The annotated tag, ldb-2.8.0 has been created at 36364505dcb1edd614a732b93bd6479ac9958da6 (tag) tagging 94f11c3c21bc3b8a34d376ab99becd2c6260af62 (commit) replaces tevent-0.15.0 tagged by Stefan Metzmacher on Fri Jul 28 14:09:13 2023 +0200
- Log ----------------------------------------------------------------- ldb: tag release ldb-2.8.0 -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmTDr+kACgkQR5ORYRMI QCWW3wf9HgIHhgkhNfjpcqYtnNUv7YayXZQl7Lw9ZTQzyLZHllfZeydSv67BdUoO XzuZeYLVSxBGQB6B/66MK5Rgpw36uKIGs3+MTGyQ0jvgI33OtujOnvHFHRK01YIB xEXgTdNeQRj7HgG5e5yHA+mhCFcb4aRjegy4abD3IyBmX2Z0V0bzdWI0JS+hSCwm 2uaoMoW3Y7kLSlH7hzavxWAUOuLqwZ2iRTliHaMYRo9FnZqyDXXIXtZnMYJ4wK0r 6OLymDZpX/l3akl2wUksA5P5kyV6b4WYMQAJNnDBZmmPjxw5l6cSPHSQlcFcdIFJ 3+86BARD/dd+TEJw8pLf8WoflOzXPA== =qtS9 -----END PGP SIGNATURE----- Andreas Schneider (19): s3:param: Rename bLoaded global variable s3:param: Fix code spelling s3:passdb: Fix code spelling s3:printing: Fix trailing white spaces in print_iprint.c s3:printing: Fix code spelling s3:printing: Rename variably to dummy to make codespell happy s3:registry: Fix code spelling s3:rpc_client: Fix code spelling s3:rpc_server: Fix code spelling s3:script: Fix code spelling s3:selftest: Fix code spelling s3:smbd: Fix trailing white spaces in dmapi.c s3:smbd: Fix trailing white spaces in quotas.c s3:smbd: Fix code spelling s3:torture: Fix code spelling s3:utils: Fix code spelling s3:winbindd: Fix code spelling s3:waf: Fix code spelling Revert "s3:winbindd: set TEVENT_DEPRECATED as tevent_thread_call_depth_*() api will change soon" Andrew Bartlett (21): WHATSNEW: Add text on PKINIT Certificate Revocation WHATSNEW: Include info on new samba-tool features WHATSNEW: PKINIT testing WHATSNEW: Expand detail on what of 2012, 2012R2 and 2016 support is implemented WHATSNEW: Mention Heimdal updates WHATSNEW: FAST support, Claims compression, SID compression WHATSNEW: mention KDC auditing WHATSNEW: Mention new unicodePwd only over encrypted LDAP restriction lib/fault: During smb_panic() print process comment and setprocname() title lib/cmdline: Return if the commandline was redacted in samba_cmdline_burn() python: Move PyList_AsStringList to common code so we can reuse python: Remove const from PyList_AsStringList() python: Add glue.burn_commandline() method samba-tool: Use samba.glue.get_burnt_cmdline rather than regex lib/cmdline: Also burn the --password2 parameter if given lib/cmdline: Also redact --newpassword in samba_cmdline_burn() docs-xml: Fix invalid XML in smbcontrol manpage doc-xml: Add entry for reload-certs for new LDAP certificate reload function WHATSNEW: Add TLS cert reload feature dcom: Remove remainder of DCOM test client code librpc/idl: Remove DCOM and WMI IDL Dmitry Antipov (1): s4:param: replace calls to deprecated Python methods Jeremy Allison (2): s3: torture: Add test to show an SMB1 DFS path of "\\x//\\/" crashes smbd. s3: smbd: Sanitize any "server" and "share" components of SMB1 DFS paths to remove UNIX separators. Joseph Sutton (1): claims.idl: Fix AD claims encoding Jule Anger (9): s4:process_prefork: avoid memory leaks caused by messaging_post_self s4:process: add method called before entering the tevent_loop_wait s4:process_prefork: create new messaging context for the master process s4:tls_tstream: create tstream_tls_params_internal s4:ldap_server: don't store task_server in ldapsrv_service s4:ldap_server: remember dns_host_name in ldap_service s4:ldap_server: reload tls certificates on smbcontrol reload-certs testprogs/blackbox: add test_ldap_tls_reload.sh ldb: release 2.8.0 for use in Samba 4.19.x Martin Schwenke (10): ctdb-utils: Drop unused scsi_io.c source file ctdb-doc: Correct bit-rotted documenation ctdb: Do not use egrep ctdb-recoverd: CID 1509028 - Use of 32-bit time_t (Y2K38_SAFETY) ctdb-scripts: Reformat with "shfmt -w -p -i 0 -fn" ctdb-scripts: Avoid ShellCheck warning SC2162 ctdb-scripts: Support script logging to stderr ctdb-tests: Log to stderr in statd-callout tests ctdb-tools: Always print script output in event status ctdb-tools: Improve printing of multi-line event script output Noel Power (1): python/samba: Adjust tarfile extraction filter Pavel Filipenský (13): s3:winbind: Add callback winbind_call_flow() s3:winbind: Update winbind to tevent 0.15.0 API s3:winbind: Set/unset the winbind_call_flow callback if log level changes s3:winbindd: Change the TALLOC_CTX to fix the tevent call depth tracking docs-xml:manpages: Fix tabs in samba-log-parser.1.xml s3:script: Replace --merge by --merge-by-timestamp in samba-log-parser s3:winbindd: Fix double close(fd) krb5_wrap: add krb5_free_enctypes() krb5_wrap: add krb5_free_string() auth:credentials: SAFE_FREE() -> krb5_free_enctypes() auth:credentials: SAFE_FREE() -> krb5_free_string() librpc:crypto: SAFE_FREE() -> krb5_free_string() librpc:crypto: SAFE_FREE() -> krb5_free_enctypes() Ralph Boehme (40): CVE-2022-2127: ntlm_auth: cap lanman response length value CVE-2023-34966: CI: test for sl_unpack_loop() CVE-2023-34966: mdssvc: harden sl_unpack_loop() CVE-2023-34967: CI: add a test for type checking of dalloc_value_for_key() CVE-2023-34967: mdssvc: add type checking to dalloc_value_for_key() CVE-2023-34968: mdssvc: cache and reuse stat info in struct sl_inode_path_map CVE-2023-34968: mdssvc: add missing "kMDSStoreMetaScopes" dict key in slrpc_fetch_properties() CVE-2023-34968: mdscli: use correct TALLOC memory context when allocating spotlight_blob CVE-2023-34968: mdscli: remove response blob allocation CVE-2023-34968: smbtorture: remove response blob allocation in mdssvc.c CVE-2023-34968: rpcclient: remove response blob allocation CVE-2023-34968: mdssvc: remove response blob allocation CVE-2023-34968: mdssvc: switch to doing an early return CVE-2023-34968: mdssvc: introduce an allocating wrapper to sl_pack() CVE-2023-34968: mdscli: return share relative paths CVE-2023-34968: mdssvc: return a fake share path CVE-2023-3347: CI: add a test for server-side mandatory signing CVE-2023-3347: smbd: pass lp_ctx to smb[1|2]_srv_init_signing() CVE-2023-3347: smbd: inline smb2_srv_init_signing() code in srv_init_signing() CVE-2023-3347: smbd: remove comment in smbd_smb2_request_process_negprot() CVE-2023-3347: smbd: fix "server signing = mandatory" libsmb: increase a debug level when site-aware DC lookup failed librpc/idl: mdssvc: unkn4 field is a fragment indicator mdssvc: remove duplicate define of MAX_SL_FRAGMENT_SIZE mdscli: add fragmentation support mdssvc: introduce MAX_MDSCMD_SIZE mdssvc: increase MAX_SLQ_TOC mdscli: increase MAX_SLQ_TOCIDX mdscli: increase MAX_SLQ_COUNT mdscli: correct handling of in-progress searches mdssvc: set query state for continued queries to SLQ_STATE_RUNNING mdssvc: fix long running backend queries mdssvc: add and use SL_PAGESIZE mdssvc: fix enforcement of "elasticsearch:max results" tests/mdssvc: match hits:total:value to be the actual amount of entries in hits mdssvc: reduce pagesize to 50 mdssvc: prepare for returning timestamps with sub-seconds granularity mdssvc: fix date marshalling mdssvc: fix returning file modification date for older Mac releases smbd: move tevent_req_post() out of smbd_smb2_create_after_exec() Stefan Metzmacher (4): lib/util: call tevent_set_max_debug_level() in samba_tevent_set_debug() ldb: call tevent_set_max_debug_level(TEVENT_DEBUG_TRACE) together with ldb_tevent_debug() s4:dns_server: defer calling werr_to_dns_err() in a central place s4:dns_server: Add some more debugging in order to find problems with level 10 logs Volker Lendecke (1): CVE-2022-2127: winbindd: Fix WINBINDD_PAM_AUTH_CRAP length checks jule (1): s3:smbcontrol: improve destination resolution using names db ----------------------------------------------------------------------- -- Samba Shared Repository