[SCM] Samba Shared Repository - annotated tag samba-4.4.10 created
Karolin Seeger
kseeger at samba.org
Wed Mar 1 08:53:50 UTC 2017
The annotated tag, samba-4.4.10 has been created
at a5bd79cdf639f1a5c06b67e041e22c017b70287e (tag)
tagging 51ad60bbf7304e6790641591b3549714a50561f0 (commit)
replaces samba-4.4.9
tagged by Karolin Seeger
on Wed Mar 1 09:52:12 2017 +0100
- Log -----------------------------------------------------------------
samba: tag release samba-4.4.10
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQBYtou8bzORW2Vot+oRAkq3AJ9eQr9IznpkmZx0IM1DjEpA1qItEQCfbwfE
vyV8SynYkNkE7ECqUko39bo=
=mBeR
-----END PGP SIGNATURE-----
Amitay Isaacs (10):
Revert "ctdb-common: Use SCHED_RESET_ON_FORK when setting SCHED_FIFO"
dlz-bind: Fix preprocessor checks for BIND versions
dlz-bind: Fix initialization of DLZ_DLOPEN_AGE
dlz-bind: Set DNS_CLIENTINFO_VERSION based on BIND version
dlz-bind: Add support for BIND 9.11.x
provision: Add support for BIND 9.11.x
ctdb-locking: Reset real-time priority in lock helper
ctdb-recovery: Avoid NULL dereference in failure case
ctdb-common: Fix use-after-free error in comm_fd_handler()
ctdb-tests: Add more comm tests
Andreas Schneider (15):
s3-winbind: Do not return NO_MEMORY if we have an empty user list
s3-printing: Correctly encode CUPS printer URIs
s3-printing: Allow printer names longer than 16 chars
s3:spoolss: Add support for COPY_FROM_DIRECTORY in AddPrinterDriverEx
lib:torture: Make variables const
s4:torture: Add tortue test for AddPrinterDriverEx with COPY_FROM_DIRECTORY
s4:torture: Strip trailing whitespaces in session_key.c
s4:torture: Normalizes names in session_key test
s4:torture: Fix cleanup of the secrets object in session_key test
nss_wins: Fix errno values for HOST_NOT_FOUND
printing: Fix building with CUPS version older than 1.7
s3:param: Add an 'include system krb5 conf' option
s3:libads: Include system /etc/krb5.conf if we use MIT Kerberos
selftest: Do not include system krb5.conf in selftest
s3-vfs: Only walk the directory once in open_and_sort_dir()
Andrew Bartlett (1):
build: Fix build with perl on debian sid.
Björn Jacke (2):
pam: map more NT password errors to PAM errors
vfs_default: unlock the right file in copy chunk
David Disseldorp (2):
torture/ioctl: test set_compression(format_none)
smbd/ioctl: match WS2016 ReFS set compression behaviour
Günther Deschner (2):
spoolss: Use correct values for secdesc and devmode pointers
s4-torture: add spoolss_SetPrinter ndr test to validate secdesc_ptr
Jeremy Allison (33):
s3: vfs: streams_depot. Use conn->connectpath not conn->cwd.
s3: delete_streams: Don't jump to fail: - that resets state.
s3/smbd: fix the last resort check that sets the file type attribute
s3: smbd: rename - missing early error exit if source and destination prefixes are different.
s3: smbd: Make check_parent_access() available to rename code.
s3: smbd: Add missing permissions check on destination folder.
lib: security: se_access_check() incorrectly processes owner rights (S-1-3-4) DENY ace entries
s3: ntlm_auth: Don't corrupt the output stream with debug messages.
s3: libsmb: Add cli_smb2_ftruncate(), plumb into cli_ftruncate().
s3: torture: Add test for cli_ftruncate calling cli_smb2_ftruncate.
s3: vfs: dirsort doesn't handle opendir of "." correctly.
s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open() store the same path as streams_xattr_recheck().
s3: smbd: Correctly canonicalize any incoming shadow copy path.
s3: lib: Add canonicalize_absolute_path().
s3: lib: Fix two old, old bugs in set_conn_connectpath(), now in canonicalize_absolute_path().
s3: smbtorture: Add new local test LOCAL-CANONICALIZE-PATH
s3: smbd: Make set_conn_connectpath() call canonicalize_absolute_path().
s3: VFS: shadow_copy2: Correctly initialize timestamp and stripped variables.
s3: VFS: shadow_copy2: Ensure pathnames for parameters are correctly relative and terminated.
s3: VFS: shadow_copy2: Fix length comparison to ensure we don't overstep a length.
s3: VFS: shadow_copy2: Add two new variables to the config data. Not yet used.
s3: VFS: shadow_copy2: Add a wrapper function to call the original shadow_copy2_strip_snapshot().
s3: VFS: shadow_copy2: Change a parameter name.
s3: VFS: shadow_copy2: Add two currently unused functions to make pathnames absolute or relative to $cwd.
s3: VFS: shadow_copy2: Fix chdir to store off the needed private variables.
s3: VFS: Allow shadow_copy2_connectpath() to return the cached path derived from $cwd.
s3: VFS: Ensure shadow:format cannot contain a / path separator.
s3: VFS: Add utility function check_for_converted_path().
s3: VFS: shadow_copy2: Fix module to work with variable current working directory.
s3: VFS: shadow_copy2: Fix a memory leak in the connectpath function.
s3: VFS: shadow_copy2: Fix usage of saved_errno to only set errno on error.
s3: VFS: Don't allow symlink, link or rename on already converted paths.
s3: smbd: Don't loop infinitely on bad-symlink resolution.
Karolin Seeger (8):
VERSION: Bump version up to 4.4.8...
WHATSNEW: Add release notes for Samba 4.4.8.
VERSION: Disable GIT_SNAPSHOTS for the 4.4.8 release.
WHATSNEW: Add release notes for Samba 4.4.9.
VERSION: Disable GIT_SNAPSHOTS for the 4.4.9 release.
VERSION: Bump version up to 4.4.10...
WHATSNEW: Add release notes for Samba 4.4.10.
VERSION: Disable GIT_SNAPSHOTS for the 4.4.10 release.
Martin Schwenke (3):
ctdb-packaging: Move CTDB tests to /usr/local/share/ctdb/tests/
ctdb-tests: Add tests for updated Debian style Samba start/stop
ctdb-scripts: Initialise CTDB_NFS_CALLOUT in statd-callout
Mathieu Parent (1):
ctdb-scripts: Fix Debian init in samba eventscript
Michael Adam (1):
vfs:glusterfs: preallocate result for glfs_realpath
Ralph Boehme (13):
manpages/vfs_fruit: fruit:resource option misspelling
manpages/vfs_fruit: add warning to fruit:resoure=stream
s3/smbd: ensure global "smb encrypt = off" is effective for SMB 1 clients
s3/smbd: ensure global "smb encrypt = off" is effective for SMB 3.1.1 clients
s3/smbd: ensure global "smb encrypt = off" is effective for share with "smb encrypt = desired"
docs: impact of a global "smb encrypt=off" on a share with "smb encrypt=required"
selftest: disable SMB encryption in simpleserver environment
selftest: add test for global "smb encrypt=off"
vfs_fruit: checks wrong AAPL config state and so always uses readdirattr
selftest: also run test base.createx_access against ad_dc
s3/smbd: check for invalid access_mask smbd_calculate_access_mask()
s3/rpc_server/mdssvc: add attribute "kMDItemContentType"
vfs_streams_xattr: use fsp, not base_fsp
Ralph Wuerthner (1):
ctdb-conn: add missing variable initialization
Stefan Metzmacher (40):
s3:smbd: only pass UCF_PREP_CREATEFILE to filename_convert() if we may create a new file
CVE-2016-2125: s4:scripting: don't use GSS_C_DELEG_FLAG in nsupdate-gss
CVE-2016-2125: s3:gse: avoid using GSS_C_DELEG_FLAG
CVE-2016-2125: s4:gensec_gssapi: don't use GSS_C_DELEG_FLAG by default
CVE-2016-2126: auth/kerberos: only allow known checksum types in check_pac_checksum()
Merge tag 'samba-4.4.8' into v4-4-test
VERSION: Bump version up to 4.4.9...
krb5_wrap: provide CKSUMTYPE_HMAC_SHA1_96_AES_*
s3:librpc/gse: include ccache_name in DEBUG message if krb5_cc_resolve() fails
s3:librpc/gse: remove unused #ifdef HAVE_GSS_KRB5_IMPORT_CRED
s3:librpc/gse: make use of gss_krb5_import_cred() instead of gss_acquire_cred()
script/release.sh: fix off by 1 error in announce.${tagname}.mail.txt creation
Merge tag 'samba-4.4.9' into v4-4-test
s3:smbd: allow "server min protocol = SMB3_00" to go via "SMB 2.???" negprot
selftest/Samba3: use "server min protocol = SMB3_00" for "ktest"
s3:librpc: remove bigendian argument from dcerpc_pull_ncacn_packet()
libcli/auth: check E_md4hash() result in netlogon_creds_cli_ServerPasswordSet_send()
libcli/auth: add netlogon_creds_cli_debug_string()
lib/util: add generate_random_machine_password() function
s3:libsmb: let trust_pw_change() debug more verbose information
s3:libsmb: let trust_pw_change() verify the new password at the end.
s3:libsmb: add trust_pw_new_value() helper function
s3:libsmb: use trust_pw_new_value() in trust_pw_change()
s3:libads: use trust_pw_new_value() for krb5 machine passwords
s3:libnet_join: make use of trust_pw_new_value()
s3:net_rpc_trust: make use of trust_pw_new_value()
s3:include: remove unused DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH
s4:libcli/raw: remove unused DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH
krb5_wrap: use our own code to calculate the ENCTYPE_ARCFOUR_HMAC key
librpc/rpc: fix regression in NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping
libcli/auth: use the correct creds value against servers without LogonSamLogonEx
s3:winbindd: make sure cm_prepare_connection() only returns OK with a valid tree connect
s3:winbindd: try a NETLOGON connection with noauth over NCACN_NP against trusted domains.
auth/credentials: try to use kerberos with the machine account unless we're in an AD domain
s3:winbindd: fix the valid usage anonymous smb authentication
s3:passdb: use cli_credentials_set_kerberos_state() for trusts in pdb_get_trust_credentials()
s3:winbindd: add more debugging to cm_prepare_connection()
s3:winbindd: rely on the kerberos_state from pdb_get_trust_credentials()
s3:libads: add more debugging to ads_sasl_spnego_bind()
s3:winbindd: allow a fallback to NTLMSSP for LDAP connections
Uri Simchoni (1):
waf: backport finding of pkg-config
Volker Lendecke (3):
CVE-2016-2123: Fix DNS vuln ZDI-CAN-3995
messaging: Fix dead but not cleaned-up-yet destination sockets
smbd: Fix "map acl inherit" = yes
-----------------------------------------------------------------------
--
Samba Shared Repository
More information about the samba-cvs
mailing list