s3:rpc_server:netlogon: simplify AUTH_TYPE_SCHANNEL check in netr_creds_server_step_check() via b7f586ca6c9 s3:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*() via e9c23a02470 s4:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*() via 58760fe8b72 s4 librpc rpc pyrpc: Fix flapping dcerpc.bare tests via 4f70d4d76a0 s4 librpc rpc pyrpc: Ensure tevent_context deleted last via 4179bdb6f2a s4/pyrpc_util: appropriately decrement refcounts on failure via 8128ceceb87 build: Allow build when --disable-gnutls is set from 372ee382939 VERSION: Bump version up to 4.10.7... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit b56e010af12908e4291231172eb67306e14de9a6 Author: Tim Beale Date: Mon Jul 1 17:06:31 2019 +1200 s4/libnet: Fix joining a Windows pre-2008R2 DC From v4.8 onwards, Samba may not be able join a DC older than 2008R2 because the Windows DC doesn't support GET_TGT. If the dsdb repl_md code can't resolve a link target it returns an error, and the calling code (e.g. drs_util.py) should retry with GET_TGT. However, GET_TGT is only supported on Windows 2008R2 and later, so if you try to join an earlier Windows DC, the join will throw an error that you can't work-around. We can avoid this problem by setting the same DSDB flag that GET_TGT sets to indicate that the link targets are as up-to-date as possible, and so there's no point retrying. Missing targets are still logged, so this at least allows the admin to fix up any problems after the join completed. I've only done this for the join case (problems during periodic replication are probably still worth escalating to an error). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14021 RN: From Samba v4.8 onwards, joining a Windows 2003 or 2008 (non-R2) AD DC may not have worked. When this problem occurred, the following message would be displayed: 'Failed to commit objects: DOS code 0x21bf' This particular issue has now been resolved. Note that there may still be other potential problems that occur when joining an older Windows DC. Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett (cherry picked from commit b3a2508f2ad79e2f1007464da7dbe918933038a0) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Tue Jul 9 10:31:40 UTC 2019 on sn-devel-144 commit 4743188456f7da4023890d17f699a88780525291 Author: Michael Adam Date: Thu Jun 20 15:14:57 2019 +0200 vfs:glusterfs_fuse: treat ENOATTR as ENOENT The original implementation of the virtual xattr get_real_filename in gluster was misusing the ENOENT errno as the authoritative anwer that the file/dir that we were asking the real filename for does not exist. But since the getxattr call is done on the parent directory, this is a violation of the getxattr API which uses ENOENT for the case that the file/dir that the getxattr call is done against does not exist. Now after a recent regression for fuse-mount re-exports due to gluster mapping ENOENT to ESTALE in the fuse-bridge, the gluster implementation is changed to more correctly return ENOATTR if the requested file does not exist. This patch changes the glusterfs_fuse vfs module to treat ENOATTR as ENOENT to be fully functional again with latest gluster. - Without this patch, samba against a new gluster will work correctly, but the get_real_filename optimization for a non-existing entry is lost. - With this patch, Samba will not work correctly any more against very old gluster servers: Those (correctly) returned ENOATTR always, which Samba originally interpreted as EOPNOTSUPP, triggering the expensive directory scan. With this patch, ENOATTR is interpreted as ENOENT, the authoritative answer that the requested entry does not exist, which is wrong unless it really does not exist. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14010 Signed-off-by: Michael Adam Reviewed-by: Guenther Deschner Autobuild-User(master): Günther Deschner Autobuild-Date(master): Fri Jun 28 12:52:03 UTC 2019 on sn-devel-184 (cherry picked from commit fee8cf326bfe240d3a8720569eab43f474349aff) commit 01a7df07fc92c8e1d73749585432d5071a6f460a Author: Michael Adam Date: Thu Jun 20 15:14
[SCM] Samba Shared Repository - branch v4-11-test updated
The branch, v4-11-test has been updated via 1c64a2e37b6 WHATSNEW: preview release -> release candidate from ac9740a0966 VERSION: Bump version up to 4.11.0rc2... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test - Log - commit 1c64a2e37b695fcae9f64dea6f82c6fcadc990c4 Author: Karolin Seeger Date: Tue Jul 9 12:21:10 2019 +0200 WHATSNEW: preview release -> release candidate Signed-off-by: Karolin Seeger --- Summary of changes: WHATSNEW.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index c0d13d20d6b..b07e9eba778 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the first preview release of Samba 4.11. This is *not* +This is the second release candidate of Samba 4.11. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via f6d0125 NEWS[4.11.0rc1]: Samba 4.11.0rc1 Available for Download from f80fa49 Add Samba 4.10.6. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit f6d01255bb9c403e00ceb60af01b9979008b48da Author: Karolin Seeger Date: Tue Jul 9 12:15:02 2019 +0200 NEWS[4.11.0rc1]: Samba 4.11.0rc1 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: posted_news/20190709-101557.4.11.0rc1.body.html | 12 posted_news/20190709-101557.4.11.0rc1.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20190709-101557.4.11.0rc1.body.html create mode 100644 posted_news/20190709-101557.4.11.0rc1.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20190709-101557.4.11.0rc1.body.html b/posted_news/20190709-101557.4.11.0rc1.body.html new file mode 100644 index 000..e37a249 --- /dev/null +++ b/posted_news/20190709-101557.4.11.0rc1.body.html @@ -0,0 +1,12 @@ + +09 July 2019 +Samba 4.11.0rc1 Available for Download + +This is the first release candidate of the upcoming Samba 4.11 release series. + + +The uncompressed tarball has been signed using GnuPG (ID 6F33915B6568B7EA). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.11.0rc1.tar.gz;>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.11.0rc1.WHATSNEW.txt;>the release notes for more info. + + diff --git a/posted_news/20190709-101557.4.11.0rc1.headline.html b/posted_news/20190709-101557.4.11.0rc1.headline.html new file mode 100644 index 000..21a47dc --- /dev/null +++ b/posted_news/20190709-101557.4.11.0rc1.headline.html @@ -0,0 +1,3 @@ + + 09 July 2019 Samba 4.11.0rc1 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - annotated tag samba-4.11.0rc1 created
The annotated tag, samba-4.11.0rc1 has been created at 6682733cb6ab777e41114cb22ef537db40ada774 (tag) tagging 2da294048fcbddb60f12a3a42c0cf82fdd861b40 (commit) replaces ldb-1.6.3 tagged by Karolin Seeger on Tue Jul 9 12:14:46 2019 +0200 - Log - samba: tag release samba-4.11.0rc1 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXSRpFgAKCRBvM5FbZWi3 6pwPAJwNEhwOPJ8uqxM74E4Ts7uWgV0qWACeIz27fCj50ALTZ7KYDSwC3xqP8sE= =5C6c -END PGP SIGNATURE- Aaron Haslett (44): paged_search: perf testing paged search ldb: cmocka test for empty attributes bug lmdb: iterate_range cmocka testing ldb: <= and >= indexed searching ldb: activating <= and >= indexing for integers ldb: tests for <= and >= integer indexing ldb: version 2.0.0 samdb: test for schemainfo update with relax control dsdb:samdb: schemainfo update with relax control selftest: tagging tests for new schemaupgrade_dc target repl: test for schema object and LA repl across chunks selftest: split schemaupgrade testenv out ldap: test for empty attributes list selftest: correcting empty attribute usage in requests ldb: removing alloc from unpack_data ldb: perf test for pack format ldb: removing msg and dn copying from filter attrs ldb: remove unpack only attr list functionality ldb: baseinfo pack format check on init ldb: push and pull macros for pack format ldb: replacing length increments with constants in pack ldb: unpack function for new pack format ldb: pack function for new pack format ldb: Release ldb 2.0.2 ldb: removing unnecessary module pointer ldb: ldb_key_value_test fix ldb: ldbdump key and pack format version comments ldb: test for parse errors sambaundoguididx: renamed to downgradedatabase downgradedatabase: blackbox test ldb: only used a->syntax->index_format_fn if GUID indexing is enabled ldb: binding ordered indexes to GUID indexing downgradedatabase: blackbox: check ordered integer removed ldb: repack old format database if GUID indexing enabled ldb: python test for repack downgradedatabase: blackbox: database repacked ldb: pack_format_override option dsdb: disable ORDERED_INTEGER with MDB pack format v1 downgradedatabase: adding special case for MDB downgradedatabase: blackbox: MDB backend ldb: Release ldb 2.0.3 selftest: specifying 2008_R2 base schema for tests that need it schema: changing default base schema to 2012_R2 selftest: schema version check in provision test Amit Kumar (1): docs: Correct 'net ads dns unregister --help' description Amitay Isaacs (3): ctdb-common: Avoid race between fd and signal events ctdb-tests: Add reqid wrapping test ctdb-common: Fix memory leak in run_proc Andreas Schneider (211): s3:lib: Increase debug level for messaging_send_buf message s3:script: Fix running rsync in fake_snap.pl s3:script: Fix running cp in modprinter.pl libcli: Use a define for the SMB_SUICIDE_PACKET s3:smbd: Make clear that we got a suicide packet s3:torture: Move the init of the locking out of the loop s3:torture: Improve the debug message output s3:waf: Fix the detection of makdev() macro on Linux third_party: Update socket_wrapper to version 1.2.3 selftest: Increase nss_wrapper max host entries handling docs: Update smbclient manpage for --max-protocol s3:utils: Add 'smbstatus -L --resolve-uids' to show usernames selftest: Add smbstatus to testhelper s3:tests: Add test for smbstatus and smbstatus --resolve_uids s3:libads: Print more information when LDAP fails s3:libsmb: Add some useful debug output to cliconnect auth:creds: Prefer the principal over DOMAIN/username when using NTLM s3:libnet: Use more secure name for the JOIN krb5.conf s3:libads: Make sure we can lookup KDCs which are not configured lib:util: Add support to keep talloc chunks secret lib:util: Add test for talloc_keep_secret() lib:util: Include talloc_keep_secret.h in samba_util.h autobuild: Build also Samba AD with MIT Kerberos s3:modules: Fix size types s4:heimdal: Disable format truncation warnings bootstrap: Fix dnf commands bootstrap: Add missing packages on RPM distributions bootstrap: Add missing packages for XFS quota support bootstrap: Add glusterfs and cephfs packages gitlab-ci: Enable fedora29 and update generated dists gitlab-ci: Remove Ubuntu 14.04 lib:audit_logging: Use C99 initializer for server_id in audit_logging s3:lib: Use correct C99 initializer for 'struct flock' in messages_dgm s4:dsdb: Use C99 initializer in dsdb uti
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 36f021f74d9 WHATSNEW: Start release notes for Samba 4.12.0pre1. from 9cb028d6d16 VERSION: Bump version up to 4.12.0. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 36f021f74d9739a9c73b95fc7d6f821bbf7cafdd Author: Karolin Seeger Date: Tue Jul 9 12:04:27 2019 +0200 WHATSNEW: Start release notes for Samba 4.12.0pre1. Signed-off-by: Karolin Seeger --- Summary of changes: WHATSNEW.txt | 286 +-- 1 file changed, 3 insertions(+), 283 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index c0d13d20d6b..510ee2c89db 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,297 +1,25 @@ Release Announcements = -This is the first preview release of Samba 4.11. This is *not* +This is the first preview release of Samba 4.12. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. -Samba 4.11 will be the next version of the Samba suite. +Samba 4.12 will be the next version of the Samba suite. UPGRADING = -SMB1 is disabled by default - -The defaults of 'client min protocol' and 'server min protocol' -have been changed to SMB2_02. - -This means clients without support for SMB2 or SMB3 are no longer -able to connect to smbd (by default). - -It also means client tools like smbclient and other, -as well as applications making use of libsmbclient are no longer -able to connect to servers without SMB2 or SMB3 support (by default). - -It's still possible to allow SMB1 dialects, e.g. NT1, LANMAN2 -and LANMAN1 for client and server, as well as CORE and COREPLUS on -the client. - -Note that most commandline tools e.g. smbclient, smbcacls and others -also support the --option argument to overwrite smb.conf options, -e.g. --option='client min protocol=NT1' might be useful. - -As Microsoft no longer installs SMB1 support in recent releases -or uninstalls it after 30 days without usage, the Samba Team -tries to get remove the SMB1 usage as much as possible. - -SMB1 is officially deprecated and might be removed step by step -in the following years. If you have a strong requirement for SMB1 -(except for supporting old Linux Kernels), please file a bug -at https://bugzilla.samba.org and let us know about the details. NEW FEATURES/CHANGES -Default samba process model - -The default for the --model argument passed to the samba executable has changed -from 'standard' to 'prefork'. This means a difference in the number of samba -child processes that are created to handle client connections. The previous -default would create a separate process for every LDAP or NETLOGON client -connection. For a network with a lot of persistent client connections, this -could result in significant memory overhead. Now, with the new default of -'prefork', the LDAP, NETLOGON, and KDC services will create a fixed number of -worker processes at startup and share the client connections amongst these -workers. The number of worker processes can be configured by the 'prefork -children' setting in the smb.conf (the default is 4). - -Authentication Logging. - -Winbind now logs PAM_AUTH and NTLM_AUTH events, a new attribute "logonId" has -been added to the Authentication JSON log messages. This contains a random -logon id that is generated for each PAM_AUTH and NTLM_AUTH request and is passed -to SamLogon, linking the windbind and SamLogon requests. - -The serviceDescription of the messages is set to "winbind", the authDescription -is set to one of: - "PASSDB, , " - "PAM_AUTH, , " - "NTLM_AUTH, , " -where: -is the name of the command makinmg the winbind request i.e. wbinfo -is the process id of the requesting process. - -The version of the JSON Authentication messages has been changed to 1.2 from 1.1 - -LDAP referrals --- - -The scheme of returned LDAP referrals now reflects the scheme of the original -request, i.e. referrals received via ldap are prefixed with "ldap://; -and those over ldaps are prefixed with "ldaps://" - -Previously all referrals were prefixed with "ldap://; - -Bind9 logging -- - -It is now possible to log the duration of DNS operations performed by Bind9 -This should aid future diagnosis of performance issues, and could be used to -monitor DNS performance. The logging is enabled by setting log level to -"dns:10" in smb.conf - -The logs are currently Human readable text only, i.e. no JSON formatted output. - -Log lines
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9cb028d6d16 VERSION: Bump version up to 4.12.0. from 42c299b090e VERSION: Bump version up to 4.12.0pre1... https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9cb028d6d1630b20dab5bd456c69052e877d6fcf Author: Karolin Seeger Date: Tue Jul 9 12:02:07 2019 +0200 VERSION: Bump version up to 4.12.0. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 2b5116191fd..3f4e84bf0f4 100644 --- a/VERSION +++ b/VERSION @@ -24,7 +24,7 @@ # -> "3.0.0" # SAMBA_VERSION_MAJOR=4 -SAMBA_VERSION_MINOR=11 +SAMBA_VERSION_MINOR=12 SAMBA_VERSION_RELEASE=0 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 42c299b090e VERSION: Bump version up to 4.12.0pre1... via 2da294048fc VERSION: Disable GIT_SNAPSHOT for the 4.11.0rc1 release... via 8460e86e449 WHATSNEW: Fix typo. from 5130dfe0ac3 WHATSNEW: Add link for >= and <= indexing https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 42c299b090ed9bcf3540c49d337348c1374e77c2 Author: Karolin Seeger Date: Tue Jul 9 11:47:48 2019 +0200 VERSION: Bump version up to 4.12.0pre1... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 2da294048fcbddb60f12a3a42c0cf82fdd861b40 Author: Karolin Seeger Date: Tue Jul 9 11:45:52 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.11.0rc1 release... Signed-off-by: Karolin Seeger commit 8460e86e449c0ffa7d0f9c7cae25ea13f1d2a1d1 Author: Karolin Seeger Date: Tue Jul 9 11:43:22 2019 +0200 WHATSNEW: Fix typo. Signed-off-by: Karolin Seeger --- Summary of changes: WHATSNEW.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 9aee9e22e3b..c0d13d20d6b 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -267,10 +267,10 @@ from the 'server services' smb.conf parameter). This service was unused and has now been removed from Samba. -samba-tool join subdommain --- +samba-tool join subdomain +- -The subdommain role has been removed from the join command. This option did +The subdomain role has been removed from the join command. This option did not work and has no tests. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via f7a5adf0256 s4/libnet: Fix joining a Windows pre-2008R2 DC via ea481544d2f vfs:glusterfs_fuse: treat ENOATTR as ENOENT via e126fdaa0c4 vfs:glusterfs: treat ENOATTR as ENOENT via 00dbe9ff5a5 dsdb: Handle DB corner-case where PSO container doesn't exist via 948b60d21ef s3:rpc_server:netlogon: simplify AUTH_TYPE_SCHANNEL check in netr_creds_server_step_check() via a47fd552e12 s3:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*() via 3bcaef67d29 s4:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*() via 88a60f59c13 WHATSNEW: Fix typo. from 63547807f51 VERSION: Bump version up to 4.9.12... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit f7a5adf02565e4d9e78e4dc85214d4c434c68a27 Author: Tim Beale Date: Mon Jul 1 17:06:31 2019 +1200 s4/libnet: Fix joining a Windows pre-2008R2 DC From v4.8 onwards, Samba may not be able join a DC older than 2008R2 because the Windows DC doesn't support GET_TGT. If the dsdb repl_md code can't resolve a link target it returns an error, and the calling code (e.g. drs_util.py) should retry with GET_TGT. However, GET_TGT is only supported on Windows 2008R2 and later, so if you try to join an earlier Windows DC, the join will throw an error that you can't work-around. We can avoid this problem by setting the same DSDB flag that GET_TGT sets to indicate that the link targets are as up-to-date as possible, and so there's no point retrying. Missing targets are still logged, so this at least allows the admin to fix up any problems after the join completed. I've only done this for the join case (problems during periodic replication are probably still worth escalating to an error). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14021 RN: From Samba v4.8 onwards, joining a Windows 2003 or 2008 (non-R2) AD DC may not have worked. When this problem occurred, the following message would be displayed: 'Failed to commit objects: DOS code 0x21bf' This particular issue has now been resolved. Note that there may still be other potential problems that occur when joining an older Windows DC. Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett (cherry picked from commit b3a2508f2ad79e2f1007464da7dbe918933038a0) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Mon Jul 8 16:24:32 UTC 2019 on sn-devel-144 commit ea481544d2fdb5c9e48d901ee3c0514d5c3400d8 Author: Michael Adam Date: Thu Jun 20 15:14:57 2019 +0200 vfs:glusterfs_fuse: treat ENOATTR as ENOENT The original implementation of the virtual xattr get_real_filename in gluster was misusing the ENOENT errno as the authoritative anwer that the file/dir that we were asking the real filename for does not exist. But since the getxattr call is done on the parent directory, this is a violation of the getxattr API which uses ENOENT for the case that the file/dir that the getxattr call is done against does not exist. Now after a recent regression for fuse-mount re-exports due to gluster mapping ENOENT to ESTALE in the fuse-bridge, the gluster implementation is changed to more correctly return ENOATTR if the requested file does not exist. This patch changes the glusterfs_fuse vfs module to treat ENOATTR as ENOENT to be fully functional again with latest gluster. - Without this patch, samba against a new gluster will work correctly, but the get_real_filename optimization for a non-existing entry is lost. - With this patch, Samba will not work correctly any more against very old gluster servers: Those (correctly) returned ENOATTR always, which Samba originally interpreted as EOPNOTSUPP, triggering the expensive directory scan. With this patch, ENOATTR is interpreted as ENOENT, the authoritative answer that the requested entry does not exist, which is wrong unless it really does not exist. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14010 Signed-off-by: Michael Adam Reviewed-by: Guenther Deschner Autobuild-User(master): Günther Deschner Autobuild-Date(master): Fri Jun 28 12:52:03 UTC 2019 on sn-devel-184 (cherry picked from commit fee8cf326bfe240d3a8720569eab43f474349aff) commit e126fdaa0c488dfee017eb0fc701643ede2d8b49 Author: Michael Adam Date: Thu Jun 20 15:14:57 2019 +0200 vfs:glusterfs: treat ENOATTR as ENOENT The original implementation of the virtual xattr get_real_filename in gluster was misusing the ENOENT errno as the authoritative anwer that the file/dir that we were asking the real filename
[SCM] Samba Shared Repository - branch v4-10-stable updated
The branch, v4-10-stable has been updated via 9c67187029b VERSION: Disable GIT_SNAPSHOT for the 4.10.6 release. via 9f1a6fe7f27 WHATSNEW: Add release notes for Samba 4.10.6. via 8052d52b26f ldb: Release ldb 1.5.5 via f8d504acb4c python/ntacls: use correct "state directory" smb.conf option instead of "state dir" via 662d66dcd3c selftest: add test for samba-tool ntacl get/set --use-ntvfs --xattr-backend=tdb via 1970eadd123 docs: Document DCEPRC binding string for rpcclient via 9218655399f s3:client: Link smbspool_krb5_wrapper against krb5samba via 48c47f5dbbb wafsamba: Use native waf timer via d106f5eb971 s3:mdssvc: fix flex compilation error via 7c80167e2af ctdb-scripts: Fix tcp_tw_recycle existence check via 4f32284840d docs: Improve documentation of "lanman auth" and "ntlm auth" connection via 47a96935df0 vfs_fruit: remove a now unnecessary include via bdc257a1cba vfs_fruit: use VFS functions in ad_read_rsrc_adouble() via 2d6a2080afb vfs_fruit: use fsp and remove syscalls from ad_convert_blank_rfork() via 91ed0f8beb9 vfs_fruit: use VFS function in ad_convert_truncate() via 28cdc4421c2 vfs_fruit: add VFS handle to ad_convert_truncate() via fef47b90e54 vfs_fruit: use fsp and remove mmap in ad_convert_xattr() via 7fc300d4655 vfs_fruit: remove use of mmap() from ad_convert_move_reso() via d49df05e619 vfs_fruit: convert ad_open_rsrc() to open a proper fsp with SMB_VFS_CREATE_FILE() via f5d1561c5b1 vfs_fruit: only do cross protocol locking on non-internal opens via 9ebfd4f2e51 vfs_fruit: remove a layer of indirection via f890c4fb86c vfs_fruit: pass VFS handle to ad_convert_move_reso() via 8f49fbfdebb vfs_fruit: remove xattr code from the AppleDouble subsystem via 7bd5ceea7d2 vfs_fruit: remove now unused AppleDouble code for resource fork in xattr via cc1ff660b80 vfs_fruit: use stream code for resource fork size calculation in readdir_attr_rfork_size() via d1164d9f374 vfs_fruit: use correct case FRUIT_RSRC_STREAM in readdir_attr_rfork_size() via 8ceb0486446 vfs_fruit: ignore AppleDouble files in fruit_unlink() via 30f25ed6214 vfs_fruit: add a missing else via 8787ac7938c vfs_fruit: add and use is_adouble_file() via 2b8eeb231e0 vfs_fruit: finally, remove ad_handle from struct adouble via ef0522b3434 vfs_fruit: pass handle to ad_convert_delete_adfile() via f2b796844b1 vfs_fruit: pass handle to ad_convert_finderinfo() via 3ff1b960c5e vfs_fruit: pass handle to ad_convert_blank_rfork() via 4e22296dc6c vfs_fruit: pass handle to ad_convert_xattr() via 47e08c03ed8 vfs_fruit: indentation fix via 03d1328e33b vfs_fruit: pass handle to ad_read_rsrc() and all the way down via 9b4ad2a32a6 vfs_fruit: use proper VFS function in ad_read_meta() via fd63fda7769 vfs_fruit: indentation fix via 7a99bba9294 vfs_fruit: pass handle to ad_read_meta() via 25ee7f97c6c vfs_fruit: pass handle to ad_read() via ab9a428f335 vfs_fruit: pass handle to ad_set() via 92bc9e3e11c vfs_fruit: pass handle to ad_fset() via 730c24902d5 s3:auth: explicitly add BUILTIN\Guests to the guest token via b312ceb5730 tests: add a test for guest authentication via d8e33defa5a selftest: allow guest login in the ad_member_idmap_rid env via 90a538f4689 s3:smbd: call reinit_guest_session_info() in the conf updated handler via 7f6b171c3e9 s3:auth: add reinit_guest_session_info() via 813856c1c4e dsdb:audit_log: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..." via 49acbea1378 ldb_kv: Skip @ records early in a search full scan via d9fed540c36 samba-tool domain provision: Fix --interactive module in python3 via 8867c178a9b ldap server: generate correct referral schemes via 207295b9523 ldap tests: test scheme for referrals via fa1de54cd92 s3/vfs_glusterfs_fuse: Avoid using NAME_MAX directly via 778448469bb s3/vfs_glusterfs: Avoid using NAME_MAX directly via bb688404227 Revert "s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX" via f830628c3aa Revert "s3/vfs_glusterfs: Dynamically determine NAME_MAX" via 70e8344a043 VERSION: Bump version up to 4.10.6... via 734d72bdc96 Merge tag 'samba-4.10.5' into v4-10-test via 881793d52d9 vfs_fruit: change trigger points of AppleDouble conversion via 436356f8d00 vfs_fruit: add a forward declaration for ad_get() via 886ab13095e selftest: run vfs.fruit test against a share that deletes empty resource forks via 0dfaa70427e s4:torture/vfs/fruit: ensure test_adouble_conversion_wo_xattr() uses a non-emtpy resourcefork via 6dcec5e2536 s4:torture/vfs/fruit: ensure test_adouble_conversion() uses a non-emtpy
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via f80fa49 Add Samba 4.10.6. via d88d272 NEWS[4.10.6]: Samba 4.10.6 Available for Download from abf2ccf Fix version. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit f80fa49500d35313cc2a95bc4be5c0e979ee535a Author: Karolin Seeger Date: Mon Jul 8 12:51:51 2019 +0200 Add Samba 4.10.6. Signed-off-by: Karolin Seeger commit d88d2723bc3695ab5ca01791adae859aa3dc6b63 Author: Karolin Seeger Date: Mon Jul 8 12:50:26 2019 +0200 NEWS[4.10.6]: Samba 4.10.6 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.10.6.html| 106 +++ posted_news/20190708-105119.4.10.6.body.html | 13 +++ posted_news/20190708-105119.4.10.6.headline.html | 3 + 4 files changed, 123 insertions(+) create mode 100644 history/samba-4.10.6.html create mode 100644 posted_news/20190708-105119.4.10.6.body.html create mode 100644 posted_news/20190708-105119.4.10.6.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index f323dcc..e9838ab 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.10.6 samba-4.10.5 samba-4.10.4 samba-4.10.3 diff --git a/history/samba-4.10.6.html b/history/samba-4.10.6.html new file mode 100644 index 000..f47261b --- /dev/null +++ b/history/samba-4.10.6.html @@ -0,0 +1,106 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.10.6 - Release Notes + + +Samba 4.10.6 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.10.6.tar.gz;>Samba 4.10.6 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.10.6.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.10.5-4.10.6.diffs.gz;>Patch (gzipped) against Samba 4.10.5 +https://download.samba.org/pub/samba/patches/samba-4.10.5-4.10.6.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.10.6 + July 8, 2019 + == + + +This is the latest stable release of the Samba 4.10 release series. + + +Changes since 4.10.5: +- + +o Jeremy Allison j...@samba.org + * BUG 13956: s3: winbind: Fix crash when invoking winbind idmap scripts. + * BUG 13964: smbd does not correctly parse arguments passed to dfree and + quota scripts. + +o Douglas Bagnall douglas.bagn...@catalyst.net.nz + * BUG 13965: samba-tool dns: use bytes for inet_ntop. + +o Andrew Bartlett abart...@samba.org + * BUG 13828: samba-tool domain provision: Fix --interactive module in + python3. + * BUG 13893: ldb_kv: Skip @ records early in a search full scan. + * BUG 13981: docs: Improve documentation of lanman auth and ntlm auth + connection. + +o Bjrn Baumbach b...@sernet.de + * BUG 14002: python/ntacls: Use correct state directory smb.conf option + instead of state dir. + +o Ralph Boehme s...@samba.org + * BUG 13840: registry: Add a missing include. + * BUG 13944: Fix SMB guest authentication. + * BUG 13958: AppleDouble conversion breaks Resourceforks. + * BUG 13968: vfs_fruit makes direct use of syscalls like mmap() and pread(). + * BUG 13987: s3:mdssvc: Fix flex compilation error. + +o Gnther Deschner g...@samba.org + * BUG 13872: s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly: + +o Aaron Haslett aaronhasl...@catalyst.net.nz + * BUG 13799: dsdb:samdb: schemainfo update with relax control. + +o Aliaksei Karaliou akaral...@panasas.com + * BUG 13964: s3:util: Move static file_pload() function to lib/util. + +o Volker Lendecke v...@samba.org + * BUG 13957: smbd: Fix a panic. + +o Gary Lockyer g...@catalyst.net.nz + * BUG 12478: ldap server: Generate correct referral schemes. + * BUG 13941: s4 dsdb/repl_meta_data: fix use after free in + dsdb_audit_add_ldb_value. + * BUG 13942: s4 dsdb: Fix use after free in + samldb_rename_search_base_callback. + +o Stefan Metzmacher me...@samba.org + * BUG 12204: dsdb/repl: we need to replicate the whole schema before we can + apply it. + * BUG 12478: ldb: Release ldb 1.5.5 + * BUG 13713: Schema replication fails if link crosses chunk boundary + backwards. + * BUG 13799: samba-tool domain schemaupgrade uses relax control and skips + the schemaInfo update provision. + * BUG 13916: dsdb_audit: avoid printing ... remote host [Unknown
[SCM] Samba Shared Repository - annotated tag samba-4.10.6 created
The annotated tag, samba-4.10.6 has been created at acba479a2523638abaa74fa717ccf5546c3b164d (tag) tagging 9c67187029b1721656b8f329283e482d693c (commit) replaces ldb-1.5.5 tagged by Karolin Seeger on Mon Jul 8 12:50:09 2019 +0200 - Log - samba: tag release samba-4.10.6 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXSMf4QAKCRBvM5FbZWi3 6madAKCfDsqGWI8y9YMrTvqXXGPdup7gVgCeP46PyGvx8hkMo4/gBWn2MGz3r1c= =gMad -END PGP SIGNATURE- Karolin Seeger (2): WHATSNEW: Add release notes for Samba 4.10.6. VERSION: Disable GIT_SNAPSHOT for the 4.10.6 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 372ee382939 VERSION: Bump version up to 4.10.7... via 9c67187029b VERSION: Disable GIT_SNAPSHOT for the 4.10.6 release. via 9f1a6fe7f27 WHATSNEW: Add release notes for Samba 4.10.6. from 8052d52b26f ldb: Release ldb 1.5.5 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 372ee3829399b703926616cdbad69ebd36870f44 Author: Karolin Seeger Date: Mon Jul 8 11:58:35 2019 +0200 VERSION: Bump version up to 4.10.7... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 9c67187029b1721656b8f329283e482d693c Author: Karolin Seeger Date: Mon Jul 8 11:57:39 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.10.6 release. Signed-off-by: Karolin Seeger commit 9f1a6fe7f27c74e3b72c2668c60c938d2024bb9b Author: Karolin Seeger Date: Mon Jul 8 11:56:40 2019 +0200 WHATSNEW: Add release notes for Samba 4.10.6. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 111 +-- 2 files changed, 110 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 53df835bdd5..0bf6b268b54 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=10 -SAMBA_VERSION_RELEASE=6 +SAMBA_VERSION_RELEASE=7 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 8339bbf958a..3118e034ba7 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,111 @@ == + Release Notes for Samba 4.10.6 + July 8, 2019 + == + + +This is the latest stable release of the Samba 4.10 release series. + + +Changes since 4.10.5: +- + +o Jeremy Allison + * BUG 13956: s3: winbind: Fix crash when invoking winbind idmap scripts. + * BUG 13964: smbd does not correctly parse arguments passed to dfree and + quota scripts. + +o Douglas Bagnall + * BUG 13965: samba-tool dns: use bytes for inet_ntop. + +o Andrew Bartlett + * BUG 13828: samba-tool domain provision: Fix --interactive module in + python3. + * BUG 13893: ldb_kv: Skip @ records early in a search full scan. + * BUG 13981: docs: Improve documentation of "lanman auth" and "ntlm auth" + connection. + +o Björn Baumbach + * BUG 14002: python/ntacls: Use correct "state directory" smb.conf option + instead of "state dir". + +o Ralph Boehme + * BUG 13840: registry: Add a missing include. + * BUG 13944: Fix SMB guest authentication. + * BUG 13958: AppleDouble conversion breaks Resourceforks. + * BUG 13968: vfs_fruit makes direct use of syscalls like mmap() and pread(). + * BUG 13987: s3:mdssvc: Fix flex compilation error. + +o Günther Deschner + * BUG 13872: s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly: + +o Aaron Haslett + * BUG 13799: dsdb:samdb: schemainfo update with relax control. + +o Aliaksei Karaliou + * BUG 13964: s3:util: Move static file_pload() function to lib/util. + +o Volker Lendecke + * BUG 13957: smbd: Fix a panic. + +o Gary Lockyer + * BUG 12478: ldap server: Generate correct referral schemes. + * BUG 13941: s4 dsdb/repl_meta_data: fix use after free in + dsdb_audit_add_ldb_value. + * BUG 13942: s4 dsdb: Fix use after free in + samldb_rename_search_base_callback. + +o Stefan Metzmacher + * BUG 12204: dsdb/repl: we need to replicate the whole schema before we can + apply it. + * BUG 12478: ldb: Release ldb 1.5.5 + * BUG 13713: Schema replication fails if link crosses chunk boundary + backwards. + * BUG 13799: 'samba-tool domain schemaupgrade' uses relax control and skips + the schemaInfo update provision. + * BUG 13916: dsdb_audit: avoid printing "... remote host [Unknown] + SID [(NULL SID)] ..." + * BUG 13917: python/ntacls: We only need security.SEC_STD_READ_CONTROL in + order to get the ACL. + +o Shyamsunder Rathi + * BUG 13947: s3:loadparm: Ensure to truncate FS Volume Label at multibyte + boundary. + +o Andreas Schneider + * BUG 13939: Using Kerberos credentials to print using spoolss doesn't work. + +o Lukas Slebodnik + * BUG 13998: wafsamba: Use native waf timer. + +o Rafael David Tinoco + * BUG 13984: ctdb-scripts: Fix tcp_tw_recycle existence check. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f3e4a0d904a WHATSNEW: changed default/deprecation of allocation roundup size from 0751047f559 docs-xml: deprecate allocation roundup size parameter https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f3e4a0d904a8d2269b07cf9288e0f4ae12ed2b71 Author: Björn Jacke Date: Sun Jul 7 23:35:15 2019 +0200 WHATSNEW: changed default/deprecation of allocation roundup size Signed-off-by: Bjoern Jacke Reviewed-by: Karolin Seeger Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Mon Jul 8 09:29:33 UTC 2019 on sn-devel-184 --- Summary of changes: WHATSNEW.txt | 2 ++ 1 file changed, 2 insertions(+) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 360fe5614ca..9fc05c91f52 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -268,6 +268,8 @@ smb.conf changes Parameter Name DescriptionDefault -- ------ + allocation roundup sizeDefault changed/ 0 + Deprecated web port Removed fruit:zero_file_id Changed defaultFalse -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via abf2ccf Fix version. from d382cc8 Add Samba 4.9.11. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit abf2ccfa976fe71a2b5f9e311f82f862a3c5f5fa Author: Karolin Seeger Date: Thu Jul 4 09:47:25 2019 +0200 Fix version. Signed-off-by: Karolin Seeger --- Summary of changes: history/samba-4.9.11.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/history/samba-4.9.11.html b/history/samba-4.9.11.html index 1aac8d3..4558fe4 100644 --- a/history/samba-4.9.11.html +++ b/history/samba-4.9.11.html @@ -29,7 +29,7 @@ db_module.h in order to fix bug #12478. Unfortunately, the ldb version was not raised. Samba = 4.9.10 is no longer able to build with ldb 1.4.6. This version includes the new ldb version. Please note that there are just the version bumps in ldb and Samba, no code change. If you dont build Samba with an external ldb -library, you can ignore this release and keep using 4.9.11. +library, you can ignore this release and keep using 4.9.10. Changes since 4.9.10: -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via f9055cbf92c VERSION: Disable GIT_SNAPSHOT for the 4.9.11 release. via 09aecc7e33f WHATSNEW: Add release notes for Samba 4.9.11. via 78b728570f3 ldb: Release ldb 1.4.7 via 98cef2ad057 VERSION: Bump version up to 4.9.11... from 4cea44ba0a2 VERSION: Disable GIT_SNAPSHOT for the 4.9.10 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 49 -- lib/ldb/ABI/{ldb-1.3.0.sigs => ldb-1.4.7.sigs} | 0 ...yldb-util-1.1.10.sigs => pyldb-util-1.4.7.sigs} | 0 ...-util-1.1.10.sigs => pyldb-util.py3-1.4.7.sigs} | 0 lib/ldb/wscript| 2 +- 6 files changed, 48 insertions(+), 5 deletions(-) copy lib/ldb/ABI/{ldb-1.3.0.sigs => ldb-1.4.7.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.4.7.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util.py3-1.4.7.sigs} (100%) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index e6177d7a239..75b6a9a9768 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=9 -SAMBA_VERSION_RELEASE=10 +SAMBA_VERSION_RELEASE=11 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b313ef80b35..4c28ae2b424 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,49 @@ + == + Release Notes for Samba 4.9.11 +July 03, 2019 + == + + +This is the latest stable release of the Samba 4.9 release series. + +In yesterday's Samba 4.9.10 release, LDAP_REFERRAL_SCHEME_OPAQUE was added to +db_module.h in order to fix bug #12478. Unfortunately, the ldb version was not +raised. Samba >= 4.9.10 is no longer able to build with ldb 1.4.6. This version +includes the new ldb version. Please note that there are just the version bumps +in ldb and Samba, no code change. If you don't build Samba with an external ldb +library, you can ignore this release and keep using 4.9.11. + + +Changes since 4.9.10: +- + +o Stefan Metzmacher + * BUG 12478: ldb: Release ldb 1.4.7. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + == Release Notes for Samba 4.9.10 July 02, 2019 @@ -120,9 +166,6 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - - = Release Notes for Samba 4.9.9 June 19, 2019 diff --git a/lib/ldb/ABI/ldb-1.3.0.sigs b/lib/ldb/ABI/ldb-1.4.7.sigs similarity index 100% copy from lib/ldb/ABI/ldb-1.3.0.sigs copy to lib/ldb/ABI/ldb-1.4.7.sigs diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util-1.4.7.sigs similarity index 100% copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs copy to lib/ldb/ABI/pyldb-util-1.4.7.sigs diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util.py3-1.4.7.sigs similarity index 100% copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs copy to lib/ldb/ABI/pyldb-util.py3-1.4.7.sigs diff --git a/lib/ldb/wscript b/lib/ldb/wscript index 5c5ca15f86a..b8df924ef49 100644 --- a/lib/ldb/wscript +++ b/lib/ldb/wscript @@ -1,7 +1,7 @@ #!/usr/bin/env python APPNAME = 'ldb' -VERSION = '1.4.6' +VERSION = '1.4.7' blddir = 'bin' -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via d382cc8 Add Samba 4.9.11. via 4f4423a NEWS[4.9.11]: Samba 4.9.11 Available for Download from 7264ad2 Add Samba 4.9.10. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit d382cc8d13a9febc8c7162604917913269338b63 Author: Karolin Seeger Date: Wed Jul 3 13:52:43 2019 +0200 Add Samba 4.9.11. Signed-off-by: Karolin Seeger commit 4f4423af9fd637d5f22cc1889d88266d4f0af08c Author: Karolin Seeger Date: Wed Jul 3 13:51:05 2019 +0200 NEWS[4.9.11]: Samba 4.9.11 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.9.11.html| 45 posted_news/20190703-115226.4.9.11.body.html | 13 +++ posted_news/20190703-115226.4.9.11.headline.html | 3 ++ 4 files changed, 62 insertions(+) create mode 100644 history/samba-4.9.11.html create mode 100644 posted_news/20190703-115226.4.9.11.body.html create mode 100644 posted_news/20190703-115226.4.9.11.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 03a3a49..f323dcc 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -15,6 +15,7 @@ samba-4.10.2 samba-4.10.1 samba-4.10.0 + samba-4.9.11 samba-4.9.10 samba-4.9.9 samba-4.9.8 diff --git a/history/samba-4.9.11.html b/history/samba-4.9.11.html new file mode 100644 index 000..1aac8d3 --- /dev/null +++ b/history/samba-4.9.11.html @@ -0,0 +1,45 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.9.11 - Release Notes + + +Samba 4.9.11 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.9.11.tar.gz;>Samba 4.9.11 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.9.11.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.9.10-4.9.11.diffs.gz;>Patch (gzipped) against Samba 4.9.10 +https://download.samba.org/pub/samba/patches/samba-4.9.10-4.9.11.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.9.11 +July 03, 2019 + == + + +This is the latest stable release of the Samba 4.9 release series. + +In yesterdays Samba 4.9.10 release, LDAP_REFERRAL_SCHEME_OPAQUE was added to +db_module.h in order to fix bug #12478. Unfortunately, the ldb version was not +raised. Samba = 4.9.10 is no longer able to build with ldb 1.4.6. This version +includes the new ldb version. Please note that there are just the version bumps +in ldb and Samba, no code change. If you dont build Samba with an external ldb +library, you can ignore this release and keep using 4.9.11. + + +Changes since 4.9.10: +- + +o Stefan Metzmacher me...@samba.org + * BUG 12478: ldb: Release ldb 1.4.7. + + + + + + diff --git a/posted_news/20190703-115226.4.9.11.body.html b/posted_news/20190703-115226.4.9.11.body.html new file mode 100644 index 000..cc43a97 --- /dev/null +++ b/posted_news/20190703-115226.4.9.11.body.html @@ -0,0 +1,13 @@ + +03 July 2019 +Samba 4.9.11 Available for Download + +This is the latest stable release of the Samba 4.9 release series. + + +The uncompressed tarball has been signed using GnuPG (ID 6F33915B6568B7EA). +The source code can be https://download.samba.org/pub/samba/stable/samba-4.9.11.tar.gz;>downloaded now. +A https://download.samba.org/pub/samba/patches/samba-4.9.10-4.9.11.diffs.gz;>patch against Samba 4.9.10 is also available. +See https://www.samba.org/samba/history/samba-4.9.11.html;>the release notes for more info. + + diff --git a/posted_news/20190703-115226.4.9.11.headline.html b/posted_news/20190703-115226.4.9.11.headline.html new file mode 100644 index 000..2fb029b --- /dev/null +++ b/posted_news/20190703-115226.4.9.11.headline.html @@ -0,0 +1,3 @@ + + 03 July 2019 Samba 4.9.11 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - annotated tag samba-4.9.11 created
The annotated tag, samba-4.9.11 has been created at e2543c802633e65d32f09c7de72c6e92deba5f37 (tag) tagging f9055cbf92c8956af1485e262b37b2befc5111a2 (commit) replaces ldb-1.4.7 tagged by Karolin Seeger on Wed Jul 3 13:50:50 2019 +0200 - Log - samba: tag release samba-4.9.11 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXRyWmgAKCRBvM5FbZWi3 6pgvAJ48uYeiVa/6yV8Duee6rX8FwJl2ZgCgmA3gpT9jgW1nA7ZgchjL8NntkIQ= =oqA5 -END PGP SIGNATURE- Karolin Seeger (2): WHATSNEW: Add release notes for Samba 4.9.11. VERSION: Disable GIT_SNAPSHOT for the 4.9.11 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 63547807f51 VERSION: Bump version up to 4.9.12... via f9055cbf92c VERSION: Disable GIT_SNAPSHOT for the 4.9.11 release. via 09aecc7e33f WHATSNEW: Add release notes for Samba 4.9.11. from 78b728570f3 ldb: Release ldb 1.4.7 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 63547807f51cef215523dc7aa7d05927a16843b1 Author: Karolin Seeger Date: Wed Jul 3 13:44:04 2019 +0200 VERSION: Bump version up to 4.9.12... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit f9055cbf92c8956af1485e262b37b2befc5111a2 Author: Karolin Seeger Date: Wed Jul 3 13:42:54 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.9.11 release. Signed-off-by: Karolin Seeger commit 09aecc7e33ff8a007820b9db27c336925371aca9 Author: Karolin Seeger Date: Wed Jul 3 13:42:02 2019 +0200 WHATSNEW: Add release notes for Samba 4.9.11. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 49 ++--- 2 files changed, 47 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 1388ae1f3f6..457c4d63b8d 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=9 -SAMBA_VERSION_RELEASE=11 +SAMBA_VERSION_RELEASE=12 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b313ef80b35..4c28ae2b424 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,49 @@ + == + Release Notes for Samba 4.9.11 +July 03, 2019 + == + + +This is the latest stable release of the Samba 4.9 release series. + +In yesterday's Samba 4.9.10 release, LDAP_REFERRAL_SCHEME_OPAQUE was added to +db_module.h in order to fix bug #12478. Unfortunately, the ldb version was not +raised. Samba >= 4.9.10 is no longer able to build with ldb 1.4.6. This version +includes the new ldb version. Please note that there are just the version bumps +in ldb and Samba, no code change. If you don't build Samba with an external ldb +library, you can ignore this release and keep using 4.9.11. + + +Changes since 4.9.10: +- + +o Stefan Metzmacher + * BUG 12478: ldb: Release ldb 1.4.7. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + == Release Notes for Samba 4.9.10 July 02, 2019 @@ -120,9 +166,6 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - - = Release Notes for Samba 4.9.9 June 19, 2019 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via 4cea44ba0a2 VERSION: Disable GIT_SNAPSHOT for the 4.9.10 release. via 75872ddde11 WHATSNEW: Add release notes for Samba 4.9.10. via 38d6dd6ae9f python/ntacls: use correct "state directory" smb.conf option instead of "state dir" via da0d67b29bf docs: Document DCEPRC binding string for rpcclient via 3cd4642014b s3:mdssvc: fix flex compilation error via 44b5168845e ctdb-scripts: Fix tcp_tw_recycle existence check via 575739df9fd docs: Improve documentation of "lanman auth" and "ntlm auth" connection via 684d772e0e1 vfs_fruit: remove a now unnecessary include via 7ae1667bda9 vfs_fruit: use VFS functions in ad_read_rsrc_adouble() via 1a8dffceff4 vfs_fruit: use fsp and remove syscalls from ad_convert_blank_rfork() via afc88153675 vfs_fruit: use VFS function in ad_convert_truncate() via 14048aaf176 vfs_fruit: add VFS handle to ad_convert_truncate() via 015586a4227 vfs_fruit: use fsp and remove mmap in ad_convert_xattr() via 42e6d4d4b5e vfs_fruit: remove use of mmap() from ad_convert_move_reso() via e21d880614c vfs_fruit: convert ad_open_rsrc() to open a proper fsp with SMB_VFS_CREATE_FILE() via b10eabed24d vfs_fruit: only do cross protocol locking on non-internal opens via 645836ff20a vfs_fruit: remove a layer of indirection via 06bd78910ec vfs_fruit: pass VFS handle to ad_convert_move_reso() via e8cecc86ab5 vfs_fruit: remove xattr code from the AppleDouble subsystem via 76074dded7d vfs_fruit: remove now unused AppleDouble code for resource fork in xattr via b24bac64570 vfs_fruit: use stream code for resource fork size calculation in readdir_attr_rfork_size() via 561d52f89a6 vfs_fruit: use correct case FRUIT_RSRC_STREAM in readdir_attr_rfork_size() via c2c6377ebf8 vfs_fruit: ignore AppleDouble files in fruit_unlink() via 1542bb051be vfs_fruit: add a missing else via 18c45bb3440 vfs_fruit: add and use is_adouble_file() via c3676d8d42b vfs_fruit: finally, remove ad_handle from struct adouble via 20e66673c39 vfs_fruit: pass handle to ad_convert_delete_adfile() via fbc0501bed0 vfs_fruit: pass handle to ad_convert_finderinfo() via b50f2ad9919 vfs_fruit: pass handle to ad_convert_blank_rfork() via 1efc046ceff vfs_fruit: pass handle to ad_convert_xattr() via b5275f407f6 vfs_fruit: indentation fix via f30219176ae vfs_fruit: pass handle to ad_read_rsrc() and all the way down via 5975a4a8dfd vfs_fruit: use proper VFS function in ad_read_meta() via 9ae195e4bd8 vfs_fruit: indentation fix via b4c6efa3ebd vfs_fruit: pass handle to ad_read_meta() via c99c7f2a641 vfs_fruit: pass handle to ad_read() via 7ece266411a vfs_fruit: pass handle to ad_set() via f94d0095e8a vfs_fruit: pass handle to ad_fset() via 79beb172cc6 s3:auth: explicitly add BUILTIN\Guests to the guest token via 15fa6919b8a tests: add a test for guest authentication via 36641f70d05 selftest: allow guest login in the ad_member_idmap_rid env via 1cc8068e196 s3:smbd: call reinit_guest_session_info() in the conf updated handler via 71c33811c82 s3:auth: add reinit_guest_session_info() via 29e402f583b dsdb:audit_log: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..." via 11b1f405ee9 ldap server: generate correct referral schemes via 670b864e908 ldap tests: test scheme for referrals via 2cde1306169 s4 dsdb: fix use after free in samldb_rename_search_base_callback via 936a71bfe0e s3/vfs_glusterfs_fuse: Avoid using NAME_MAX directly via 3136b31e957 s3/vfs_glusterfs: Avoid using NAME_MAX directly via dba38ed369b Revert "s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX" via 3b1ccbfc0ce Revert "s3/vfs_glusterfs: Dynamically determine NAME_MAX" via 2a7e6eb8b1d dsdb/repl: we need to replicate the whole schema before we can apply it via 414261f3785 VERSION: Bump version up to 4.9.10. via 01f22365af9 Merge tag 'samba-4.9.9' into v4-9-test via 8b1dfd9b172 vfs_fruit: change trigger points of AppleDouble conversion via 267e70cb0d0 vfs_fruit: add a forward declaration for ad_get() via 77655c65737 selftest: run vfs.fruit test against a share that deletes empty resource forks via 45de537de14 s4:torture/vfs/fruit: ensure test_adouble_conversion_wo_xattr() uses a non-emtpy resourcefork via 22170e79bc4 s4:torture/vfs/fruit: ensure test_adouble_conversion() uses a non-emtpy resourcefork via 341fcacfc01 registry: add a missing include via dada63ccaee docs: dfree command. Correct usage of dfree scripts. via fce8502f381 lib: util: Finally remove possibilities of using sys_popen() unsafely. via eb7091a23b8 s3:
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 7264ad2 Add Samba 4.9.10. via 2a5386c NEWS[4.9.10]: Samba 4.9.10 Available for Download from 16a7acb add new team members: Samuel, Louis, Tim https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 7264ad2dbd9265b4a778dfd85019120c8767a6ee Author: Karolin Seeger Date: Tue Jul 2 12:10:32 2019 +0200 Add Samba 4.9.10. Signed-off-by: Karolin Seeger commit 2a5386cfd7aefe4ff78f6147d9a252e2e2d81a1f Author: Karolin Seeger Date: Tue Jul 2 12:00:13 2019 +0200 NEWS[4.9.10]: Samba 4.9.10 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.9.10.html| 124 +++ posted_news/20190702-100958.4.9.10.body.html | 13 +++ posted_news/20190702-100958.4.9.10.headline.html | 3 + 4 files changed, 141 insertions(+) create mode 100644 history/samba-4.9.10.html create mode 100644 posted_news/20190702-100958.4.9.10.body.html create mode 100644 posted_news/20190702-100958.4.9.10.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index fa2267e..03a3a49 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -15,6 +15,7 @@ samba-4.10.2 samba-4.10.1 samba-4.10.0 + samba-4.9.10 samba-4.9.9 samba-4.9.8 samba-4.9.7 diff --git a/history/samba-4.9.10.html b/history/samba-4.9.10.html new file mode 100644 index 000..3c997da --- /dev/null +++ b/history/samba-4.9.10.html @@ -0,0 +1,124 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.9.10 - Release Notes + + +Samba 4.9.10 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.9.10.tar.gz;>Samba 4.9.10 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.9.10.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.9.9-4.9.10.diffs.gz;>Patch (gzipped) against Samba 4.9.9 +https://download.samba.org/pub/samba/patches/samba-4.9.9-4.9.10.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.9.10 +July 02, 2019 + == + + +This is the latest stable release of the Samba 4.9 release series. + + +Changes since 4.9.9: + + +o Jeremy Allison j...@samba.org + * BUG 13938: s3: SMB1: Dont allow recvfile on stream fsps. + * BUG 13956: s3: winbind: Fix crash when invoking winbind idmap scripts. + * BUG 13964: smbd does not correctly parse arguments passed to dfree and + quota scripts. + +o Andrew Bartlett abart...@samba.org + * BUG 13981: docs: Improve documentation of lanman auth and ntlm auth + connection. + +o Bjrn Baumbach b...@sernet.de + * BUG 14002: python/ntacls: Use correct state directory smb.conf option + instead of state dir. + +o Ralph Boehme s...@samba.org + * BUG 13840: registry: Add a missing include. + * BUG 13938: s3:smbd: Dont use recvfile on streams. + * BUG 13944: SMB guest authentication may fail. + * BUG 13958: AppleDouble conversion breaks Resourceforks. + * BUG 13964: s3: lib: Rename all uses of file_pload_XXX - file_ploadv_XXX. + * BUG 13968: vfs_fruit makes direct use of syscalls like mmap() and pread(). + * BUG 13987: s3:mdssvc: Fix flex compilation error. + +o Gnther Deschner g...@samba.org + * BUG 13872: s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly. + +o David Disseldorp dd...@samba.org + * BUG 13940: vfs_ceph: Fix cephwrap_flistxattr() debug message. + +o Aaron Haslett aaronhasl...@catalyst.net.nz + * BUG 13799: dsdb:samdb: Schemainfo update with relax control. + +o Amitay Isaacs ami...@gmail.com + * BUG 13943: ctdb-common: Fix memory leak in run_proc. + +o Aliaksei Karaliou akaral...@panasas.com + * BUG 13964: smbd does not correctly parse arguments passed to dfree and + quota scripts. + +o Volker Lendecke v...@samba.org + * BUG 13903: winbind: Fix overlapping id ranges. + * BUG 13957: smbd: Fix a panic. + +o Gary Lockyer g...@catalyst.net.nz + * BUG 12478: ldap server: Generate correct referral schemes. + * BUG 13902: lib util debug: Increase format buffer to 4KiB. + * BUG 13941: Fix use after free detected by AddressSanitizer. + * BUG 13942: s4 dsdb: Fix use after free in + samldb_rename_search_base_callback. + +o Stefan Metzmacher me...@samba.org + * BUG 12204: Samba fails to replicate schema 69. + * BUG 13713: Schema replication fails if
[SCM] Samba Shared Repository - annotated tag samba-4.9.10 created
The annotated tag, samba-4.9.10 has been created at 050a2bd7486a4b2dd62b424ecb271fa515205e2c (tag) tagging 4cea44ba0a2572488ae201f21f6c3656708ace21 (commit) replaces samba-4.9.9 tagged by Karolin Seeger on Tue Jul 2 11:59:57 2019 +0200 - Log - samba: tag release samba-4.9.10 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXRsrHQAKCRBvM5FbZWi3 6rTCAJ45oLoOGL0srzBTm12O5wXA72+iUACfdwJezP1ZUXixPosDENWQZSM1+bo= =7pFb -END PGP SIGNATURE- Aaron Haslett (1): dsdb:samdb: schemainfo update with relax control Aliaksei Karaliou (2): s3:util: Move popen wrappers to lib/util s3:util: Move static file_pload() function to lib/util Amitay Isaacs (1): ctdb-common: Fix memory leak in run_proc Andreas Schneider (12): s4:auth: Fix debug statement in gensec_gssapi s3:rpc_server: Do not free the tdbname before we printed it s4:ntvfs: Do not free eadb before we printed an error s4:torture: Do not print NULL strings we just checked before lib:torture: Fix string comparison macros where we directly pass NULL s4:torture: Do not free full_name before we printed it ctdb:common: Do not print NULL if we don't get a sockpath s3:winbindd: Do not free db_path in idmap_tdb2 before we printed it s3:utils: If share is NULL in smbcquotas, don't print it s3:utils: If share is NULL in smbcacls, don't print it s3:smbspool: Fix regression printing with Kerberos credentials docs: Document DCEPRC binding string for rpcclient Andrew Bartlett (2): s4 dsdb/repl_meta_data: allocate new extended DNs during ADD on a better context docs: Improve documentation of "lanman auth" and "ntlm auth" connection Björn Baumbach (1): python/ntacls: use correct "state directory" smb.conf option instead of "state dir" Christof Schmitt (12): nsswitch: Add testcase for checking output of wbinfo --sid-to-name winbind: Query domain from msrpc name_to_sid winbind: Query domain from winbind rpc name_to_sid winbind: Query domain from winbind sam_name_to_sid winbind: Return queried domain name from name_to_sid winbind: Use domain name from lsa query for sid_to_name cache entry selftest: Add gid-to-sid lookup to idmap_ad test selftest: Use fl2008r2dc for ad_member_idmap_ad selftest: Make trusted domain information available for idmap_ad environment selftest: Add idmap configuration for trusted domain for idmap_ad selftest: Pass trusted domain information to idmap_ad test selftest: Add trusted domain tests for idmap_ad David Disseldorp (1): vfs_ceph: fix cephwrap_flistxattr() debug message Douglas Bagnall (1): pytests/dns: use 2.6 compatible syntax Gary Lockyer (5): lib util debug: Increase format buffer to 4KiB s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value s4 dsdb: fix use after free in samldb_rename_search_base_callback ldap tests: test scheme for referrals ldap server: generate correct referral schemes Günther Deschner (4): Revert "s3/vfs_glusterfs: Dynamically determine NAME_MAX" Revert "s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX" s3/vfs_glusterfs: Avoid using NAME_MAX directly s3/vfs_glusterfs_fuse: Avoid using NAME_MAX directly Jeremy Allison (15): s3: SMB1: Don't allow recvfile on stream fsp's. s3: winbind: Fix crash when invoking winbind idmap scripts. lib: popen: Prepare to remove sys_popen(). lib: util: Add file_ploadv(). s3: lib: util: Add file_lines_ploadv(). s3: smbd: Convert dfree code to use file_lines_ploadv(). s3: smbd: Convert print_svid code to use file_lines_ploadv(). s3: smbd: Convert sysquotas.c code to use file_lines_ploadv(). s3: lib: Remove file_lines_pload(). lib: util: Remove file_pload() s3: lib: Add file_ploadv_send(). s3: winbind: Convert idmap to use file_ploadv_send(). s3: lib: Remove file_pload_send(). lib: util: Finally remove possibilities of using sys_popen() unsafely. docs: dfree command. Correct usage of dfree scripts. Karolin Seeger (7): VERSION: Bump version up to 4.9.8... Merge tag 'samba-4.9.8' into v4-9-test VERSION: Bump version up to 4.9.9. Merge tag 'samba-4.9.9' into v4-9-test VERSION: Bump version up to 4.9.10. WHATSNEW: Add release notes for Samba 4.9.10. VERSION: Disable GIT_SNAPSHOT for the 4.9.10 release. Martin Schwenke (14): ctdb-tools: Fix ctdb dumpmemory to avoid printing trailing NUL ctdb-tests: Extend test to cover ctdb rddumpmemory ctdb-tests: Change sanity_check_output() to internally use $out ctdb-tests: Make try_command_on_node less error-prone ctdb-tests: Avoid bulk out
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 98cef2ad057 VERSION: Bump version up to 4.9.11... via 4cea44ba0a2 VERSION: Disable GIT_SNAPSHOT for the 4.9.10 release. via 75872ddde11 WHATSNEW: Add release notes for Samba 4.9.10. from 38d6dd6ae9f python/ntacls: use correct "state directory" smb.conf option instead of "state dir" https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 98cef2ad0570d34afe151cc578663bfcab4bbcbf Author: Karolin Seeger Date: Tue Jul 2 09:52:46 2019 +0200 VERSION: Bump version up to 4.9.11... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 4cea44ba0a2572488ae201f21f6c3656708ace21 Author: Karolin Seeger Date: Tue Jul 2 09:52:09 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.9.10 release. Signed-off-by: Karolin Seeger commit 75872ddde11a939c7664e48155a22c38d108018f Author: Karolin Seeger Date: Tue Jul 2 09:51:39 2019 +0200 WHATSNEW: Add release notes for Samba 4.9.10. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 129 ++- 2 files changed, 128 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index d851624cade..1388ae1f3f6 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=9 -SAMBA_VERSION_RELEASE=10 +SAMBA_VERSION_RELEASE=11 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index a053735f6e9..b313ef80b35 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,128 @@ + == + Release Notes for Samba 4.9.10 +July 02, 2019 + == + + +This is the latest stable release of the Samba 4.9 release series. + + +Changes since 4.9.9: + + +o Jeremy Allison + * BUG 13938: s3: SMB1: Don't allow recvfile on stream fsp's. + * BUG 13956: s3: winbind: Fix crash when invoking winbind idmap scripts. + * BUG 13964: smbd does not correctly parse arguments passed to dfree and + quota scripts. + +o Andrew Bartlett + * BUG 13981: docs: Improve documentation of "lanman auth" and "ntlm auth" + connection. + +o Björn Baumbach + * BUG 14002: python/ntacls: Use correct "state directory" smb.conf option + instead of "state dir". + +o Ralph Boehme + * BUG 13840: registry: Add a missing include. + * BUG 13938: s3:smbd: Don't use recvfile on streams. + * BUG 13944: SMB guest authentication may fail. + * BUG 13958: AppleDouble conversion breaks Resourceforks. + * BUG 13964: s3: lib: Rename all uses of file_pload_XXX -> file_ploadv_XXX. + * BUG 13968: vfs_fruit makes direct use of syscalls like mmap() and pread(). + * BUG 13987: s3:mdssvc: Fix flex compilation error. + +o Günther Deschner + * BUG 13872: s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly. + +o David Disseldorp + * BUG 13940: vfs_ceph: Fix cephwrap_flistxattr() debug message. + +o Aaron Haslett + * BUG 13799: dsdb:samdb: Schemainfo update with relax control. + +o Amitay Isaacs + * BUG 13943: ctdb-common: Fix memory leak in run_proc. + +o Aliaksei Karaliou + * BUG 13964: smbd does not correctly parse arguments passed to dfree and + quota scripts. + +o Volker Lendecke + * BUG 13903: winbind: Fix overlapping id ranges. + * BUG 13957: smbd: Fix a panic. + +o Gary Lockyer + * BUG 12478: ldap server: Generate correct referral schemes. + * BUG 13902: lib util debug: Increase format buffer to 4KiB. + * BUG 13941: Fix use after free detected by AddressSanitizer. + * BUG 13942: s4 dsdb: Fix use after free in + samldb_rename_search_base_callback. + +o Stefan Metzmacher + * BUG 12204: Samba fails to replicate schema 69. + * BUG 13713: Schema replication fails if link crosses chunk boundary + backwards. + * BUG 13799: 'samba-tool domain schemaupgrade' uses relax control and skips + the schemaInfo update. + * BUG 13916: dsdb:audit_log: avoid printing "... remote host [Unknown] SID + [(NULL SID)] ...". + * BUG 13917: python/ntacls: We only need security.SEC_STD_READ_CONTROL in + order to get the ACL. + * BUG 13919: smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling. + +o Shyamsunder Rathi + * BUG 13947: s3:loadparm: Ensure to truncate FS Volume Label at multibyte + boundary. + +o Robert Sander + * BUG 13918: s3: modules: ceph: Use current working directory instead of + share pa
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 38d6dd6ae9f python/ntacls: use correct "state directory" smb.conf option instead of "state dir" via da0d67b29bf docs: Document DCEPRC binding string for rpcclient from 3cd4642014b s3:mdssvc: fix flex compilation error https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 38d6dd6ae9f15d0f82d893c2cf4fdbfa25daf749 Author: Björn Baumbach Date: Wed Jun 12 21:16:25 2019 +0200 python/ntacls: use correct "state directory" smb.conf option instead of "state dir" samba-tool ntacl get testfile --xattr-backend=tdb --use-ntvfs Fixes: Unknown parameter encountered: "state dir" Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher (cherry picked from commit 670a12df52df63a067b638d37bec71341bf18bdd) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14002 Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Wed Jun 26 11:40:27 UTC 2019 on sn-devel-144 commit da0d67b29bf5874325a1e2faba635e663fefd452 Author: Andreas Schneider Date: Fri Feb 1 18:51:53 2019 +0100 docs: Document DCEPRC binding string for rpcclient Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Mon Feb 4 02:03:56 CET 2019 on sn-devel-144 (cherry picked from commit cca48c1a1029685672e1c25e39e8be2be947238f) --- Summary of changes: docs-xml/manpages/rpcclient.1.xml | 74 +++ librpc/binding-strings.txt| 53 +--- python/samba/ntacls.py| 4 ++- 3 files changed, 71 insertions(+), 60 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/rpcclient.1.xml b/docs-xml/manpages/rpcclient.1.xml index 1e167f8437c..93983ad8388 100644 --- a/docs-xml/manpages/rpcclient.1.xml +++ b/docs-xml/manpages/rpcclient.1.xml @@ -29,7 +29,7 @@ -U username[%password] -W workgroup -I destinationIP - server + BINDING-STRING|HOST @@ -52,12 +52,72 @@ - server - NetBIOS name of Server to which to connect. - The server can be any SMB/CIFS server. The name is - resolved using the line from smb.conf - 5. - + BINDING-STRING|HOST + + When connecting to a dcerpc service you need to + specify a binding string. + + The format is: + + TRANSPORT:host[options] + + where TRANSPORT is either ncacn_np (named pipes) for SMB or + ncacn_ip_tcp for DCERPC over TCP/IP. + + "host" is an IP or hostname or netbios name. If the binding + string identifies the server side of an endpoint, "host" may be + an empty string. See below for more details. + + "options" can include a SMB pipe name if using the ncacn_np + transport or a TCP port number if using the ncacn_ip_tcp transport, + otherwise they will be auto-determined. + + Examples: + + + ncacn_ip_tcp:samba.example.com[1024] + ncacn_ip_tcp:samba.example.com[sign,seal,krb5] + ncacn_ip_tcp:samba.example.com[sign,spnego] + ncacn_np:samba.example.com + ncacn_np:samba.example.com[samr] + ncacn_np:samba.example.com[samr,sign,print] + ncalrpc:/path/to/unix/socket + //SAMBA + + + The supported transports are: + + + ncacn_np - Connect using named pipes + ncacn_ip_tcp - Connect over TCP/IP + ncalrpc - Connect over local RPC (unix sockets) + + + The supported options are: + + + sign - Use RPC integrety autentication level + seal - Enable RPC privacy (encryption) autentication level + connect - Use RPC connect level authentication (auth, but no sign or seal) + packet - Use RPC packet authentication level + + spnego - Use SPNEGO instead of NTLMSSP authentication + ntlm - Use plain NTLM instead of SPNEGO or NTLMSS
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via f8d504acb4c python/ntacls: use correct "state directory" smb.conf option instead of "state dir" via 662d66dcd3c selftest: add test for samba-tool ntacl get/set --use-ntvfs --xattr-backend=tdb via 1970eadd123 docs: Document DCEPRC binding string for rpcclient via 9218655399f s3:client: Link smbspool_krb5_wrapper against krb5samba from 48c47f5dbbb wafsamba: Use native waf timer https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit f8d504acb4c380f1de14ed750897218878617c4d Author: Björn Baumbach Date: Wed Jun 12 21:16:25 2019 +0200 python/ntacls: use correct "state directory" smb.conf option instead of "state dir" samba-tool ntacl get testfile --xattr-backend=tdb --use-ntvfs Fixes: Unknown parameter encountered: "state dir" Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher (cherry picked from commit 670a12df52df63a067b638d37bec71341bf18bdd) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14002 Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Wed Jun 26 11:37:29 UTC 2019 on sn-devel-144 commit 662d66dcd3c7e23eed4f4131c62b8c22692e23b8 Author: Björn Baumbach Date: Wed Jun 12 21:00:01 2019 +0200 selftest: add test for samba-tool ntacl get/set --use-ntvfs --xattr-backend=tdb Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher (cherry picked from commit 1b0184a9562689a658e75a0cfc69bdd23277cff6) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14002 commit 1970eadd1231589177dbf75031072636141060e2 Author: Andreas Schneider Date: Fri Feb 1 18:51:53 2019 +0100 docs: Document DCEPRC binding string for rpcclient Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Mon Feb 4 02:03:56 CET 2019 on sn-devel-144 (cherry picked from commit cca48c1a1029685672e1c25e39e8be2be947238f) commit 9218655399fd0ef3691dfea25d5f39b32b25fa59 Author: Andreas Schneider Date: Tue Jun 18 14:43:50 2019 +0200 s3:client: Link smbspool_krb5_wrapper against krb5samba Heimdal doesn't provide krb5_free_unparsed_name(), so we need to use the function we provide in krb5samba. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13939 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme (cherry picked from commit 9268919e046190c7b423133de3f9d0edada3f1b8) --- Summary of changes: docs-xml/manpages/rpcclient.1.xml | 74 ++--- librpc/binding-strings.txt | 53 + python/samba/ntacls.py | 4 +- source3/wscript_build | 2 +- testprogs/blackbox/test_samba-tool_ntacl.sh | 21 5 files changed, 93 insertions(+), 61 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/rpcclient.1.xml b/docs-xml/manpages/rpcclient.1.xml index 1e167f8437c..93983ad8388 100644 --- a/docs-xml/manpages/rpcclient.1.xml +++ b/docs-xml/manpages/rpcclient.1.xml @@ -29,7 +29,7 @@ -U username[%password] -W workgroup -I destinationIP - server + BINDING-STRING|HOST @@ -52,12 +52,72 @@ - server - NetBIOS name of Server to which to connect. - The server can be any SMB/CIFS server. The name is - resolved using the line from smb.conf - 5. - + BINDING-STRING|HOST + + When connecting to a dcerpc service you need to + specify a binding string. + + The format is: + + TRANSPORT:host[options] + + where TRANSPORT is either ncacn_np (named pipes) for SMB or + ncacn_ip_tcp for DCERPC over TCP/IP. + + "host" is an IP or hostname or netbios name. If the binding + string identifies the server side of an endpoint, "host" may be + an empty string. See below for more details. + + "options" can include a SMB pipe name if using the ncacn_np + transport or a TCP port number if using the ncacn_ip_tcp transport, + otherwise they will be auto-determined. + + Examples: + + + ncacn_ip_tcp:samba.example.com[1024] + ncacn_ip_tcp:samba.example.com[si
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 039558fea8a packaging: Update READMEs to reflect current status. from 2436496e71b client: enable allinfo and altname tab completion https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 039558fea8aed26b3c4b889dda92c77d1e2ef2f4 Author: Karolin Seeger Date: Mon Jun 24 11:27:04 2019 +0200 packaging: Update READMEs to reflect current status. Signed-off-by: Karolin Seeger Reviewed-by: Björn Baumbach Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Tue Jun 25 12:09:39 UTC 2019 on sn-devel-184 --- Summary of changes: packaging/Debian/README | 7 --- packaging/SuSE/README | 9 - 2 files changed, 16 deletions(-) Changeset truncated at 500 lines: diff --git a/packaging/Debian/README b/packaging/Debian/README index 6ac20abb8bd..48069f909bb 100644 --- a/packaging/Debian/README +++ b/packaging/Debian/README @@ -14,10 +14,3 @@ The current sources for particular Debian releases as well as the svn://svn.debian.org/pkg-samba/branches//samba -SerNet packages - -SerNet provides Debian packages of the latest Samba versions for various -Debian releases as part of EnterpriseSamba. See -http://www.enterprisesamba.org/index.php?id=56 for more information about the -packages and how to install them. diff --git a/packaging/SuSE/README b/packaging/SuSE/README index e2100ef60c8..4b562700504 100644 --- a/packaging/SuSE/README +++ b/packaging/SuSE/README @@ -6,13 +6,4 @@ ftp://ftp.SuSE.com/pub/projects/samba/ The same package are also available at: http://download.Samba.org/samba/ftp/Binary_Packages/SuSE/ -Samba 3 is not supported by SuSE on SuSE Linux Enterprise Server 8. You find -SerNet-supported packages on http://ftp.sernet.de/pub/samba/ - -If you encounter any problem with these packages please don't blame the -Samba Team. Instead file a bug at https://bugzilla.Samba.org/ pick -product Samba 3.0, then select 'component' Packaging and set 'assign to' -to . - Have a lot of fun... - -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via d40cbc3 Add new team photo. from fc934b0 NEWS[4.10.5]: Samba 4.10.5 and 4.9.9 Security Releases Available https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit d40cbc3e018582397431ce9eb8a0836d1cf66cf1 Author: Karolin Seeger Date: Mon Jun 24 12:36:58 2019 +0200 Add new team photo. Signed-off-by: Karolin Seeger --- Summary of changes: images/team2019.jpg | Bin 0 -> 193877 bytes team/index.html | 7 --- 2 files changed, 4 insertions(+), 3 deletions(-) create mode 100644 images/team2019.jpg Changeset truncated at 500 lines: diff --git a/images/team2019.jpg b/images/team2019.jpg new file mode 100644 index 000..aa662f8 Binary files /dev/null and b/images/team2019.jpg differ diff --git a/team/index.html b/team/index.html index 664e5bd..41c36a3 100755 --- a/team/index.html +++ b/team/index.html @@ -11,16 +11,17 @@ actively doing Git checkins is approximately 10 - 15 people. Of course, there is always room to help. Here is a photo of some of us at the http://sambaXP.org/;>sambaXP - conference for users and developers in May 2011: + conference for users and developers in June 2019: - - + + Photos from + 2011, 2009, 2008, 2007, -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 3cd4642014b s3:mdssvc: fix flex compilation error via 44b5168845e ctdb-scripts: Fix tcp_tw_recycle existence check via 575739df9fd docs: Improve documentation of "lanman auth" and "ntlm auth" connection via 684d772e0e1 vfs_fruit: remove a now unnecessary include via 7ae1667bda9 vfs_fruit: use VFS functions in ad_read_rsrc_adouble() via 1a8dffceff4 vfs_fruit: use fsp and remove syscalls from ad_convert_blank_rfork() via afc88153675 vfs_fruit: use VFS function in ad_convert_truncate() via 14048aaf176 vfs_fruit: add VFS handle to ad_convert_truncate() via 015586a4227 vfs_fruit: use fsp and remove mmap in ad_convert_xattr() via 42e6d4d4b5e vfs_fruit: remove use of mmap() from ad_convert_move_reso() via e21d880614c vfs_fruit: convert ad_open_rsrc() to open a proper fsp with SMB_VFS_CREATE_FILE() via b10eabed24d vfs_fruit: only do cross protocol locking on non-internal opens via 645836ff20a vfs_fruit: remove a layer of indirection via 06bd78910ec vfs_fruit: pass VFS handle to ad_convert_move_reso() via e8cecc86ab5 vfs_fruit: remove xattr code from the AppleDouble subsystem via 76074dded7d vfs_fruit: remove now unused AppleDouble code for resource fork in xattr via b24bac64570 vfs_fruit: use stream code for resource fork size calculation in readdir_attr_rfork_size() via 561d52f89a6 vfs_fruit: use correct case FRUIT_RSRC_STREAM in readdir_attr_rfork_size() via c2c6377ebf8 vfs_fruit: ignore AppleDouble files in fruit_unlink() via 1542bb051be vfs_fruit: add a missing else via 18c45bb3440 vfs_fruit: add and use is_adouble_file() via c3676d8d42b vfs_fruit: finally, remove ad_handle from struct adouble via 20e66673c39 vfs_fruit: pass handle to ad_convert_delete_adfile() via fbc0501bed0 vfs_fruit: pass handle to ad_convert_finderinfo() via b50f2ad9919 vfs_fruit: pass handle to ad_convert_blank_rfork() via 1efc046ceff vfs_fruit: pass handle to ad_convert_xattr() via b5275f407f6 vfs_fruit: indentation fix via f30219176ae vfs_fruit: pass handle to ad_read_rsrc() and all the way down via 5975a4a8dfd vfs_fruit: use proper VFS function in ad_read_meta() via 9ae195e4bd8 vfs_fruit: indentation fix via b4c6efa3ebd vfs_fruit: pass handle to ad_read_meta() via c99c7f2a641 vfs_fruit: pass handle to ad_read() via 7ece266411a vfs_fruit: pass handle to ad_set() via f94d0095e8a vfs_fruit: pass handle to ad_fset() via 79beb172cc6 s3:auth: explicitly add BUILTIN\Guests to the guest token via 15fa6919b8a tests: add a test for guest authentication via 36641f70d05 selftest: allow guest login in the ad_member_idmap_rid env via 1cc8068e196 s3:smbd: call reinit_guest_session_info() in the conf updated handler via 71c33811c82 s3:auth: add reinit_guest_session_info() via 29e402f583b dsdb:audit_log: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..." via 11b1f405ee9 ldap server: generate correct referral schemes via 670b864e908 ldap tests: test scheme for referrals via 2cde1306169 s4 dsdb: fix use after free in samldb_rename_search_base_callback via 936a71bfe0e s3/vfs_glusterfs_fuse: Avoid using NAME_MAX directly via 3136b31e957 s3/vfs_glusterfs: Avoid using NAME_MAX directly via dba38ed369b Revert "s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX" via 3b1ccbfc0ce Revert "s3/vfs_glusterfs: Dynamically determine NAME_MAX" via 2a7e6eb8b1d dsdb/repl: we need to replicate the whole schema before we can apply it from 414261f3785 VERSION: Bump version up to 4.9.10. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 3cd4642014bfd69a0cbe4e2b38eb00f1f6f26b65 Author: Ralph Boehme Date: Mon May 27 12:27:57 2019 +0200 s3:mdssvc: fix flex compilation error [4440/4495] Compiling bin/default/source3/rpc_server/mdssvc/sparql_lexer.lex.c ../../source3/rpc_server/mdssvc/sparql_lexer.l:26: error: "yyalloc" redefined [-Werror] 26 | #define yyalloc SMB_MALLOC Looks like the dirty redefine trick doesn't work anymore with newer flex versions. According to the flex manual the right thing to do is to provide own functions for yyalloc and yyrealloc when passing the options "noyyalloc noyyrealloc". BUG: https://bugzilla.samba.org/show_bug.cgi?id=13987 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue May 28 11:49:06 UTC 2019 on sn-devel-184 (cherry picked from commit 9053391f86a529e0a7dbcd
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 48c47f5dbbb wafsamba: Use native waf timer via d106f5eb971 s3:mdssvc: fix flex compilation error via 7c80167e2af ctdb-scripts: Fix tcp_tw_recycle existence check via 4f32284840d docs: Improve documentation of "lanman auth" and "ntlm auth" connection via 47a96935df0 vfs_fruit: remove a now unnecessary include via bdc257a1cba vfs_fruit: use VFS functions in ad_read_rsrc_adouble() via 2d6a2080afb vfs_fruit: use fsp and remove syscalls from ad_convert_blank_rfork() via 91ed0f8beb9 vfs_fruit: use VFS function in ad_convert_truncate() via 28cdc4421c2 vfs_fruit: add VFS handle to ad_convert_truncate() via fef47b90e54 vfs_fruit: use fsp and remove mmap in ad_convert_xattr() via 7fc300d4655 vfs_fruit: remove use of mmap() from ad_convert_move_reso() via d49df05e619 vfs_fruit: convert ad_open_rsrc() to open a proper fsp with SMB_VFS_CREATE_FILE() via f5d1561c5b1 vfs_fruit: only do cross protocol locking on non-internal opens via 9ebfd4f2e51 vfs_fruit: remove a layer of indirection via f890c4fb86c vfs_fruit: pass VFS handle to ad_convert_move_reso() via 8f49fbfdebb vfs_fruit: remove xattr code from the AppleDouble subsystem via 7bd5ceea7d2 vfs_fruit: remove now unused AppleDouble code for resource fork in xattr via cc1ff660b80 vfs_fruit: use stream code for resource fork size calculation in readdir_attr_rfork_size() via d1164d9f374 vfs_fruit: use correct case FRUIT_RSRC_STREAM in readdir_attr_rfork_size() via 8ceb0486446 vfs_fruit: ignore AppleDouble files in fruit_unlink() via 30f25ed6214 vfs_fruit: add a missing else via 8787ac7938c vfs_fruit: add and use is_adouble_file() via 2b8eeb231e0 vfs_fruit: finally, remove ad_handle from struct adouble via ef0522b3434 vfs_fruit: pass handle to ad_convert_delete_adfile() via f2b796844b1 vfs_fruit: pass handle to ad_convert_finderinfo() via 3ff1b960c5e vfs_fruit: pass handle to ad_convert_blank_rfork() via 4e22296dc6c vfs_fruit: pass handle to ad_convert_xattr() via 47e08c03ed8 vfs_fruit: indentation fix via 03d1328e33b vfs_fruit: pass handle to ad_read_rsrc() and all the way down via 9b4ad2a32a6 vfs_fruit: use proper VFS function in ad_read_meta() via fd63fda7769 vfs_fruit: indentation fix via 7a99bba9294 vfs_fruit: pass handle to ad_read_meta() via 25ee7f97c6c vfs_fruit: pass handle to ad_read() via ab9a428f335 vfs_fruit: pass handle to ad_set() via 92bc9e3e11c vfs_fruit: pass handle to ad_fset() via 730c24902d5 s3:auth: explicitly add BUILTIN\Guests to the guest token via b312ceb5730 tests: add a test for guest authentication via d8e33defa5a selftest: allow guest login in the ad_member_idmap_rid env via 90a538f4689 s3:smbd: call reinit_guest_session_info() in the conf updated handler via 7f6b171c3e9 s3:auth: add reinit_guest_session_info() via 813856c1c4e dsdb:audit_log: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..." via 49acbea1378 ldb_kv: Skip @ records early in a search full scan via d9fed540c36 samba-tool domain provision: Fix --interactive module in python3 via 8867c178a9b ldap server: generate correct referral schemes via 207295b9523 ldap tests: test scheme for referrals via fa1de54cd92 s3/vfs_glusterfs_fuse: Avoid using NAME_MAX directly via 778448469bb s3/vfs_glusterfs: Avoid using NAME_MAX directly via bb688404227 Revert "s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX" via f830628c3aa Revert "s3/vfs_glusterfs: Dynamically determine NAME_MAX" from 70e8344a043 VERSION: Bump version up to 4.10.6... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 48c47f5dbbb2722a718103267d4a0a40b4eaa6a0 Author: Lukas Slebodnik Date: Wed Jun 12 12:27:04 2019 +0200 wafsamba: Use native waf timer __main__:1: DeprecationWarning: time.clock has been deprecated in Python 3.3 and will be removed from Python 3.8: use time.perf_counter or time.process_time instead BUG: https://bugzilla.samba.org/show_bug.cgi?id=13998 Signed-off-by: Lukas Slebodnik Reviewed-by: Andreas Schneider Reviewed-by: Alexander Bokovoy (cherry picked from commit 8f082904ce580f1a6b8a06ebcc323c99e892bd1f) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Fri Jun 21 11:14:16 UTC 2019 on sn-devel-144 commit d106f5eb9718d4f4e6305101709045314fde03a1 Author: Ralph Boehme Date: Mon May 27 12:27:57 2019 +0200 s3:mdssvc: fix flex compilation error [4440/4495] Compiling bin/default/source3/rpc_
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6aa5d1f684f CVE-2019-12436 dsdb/paged_results: ignore successful results without messages via 1cac79dd982 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2 via 7ea74d55ad5 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation from f04260ce02c s3:client: Link smbspool_krb5_wrapper against krb5samba https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6aa5d1f684f6bdbae46508347d093a8def27912a Author: Douglas Bagnall Date: Fri May 17 14:42:24 2019 +1200 CVE-2019-12436 dsdb/paged_results: ignore successful results without messages So that we don't dereference result->msgs[0] when it doesn't exist. This can happen when the object has changed in such a way that it no longer matches the original search query. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13951 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Wed Jun 19 08:16:39 UTC 2019 on sn-devel-184 commit 1cac79dd982496f1112dcb63339307cbb9ec00f1 Author: Douglas Bagnall Date: Wed May 22 13:23:25 2019 +1200 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2 We still want to return DOES_NOT_EXIST when request_filter is not 0. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit 7ea74d55ad55027118ca8b32596f32ac4182dce6 Author: Douglas Bagnall Date: Wed May 22 12:58:01 2019 +1200 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation We still want to return DOES_NOT_EXIST when request_filter is not 0. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett --- Summary of changes: python/samba/tests/dcerpc/dnsserver.py | 51 + source4/dsdb/samdb/ldb_modules/paged_results.c | 3 +- source4/dsdb/tests/python/vlv.py| 50 +++- source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 14 ++- 4 files changed, 114 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/tests/dcerpc/dnsserver.py b/python/samba/tests/dcerpc/dnsserver.py index 8e485c540dd..0da9614d066 100644 --- a/python/samba/tests/dcerpc/dnsserver.py +++ b/python/samba/tests/dcerpc/dnsserver.py @@ -28,6 +28,7 @@ from samba.dcerpc import dnsp, dnsserver, security from samba.tests import RpcInterfaceTestCase, env_get_var_value from samba.netcmd.dns import ARecord, Record, PTRRecord, CNameRecord, NSRecord, MXRecord, SRVRecord, TXTRecord from samba import sd_utils, descriptor +from samba import WERRORError, werror class DnsserverTests(RpcInterfaceTestCase): @@ -707,6 +708,56 @@ class DnsserverTests(RpcInterfaceTestCase): 'ServerInfo') self.assertEquals(dnsserver.DNSSRV_TYPEID_SERVER_INFO, typeid) + +# This test is to confirm that we do not support multizone operations, +# which are designated by a non-zero dwContext value (the 3rd argument +# to DnssrvOperation). +def test_operation_invalid(self): +non_zone = 'a-zone-that-does-not-exist' +typeid = dnsserver.DNSSRV_TYPEID_NAME_AND_PARAM +name_and_param = dnsserver.DNS_RPC_NAME_AND_PARAM() +name_and_param.pszNodeName = 'AllowUpdate' +name_and_param.dwParam = dnsp.DNS_ZONE_UPDATE_SECURE +try: +res = self.conn.DnssrvOperation(self.server, +non_zone, +1, +'ResetDwordProperty', +typeid, +name_and_param) +except WERRORError as e: +if e.args[0] == werror.WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST: +return + +# We should always encounter a DOES_NOT_EXIST error. +self.fail() + +# This test is to confirm that we do not support multizone operations, +# which are designated by a non-zero dwContext value (the 5th argument +# to DnssrvOperation2). +def test_operation2_invalid(self): +client_version = dnsserver.DNS_CLIENT_VERSION_LONGHORN +non_zone = 'a-zone-that-does-not-exist' +typeid = dnsserver.DNSSRV_TYPEID_NAME_AND_PARAM +name_and_param = dnsserver.DNS_RPC_NAME_AND_PARAM() +name_and_param.pszNodeName = 'AllowUpdate' +name_and_param.dwParam = dnsp.DNS_ZONE_UPDATE_SECURE +try: +
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 70e8344a043 VERSION: Bump version up to 4.10.6... via 734d72bdc96 Merge tag 'samba-4.10.5' into v4-10-test via 0953917629b VERSION: Disable GIT_SNAPSHOT for the 4.10.5 release. via bfa9f92e611 WHATSNEW: Add release notes for Samba 4.10.5. via c48920093da CVE-2019-12436 dsdb/paged_results: ignore successful results without messages via d32b96aeff0 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2 via 0b9da247534 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation via 090e8700af3 VERSION: Bump version up to 4.10.5... from 881793d52d9 vfs_fruit: change trigger points of AppleDouble conversion https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 70e8344a0438def6fffee4c7eabdae25980cff5c Author: Karolin Seeger Date: Wed Jun 19 09:24:10 2019 +0200 VERSION: Bump version up to 4.10.6... GIT_SNAPSHOT is still enabled in v4-10-test. Signed-off-by: Karolin Seeger Signed-off-by: Stefan Metzmacher commit 734d72bdc968662c33288437e0ed1b877a8c7807 Merge: 881793d52d9 0953917629b Author: Karolin Seeger Date: Wed Jun 19 09:22:20 2019 +0200 Merge tag 'samba-4.10.5' into v4-10-test samba: tag release samba-4.10.5 Signed-off-by: Karolin Seeger Signed-off-by: Stefan Metzmacher --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 64 - python/samba/tests/dcerpc/dnsserver.py | 51 source4/dsdb/samdb/ldb_modules/paged_results.c | 3 +- source4/dsdb/tests/python/vlv.py| 50 ++- source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 14 +- 6 files changed, 177 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index cdd63c11a9c..53df835bdd5 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=10 -SAMBA_VERSION_RELEASE=5 +SAMBA_VERSION_RELEASE=6 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 21aef0c4960..8339bbf958a 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,63 @@ + == + Release Notes for Samba 4.10.5 + June 19, 2019 + == + + +This is a security release in order to address the following defects: + +o CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server + (dnsserver)) +o CVE-2019-12436 (Samba AD DC LDAP server crash (paged searches)) + +=== +Details +=== + +o CVE-2019-12435: + An authenticated user can crash the Samba AD DC's RPC server process via a + NULL pointer dereference. + +o CVE-2019-12436: +An user with read access to the directory can cause a NULL pointer +dereference using the paged search control. + +For more details and workarounds, please refer to the security advisories. + + +Changes since 4.10.4: +- + +o Douglas Bagnall + * BUG 13922: CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found + in DnssrvOperation2. + * BUG 13951: CVE-2019-12436 dsdb/paged_results: Ignore successful results + without messages. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + == Release Notes for Samba 4.10.4 May 22, 2019 @@ -111,8 +171,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older r
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 414261f3785 VERSION: Bump version up to 4.9.10. via 01f22365af9 Merge tag 'samba-4.9.9' into v4-9-test via e6e7c8cada4 VERSION: Disable GIT_SNAPSHOT for the 4.9.9 release via c0712976700 WHATSNEW: Add release notes for Samba 4.9.9 via c2423655657 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2 via 09818693ac2 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation via a26bed6da5c VERSION: Re-enable GIT_SNAPSHOT. via a402c1e10ef VERSION: Bump version up to 4.9.9. from 8b1dfd9b172 vfs_fruit: change trigger points of AppleDouble conversion https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 414261f37851c61e41967b882436adf2e62a072b Author: Karolin Seeger Date: Wed Jun 19 09:07:50 2019 +0200 VERSION: Bump version up to 4.9.10. Signed-off-by: Karolin Seeger commit 01f22365af9c1070579efcf24703d5387303722c Merge: 8b1dfd9b172 e6e7c8cada4 Author: Karolin Seeger Date: Wed Jun 19 09:07:05 2019 +0200 Merge tag 'samba-4.9.9' into v4-9-test samba: tag release samba-4.9.9 --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 57 - python/samba/tests/dcerpc/dnsserver.py | 51 ++ source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 14 +- 4 files changed, 119 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 7471561058a..d851624cade 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=9 -SAMBA_VERSION_RELEASE=9 +SAMBA_VERSION_RELEASE=10 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b0191a14442..a053735f6e9 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,56 @@ + = + Release Notes for Samba 4.9.9 +June 19, 2019 + = + + +This is a security release in order to address the following defect: + +o CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server + (dnsserver)) + +=== +Details +=== + +o CVE-2019-12435: + An authenticated user can crash the Samba AD DC's RPC server process via a + NULL pointer dereference. + +For more details and workarounds, please refer to the security advisory. + + +Changes since 4.9.8: + + +o Douglas Bagnall + * BUG 13922: CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found + in DnssrvOperation2. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + = Release Notes for Samba 4.9.8 May 14, 2019 @@ -49,8 +102,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + = Release Notes for Samba 4.9.7 diff --git a/python/samba/tests/dcerpc/dnsserver.py b/python/samba/tests/dcerpc/dnsserver.py index 53e1abde042..7264a290ef2 100644 --- a/python/samba/tests/dcerpc/dnsserver.py +++ b/python/samba/tests/dcerpc/dnsserver.py @@ -28,6 +28,7 @@ from samba.dcerpc import dnsp, dnsserver, security from samba.tests import RpcInterfaceTestCase, env_get_var_value from samba.netcmd.dns import ARecord, Record, PTRRecord, CNameRecord, NSRe
[SCM] Samba Shared Repository - branch v4-10-stable updated
The branch, v4-10-stable has been updated via 0953917629b VERSION: Disable GIT_SNAPSHOT for the 4.10.5 release. via bfa9f92e611 WHATSNEW: Add release notes for Samba 4.10.5. via c48920093da CVE-2019-12436 dsdb/paged_results: ignore successful results without messages via d32b96aeff0 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2 via 0b9da247534 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation via 090e8700af3 VERSION: Bump version up to 4.10.5... from 8e479542e28 VERSION: Disable GIT_SNAPSHOT for the 4.10.4 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-stable - Log - commit 0953917629bb2e21a41013f50def0c9402d5399a Author: Karolin Seeger Date: Thu Jun 13 11:48:53 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.10.5 release. CVE-2019-12436 dsdb/paged_results: ignore successful results without messages BUG: https://bugzilla.samba.org/show_bug.cgi?id=13951 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922 Signed-off-by: Karolin Seeger commit bfa9f92e611e3b634c505b9c4a2c7aef128afb64 Author: Karolin Seeger Date: Thu Jun 13 11:47:07 2019 +0200 WHATSNEW: Add release notes for Samba 4.10.5. CVE-2019-12436 dsdb/paged_results: ignore successful results without messages BUG: https://bugzilla.samba.org/show_bug.cgi?id=13951 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922 Signed-off-by: Karolin Seeger commit c48920093da7f5f6cbbca42d516b86b9cf51eea6 Author: Douglas Bagnall Date: Fri May 17 14:42:24 2019 +1200 CVE-2019-12436 dsdb/paged_results: ignore successful results without messages So that we don't dereference result->msgs[0] when it doesn't exist. This can happen when the object has changed in such a way that it no longer matches the original search query. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13951 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit d32b96aeff0022c7a9052f15adbc7cd36643ca22 Author: Douglas Bagnall Date: Wed May 22 13:23:25 2019 +1200 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2 We still want to return DOES_NOT_EXIST when request_filter is not 0. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit 0b9da247534f735fa96141e9285fd22e0f2bb442 Author: Douglas Bagnall Date: Wed May 22 12:58:01 2019 +1200 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation We still want to return DOES_NOT_EXIST when request_filter is not 0. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit 090e8700af31c0b9fd273e91a0deb8d1efd3ef24 Author: Karolin Seeger Date: Wed May 22 11:50:17 2019 +0200 VERSION: Bump version up to 4.10.5... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger (cherry picked from commit 827b5423c0fe6ad472226b6d172e0460d074135a) --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 64 - python/samba/tests/dcerpc/dnsserver.py | 51 source4/dsdb/samdb/ldb_modules/paged_results.c | 3 +- source4/dsdb/tests/python/vlv.py| 50 ++- source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 14 +- 6 files changed, 177 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index cddf98545d9..73c35f8f66c 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=10 -SAMBA_VERSION_RELEASE=4 +SAMBA_VERSION_RELEASE=5 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 21aef0c4960..8339bbf958a 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,63 @@ + == + Release Notes for Samba 4.10.5 + June 19, 2019 + == + + +This is a security release in order to address the following defects: + +o CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server + (dnsserver)) +o CVE-2019-12436 (Samba AD DC LDAP ser
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via e6e7c8cada4 VERSION: Disable GIT_SNAPSHOT for the 4.9.9 release via c0712976700 WHATSNEW: Add release notes for Samba 4.9.9 via c2423655657 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2 via 09818693ac2 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation via a26bed6da5c VERSION: Re-enable GIT_SNAPSHOT. via a402c1e10ef VERSION: Bump version up to 4.9.9. from 9dfd4419b50 VERSION: Disable GIT_SNAPSHOT for the 4.9.8 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - commit e6e7c8cada481f79fb899e372fa2f34d35e14637 Author: Karolin Seeger Date: Thu Jun 13 11:59:07 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.9.9 release CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922 Signed-off-by: Karolin Seeger commit c07129767006e89014b01105d5aca6b3043b5596 Author: Karolin Seeger Date: Thu Jun 13 11:57:35 2019 +0200 WHATSNEW: Add release notes for Samba 4.9.9 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922 Signed-off-by: Karolin Seeger commit c2423655657f3074c80ae06f0b6806fc71c8bb41 Author: Douglas Bagnall Date: Wed May 22 13:23:25 2019 +1200 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2 We still want to return DOES_NOT_EXIST when request_filter is not 0. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit 09818693ac251a15df39433ed529b882883cdd44 Author: Douglas Bagnall Date: Wed May 22 12:58:01 2019 +1200 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation We still want to return DOES_NOT_EXIST when request_filter is not 0. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit a26bed6da5c1813b14a2c4a5d77359d76eb2f4b3 Author: Karolin Seeger Date: Thu Jun 13 11:16:26 2019 +0200 VERSION: Re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit a402c1e10ef4e1007250a5d622e6bfde56cd5291 Author: Karolin Seeger Date: Tue May 14 08:23:03 2019 +0200 VERSION: Bump version up to 4.9.9. Signed-off-by: Karolin Seeger (cherry picked from commit a9f7f1f7433b1f1c18ebf0d88fc57ae270f2711f) --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 57 - python/samba/tests/dcerpc/dnsserver.py | 51 ++ source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 14 +- 4 files changed, 119 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 1833b6c24d0..62d75c7cb9a 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=9 -SAMBA_VERSION_RELEASE=8 +SAMBA_VERSION_RELEASE=9 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b0191a14442..a053735f6e9 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,56 @@ + = + Release Notes for Samba 4.9.9 +June 19, 2019 + = + + +This is a security release in order to address the following defect: + +o CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server + (dnsserver)) + +=== +Details +=== + +o CVE-2019-12435: + An authenticated user can crash the Samba AD DC's RPC server process via a + NULL pointer dereference. + +For more details and workarounds, please refer to the security advisory. + + +Changes since 4.9.8: + + +o Douglas Bagnall + * BUG 13922: CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found + in DnssrvOperation2. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via fc934b0 NEWS[4.10.5]: Samba 4.10.5 and 4.9.9 Security Releases Available from 2ef25dd Include link to IRC page https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit fc934b084fd7e8dd9592f770163e9aec54e9c796 Author: Karolin Seeger Date: Fri Jun 14 10:36:52 2019 +0200 NEWS[4.10.5]: Samba 4.10.5 and 4.9.9 Security Releases Available Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 2 + history/samba-4.10.5.html| 59 +++ history/samba-4.9.9.html | 52 ++ history/security.html| 18 + posted_news/20190617-072935.4.10.5.body.html | 30 posted_news/20190617-072935.4.10.5.headline.html | 3 + security/CVE-2019-12435.html | 83 + security/CVE-2019-12436.html | 91 8 files changed, 338 insertions(+) create mode 100644 history/samba-4.10.5.html create mode 100644 history/samba-4.9.9.html create mode 100644 posted_news/20190617-072935.4.10.5.body.html create mode 100644 posted_news/20190617-072935.4.10.5.headline.html create mode 100644 security/CVE-2019-12435.html create mode 100644 security/CVE-2019-12436.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 15a3c50..fa2267e 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,11 +9,13 @@ Release Notes + samba-4.10.5 samba-4.10.4 samba-4.10.3 samba-4.10.2 samba-4.10.1 samba-4.10.0 + samba-4.9.9 samba-4.9.8 samba-4.9.7 samba-4.9.6 diff --git a/history/samba-4.10.5.html b/history/samba-4.10.5.html new file mode 100644 index 000..a32cae7 --- /dev/null +++ b/history/samba-4.10.5.html @@ -0,0 +1,59 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.10.5 - Release Notes + + +Samba 4.10.5 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.10.5.tar.gz;>Samba 4.10.5 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.10.5.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.10.4-4.10.5.diffs.gz;>Patch (gzipped) against Samba 4.10.4 +https://download.samba.org/pub/samba/patches/samba-4.10.4-4.10.5.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.10.5 + June 19, 2019 + == + + +This is a security release in order to address the following defects: + +o CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server + (dnsserver)) +o CVE-2019-12436 (Samba AD DC LDAP server crash (paged searches)) + +=== +Details +=== + +o CVE-2019-12435: + An authenticated user can crash the Samba AD DCs RPC server process via a + NULL pointer dereference. + +o CVE-2019-12436: +An user with read access to the directory can cause a NULL pointer +dereference using the paged search control. + +For more details and workarounds, please refer to the security advisories. + + +Changes since 4.10.4: +- + +o Douglas Bagnall douglas.bagn...@catalyst.net.nz + * BUG 13922: CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found + in DnssrvOperation2. + * BUG 13951: CVE-2019-12436 dsdb/paged_results: Ignore successful results + without messages. + + + + + + diff --git a/history/samba-4.9.9.html b/history/samba-4.9.9.html new file mode 100644 index 000..ffd9378 --- /dev/null +++ b/history/samba-4.9.9.html @@ -0,0 +1,52 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.9.9 - Release Notes + + +Samba 4.9.9 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.9.9.tar.gz;>Samba 4.9.9 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.9.9.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.9.8-4.9.9.diffs.gz;>Patch (gzipped) against Samba 4.9.8 +https://download.samba.org/pub/samba/patches/samba-4.9.8-4.9.9.diffs.asc;>Signature + + + + = + Release Notes for Samba 4.9.9 +June 19, 2019 + = + + +This is a
[SCM] Samba Shared Repository - annotated tag samba-4.9.9 created
The annotated tag, samba-4.9.9 has been created at 33482cfac26a401d6049906087a2d3d60b365b86 (tag) tagging e6e7c8cada481f79fb899e372fa2f34d35e14637 (commit) replaces samba-4.9.8 tagged by Karolin Seeger on Fri Jun 14 10:09:20 2019 +0200 - Log - samba: tag release samba-4.9.9 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXQNWMAAKCRBvM5FbZWi3 6pdwAKCJ+oUkdvgeTIrgq4wOFmMlbXOOsgCZAR5y7yJpmAOpxqibFfjzEKciTBQ= =wbIZ -END PGP SIGNATURE- Douglas Bagnall (2): CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2 Karolin Seeger (4): VERSION: Bump version up to 4.9.9. VERSION: Re-enable GIT_SNAPSHOT. WHATSNEW: Add release notes for Samba 4.9.9 VERSION: Disable GIT_SNAPSHOT for the 4.9.9 release --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-4.10.5 created
The annotated tag, samba-4.10.5 has been created at fb231800e2ecc91c9e101f73e1e9b32958660965 (tag) tagging 0953917629bb2e21a41013f50def0c9402d5399a (commit) replaces samba-4.10.4 tagged by Karolin Seeger on Fri Jun 14 10:36:37 2019 +0200 - Log - samba: tag release samba-4.10.5 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXQNclQAKCRBvM5FbZWi3 6jiGAJ9uH2AII80LC9joQc+09S83YWmqzwCghY/XAqKr/fgqDqrDRPDuaE/OtTE= =2goO -END PGP SIGNATURE- Douglas Bagnall (3): CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2 CVE-2019-12436 dsdb/paged_results: ignore successful results without messages Karolin Seeger (3): VERSION: Bump version up to 4.10.5... WHATSNEW: Add release notes for Samba 4.10.5. VERSION: Disable GIT_SNAPSHOT for the 4.10.5 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 8b1dfd9b172 vfs_fruit: change trigger points of AppleDouble conversion via 267e70cb0d0 vfs_fruit: add a forward declaration for ad_get() via 77655c65737 selftest: run vfs.fruit test against a share that deletes empty resource forks via 45de537de14 s4:torture/vfs/fruit: ensure test_adouble_conversion_wo_xattr() uses a non-emtpy resourcefork via 22170e79bc4 s4:torture/vfs/fruit: ensure test_adouble_conversion() uses a non-emtpy resourcefork via 341fcacfc01 registry: add a missing include via dada63ccaee docs: dfree command. Correct usage of dfree scripts. via fce8502f381 lib: util: Finally remove possibilities of using sys_popen() unsafely. via eb7091a23b8 s3: lib: Rename all uses of file_pload_XXX -> file_ploadv_XXX. via 5887de472e5 s3: lib: Remove file_pload_send(). via 0dfd513f988 s3: winbind: Convert idmap to use file_ploadv_send(). via 19583f44bb4 s3: lib: Add file_ploadv_send(). via 54085531b9f lib: util: Remove file_pload() via cda1eaa2a79 s3: lib: Remove file_lines_pload(). via e6e29b35aea s3: smbd: Convert sysquotas.c code to use file_lines_ploadv(). via 7115964b888 s3: smbd: Convert print_svid code to use file_lines_ploadv(). via 0fc087b8560 s3: smbd: Convert dfree code to use file_lines_ploadv(). via f8655271e71 s3: lib: util: Add file_lines_ploadv(). via ce85a7b6ad2 lib: util: Add file_ploadv(). via 1ea4976a0a9 lib: popen: Prepare to remove sys_popen(). via ecd28164948 s3:util: Move static file_pload() function to lib/util via fefd249619b s3:util: Move popen wrappers to lib/util via bd5116558ff smbd: Fix a panic via 42f881dd035 smbtorture: Add a test to make smbd panic via 2b04a3c3e6f smbd: Enable "smbd:suicide mode" for smb2 via bb00dd66c3e s3: winbind: Fix crash when invoking winbind idmap scripts. via fcf4e66b013 s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary via 429a0c69d82 s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value via 72e89a5d9df s4 dsdb/repl_meta_data: allocate new extended DNs during ADD on a better context via 77de9567d92 python/ntacls: we only need security.SEC_STD_READ_CONTROL in order to get the ACL via 5a96c91de86 dsdb:samdb: schemainfo update with relax control via 2434353a69d python/provision: use provision and relax controls for schema provision via cea297403d9 s4:provision: split out provision_self_join_modify_schema.ldif via 54d9a475367 ldapcmp: ignore 'schemaInfo' if two domains are compared via 57923ced055 drsuapi.idl: add DRSUAPI_ATTID_schemaInfo from 8b523259855 ctdb-common: Fix memory leak in run_proc https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 8b1dfd9b172de44214390953875953c78488b727 Author: Ralph Boehme Date: Tue May 21 16:00:53 2019 +0200 vfs_fruit: change trigger points of AppleDouble conversion This moves the trigger points where AppleDouble file conversion is run by ad_convert() from deep down the callchain in ad_read_rsrc_adouble() to high level VFS entry points. Currently ad_convert() will be triggered as part of open_file_ntcreate(..., "file:AFP_AfpResource", ...): after SMB_VFS_OPEN() has been called with O_CREAT, what created the file, we call SMB_VFS_FSTAT() on the just created filehandle. This ends up in ad_convert(), finds the resource fork empty and thus deletes the file. This commit moves calling of the conversion funtion to the high level VFS entry points where the converted metadata is needed: o for directory enumerations SMB_VFS_READDIR_ATTR() is called to fill in the repurposed fields in the directory entry metadata o obviously for SMB_VFS_CREATE_FILE() on an macOS stream Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 78a4639b2d06cc69788861618d2e91945e142d2b) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Thu Jun 13 14:25:17 UTC 2019 on sn-devel-144 commit 267e70cb0d0c8a4da00c6bc2c46fa40fcf687b5d Author: Ralph Boehme Date: Tue May 21 16:00:00 2019 +0200 vfs_fruit: add a forward declaration for ad_get() Will be needed in the next commit. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 4777d1163a7c18c89ce9be955903427a18134415) commit 77655c657378faa4ba4fa7107faead5045b12649 Author: Ralph Boehme Date: Tue May 21 14:05:04 2019 +0200 selftest: run vfs.fruit test again
[SCM] Samba Shared Repository - branch v4-10-test updated
o for directory enumerations SMB_VFS_READDIR_ATTR() is called to fill in the repurposed fields in the directory entry metadata o obviously for SMB_VFS_CREATE_FILE() on an macOS stream Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 78a4639b2d06cc69788861618d2e91945e142d2b) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Thu Jun 13 13:55:35 UTC 2019 on sn-devel-144 commit 436356f8d00149f0b3fe0a510cd8aea21167786f Author: Ralph Boehme Date: Tue May 21 16:00:00 2019 +0200 vfs_fruit: add a forward declaration for ad_get() Will be needed in the next commit. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 4777d1163a7c18c89ce9be955903427a18134415) commit 886ab13095e5b8114fba5c6d6e761aa1b27bab72 Author: Ralph Boehme Date: Tue May 21 14:05:04 2019 +0200 selftest: run vfs.fruit test against a share that deletes empty resource forks This reveals a bug in the AppleDouble conversion code: the conversion code that unlinks an empty resource fork AppleDouble sidecar file ("._file") gets triggered as part of open_file_ntcreate(..., "file:AFP_AfpResource", ...): after SMB_VFS_OPEN() has been called with O_CREAT, what created the file, we call SMB_VFS_FSTAT() on the just created filehandle. This ends up in ad_convert(), finds the resource fork empty and thus deletes the file. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 8ed9b6b457923d2353d1d18838f4a278db48c6b9) commit 0dfaa70427ed01265e82053f364f0745162b785b Author: Ralph Boehme Date: Tue May 21 18:39:52 2019 +0200 s4:torture/vfs/fruit: ensure test_adouble_conversion_wo_xattr() uses a non-emtpy resourcefork This ensures the resource fork is not deleted as part of the AppleDouble file conversion for the option fruit:wipe_intentionally_left_blank_rfork=yes. This is currently not a problem in selftest, as we don't enable the option, but a subsequent commit will run all vfs.fruit tests against a share with this option enabled. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit bb5a457f2872a383b58d62981dade322fca9b283) commit 6dcec5e2536cf814ef8cf60947ac202c6c9ef636 Author: Ralph Boehme Date: Tue May 21 18:39:52 2019 +0200 s4:torture/vfs/fruit: ensure test_adouble_conversion() uses a non-emtpy resourcefork This ensures the resource fork is not deleted as part of the AppleDouble file conversion for the option fruit:wipe_intentionally_left_blank_rfork=yes. This is currently not a problem in selftest, as we don't enable the option, but a subsequent commit will run all vfs.fruit tests against a share with this option enabled. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit c3d28d49be3c7536d1ccfe8d00553ce72843f369) commit e0e1707d8fc39e89073a435578b1fbb9466752b5 Author: Ralph Boehme Date: Thu May 16 16:05:31 2019 +0200 registry: add a missing include Bug: https://bugzilla.samba.org/show_bug.cgi?id=13840 Signed-off-by: Ralph Boehme Reviewed-by: Douglas Bagnall Reviewed-by: Karolin Seeger Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon May 27 14:29:36 UTC 2019 on sn-devel-184 (cherry picked from commit e09053faf457f69ad9b5e6a34be43c947503575f) commit 16f3a73c1a7d02d5984083ae53da10ae91477807 Author: Douglas Bagnall Date: Fri May 24 09:58:12 2019 +1200 samba-tool dns: use bytes for inet_ntop From Python's point of view, array.AddrArray is a list of byte-valued integers. In Python 3 we can convert directly using the likes of bytes(array.AddrArray[i].MaxSa[8:24]) but in 4.10 we need to support both, so we use struct. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13965 Signed-off-by: Douglas Bagnall Reviewed-by: Noel Power Autobuild-User(master): Noel Power Autobuild-Date(master): Wed May 29 11:29:17 UTC 2019 on sn-devel-184 commit 40ab50754d1db8fc468cad04a0bf737f45895c0f Author: Douglas Bagnall Date: Wed May 29 13:38:12 2019 +1200 tests/samba-tool: test dns serverinfo/zoneinfo BUG: https://bugzilla.samba.org/show_bug.cgi?id=13965 Signed-off-by: Douglas Bagnall Reviewed-by: Noel Power commit b78b7215658e7594ea345c85ec375252b04b4e00 Author: Jeremy Allison Date: Sat May 18 11:41:56 2019 -0700 docs: df
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 5508e9c8cb4 Merge tag 'samba-4.10.4' into v4-10-test via 8e479542e28 VERSION: Disable GIT_SNAPSHOT for the 4.10.4 release. via def2c7dabc9 Merge 'origin/v4-10-stable' into the real 4.10.4 release via 8eb462bf914 Merge tag 'samba-4.10.3' into v4-10-stable via 6c23ad16f02 VERSION: Disable GIT_SNAPSHOT for the 4.10.3 release. from 827b5423c0f VERSION: Bump version up to 4.10.5... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 5508e9c8cb4206a1c2b012c6925f8c6f40f89c1f Merge: 827b5423c0f 8e479542e28 Author: Karolin Seeger Date: Wed May 22 12:31:17 2019 +0200 Merge tag 'samba-4.10.4' into v4-10-test samba: tag release samba-4.10.4 Signed-off-by: Karolin Seeger Signed-off-by: Stefan Metzmacher --- Summary of changes: Changeset truncated at 500 lines: -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 520e0ce NEWS[4.10.4]: Samba 4.10.4 Available for Download from af4ea9b NEWS[4.10.3]: Samba 4.10.3, 4.9.8 and 4.8.12 Security Releases Available https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 520e0ceba6e267c0cb6d7db28ba806561c59329b Author: Karolin Seeger Date: Wed May 22 12:25:25 2019 +0200 NEWS[4.10.4]: Samba 4.10.4 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.10.4.html| 115 +++ posted_news/20190522-102630.4.10.4.body.html | 13 +++ posted_news/20190522-102630.4.10.4.headline.html | 3 + 4 files changed, 132 insertions(+) create mode 100644 history/samba-4.10.4.html create mode 100644 posted_news/20190522-102630.4.10.4.body.html create mode 100644 posted_news/20190522-102630.4.10.4.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 229a679..15a3c50 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.10.4 samba-4.10.3 samba-4.10.2 samba-4.10.1 diff --git a/history/samba-4.10.4.html b/history/samba-4.10.4.html new file mode 100644 index 000..778a5d5 --- /dev/null +++ b/history/samba-4.10.4.html @@ -0,0 +1,115 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.10.4 - Release Notes + + +Samba 4.10.4 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.10.4.tar.gz;>Samba 4.10.4 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.10.4.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.10.3-4.10.4.diffs.gz;>Patch (gzipped) against Samba 4.10.3 +https://download.samba.org/pub/samba/patches/samba-4.10.3-4.10.4.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.10.4 +May 22, 2019 + == + + +This is the latest stable release of the Samba 4.10 release series. + + +Changes since 4.10.3: +- + +o Jeremy Allison j...@samba.org + * BUG 13938: s3: SMB1: Dont allow recvfile on stream fsps. + +o Douglas Bagnall douglas.bagn...@catalyst.net.nz + * BUG 13882: py/provision: Fix for Python 2.6. + +o Tim Beale timbe...@catalyst.net.nz + * BUG 13873: netcmd: Fix passwordsettings --max-pwd-age command. + +o Ralph Boehme s...@samba.org + * BUG 13938: s3:smbd: Dont use recvfile on streams. + +o Gnther Deschner g...@samba.org + * BUG 13861: s3-libnet_join: net ads join to child domain fails when using + -U admin@forestroot. + +o David Disseldorp dd...@samba.org + * BUG 13896: vfs_ceph: Explicitly enable libcephfs POSIX ACL support. + * BUG 13940: vfs_ceph: Fix cephwrap_flistxattr() debug message. + +o Amitay Isaacs ami...@gmail.com + * BUG 13895: ctdb-common: Avoid race between fd and signal events. + * BUG 13943: ctdb-common: Fix memory leak in run_proc. + +o Volker Lendecke v...@samba.org + * BUG 13892: lib: Initialize getline() arguments. + * BUG 13903: winbind: Fix overlapping id ranges. + +o Gary Lockyer g...@catalyst.net.nz + * BUG 13902: lib util debug: Increase format buffer to 4KiB. + * BUG 13927: nsswitch pam_winbind: Fix Asan use after free. + * BUG 13929: s4 lib socket: Ensure address string owned by parent struct. + * BUG 13936: s3 rpc_client: Fix Asan stack use after scope. + +o Stefan Metzmacher me...@samba.org + * BUG 10097: s3:smbd: Handle IO_REPARSE_TAG_DFS in + SMB_FIND_FILE_FULL_DIRECTORY_INFO. + * BUG 10344: smb2_tcon: Avoid STATUS_PENDING completely on tdis. + * BUG 12845: smb2_sesssetup: avoid STATUS_PENDING responses for session + setup. + * BUG 13698: smb2_tcon: Avoid STATUS_PENDING completely on tdis. + * BUG 13796: smb2_sesssetup: avoid STATUS_PENDING responses for session + setup. + * BUG 13843: dbcheck: Fix the err_empty_attribute() check. + * BUG 13858: vfs_snapper: Drop unneeded fstat handler. + * BUG 13862: vfs_default: Fix vfswrap_offload_write_send() + NT_STATUS_INVALID_VIEW_SIZE check. + * BUG 13863: smb2_server: Grant all 8192 credits to clients. + * BUG 13919: smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling. + +o Anoop C S anoo...@redhat.com + * BUG 13872: s3/vfs_glusterfs: Dynamically determine NAME_MAX. + +o Robert Sander r.san...@heinlein-support.de + * BUG 13918: s3: modules: ceph: Use current working directory inst
[SCM] Samba Shared Repository - branch v4-10-stable updated
domain from winbind rpc name_to_sid via 2670fe83374 winbind: Query domain from msrpc name_to_sid via b7f79137dcd nsswitch: Add testcase for checking output of wbinfo --sid-to-name via 2ad7a4a6477 VERSION: Bump version up to 4.10.4. via c0a8bd3d66e Merge tag 'samba-4.10.3' into v4-10-test via c7b67d3cb37 s3/vfs_glusterfs: Dynamically determine NAME_MAX via 3c027df87fe s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX via faa61e3c878 docs/vfs_ceph: describe new ACL behaviour via bd3c73e0861 vfs_ceph: explicitly enable libcephfs POSIX ACL support via 822df5a6dc1 smb2_server: grant all 8192 credits to clients via d508ec61012 vfs_default: fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check via cfdec9a8563 vfs_default: fix DEBUG messages in vfswrap_offload_write_*_done() via 5d418910795 vfs_snapper: drop unneeded fstat handler via 94b7fcba46e smb2_tcon: avoid STATUS_PENDING completely on tdis via 0acd5de3532 smb2_sesssetup: avoid STATUS_PENDING completely on session logoff via 3e4d622e296 smb2_tcon: avoid STATUS_PENDING responses for tree connect via 914d7c53f4d smb2_sesssetup: avoid STATUS_PENDING responses for session setup via d0f5c69b11a smb2_server: allow smbd_smb2_request_pending_queue(0) to avoid STATUS_PENDING via 690ba5dc876 s3:smbd: handle IO_REPARSE_TAG_DFS in SMB_FIND_FILE_FULL_DIRECTORY_INFO via e23fdfe6730 ctdb-common: Avoid race between fd and signal events via 8f43d725d36 ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake" via 182f329f541 torture: Add test for talloc size accounting in memcache via 1a82c4b9532 memcache: Increase size of default memcache to 512k via 43f3544e83f memcache: Properly track the size of talloc objects via d4ea61f5615 memcache: Introduce struct for storing talloc pointer via 6baf1529a81 ctdb-scripts: Update statd-callout to try several configuration files via 12f6eae2c9a ctdb-scripts: Allow load_system_config() to take multiple alternatives via 53e76ab4a8c ctdb-tests: Update NFS test infrastructure to support systemd services via 80c6b7d3914 ctdb-scripts: Add systemd services to NFS call-out via 002beda318b ctdb-scripts: Start NFS quota service if defined via ee78bddd083 ctdb-scripts: Stop/start mount/rquotad/status via NFS call-out via aaf8b6a66c0 ctdb-scripts: Factor out nfs_load_config() via b2aa818e4d8 ctdb-scripts: Add test variable CTDB_NFS_DISTRO_STYLE via a1275fedd21 ctdb-scripts: Rename variable nfslock_service to nfs_lock_service via 63453eb3fb6 ctdb-scripts: Reindent some functions prior to making changes via dda1c48a47c py/provision: fix for Python 2.6 via bdf59b416d2 s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join via f85efe206f9 s3-libnet_join: setup libnet join error string when AD connect fails via 05709dbaf2d s3-libnet_join: always pass down admin domain to ads layer via 837a141a4d9 s3:ldap: Leave add machine code early for pre-existing accounts via 78f308084f5 s3:libads: Make sure we can lookup KDCs which are not configured via bd573b37c60 s3:libnet: Use more secure name for the JOIN krb5.conf via 936594d66b7 auth:creds: Prefer the principal over DOMAIN/username when using NTLM via 0b00c7a2d0a auth:ntlmssp: Add back CRAP ndr debug output via 2e96408eac8 s3:libnet: Fix debug message in libnet_DomainJoin() via 461090e0a12 s3:libsmb: Add some useful debug output to cliconnect via ada3417c5cb s3:libads: Print more information when LDAP fails via 54571d3325f docs: Update smbclient manpage for --max-protocol via cf323d769f0 VERSION: Bump version up to 4.10.3. via ebf34098fa3 Merge tag 'samba-4.10.2' into v4-10-test via 61c4d715a73 VERSION: Bump version up to 4.10.2... from 8eb462bf914 Merge tag 'samba-4.10.3' into v4-10-stable https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-stable - Log - commit 8e479542e28d3b52a940fc12c9e72d782d953d00 Author: Karolin Seeger Date: Wed May 22 11:49:22 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.10.4 release. Signed-off-by: Karolin Seeger commit def2c7dabc9d538587a39a3bf75605d8fd89b974 Merge: fa9de54681b 8eb462bf914 Author: Karolin Seeger Date: Wed May 22 12:14:55 2019 +0200 Merge 'origin/v4-10-stable' into the real 4.10.4 release Signed-off-by: Karolin Seeger Signed-off-by: Stefan Metzmacher --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 120
[SCM] Samba Shared Repository - annotated tag samba-4.10.4 created
The annotated tag, samba-4.10.4 has been created at dcb65453063f1965577586e45180c54646f02ac7 (tag) tagging 8e479542e28d3b52a940fc12c9e72d782d953d00 (commit) replaces samba-4.10.3 tagged by Karolin Seeger on Wed May 22 12:25:11 2019 +0200 - Log - samba: tag release samba-4.10.4 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXOUjhwAKCRBvM5FbZWi3 6ioWAJsEXUnhorC6h1f3Me7QTP6dc3lnvwCgi08GRB1eUkQz95DdcSInF8Knf8I= =f+XW -END PGP SIGNATURE- Amitay Isaacs (2): ctdb-common: Avoid race between fd and signal events ctdb-common: Fix memory leak in run_proc Andreas Schneider (17): docs: Update smbclient manpage for --max-protocol s3:libads: Print more information when LDAP fails s3:libsmb: Add some useful debug output to cliconnect auth:creds: Prefer the principal over DOMAIN/username when using NTLM s3:libnet: Use more secure name for the JOIN krb5.conf s3:libads: Make sure we can lookup KDCs which are not configured s4:auth: Fix debug statement in gensec_gssapi s3:rpc_server: Do not free the tdbname before we printed it s4:ntvfs: Do not free eadb before we printed an error s4:torture: Do not print NULL strings we just checked before lib:torture: Fix string comparison macros where we directly pass NULL s4:torture: Do not free full_name before we printed it ctdb:common: Do not print NULL if we don't get a sockpath s3:winbindd: Do not free db_path in idmap_tdb2 before we printed it s3:utils: If share is NULL in smbcquotas, don't print it s3:utils: If share is NULL in smbcacls, don't print it s3:smbspool: Fix regression printing with Kerberos credentials Anoop C S (2): s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX s3/vfs_glusterfs: Dynamically determine NAME_MAX Christof Schmitt (16): memcache: Introduce struct for storing talloc pointer memcache: Properly track the size of talloc objects memcache: Increase size of default memcache to 512k torture: Add test for talloc size accounting in memcache nsswitch: Add testcase for checking output of wbinfo --sid-to-name winbind: Query domain from msrpc name_to_sid winbind: Query domain from winbind rpc name_to_sid winbind: Query domain from winbind sam_name_to_sid winbind: Return queried domain name from name_to_sid winbind: Use domain name from lsa query for sid_to_name cache entry selftest: Add gid-to-sid lookup to idmap_ad test selftest: Use fl2008r2dc for ad_member_idmap_ad selftest: Make trusted domain information available for idmap_ad environment selftest: Add idmap configuration for trusted domain for idmap_ad selftest: Pass trusted domain information to idmap_ad test selftest: Add trusted domain tests for idmap_ad David Disseldorp (4): vfs_snapper: drop unneeded fstat handler vfs_ceph: explicitly enable libcephfs POSIX ACL support docs/vfs_ceph: describe new ACL behaviour vfs_ceph: fix cephwrap_flistxattr() debug message Douglas Bagnall (2): py/provision: fix for Python 2.6 pytests/dns: use 2.6 compatible syntax Gary Lockyer (4): lib util debug: Increase format buffer to 4KiB nsswitch pam_winbind: Fix Asan use after free s4 lib socket: Ensure address string owned by parent struct s3 rpc_client: Fix Asan stack use after scope Guenther Deschner (3): s3:libnet: Fix debug message in libnet_DomainJoin() auth:ntlmssp: Add back CRAP ndr debug output s3:ldap: Leave add machine code early for pre-existing accounts Günther Deschner (3): s3-libnet_join: always pass down admin domain to ads layer s3-libnet_join: setup libnet join error string when AD connect fails s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join Jeremy Allison (1): s3: SMB1: Don't allow recvfile on stream fsp's. Karolin Seeger (10): VERSION: Bump version up to 4.10.2... Merge tag 'samba-4.10.2' into v4-10-test VERSION: Bump version up to 4.10.3. VERSION: Disable GIT_SNAPSHOT for the 4.10.3 release. Merge tag 'samba-4.10.3' into v4-10-test VERSION: Bump version up to 4.10.4. WHATSNEW: Add release notes for Samba 4.10.4. Merge tag 'samba-4.10.3' into v4-10-stable Merge 'origin/v4-10-stable' into the real 4.10.4 release VERSION: Disable GIT_SNAPSHOT for the 4.10.4 release. Martin Schwenke (27): ctdb-scripts: Reindent some functions prior to making changes ctdb-scripts: Rename variable nfslock_service to nfs_lock_service ctdb-scripts: Add test variable CTDB_NFS_DISTRO_STYLE ctdb-scripts: Factor out nfs_load_config() ctdb-scripts: Stop/start mount/rquotad/status via NFS call-out ctdb-scripts: Start NFS quota service if defined ctdb-scripts: Add
[SCM] Samba Shared Repository - branch v4-10-stable updated
The branch, v4-10-stable has been updated via 8eb462bf914 Merge tag 'samba-4.10.3' into v4-10-stable via 70a164b3214 VERSION: Disable GIT_SNAPSHOT for the 4.10.3 release. from 6c23ad16f02 VERSION: Disable GIT_SNAPSHOT for the 4.10.3 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-stable - Log - commit 8eb462bf914f9b8f9427ececbfc15ae8ae4e5b72 Merge: 6c23ad16f02 70a164b3214 Author: Karolin Seeger Date: Wed May 22 12:05:26 2019 +0200 Merge tag 'samba-4.10.3' into v4-10-stable samba: tag release samba-4.10.3 Signed-off-by: Karolin Seeger Signed-off-by: Stefan Metzmacher --- Summary of changes: Changeset truncated at 500 lines: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 827b5423c0f VERSION: Bump version up to 4.10.5... via d3cfdd71997 VERSION: Disable GIT_SNAPSHOT for the 4.10.4 release. via fa9de54681b WHATSNEW: Add release notes for Samba 4.10.4. from d6243acb3ac ctdb-common: Fix memory leak in run_proc https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 827b5423c0fe6ad472226b6d172e0460d074135a Author: Karolin Seeger Date: Wed May 22 11:50:17 2019 +0200 VERSION: Bump version up to 4.10.5... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit d3cfdd71997494589edd73943d574964720b5f13 Author: Karolin Seeger Date: Wed May 22 11:49:22 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.10.4 release. Signed-off-by: Karolin Seeger commit fa9de54681bc2ebfb37b43f2a7bd2d69124f24c7 Author: Karolin Seeger Date: Wed May 22 11:48:35 2019 +0200 WHATSNEW: Add release notes for Samba 4.10.4. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 120 ++- 2 files changed, 119 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index d6337dea09a..cdd63c11a9c 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=10 -SAMBA_VERSION_RELEASE=4 +SAMBA_VERSION_RELEASE=5 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 8472caa032c..21aef0c4960 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,119 @@ + == + Release Notes for Samba 4.10.4 +May 22, 2019 + == + + +This is the latest stable release of the Samba 4.10 release series. + + +Changes since 4.10.3: +- + +o Jeremy Allison + * BUG 13938: s3: SMB1: Don't allow recvfile on stream fsp's. + +o Douglas Bagnall + * BUG 13882: py/provision: Fix for Python 2.6. + +o Tim Beale + * BUG 13873: netcmd: Fix 'passwordsettings --max-pwd-age' command. + +o Ralph Boehme + * BUG 13938: s3:smbd: Don't use recvfile on streams. + +o Günther Deschner + * BUG 13861: s3-libnet_join: 'net ads join' to child domain fails when using + "-U admin@forestroot". + +o David Disseldorp + * BUG 13896: vfs_ceph: Explicitly enable libcephfs POSIX ACL support. + * BUG 13940: vfs_ceph: Fix cephwrap_flistxattr() debug message. + +o Amitay Isaacs + * BUG 13895: ctdb-common: Avoid race between fd and signal events. + * BUG 13943: ctdb-common: Fix memory leak in run_proc. + +o Volker Lendecke + * BUG 13892: lib: Initialize getline() arguments. + * BUG 13903: winbind: Fix overlapping id ranges. + +o Gary Lockyer + * BUG 13902: lib util debug: Increase format buffer to 4KiB. + * BUG 13927: nsswitch pam_winbind: Fix Asan use after free. + * BUG 13929: s4 lib socket: Ensure address string owned by parent struct. + * BUG 13936: s3 rpc_client: Fix Asan stack use after scope. + +o Stefan Metzmacher + * BUG 10097: s3:smbd: Handle IO_REPARSE_TAG_DFS in + SMB_FIND_FILE_FULL_DIRECTORY_INFO. + * BUG 10344: smb2_tcon: Avoid STATUS_PENDING completely on tdis. + * BUG 12845: smb2_sesssetup: avoid STATUS_PENDING responses for session + setup. + * BUG 13698: smb2_tcon: Avoid STATUS_PENDING completely on tdis. + * BUG 13796: smb2_sesssetup: avoid STATUS_PENDING responses for session + setup. + * BUG 13843: dbcheck: Fix the err_empty_attribute() check. + * BUG 13858: vfs_snapper: Drop unneeded fstat handler. + * BUG 13862: vfs_default: Fix vfswrap_offload_write_send() + NT_STATUS_INVALID_VIEW_SIZE check. + * BUG 13863: smb2_server: Grant all 8192 credits to clients. + * BUG 13919: smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling. + +o Anoop C S + * BUG 13872: s3/vfs_glusterfs: Dynamically determine NAME_MAX. + +o Robert Sander + * BUG 13918: s3: modules: ceph: Use current working directory instead of + share path. + +o Christof Schmitt + * BUG 13831: winbind: Use domain name from lsa query for sid_to_name cache + entry. + * BUG 13865: memcache: Increase size of default memcache to 512k. + +o Andreas Schneider + * BUG 13857: docs: Update smbclient manpage for "--max-protocol". + * BUG 13861: 'net ads join' to child domain fails when using + "-U admin@forestroot". + * BUG 13937: s3:utils: If share is NULL in smbcacls, don't print it. + * BUG 13939: s3:smbspool: Fix regression printing with Kerberos credentials. + +o Ma
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 8b523259855 ctdb-common: Fix memory leak in run_proc via 54199785376 ctdb-common: Fix memory leak via 76c7302105c ctdb-recoverd: Fix memory leak via f81a971cc29 vfs_ceph: fix cephwrap_flistxattr() debug message via e1522725b0f s3:smbspool: Fix regression printing with Kerberos credentials via e3dd029dfad s3: SMB1: Don't allow recvfile on stream fsp's. via 1e9e531a585 s3:smbd: don't use recvfile on streams via f8eb314bcda s3:utils: If share is NULL in smbcacls, don't print it via c98a190ff88 s3:utils: If share is NULL in smbcquotas, don't print it via ca9e386a59e s3:winbindd: Do not free db_path in idmap_tdb2 before we printed it via 925871f5808 ctdb:common: Do not print NULL if we don't get a sockpath via f00cb3c1824 s4:torture: Do not free full_name before we printed it via 637b3b1a3da lib:torture: Fix string comparison macros where we directly pass NULL via 1f14d55f45e s4:torture: Do not print NULL strings we just checked before via 9fda18d7707 s4:ntvfs: Do not free eadb before we printed an error via 541a98bc843 s3:rpc_server: Do not free the tdbname before we printed it via 2ec15697375 s4:auth: Fix debug statement in gensec_gssapi via 1c2c081f439 ctdb-daemon: Never use 0 as a client ID via 24d70220b28 ctdb-tests: Fix logic error in simple ctdb reloadips test via 9f679ba14d5 ctdb-tests: Make ctdb reloadips tests more reliable via 0ffba5145c8 ctdb-tests: Capture output in $out on failure as well via 1eb5d2e4fc2 ctdb-tests: Don't clean up test var directory in autotest target via 15e5d62b3d9 ctdb-tests: Fix usage message via 814471f46e8 ctdb-tests: Wait to allow database attach/detach to take effect via 3f104bd0db2 ctdb-tests: Avoid bulk output in $out, prefer $outfile via b594f5161dd ctdb-tests: Make try_command_on_node less error-prone via 7c97bc83284 ctdb-tests: Change sanity_check_output() to internally use $out via 30b5d837d5d ctdb-tests: Extend test to cover ctdb rddumpmemory via 08e229df43e ctdb-tools: Fix ctdb dumpmemory to avoid printing trailing NUL via 7db0d1a7646 smbd: implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling via ffb6fb90f69 s4:torture/smb2: add smb2.getinfo.normalized test via d2c87ba602b s4:libcli/raw: add RAW_FILEINFO_NORMALIZED_NAME_INFORMATION support via e8a1f4c233b smbd: allow case insensitive opens of named streams via b23a436e0cc s4:torture/smb2: add smb2.stream.names3 test via 9f4cc1ff94e s3: modules: ceph: use current working directory instead of share path via 9348090b5e2 s3:debug: enable logging for early startup failures via adc1277e392 s3:debug: adjust indention via dea9042b2e2 s3:debug: use struct initializer via 2e2b539d83a debug: add a call to debug_parse_levels() to reopen_logs() via cd5fbcc9d4d debug: add an empty line via e7b1794cefa winbind: Fix overlapping id ranges via ac678f27dff selftest: Add trusted domain tests for idmap_ad via c1b0fb91caf selftest: Pass trusted domain information to idmap_ad test via 4cf06197d2a selftest: Add idmap configuration for trusted domain for idmap_ad via f807c76db1e selftest: Make trusted domain information available for idmap_ad environment via dcbffbb3084 selftest: Use fl2008r2dc for ad_member_idmap_ad via 0861417bf9d selftest: Add gid-to-sid lookup to idmap_ad test via d4d41f0d20d lib util debug: Increase format buffer to 4KiB via bba9f065003 pytests/dns: use 2.6 compatible syntax from 03a91bf0a15 winbind: Use domain name from lsa query for sid_to_name cache entry https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 8b523259855edcc9350cbb1ee62b4a2156fab539 Author: Amitay Isaacs Date: Mon May 13 17:07:59 2019 +1000 ctdb-common: Fix memory leak in run_proc BUG: https://bugzilla.samba.org/show_bug.cgi?id=13943 Signed-off-by: Amitay Isaacs Reviewed-by: Martin Schwenke Autobuild-User(master): Amitay Isaacs Autobuild-Date(master): Tue May 14 08:59:03 UTC 2019 on sn-devel-184 (cherry picked from commit b1f4c86eea022999d5439e4a6ef3494fe41479b6) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Fri May 17 10:56:19 UTC 2019 on sn-devel-144 commit 5419978537665cbe2233f57f3f289d3843935318 Author: Martin Schwenke Date: Sat May 11 17:33:57 2019 +1000 ctdb-common: Fix memory leak BUG: https://bugzilla.samba.org/show_bug.cgi?id=13943 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit 30bc6e2529cdd444d4ec7902844c3a6fb0858090) commit
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via d6243acb3ac ctdb-common: Fix memory leak in run_proc via 0d4280abf98 ctdb-common: Fix memory leak via 32065a0772e ctdb-recoverd: Fix memory leak via 417a4d2c3cc vfs_ceph: fix cephwrap_flistxattr() debug message via 4c02823ab51 s3:smbspool: Fix regression printing with Kerberos credentials via 5c9489ba557 s3: SMB1: Don't allow recvfile on stream fsp's. via 198cb5b0550 s3:smbd: don't use recvfile on streams via f7ffa7a007f s3:utils: If share is NULL in smbcacls, don't print it via b0e862a64a7 s3:utils: If share is NULL in smbcquotas, don't print it via 601cb1d5726 s3:winbindd: Do not free db_path in idmap_tdb2 before we printed it via 5b6adbb0f05 ctdb:common: Do not print NULL if we don't get a sockpath via b578a2df99f s4:torture: Do not free full_name before we printed it via 4113054a7ce lib:torture: Fix string comparison macros where we directly pass NULL via a81f78ce4e4 s4:torture: Do not print NULL strings we just checked before via b522ed38de1 s4:ntvfs: Do not free eadb before we printed an error via 405872948fa s3:rpc_server: Do not free the tdbname before we printed it via 4f0a4fac3de s4:auth: Fix debug statement in gensec_gssapi via 8542379bde8 s3 rpc_client: Fix Asan stack use after scope via 8a320aad332 ctdb-daemon: Never use 0 as a client ID via 6aa0fd8b7cd s4 lib socket: Ensure address string owned by parent struct via 385a36b7e7c nsswitch pam_winbind: Fix Asan use after free via 52ba5136f2f ctdb-tests: Fix logic error in simple ctdb reloadips test via 63a59de4f0f ctdb-tests: Make ctdb reloadips tests more reliable via efb35a1a695 ctdb-tests: Capture output in $out on failure as well via 65bf14afd83 ctdb-tests: Remove old socket wrapper state directory during setup via 33739d55569 ctdb-tests: Actually restart if cluster doesn't become healthy via 0cdf5c6b5ce ctdb-tests: Don't clean up test var directory in autotest target via 3582e306606 ctdb-tests: Fix usage message via b8cf1594a73 ctdb-tests: Wait to allow database attach/detach to take effect via 221da170256 ctdb-tests: Avoid bulk output in $out, prefer $outfile via 2044466dd3e ctdb-tests: Make try_command_on_node less error-prone via 8bb1726f6a7 ctdb-tests: Change sanity_check_output() to internally use $out via c054f19fb37 ctdb-tests: Extend test to cover ctdb rddumpmemory via 8c9abb2749f ctdb-tools: Fix ctdb dumpmemory to avoid printing trailing NUL via 42b32da4160 smbd: implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling via 5308f042e67 s4:torture/smb2: add smb2.getinfo.normalized test via 3205d032781 s4:libcli/raw: add RAW_FILEINFO_NORMALIZED_NAME_INFORMATION support via 07382f0765a smbd: allow case insensitive opens of named streams via 649dd7bce86 s4:torture/smb2: add smb2.stream.names3 test via f4a603a9f32 s3: modules: ceph: use current working directory instead of share path via de505618e60 s3:debug: enable logging for early startup failures via c584a4b4dfb s3:debug: adjust indention via c7f25b25d3a s3:debug: use struct initializer via 1fa6a46fa53 winbind: Fix overlapping id ranges via 24d39db5c37 selftest: Add trusted domain tests for idmap_ad via 3a46730f12e selftest: Pass trusted domain information to idmap_ad test via c3c2f3707a0 selftest: Add idmap configuration for trusted domain for idmap_ad via 79c04524c38 selftest: Make trusted domain information available for idmap_ad environment via 28b5ff2ccf7 selftest: Use fl2008r2dc for ad_member_idmap_ad via 38746ec0a3e selftest: Add gid-to-sid lookup to idmap_ad test via 9c167fa8628 lib util debug: Increase format buffer to 4KiB via 2cc3b4c42c5 lib: Initialize getline() arguments via d1962a5f527 pytests/dns: use 2.6 compatible syntax from 893ac2a6b20 netcmd: Fix passwordsettings --max-pwd-age command https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit d6243acb3ac386c91e66ff9a2957b87c3fe7a6a1 Author: Amitay Isaacs Date: Mon May 13 17:07:59 2019 +1000 ctdb-common: Fix memory leak in run_proc BUG: https://bugzilla.samba.org/show_bug.cgi?id=13943 Signed-off-by: Amitay Isaacs Reviewed-by: Martin Schwenke Autobuild-User(master): Amitay Isaacs Autobuild-Date(master): Tue May 14 08:59:03 UTC 2019 on sn-devel-184 (cherry picked from commit b1f4c86eea022999d5439e4a6ef3494fe41479b6) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Thu May 16 13:56:00 UTC 2019 on sn-devel-144 commit 0d4280abf98cb023d21edbf4e069f551931cca1f Author
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 03a91bf0a15 winbind: Use domain name from lsa query for sid_to_name cache entry via b3876c300b3 winbind: Return queried domain name from name_to_sid via b5c442b76c4 winbind: Query domain from winbind sam_name_to_sid via ef63526b322 winbind: Query domain from winbind rpc name_to_sid via cc3ca17a7b9 winbind: Query domain from msrpc name_to_sid via d012a7e875b nsswitch: Add testcase for checking output of wbinfo --sid-to-name from a9f7f1f7433 VERSION: Bump version up to 4.9.9. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 03a91bf0a15b853ab31091185656b90d086c5687 Author: Christof Schmitt Date: Mon Mar 11 16:14:02 2019 -0700 winbind: Use domain name from lsa query for sid_to_name cache entry When winbindd is asked to map a name like realm.com\name to a SID ,that is sucessfully resolved through the lsa lookup name call. The same call also returns the short domain name (netbios name of the domain). Use that short domain name for the sid_to_name cache entry, so that subsequent sid_to_name queries return the expected netbiosname\name result and not realm.com\name. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 Signed-off-by: Christof Schmitt Reviewed-by: Volker Lendecke (cherry picked from commit aec9bda25f10ca2710d91fb680cca7904e92f9de) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Wed May 15 14:18:45 UTC 2019 on sn-devel-144 commit b3876c300b3d0090933c65272cd374dc40a607e6 Author: Christof Schmitt Date: Mon Mar 11 16:11:01 2019 -0700 winbind: Return queried domain name from name_to_sid BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 Signed-off-by: Christof Schmitt Reviewed-by: Volker Lendecke (cherry picked from commit 640e0ef4fd338ddf03b813a8d45cce67c7ec7a01) commit b5c442b76c413ce3c596bdc07805e04345489fcd Author: Christof Schmitt Date: Thu Mar 14 10:30:45 2019 -0700 winbind: Query domain from winbind sam_name_to_sid BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 Signed-off-by: Christof Schmitt Reviewed-by: Volker Lendecke (cherry picked from commit 32e3f0663be39cf4a81639c818fc88e959791673) commit ef63526b322af68b67ba9a70c7641730ee5c2def Author: Christof Schmitt Date: Mon Mar 11 15:54:21 2019 -0700 winbind: Query domain from winbind rpc name_to_sid BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 Signed-off-by: Christof Schmitt Reviewed-by: Volker Lendecke (cherry picked from commit 562551c0886bdef1f97059e16d375c2e97452b45) commit cc3ca17a7b913df73321aa62f76e5d231d804a45 Author: Christof Schmitt Date: Mon Mar 11 15:53:51 2019 -0700 winbind: Query domain from msrpc name_to_sid BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 Signed-off-by: Christof Schmitt Reviewed-by: Volker Lendecke (cherry picked from commit 60b0e91237179b8782c4bd83b9579f51d5af2928) commit d012a7e875bea0de16cac69adb99507ba9151d17 Author: Christof Schmitt Date: Mon Mar 11 16:26:48 2019 -0700 nsswitch: Add testcase for checking output of wbinfo --sid-to-name The username should always be returned in the DOMAISHORTNAME/USERNAME format. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 Signed-off-by: Christof Schmitt Reviewed-by: Volker Lendecke (cherry picked from commit d006c769a9cad275339b18b08e13d48acb29d7fc) --- Summary of changes: nsswitch/tests/test_wbinfo_name_lookup.sh | 15 +++ source3/winbindd/winbindd.h | 1 + source3/winbindd/winbindd_ads.c | 3 ++- source3/winbindd/winbindd_cache.c | 5 +++-- source3/winbindd/winbindd_msrpc.c | 15 ++- source3/winbindd/winbindd_reconnect.c | 5 +++-- source3/winbindd/winbindd_reconnect_ads.c | 5 +++-- source3/winbindd/winbindd_rpc.c | 15 ++- source3/winbindd/winbindd_rpc.h | 1 + source3/winbindd/winbindd_samr.c | 11 +++ 10 files changed, 67 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/tests/test_wbinfo_name_lookup.sh b/nsswitch/tests/test_wbinfo_name_lookup.sh index c1d39c1a602..ee8ae11f4b1 100755 --- a/nsswitch/tests/test_wbinfo_name_lookup.sh +++ b/nsswitch/tests/test_wbinfo_name_lookup.sh @@ -31,6 +31,21 @@ testit "name-to-sid.upn" \ $wbinfo -n $DC_USERNAME@$REALM || \ failed=$(expr $failed + 1) +testit "name-to-sid.realm-user" \ + $wbinfo -n $REALM/$DC_USERNAME || \ + failed=$(expr $failed + 1) + +# For the name-to-sid.realm-user query, ensure +# that this does not change subsequent sid-to-n
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 893ac2a6b20 netcmd: Fix passwordsettings --max-pwd-age command via afc2243b478 netcmd: Add some timestamp conversion helper functions via 36da4c095de netcmd: Use python constant for -0x8000 via 1efa1e01194 tests: Add test for setting min/maxPwdAge via ea74b0eb2ef dbcheck: fix the err_empty_attribute() check via b01e1e3376b winbind: Use domain name from lsa query for sid_to_name cache entry via 9034980420d winbind: Return queried domain name from name_to_sid via b519cd2156d winbind: Query domain from winbind sam_name_to_sid via af48878005a winbind: Query domain from winbind rpc name_to_sid via 2670fe83374 winbind: Query domain from msrpc name_to_sid via b7f79137dcd nsswitch: Add testcase for checking output of wbinfo --sid-to-name from 2ad7a4a6477 VERSION: Bump version up to 4.10.4. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 893ac2a6b2046e4e1d7a46f2a2c50afc7546d3b2 Author: Tim Beale Date: Wed Apr 3 09:10:55 2019 +1300 netcmd: Fix passwordsettings --max-pwd-age command The min_pwd_age and max_pwd_age parameters are both optional and default to None. However, if we just set the max-pwd-age, then the check 'min_pwd_age >= max_pwd_age' will throw a Python exception because it's trying to compare an int to NoneType (min_pwd_age). This works on Python 2 but is a problem on Python 3. We could just add a check that min_pwd_age is not None, but that defeats the point of having the check if you're only setting either the min or max age indepedently. This patch gets the current min/max password age from the DB (in ticks). If either setting is changed, the ticks will be updated. Then at the end we check the min is still less than the max (to do this, we convert the ticks back to days in the interests of readability). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Fri Apr 5 08:03:08 UTC 2019 on sn-devel-144 (cherry picked from commit 7a410ccb5f6f2958d56fa6f16d8780c69a3830dd) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Tue May 14 17:36:28 UTC 2019 on sn-devel-144 commit afc2243b4785180c74bccaa5491396fe7d5d8bcd Author: Tim Beale Date: Tue Apr 2 11:10:41 2019 +1300 netcmd: Add some timestamp conversion helper functions BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett (cherry picked from commit 940306a24a8d14fbb8c76c5a60b3d5f2773873a0) commit 36da4c095deb73dfb14ca629b223998fce1f9403 Author: Tim Beale Date: Mon Apr 1 16:42:32 2019 +1300 netcmd: Use python constant for -0x8000 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett (cherry picked from commit b43f997f2397771b159c49526a36bd2b3467b0ef) commit 1efa1e011941075d24b55f5228c167fd847ed61d Author: Tim Beale Date: Mon Apr 1 16:32:27 2019 +1300 tests: Add test for setting min/maxPwdAge Currently setting maxPwdAge doesn't work at all. While we're adding a test, we might as well assert that minPwdAge can't be greater than maxPwdAge as well. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett (cherry picked from commit d247a600845fdc6bf232496e8db56cd1d95a3022) commit ea74b0eb2ef634b35eb0c51053ba3f87d3bee383 Author: Stefan Metzmacher Date: Tue Mar 19 13:16:59 2019 +0100 dbcheck: fix the err_empty_attribute() check ldb.bytes('') == '' is never True in python3, we nee ldb.bytes('') == b'' in order to check that on attribute has an empty value, that seems to work for python2 and python3. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13843 Signed-off-by: Stefan Metzmacher Reviewed-by: Noel Power Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Thu Mar 21 18:15:20 UTC 2019 on sn-devel-144 (cherry picked from commit 261ef9d5b62f0d49f858717e6d8b4b41f008efb5) commit b01e1e3376be76fea435f987e0edea98161b7a35 Author: Christof Schmitt Date: Mon Mar 11 16:14:02 2019 -0700 winbind: Use domain name from lsa query for sid_to_name cache entry When winbindd is asked to map a name like realm.com\name to a SID ,that is sucessfully resolved through the lsa lookup name call. The same call also returns the short domain name (netbios name of the domain). Use that short domain name for the sid_to_name cache entry, so that subsequ
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 43958af1d50 CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum via 5639e973c1f CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum from b1f4c86eea0 ctdb-common: Fix memory leak in run_proc https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 43958af1d50f0185e21e6cd74110c455ee8996af Author: Isaac Boukris Date: Wed Jan 30 23:49:07 2019 +0200 CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685 Signed-off-by: Isaac Boukris Reviewed-by: Andrew Bartlett Signed-off-by: Andrew Bartlett Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Tue May 14 11:45:13 UTC 2019 on sn-devel-184 commit 5639e973c1f6f1b28b122741763f1d05b47bc2d8 Author: Isaac Boukris Date: Thu Apr 25 22:12:10 2019 +1200 CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685 Signed-off-by: Isaac Boukris Signed-off-by: Andrew Bartlett --- Summary of changes: source4/heimdal/kdc/krb5tgs.c| 7 +++ source4/torture/krb5/kdc-canon-heimdal.c | 105 +-- 2 files changed, 108 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index a888788bb6f..ff7d93138c0 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1925,6 +1925,13 @@ server_lookup: goto out; } + if (!krb5_checksum_is_keyed(context, self.cksum.cksumtype)) { + free_PA_S4U2Self(); + kdc_log(context, config, 0, "Reject PA-S4U2Self with unkeyed checksum"); + ret = KRB5KRB_AP_ERR_INAPP_CKSUM; + goto out; + } + ret = _krb5_s4u2self_to_checksumdata(context, , ); if (ret) goto out; diff --git a/source4/torture/krb5/kdc-canon-heimdal.c b/source4/torture/krb5/kdc-canon-heimdal.c index 30eca87cb52..ee3045181dc 100644 --- a/source4/torture/krb5/kdc-canon-heimdal.c +++ b/source4/torture/krb5/kdc-canon-heimdal.c @@ -44,7 +44,8 @@ #define TEST_S4U2SELF 0x080 #define TEST_REMOVEDOLLAR 0x100 #define TEST_AS_REQ_SPN 0x200 -#define TEST_ALL 0x3FF +#define TEST_MITM_S4U2SELF0x400 +#define TEST_ALL 0x7FF struct test_data { const char *test_name; @@ -62,6 +63,7 @@ struct test_data { bool upn; bool other_upn_suffix; bool s4u2self; + bool mitm_s4u2self; bool removedollar; bool as_req_spn; bool spn_is_upn; @@ -212,6 +214,67 @@ static bool test_accept_ticket(struct torture_context *tctx, return true; } +krb5_error_code +_krb5_s4u2self_to_checksumdata(krb5_context context, + const PA_S4U2Self *self, + krb5_data *data); + +/* Helper function to modify the principal in PA_FOR_USER padata */ +static bool change_for_user_principal(struct torture_krb5_context *test_context, + krb5_data *modified_send_buf) +{ + PA_DATA *for_user; + int i = 0; + size_t used; + krb5_error_code ret; + PA_S4U2Self self, mod_self; + krb5_data cksum_data; + krb5_principal admin; + heim_octet_string orig_padata_value; + krb5_context k5_ctx = test_context->smb_krb5_context->krb5_context; + + for_user = krb5_find_padata(test_context->tgs_req.padata->val, + test_context->tgs_req.padata->len, KRB5_PADATA_FOR_USER, ); + torture_assert(test_context->tctx, for_user != NULL, "No PA_FOR_USER in s4u2self request"); + orig_padata_value = for_user->padata_value; + + torture_assert_int_equal(test_context->tctx, +krb5_make_principal(k5_ctx, , test_context->test_data->realm, +"Administrator", NULL), +0, "krb5_make_principal() failed"); + torture_assert_int_equal(test_context->tctx, +decode_PA_S4U2Self(for_user->padata_value.data, + for_user->padata_value.length, , NULL), +0, "decode_PA_S4U2Self() failed"); + mod_self = self; + mod_self.name = admin->name; + + torture_assert_int_equal(test_context->tctx, +_krb5_s4u2self_to_checksumdata(k5
[SCM] Samba Shared Repository - branch v4-10-stable updated
The branch, v4-10-stable has been updated via 6c23ad16f02 VERSION: Disable GIT_SNAPSHOT for the 4.10.3 release. via 20ce967a45a WHATSNEW: Add release notes for Samba 4.10.3. via 12086db2101 CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum via 6ad19ca4687 CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum via 6a7e06239fb VERSION: Re-enable GIT_SNAPSHOT. via 770352cd077 VERSION: Bump version up to 4.10.3. from 17cd92e1c36 VERSION: Disable GIT_SNAPSHOT for 4.10.2 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-stable - Log - commit 6c23ad16f02497d086f42dccd75c6fcc5dad Author: Karolin Seeger Date: Tue May 7 11:06:14 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.10.3 release. CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum) Signed-off-by: Karolin Seeger commit 20ce967a45a140475b36c90b8c24ba51374e57d2 Author: Karolin Seeger Date: Tue May 7 10:46:21 2019 +0200 WHATSNEW: Add release notes for Samba 4.10.3. CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum) Signed-off-by: Karolin Seeger commit 12086db2101beb44db41da0a811a6be8544b546e Author: Isaac Boukris Date: Wed Jan 30 23:49:07 2019 +0200 CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685 Signed-off-by: Isaac Boukris Reviewed-by: Andrew Bartlett Signed-off-by: Andrew Bartlett commit 6ad19ca46879f166e896562b88244e2ffd17e1ed Author: Isaac Boukris Date: Thu Apr 25 22:12:10 2019 +1200 CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685 Signed-off-by: Isaac Boukris Signed-off-by: Andrew Bartlett commit 6a7e06239fb725f77877ed6e3435ef101a162148 Author: Karolin Seeger Date: Tue May 7 11:02:17 2019 +0200 VERSION: Re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 770352cd07776fcfc49511b0b393c2e6371724e9 Author: Karolin Seeger Date: Mon Apr 8 12:30:35 2019 +0200 VERSION: Bump version up to 4.10.3. Signed-off-by: Karolin Seeger (cherry picked from commit cf323d769f0f75a8201b21e5563fc5481beb614e) --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 58 - source4/heimdal/kdc/krb5tgs.c| 7 +++ source4/torture/krb5/kdc-canon-heimdal.c | 105 +-- 4 files changed, 165 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index db76ce216a7..2b49166b9c6 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=10 -SAMBA_VERSION_RELEASE=2 +SAMBA_VERSION_RELEASE=3 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index f88d3e99b3c..8472caa032c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,57 @@ + == + Release Notes for Samba 4.10.3 +May 14, 2019 + == + + +This is a security release in order to address the following defect: + +o CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum) + + +=== +Details +=== + +o CVE-2018-16860: + The checksum validation in the S4U2Self handler in the embedded Heimdal KDC + did not first confirm that the checksum was keyed, allowing replacement of + the requested target (client) principal. + +For more details and workarounds, please refer to the security advisory. + + +Changes since 4.10.2: +- + +o Isaac Boukris + * BUG 13685: CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed + checksum. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +==
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 2ad7a4a6477 VERSION: Bump version up to 4.10.4. from c0a8bd3d66e Merge tag 'samba-4.10.3' into v4-10-test https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 2ad7a4a64779c06ff4c4aa874656c778c823b959 Author: Karolin Seeger Date: Tue May 14 08:23:51 2019 +0200 VERSION: Bump version up to 4.10.4. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 9f59cca..d6337dea09a 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=10 -SAMBA_VERSION_RELEASE=3 +SAMBA_VERSION_RELEASE=4 # If a official release has a serious bug # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via c0a8bd3d66e Merge tag 'samba-4.10.3' into v4-10-test via 70a164b3214 VERSION: Disable GIT_SNAPSHOT for the 4.10.3 release. via 20ce967a45a WHATSNEW: Add release notes for Samba 4.10.3. via 12086db2101 CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum via 6ad19ca4687 CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum via 6a7e06239fb VERSION: Re-enable GIT_SNAPSHOT. via 770352cd077 VERSION: Bump version up to 4.10.3. from c7b67d3cb37 s3/vfs_glusterfs: Dynamically determine NAME_MAX https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit c0a8bd3d66e2dbfab166db082e4ad253adaed9cb Merge: c7b67d3cb37 70a164b3214 Author: Karolin Seeger Date: Tue May 14 08:21:05 2019 +0200 Merge tag 'samba-4.10.3' into v4-10-test samba: tag release samba-4.10.3 commit 70a164b3214026fe6f94c7b4c468c49d0557e2e5 Author: Karolin Seeger Date: Tue May 7 11:06:14 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.10.3 release. Signed-off-by: Karolin Seeger --- Summary of changes: WHATSNEW.txt | 58 - source4/heimdal/kdc/krb5tgs.c| 7 +++ source4/torture/krb5/kdc-canon-heimdal.c | 105 +-- 3 files changed, 164 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index f88d3e99b3c..8472caa032c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,57 @@ + == + Release Notes for Samba 4.10.3 +May 14, 2019 + == + + +This is a security release in order to address the following defect: + +o CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum) + + +=== +Details +=== + +o CVE-2018-16860: + The checksum validation in the S4U2Self handler in the embedded Heimdal KDC + did not first confirm that the checksum was keyed, allowing replacement of + the requested target (client) principal. + +For more details and workarounds, please refer to the security advisory. + + +Changes since 4.10.2: +- + +o Isaac Boukris + * BUG 13685: CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed + checksum. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + == Release Notes for Samba 4.10.2 April 8, 2019 @@ -57,8 +111,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + == Release Notes for Samba 4.10.1 diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index a888788bb6f..ff7d93138c0 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1925,6 +1925,13 @@ server_lookup: goto out; } + if (!krb5_checksum_is_keyed(context, self.cksum.cksumtype)) { + free_PA_S4U2Self(); + kdc_log(context, config, 0, "Reject PA-S4U2Self with unkeyed checksum"); + ret = KRB5KRB_AP_ERR_INAPP_CKSUM; + goto out; + } + ret = _krb5_s4u2self_to_checksumdata(context, , ); if (ret) goto out; diff --git a/source4/torture/krb5/kdc-canon-heimdal.c b/source4/torture/krb5/kdc-canon-heimdal.c index 30eca87cb52..ee3045181dc 100644 --- a/source4/torture/krb5/kdc-canon-heimdal.c +++ b/source4/torture/krb5/kdc-canon-heimdal.c @@ -44,7 +44,8 @@ #define TEST_S4U2SELF 0x080 #define TEST_REMOVEDOLLA
[SCM] Samba Shared Repository - branch v4-8-stable updated
The branch, v4-8-stable has been updated via a72d4598bf4 VERSION: Disable GIT_SNAPSHOT for the 4.8.12 release. via 162016b23b5 WHATSNEW: Add release notes for Samba 4.8.12. via 169bc039065 CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum via f65b6eab332 CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum via 1d98ed7f186 VERSION: Re-enable GIT_SNAPSHOT. via 287f2fab580 VERSION: Bump version up to 4.8.12. from b7e91b13d4d VERSION: Disable GIT_SNAPSHOT for the 4.8.11 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-stable - Log - commit a72d4598bf4a2186769f25050663f4779ea581e0 Author: Karolin Seeger Date: Tue May 7 12:35:52 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.8.12 release. CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum) Signed-off-by: Karolin Seeger commit 162016b23b5dedaf819941fb46c6ca5e5469b464 Author: Karolin Seeger Date: Tue May 7 12:34:50 2019 +0200 WHATSNEW: Add release notes for Samba 4.8.12. CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum) Signed-off-by: Karolin Seeger commit 169bc039065ea202246bceba8598472711de2346 Author: Isaac Boukris Date: Wed Jan 30 23:49:07 2019 +0200 CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685 Signed-off-by: Isaac Boukris Reviewed-by: Andrew Bartlett Signed-off-by: Andrew Bartlett commit f65b6eab332b0513782d4a18851c836a0da695ac Author: Isaac Boukris Date: Thu Apr 25 22:12:10 2019 +1200 CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685 Signed-off-by: Isaac Boukris Signed-off-by: Andrew Bartlett commit 1d98ed7f186d0f0e32b80c5509b8ce850c86211d Author: Karolin Seeger Date: Tue May 7 12:33:21 2019 +0200 VERSION: Re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 287f2fab58026c2b679f094e22b758042c124142 Author: Karolin Seeger Date: Mon Apr 8 12:28:05 2019 +0200 VERSION: Bump version up to 4.8.12. Signed-off-by: Karolin Seeger (cherry picked from commit d7fef72c6a373e10289675ef180d49d739cd6a5b) --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 58 +++- source4/heimdal/kdc/krb5tgs.c| 7 ++ source4/torture/krb5/kdc-canon-heimdal.c | 115 +-- 4 files changed, 175 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 355fb3a99a5..d045e35fa06 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=8 -SAMBA_VERSION_RELEASE=11 +SAMBA_VERSION_RELEASE=12 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b51ba11f813..3b8f058af8e 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,57 @@ + == + Release Notes for Samba 4.8.12 +May 14, 2019 + == + + +This is a security release in order to address the following defect: + +o CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum) + + +=== +Details +=== + +o CVE-2018-16860: + The checksum validation in the S4U2Self handler in the embedded Heimdal KDC + did not first confirm that the checksum was keyed, allowing replacement of + the requested target (client) principal. + +For more details and workarounds, please refer to the security advisory. + + +Changes since 4.8.11: +- + +o Isaac Boukris + * BUG 13685: CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed + checksum. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +==
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via a9f7f1f7433 VERSION: Bump version up to 4.9.9. via d1c15c26703 Merge tag 'samba-4.9.8' into v4-9-test via 9dfd4419b50 VERSION: Disable GIT_SNAPSHOT for the 4.9.8 release. via ff8e3fbae80 WHATSNEW: Add release notes for Samba 4.9.8. via de3fa5d6b94 CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum via 52200468716 CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum via bc1b0ade6ff VERSION: Bump version up to 4.9.8... from 86de3470b4c VERSION: Bump version up to 4.9.8... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit a9f7f1f7433b1f1c18ebf0d88fc57ae270f2711f Author: Karolin Seeger Date: Tue May 14 08:23:03 2019 +0200 VERSION: Bump version up to 4.9.9. Signed-off-by: Karolin Seeger commit d1c15c2670377741588cb46a6c08220493e30bd1 Merge: 86de3470b4c 9dfd4419b50 Author: Karolin Seeger Date: Tue May 14 08:22:26 2019 +0200 Merge tag 'samba-4.9.8' into v4-9-test samba: tag release samba-4.9.8 --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 58 +++- source4/heimdal/kdc/krb5tgs.c| 7 ++ source4/torture/krb5/kdc-canon-heimdal.c | 115 +-- 4 files changed, 175 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 6d6a27b4aeb..7471561058a 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=9 -SAMBA_VERSION_RELEASE=8 +SAMBA_VERSION_RELEASE=9 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index d135527fa1b..b0191a14442 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,57 @@ + = + Release Notes for Samba 4.9.8 +May 14, 2019 + = + + +This is a security release in order to address the following defect: + +o CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum) + + +=== +Details +=== + +o CVE-2018-16860: + The checksum validation in the S4U2Self handler in the embedded Heimdal KDC + did not first confirm that the checksum was keyed, allowing replacement of + the requested target (client) principal. + +For more details and workarounds, please refer to the security advisory. + + +Changes since 4.9.7: + + +o Isaac Boukris + * BUG 13685: CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed + checksum. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + = Release Notes for Samba 4.9.7 May 1, 2019 @@ -111,8 +165,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + = Release Notes for Samba 4.9.6 diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index a888788bb6f..ff7d93138c0 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1925,6 +1925,13 @@ server_lookup: goto out; } + if (!krb5_checksum_is_keyed(context, self.cksum.cksumtype)) { + free_PA_S4U2Self(); + kdc_log(context, config, 0, "Reject PA-S4U2Self with unkeyed checksum"); + ret = KRB5KRB_AP_ERR_INAPP_CKSUM; + goto out; + } + ret = _krb5_s4u2self
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 4d88741a279 VERSION: Bump version up to 4.8.13. via 1a248d16ab9 Merge tag 'samba-4.8.12' into v4-8-test via a72d4598bf4 VERSION: Disable GIT_SNAPSHOT for the 4.8.12 release. via 162016b23b5 WHATSNEW: Add release notes for Samba 4.8.12. via 169bc039065 CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum via f65b6eab332 CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum via 1d98ed7f186 VERSION: Re-enable GIT_SNAPSHOT. via 287f2fab580 VERSION: Bump version up to 4.8.12. from d7fef72c6a3 VERSION: Bump version up to 4.8.12. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 4d88741a2798d44d7b2ed28302e2d9816ac894fc Author: Karolin Seeger Date: Tue May 14 08:25:33 2019 +0200 VERSION: Bump version up to 4.8.13. Signed-off-by: Karolin Seeger commit 1a248d16ab941491edcbf2ac8ba0f88cd7c65c29 Merge: d7fef72c6a3 a72d4598bf4 Author: Karolin Seeger Date: Tue May 14 08:25:01 2019 +0200 Merge tag 'samba-4.8.12' into v4-8-test samba: tag release samba-4.8.12 --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 58 +++- source4/heimdal/kdc/krb5tgs.c| 7 ++ source4/torture/krb5/kdc-canon-heimdal.c | 115 +-- 4 files changed, 175 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 1491cac258d..e7942192ceb 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=8 -SAMBA_VERSION_RELEASE=12 +SAMBA_VERSION_RELEASE=13 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b51ba11f813..3b8f058af8e 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,57 @@ + == + Release Notes for Samba 4.8.12 +May 14, 2019 + == + + +This is a security release in order to address the following defect: + +o CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum) + + +=== +Details +=== + +o CVE-2018-16860: + The checksum validation in the S4U2Self handler in the embedded Heimdal KDC + did not first confirm that the checksum was keyed, allowing replacement of + the requested target (client) principal. + +For more details and workarounds, please refer to the security advisory. + + +Changes since 4.8.11: +- + +o Isaac Boukris + * BUG 13685: CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed + checksum. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + == Release Notes for Samba 4.8.11 April 8, 2019 @@ -49,8 +103,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + == Release Notes for Samba 4.8.10 diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index a888788bb6f..ff7d93138c0 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1925,6 +1925,13 @@ server_lookup: goto out; } + if (!krb5_checksum_is_keyed(context, self.cksum.cksumtype)) { + free_PA_S4U2Self(); + kdc_log(context, config, 0, "Reject PA-S4U2Self with unkeyed checksum"); + ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via 9dfd4419b50 VERSION: Disable GIT_SNAPSHOT for the 4.9.8 release. via ff8e3fbae80 WHATSNEW: Add release notes for Samba 4.9.8. via de3fa5d6b94 CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum via 52200468716 CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum via bc1b0ade6ff VERSION: Bump version up to 4.9.8... from c8e9b9fe7cc VERSION: Disable GIT_SNAPSHOT for the 4.9.7 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - commit 9dfd4419b50b17ed916957372829057af8e27893 Author: Karolin Seeger Date: Tue May 7 12:25:56 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.9.8 release. CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum) Signed-off-by: Karolin Seeger commit ff8e3fbae80e62f1b0f8b638a171e913a14b231a Author: Karolin Seeger Date: Tue May 7 12:24:55 2019 +0200 WHATSNEW: Add release notes for Samba 4.9.8. CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum) Signed-off-by: Karolin Seeger commit de3fa5d6b9462bd8c5bc01cf1ae89fa997009ae7 Author: Isaac Boukris Date: Wed Jan 30 23:49:07 2019 +0200 CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685 Signed-off-by: Isaac Boukris Reviewed-by: Andrew Bartlett Signed-off-by: Andrew Bartlett commit 522004687162c3dfad87581ce930b21c9ecdf834 Author: Isaac Boukris Date: Thu Apr 25 22:12:10 2019 +1200 CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685 Signed-off-by: Isaac Boukris Signed-off-by: Andrew Bartlett commit bc1b0ade6ff84fd16fa58d357497b317ba04cbff Author: Karolin Seeger Date: Tue Apr 16 12:39:04 2019 +0200 VERSION: Bump version up to 4.9.8... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger (cherry picked from commit 86de3470b4c342857d1c8408929ef4637fdf1937) --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 58 +++- source4/heimdal/kdc/krb5tgs.c| 7 ++ source4/torture/krb5/kdc-canon-heimdal.c | 115 +-- 4 files changed, 175 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index ba6fe8a24b9..1833b6c24d0 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=9 -SAMBA_VERSION_RELEASE=7 +SAMBA_VERSION_RELEASE=8 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index d135527fa1b..b0191a14442 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,57 @@ + = + Release Notes for Samba 4.9.8 +May 14, 2019 + = + + +This is a security release in order to address the following defect: + +o CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum) + + +=== +Details +=== + +o CVE-2018-16860: + The checksum validation in the S4U2Self handler in the embedded Heimdal KDC + did not first confirm that the checksum was keyed, allowing replacement of + the requested target (client) principal. + +For more details and workarounds, please refer to the security advisory. + + +Changes since 4.9.7: + + +o Isaac Boukris + * BUG 13685: CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed + checksum. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + = Release Notes for Samba 4.9.7
[SCM] Samba Shared Repository - annotated tag samba-4.8.12 created
The annotated tag, samba-4.8.12 has been created at a5461cbf0307fc29c89ac9318d9e89e45a7c79f6 (tag) tagging a72d4598bf4a2186769f25050663f4779ea581e0 (commit) replaces samba-4.8.11 tagged by Karolin Seeger on Tue May 7 12:37:45 2019 +0200 - Log - samba: tag release samba-4.8.12 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXNFf+QAKCRBvM5FbZWi3 6i7sAKDH+ZpZpfeMsgFYPq3EPcm/stlFvACeO+vChwYJshHz8rBX7feZckZQa6c= =4GQl -END PGP SIGNATURE- Isaac Boukris (2): CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum Karolin Seeger (4): VERSION: Bump version up to 4.8.12. VERSION: Re-enable GIT_SNAPSHOT. WHATSNEW: Add release notes for Samba 4.8.12. VERSION: Disable GIT_SNAPSHOT for the 4.8.12 release. --- -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via af4ea9b NEWS[4.10.3]: Samba 4.10.3, 4.9.8 and 4.8.12 Security Releases Available from 60eab79 Add Samba 4.9.7 to the list. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit af4ea9b9d702945c2f4583be5d71933635a6b519 Author: Karolin Seeger Date: Tue May 7 11:12:08 2019 +0200 NEWS[4.10.3]: Samba 4.10.3, 4.9.8 and 4.8.12 Security Releases Available Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 3 + history/samba-4.10.3.html| 53 history/{samba-4.8.11.html => samba-4.8.12.html} | 34 ++--- history/samba-4.9.8.html | 53 history/security.html| 18 +++ posted_news/20190510-082106.4.10.3.body.html | 23 posted_news/20190510-082106.4.10.3.headline.html | 4 + security/CVE-2018-16860.html | 165 +++ 8 files changed, 336 insertions(+), 17 deletions(-) create mode 100644 history/samba-4.10.3.html copy history/{samba-4.8.11.html => samba-4.8.12.html} (50%) create mode 100644 history/samba-4.9.8.html create mode 100644 posted_news/20190510-082106.4.10.3.body.html create mode 100644 posted_news/20190510-082106.4.10.3.headline.html create mode 100644 security/CVE-2018-16860.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 7d361df..229a679 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,9 +9,11 @@ Release Notes + samba-4.10.3 samba-4.10.2 samba-4.10.1 samba-4.10.0 + samba-4.9.8 samba-4.9.7 samba-4.9.6 samba-4.9.5 @@ -20,6 +22,7 @@ samba-4.9.2 samba-4.9.1 samba-4.9.0 + samba-4.8.12 samba-4.8.11 samba-4.8.10 samba-4.8.9 diff --git a/history/samba-4.10.3.html b/history/samba-4.10.3.html new file mode 100644 index 000..bc5148e --- /dev/null +++ b/history/samba-4.10.3.html @@ -0,0 +1,53 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.10.3 - Release Notes + + +Samba 4.10.3 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.10.3.tar.gz;>Samba 4.10.3 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.10.3.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.10.2-4.10.3.diffs.gz;>Patch (gzipped) against Samba 4.10.2 +https://download.samba.org/pub/samba/patches/samba-4.10.2-4.10.3.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.10.3 +May 14, 2019 + == + + +This is a security release in order to address the following defect: + +o CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum) + + +=== +Details +=== + +o CVE-2018-16860: + The checksum validation in the S4U2Self handler in the embedded Heimdal KDC + did not first confirm that the checksum was keyed, allowing replacement of + the requested target (client) principal. + +For more details and workarounds, please refer to the security advisory. + + +Changes since 4.10.2: +- + +o Isaac Boukris ibouk...@gmail.com + * BUG 13685: CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed + checksum. + + + + + + diff --git a/history/samba-4.8.11.html b/history/samba-4.8.12.html similarity index 50% copy from history/samba-4.8.11.html copy to history/samba-4.8.12.html index 5be432b..ad104eb 100644 --- a/history/samba-4.8.11.html +++ b/history/samba-4.8.12.html @@ -2,49 +2,49 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> http://www.w3.org/1999/xhtml;> -Samba 4.8.11 - Release Notes +Samba 4.8.12 - Release Notes -Samba 4.8.11 Available for Download +Samba 4.8.12 Available for Download -https://download.samba.org/pub/samba/stable/samba-4.8.11.tar.gz;>Samba 4.8.11 (gzipped) -https://download.samba.org/pub/samba/stable/samba-4.8.11.tar.asc;>Signature +https://download.samba.org/pub/samba/stable/samba-4.8.12.tar.gz;>Samba 4.8.12 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.8.12.tar.asc;>Signature -https://download.samba.org/pub/samba/patches/samba-4.8.10-4.8.11.diffs.gz;>Patch (gzipped) against Samba 4.8.10 -https:/
[SCM] Samba Shared Repository - annotated tag samba-4.9.8 created
The annotated tag, samba-4.9.8 has been created at e97437961bd62312a17441ff04d2f177a4f33b00 (tag) tagging 9dfd4419b50b17ed916957372829057af8e27893 (commit) replaces samba-4.9.7 tagged by Karolin Seeger on Tue May 7 12:30:53 2019 +0200 - Log - samba: tag release samba-4.9.8 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXNFeXQAKCRBvM5FbZWi3 6mgVAJsHm4k4CQpvyJ+fV1/ie72P5cLIQwCfQ05UO3tjAcIFgApgWleViFf4u/k= =GrWT -END PGP SIGNATURE- Isaac Boukris (2): CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum Karolin Seeger (3): VERSION: Bump version up to 4.9.8... WHATSNEW: Add release notes for Samba 4.9.8. VERSION: Disable GIT_SNAPSHOT for the 4.9.8 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-4.10.3 created
The annotated tag, samba-4.10.3 has been created at 12d7ef3f8273e36f0fec477794d92d327ea76e22 (tag) tagging 70a164b3214026fe6f94c7b4c468c49d0557e2e5 (commit) replaces samba-4.10.2 tagged by Karolin Seeger on Tue May 7 11:11:51 2019 +0200 - Log - samba: tag release samba-4.10.3 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXNFL1wAKCRBvM5FbZWi3 6qRXAJ4i9RdxsWDYeOEdhx6YuZr6L4GVsQCgvpvHnDL+FLrb2bNKsT0Gwf01+ZA= =fcvC -END PGP SIGNATURE- Isaac Boukris (2): CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum Karolin Seeger (4): VERSION: Bump version up to 4.10.3. VERSION: Re-enable GIT_SNAPSHOT. WHATSNEW: Add release notes for Samba 4.10.3. VERSION: Disable GIT_SNAPSHOT for the 4.10.3 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via c8e9b9fe7cc VERSION: Disable GIT_SNAPSHOT for the 4.9.7 release. via b9fac394ab0 WHATSNEW: Add release notes for Samba 4.9.7. via 16462634503 s3/vfs_glusterfs: Dynamically determine NAME_MAX via f6907809a8e s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX via 571f7034fcc docs/vfs_ceph: describe new ACL behaviour via c5089041e62 vfs_ceph: explicitly enable libcephfs POSIX ACL support via 7abc1442500 smb2_server: grant all 8192 credits to clients via 74001095d25 vfs_default: fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check via a50c4d7a891 vfs_default: fix DEBUG messages in vfswrap_offload_write_*_done() via dedeaf370eb vfs_snapper: drop unneeded fstat handler via c8bdbc39955 smb2_tcon: avoid STATUS_PENDING completely on tdis via d8d3e6895ae smb2_sesssetup: avoid STATUS_PENDING completely on session logoff via 6122f423d8d smb2_tcon: avoid STATUS_PENDING responses for tree connect via dc06b1b364d smb2_sesssetup: avoid STATUS_PENDING responses for session setup via 8d6361b63bb smb2_server: allow smbd_smb2_request_pending_queue(0) to avoid STATUS_PENDING via 7aa443a3cf3 s3:smbd: handle IO_REPARSE_TAG_DFS in SMB_FIND_FILE_FULL_DIRECTORY_INFO via 945a41d3841 ctdb-common: Avoid race between fd and signal events via d9c47cb86e0 ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake" via e974e44014b torture: Add test for talloc size accounting in memcache via e09262b7a0f memcache: Increase size of default memcache to 512k via a54038bf5f8 memcache: Properly track the size of talloc objects via 116c874f1ff memcache: Introduce struct for storing talloc pointer via 49fa08814e2 ctdb-scripts: Update statd-callout to try several configuration files via dae0e8ec961 ctdb-scripts: Allow load_system_config() to take multiple alternatives via 14069988a97 ctdb-tests: Update NFS test infrastructure to support systemd services via aee71ea6863 ctdb-scripts: Add systemd services to NFS call-out via 7932032de40 ctdb-scripts: Start NFS quota service if defined via 5a97b7f00ab ctdb-scripts: Stop/start mount/rquotad/status via NFS call-out via f00827672cb ctdb-scripts: Factor out nfs_load_config() via 022b9a6ca7d ctdb-scripts: Add test variable CTDB_NFS_DISTRO_STYLE via 117586288be ctdb-scripts: Rename variable nfslock_service to nfs_lock_service via d415458f6fc ctdb-scripts: Reindent some functions prior to making changes via d78118d0af5 py/provision: fix for Python 2.6 via 7f1811ee4ff s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join via d101da493ec s3-libnet_join: setup libnet join error string when AD connect fails via 4147349c963 s3-libnet_join: always pass down admin domain to ads layer via e933ddb7744 s3:ldap: Leave add machine code early for pre-existing accounts via 55da00ced98 s3:libads: Make sure we can lookup KDCs which are not configured via cf210317a6f s3:libnet: Use more secure name for the JOIN krb5.conf via 33ec6f827ef auth:creds: Prefer the principal over DOMAIN/username when using NTLM via 1a239fa0bdb auth:ntlmssp: Add back CRAP ndr debug output via 7dce8031959 s3:libnet: Fix debug message in libnet_DomainJoin() via 0acb2e42fcb s3:libsmb: Add some useful debug output to cliconnect via be37e77bb31 s3:libads: Print more information when LDAP fails via b1d1f5f5ac3 docs: Update smbclient manpage for --max-protocol via d162726a2e7 VERSION: Bump version up to 4.9.7. via 8ee79597846 Merge tag 'samba-4.9.6' into v4-9-test via d59cefc8c3b libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response via 9c52fdc1871 s3:lib: Fix the debug message for adding cache entries. via 5b7161153d0 s3:waf: Fix the detection of makdev() macro on Linux via 055b971a7b0 regfio tests: Update comment style to match README.Coding via 0cc3508242b regfio: Update code near recent changes to match README.Coding via f3552ad511c regfio: Improve handling of malformed registry hive files via b5ae06cc653 regfio: Add trivial unit test via 223352ee944 regfio: Use correct function names in debug information via 4644b23b91c Fix typos in "valid" via 87ffad41af1 py/kcc_utils: py2.6 compatibility via d44f2157a72 py/graph: use 2.6 compatible check for set membership via 42b62465fcc dbcheck: use the str() value of the "name" attribute via 693c349874f dbcheck: don't check expired tombstone objects by default anymore via 3fca3dcc1c9 blackbox/dbcheck-links.sh: prepare regression test for skipping expired tombstones
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 60eab79 Add Samba 4.9.7 to the list. via e22cc8c NEWS[4.9.7]: Samba 4.9.7 Available for Download from 8c610e9 Announce Samba 4.10.2, 4.9.6 and 4.8.11 security releases. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 60eab79af780d243d6c2c497eec8483908557589 Author: Karolin Seeger Date: Wed May 1 08:00:13 2019 +0200 Add Samba 4.9.7 to the list. Signed-off-by: Karolin Seeger commit e22cc8cb98b901b63605d5d0924f725c4b6aca92 Author: Karolin Seeger Date: Wed May 1 07:58:36 2019 +0200 NEWS[4.9.7]: Samba 4.9.7 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.9.7.html| 115 posted_news/20190501-055950.4.9.7.body.html | 13 +++ posted_news/20190501-055950.4.9.7.headline.html | 3 + 4 files changed, 132 insertions(+) create mode 100644 history/samba-4.9.7.html create mode 100644 posted_news/20190501-055950.4.9.7.body.html create mode 100644 posted_news/20190501-055950.4.9.7.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 0751325..7d361df 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -12,6 +12,7 @@ samba-4.10.2 samba-4.10.1 samba-4.10.0 + samba-4.9.7 samba-4.9.6 samba-4.9.5 samba-4.9.4 diff --git a/history/samba-4.9.7.html b/history/samba-4.9.7.html new file mode 100644 index 000..e64bdf4 --- /dev/null +++ b/history/samba-4.9.7.html @@ -0,0 +1,115 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.9.7 - Release Notes + + +Samba 4.9.7 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.9.7.tar.gz;>Samba 4.9.7 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.9.7.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.9.6-4.9.7.diffs.gz;>Patch (gzipped) against Samba 4.9.6 +https://download.samba.org/pub/samba/patches/samba-4.9.6-4.9.7.diffs.asc;>Signature + + + + = + Release Notes for Samba 4.9.7 +May 1, 2019 + = + + +This is the latest stable release of the Samba 4.9 release series. + + +Changes since 4.9.6: + + +o Douglas Bagnall douglas.bagn...@catalyst.net.nz + * BUG 13837: py/kcc_utils: py2.6 compatibility. + * BUG 13882: py/provision: Fix for Python 2.6. + +o Andrew Bartlett abart...@samba.org + * BUG 13840: regfio: Update code near recent changes to match README.Coding. + +o Gnther Deschner g...@samba.org + * BUG 13861: net ads join to child domain fails when using + -U admin@forestroot. + +o David Disseldorp dd...@samba.org + * BUG 13858: vfs_snapper: Drop unneeded fstat handler. + * BUG 13896: vfs_ceph: Explicitly enable libcephfs POSIX ACL support. + +o Philipp Gesang philipp.ges...@intra2net.com + * BUG 13869: libcli: Permit larger values of DataLength in + SMB2_ENCRYPTION_CAPABILITIES of negotiate response. + +o Michael Hanselmann pub...@hansmi.ch + * BUG 13840: regfio: Improve handling of malformed registry hive files. + +o Amitay Isaacs ami...@samba.org + * BUG 13895: ctdb-common: Avoid race between fd and signal events. + +o Volker Lendecke v...@samba.org + * BUG 13813: Fix idmap cache pollution with S-1-22- IDs on winbind hickup. + +o Marcos Mello marcos...@gmail.com + * BUG 11568: Send status to systemd on daemon start. + +o Stefan Metzmacher me...@samba.org + * BUG 10097: s3:smbd: Handle IO_REPARSE_TAG_DFS in + SMB_FIND_FILE_FULL_DIRECTORY_INFO. + * BUG 10344: smb2_tcon: Avoid STATUS_PENDING completely on tdis. + * BUG 12844: smb2_tcon: Avoid STATUS_PENDING responses for tree connect. + * BUG 12845: smb2_sesssetup: Avoid STATUS_PENDING responses for session + setup. + * BUG 13698: smb2_tcon: Avoid STATUS_PENDING responses for tree connect. + * BUG 13796: smb2_sesssetup: Avoid STATUS_PENDING responses for session + setup. + * BUG 13816: dbcheck in the middle of the tombstone garbage collection causes + replication failures. + * BUG 13818: ndr_spoolss_buf: Fix out of scope use of stack variable in + NDR_SPOOLSS_PUSH_ENUM_OUT(). + * BUG 13862: vfs_default: Fix vfswrap_offload_write_send() + NT_STATUS_INVALID_VIEW_SIZE check. + * BUG 13863: smb2_server: Grant all 8192 credits to clients. + +o Noel Power noel.po...@suse.com + * python/samba
[SCM] Samba Shared Repository - annotated tag samba-4.9.7 created
The annotated tag, samba-4.9.7 has been created at 198a86adf621fda0a372e04095cc83d9aa4529f0 (tag) tagging c8e9b9fe7ccb3e5ef03b9f8fedf29a74b4f5ccae (commit) replaces samba-4.9.6 tagged by Karolin Seeger on Wed May 1 07:58:23 2019 +0200 - Log - samba: tag release samba-4.9.7 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXMk1fwAKCRBvM5FbZWi3 6i4FAJ9W/2Lp/rVnXDO3Rq8xv424Ym+mVACgrSgOETQGIduWQAissKESpeU5YHc= =HHM5 -END PGP SIGNATURE- Amitay Isaacs (1): ctdb-common: Avoid race between fd and signal events Andreas Schneider (15): lib:util: Move debug message for mkdir failing to log level 1 s3:script: Fix jobid check in test_smbspool.sh s3:client: Pass DEVICE_URI and AUTH_INFO_REQUIRED env to smbspool s3:client: Evaluate the AUTH_INFO_REQUIRED variable set by cups s3:client: Make sure we work on a copy of the title s3:client: Fix smbspool device uri handling s4:librpc: Fix installation of Samba s3:waf: Fix the detection of makdev() macro on Linux s3:lib: Fix the debug message for adding cache entries. docs: Update smbclient manpage for --max-protocol s3:libads: Print more information when LDAP fails s3:libsmb: Add some useful debug output to cliconnect auth:creds: Prefer the principal over DOMAIN/username when using NTLM s3:libnet: Use more secure name for the JOIN krb5.conf s3:libads: Make sure we can lookup KDCs which are not configured Andrew Bartlett (2): regfio: Update code near recent changes to match README.Coding regfio tests: Update comment style to match README.Coding Anoop C S (2): s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX s3/vfs_glusterfs: Dynamically determine NAME_MAX Christof Schmitt (7): passdb: Update ABI to 0.27.2 lib/winbind_util: Move include out of ifdef lib/winbind_util: Add winbind_xid_to_sid for --without-winbind memcache: Introduce struct for storing talloc pointer memcache: Properly track the size of talloc objects memcache: Increase size of default memcache to 512k torture: Add test for talloc size accounting in memcache David Disseldorp (3): vfs_snapper: drop unneeded fstat handler vfs_ceph: explicitly enable libcephfs POSIX ACL support docs/vfs_ceph: describe new ACL behaviour Douglas Bagnall (3): py/graph: use 2.6 compatible check for set membership py/kcc_utils: py2.6 compatibility py/provision: fix for Python 2.6 Guenther Deschner (3): s3:libnet: Fix debug message in libnet_DomainJoin() auth:ntlmssp: Add back CRAP ndr debug output s3:ldap: Leave add machine code early for pre-existing accounts Günther Deschner (4): WHATSNEW: mention new vfs_glusterfs_fuse module s3-libnet_join: always pass down admin domain to ads layer s3-libnet_join: setup libnet join error string when AD connect fails s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join Karolin Seeger (5): VERSION: Bump version up to 4.9.6... Merge tag 'samba-4.9.6' into v4-9-test VERSION: Bump version up to 4.9.7. WHATSNEW: Add release notes for Samba 4.9.7. VERSION: Disable GIT_SNAPSHOT for the 4.9.7 release. Marcos Mello (1): Send status to systemd on daemon start Martin Schwenke (14): ctdb-packaging: ctdb package should not own system library directory ctdb-packaging: Test package requires tcpdump ctdb-tests: Add some testing for IPv4-mapped IPv6 address parsing ctdb-scripts: Reindent some functions prior to making changes ctdb-scripts: Rename variable nfslock_service to nfs_lock_service ctdb-scripts: Add test variable CTDB_NFS_DISTRO_STYLE ctdb-scripts: Factor out nfs_load_config() ctdb-scripts: Stop/start mount/rquotad/status via NFS call-out ctdb-scripts: Start NFS quota service if defined ctdb-scripts: Add systemd services to NFS call-out ctdb-tests: Update NFS test infrastructure to support systemd services ctdb-scripts: Allow load_system_config() to take multiple alternatives ctdb-scripts: Update statd-callout to try several configuration files ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake" Michael Hanselmann (4): Fix typos in "valid" regfio: Use correct function names in debug information regfio: Add trivial unit test regfio: Improve handling of malformed registry hive files Noel Power (2): python/samba: PY3 port for ridalloc_exop test to work python/samba: extra ndr_unpack needs bytes function Philipp Gesang (1): libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response Ralph Boehme (1): CI: don't use swap Stefan Metzmacher (26): ndr_spoolss_b
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 86de3470b4c VERSION: Bump version up to 4.9.8... via c8e9b9fe7cc VERSION: Disable GIT_SNAPSHOT for the 4.9.7 release. via b9fac394ab0 WHATSNEW: Add release notes for Samba 4.9.7. from 16462634503 s3/vfs_glusterfs: Dynamically determine NAME_MAX https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 86de3470b4c342857d1c8408929ef4637fdf1937 Author: Karolin Seeger Date: Tue Apr 16 12:39:04 2019 +0200 VERSION: Bump version up to 4.9.8... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit c8e9b9fe7ccb3e5ef03b9f8fedf29a74b4f5ccae Author: Karolin Seeger Date: Tue Apr 16 12:36:59 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.9.7 release. Signed-off-by: Karolin Seeger commit b9fac394ab0578a3380e9e5a37422e82e408566a Author: Karolin Seeger Date: Tue Apr 16 12:32:51 2019 +0200 WHATSNEW: Add release notes for Samba 4.9.7. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 120 ++- 2 files changed, 119 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index c0a407a83f4..6d6a27b4aeb 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=9 -SAMBA_VERSION_RELEASE=7 +SAMBA_VERSION_RELEASE=8 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 25f826e441b..d135527fa1b 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,119 @@ + = + Release Notes for Samba 4.9.7 +May 1, 2019 + = + + +This is the latest stable release of the Samba 4.9 release series. + + +Changes since 4.9.6: + + +o Douglas Bagnall + * BUG 13837: py/kcc_utils: py2.6 compatibility. + * BUG 13882: py/provision: Fix for Python 2.6. + +o Andrew Bartlett + * BUG 13840: regfio: Update code near recent changes to match README.Coding. + +o Günther Deschner + * BUG 13861: 'net ads join' to child domain fails when using + "-U admin@forestroot". + +o David Disseldorp + * BUG 13858: vfs_snapper: Drop unneeded fstat handler. + * BUG 13896: vfs_ceph: Explicitly enable libcephfs POSIX ACL support. + +o Philipp Gesang + * BUG 13869: libcli: Permit larger values of DataLength in + SMB2_ENCRYPTION_CAPABILITIES of negotiate response. + +o Michael Hanselmann + * BUG 13840: regfio: Improve handling of malformed registry hive files. + +o Amitay Isaacs + * BUG 13895: ctdb-common: Avoid race between fd and signal events. + +o Volker Lendecke + * BUG 13813: Fix idmap cache pollution with S-1-22- IDs on winbind hickup. + +o Marcos Mello + * BUG 11568: Send status to systemd on daemon start. + +o Stefan Metzmacher + * BUG 10097: s3:smbd: Handle IO_REPARSE_TAG_DFS in + SMB_FIND_FILE_FULL_DIRECTORY_INFO. + * BUG 10344: smb2_tcon: Avoid STATUS_PENDING completely on tdis. + * BUG 12844: smb2_tcon: Avoid STATUS_PENDING responses for tree connect. + * BUG 12845: smb2_sesssetup: Avoid STATUS_PENDING responses for session + setup. + * BUG 13698: smb2_tcon: Avoid STATUS_PENDING responses for tree connect. + * BUG 13796: smb2_sesssetup: Avoid STATUS_PENDING responses for session + setup. + * BUG 13816: dbcheck in the middle of the tombstone garbage collection causes + replication failures. + * BUG 13818: ndr_spoolss_buf: Fix out of scope use of stack variable in + NDR_SPOOLSS_PUSH_ENUM_OUT(). + * BUG 13862: vfs_default: Fix vfswrap_offload_write_send() + NT_STATUS_INVALID_VIEW_SIZE check. + * BUG 13863: smb2_server: Grant all 8192 credits to clients. + +o Noel Power + * python/samba: extra ndr_unpack needs bytes function + +o Anoop C S + * BUG 13872: s3/vfs_glusterfs[_fuse]: Dynamically determine NAME_MAX. + +o Christof Schmitt + * passdb: Update ABI to 0.27.2. + * BUG 13813: lib/winbind_util: Add winbind_xid_to_sid for --without-winbind. + * BUG 13865: memcache: Increase size of default memcache to 512k. + +o Andreas Schneider + * BUG 13823: lib:util: Move debug message for mkdir failing to log level 1. + * BUG 13832: Printing via smbspool backend with Kerberos auth fails. + * BUG 13847: s4:librpc: Fix installation of Samba. + * BUG 13848: s3:lib: Fix the debug message for adding cache entries. + * BUG 13853: s3:waf: Fix the detection of makdev() macro on Linux. + * BUG 13857: docs: Update smbclient manpage for --max-protocol. + * BUG 13861
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 16462634503 s3/vfs_glusterfs: Dynamically determine NAME_MAX via f6907809a8e s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX from 571f7034fcc docs/vfs_ceph: describe new ACL behaviour https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 16462634503e535c3407a51a8287208f1f67e147 Author: Anoop C S Date: Thu Apr 25 16:41:53 2019 +0530 s3/vfs_glusterfs: Dynamically determine NAME_MAX BUG: https://bugzilla.samba.org/show_bug.cgi?id=13872 Signed-off-by: Anoop C S Reviewed-by: Guenther Deschner Reviewed-by: Ralph Boehme (cherry picked from commit 8e3a042eb9e502821b147f1bbb2d98d59f17a095) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Tue Apr 30 16:05:51 UTC 2019 on sn-devel-144 commit f6907809a8efa758e22ba3576c6a76dec1bc5ddc Author: Anoop C S Date: Thu Apr 25 16:42:01 2019 +0530 s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX This allows the vfs_glusterfs_fuse build to complete on AIX. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13872 Signed-off-by: Anoop C S Reviewed-by: Guenther Deschner Reviewed-by: Ralph Boehme (cherry picked from commit e28d172b00cadf492c22bd892e2dda3bf2fe2d70) --- Summary of changes: source3/modules/vfs_glusterfs.c | 37 source3/modules/vfs_glusterfs_fuse.c | 32 +-- 2 files changed, 55 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c index fc2ea2addeb..e8c88a0abe0 100644 --- a/source3/modules/vfs_glusterfs.c +++ b/source3/modules/vfs_glusterfs.c @@ -1450,20 +1450,36 @@ static int vfs_gluster_chflags(struct vfs_handle_struct *handle, static int vfs_gluster_get_real_filename(struct vfs_handle_struct *handle, const char *path, const char *name, -TALLOC_CTX *mem_ctx, char **found_name) +TALLOC_CTX *mem_ctx, char **_found_name) { int ret; - char key_buf[NAME_MAX + 64]; - char val_buf[NAME_MAX + 1]; + char *key_buf = NULL, *val_buf = NULL; + long name_max; + char *found_name = NULL; - if (strlen(name) >= NAME_MAX) { + name_max = pathconf(path, _PC_NAME_MAX); + if ((name_max + 1) < 1) { + errno = EINVAL; + return -1; + } + + if (strlen(name) >= name_max) { errno = ENAMETOOLONG; return -1; } - snprintf(key_buf, NAME_MAX + 64, -"glusterfs.get_real_filename:%s", name); + key_buf = talloc_asprintf(mem_ctx, "glusterfs.get_real_filename:%s", + name); + if (key_buf == NULL) { + errno = ENOMEM; + return -1; + } + val_buf = talloc_zero_array(mem_ctx, char, name_max + 1); + if (val_buf == NULL) { + errno = ENOMEM; + return -1; + } ret = glfs_getxattr(handle->data, path, key_buf, val_buf, NAME_MAX + 1); if (ret == -1) { if (errno == ENOATTR) { @@ -1472,11 +1488,16 @@ static int vfs_gluster_get_real_filename(struct vfs_handle_struct *handle, return -1; } - *found_name = talloc_strdup(mem_ctx, val_buf); - if (found_name[0] == NULL) { + found_name = talloc_strdup(mem_ctx, val_buf); + if (found_name == NULL) { errno = ENOMEM; return -1; } + *_found_name = found_name; + + TALLOC_FREE(key_buf); + TALLOC_FREE(val_buf); + return 0; } diff --git a/source3/modules/vfs_glusterfs_fuse.c b/source3/modules/vfs_glusterfs_fuse.c index 8855cd18d01..0b1de9fcdb2 100644 --- a/source3/modules/vfs_glusterfs_fuse.c +++ b/source3/modules/vfs_glusterfs_fuse.c @@ -28,19 +28,35 @@ static int vfs_gluster_fuse_get_real_filename(struct vfs_handle_struct *handle, char **_found_name) { int ret; - char key_buf[NAME_MAX + 64]; - char val_buf[NAME_MAX + 1]; + char *key_buf = NULL, *val_buf = NULL; + long name_max; char *found_name = NULL; - if (strlen(name) >= NAME_MAX) { + name_max = pathconf(path, _PC_NAME_MAX); + if ((name_max + 1) < 1) { + errno = EINVAL; + return -1; + } + + if (strlen(name) >= name_max) { errno = ENAMETOOLONG; return -1; } - snprintf(key_buf, NAME_MAX + 64, -"glusterfs
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via c7b67d3cb37 s3/vfs_glusterfs: Dynamically determine NAME_MAX via 3c027df87fe s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX from faa61e3c878 docs/vfs_ceph: describe new ACL behaviour https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit c7b67d3cb37565bc246e1dd6b4ac869c50771d34 Author: Anoop C S Date: Thu Apr 25 16:41:53 2019 +0530 s3/vfs_glusterfs: Dynamically determine NAME_MAX BUG: https://bugzilla.samba.org/show_bug.cgi?id=13872 Signed-off-by: Anoop C S Reviewed-by: Guenther Deschner Reviewed-by: Ralph Boehme (cherry picked from commit 8e3a042eb9e502821b147f1bbb2d98d59f17a095) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Tue Apr 30 13:54:14 UTC 2019 on sn-devel-144 commit 3c027df87fef6e8ffbd754b20561d4556e748935 Author: Anoop C S Date: Thu Apr 25 16:42:01 2019 +0530 s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX This allows the vfs_glusterfs_fuse build to complete on AIX. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13872 Signed-off-by: Anoop C S Reviewed-by: Guenther Deschner Reviewed-by: Ralph Boehme (cherry picked from commit e28d172b00cadf492c22bd892e2dda3bf2fe2d70) --- Summary of changes: source3/modules/vfs_glusterfs.c | 37 source3/modules/vfs_glusterfs_fuse.c | 32 +-- 2 files changed, 55 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c index 601be5a2da4..5e8aad8ab5e 100644 --- a/source3/modules/vfs_glusterfs.c +++ b/source3/modules/vfs_glusterfs.c @@ -1446,20 +1446,36 @@ static int vfs_gluster_chflags(struct vfs_handle_struct *handle, static int vfs_gluster_get_real_filename(struct vfs_handle_struct *handle, const char *path, const char *name, -TALLOC_CTX *mem_ctx, char **found_name) +TALLOC_CTX *mem_ctx, char **_found_name) { int ret; - char key_buf[NAME_MAX + 64]; - char val_buf[NAME_MAX + 1]; + char *key_buf = NULL, *val_buf = NULL; + long name_max; + char *found_name = NULL; - if (strlen(name) >= NAME_MAX) { + name_max = pathconf(path, _PC_NAME_MAX); + if ((name_max + 1) < 1) { + errno = EINVAL; + return -1; + } + + if (strlen(name) >= name_max) { errno = ENAMETOOLONG; return -1; } - snprintf(key_buf, NAME_MAX + 64, -"glusterfs.get_real_filename:%s", name); + key_buf = talloc_asprintf(mem_ctx, "glusterfs.get_real_filename:%s", + name); + if (key_buf == NULL) { + errno = ENOMEM; + return -1; + } + val_buf = talloc_zero_array(mem_ctx, char, name_max + 1); + if (val_buf == NULL) { + errno = ENOMEM; + return -1; + } ret = glfs_getxattr(handle->data, path, key_buf, val_buf, NAME_MAX + 1); if (ret == -1) { if (errno == ENOATTR) { @@ -1468,11 +1484,16 @@ static int vfs_gluster_get_real_filename(struct vfs_handle_struct *handle, return -1; } - *found_name = talloc_strdup(mem_ctx, val_buf); - if (found_name[0] == NULL) { + found_name = talloc_strdup(mem_ctx, val_buf); + if (found_name == NULL) { errno = ENOMEM; return -1; } + *_found_name = found_name; + + TALLOC_FREE(key_buf); + TALLOC_FREE(val_buf); + return 0; } diff --git a/source3/modules/vfs_glusterfs_fuse.c b/source3/modules/vfs_glusterfs_fuse.c index 8855cd18d01..0b1de9fcdb2 100644 --- a/source3/modules/vfs_glusterfs_fuse.c +++ b/source3/modules/vfs_glusterfs_fuse.c @@ -28,19 +28,35 @@ static int vfs_gluster_fuse_get_real_filename(struct vfs_handle_struct *handle, char **_found_name) { int ret; - char key_buf[NAME_MAX + 64]; - char val_buf[NAME_MAX + 1]; + char *key_buf = NULL, *val_buf = NULL; + long name_max; char *found_name = NULL; - if (strlen(name) >= NAME_MAX) { + name_max = pathconf(path, _PC_NAME_MAX); + if ((name_max + 1) < 1) { + errno = EINVAL; + return -1; + } + + if (strlen(name) >= name_max) { errno = ENAMETOOLONG; return -1; } - snprintf(key_buf, NAME_MAX + 64, -"glusterfs
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 571f7034fcc docs/vfs_ceph: describe new ACL behaviour via c5089041e62 vfs_ceph: explicitly enable libcephfs POSIX ACL support via 7abc1442500 smb2_server: grant all 8192 credits to clients via 74001095d25 vfs_default: fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check via a50c4d7a891 vfs_default: fix DEBUG messages in vfswrap_offload_write_*_done() via dedeaf370eb vfs_snapper: drop unneeded fstat handler via c8bdbc39955 smb2_tcon: avoid STATUS_PENDING completely on tdis via d8d3e6895ae smb2_sesssetup: avoid STATUS_PENDING completely on session logoff via 6122f423d8d smb2_tcon: avoid STATUS_PENDING responses for tree connect via dc06b1b364d smb2_sesssetup: avoid STATUS_PENDING responses for session setup via 8d6361b63bb smb2_server: allow smbd_smb2_request_pending_queue(0) to avoid STATUS_PENDING via 7aa443a3cf3 s3:smbd: handle IO_REPARSE_TAG_DFS in SMB_FIND_FILE_FULL_DIRECTORY_INFO from 945a41d3841 ctdb-common: Avoid race between fd and signal events https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 571f7034fcca118b455c2f8f35ee88f1b081c0d9 Author: David Disseldorp Date: Fri Apr 12 13:55:50 2019 +0200 docs/vfs_ceph: describe new ACL behaviour vfs_ceph now explicitly enables libcephfs POSIX ACL support. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13896 Signed-off-by: David Disseldorp Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Fri Apr 12 19:40:25 UTC 2019 on sn-devel-144 (cherry picked from commit 58314d71ea63e36d5f1bbd2c3e190b1edffee726) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Wed Apr 24 11:05:08 UTC 2019 on sn-devel-144 commit c5089041e6210e8b8836a227d92348aa0b3983a0 Author: David Disseldorp Date: Fri Apr 12 13:52:43 2019 +0200 vfs_ceph: explicitly enable libcephfs POSIX ACL support libcephfs disables ACL support by default and returns -EOPNOTSUPP in the POSIX ACL get/setxattr paths as a result. Enable support by setting the following Ceph config parameters during mount: client acl type = posix_acl fuse default permissions = false Bug: https://bugzilla.samba.org/show_bug.cgi?id=13896 Signed-off-by: David Disseldorp Reviewed-by: Jeremy Allison (cherry picked from commit 4982e282f2f2246952854ccc10d4787ac6653a7f) commit 7abc14425006beacfa1c5e296d3ddb506e6b3285 Author: Stefan Metzmacher Date: Wed Jan 16 12:24:04 2019 +0100 smb2_server: grant all 8192 credits to clients This seems to match Windows Server 2016. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13863 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 829f692fb1552e56c6a9726036a995b4328731dd) commit 74001095d25e6130979b5c9c973cc2414c9d60f7 Author: Stefan Metzmacher Date: Tue Jul 31 12:29:29 2018 +0200 vfs_default: fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check This fixes a regression introduced in commit 60e45a2d25401eaf9a15a86d19114670ccfde259, where the 'num' variable was renamed to 'to_copy', but a new 'num' variable was introduced. Note that off_t is signed! In future we need to watch out for filesystems supporting FMODE_UNSIGNED_OFFSET on Linux. Which means they use it unsigned. This is more or less a theoretical problem, The NT_STATUS_INVALID_PARAMETER cases are catched before by SMB_VFS_PREAD_SEND/RECV. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13862 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit 4d6cd932a955a99ca33cc4aedd7f612e56e0b1de) commit a50c4d7a8915630c8d2707d07b6e6fd51e421e6d Author: Stefan Metzmacher Date: Wed Mar 27 12:43:32 2019 +0100 vfs_default: fix DEBUG messages in vfswrap_offload_write_*_done() SMB_VFS_{PREAD,PWRITE}_RECV() don't set errno, so we need to use strerror(aio_state.error) in the debug messages. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13862 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit 2abf9e9a95cbdf76109b3501dee3e0c34ad09194) commit dedeaf370eb40d55e0bb7d832e9e54bdf6baf49b Author: David Disseldorp Date: Mon Mar 25 18:06:15 2019 +0100 vfs_snapper: drop unneeded fstat handler fstat is handle based, and unlike vfs_shadow_copy2, we don't need to make any changes to the returned sbuf, so remove the existing handler which does nothing. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13858 Signed-off-by: David Disseldorp
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via faa61e3c878 docs/vfs_ceph: describe new ACL behaviour via bd3c73e0861 vfs_ceph: explicitly enable libcephfs POSIX ACL support via 822df5a6dc1 smb2_server: grant all 8192 credits to clients via d508ec61012 vfs_default: fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check via cfdec9a8563 vfs_default: fix DEBUG messages in vfswrap_offload_write_*_done() via 5d418910795 vfs_snapper: drop unneeded fstat handler via 94b7fcba46e smb2_tcon: avoid STATUS_PENDING completely on tdis via 0acd5de3532 smb2_sesssetup: avoid STATUS_PENDING completely on session logoff via 3e4d622e296 smb2_tcon: avoid STATUS_PENDING responses for tree connect via 914d7c53f4d smb2_sesssetup: avoid STATUS_PENDING responses for session setup via d0f5c69b11a smb2_server: allow smbd_smb2_request_pending_queue(0) to avoid STATUS_PENDING via 690ba5dc876 s3:smbd: handle IO_REPARSE_TAG_DFS in SMB_FIND_FILE_FULL_DIRECTORY_INFO from e23fdfe6730 ctdb-common: Avoid race between fd and signal events https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit faa61e3c87874baa3ca9ad474dfb803e59d13926 Author: David Disseldorp Date: Fri Apr 12 13:55:50 2019 +0200 docs/vfs_ceph: describe new ACL behaviour vfs_ceph now explicitly enables libcephfs POSIX ACL support. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13896 Signed-off-by: David Disseldorp Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Fri Apr 12 19:40:25 UTC 2019 on sn-devel-144 (cherry picked from commit 58314d71ea63e36d5f1bbd2c3e190b1edffee726) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Tue Apr 16 14:42:07 UTC 2019 on sn-devel-144 commit bd3c73e086159ca394b297b751b933750ee1 Author: David Disseldorp Date: Fri Apr 12 13:52:43 2019 +0200 vfs_ceph: explicitly enable libcephfs POSIX ACL support libcephfs disables ACL support by default and returns -EOPNOTSUPP in the POSIX ACL get/setxattr paths as a result. Enable support by setting the following Ceph config parameters during mount: client acl type = posix_acl fuse default permissions = false Bug: https://bugzilla.samba.org/show_bug.cgi?id=13896 Signed-off-by: David Disseldorp Reviewed-by: Jeremy Allison (cherry picked from commit 4982e282f2f2246952854ccc10d4787ac6653a7f) commit 822df5a6dc1cb4e4094924d1b88f1cd751f6e905 Author: Stefan Metzmacher Date: Wed Jan 16 12:24:04 2019 +0100 smb2_server: grant all 8192 credits to clients This seems to match Windows Server 2016. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13863 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 829f692fb1552e56c6a9726036a995b4328731dd) commit d508ec6101226b82ddd334828231bd543c13888b Author: Stefan Metzmacher Date: Tue Jul 31 12:29:29 2018 +0200 vfs_default: fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check This fixes a regression introduced in commit 60e45a2d25401eaf9a15a86d19114670ccfde259, where the 'num' variable was renamed to 'to_copy', but a new 'num' variable was introduced. Note that off_t is signed! In future we need to watch out for filesystems supporting FMODE_UNSIGNED_OFFSET on Linux. Which means they use it unsigned. This is more or less a theoretical problem, The NT_STATUS_INVALID_PARAMETER cases are catched before by SMB_VFS_PREAD_SEND/RECV. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13862 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit 4d6cd932a955a99ca33cc4aedd7f612e56e0b1de) commit cfdec9a8563beb95fb939eb1a5650ab0f19e948b Author: Stefan Metzmacher Date: Wed Mar 27 12:43:32 2019 +0100 vfs_default: fix DEBUG messages in vfswrap_offload_write_*_done() SMB_VFS_{PREAD,PWRITE}_RECV() don't set errno, so we need to use strerror(aio_state.error) in the debug messages. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13862 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit 2abf9e9a95cbdf76109b3501dee3e0c34ad09194) commit 5d418910795d0cf88a6815ca732de69e461be0ce Author: David Disseldorp Date: Mon Mar 25 18:06:15 2019 +0100 vfs_snapper: drop unneeded fstat handler fstat is handle based, and unlike vfs_shadow_copy2, we don't need to make any changes to the returned sbuf, so remove the existing handler which does nothing. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13858 Signed-off-by: David Disseldorp
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via e23fdfe6730 ctdb-common: Avoid race between fd and signal events via 8f43d725d36 ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake" from 182f329f541 torture: Add test for talloc size accounting in memcache https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit e23fdfe6730afe1ac920a58c94d48aba592c9c7a Author: Amitay Isaacs Date: Tue Apr 9 14:44:04 2019 +1000 ctdb-common: Avoid race between fd and signal events BUG: https://bugzilla.samba.org/show_bug.cgi?id=13895 In run_proc, there was an implicit assumption that when a process exits, fd event (pipe between parent and child) would be processed first and signal event (SIGCHLD for the child) would be processed later. However, that is not the case. SIGCHLD can be received asynchronously any time even when the pipe data has not fully been read. This causes run_proc to miss some of the output from child process in tests. When SIGCHLD is being processed, if the pipe between parent and child is still open, then do an explict read from the pipe to ensure we read any data still in the pipe before closing the pipe. Signed-off-by: Amitay Isaacs Reviewed-by: Martin Schwenke Autobuild-User(master): Amitay Isaacs Autobuild-Date(master): Fri Apr 12 08:19:29 UTC 2019 on sn-devel-144 (cherry picked from commit 289201277cd983b27cdfd5376c607eab112b4082) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Mon Apr 15 14:23:16 UTC 2019 on sn-devel-144 commit 8f43d725d3629daf17a2aaa3006f47021efad72d Author: Martin Schwenke Date: Fri Apr 5 16:17:35 2019 +1100 ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake" We also can not assume that nodes can be marked as connected via only the keepalive mechanism. Keepalives are not sent to disconnected nodes so, in the absence of other packets (e.g. broadcasts), 2 nodes may never become marked as connected to each other. Revert to marking nodes as connected in the TCP transport code. If a connection is to a non(-operational) ctdbd then it will revert to disconnected after a short while and may actually flap. This should be rare. This reverts commit 66919db3d7ab1e091223faf515b183af8bfddc83. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13888 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit 38dc6d11a26c2e9a2cae7927321f2216ceb1c5ec) --- Summary of changes: ctdb/common/run_proc.c | 7 +++ ctdb/tcp/tcp_connect.c | 3 +++ 2 files changed, 10 insertions(+) Changeset truncated at 500 lines: diff --git a/ctdb/common/run_proc.c b/ctdb/common/run_proc.c index 97895b383b9..037b6d9651d 100644 --- a/ctdb/common/run_proc.c +++ b/ctdb/common/run_proc.c @@ -295,6 +295,13 @@ again: proc->result.sig = WTERMSIG(status); } + /* Confirm that all data has been read from the pipe */ + if (proc->fd != -1) { + proc_read_handler(ev, proc->fde, 0, proc); + TALLOC_FREE(proc->fde); + proc->fd = -1; + } + /* Active run_proc request */ if (proc->req != NULL) { run_proc_done(proc->req); diff --git a/ctdb/tcp/tcp_connect.c b/ctdb/tcp/tcp_connect.c index 13452a5e83b..385547e0e78 100644 --- a/ctdb/tcp/tcp_connect.c +++ b/ctdb/tcp/tcp_connect.c @@ -122,6 +122,9 @@ static void ctdb_node_connect_write(struct tevent_context *ev, /* the queue subsystem now owns this fd */ tnode->fd = -1; + + /* tell the ctdb layer we are connected */ + node->ctdb->upcalls->node_connected(node); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 945a41d3841 ctdb-common: Avoid race between fd and signal events via d9c47cb86e0 ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake" from e974e44014b torture: Add test for talloc size accounting in memcache https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 945a41d38415ca273fb62f0dc3cea66d1fa29991 Author: Amitay Isaacs Date: Tue Apr 9 14:44:04 2019 +1000 ctdb-common: Avoid race between fd and signal events BUG: https://bugzilla.samba.org/show_bug.cgi?id=13895 In run_proc, there was an implicit assumption that when a process exits, fd event (pipe between parent and child) would be processed first and signal event (SIGCHLD for the child) would be processed later. However, that is not the case. SIGCHLD can be received asynchronously any time even when the pipe data has not fully been read. This causes run_proc to miss some of the output from child process in tests. When SIGCHLD is being processed, if the pipe between parent and child is still open, then do an explict read from the pipe to ensure we read any data still in the pipe before closing the pipe. Signed-off-by: Amitay Isaacs Reviewed-by: Martin Schwenke Autobuild-User(master): Amitay Isaacs Autobuild-Date(master): Fri Apr 12 08:19:29 UTC 2019 on sn-devel-144 (cherry picked from commit 289201277cd983b27cdfd5376c607eab112b4082) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Mon Apr 15 12:55:46 UTC 2019 on sn-devel-144 commit d9c47cb86e0a3200cb8de9581596a24fbeb5b3e1 Author: Martin Schwenke Date: Fri Apr 5 16:17:35 2019 +1100 ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake" We also can not assume that nodes can be marked as connected via only the keepalive mechanism. Keepalives are not sent to disconnected nodes so, in the absence of other packets (e.g. broadcasts), 2 nodes may never become marked as connected to each other. Revert to marking nodes as connected in the TCP transport code. If a connection is to a non(-operational) ctdbd then it will revert to disconnected after a short while and may actually flap. This should be rare. This reverts commit 66919db3d7ab1e091223faf515b183af8bfddc83. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13888 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit 38dc6d11a26c2e9a2cae7927321f2216ceb1c5ec) --- Summary of changes: ctdb/common/run_proc.c | 7 +++ ctdb/tcp/tcp_connect.c | 3 +++ 2 files changed, 10 insertions(+) Changeset truncated at 500 lines: diff --git a/ctdb/common/run_proc.c b/ctdb/common/run_proc.c index 97895b383b9..037b6d9651d 100644 --- a/ctdb/common/run_proc.c +++ b/ctdb/common/run_proc.c @@ -295,6 +295,13 @@ again: proc->result.sig = WTERMSIG(status); } + /* Confirm that all data has been read from the pipe */ + if (proc->fd != -1) { + proc_read_handler(ev, proc->fde, 0, proc); + TALLOC_FREE(proc->fde); + proc->fd = -1; + } + /* Active run_proc request */ if (proc->req != NULL) { run_proc_done(proc->req); diff --git a/ctdb/tcp/tcp_connect.c b/ctdb/tcp/tcp_connect.c index 13452a5e83b..385547e0e78 100644 --- a/ctdb/tcp/tcp_connect.c +++ b/ctdb/tcp/tcp_connect.c @@ -122,6 +122,9 @@ static void ctdb_node_connect_write(struct tevent_context *ev, /* the queue subsystem now owns this fd */ tnode->fd = -1; + + /* tell the ctdb layer we are connected */ + node->ctdb->upcalls->node_connected(node); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via e974e44014b torture: Add test for talloc size accounting in memcache via e09262b7a0f memcache: Increase size of default memcache to 512k via a54038bf5f8 memcache: Properly track the size of talloc objects via 116c874f1ff memcache: Introduce struct for storing talloc pointer via 49fa08814e2 ctdb-scripts: Update statd-callout to try several configuration files via dae0e8ec961 ctdb-scripts: Allow load_system_config() to take multiple alternatives via 14069988a97 ctdb-tests: Update NFS test infrastructure to support systemd services via aee71ea6863 ctdb-scripts: Add systemd services to NFS call-out via 7932032de40 ctdb-scripts: Start NFS quota service if defined via 5a97b7f00ab ctdb-scripts: Stop/start mount/rquotad/status via NFS call-out via f00827672cb ctdb-scripts: Factor out nfs_load_config() via 022b9a6ca7d ctdb-scripts: Add test variable CTDB_NFS_DISTRO_STYLE via 117586288be ctdb-scripts: Rename variable nfslock_service to nfs_lock_service via d415458f6fc ctdb-scripts: Reindent some functions prior to making changes from d78118d0af5 py/provision: fix for Python 2.6 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit e974e44014b9ea5b6c62f81b63a9288eec82d5ff Author: Christof Schmitt Date: Thu Mar 28 10:46:43 2019 -0700 torture: Add test for talloc size accounting in memcache BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865 Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Sat Apr 6 06:08:42 UTC 2019 on sn-devel-144 (cherry picked from commit b7028c42462c34cf86cb949bfdb16ebc7ed0a6c6) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Fri Apr 12 11:29:26 UTC 2019 on sn-devel-144 commit e09262b7a0feca27aff2a64c5b36cefd13c676a4 Author: Christof Schmitt Date: Fri Apr 5 15:43:21 2019 -0700 memcache: Increase size of default memcache to 512k With the fixed accounting of talloc objects, the default cache size needs to increase. The exact increase required depends on the workloads, going form 256k to 512k seems like a reasonable guess. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865 Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison (cherry picked from commit 9ff5c0bab76c5d3d7bea1fcb79861d0c9a3b9839) commit a54038bf5f87189ebc46ae3da1335205efd03669 Author: Christof Schmitt Date: Mon Apr 1 16:23:35 2019 -0700 memcache: Properly track the size of talloc objects With memcache_add_talloc, the talloc object becomes part of the pool and the memcache_element stores a pointer to the talloc object. The size of the the talloc object was not used when tracking the used space, allowing the cache to grow larger than defined in the memcache_init call. Fix this by adding the size of the talloc object to the used space. Also record the initial size of the talloc object for proper adjustment of the used space in the cache later. This is in case the size of the talloc object is modified while being owned by the cache (e.g. allocating talloc child objects). This should never happen, but better be safe than ending up with a broken cache usage counter. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865 Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison (cherry picked from commit a04ca6f3438595ba7e1a110877f53d1cac0f0402) commit 116c874f1ff77d27a7ffb10c44a3cba8bad891a0 Author: Christof Schmitt Date: Mon Apr 1 15:38:59 2019 -0700 memcache: Introduce struct for storing talloc pointer This allows extending the additional data stored for talloced objects later. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865 Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison (cherry picked from commit 7c44f2f76eefb9156cb1d170c92b4ff07dd6a3d5) commit 49fa08814e2a1032e88353eec42b952316d6ec18 Author: Martin Schwenke Date: Wed Mar 20 21:22:43 2019 +1100 ctdb-scripts: Update statd-callout to try several configuration files The alternative seems to be to try something via CTDB_NFS_CALLOUT. That would be complicated and seems like overkill for something this simple. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit a2bd4085896804ee2da811e17f18c78a5bf4e658) commit dae0e8ec961dc96e2d75c9b5e7d1c47479a9c1e4 Author: Martin Schwenke Date: Wed Mar 20 21:19:49 2019 +1100 ctdb-scripts: Allow load_system_config() to take multiple alternatives The situation for NFS
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 182f329f541 torture: Add test for talloc size accounting in memcache via 1a82c4b9532 memcache: Increase size of default memcache to 512k via 43f3544e83f memcache: Properly track the size of talloc objects via d4ea61f5615 memcache: Introduce struct for storing talloc pointer via 6baf1529a81 ctdb-scripts: Update statd-callout to try several configuration files via 12f6eae2c9a ctdb-scripts: Allow load_system_config() to take multiple alternatives via 53e76ab4a8c ctdb-tests: Update NFS test infrastructure to support systemd services via 80c6b7d3914 ctdb-scripts: Add systemd services to NFS call-out via 002beda318b ctdb-scripts: Start NFS quota service if defined via ee78bddd083 ctdb-scripts: Stop/start mount/rquotad/status via NFS call-out via aaf8b6a66c0 ctdb-scripts: Factor out nfs_load_config() via b2aa818e4d8 ctdb-scripts: Add test variable CTDB_NFS_DISTRO_STYLE via a1275fedd21 ctdb-scripts: Rename variable nfslock_service to nfs_lock_service via 63453eb3fb6 ctdb-scripts: Reindent some functions prior to making changes from dda1c48a47c py/provision: fix for Python 2.6 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 182f329f54139decbbb394e10361922088278d07 Author: Christof Schmitt Date: Thu Mar 28 10:46:43 2019 -0700 torture: Add test for talloc size accounting in memcache BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865 Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Sat Apr 6 06:08:42 UTC 2019 on sn-devel-144 (cherry picked from commit b7028c42462c34cf86cb949bfdb16ebc7ed0a6c6) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Thu Apr 11 14:56:59 UTC 2019 on sn-devel-144 commit 1a82c4b95322a60fe231add5f4a965e8f828ccfa Author: Christof Schmitt Date: Fri Apr 5 15:43:21 2019 -0700 memcache: Increase size of default memcache to 512k With the fixed accounting of talloc objects, the default cache size needs to increase. The exact increase required depends on the workloads, going form 256k to 512k seems like a reasonable guess. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865 Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison (cherry picked from commit 9ff5c0bab76c5d3d7bea1fcb79861d0c9a3b9839) commit 43f3544e83f7c8a6efc95fc61013805ca3799be4 Author: Christof Schmitt Date: Mon Apr 1 16:23:35 2019 -0700 memcache: Properly track the size of talloc objects With memcache_add_talloc, the talloc object becomes part of the pool and the memcache_element stores a pointer to the talloc object. The size of the the talloc object was not used when tracking the used space, allowing the cache to grow larger than defined in the memcache_init call. Fix this by adding the size of the talloc object to the used space. Also record the initial size of the talloc object for proper adjustment of the used space in the cache later. This is in case the size of the talloc object is modified while being owned by the cache (e.g. allocating talloc child objects). This should never happen, but better be safe than ending up with a broken cache usage counter. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865 Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison (cherry picked from commit a04ca6f3438595ba7e1a110877f53d1cac0f0402) commit d4ea61f5615afc7220d0e90042d78d3535ae0120 Author: Christof Schmitt Date: Mon Apr 1 15:38:59 2019 -0700 memcache: Introduce struct for storing talloc pointer This allows extending the additional data stored for talloced objects later. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865 Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison (cherry picked from commit 7c44f2f76eefb9156cb1d170c92b4ff07dd6a3d5) commit 6baf1529a81abd808106949a93f0b55ba2085d05 Author: Martin Schwenke Date: Wed Mar 20 21:22:43 2019 +1100 ctdb-scripts: Update statd-callout to try several configuration files The alternative seems to be to try something via CTDB_NFS_CALLOUT. That would be complicated and seems like overkill for something this simple. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit a2bd4085896804ee2da811e17f18c78a5bf4e658) commit 12f6eae2c9affd4313655e870ee2d0cefadb1f95 Author: Martin Schwenke Date: Wed Mar 20 21:19:49 2019 +1100 ctdb-scripts: Allow load_system_config() to take multiple alternatives The situation
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via dda1c48a47c py/provision: fix for Python 2.6 via bdf59b416d2 s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join via f85efe206f9 s3-libnet_join: setup libnet join error string when AD connect fails via 05709dbaf2d s3-libnet_join: always pass down admin domain to ads layer via 837a141a4d9 s3:ldap: Leave add machine code early for pre-existing accounts via 78f308084f5 s3:libads: Make sure we can lookup KDCs which are not configured via bd573b37c60 s3:libnet: Use more secure name for the JOIN krb5.conf via 936594d66b7 auth:creds: Prefer the principal over DOMAIN/username when using NTLM via 0b00c7a2d0a auth:ntlmssp: Add back CRAP ndr debug output via 2e96408eac8 s3:libnet: Fix debug message in libnet_DomainJoin() via 461090e0a12 s3:libsmb: Add some useful debug output to cliconnect via ada3417c5cb s3:libads: Print more information when LDAP fails via 54571d3325f docs: Update smbclient manpage for --max-protocol from cf323d769f0 VERSION: Bump version up to 4.10.3. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit dda1c48a47cd6a26757c8839dbbc4bbeb25d65a0 Author: Douglas Bagnall Date: Thu Apr 4 10:43:30 2019 +1300 py/provision: fix for Python 2.6 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13882 Signed-off-by: Douglas Bagnall Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Wed Apr 10 14:21:16 UTC 2019 on sn-devel-144 commit bdf59b416d224ef91696e98ac17348a8a6a5a5cd Author: Günther Deschner Date: Tue Apr 2 13:16:55 2019 +0200 s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join When a non-DNS and non-default admin domain is provided during the join sometimes we might not be able to kinit with 'user@SHORTDOMAINNAME' (e.g. when the winbind krb5 locator is not installed). In that case lets fallback to NTLMSSP, like we do in winbind. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Guenther Signed-off-by: Guenther Deschner Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Wed Apr 3 18:57:31 UTC 2019 on sn-devel-144 (cherry picked from commit 377d27359ccdb8f2680fda36ca388f44456590e5) commit f85efe206f9b192a7365ec7ada5e17c7c8655f49 Author: Günther Deschner Date: Tue Apr 2 13:16:11 2019 +0200 s3-libnet_join: setup libnet join error string when AD connect fails BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Guenther Signed-off-by: Guenther Deschner Reviewed-by: Andreas Schneider (cherry picked from commit 68121f46c74df9cef7a377040d01ba75cdcf5a26) commit 05709dbaf2d80f4c2d8a8931655e63b20e216c2a Author: Günther Deschner Date: Tue Apr 2 13:14:06 2019 +0200 s3-libnet_join: always pass down admin domain to ads layer Otherwise we could loose the information that a non-default domain name has been used for admin creds. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Guenther Signed-off-by: Guenther Deschner Reviewed-by: Andreas Schneider (cherry picked from commit ea29aa27cbac4253ee1701fed99a3e0811f7475d) commit 837a141a4d9cebfe0ce29bf367ca622fcd24 Author: Guenther Deschner Date: Mon Apr 1 17:40:03 2019 +0200 s3:ldap: Leave add machine code early for pre-existing accounts This avoids numerous LDAP constraint violation errors when we try to re-precreate an already existing machine account. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Pair-Programmed-With: Andreas Schneider Signed-off-by: Guenther Deschner Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme Reviewed-by: Andrew Bartlett (cherry picked from commit 2044ca0e20bd3180720a82506b3af041d14b5c68) commit 78f308084f5d762be88374adf784c0ac6d0ad847 Author: Andreas Schneider Date: Mon Apr 1 16:47:26 2019 +0200 s3:libads: Make sure we can lookup KDCs which are not configured BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Pair-Programmed-With: Guenther Deschner Signed-off-by: Guenther Deschner Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme Reviewed-by: Andrew Bartlett (cherry picked from commit c016afc832543514ebf7ecda1fbe6b272ea533d6) commit bd573b37c606ae12e34992431e745329cee3e1f2 Author: Andreas Schneider Date: Mon Apr 1 16:39:45 2019 +0200 s3:libnet: Use more secure name for the JOIN krb5.conf Currently we create krb5.conf..JOIN, use krb5.conf._JOIN_ instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme Reviewed-by: Andrew Bartlett
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via d78118d0af5 py/provision: fix for Python 2.6 via 7f1811ee4ff s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join via d101da493ec s3-libnet_join: setup libnet join error string when AD connect fails via 4147349c963 s3-libnet_join: always pass down admin domain to ads layer via e933ddb7744 s3:ldap: Leave add machine code early for pre-existing accounts via 55da00ced98 s3:libads: Make sure we can lookup KDCs which are not configured via cf210317a6f s3:libnet: Use more secure name for the JOIN krb5.conf via 33ec6f827ef auth:creds: Prefer the principal over DOMAIN/username when using NTLM via 1a239fa0bdb auth:ntlmssp: Add back CRAP ndr debug output via 7dce8031959 s3:libnet: Fix debug message in libnet_DomainJoin() via 0acb2e42fcb s3:libsmb: Add some useful debug output to cliconnect via be37e77bb31 s3:libads: Print more information when LDAP fails via b1d1f5f5ac3 docs: Update smbclient manpage for --max-protocol from d162726a2e7 VERSION: Bump version up to 4.9.7. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit d78118d0af5db92eb3872d2ccaab42ca73a68bdb Author: Douglas Bagnall Date: Thu Apr 4 10:43:30 2019 +1300 py/provision: fix for Python 2.6 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13882 Signed-off-by: Douglas Bagnall Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Tue Apr 9 13:52:03 UTC 2019 on sn-devel-144 commit 7f1811ee4ffb239ece2c5b78c993ba4d430fc0c2 Author: Günther Deschner Date: Tue Apr 2 13:16:55 2019 +0200 s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join When a non-DNS and non-default admin domain is provided during the join sometimes we might not be able to kinit with 'user@SHORTDOMAINNAME' (e.g. when the winbind krb5 locator is not installed). In that case lets fallback to NTLMSSP, like we do in winbind. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Guenther Signed-off-by: Guenther Deschner Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Wed Apr 3 18:57:31 UTC 2019 on sn-devel-144 (cherry picked from commit 377d27359ccdb8f2680fda36ca388f44456590e5) commit d101da493ec5d240c7beefe75508c8535a7fb5af Author: Günther Deschner Date: Tue Apr 2 13:16:11 2019 +0200 s3-libnet_join: setup libnet join error string when AD connect fails BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Guenther Signed-off-by: Guenther Deschner Reviewed-by: Andreas Schneider (cherry picked from commit 68121f46c74df9cef7a377040d01ba75cdcf5a26) commit 4147349c963e1a46b42431566758f5481b72fb3c Author: Günther Deschner Date: Tue Apr 2 13:14:06 2019 +0200 s3-libnet_join: always pass down admin domain to ads layer Otherwise we could loose the information that a non-default domain name has been used for admin creds. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Guenther Signed-off-by: Guenther Deschner Reviewed-by: Andreas Schneider (cherry picked from commit ea29aa27cbac4253ee1701fed99a3e0811f7475d) commit e933ddb774434d6805c5edfdf5229585e73754d0 Author: Guenther Deschner Date: Mon Apr 1 17:40:03 2019 +0200 s3:ldap: Leave add machine code early for pre-existing accounts This avoids numerous LDAP constraint violation errors when we try to re-precreate an already existing machine account. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Pair-Programmed-With: Andreas Schneider Signed-off-by: Guenther Deschner Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme Reviewed-by: Andrew Bartlett (cherry picked from commit 2044ca0e20bd3180720a82506b3af041d14b5c68) commit 55da00ced9848798968126a9b1acf9b93b0b Author: Andreas Schneider Date: Mon Apr 1 16:47:26 2019 +0200 s3:libads: Make sure we can lookup KDCs which are not configured BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Pair-Programmed-With: Guenther Deschner Signed-off-by: Guenther Deschner Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme Reviewed-by: Andrew Bartlett (cherry picked from commit c016afc832543514ebf7ecda1fbe6b272ea533d6) commit cf210317a6f15b90ba22f2619e4ea2c84cef686e Author: Andreas Schneider Date: Mon Apr 1 16:39:45 2019 +0200 s3:libnet: Use more secure name for the JOIN krb5.conf Currently we create krb5.conf..JOIN, use krb5.conf._JOIN_ instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Signed-off-by: Andreas Schneider Reviewed-by: Ralph Boehme Reviewed-by: Andrew Bartlett
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b1582a4d09f CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey. via c79f719a840 CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey. via 17b3d2ebffd CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir() via 1899e16e6f5 CVE-2019-3870 pysmbd: Move umask manipuations as close as possible to users via d7580706e9a CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact via 0c8ad9c9dbe CVE-2019-3870 tests: Add test to check file-permissions are correct after provision via 6048103751a CVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten from 21d501bfa8f selftest: Correct name of flapping smb2.notify test https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b1582a4d09f4f6537f9067b4ff1d991acb624930 Author: Jeremy Allison Date: Wed Mar 27 12:51:27 2019 -0700 CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey. Remove the now unused code implementations of registry file io. As reported by Michael Hanselmann. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851 Signed-off-by: Jeremy Allison Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Mon Apr 8 11:43:31 UTC 2019 on sn-devel-144 commit c79f719a840dfa5e9682462ea58c8f48ca0012e5 Author: Jeremy Allison Date: Thu Mar 21 14:51:30 2019 -0700 CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey. The were not using VFS backend calls and could only work locally, and were unsafe against symlink races and other security issues. If the incoming handle is valid, return WERR_BAD_PATHNAME. [MS-RRP] states "The format of the file name is implementation-specific" so ensure we don't allow this. As reported by Michael Hanselmann. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851 Signed-off-by: Jeremy Allison Reviewed-by: Andrew Bartlett commit 17b3d2ebffd2775a3f7f5cdbe4330855f2e1b356 Author: Andrew Bartlett Date: Thu Mar 21 17:24:14 2019 +1300 CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir() mkdir() is the other call that requires a umask of 0 in Samba. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison commit 1899e16e6f552d0ab504d19f74aa5c42ab84504a Author: Andrew Bartlett Date: Thu Mar 14 18:20:06 2019 +1300 CVE-2019-3870 pysmbd: Move umask manipuations as close as possible to users Umask manipulation was added to pysmbd with e146fe5ef96c1522175a8e81db15d1e8879e5652 in 2012 and init_files_struct was split out in 747c3f1fb379bb68cc7479501b85741493c05812 in 2018 for Samba 4.9. (It was added to assist the smbd.create_file() routine used in the backup and restore tools, which needed to write files with full metadata). This in turn avoids leaving init_files_struct() without resetting the umask to the original, saved, value. Per umask(2) this is required before open() and mkdir() system calls (along side other file-like things such as those for Unix domain socks and FIFOs etc). Therefore for safety and clarify the additional 'belt and braces' umask manipuations elsewhere are removed. mkdir() will be protected by a umask() bracket, for correctness, in the next patch. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison commit d7580706e9ac75187ba5d926fd0e37a468a6da86 Author: Andrew Bartlett Date: Thu Mar 21 17:21:58 2019 +1300 CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison commit 0c8ad9c9dbeac1ad0ca3553a19d7bbf652bb650d Author: Tim Beale Date: Fri Mar 15 13:52:50 2019 +1300 CVE-2019-3870 tests: Add test to check file-permissions are correct after provision This provisions a new DC and checks there are no world-writable files in the new DC's private directory. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett Reviewed-by: Jeremy Allison commit 6048103751afa33f1951539ce36224a03b276604 Author: Tim Beale Date: Fri Mar 15 15:20:21 2019 +1300 CVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten The smbd changes the umask - if the code fails to restore the umask to what it was, then this is very bad. Add an extra check to every smbd-related test that the umask at the end o
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via cf323d769f0 VERSION: Bump version up to 4.10.3. via ebf34098fa3 Merge tag 'samba-4.10.2' into v4-10-test via 17cd92e1c36 VERSION: Disable GIT_SNAPSHOT for 4.10.2 release. via 619d39538fa WHATSNEW: Add release notes for Samba 4.10.2. via 67c837789f3 CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey. via 8e0a6867c4e CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir() via 9a4029b5d3b CVE-2019-3870 pysmbd: Move umask manipuations as close as possible to users via ebb9b7fa9ea CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact via 0b712415db6 CVE-2019-3870 tests: Add test to check file-permissions are correct after provision via c25ee5bd463 CVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten via 16fa173a144 VERSION: Bump version up to 4.10.2... from 61c4d715a73 VERSION: Bump version up to 4.10.2... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit cf323d769f0f75a8201b21e5563fc5481beb614e Author: Karolin Seeger Date: Mon Apr 8 12:30:35 2019 +0200 VERSION: Bump version up to 4.10.3. Signed-off-by: Karolin Seeger commit ebf34098fa30daac7cbae5c863e02d786c8c35b2 Merge: 61c4d715a73 17cd92e1c36 Author: Karolin Seeger Date: Mon Apr 8 12:30:18 2019 +0200 Merge tag 'samba-4.10.2' into v4-10-test samba: tag release samba-4.10.2 --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 66 - python/samba/tests/ntacls_backup.py| 18 +- python/samba/tests/posixacl.py | 4 +- python/samba/tests/smbd_base.py| 48 source3/rpc_server/winreg/srv_winreg_nt.c | 92 ++ source3/smbd/pysmbd.c | 45 +++ source4/selftest/tests.py | 1 + source4/setup/tests/provision_fileperms.sh | 71 +++ 9 files changed, 227 insertions(+), 120 deletions(-) create mode 100644 python/samba/tests/smbd_base.py create mode 100755 source4/setup/tests/provision_fileperms.sh Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index d84e7c0177a..9f59cca 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=10 -SAMBA_VERSION_RELEASE=2 +SAMBA_VERSION_RELEASE=3 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 9fd3e8abe10..f88d3e99b3c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,65 @@ + == + Release Notes for Samba 4.10.2 + April 8, 2019 + == + + +This is a security release in order to address the following defects: + +o CVE-2019-3870 (World writable files in Samba AD DC private/ dir) +o CVE-2019-3880 (Save registry file outside share as unprivileged user) + + +=== +Details +=== + +o CVE-2019-3870: + During the provision of a new Active Directory DC, some files in the private/ + directory are created world-writable. + +o CVE-2019-3880: + Authenticated users with write permission can trigger a symlink traversal to + write or detect files outside the Samba share. + +For more details and workarounds, please refer to the security advisories. + + +Changes since 4.10.1: +- + +o Andrew Bartlett + * BUG 13834: CVE-2019-3870: pysmbd: Ensure a zero umask is set for + smbd.mkdir(). + +o Jeremy Allison + * BUG 13851: CVE-2018-14629: rpc: winreg: Remove implementations of + SaveKey/RestoreKey. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older r
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via d162726a2e7 VERSION: Bump version up to 4.9.7. via 8ee79597846 Merge tag 'samba-4.9.6' into v4-9-test via dd7b68d11c0 VERSION: Disable GIT_SNAPSHOT for the 4.9.6 release. via 424563dbdab WHATSNEW: Add release notes for Samba 4.9.6. via d53121af802 CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey. via c92ac5ada09 CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir() via 30db48655f7 CVE-2019-3870 pysmbd: Move umask manipuations as close as possible to users via 65a175aac08 CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact via 83cc536a420 CVE-2019-3870 tests: Add test to check file-permissions are correct after provision via b708ce3f1ac CVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten via 49231313afe VERSION: Bump version up to 4.9.6... from d59cefc8c3b libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit d162726a2e7d9008930dad5e129b93f9837e1d9a Author: Karolin Seeger Date: Mon Apr 8 12:29:27 2019 +0200 VERSION: Bump version up to 4.9.7. Signed-off-by: Karolin Seeger commit 8ee7959784613bfc1a5c4b82eb9257c8be4f8352 Merge: d59cefc8c3b dd7b68d11c0 Author: Karolin Seeger Date: Mon Apr 8 12:29:09 2019 +0200 Merge tag 'samba-4.9.6' into v4-9-test samba: tag release samba-4.9.6 --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 66 - python/samba/tests/ntacls_backup.py| 17 +- python/samba/tests/posixacl.py | 4 +- python/samba/tests/smbd_base.py| 48 source3/rpc_server/winreg/srv_winreg_nt.c | 92 ++ source3/smbd/pysmbd.c | 45 +++ source4/selftest/tests.py | 1 + source4/setup/tests/provision_fileperms.sh | 71 +++ 9 files changed, 226 insertions(+), 120 deletions(-) create mode 100644 python/samba/tests/smbd_base.py create mode 100755 source4/setup/tests/provision_fileperms.sh Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 94639913d30..c0a407a83f4 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=9 -SAMBA_VERSION_RELEASE=6 +SAMBA_VERSION_RELEASE=7 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 46298bdbbbc..25f826e441b 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,65 @@ + = + Release Notes for Samba 4.9.6 + April 8, 2019 + = + + +This is a security release in order to address the following defects: + +o CVE-2019-3870 (World writable files in Samba AD DC private/ dir) +o CVE-2019-3880 (Save registry file outside share as unprivileged user) + + +=== +Details +=== + +o CVE-2019-3870: + During the provision of a new Active Directory DC, some files in the private/ + directory are created world-writable. + +o CVE-2019-3880: + Authenticated users with write permission can trigger a symlink traversal to + write or detect files outside the Samba share. + +For more details and workarounds, please refer to the security advisories. + + +Changes since 4.9.5: + + +o Andrew Bartlett + * BUG 13834: CVE-2019-3870: pysmbd: Ensure a zero umask is set for + smbd.mkdir(). + +o Jeremy Allison + * BUG 13851: CVE-2018-14629: rpc: winreg: Remove implementations of + SaveKey/RestoreKey. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older r
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via d7fef72c6a3 VERSION: Bump version up to 4.8.12. via 3e939106dff Merge tag 'samba-4.8.11' into v4-8-test via b7e91b13d4d VERSION: Disable GIT_SNAPSHOT for the 4.8.11 release. via b6093764277 WHATSNEW: Add release notes for Samba 4.8.11. via 9a3ee861e43 CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey. via 2d67f62153b VERSION: Bump version up to 4.8.11... from 260a15bd57c VERSION: Bump version up to 4.8.11... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit d7fef72c6a373e10289675ef180d49d739cd6a5b Author: Karolin Seeger Date: Mon Apr 8 12:28:05 2019 +0200 VERSION: Bump version up to 4.8.12. Signed-off-by: Karolin Seeger commit 3e939106dff459ae6569c0daf8d58474731f4db7 Merge: 260a15bd57c b7e91b13d4d Author: Karolin Seeger Date: Mon Apr 8 12:27:46 2019 +0200 Merge tag 'samba-4.8.11' into v4-8-test samba: tag release samba-4.8.11 --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 58 ++- source3/rpc_server/winreg/srv_winreg_nt.c | 92 ++- 3 files changed, 61 insertions(+), 91 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 786213801d0..1491cac258d 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=8 -SAMBA_VERSION_RELEASE=11 +SAMBA_VERSION_RELEASE=12 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index cc9123ee246..b51ba11f813 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,57 @@ + == + Release Notes for Samba 4.8.11 + April 8, 2019 + == + + +This is a security release in order to address the following defect: + +o CVE-2019-3880 (Save registry file outside share as unprivileged user) + + +=== +Details +=== + +o CVE-2018-14629: + Authenticated users with write permission + can trigger a symlink traversal to write + or detect files outside the Samba share. + +For more details and workarounds, please refer to the security advisory. + + +Changes since 4.8.10: +- + +o Jeremy Allison + * BUG 13851: CVE-2018-14629: rpc: winreg: Remove implementations of + SaveKey/RestoreKey. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + == Release Notes for Samba 4.8.10 April 4, 2019 @@ -109,8 +163,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + = Release Notes for Samba 4.8.9 diff --git a/source3/rpc_server/winreg/srv_winreg_nt.c b/source3/rpc_server/winreg/srv_winreg_nt.c index d9ee8d0602d..816c6bb2a12 100644 --- a/source3/rpc_server/winreg/srv_winreg_nt.c +++ b/source3/rpc_server/winreg/srv_winreg_nt.c @@ -639,46 +639,6 @@ WERROR _winreg_AbortSystemShutdown(struct pipes_struct *p, return (ret == 0) ? WERR_OK : WERR_ACCESS_DENIED; } -/*** - / - -static int validate_reg_filename(TALLOC_CTX *ctx, char **pp_fname ) -{ - char *p = NULL; - int num_services = lp_numservices(); - int snum = -1; - const char *share_path = NULL; - char *fname = *pp_fname; - - /* convert
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 8c610e9 Announce Samba 4.10.2, 4.9.6 and 4.8.11 security releases. from 9d7be7c Add Samba 4.8.10. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 8c610e9b7043eac634a80582395c85b8393f2a67 Author: Karolin Seeger Date: Mon Apr 8 09:05:03 2019 +0200 Announce Samba 4.10.2, 4.9.6 and 4.8.11 security releases. Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 3 + history/samba-4.10.2.html| 61 + history/samba-4.8.11.html| 53 +++ history/samba-4.9.6.html | 61 + history/security.html| 20 + posted_news/20190408-073430.4.10.2.body.html | 23 + posted_news/20190408-073430.4.10.2.headline.html | 4 + security/CVE-2019-3870.html | 100 + security/CVE-2019-3880.html | 110 +++ 9 files changed, 435 insertions(+) create mode 100644 history/samba-4.10.2.html create mode 100644 history/samba-4.8.11.html create mode 100644 history/samba-4.9.6.html create mode 100644 posted_news/20190408-073430.4.10.2.body.html create mode 100644 posted_news/20190408-073430.4.10.2.headline.html create mode 100644 security/CVE-2019-3870.html create mode 100644 security/CVE-2019-3880.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index e4d6dd5..0751325 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,14 +9,17 @@ Release Notes + samba-4.10.2 samba-4.10.1 samba-4.10.0 + samba-4.9.6 samba-4.9.5 samba-4.9.4 samba-4.9.3 samba-4.9.2 samba-4.9.1 samba-4.9.0 + samba-4.8.11 samba-4.8.10 samba-4.8.9 samba-4.8.8 diff --git a/history/samba-4.10.2.html b/history/samba-4.10.2.html new file mode 100644 index 000..a5b5caa --- /dev/null +++ b/history/samba-4.10.2.html @@ -0,0 +1,61 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.10.2 - Release Notes + + +Samba 4.10.2 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.10.2.tar.gz;>Samba 4.10.2 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.10.2.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.10.1-4.10.2.diffs.gz;>Patch (gzipped) against Samba 4.10.1 +https://download.samba.org/pub/samba/patches/samba-4.10.1-4.10.2.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.10.2 + April 8, 2019 + == + + +This is a security release in order to address the following defects: + +o CVE-2019-3870 (World writable files in Samba AD DC private/ dir) +o CVE-2019-3880 (Save registry file outside share as unprivileged user) + + +=== +Details +=== + +o CVE-2019-3870: + During the provision of a new Active Directory DC, some files in the private/ + directory are created world-writable. + +o CVE-2019-3880: + Authenticated users with write permission can trigger a symlink traversal to + write or detect files outside the Samba share. + +For more details and workarounds, please refer to the security advisories. + + +Changes since 4.10.1: +- + +o Andrew Bartlett abart...@samba.org + * BUG 13834: CVE-2019-3870: pysmbd: Ensure a zero umask is set for + smbd.mkdir(). + +o Jeremy Allison j...@samba.org + * BUG 13851: CVE-2018-14629: rpc: winreg: Remove implementations of + SaveKey/RestoreKey. + + + + + + diff --git a/history/samba-4.8.11.html b/history/samba-4.8.11.html new file mode 100644 index 000..5be432b --- /dev/null +++ b/history/samba-4.8.11.html @@ -0,0 +1,53 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.8.11 - Release Notes + + +Samba 4.8.11 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.8.11.tar.gz;>Samba 4.8.11 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.8.11.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.8.10-4.8.11.diffs.gz;>Patch (gzipped) against Samba 4.8.10 +https://download.samba.org/pub/samba/patches/samba-4
[SCM] Samba Shared Repository - branch v4-10-stable updated
The branch, v4-10-stable has been updated via 17cd92e1c36 VERSION: Disable GIT_SNAPSHOT for 4.10.2 release. via 619d39538fa WHATSNEW: Add release notes for Samba 4.10.2. via 67c837789f3 CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey. via 8e0a6867c4e CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir() via 9a4029b5d3b CVE-2019-3870 pysmbd: Move umask manipuations as close as possible to users via ebb9b7fa9ea CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact via 0b712415db6 CVE-2019-3870 tests: Add test to check file-permissions are correct after provision via c25ee5bd463 CVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten via 16fa173a144 VERSION: Bump version up to 4.10.2... from e0cc225f8a4 VERSION: Disable GIT_SNAPSHOT for the 4.10.1 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-stable - Log - commit 17cd92e1c3672c4ffde7ca94546f57907d22262b Author: Karolin Seeger Date: Fri Apr 5 10:35:41 2019 +0200 VERSION: Disable GIT_SNAPSHOT for 4.10.2 release. CVE-2019-3870 (World writable files in Samba AD DC private/ dir) CVE-2019-3880 (Save registry file outside share as unprivileged user) Signed-off-by: Karolin Seeger commit 619d39538fa9453574a408f858d9168d152839de Author: Karolin Seeger Date: Fri Apr 5 10:18:41 2019 +0200 WHATSNEW: Add release notes for Samba 4.10.2. CVE-2019-3870 (World writable files in Samba AD DC private/ dir) CVE-2019-3880 (Save registry file outside share as unprivileged user) Signed-off-by: Karolin Seeger commit 67c837789f321c42230bfc3592652ce858f68da1 Author: Jeremy Allison Date: Thu Mar 21 14:51:30 2019 -0700 CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey. The were not using VFS backend calls and could only work locally, and were unsafe against symlink races and other security issues. If the incoming handle is valid, return WERR_BAD_PATHNAME. [MS-RRP] states "The format of the file name is implementation-specific" so ensure we don't allow this. As reported by Michael Hanselmann. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851 Signed-off-by: Jeremy Allison Reviewed-by: Andrew Bartlett commit 8e0a6867c4e3480c0269c87821b54f1451656ae7 Author: Andrew Bartlett Date: Thu Mar 21 17:24:14 2019 +1300 CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir() mkdir() is the other call that requires a umask of 0 in Samba. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison commit 9a4029b5d3be1f42da49d4e635f4637f76f01a22 Author: Andrew Bartlett Date: Thu Mar 14 18:20:06 2019 +1300 CVE-2019-3870 pysmbd: Move umask manipuations as close as possible to users Umask manipulation was added to pysmbd with e146fe5ef96c1522175a8e81db15d1e8879e5652 in 2012 and init_files_struct was split out in 747c3f1fb379bb68cc7479501b85741493c05812 in 2018 for Samba 4.9. (It was added to assist the smbd.create_file() routine used in the backup and restore tools, which needed to write files with full metadata). This in turn avoids leaving init_files_struct() without resetting the umask to the original, saved, value. Per umask(2) this is required before open() and mkdir() system calls (along side other file-like things such as those for Unix domain socks and FIFOs etc). Therefore for safety and clarify the additional 'belt and braces' umask manipuations elsewhere are removed. mkdir() will be protected by a umask() bracket, for correctness, in the next patch. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison commit ebb9b7fa9ead90906ff71fed68c30d093ab9c15a Author: Andrew Bartlett Date: Thu Mar 21 17:21:58 2019 +1300 CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison commit 0b712415db68dd5f0a082c036ba051f2b857aa2a Author: Tim Beale Date: Fri Mar 15 13:52:50 2019 +1300 CVE-2019-3870 tests: Add test to check file-permissions are correct after provision This provisions a new DC and checks there are no world-writable files in the new DC's private directory. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett Reviewed-by: Jeremy Allison commit c25ee5bd463d2d433a1b0a868e5d63e3490bc7fd Author: Tim Beale Date: Fri Mar 15 15:20:21 2019 +130
[SCM] Samba Shared Repository - annotated tag samba-4.10.2 created
The annotated tag, samba-4.10.2 has been created at 8d4a02f4ae9afe8927f89f8fcb061c2497fd265b (tag) tagging 17cd92e1c3672c4ffde7ca94546f57907d22262b (commit) replaces samba-4.10.1 tagged by Karolin Seeger on Fri Apr 5 10:37:31 2019 +0200 - Log - samba: tag release samba-4.10.2 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXKcTywAKCRBvM5FbZWi3 6hyTAKCNReIhKPDLjxX3CXF8t2p4gzVKjwCfVuU0Mvku2CyRP7m1pSjTXx5hXH8= =xyk/ -END PGP SIGNATURE- Andrew Bartlett (3): CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact CVE-2019-3870 pysmbd: Move umask manipuations as close as possible to users CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir() Jeremy Allison (1): CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey. Karolin Seeger (3): VERSION: Bump version up to 4.10.2... WHATSNEW: Add release notes for Samba 4.10.2. VERSION: Disable GIT_SNAPSHOT for 4.10.2 release. Tim Beale (2): CVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten CVE-2019-3870 tests: Add test to check file-permissions are correct after provision --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via dd7b68d11c0 VERSION: Disable GIT_SNAPSHOT for the 4.9.6 release. via 424563dbdab WHATSNEW: Add release notes for Samba 4.9.6. via d53121af802 CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey. via c92ac5ada09 CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir() via 30db48655f7 CVE-2019-3870 pysmbd: Move umask manipuations as close as possible to users via 65a175aac08 CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact via 83cc536a420 CVE-2019-3870 tests: Add test to check file-permissions are correct after provision via b708ce3f1ac CVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten via 49231313afe VERSION: Bump version up to 4.9.6... from 214ec9cf8f4 VERSION: Disable GIT_SNAPSHOT for the 4.9.5 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - commit dd7b68d11c0c51033cdac339ee511acbd7750ce3 Author: Karolin Seeger Date: Fri Apr 5 09:47:20 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.9.6 release. CVE-2019-3870 (World writable files in Samba AD DC private/ dir) CVE-2019-3880 (Save registry file outside share as unprivileged user) Signed-off-by: Karolin Seeger commit 424563dbdabe1e0b57862e7b522ecabe21cd7300 Author: Karolin Seeger Date: Fri Apr 5 09:45:46 2019 +0200 WHATSNEW: Add release notes for Samba 4.9.6. CVE-2019-3870 (World writable files in Samba AD DC private/ dir) CVE-2019-3880 (Save registry file outside share as unprivileged user) Signed-off-by: Karolin Seeger commit d53121af8028bb39c1d61e0f5c26ae1d30ab6351 Author: Jeremy Allison Date: Thu Mar 21 14:51:30 2019 -0700 CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey. The were not using VFS backend calls and could only work locally, and were unsafe against symlink races and other security issues. If the incoming handle is valid, return WERR_BAD_PATHNAME. [MS-RRP] states "The format of the file name is implementation-specific" so ensure we don't allow this. As reported by Michael Hanselmann. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851 Signed-off-by: Jeremy Allison Reviewed-by: Andrew Bartlett commit c92ac5ada094a2f3f10f15b65d6ba5c771261acd Author: Andrew Bartlett Date: Thu Mar 21 17:24:14 2019 +1300 CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir() mkdir() is the other call that requires a umask of 0 in Samba. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison commit 30db48655f7aae97586d9143b0c0e00308392115 Author: Andrew Bartlett Date: Thu Mar 14 18:20:06 2019 +1300 CVE-2019-3870 pysmbd: Move umask manipuations as close as possible to users Umask manipulation was added to pysmbd with e146fe5ef96c1522175a8e81db15d1e8879e5652 in 2012 and init_files_struct was split out in 747c3f1fb379bb68cc7479501b85741493c05812 in 2018 for Samba 4.9. (It was added to assist the smbd.create_file() routine used in the backup and restore tools, which needed to write files with full metadata). This in turn avoids leaving init_files_struct() without resetting the umask to the original, saved, value. Per umask(2) this is required before open() and mkdir() system calls (along side other file-like things such as those for Unix domain socks and FIFOs etc). Therefore for safety and clarify the additional 'belt and braces' umask manipuations elsewhere are removed. mkdir() will be protected by a umask() bracket, for correctness, in the next patch. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 Signed-off-by: Andrew Bartlett (This backport to Samba 4.9 by Andrew Bartlett is not a pure cherry-pick due to merge conflicts) commit 65a175aac08bc69eaaf6b4e011eb59b262e3417b Author: Andrew Bartlett Date: Thu Mar 21 17:21:58 2019 +1300 CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison commit 83cc536a42003bf2df0a5a121b07df33c1ffd96a Author: Tim Beale Date: Fri Mar 15 13:52:50 2019 +1300 CVE-2019-3870 tests: Add test to check file-permissions are correct after provision This provisions a new DC and checks there are no world-writable files in the new DC's private directory. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett Reviewed-by: Jeremy Alliso
[SCM] Samba Shared Repository - annotated tag samba-4.9.6 created
The annotated tag, samba-4.9.6 has been created at 6c49d62943ebe5f8fd694202ec2b54571f2e021b (tag) tagging dd7b68d11c0c51033cdac339ee511acbd7750ce3 (commit) replaces samba-4.9.5 tagged by Karolin Seeger on Fri Apr 5 09:51:22 2019 +0200 - Log - samba: tag release samba-4.9.6 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXKcI+gAKCRBvM5FbZWi3 6vt5AJ9WzVoD/By4HzUAnNngkW037CFc2gCfU0deL28KFqMiH4fDjAf/yBJYg6Q= =K5vP -END PGP SIGNATURE- Andrew Bartlett (3): CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact CVE-2019-3870 pysmbd: Move umask manipuations as close as possible to users CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir() Jeremy Allison (1): CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey. Karolin Seeger (3): VERSION: Bump version up to 4.9.6... WHATSNEW: Add release notes for Samba 4.9.6. VERSION: Disable GIT_SNAPSHOT for the 4.9.6 release. Tim Beale (2): CVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten CVE-2019-3870 tests: Add test to check file-permissions are correct after provision --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-8-stable updated
The branch, v4-8-stable has been updated via b7e91b13d4d VERSION: Disable GIT_SNAPSHOT for the 4.8.11 release. via b6093764277 WHATSNEW: Add release notes for Samba 4.8.11. via 9a3ee861e43 CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey. via 2d67f62153b VERSION: Bump version up to 4.8.11... from 4575c88005d VERSION: Disable GIT_SNAPSHOT for the 4.8.10 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-stable - Log - commit b7e91b13d4db1ca4237077c307c4b868ba553da2 Author: Karolin Seeger Date: Fri Apr 5 09:25:57 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.8.11 release. CVE-2019-3880 (Save registry file outside share as unprivileged user) Signed-off-by: Karolin Seeger commit b609376427757331a3adaad7ee06ab8c86249de3 Author: Karolin Seeger Date: Fri Apr 5 09:24:49 2019 +0200 WHATSNEW: Add release notes for Samba 4.8.11. CVE-2019-3880 (Save registry file outside share as unprivileged user) Signed-off-by: Karolin Seeger commit 9a3ee861e43f84d48ef47998ceeb3bbf29f0c948 Author: Jeremy Allison Date: Thu Mar 21 14:51:30 2019 -0700 CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey. The were not using VFS backend calls and could only work locally, and were unsafe against symlink races and other security issues. If the incoming handle is valid, return WERR_BAD_PATHNAME. [MS-RRP] states "The format of the file name is implementation-specific" so ensure we don't allow this. As reported by Michael Hanselmann. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851 Signed-off-by: Jeremy Allison Reviewed-by: Andrew Bartlett commit 2d67f62153b6961df4b0172231dc5508031f8861 Author: Karolin Seeger Date: Thu Apr 4 12:05:08 2019 +0200 VERSION: Bump version up to 4.8.11... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger (cherry picked from commit 260a15bd57c52c49234b606062763e10bf77c03e) --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 58 ++- source3/rpc_server/winreg/srv_winreg_nt.c | 92 ++- 3 files changed, 61 insertions(+), 91 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 5f6857a28b9..355fb3a99a5 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=8 -SAMBA_VERSION_RELEASE=10 +SAMBA_VERSION_RELEASE=11 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index cc9123ee246..b51ba11f813 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,57 @@ + == + Release Notes for Samba 4.8.11 + April 8, 2019 + == + + +This is a security release in order to address the following defect: + +o CVE-2019-3880 (Save registry file outside share as unprivileged user) + + +=== +Details +=== + +o CVE-2018-14629: + Authenticated users with write permission + can trigger a symlink traversal to write + or detect files outside the Samba share. + +For more details and workarounds, please refer to the security advisory. + + +Changes since 4.8.10: +- + +o Jeremy Allison + * BUG 13851: CVE-2018-14629: rpc: winreg: Remove implementations of + SaveKey/RestoreKey. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + == Release Notes for Samba 4.8.10 April 4, 2019 @@ -109,8 +163,8 @@ database (ht
[SCM] Samba Shared Repository - annotated tag samba-4.8.11 created
The annotated tag, samba-4.8.11 has been created at a0d023904936d3c5e6c2c6f38e996d665aa6399c (tag) tagging b7e91b13d4db1ca4237077c307c4b868ba553da2 (commit) replaces samba-4.8.10 tagged by Karolin Seeger on Fri Apr 5 09:29:12 2019 +0200 - Log - samba: tag release samba-4.8.11 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXKcDyAAKCRBvM5FbZWi3 6uHnAKCX4HyR/o80TYVIDgBft8B5wDx0rQCgkXs8Vo+9scuE+G/Vr8DjkMub8CI= =MZJO -END PGP SIGNATURE- Jeremy Allison (1): CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey. Karolin Seeger (3): VERSION: Bump version up to 4.8.11... WHATSNEW: Add release notes for Samba 4.8.11. VERSION: Disable GIT_SNAPSHOT for the 4.8.11 release. --- -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 9d7be7c Add Samba 4.8.10. via ec30e9d NEWS[4.8.10]: Samba 4.8.10 Available for Download via 919b776 Add Samba 4.10.1. from bc443c3 NEWS[4.10.1]: Samba 4.10.1 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 9d7be7c792c091c4db6c09fa8b808de068fbd8dd Author: Karolin Seeger Date: Thu Apr 4 12:17:45 2019 +0200 Add Samba 4.8.10. Signed-off-by: Karolin Seeger commit ec30e9d42251f05c9b0d807dfd48aa388484a516 Author: Karolin Seeger Date: Thu Apr 4 12:15:22 2019 +0200 NEWS[4.8.10]: Samba 4.8.10 Available for Download Signed-off-by: Karolin Seeger commit 919b7766463c8017a9d770b58b29ece8310b96b2 Author: Karolin Seeger Date: Thu Apr 4 12:17:08 2019 +0200 Add Samba 4.10.1. Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 2 + history/samba-4.8.10.html| 113 +++ posted_news/20190404-101725.4.8.10.body.html | 13 +++ posted_news/20190404-101725.4.8.10.headline.html | 3 + 4 files changed, 131 insertions(+) create mode 100644 history/samba-4.8.10.html create mode 100644 posted_news/20190404-101725.4.8.10.body.html create mode 100644 posted_news/20190404-101725.4.8.10.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index e4e89c5..e4d6dd5 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.10.1 samba-4.10.0 samba-4.9.5 samba-4.9.4 @@ -16,6 +17,7 @@ samba-4.9.2 samba-4.9.1 samba-4.9.0 + samba-4.8.10 samba-4.8.9 samba-4.8.8 samba-4.8.7 diff --git a/history/samba-4.8.10.html b/history/samba-4.8.10.html new file mode 100644 index 000..f1fd3ba --- /dev/null +++ b/history/samba-4.8.10.html @@ -0,0 +1,113 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.8.10 - Release Notes + + +Samba 4.8.10 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.8.10.tar.gz;>Samba 4.8.10 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.8.10.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.8.9-4.8.10.diffs.gz;>Patch (gzipped) against Samba 4.8.9 +https://download.samba.org/pub/samba/patches/samba-4.8.9-4.8.10.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.8.10 + April 4, 2019 + == + + +This is the latest stable release of the Samba 4.8 release series. +Please note that this will very likely be the last bugfix release of the +Samba 4.8 release series. There will be security releases beyond this point +only. + + +Changes since 4.8.9: + + +o Jeremy Allison j...@samba.org + * BUG 13690: smbd: uid: Dont crash if force group is added to an existing + share connection. + * BUG 13770: s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility + code. + * BUG 13803: SMB1 POSIX mkdir does case insensitive name lookup. + +o Tim Beale timbe...@catalyst.net.nz + * ldb: Bump ldb version to 1.3.7. + * BUG 13686: samba-tool user syscpasswords fails on a domain with many DCs. + * BUG 13762: Performance regression in LDB one-level searches. + +o Ralph Boehme s...@samba.org + * BUG 13776: tldap: Avoid use after free errors. + * BUG 13802: Fix idmap xid2sid cache churn. + * BUG 13812: access_check_max_allowed() doesnt process Owner Rights ACEs. + +o Gnther Deschner g...@samba.org + * BUG 13746: s3-smbd: use fruit:model string for mDNS registration. + +o David Disseldorp dd...@samba.org + * BUG 13766: Printcap still processed with load printers disabled. + * BUG 13807: vfs_ceph strict_allocate_ftruncate calls (local FS) ftruncate + and fallocate. + +o Joe Guo j...@catalyst.net.nz + * BUG 13728: netcmd/user: python[3]-gpgme unsupported and replaced by + python[3]-gpg. + +o Amitay Isaacs ami...@gmail.com + * BUG 13520: Fix portability issues on freebsd. + +o Bjrn Jacke b...@sernet.de + * BUG 13759: sambaundoguididx: Use the right escaped oder unescaped sam ldb + files. + +o Volker Lendecke v...@samba.org + * BUG 13786: messages_dgm: Properly handle receiver re-initialization. + * BUG 13813: Fix idmap cache pollution with S-1-22- IDs
[SCM] Samba Shared Repository - branch v4-8-stable updated
The branch, v4-8-stable has been updated via 4575c88005d VERSION: Disable GIT_SNAPSHOT for the 4.8.10 release. via 3bfb6ee3915 WHATSNEW: Add release notes for Samba 4.8.10. via 501e28cc8d6 selftest: Make setexpiry test much more reliable via d1484add1fc s3:lib: Fix the debug message for adding cache entries. via 77b4430bd5e s3:waf: Fix the detection of makdev() macro on Linux via cf7d657a4d0 dbcheck: use the str() value of the "name" attribute via a41fa4dd1e9 dbcheck: don't check expired tombstone objects by default anymore via e0f6e6cff3e blackbox/dbcheck-links.sh: prepare regression test for skipping expired tombstones via 57f7ec5c1ca blackbox/dbcheck*.sh: pass --selftest-check-expired-tombstones to dbcheck via b388052af91 dbcheck: add --selftest-check-expired-tombstones cmdline option via f6f2efd080b python/samba/netcmd: provide SUPPRESS_HELP via Option class via 42c9e569e81 dbcheck: detect the change after deletion bug via 08f7f33acb9 blackbox/dbcheck-links.sh: add regression test for lost deleted object repair via 2272dea483e dbcheck: add find_repl_attid() helper function via 0473eab6862 dbcheck: don't remove dangling one-way links on already deleted objects via 0fd3f38c1cf dbcheck: don't move already deleted objects to LostAndFound via ac900c23b5b dbcheck: do isDeleted, systemFlags and replPropertyMetaData detection first via 3136a2cc546 dbcheck: use DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME when renaming deleted objects via 9daeafbfec8 dsdb:repl_meta_data: allow CONTROL_DBCHECK_FIX_LINK_DN_NAME to by pass rename via f91050ee547 blackbox/dbcheck-links.sh: reproduce lost deleted object problem via 833d543717c selftest: force running with TZ=UTC via 6da5ef15ec1 python/samba: extra ndr_unpack needs bytes function via 19a77a10b76 python/samba: PY3 port for ridalloc_exop test to work via 300d52de7e5 s4:librpc: Fix installation of Samba via 96a229b0281 ctdb-tests: Add some testing for IPv4-mapped IPv6 address parsing via 02da215c104 ctdb: Initialize addr struct to zero before reparsing as IPV4 via aeba27d3a48 ctdb-common: Add fd argument to ctdb_connection_list_read() via cd5f1904032 ctdb-protocol: Avoid fgets in ctdb_connection_list_read via 2c89c388518 ctdb-common: Add line based I/O via 4a5868be3a9 s3:client: Fix smbspool device uri handling via e28dd0f95b3 s3:client: Make sure we work on a copy of the title via f284a5c10f7 s3:client: Evaluate the AUTH_INFO_REQUIRED variable set by cups via f0f56e7e84f s3:client: Pass DEVICE_URI and AUTH_INFO_REQUIRED env to smbspool via cc43f3cd3aa s3:script: Fix jobid check in test_smbspool.sh via c7e7ea8d953 ndr_spoolss_buf: fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT() via 7b52da5ecdc Send status to systemd on daemon start via d3e306433f7 lib:util: Move debug message for mkdir failing to log level 1 via e655fa0a437 WHATSNEW: mention new vfs_glusterfs_fuse module via 57158ba47e7 lib/winbind_util: Add winbind_xid_to_sid for --without-winbind via 38d723896da lib/winbind_util: Move include out of ifdef via e2588af9cc4 passdb: Update ABI to 0.27.2 via d7ba89435d4 s3:passdb: add create_builtin_guests() via 79191a7193a passdb: Make [ug]id_to_sid use xid_to_sid via 4fd495159d1 passdb: Introduce xid_to_sid via e8bb1f65cd1 lib: Add dom_sid_str_buf via b9ac92992ce lib: Introduce winbind_xid_to_sid via 8d0a8864b17 winbind: Use idmap_cache_find_xid2sid via 0a2db567327 torture: Add tests for idmap cache via 894567e19ec idmap_cache: Introduce idmap_cache_find_xid2sid via dd9ca43d6a7 winbind: Now we explicitly track if we got ids from cache via c031b9e23ac winbind: Initialize "expired" parameter to idmap_cache_xid2sid via b0a1d90050c idmap_cache: Only touch "sid" on success in find_xid_to_sid via 14234542aa5 lib: Make idmap_cache return negative mappings via 29984beafc9 libcli/security: fix handling of deny type ACEs in access_check_max_allowed() via 05a54f9c0ef s4:torture: Add test_deny1(). via 8f77ba1b7c7 s4:torture: Add test_owner_rights_deny1(). via ebee56db540 libcli/security: correct access check and maximum access calculation for Owner Rights ACEs via b079f59768d s4:torture: Add test_owner_rights_deny(). via 72bab8d08b0 s4:torture: Fix the test_owner_rights() test to show permissions are additive. via 2fd618413db libcli/security: add "Owner Rights" calculation to access_check_max_allowed() via 7ab6b04558c s4:torture: add a Maximum Access check with an Owner Rights ACE via 021321f5a89 s4:libcli: remember return code from maximum access
[SCM] Samba Shared Repository - annotated tag samba-4.8.10 created
The annotated tag, samba-4.8.10 has been created at 5c1c63d028fa8d7f50c7216947b0465652db13a6 (tag) tagging 4575c88005d9af55cfff644e887406c0e8fd80de (commit) replaces ldb-1.3.8 tagged by Karolin Seeger on Thu Apr 4 12:15:01 2019 +0200 - Log - samba: tag release samba-4.8.10 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXKXZJQAKCRBvM5FbZWi3 6gGkAJ9M+mB6JnT68sFv2aNpCN4RSedQzgCgijybJlXeLej3VJXe4k+BxRKrAag= =bkQG -END PGP SIGNATURE- Amitay Isaacs (3): ctdb-common: Add line based I/O ctdb-protocol: Avoid fgets in ctdb_connection_list_read ctdb-common: Add fd argument to ctdb_connection_list_read() Andreas Schneider (9): lib:util: Move debug message for mkdir failing to log level 1 s3:script: Fix jobid check in test_smbspool.sh s3:client: Pass DEVICE_URI and AUTH_INFO_REQUIRED env to smbspool s3:client: Evaluate the AUTH_INFO_REQUIRED variable set by cups s3:client: Make sure we work on a copy of the title s3:client: Fix smbspool device uri handling s4:librpc: Fix installation of Samba s3:waf: Fix the detection of makdev() macro on Linux s3:lib: Fix the debug message for adding cache entries. Andrew Bartlett (1): selftest: Make setexpiry test much more reliable Björn Jacke (1): sambaundoguididx: use the right escaped oder unescaped sam ldb files Christof Schmitt (3): passdb: Update ABI to 0.27.2 lib/winbind_util: Move include out of ifdef lib/winbind_util: Add winbind_xid_to_sid for --without-winbind David Disseldorp (3): vfs_ceph: add missing fallocate hook vfs_ceph: fix strict_allocate_ftruncate() vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback Günther Deschner (1): WHATSNEW: mention new vfs_glusterfs_fuse module Jeremy Allison (8): s3: smbtorture3: Add POSIX-MKDIR test for posix_mkdir case sensitive bug. smbd: SMB1-POSIX: Add missing info-level SMB_POSIX_PATH_OPEN for UCF_UNIX_NAME_LOOKUP flag. smbd: unix_convert: Ensure we don't call get_real_filename on POSIX paths. s3: torture: Add additional POSIX mkdir tests. s3: smbd: filenames - ensure we replace the missing '/' if we error in an intermediate POSIX path. s4:torture: Fix the test_owner_rights() test to show permissions are additive. s4:torture: Add test_owner_rights_deny(). s4:torture: Add test_owner_rights_deny1(). Jiří Šašek (1): notifyd: Fix SIGBUS on sparc Karolin Seeger (2): WHATSNEW: Add release notes for Samba 4.8.10. VERSION: Disable GIT_SNAPSHOT for the 4.8.10 release. Marcos Mello (1): Send status to systemd on daemon start Martin Schwenke (1): ctdb-tests: Add some testing for IPv4-mapped IPv6 address parsing Noel Power (2): python/samba: PY3 port for ridalloc_exop test to work python/samba: extra ndr_unpack needs bytes function Ralph Boehme (13): winbindd: make a copy of xid's in wb_xids2sids_send() winbindd: make xids a const argument to wb_xids2sids_send() winbindd: convert id to a pointer in wb_xids2sids_dom_done() winbindd: update xid in wb_xids2sids_state->xids with what we got winbindd: switch send-next/done order winbindd: track whether a result from xid2sid was coming from the cache winbindd: set idmap cache entries as the last step in async wb_xids2sids s4:libcli: remember return code from maximum access s4:torture: add a Maximum Access check with an Owner Rights ACE libcli/security: add "Owner Rights" calculation to access_check_max_allowed() libcli/security: correct access check and maximum access calculation for Owner Rights ACEs s4:torture: Add test_deny1(). libcli/security: fix handling of deny type ACEs in access_check_max_allowed() Stefan Metzmacher (18): s3:passdb: add create_builtin_guests() ndr_spoolss_buf: fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT() selftest: force running with TZ=UTC blackbox/dbcheck-links.sh: reproduce lost deleted object problem dsdb:repl_meta_data: allow CONTROL_DBCHECK_FIX_LINK_DN_NAME to by pass rename dbcheck: use DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME when renaming deleted objects dbcheck: do isDeleted, systemFlags and replPropertyMetaData detection first dbcheck: don't move already deleted objects to LostAndFound dbcheck: don't remove dangling one-way links on already deleted objects dbcheck: add find_repl_attid() helper function blackbox/dbcheck-links.sh: add regression test for lost deleted object repair dbcheck: detect the change after deletion bug python/samba/netcmd: provide SUPPRESS_HELP via Option class dbcheck: add --selftest-check-expired-tombstones cmdline option blackbox/dbcheck*.sh: pass --selftest-check-expir
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 260a15bd57c VERSION: Bump version up to 4.8.11... via 4575c88005d VERSION: Disable GIT_SNAPSHOT for the 4.8.10 release. via 3bfb6ee3915 WHATSNEW: Add release notes for Samba 4.8.10. from 501e28cc8d6 selftest: Make setexpiry test much more reliable https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 260a15bd57c52c49234b606062763e10bf77c03e Author: Karolin Seeger Date: Thu Apr 4 12:05:08 2019 +0200 VERSION: Bump version up to 4.8.11... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 4575c88005d9af55cfff644e887406c0e8fd80de Author: Karolin Seeger Date: Thu Apr 4 12:04:25 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.8.10 release. Signed-off-by: Karolin Seeger commit 3bfb6ee3915b5ddb75e2d8fd68333967bc774f21 Author: Karolin Seeger Date: Thu Apr 4 12:03:47 2019 +0200 WHATSNEW: Add release notes for Samba 4.8.10. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 118 ++- 2 files changed, 117 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 4af3bce2529..786213801d0 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=8 -SAMBA_VERSION_RELEASE=10 +SAMBA_VERSION_RELEASE=11 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 52d5656d0f4..cc9123ee246 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,117 @@ + == + Release Notes for Samba 4.8.10 + April 4, 2019 + == + + +This is the latest stable release of the Samba 4.8 release series. +Please note that this will very likely be the last bugfix release of the +Samba 4.8 release series. There will be security releases beyond this point +only. + + +Changes since 4.8.9: + + +o Jeremy Allison + * BUG 13690: smbd: uid: Don't crash if 'force group' is added to an existing + share connection. + * BUG 13770: s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility + code. + * BUG 13803: SMB1 POSIX mkdir does case insensitive name lookup. + +o Tim Beale + * ldb: Bump ldb version to 1.3.7. + * BUG 13686: 'samba-tool user syscpasswords' fails on a domain with many DCs. + * BUG 13762: Performance regression in LDB one-level searches. + +o Ralph Boehme + * BUG 13776: tldap: Avoid use after free errors. + * BUG 13802: Fix idmap xid2sid cache churn. + * BUG 13812: access_check_max_allowed() doesn't process "Owner Rights" ACEs. + +o Günther Deschner + * BUG 13746: s3-smbd: use fruit:model string for mDNS registration. + +o David Disseldorp + * BUG 13766: Printcap still processed with "load printers" disabled. + * BUG 13807: vfs_ceph strict_allocate_ftruncate calls (local FS) ftruncate + and fallocate. + +o Joe Guo + * BUG 13728: netcmd/user: python[3]-gpgme unsupported and replaced by + python[3]-gpg. + +o Amitay Isaacs + * BUG 13520: Fix portability issues on freebsd. + +o Björn Jacke + * BUG 13759: sambaundoguididx: Use the right escaped oder unescaped sam ldb + files. + +o Volker Lendecke + * BUG 13786: messages_dgm: Properly handle receiver re-initialization. + * BUG 13813: Fix idmap cache pollution with S-1-22- IDs on winbind hickup. + +o Gary Lockyer + * BUG 13773: CVE-2019-3824 ldb: Release ldb 1.3.8, ldb: Out of bound read in + ldb_wildcard_compare. + +o Marcos Mello + * BUG 11568: Send status to systemd on daemon start. + +o Stefan Metzmacher + * BUG 13816: dbcheck in the middle of the tombstone garbage collection causes + replication failures. + * BUG 13818: An out of scope usage of a stack variable may cause corruption + in EnumPrinter*. + +o Noel Power + * python/samba: Extra ndr_unpack needs bytes function. + +o Jiří Šašek + * BUG 13704: notifyd: Fix SIGBUS on sparc. + +o Christof Schmitt + * BUG 13787: waf: Check for libnscd. + * BUG 13813: lib/winbind_util: Add winbind_xid_to_sid for --without-winbind. + * passdb: Update ABI to 0.27.2. + +o Andreas Schneider + * BUG 13770: s3:vfs: Correctly check if OFD locks should be enabled or not. + * BUG 13823: lib:util: Move debug message for mkdir failing to log level 1. + * BUG 13832: Fix printing via smbspool backend with kerberos auth. + * BUG 13847: s4:librpc: Fix installation of Samba. + * BUG 13848: s3:lib: Fix the debug message for
[SCM] Samba Shared Repository - branch v4-10-stable updated
The branch, v4-10-stable has been updated via e0cc225f8a4 VERSION: Disable GIT_SNAPSHOT for the 4.10.1 release. via 17f3d535c71 WHATSNEW: Add release notes for Samba 4.10.1. via af05bf7911e libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response via 815be52b600 lib: Make fd_load work for non-regular files via e769bd66089 s4/messaging: Fix undefined reference in linking libMESSAGING-samba4.so via 0e94b0a3144 s4:dlz make b9_has_soa check dc=@ node via 7921aa6365b dlz: Add test to ensure there are writable zones via 78b72ff339d regfio tests: Update comment style to match README.Coding via 722c5b32548 regfio: Update code near recent changes to match README.Coding via d4ef858ec11 regfio: Improve handling of malformed registry hive files via bf6a8517820 regfio: Add trivial unit test via cfffac0fc9f regfio: Use correct function names in debug information via 3f278c3f911 Fix typos in "valid" via 76b38e19d3c py/logger: use python 2.6 compatible arguments via f52ebe258ba py/uptodateness: use 2.6 compatible dictionary construction via 9b8398ecbbd py/kcc_utils: py2.6 compatibility via 75b6e02a8e6 py/graph: use 2.6 compatible check for set membership via 868356cf365 acl_read: Fix regression caused by db15fcfa899e1fe4d6994f68ceb299921b8aa6f1 for empty lists via 286b80cb7a3 ldb: cmocka test for empty attributes bug via 10a390e8975 dbcheck: use the str() value of the "name" attribute via 6602a77b649 dbcheck: don't check expired tombstone objects by default anymore via 4b658a5a396 blackbox/dbcheck-links.sh: prepare regression test for skipping expired tombstones via 40b6af9c000 blackbox/dbcheck*.sh: pass --selftest-check-expired-tombstones to dbcheck via b292ef1d9f6 dbcheck: add --selftest-check-expired-tombstones cmdline option via 178fad24f2c python/samba/netcmd: provide SUPPRESS_HELP via Option class via 89fb9d0a81b dbcheck: detect the change after deletion bug via 4f0b554b955 blackbox/dbcheck-links.sh: add regression test for lost deleted object repair via caf0caba4e4 dbcheck: add find_repl_attid() helper function via a47b27b2c96 dbcheck: don't remove dangling one-way links on already deleted objects via 0c2f7224e07 dbcheck: don't move already deleted objects to LostAndFound via 95f5b9f246a dbcheck: do isDeleted, systemFlags and replPropertyMetaData detection first via 8736fb5eb4e dbcheck: use DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME when renaming deleted objects via 3e539f756ac dsdb:repl_meta_data: allow CONTROL_DBCHECK_FIX_LINK_DN_NAME to by pass rename via 4fc17804088 blackbox/dbcheck-links.sh: reproduce lost deleted object problem via 8d1241dac6b blackbox/*.sh: pass -u to 'diff' via 18f4167198a selftest: force running with TZ=UTC via 2d4820f0a8e s3:waf: Fix the detection of makdev() macro on Linux via a21e9754c74 s3:tests: Add test for smbstatus and smbstatus --resolve_uids via 79d3de4de41 selftest: Add smbstatus to testhelper via b866bdbe4fa s3:utils: Add 'smbstatus -L --resolve-uids' to show usernames via 084d2f1bc4f s3:utils: Use C99 initializer for poptOption in smbstatus via c8e8d97959d s3:lib: Fix the debug message for adding cache entries. via f6df8d97686 s4:librpc: Fix installation of Samba via eb632754830 ctdb-tests: Add some testing for IPv4-mapped IPv6 address parsing via 909cecd3606 ctdb: Initialize addr struct to zero before reparsing as IPV4 via fc4e3273316 ctdb-packaging: Test package requires tcpdump via 755f624e2bb ctdb-packaging: ctdb package should not own system library directory via 84aad2ea7d5 s3:client: Fix smbspool device uri handling via c6f1719b5e2 s3:client: Make sure we work on a copy of the title via 0db9487434a s3:client: Evaluate the AUTH_INFO_REQUIRED variable set by cups via 18515064c9b s3:client: Pass DEVICE_URI and AUTH_INFO_REQUIRED env to smbspool via d3ed17e74e7 s3:script: Fix jobid check in test_smbspool.sh via 4cafdc7f2eb ctdb-tests: Build cluster mutex path manually via 5f1d98c233e ndr_spoolss_buf: fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT() via f515f1a5486 ctdb-version: Simplify version string usage via 6401d809566 ctdb-build: Drop creation of .distversion in tarball via 2b30986174d ctdb-build: use a fixed ctdb_version.h using SAMBA_VERSION_STRING via 3170d75b5f1 VERSION: Bump version up to 4.10.1... from 25f2fe02a61 VERSION: Disable GIT_SNAPSHOT for the 4.10.0 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-stable - Log -
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via bc443c3 NEWS[4.10.1]: Samba 4.10.1 Available for Download from 82f41e7 NEWS[agenda_XP19]: Agenda SambaXP 2019 online https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit bc443c4218ee7121a5d8d4910bbb3a6de8ae Author: Karolin Seeger Date: Wed Apr 3 10:42:41 2019 +0200 NEWS[4.10.1]: Samba 4.10.1 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/samba-4.10.1.html| 81 posted_news/20190403-084352.4.10.1.body.html | 13 posted_news/20190403-084352.4.10.1.headline.html | 3 + 3 files changed, 97 insertions(+) create mode 100644 history/samba-4.10.1.html create mode 100644 posted_news/20190403-084352.4.10.1.body.html create mode 100644 posted_news/20190403-084352.4.10.1.headline.html Changeset truncated at 500 lines: diff --git a/history/samba-4.10.1.html b/history/samba-4.10.1.html new file mode 100644 index 000..76dd672 --- /dev/null +++ b/history/samba-4.10.1.html @@ -0,0 +1,81 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.10.1 - Release Notes + + +Samba 4.10.1 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.10.1.tar.gz;>Samba 4.10.1 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.10.1.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.10.0-4.10.1.diffs.gz;>Patch (gzipped) against Samba 4.10.0 +https://download.samba.org/pub/samba/patches/samba-4.10.0-4.10.1.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.10.1 + April 3, 2019 + == + + +This is the latest stable release of the Samba 4.10 release series. + + +Changes since 4.10.0: +- + +o Douglas Bagnall douglas.bagn...@catalyst.net.nz + * BUG 13837: py/kcc_utils: py2.6 compatibility. + +o Philipp Gesang philipp.ges...@intra2net.com + * BUG 13869: libcli: permit larger values of DataLength in + SMB2_ENCRYPTION_CAPABILITIES of negotiate response. + +o Michael Hanselmann pub...@hansmi.ch + * BUG 13840: regfio: Improve handling of malformed registry hive files. + +o Amitay Isaacs ami...@samba.org + * BUG 13789: ctdb-version: Simplify version string usage. + +o Volker Lendecke v...@samba.org + * BUG 13859: lib: Make fd_load work for non-regular files. + +o Stefan Metzmacher me...@samba.org + * BUG 13816: dbcheck in the middle of the tombstone garbage collection causes + replication failures, dbcheck: add --selftest-check-expired-tombstones + cmdline option. + * BUG 13818: ndr_spoolss_buf: Fix out of scope use of stack variable in + NDR_SPOOLSS_PUSH_ENUM_OUT(). + +o Anoop C S anoo...@redhat.com + * BUG 13854: s4/messaging: Fix undefined reference in linking + libMESSAGING-samba4.so. + +o Garming Sam garm...@catalyst.net.nz + * BUG 13836: acl_read: Fix regression for empty lists. + +o Michael Saxl m...@mwsys.mine.bz + * BUG 13841: s4:dlz make b9_has_soa check dc=@ node. + +o Andreas Schneider a...@samba.org + * BUG 13832: s3:client: Fix printing via smbspool backend with kerberos auth. + * BUG 13847: s4:librpc: Fix installation of Samba. + * BUG 13848: s3:lib: Fix the debug message for adding cache entries. + * BUG 13793: s3:utils: Add smbstatus -L --resolve-uids to show username. + * BUG 13848: s3:lib: Fix the debug message for adding cache entries. + * BUG 13853: s3:waf: Fix the detection of makdev() macro on Linux. + +o Martin Schwenke mar...@meltin.net + * BUG 13789: ctdb-build: Drop creation of .distversion in tarball. + * BUG 13838: ctdb-packaging: Test package requires tcpdump, ctdb package + should not own system library directory. + + + + + + diff --git a/posted_news/20190403-084352.4.10.1.body.html b/posted_news/20190403-084352.4.10.1.body.html new file mode 100644 index 000..523990f --- /dev/null +++ b/posted_news/20190403-084352.4.10.1.body.html @@ -0,0 +1,13 @@ + +03 April 2019 +Samba 4.10.1 Available for Download + +This is the first stable release of the Samba 4.10 release series. + + +The uncompressed tarball has been signed using GnuPG (ID 6F33915B6568B7EA). +The source code can be https://download.samba.org/pub/samba/stable/samba-4.10.1.tar.gz;>downloaded now. +A https://download.samba.org/pub/samba/patches/samba-4.10.0-4.10.1.diffs.gz;>patch against Samba 4.10.0 is also available. +See https://www.samba.org/samba/history/samba-4.10.1.html;>the release notes for more info. + + diff --git a/posted_news/20190403-084352.4.10.1.headline.html b/posted_news/20190403-084352.4.10.1.headline.html new file mode 100644 inde
[SCM] Samba Shared Repository - annotated tag samba-4.10.1 created
The annotated tag, samba-4.10.1 has been created at 47d50060bc7ee3b2f5e06e9663ecd2129a9c256f (tag) tagging e0cc225f8a4e15ea7cef4ed2597eeec3790f2f4d (commit) replaces samba-4.10.0 tagged by Karolin Seeger on Wed Apr 3 10:42:28 2019 +0200 - Log - samba: tag release samba-4.10.1 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXKRx9AAKCRBvM5FbZWi3 6g5KAJ4xA/iM+hgeU1MqyCyBn/fCX8qLTQCeIQ216opGUWKG0CHscTZC9MrPBHw= =YK4f -END PGP SIGNATURE- Aaron Haslett (1): ldb: cmocka test for empty attributes bug Amitay Isaacs (1): ctdb-version: Simplify version string usage Andreas Schneider (12): s3:script: Fix jobid check in test_smbspool.sh s3:client: Pass DEVICE_URI and AUTH_INFO_REQUIRED env to smbspool s3:client: Evaluate the AUTH_INFO_REQUIRED variable set by cups s3:client: Make sure we work on a copy of the title s3:client: Fix smbspool device uri handling s4:librpc: Fix installation of Samba s3:lib: Fix the debug message for adding cache entries. s3:utils: Use C99 initializer for poptOption in smbstatus s3:utils: Add 'smbstatus -L --resolve-uids' to show usernames selftest: Add smbstatus to testhelper s3:tests: Add test for smbstatus and smbstatus --resolve_uids s3:waf: Fix the detection of makdev() macro on Linux Andrew Bartlett (2): regfio: Update code near recent changes to match README.Coding regfio tests: Update comment style to match README.Coding Anoop C S (1): s4/messaging: Fix undefined reference in linking libMESSAGING-samba4.so Douglas Bagnall (4): py/graph: use 2.6 compatible check for set membership py/kcc_utils: py2.6 compatibility py/uptodateness: use 2.6 compatible dictionary construction py/logger: use python 2.6 compatible arguments Garming Sam (2): acl_read: Fix regression caused by db15fcfa899e1fe4d6994f68ceb299921b8aa6f1 for empty lists dlz: Add test to ensure there are writable zones Karolin Seeger (3): VERSION: Bump version up to 4.10.1... WHATSNEW: Add release notes for Samba 4.10.1. VERSION: Disable GIT_SNAPSHOT for the 4.10.1 release. Martin Schwenke (5): ctdb-build: Drop creation of .distversion in tarball ctdb-tests: Build cluster mutex path manually ctdb-packaging: ctdb package should not own system library directory ctdb-packaging: Test package requires tcpdump ctdb-tests: Add some testing for IPv4-mapped IPv6 address parsing Michael Hanselmann (4): Fix typos in "valid" regfio: Use correct function names in debug information regfio: Add trivial unit test regfio: Improve handling of malformed registry hive files Michael Saxl (1): s4:dlz make b9_has_soa check dc=@ node Philipp Gesang (1): libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response Stefan Metzmacher (19): ctdb-build: use a fixed ctdb_version.h using SAMBA_VERSION_STRING ndr_spoolss_buf: fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT() selftest: force running with TZ=UTC blackbox/*.sh: pass -u to 'diff' blackbox/dbcheck-links.sh: reproduce lost deleted object problem dsdb:repl_meta_data: allow CONTROL_DBCHECK_FIX_LINK_DN_NAME to by pass rename dbcheck: use DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME when renaming deleted objects dbcheck: do isDeleted, systemFlags and replPropertyMetaData detection first dbcheck: don't move already deleted objects to LostAndFound dbcheck: don't remove dangling one-way links on already deleted objects dbcheck: add find_repl_attid() helper function blackbox/dbcheck-links.sh: add regression test for lost deleted object repair dbcheck: detect the change after deletion bug python/samba/netcmd: provide SUPPRESS_HELP via Option class dbcheck: add --selftest-check-expired-tombstones cmdline option blackbox/dbcheck*.sh: pass --selftest-check-expired-tombstones to dbcheck blackbox/dbcheck-links.sh: prepare regression test for skipping expired tombstones dbcheck: don't check expired tombstone objects by default anymore dbcheck: use the str() value of the "name" attribute Volker Lendecke (1): lib: Make fd_load work for non-regular files Zhu Shangzhong (1): ctdb: Initialize addr struct to zero before reparsing as IPV4 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 61c4d715a73 VERSION: Bump version up to 4.10.2... via e0cc225f8a4 VERSION: Disable GIT_SNAPSHOT for the 4.10.1 release. via 17f3d535c71 WHATSNEW: Add release notes for Samba 4.10.1. from af05bf7911e libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 61c4d715a7382047a9a97165256866fe39ebad26 Author: Karolin Seeger Date: Wed Apr 3 10:33:17 2019 +0200 VERSION: Bump version up to 4.10.2... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit e0cc225f8a4e15ea7cef4ed2597eeec3790f2f4d Author: Karolin Seeger Date: Wed Apr 3 10:32:27 2019 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.10.1 release. Signed-off-by: Karolin Seeger commit 17f3d535c71d76345574a4559eda8e5566e97a54 Author: Karolin Seeger Date: Wed Apr 3 10:31:06 2019 +0200 WHATSNEW: Add release notes for Samba 4.10.1. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 82 2 files changed, 83 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 1e0a345368a..d84e7c0177a 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=10 -SAMBA_VERSION_RELEASE=1 +SAMBA_VERSION_RELEASE=2 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 5d3d23ab9da..9fd3e8abe10 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,85 @@ + == + Release Notes for Samba 4.10.1 + April 3, 2019 + == + + +This is the latest stable release of the Samba 4.10 release series. + + +Changes since 4.10.0: +- + +o Douglas Bagnall + * BUG 13837: py/kcc_utils: py2.6 compatibility. + +o Philipp Gesang + * BUG 13869: libcli: permit larger values of DataLength in + SMB2_ENCRYPTION_CAPABILITIES of negotiate response. + +o Michael Hanselmann + * BUG 13840: regfio: Improve handling of malformed registry hive files. + +o Amitay Isaacs + * BUG 13789: ctdb-version: Simplify version string usage. + +o Volker Lendecke + * BUG 13859: lib: Make fd_load work for non-regular files. + +o Stefan Metzmacher + * BUG 13816: dbcheck in the middle of the tombstone garbage collection causes + replication failures, dbcheck: add --selftest-check-expired-tombstones + cmdline option. + * BUG 13818: ndr_spoolss_buf: Fix out of scope use of stack variable in + NDR_SPOOLSS_PUSH_ENUM_OUT(). + +o Anoop C S + * BUG 13854: s4/messaging: Fix undefined reference in linking + libMESSAGING-samba4.so. + +o Garming Sam + * BUG 13836: acl_read: Fix regression for empty lists. + +o Michael Saxl + * BUG 13841: s4:dlz make b9_has_soa check dc=@ node. + +o Andreas Schneider + * BUG 13832: s3:client: Fix printing via smbspool backend with kerberos auth. + * BUG 13847: s4:librpc: Fix installation of Samba. + * BUG 13848: s3:lib: Fix the debug message for adding cache entries. + * BUG 13793: s3:utils: Add 'smbstatus -L --resolve-uids' to show username. + * BUG 13848: s3:lib: Fix the debug message for adding cache entries. + * BUG 13853: s3:waf: Fix the detection of makdev() macro on Linux. + +o Martin Schwenke + * BUG 13789: ctdb-build: Drop creation of .distversion in tarball. + * BUG 13838: ctdb-packaging: Test package requires tcpdump, ctdb package + should not own system library directory. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + ==
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 501e28cc8d6 selftest: Make setexpiry test much more reliable via d1484add1fc s3:lib: Fix the debug message for adding cache entries. from 77b4430bd5e s3:waf: Fix the detection of makdev() macro on Linux https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 501e28cc8d6e818357e5954fa66168244f4cb7e2 Author: Andrew Bartlett Date: Tue May 15 12:26:03 2018 +1200 selftest: Make setexpiry test much more reliable Rather than setting all the expiries and expecting that they will be done within 5 seconds, measure and check the time individually for each record. This should make this test much less prone to flapping. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13867 Signed-off-by: Andrew Bartlett Reviewed-by: Gary Lockyer Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Tue May 15 23:58:17 CEST 2018 on sn-devel-144 (cherry picked from commit 5ebe3183fded1ab060ed60baeedeac859d0c137e) Autobuild-User(v4-8-test): Karolin Seeger Autobuild-Date(v4-8-test): Tue Apr 2 15:16:10 UTC 2019 on sn-devel-144 commit d1484add1fc9c498f65d6afb25a2eff00f2a6df6 Author: Andreas Schneider Date: Thu Jan 17 13:58:14 2019 +0100 s3:lib: Fix the debug message for adding cache entries. To get correct values, we need to cast 'timeout' to 'long int' first in order to do calculation in that integer space! Calculations are don in the space of the lvalue! BUG: https://bugzilla.samba.org/show_bug.cgi?id=13848 Signed-off-by: Andreas Schneider Reviewed-by: Volker Lendecke (cherry picked from commit 5822449a7340f53987ce4c04851652427f5b49e8) --- Summary of changes: python/samba/tests/samba_tool/user.py | 5 ++--- source3/lib/gencache.c| 8 2 files changed, 6 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/tests/samba_tool/user.py b/python/samba/tests/samba_tool/user.py index 10e4f6cd839..0b84ee1f781 100644 --- a/python/samba/tests/samba_tool/user.py +++ b/python/samba/tests/samba_tool/user.py @@ -306,9 +306,9 @@ class UserCmdTestCase(SambaToolCmdTest): def test_setexpiry(self): -twodays = time.time() + (2 * 24 * 60 * 60) - for user in self.users: +twodays = time.time() + (2 * 24 * 60 * 60) + (result, out, err) = self.runsubcmd("user", "setexpiry", user["name"], "--days=2", "-H", "ldap://%s; % os.environ["DC_SERVER"], @@ -316,7 +316,6 @@ class UserCmdTestCase(SambaToolCmdTest): self.assertCmdSuccess(result, out, err, "Can we run setexpiry with names") self.assertIn("Expiry for user '%s' set to 2 days." % user["name"], out) -for user in self.users: found = self._find_user(user["name"]) expires = nttime2unix(int("%s" % found.get("accountExpires"))) diff --git a/source3/lib/gencache.c b/source3/lib/gencache.c index ab12fc1c531..9f4e1cfcaa3 100644 --- a/source3/lib/gencache.c +++ b/source3/lib/gencache.c @@ -294,11 +294,11 @@ bool gencache_set_data_blob(const char *keystr, DATA_BLOB blob, dbufs[0] = (TDB_DATA) { .dptr = (uint8_t *)hdr, .dsize = hdr_len }; dbufs[1] = (TDB_DATA) { .dptr = blob.data, .dsize = blob.length }; - DEBUG(10, ("Adding cache entry with key=[%s] and timeout=" - "[%s] (%d seconds %s)\n", keystr, + DBG_DEBUG("Adding cache entry with key=[%s] and timeout=" + "[%s] (%ld seconds %s)\n", keystr, timestring(talloc_tos(), timeout), - (int)(timeout - time(NULL)), - timeout > time(NULL) ? "ahead" : "in the past")); + ((long int)timeout) - time(NULL), + timeout > time(NULL) ? "ahead" : "in the past"); ret = tdb_storev(cache_notrans->tdb, string_term_tdb_data(keystr), dbufs, 2, 0); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via af05bf7911e libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response via 815be52b600 lib: Make fd_load work for non-regular files via e769bd66089 s4/messaging: Fix undefined reference in linking libMESSAGING-samba4.so via 0e94b0a3144 s4:dlz make b9_has_soa check dc=@ node via 7921aa6365b dlz: Add test to ensure there are writable zones via 78b72ff339d regfio tests: Update comment style to match README.Coding via 722c5b32548 regfio: Update code near recent changes to match README.Coding via d4ef858ec11 regfio: Improve handling of malformed registry hive files via bf6a8517820 regfio: Add trivial unit test via cfffac0fc9f regfio: Use correct function names in debug information via 3f278c3f911 Fix typos in "valid" via 76b38e19d3c py/logger: use python 2.6 compatible arguments via f52ebe258ba py/uptodateness: use 2.6 compatible dictionary construction via 9b8398ecbbd py/kcc_utils: py2.6 compatibility via 75b6e02a8e6 py/graph: use 2.6 compatible check for set membership via 868356cf365 acl_read: Fix regression caused by db15fcfa899e1fe4d6994f68ceb299921b8aa6f1 for empty lists via 286b80cb7a3 ldb: cmocka test for empty attributes bug via 10a390e8975 dbcheck: use the str() value of the "name" attribute via 6602a77b649 dbcheck: don't check expired tombstone objects by default anymore via 4b658a5a396 blackbox/dbcheck-links.sh: prepare regression test for skipping expired tombstones via 40b6af9c000 blackbox/dbcheck*.sh: pass --selftest-check-expired-tombstones to dbcheck via b292ef1d9f6 dbcheck: add --selftest-check-expired-tombstones cmdline option via 178fad24f2c python/samba/netcmd: provide SUPPRESS_HELP via Option class via 89fb9d0a81b dbcheck: detect the change after deletion bug via 4f0b554b955 blackbox/dbcheck-links.sh: add regression test for lost deleted object repair via caf0caba4e4 dbcheck: add find_repl_attid() helper function via a47b27b2c96 dbcheck: don't remove dangling one-way links on already deleted objects via 0c2f7224e07 dbcheck: don't move already deleted objects to LostAndFound via 95f5b9f246a dbcheck: do isDeleted, systemFlags and replPropertyMetaData detection first via 8736fb5eb4e dbcheck: use DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME when renaming deleted objects via 3e539f756ac dsdb:repl_meta_data: allow CONTROL_DBCHECK_FIX_LINK_DN_NAME to by pass rename via 4fc17804088 blackbox/dbcheck-links.sh: reproduce lost deleted object problem via 8d1241dac6b blackbox/*.sh: pass -u to 'diff' via 18f4167198a selftest: force running with TZ=UTC via 2d4820f0a8e s3:waf: Fix the detection of makdev() macro on Linux via a21e9754c74 s3:tests: Add test for smbstatus and smbstatus --resolve_uids via 79d3de4de41 selftest: Add smbstatus to testhelper via b866bdbe4fa s3:utils: Add 'smbstatus -L --resolve-uids' to show usernames via 084d2f1bc4f s3:utils: Use C99 initializer for poptOption in smbstatus from c8e8d97959d s3:lib: Fix the debug message for adding cache entries. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit af05bf7911eed71315843c5333cc5bb6b6a06ec3 Author: Philipp Gesang Date: Thu Feb 14 10:17:28 2019 +0100 libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response Certain Netapp versions are sending SMB2_ENCRYPTION_CAPABILITIES structures containing DataLength field that includes the padding [0]. Microsoft has since clarified that only values smaller than the size are considered invalid [1]. While parsing the NegotiateContext it is ensured that DataLength does not exceed the message bounds. Also, the value is not actually used anywhere outside the validation. Thus values greater than the actual data size are safe to use. This patch makes Samba fail only on values that are too small for the (fixed size) payload. [0] https://lists.samba.org/archive/samba/2019-February/221139.html [1] https://lists.samba.org/archive/cifs-protocol/2019-March/003210.html BUG: https://bugzilla.samba.org/show_bug.cgi?id=13869 Signed-off-by: Philipp Gesang Reviewed-by: Ralph Böhme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Sun Mar 31 01:11:09 UTC 2019 on sn-devel-144 (cherry picked from commit 865b7b0c7d2ba7fa0a045586d1e83a72028a0864) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Tue Apr 2 13:52:02 UTC 2019 on sn-devel-144 commit 815be52b60026f9101a6