[SCM] Samba Shared Repository - annotated tag samba-4.4.10 created

Karolin Seeger kseeger at samba.org
Wed Mar 1 08:53:50 UTC 2017

The annotated tag, samba-4.4.10 has been created
        at  a5bd79cdf639f1a5c06b67e041e22c017b70287e (tag)
   tagging  51ad60bbf7304e6790641591b3549714a50561f0 (commit)
  replaces  samba-4.4.9
 tagged by  Karolin Seeger
        on  Wed Mar 1 09:52:12 2017 +0100

- Log -----------------------------------------------------------------
samba: tag release samba-4.4.10
Version: GnuPG v1


Amitay Isaacs (10):
      Revert "ctdb-common: Use SCHED_RESET_ON_FORK when setting SCHED_FIFO"
      dlz-bind: Fix preprocessor checks for BIND versions
      dlz-bind: Fix initialization of DLZ_DLOPEN_AGE
      dlz-bind: Set DNS_CLIENTINFO_VERSION based on BIND version
      dlz-bind: Add support for BIND 9.11.x
      provision: Add support for BIND 9.11.x
      ctdb-locking: Reset real-time priority in lock helper
      ctdb-recovery: Avoid NULL dereference in failure case
      ctdb-common: Fix use-after-free error in comm_fd_handler()
      ctdb-tests: Add more comm tests

Andreas Schneider (15):
      s3-winbind: Do not return NO_MEMORY if we have an empty user list
      s3-printing: Correctly encode CUPS printer URIs
      s3-printing: Allow printer names longer than 16 chars
      s3:spoolss: Add support for COPY_FROM_DIRECTORY in AddPrinterDriverEx
      lib:torture: Make variables const
      s4:torture: Add tortue test for AddPrinterDriverEx with COPY_FROM_DIRECTORY
      s4:torture: Strip trailing whitespaces in session_key.c
      s4:torture: Normalizes names in session_key test
      s4:torture: Fix cleanup of the secrets object in session_key test
      nss_wins: Fix errno values for HOST_NOT_FOUND
      printing: Fix building with CUPS version older than 1.7
      s3:param: Add an 'include system krb5 conf' option
      s3:libads: Include system /etc/krb5.conf if we use MIT Kerberos
      selftest: Do not include system krb5.conf in selftest
      s3-vfs: Only walk the directory once in open_and_sort_dir()

Andrew Bartlett (1):
      build: Fix build with perl on debian sid.

Björn Jacke (2):
      pam: map more NT password errors to PAM errors
      vfs_default: unlock the right file in copy chunk

David Disseldorp (2):
      torture/ioctl: test set_compression(format_none)
      smbd/ioctl: match WS2016 ReFS set compression behaviour

Günther Deschner (2):
      spoolss: Use correct values for secdesc and devmode pointers
      s4-torture: add spoolss_SetPrinter ndr test to validate secdesc_ptr

Jeremy Allison (33):
      s3: vfs: streams_depot. Use conn->connectpath not conn->cwd.
      s3: delete_streams: Don't jump to fail: - that resets state.
      s3/smbd: fix the last resort check that sets the file type attribute
      s3: smbd: rename - missing early error exit if source and destination prefixes are different.
      s3: smbd: Make check_parent_access() available to rename code.
      s3: smbd: Add missing permissions check on destination folder.
      lib: security: se_access_check() incorrectly processes owner rights (S-1-3-4) DENY ace entries
      s3: ntlm_auth: Don't corrupt the output stream with debug messages.
      s3: libsmb: Add cli_smb2_ftruncate(), plumb into cli_ftruncate().
      s3: torture: Add test for cli_ftruncate calling cli_smb2_ftruncate.
      s3: vfs: dirsort doesn't handle opendir of "." correctly.
      s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open() store the same path as streams_xattr_recheck().
      s3: smbd: Correctly canonicalize any incoming shadow copy path.
      s3: lib: Add canonicalize_absolute_path().
      s3: lib: Fix two old, old bugs in set_conn_connectpath(), now in canonicalize_absolute_path().
      s3: smbtorture: Add new local test LOCAL-CANONICALIZE-PATH
      s3: smbd: Make set_conn_connectpath() call canonicalize_absolute_path().
      s3: VFS: shadow_copy2: Correctly initialize timestamp and stripped variables.
      s3: VFS: shadow_copy2: Ensure pathnames for parameters are correctly relative and terminated.
      s3: VFS: shadow_copy2: Fix length comparison to ensure we don't overstep a length.
      s3: VFS: shadow_copy2: Add two new variables to the config data. Not yet used.
      s3: VFS: shadow_copy2: Add a wrapper function to call the original shadow_copy2_strip_snapshot().
      s3: VFS: shadow_copy2: Change a parameter name.
      s3: VFS: shadow_copy2: Add two currently unused functions to make pathnames absolute or relative to $cwd.
      s3: VFS: shadow_copy2: Fix chdir to store off the needed private variables.
      s3: VFS: Allow shadow_copy2_connectpath() to return the cached path derived from $cwd.
      s3: VFS: Ensure shadow:format cannot contain a / path separator.
      s3: VFS: Add utility function check_for_converted_path().
      s3: VFS: shadow_copy2: Fix module to work with variable current working directory.
      s3: VFS: shadow_copy2: Fix a memory leak in the connectpath function.
      s3: VFS: shadow_copy2: Fix usage of saved_errno to only set errno on error.
      s3: VFS: Don't allow symlink, link or rename on already converted paths.
      s3: smbd: Don't loop infinitely on bad-symlink resolution.

Karolin Seeger (8):
      VERSION: Bump version up to 4.4.8...
      WHATSNEW: Add release notes for Samba 4.4.8.
      VERSION: Disable GIT_SNAPSHOTS for the 4.4.8 release.
      WHATSNEW: Add release notes for Samba 4.4.9.
      VERSION: Disable GIT_SNAPSHOTS for the 4.4.9 release.
      VERSION: Bump version up to 4.4.10...
      WHATSNEW: Add release notes for Samba 4.4.10.
      VERSION: Disable GIT_SNAPSHOTS for the 4.4.10 release.

Martin Schwenke (3):
      ctdb-packaging: Move CTDB tests to /usr/local/share/ctdb/tests/
      ctdb-tests: Add tests for updated Debian style Samba start/stop
      ctdb-scripts: Initialise CTDB_NFS_CALLOUT in statd-callout

Mathieu Parent (1):
      ctdb-scripts: Fix Debian init in samba eventscript

Michael Adam (1):
      vfs:glusterfs: preallocate result for glfs_realpath

Ralph Boehme (13):
      manpages/vfs_fruit: fruit:resource option misspelling
      manpages/vfs_fruit: add warning to fruit:resoure=stream
      s3/smbd: ensure global "smb encrypt = off" is effective for SMB 1 clients
      s3/smbd: ensure global "smb encrypt = off" is effective for SMB 3.1.1 clients
      s3/smbd: ensure global "smb encrypt = off" is effective for share with "smb encrypt = desired"
      docs: impact of a global "smb encrypt=off" on a share with "smb encrypt=required"
      selftest: disable SMB encryption in simpleserver environment
      selftest: add test for global "smb encrypt=off"
      vfs_fruit: checks wrong AAPL config state and so always uses readdirattr
      selftest: also run test base.createx_access against ad_dc
      s3/smbd: check for invalid access_mask smbd_calculate_access_mask()
      s3/rpc_server/mdssvc: add attribute "kMDItemContentType"
      vfs_streams_xattr: use fsp, not base_fsp

Ralph Wuerthner (1):
      ctdb-conn: add missing variable initialization

Stefan Metzmacher (40):
      s3:smbd: only pass UCF_PREP_CREATEFILE to filename_convert() if we may create a new file
      CVE-2016-2125: s4:scripting: don't use GSS_C_DELEG_FLAG in nsupdate-gss
      CVE-2016-2125: s3:gse: avoid using GSS_C_DELEG_FLAG
      CVE-2016-2125: s4:gensec_gssapi: don't use GSS_C_DELEG_FLAG by default
      CVE-2016-2126: auth/kerberos: only allow known checksum types in check_pac_checksum()
      Merge tag 'samba-4.4.8' into v4-4-test
      VERSION: Bump version up to 4.4.9...
      krb5_wrap: provide CKSUMTYPE_HMAC_SHA1_96_AES_*
      s3:librpc/gse: include ccache_name in DEBUG message if krb5_cc_resolve() fails
      s3:librpc/gse: remove unused #ifdef HAVE_GSS_KRB5_IMPORT_CRED
      s3:librpc/gse: make use of gss_krb5_import_cred() instead of gss_acquire_cred()
      script/release.sh: fix off by 1 error in announce.${tagname}.mail.txt creation
      Merge tag 'samba-4.4.9' into v4-4-test
      s3:smbd: allow "server min protocol = SMB3_00" to go via "SMB 2.???" negprot
      selftest/Samba3: use "server min protocol = SMB3_00" for "ktest"
      s3:librpc: remove bigendian argument from dcerpc_pull_ncacn_packet()
      libcli/auth: check E_md4hash() result in netlogon_creds_cli_ServerPasswordSet_send()
      libcli/auth: add netlogon_creds_cli_debug_string()
      lib/util: add generate_random_machine_password() function
      s3:libsmb: let trust_pw_change() debug more verbose information
      s3:libsmb: let trust_pw_change() verify the new password at the end.
      s3:libsmb: add trust_pw_new_value() helper function
      s3:libsmb: use trust_pw_new_value() in trust_pw_change()
      s3:libads: use trust_pw_new_value() for krb5 machine passwords
      s3:libnet_join: make use of trust_pw_new_value()
      s3:net_rpc_trust: make use of trust_pw_new_value()
      s3:include: remove unused DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH
      s4:libcli/raw: remove unused DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH
      krb5_wrap: use our own code to calculate the ENCTYPE_ARCFOUR_HMAC key
      librpc/rpc: fix regression in NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping
      libcli/auth: use the correct creds value against servers without LogonSamLogonEx
      s3:winbindd: make sure cm_prepare_connection() only returns OK with a valid tree connect
      s3:winbindd: try a NETLOGON connection with noauth over NCACN_NP against trusted domains.
      auth/credentials: try to use kerberos with the machine account unless we're in an AD domain
      s3:winbindd: fix the valid usage anonymous smb authentication
      s3:passdb: use cli_credentials_set_kerberos_state() for trusts in pdb_get_trust_credentials()
      s3:winbindd: add more debugging to cm_prepare_connection()
      s3:winbindd: rely on the kerberos_state from pdb_get_trust_credentials()
      s3:libads: add more debugging to ads_sasl_spnego_bind()
      s3:winbindd: allow a fallback to NTLMSSP for LDAP connections

Uri Simchoni (1):
      waf: backport finding of pkg-config

Volker Lendecke (3):
      CVE-2016-2123: Fix DNS vuln ZDI-CAN-3995
      messaging: Fix dead but not cleaned-up-yet destination sockets
      smbd: Fix "map acl inherit" = yes


Samba Shared Repository

More information about the samba-cvs mailing list