[SCM] Samba Shared Repository - annotated tag samba-4.6.15 created

Karolin Seeger kseeger at samba.org
Fri Apr 13 07:47:48 UTC 2018 

The annotated tag, samba-4.6.15 has been created
        at  ea132b05d3b6a2543922c8c8395646e3174a78fa (tag)
   tagging  c4d44b9a78f65a27803ee7005a077292b45690f7 (commit)
  replaces  samba-4.6.14
 tagged by  Karolin Seeger
        on  Fri Apr 13 09:46:43 2018 +0200

- Log -----------------------------------------------------------------
samba: tag release samba-4.6.15
-----BEGIN PGP SIGNATURE-----

iEYEABECAAYFAlrQYGQACgkQbzORW2Vot+qI4gCghayfrXCSXvxapnCBVATwjnpE
y+QAoIycikSkkpvqAPLgrAGd/iTMqsHm
=A2qV
-----END PGP SIGNATURE-----

Andreas Schneider (1):
      s3:smbd: Do not crash if we fail to init the session table

Anton Nefedov via samba-technical (1):
      s3:smbd: map nterror on smb2_flush errorpath

Dan Robertson (1):
      libsmb: Use smb2 tcon if conn_protocol >= SMB2_02

Garming Sam (2):
      subnet: Avoid a segfault when renaming subnet objects
      tests/bind.py: Add a bind test with NTLMSSP with no domain

Günther Deschner (1):
      build: fix libceph-common detection

Jeremy Allison (4):
      CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs.
      s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here.
      s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir()
      s3: smbd: Unix extensions attempts to change wrong field in fchown call.

Karolin Seeger (16):
      VERSION: Bump version up to 4.6.14...
      Revert "HEIMDAL:kdc: use the correct authtime from addtitional ticket for S4U2Proxy tickets"
      Revert "TODO s4:kdc: indicate support for new encryption types by adding empty keys"
      Revert "TODO s4:kdc: msDS-SupportedEncryptionTypes only on computers"
      Revert "s4:kdc: use the strongest possible tgs session key"
      Revert "HEIMDAL:hdb: export a hdb_enctype_supported() helper function"
      Revert "HEIMDAL:kdc: let _kdc_encode_reply() use the encryption type based on the server key"
      Revert "s4:kdc: fix the principal names in samba_kdc_update_delegation_info_blob"
      Revert "HEIMDAL:kdc: if we don't have an authenticator subkey for S4U2Proxy we need to use the additional tickets key"
      Revert "HEIMDAL:kdc: decrypt b->enc_authorization_data in tgs_build_reply()"
      Revert "HEIMDAL:kdc: fix memory leak when decryption AuthorizationData"
      WHATSNEW: Add release notes for Samba 4.6.14.
      VERSION: Disable GIT_SNAPSHOT for the 4.6.14 release.
      VERSION: Bump version up to 4.6.15...
      WHATSNEW: Add release notes for Samba 4.6.15.
      VERSION: Disable GIT_SNAPSHOT for the 4.6.15 release.

Poornima G (1):
      vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async

Ralph Boehme (13):
      CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete
      CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE
      CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values
      CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights()
      CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights()
      CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks
      CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control
      CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights()
      CVE-2018-1057: s4/dsdb: correctly detect password resets
      CVE-2018-1057: s4:dsdb/acl: run password checking only once
      CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control
      CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID
      CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control

Stefan Metzmacher (17):
      HEIMDAL:kdc: fix memory leak when decryption AuthorizationData
      HEIMDAL:kdc: decrypt b->enc_authorization_data in tgs_build_reply()
      HEIMDAL:kdc: if we don't have an authenticator subkey for S4U2Proxy we need to use the additional tickets key
      s4:kdc: fix the principal names in samba_kdc_update_delegation_info_blob
      HEIMDAL:kdc: let _kdc_encode_reply() use the encryption type based on the server key
      HEIMDAL:hdb: export a hdb_enctype_supported() helper function
      s4:kdc: use the strongest possible tgs session key
      TODO s4:kdc: msDS-SupportedEncryptionTypes only on computers
      TODO s4:kdc: indicate support for new encryption types by adding empty keys
      HEIMDAL:kdc: use the correct authtime from addtitional ticket for S4U2Proxy tickets
      s4:torture: add smb2.session.expire2 test
      s3:smbd: return the correct error for cancelled SMB2 notifies on expired sessions
      s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions
      Merge tag 'samba-4.6.14' into v4-6-test
      s3:libsmb: allow -U"\\administrator" to work
      s3:cliconnect.c: remove useless ';'
      s3:smb2_server: correctly maintain request counters for compound requests

Volker Lendecke (8):
      samba: Only use async signal-safe functions in signal handler
      smbd: Fix a typo
      torture4: Fix typos
      smbd: Remove a "!" from an if-condition for easier readability
      smbd: Fix channel sequence number checks for long-running requests
      smbXcli: Add "force_channel_sequence"
      torture: Add test for channel sequence number handling
      torture: Test compound request request counters

-----------------------------------------------------------------------


-- 
Samba Shared Repository

More information about the samba-cvs mailing list