The annotated tag, ldb-2.9.1 has been created
at 2e3dd126db9e838111631315974785e95d88ceb5 (tag)
tagging 3dd39600da3c0bedeae9f033c1333eb6b0f4ff33 (commit)
replaces samba-4.20.1
tagged by Jule Anger
on Wed Jun 19 16:27:02 2024 +0200
- Log -----------------------------------------------------------------
ldb: tag release ldb-2.9.1
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmZy6rYACgkQR5ORYRMI
QCVCHAgAgyck8/vg928tsREA62mDVyuyJDUPVooaDJ7vEMRyG44czXbNA4QnAGsh
NMfmKbJWc2TfGpMbj60mgFWVFHHb7/KF+kAdrMAU6uKNjSlGzPAq3TFDpgPMDxW0
lm4rfm75SlDBh4hEOwYE5gnh+5mlHcf5Vmgl6CoOjePg70qgFevLEi6rWV85ZDuE
33PSidVprZ17m4faP4eqs0j5aHhEA/COo6vP9MeumgjwElWuvuvsVadxeEdi1jeR
hyGrbLTclWQtjaY/NqZAN3qcj8ECxW2GMRWHYeb35Hsv0wW6bAv24PmDAAK7dB2w
5nGW2HMvmik2/7xIoEHW0oZQIX4oUg==
=1NWc
-----END PGP SIGNATURE-----
Andreas Schneider (10):
python: Fix NtVer check for site_dn_for_machine()
s3:libads: Allow get_kdc_ip_string() to lookup the KDCs IP
s3:libads: Do not fail if we don't get an IP passed down
s3:winbind: Fix idmap_ad creating an invalid local krb5.conf
bootstrap: Fix runner tags
bootstrap: Set git safe.directory
bootstrap: Fix building CentOS 8 Stream container images
gitlab-ci: Set git safe.directory for devel repo
third_party: Update uid_wrapper to version 1.3.1
third_party: Update socket_wrapper to version 1.4.3
Andrew Bartlett (3):
.gitlab-ci: Remove tags no longer provided by gitlab.com
build: Add --vendor-name --vendor-patch-revision options to ./configure
script/autobuild.py: Add test for --vendor-name and
--vendor-patch-revision
Douglas Bagnall (69):
pidl:Typelist: resolveType(): don't mistake a reference for a name
buildtools:pidl: avoid hash randomisation in pidl
examples:winexe: reproducible builds with zero timestamp
examples:winexe: embed Samba version as exe timestamp
ldb: avoid out of bounds read and write in ldb_qsort()
lib/fuzzing/decode_ndr_X_crash: guess the pipe from filename
util:tsort.h: add a macro for safely comparing numbers
ldb: add NUMERIC_CMP macro to ldb.h
ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare_base()
ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare()
s4:ntvfs: use NUMERIC_CMP in stream_name_cmp
s4:dsdb:mod:operational: use NUMERIC_CMP in pso_compare
s4: use numeric_cmp in dns_common_sort_zones()
util:binsearch: user NUMERIC_CMP()
torture:charset: use < and > assertions for strcasecmp_m
torture:charset: use < and > assertions for strncasecmp_m
torture:charset: test more of strcasecmp_m
util:charset:util_str: use NUMERIC_CMP in strcasecmp_m_handle
util:test: test_ms_fn_match_protocol_no_wildcard: allow -1
util:charset:codepoints: condepoint_cmpi uses NUMERIC_CMP()
util:charset:codepoints: codepoint_cmpi warning about non-transitivity
s3:libsmb:namequery: note intransitivity in addr_compare()
s3:libsmb:namequery: use NUMERIC_CMP in addr_compare
lib/torture: add assert_int_{less,greater} macros
util: charset:util_str: use NUMERIC_CMP in strncasecmp_m_handle
ldb:attrib_handlers: ldb_comparison_Boolean uses NUMERIC_CMP()
ldb:attrib_handlers: ldb_comparison_binary uses NUMERIC_CMP()
util:datablob: avoid non-transitive comparison in data_blob_cmp()
ldb: avoid non-transitive comparison in ldb_val_cmp()
ldb: reduce non-transitive comparisons in ldb_msg_element_compare()
libcli/security: use NUMERIC_CMP in dom_sid_compare()
libcli/security: use NUMERIC_CMP in dom_sid_compare_auth()
s3:lib:util_tdb: use NUMERIC_CMP() in tdb_data_cmp()
s4:rpc_server: compare_SamEntry() uses NUMERIC_CMP()
s4:dns_server: use NUMERIC_CMP in rec_cmp()
s4:wins: use NUMERIC_CMP in winsdb_addr_sort_list()
s4:wins: winsdb_addr_sort_list() uses NUMERIC_CMP()
s4:wins: use NUMERIC_CMP in nbtd_wins_randomize1Clist_sort()
s3:util:net_registry: registry_value_cmp() uses NUMERIC_CMP()
s3:smbcacls: use NUMERIC_CMP in ace_compare
s3:util:sharesec ace_compare() uses NUMERIC_CMP()
s3:libsmb_xattr: ace_compare() uses NUMERIC_CMP()
ldb:mod:sort: rearrange NULL checks
ldb:sort: check that elements have values
ldb:sort: generalise both-NULL check to equality check
ldb:dn: make ldb_dn_compare() self-consistent
s3:brlock: use NUMERIC_CMP in #ifdef-zeroed lock_compare
s3:mod:posixacl_xattr: use NUMERIC_CMP in posixacl_xattr_entry_compare
s3:mod:vfs_vxfs: use NUMERIC_CMP in vxfs_ace_cmp
dsdb:schema: use NUMERIC_CMP in place of uint32_cmp
s3:rpc:wkssvc_nt: dom_user_cmp uses NUMERIC_CMP
gensec: sort_gensec uses NUMERIC_CMP
lib/socket: rearrange iface_comp() to use NUMERIC_CMP
s3:libsmb:nmblib: use NUMERIC_CMP in status_compare
s4:rpcsrv:dnsserver: make dns_name_compare transitive with NULLs
s4:rpcsrv:samr: improve a comment in compare_msgRid
ldb-samba: ldif-handlers: make ldif_comparison_objectSid() accurate
ldb-samba:ldif_handlers: dn_link_comparison semi-sorts deleted objects
ldb-samba:ldif_handlers: dn_link_comparison semi-sorts invalid DNs
ldb-samba:ldif_handlers: dn_link_comparison correctly sorts deleted
objects
ldb-samba:ldif_handlers: dn_link_comparison leaks less
ldb-samba:ldif_handlers: dn_link_comparison: sort invalid DNs
ldb:attrib_handlers: make ldb_comparison_Boolean more consistent
ldb: avoid NULL deref in ldb_db_compare
s4:dsdb:mod: repl_md: make message_sort transitive
s4:dsdb:mod: repl_md: message sort uses NUMERIC_CMP()
ldb:attrib_handlers: use NUMERIC_CMP in ldb_comparison_fold
ldb:attrib_handlers: reduce non-transitive behaviour in
ldb_comparison_fold
s3:smbcacls: fix ace_compare
Günther Deschner (2):
ctdb/ceph: Add optional namespace support for mutex helper
ctdb/docs: Include ceph rados namespace support in man page
Jeremy Allison (2):
s3/torture: Add test for widelink case insensitivity on a MSDFS share.
s3: vfs_widelinks: Allow case insensitivity to work on DFS widelinks
shares.
Jule Anger (2):
VERSION: Bump version up to Samba 4.20.2...
BUG 15569 ldb: Release LDB 2.9.1
Noel Power (2):
selftest: Add a python blackbox test for some misc (widelink) DFS tests
s3/smbd: fix nested chdir into msdfs links on (widelinks = yes) share
Stefan Metzmacher (70):
.gitlab-ci-main.yml: debug kernel details of the current runner
tests/ntacls: unblock failing gitlab pipelines because
test_setntacl_forcenative
smbXcli_base: add hacks to test anonymous signing and encryption
s4:libcli/smb2: add hack to test anonymous signing and encryption
s4:torture/smb2: add smb2.session.anon-{encryption{1,2,},signing{1,2}}
s3:utils: remove unused signing_flags in connections_forall()
s3:lib: let sessionid_traverse_read() report if the session was
authenticated
s3:utils: let connections_forall_read() report if the session was
authenticated
s3:utils: let smbstatus also report AES-256 encryption types for tcons
s3:utils: let smbstatus also report partial tcon signing/encryption
s3:smbd: allow anonymous encryption after one authenticated session setup
s3:utils: let smbstatus report anonymous signing/encryption explicitly
s4:dsdb/repl: let drepl_out_helpers.c always go via
dreplsrv_out_drsuapi_send()
s3:libsmb: allow store_cldap_reply() to work with a ipv6 response
s3:libads: avoid changing ADS->server.workgroup
s3:include: let nameserv.h be useable on its own
s3:include: split out fstring.h
s3:wscript: LIBNMB requires lp_ functions
s3:libsmb/unexpected: don't use talloc_tos() in async code
s3:libsmb/unexpected: pass nmbd_socket_dir from the callers of
nb_packet_{server_create,reader_send}()
s3:libsmb/dsgetdcname: use NETLOGON_NT_VERSION_AVOID_NT4EMUL
libcli/nbt: add nbt_name_send_raw()
s4:libcli/dgram: let the generic incoming handler also get unexpected
mailslot messages
s4:libcli/dgram: make use of socket_address_copy()
s4:libcli/dgram: add nbt_dgram_send_raw() to send raw blobs
s4:nbt_server: simulate nmbd and provide unexpected handling
python:tests/dns_base: generate a real signature in bad_sign_packet()
python:tests/dns_base: use ndr_deepcopy() and ndr_pack() in
verify_packet()
python:tests/dns_base: let dns_transaction_tcp() handle short receives
python:tests/dns_base: add self.assert_echoed_dns_error()
python:tests/dns_tkey: make use of self.assert_echoed_dns_error()
python:tests/dns_base: let tkey_trans() and sign_packet() take
algorithm_name as argument
python:tests/dns_base: let tkey_trans() take tkey_req_in_answers
python:tests/dns_base: pass tkey_trans(expected_rcode)
python:tests/dns_base: let dns_transaction_udp() take
allow_{remaining,truncated}=True
python:tests/dns_base: maintain a dict with tkey related state
python:tests/dns_tkey: test TKEY with gss-tsig, gss.microsoft.com and
invalid algorithms
python:tests/dns_tkey: let us have
test_update_gss_tsig_tkey_req_{additional,answers}()
python:tests/dns_tkey: add gss.microsoft.com tsig updates
python:tests/dns_tkey: test bad and changing tsig algorithms
python:tests/dns_base: let verify_packet() work against Windows
python:tests/dns_tkey: let test_update_tsig_windows() actually pass
against windows 2022
python:tests/dns_base: add get_unpriv_creds() helper
s4:selftest/tests: pass USERNAME_UNPRIV=$DOMAIN_USER to
samba.tests.dns_tkey
python:tests/dns_tkey: add test_update_tsig_record_access_denied()
s4:dns_server: failed dns updates should result in REFUSED for
ACCESS_DENIED
s4:dns_server: only allow gss-tsig and gss.microsoft.com for TKEY
s4:dns_server: only allow gss-tsig and gss.microsoft.com for TSIG
s4:dns_server: use the client provided algorithm for the fake TSIG
structure
s4:dns_server: use tkey->algorithm if available in dns_sign_tsig()
s4:dns_server: also search DNS_QTYPE_TKEY in the answers section if it's
the last section
s4:dns_server: dns_verify_tsig should return REFUSED on error
s4:dns_server: correctly sign dns update responses with gss-tsig like
Windows
s4:dns_server: no-op dns updates with ACCESS_DENIED should be ignored
s4:torture/smb2: add smb2.ioctl.copy_chunk_bug15644
vfs_default: also call vfs_offload_token_ctx_init in
vfswrap_offload_write_send
test_recycle.sh: make sure we don't see panics on the log files
TMP-REPRODUCE: vfs_recycle: demonstrate memory corruption in
recycle_unlink_internal()
vfs_recycle: don't unlink on allocation failure
vfs_recycle: directly allocate smb_fname_final->base_name
vfs_recycle: use a talloc_stackframe() in recycle_unlink_internal()
vfs_recycle: use the correct return in SMB_VFS_HANDLE_GET_DATA()
vfs_recycle: fix memory hierarchy
Revert "TMP-REPRODUCE: vfs_recycle: demonstrate memory corruption in
recycle_unlink_internal()"
vfs_recycle: remember resolved config->repository in vfs_recycle_connect()
testprogs/blackbox: let test_trust_token.sh check for S-1-18-1 with
kerberos
testprogs/blackbox: add test_ldap_token.sh to test "client use kerberos"
and --use-kerberos
auth/credentials: add cli_credentials_get_kerberos_state_obtained() helper
auth/credentials: add tests for
cli_credentials_get_kerberos_state[_obtained]()
auth/credentials: don't ignore "client use kerberos" and --use-kerberos
for machine accounts
-----------------------------------------------------------------------
--
Samba Shared Repository
