The annotated tag, samba-4.8.8 has been created at 2d16c6588eb1cbf15d71cd7e4f2b0c2a81309b6c (tag) tagging 91c4bf85967339fff09f6576c6756d3695390e13 (commit) replaces samba-4.8.7 tagged by Karolin Seeger on Thu Dec 13 10:11:47 2018 +0100
- Log ----------------------------------------------------------------- samba: tag release samba-4.8.8 -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXBIiUwAKCRBvM5FbZWi3 6nvyAJ4wjxsw5eZIdDoQNSZnAEtoLbewFgCgjwPE37xGlONQ7Vscw/G/5bRlKcU= =4+T/ -----END PGP SIGNATURE----- Aaron Haslett (1): CVE-2018-14629: Tests to expose regression from dns cname loop fix Amitay Isaacs (12): ctdb-daemon: Add invalid_records flag to ctdb_db_context ctdb-daemon: Don't pull any records if records are invalidated ctdb-daemon: Invalidate records if a node becomes INACTIVE ctdb-vacuum: Simplify the deletion of vacuumed records ctdb-vacuum: Fix the incorrect counting of remote errors ctdb-vacuum: Remove unnecessary check for zero records in delete list ctdb-daemon: Drop implementation of RECEIVE_RECORDS control ctdb-protocol: Mark RECEIVE_RECORDS control obsolete ctdb-protocol: Drop marshalling code for RECEIVE_RECORDS control ctdb-tests: Drop code for RECEIVE_RECORDS control ctdb-common: Set close-on-exec for startup fd ctdb-event: Check the return status of sock_daemon_set_startup_fd Andreas Schneider (2): lib:util: Fix DEBUGCLASS pointer initializiation CVE-2018-16853: Do not segfault if client is not set Andrew Bartlett (2): dbcheck: Use symbolic control name for DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS dsdb: Add comments explaining the limitations of our current backlink behaviour Christof Schmitt (20): s3/lib:popt_common: Move setup_logging to common callback s3:lib: Move popt_common_credentials to separate file s3:lib: Introduce cmdline context wrapper test:doc: Skip 'clustering=yes' s3:smbpasswd: Use cmdline_messaging_context s3:smbstatus: Use cmdline_messaging_context rpcclient: Use cmdline_messaging_context s3:net: Use cmdline_messaging_context s3:pdbedit: Use cmdline_messaging_context s3:testparm: Use cmdline_messaging_context s3:sharesec: Use cmdline_messaging_context s3: ntlm_auth: Use cmdline_messaging_context s3:eventlogadm: Use cmdline_messaging_context s3:dbwrap_tool: Use cmdline_messaging_context s3:smbcontrol: Use cmdline_messaging_context s3:smbget: Use cmdline_messaging_context smbtorture: Add test for DELETE_ON_CLOSE on files with READ_ONLY attribute smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute selftest: Add share to test "delete readonly" option selftest: Run smb2.delete-on-close-perms also with "delete readonly = yes" Isaac Boukris (4): CVE-2018-16853: Fix kinit test on system lacking ldbsearch CVE-2018-16853: The ticket in check_policy_as can actually be a TGS CVE-2018-16853: Add a test to verify s4u2self doesn't crash CVE-2018-16853: fix crash in expired passowrd case Jeremy Allison (1): s3: smbd: Prevent valgrind errors in smbtorture3 POSIX test. Karolin Seeger (5): VERSION: Bump version up to 4.8.6... Merge tag 'samba-4.8.7' into v4-8-test VERSION: Bump version up to 4.8.8. WHATSNEW: Add release notes for Samba 4.8.8. VERSION: Disable GIT_SNAPSHOT for the 4.8.8 release. Martin Schwenke (4): ctdb-tests: Add recovery record resurrection test for volatile databases ctdb-daemon: Return early when refusing to run an event script ctdb-daemon: Exit if eventd goes away ctdb-recovery: Ban a node that causes recovery failure Ralph Boehme (99): s3:lib/server_contexts: make server_event_ctx and server_msg_ctx static s3:loadparm: reinit_globals in lp_load_with_registry_shares() selftest: pass configfile to pdbedit s3:popt_common: use cmdline_messaging_context() in popt_common_credentials_callback() s3:messaging: remove unused messaging_init_client() s4:torture: FinderInfo conversion test with AppleDouble without xattr data vfs_fruit: fix two comments vfs_fruit: store filler bytes from AppleDouble file header in struct adouble vfs_fruit: move setting ADEID_FINDERI length to ad_convert_xattr() vfs_fruit: do direct return from error checks in ad_convert() vfs_fruit: remove unneeded fd argument from ad_convert() vfs_fruit: move storing of modified struct adouble to ad_convert() vfs_fruit: move FinderInfo conversion to helper function and call it from ad_convert() vfs_fruit: move FinderInfo lenght check to ad_convert() vfs_fruit: split out truncating from ad_convert() vfs_fruit: use ADEDOFF_RFORK_DOT_UND offset macro in ad_convert_truncate() vfs_fruit: split out moving of the resource fork vfs_fruit: use ADEDOFF_RFORK_DOT_UND offset macro in ad_convert_move_reso() vfs_fruit: fix error returns in ad_convert_xattr() vfs_fruit: let the ad_convert_*() subfunctions mmap as needed vfs_fruit: let the ad_convert_*() subfunction update the on-disk AppleDoube header as needed vfs_fruit: call ad_convert_move_reso() from ad_convert_xattr() vfs_fruit: add check for OS X filler in FinderInfo conversion vfs_fruit: add out arg "converted_xattr" to ad_convert_xattr vfs_fruit: make call to ad_convert_truncate() optional vfs_fruit: move check in ad_convert() to ad_convert_*() subfunctions vfs_fruit: remove check for number of xattrs from ad_convert_xattr docs:vfs_fruit: add "wipe_intentionally_left_blank_rfork" option docs:vfs_fruit: add "delete_empty_adfiles" option s3:selftest: list vfs testssuites one per line s4:torture: add test for AppleDouble ResourceFork conversion vfs_fruit: add option "wipe_intentionally_left_blank_rfork" vfs_fruit: detect empty resource forks in ad_convert() vfs_fruit: add option "delete_empty_adfiles" vfs_fruit: optionally delete AppleDouble files without Resourcefork data libcli: add smbXcli_req_endtime libcli: fill endtime if smbXcli_req_create() timeout is non-zero s4:libcli/smb2: reapply request endtime vfs_delay_inject: implement pread_send and pwrite_send s4:torture/smb2/read: add test for cancelling SMB aio s3:smbd: fix SMB2 aio cancelling s3:smbd: remove now unused check if fsp is NULL s4/test: fix AAPL size check vfs_streams_xattr: fix open implementation s4:torture/vfs/fruit: skip a few tests when running against a macOS SMB server s4:torture/vfs/fruit: fix a few error checks in "delete AFP_AfpInfo by writing all 0" s4:torture/vfs/fruit: set share_access to NTCREATEX_SHARE_ACCESS_MASK in check_stream_list s4:torture/vfs/fruit: update test "SMB2/CREATE context AAPL" to work against macOS s4:torture/vfs/fruit: update test "stream names" to work with macOS s4:torture/vfs/fruit: ensure a directory handle is closed in all code paths s4:torture/vfs/fruit: update test "read open rsrc after rename" to work with macOS s4:torture/vfs/fruit: expand existing test "setinfo delete-on-close AFP_AfpInfo" a little bit s4:torture/vfs/fruit: expand existing vfs_test "null afpinfo" s4:torture/vfs/fruit: update test "creating rsrc with read-only access" for newer macOS versions vfs_fruit: update handling of read-only creation of resource fork s4:torture/vfs/fruit: expand test "setinfo eof stream" s4:torture/vfs/fruit: write some data to a just created teststream vfs_fruit: don't unlink 0-byte size truncated streams s4:torture/vfs/fruit: enable AAPL extensions in a bunch of tests vfs_fruit: use check on global_fruit_config.nego_aapl for macOS specific behaviour vfs_fruit: filter empty streams s4:torture/util: add torture_smb2_open() s4:torture/vfs/fruit: add check_stream_list_handle() s4:torture/vfs/fruit: add test "empty_stream" vfs_fruit: add some debugging of dev/ino vfs_fruit: remove resource fork special casing vfs_fruit: add fio->created vfs_fruit: prepare struct fio for fake-fd and on-demand opening vfs_fruit: prepare fruit_pwrite_meta() for on-demand opening and writing vfs_fruit: prepare fruit_pread_meta() for reading on fake-fd vfs_fruit: do ino calculation vfs_fruit: let fruit handle all aio on the FinderInfo metadata stream vfs_fruit: pass stream size to delete_invalid_meta_stream() vfs_fruit: let fruit_pwrite_meta_stream also ftruncate empty FinderInfo vfs_fruit: don't check for delete-on-close on the FinderInfo stream vfs_fruit: let fruit_open_meta() with O_CREAT return a fake-fd s4:torture/vfs/fruit: torture writing AFP_AfpInfo stream vfs_fruit: move a comment to the right place vfs_fruit: validation of writes on AFP_AfpInfo stream s3:selftest: split "raw.session" and "smb2.session" s3:selftest: also run smb2.session torture testsuite against ad_member libcli/smb: add smb2cli_session_require_signed_response() libcli/smb: maintain require_signed_response in smbXcli_req_state libcli/smb: defer singing check a little bit libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming() s4:torture/smb2/session: invalidate credential cache s4:torture/smb2/session: require a signed session setup reauth response s4:torture/smb2/session: add force_signing to test_session_expire1i s4:torture/smb2/session: session reauth response must be signed s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd s3:smbd: make psbuf arg to make_default_acl_posix() const vfs_zfsacl: return synthesized ACL when ZFS return ENOTSUP s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works libcli/smb: don't overwrite status code selftest: test wbinfo -n and --gid-info with "NT Authority" libcli/security: add dom_sid_lookup_is_predefined_domain() winbindd: add some braces winbindd: fix predefined domains routing in find_lookup_domain_from_sid() winbindd: Route predefined domains through the BUILTIN domain child Stefan Metzmacher (17): s4:torture: split smb2.session.expire{1,2} to run with signing and encryptpion smb2_server: set req->do_encryption = true earlier schema_samba4.ldif: add allocation of DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME s4:dsdb: fix comment on DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME testprogs/blackbox: add samba4.blackbox.test_primary_group test s4:dsdb: add DSDB_CONTROL_DBCHECK_FIX_LINK_DN_SID oid dbchecker: improve verbose output of do_modify() dbchecker: Fix missing <SID=...> on linked attributes blackbox/dbcheck-links: Test broken links with missing <SID=...> on linked attributes s4:repl_meta_data: pass down struct replmd_replicated_request to replmd_modify_handle_linked_attribs() s4:repl_meta_data: pass down struct replmd_replicated_request to replmd_modify_la_add() s4:repl_meta_data: add missing \n to a DEBUG message in replmd_modify_la_add() s4:repl_meta_data: pass down struct replmd_replicated_request to replmd_modify_la_delete() s4:repl_meta_data: pass down struct replmd_replicated_request to replmd_modify_la_replace() s4:repl_meta_data: add support for DSDB_CONTROL_DBCHECK_FIX_LINK_DN_SID s4:samldb: internally use extended dns while changing the primaryGroupID field CVE-2018-14629 dns: fix CNAME loop prevention using counter regression Tim Beale (1): dbchecker: Fixing up incorrect DNs wasn't working Volker Lendecke (4): examples: Fix the smb2mount build winbindd_cache: Fix timeout calculation for sid<->name cache torture: Fix the clang build torture: Fix the 32-bit build ----------------------------------------------------------------------- -- Samba Shared Repository