[SCM] Samba Shared Repository - annotated tag samba-4.6.3 created

Karolin Seeger kseeger at samba.org
Tue Apr 25 06:52:10 UTC 2017

The annotated tag, samba-4.6.3 has been created
        at  cf65634964f5d33fb46c38b0e27d523d5ee9285b (tag)
   tagging  bbdd5850b1d5fa44bbedcee8be60e4066ae0d680 (commit)
  replaces  samba-4.6.2
 tagged by  Karolin Seeger
        on  Mon Apr 24 12:15:08 2017 +0200

- Log -----------------------------------------------------------------
samba: tag release samba-4.6.3
Version: GnuPG v1


Alexander Bokovoy (7):
      gssapi: check for gss_acquire_cred_from
      lib/krb5_wrap: add smb_gss_krb5_import_cred wrapper
      credentials_krb5: convert to use smb_gss_krb5_import_cred
      libads: convert to use smb_gss_krb5_import_cred
      s3-gse: convert to use smb_gss_krb5_import_cred
      s3-gse: move krb5 fallback to smb_gss_krb5_import_cred wrapper
      lib/crypto: implement samba.crypto Python module for RC4

Amitay Isaacs (3):
      ctdb-readonly: Avoid a tight loop waiting for revoke to complete
      ctdb-tools: Avoid deferencing argv[0] if argc == 0
      ctdb-docs: Fix documentation of -n option to ctdb tool

Andreas Schneider (29):
      replace: Include sysmacros.h
      testprogs: Use smbclient by default in test_kinit_trusts
      testprogs: Add kinit_trusts tests with smbclient4
      krb5_wrap: Do not return an empty realm from smb_krb5_get_realm_from_hostname()
      krb5_wrap: Try to guess the correct realm from the service hostname
      krb5_wrap: pass client_realm to smb_krb5_get_realm_from_hostname()
      krb5_wrap: Make smb_krb5_get_realm_from_hostname() public
      s4:gensec-gssapi: Create a helper function to setup server_principal
      s4:gensec_gssapi: Move setup of service_principal to update function
      s4:gensec_gssapi: Use smb_krb5_get_realm_from_hostname()
      s4:gensec_gssapi: Correctly handle external trusts with MIT
      s3:gse: Use smb_krb5_get_realm_from_hostname()
      krb5_wrap: Remove obsolete smb_krb5_get_principal_from_service_hostname()
      s3:gse: Pass down the gensec_security pointer
      s3:gse: Move setup of service_principal to update function
      s3:gse: Check if we have a target_princpal set we should use
      s3:gse: Correctly handle external trusts with MIT
      auth/credentials: Always set the the realm if we set the principal from the ccache
      testprogs: Correctly expand shell parameters
      krb5_wrap: Print a warning for an invalid keytab name
      s3:libads: Correctly handle the keytab kerberos methods
      param: Allow to specify kerberos method on the commandline
      testprogs: Test 'net ads join' with a dedicated keytab
      s3:vfs_expand_msdfs: Do not open the remote address as a file
      s3:libsmb: Only print error message if kerberos use is forced
      s3:libads: Remove obsolete smb_krb5_get_ntstatus_from_init_creds()
      nsswtich: Add negative tests for authentication with wbinfo
      s3:tests: Add a subsitution test for %D %u %g
      selftest: Define template homedir for 'ad_member' env

Christof Schmitt (1):
      winbindd: Fix password policy for pam authentication

Hanno Böck (1):
      cleanupdb: Fix a memory read error

Jeremy Allison (14):
      s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes.
      Fix for Solaris C compiler.
      Changes to make the Solaris C compiler happy.
      s3: locking: Move two leases functions into a new file.
      s3: locking: Update oplock optimization for the leases era !
      s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017-2619).
      s3: Test for CVE-2017-2619 regression with "follow symlinks = no".
      s3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no"
      s3: smbd: Fix "follow symlink = no" regression part 2.
      s3: smbd: Fix "follow symlink = no" regression part 2.
      s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2
      lib: debug: Avoid negative array access.
      s3:lib: Fix incorrect logic in sys_broken_getgroups()
      s3:smbd: Fix incorrect use of sys_getgroups()

Karolin Seeger (7):
      VERSION: Bump version up to 4.6.1...
      Merge tag 'samba-4.6.1' into v4-6-test
      VERSION: Bump version up to 4.6.2.
      Merge tag 'samba-4.6.2' into v4-6-test
      VERSION: Bump version up to 4.6.3.
      WHATSNEW: Add release notes for Samba 4.6.3.
      VERSION: Disable GIT_SNAPSHOTS for the 4.6.3 release.

Martin Schwenke (1):
      autobuild: Stop waf uninstall from removing test_tmpdir

Michael Adam (3):
      s3:vfs:shadow_copy2: fix quoting in debug messages
      s3:vfs:shadow_copy2: fix the corner case if cwd=/ in make_relative_path
      s3:vfs:shadow_copy2: fix corner case of "/@GMT-token" in shadow_copy2_strip_snapshot

Ralph Boehme (30):
      lib/pthreadpool: fix a memory leak
      s3/wscript: fix Linux kernel oplock detection
      s3/smbd: add const to get_lease_type() args
      s3/smbd: add comments and some reformatting to open_file_ntcreate()
      s3/smbd: req is already validated at the beginning of open_file_ntcreate()
      s3/smbd: simplify defer_open()
      s3/smbd: add and use retry_open() instead of defer_open() in two places
      s3/smbd: fix schedule_async_open() timer
      s3/smbd: remove async_open arg from defer_open()
      s3/smbd: all callers of defer_open() pass a lck
      s3/smbd: fix deferred open with streams and kernel oplocks
      s3/selftest: adopt config.h check from source4
      s4/torture: some tests for kernel oplocks
      manpages/vfs_fruit: document global options
      vfs_fruit: resource fork open request with flags=O_CREAT|O_RDONLY
      s4/torture: vfs_fruit: test for bug 12565
      winbindd: use correct domain name for failed lookupsids
      winbindd: remove unused single_domains array
      selftest: new environment "ad_member_idmap_rid"
      selftest: tests idmap mapping with idmap_rid
      winbindd: use passdb backend for well-known SIDs
      selftest: wbinfo -s tests for wellknown SIDs
      selftest: wbinfo --sids-to-unix-ids tests for wellknown SIDs
      winbindd: explicit check for well-known SIDs in wb_lookupsids_bulk()
      selftest: fix for wbinfo -s tests for wellknown SIDs
      s3/include: add NT_STATUS_LOOKUP_ERR
      s3/rpc_client: use NT_STATUS_LOOKUP_ERR
      s3/rpc_client: lookupsids error handling of NT_STATUS_NONE_MAPPED
      winbindd: error handling in rpc_lookup_sids()
      winbindd: trigger possible passdb_dsdb initialisation

Stefan Metzmacher (13):
      idmap_autorid: allocate new domain range if the callers knows the sid is valid
      s4:gensec_gssapi: the value gensec_get_target_principal() should overwrite gensec_get_target_hostname()
      s4:gensec_gssapi: require a realm in gensec_gssapi_client_start()
      HEIMDAL:kdc: make it possible to disable the principal based referral detection
      s4:kdc: disable principal based autodetected referral detection
      wafsamba: move -L/some/path from LINKFLAGS_PYEMBED to LIBPATH_PYEMBED
      script/autobuild.py: cleanup the task subdirs when they're done.
      script/autobuild.py: export PYTHONUNBUFFERED=1
      script/autobuild.py: add a do_print() wrapper function that flushes after each message
      script/autobuild.py: try to make TMPDIR handling more verbose
      script/autobuild.py: ignore missing test_tmpdir
      rpcclient: allow -U'OTHERDOMAIN\user' again
      pam_winbind: no longer use wbcUserPasswordPolicyInfo when authenticating

Uri Simchoni (9):
      smbd: add zero_file_id flag
      vfs_fruit: enable zero file id
      vfs_fruit: document added zero_file_id parameter
      torture: add torture_assert_mem_not_equal_goto()
      selftest: tests for vfs_fruite file-id behavior
      selftest: test fetching a large ACL from vfs_acl_xattr
      vfs_xattr_tdb: handle case of zero size.
      vfs_acl_xattr: factor out fetching of an extended attribute
      vfs_acl_xattr: avoid needlessly supplying a large buffer to getxattr()

Volker Lendecke (5):
      smbd: Do an early exit on negprot failure
      torture3: Add test for smbd crash
      s3:winbind: Use the correct talloc context for user information
      smbd: Fix smb1 findfirst with DFS
      selftest: Test for bug 12558


Samba Shared Repository

More information about the samba-cvs mailing list