[SCM] Samba Shared Repository - annotated tag samba-4.7.7 created

Karolin Seeger kseeger at samba.org
Tue Apr 17 07:41:24 UTC 2018

The annotated tag, samba-4.7.7 has been created
        at  3ba0bc501c62b8fe3f2484ba1a1edea8c50b5271 (tag)
   tagging  41f51e0180615494bc61ec643ba4e921208cc369 (commit)
  replaces  samba-4.7.6
 tagged by  Karolin Seeger
        on  Tue Apr 17 09:40:42 2018 +0200

- Log -----------------------------------------------------------------
samba: tag release samba-4.7.7


Amitay Isaacs (1):
      ctdb-scripts: Drop "net serverid wipe" from 50.samba event script

Andreas Schneider (1):
      s3:smbd: Do not crash if we fail to init the session table

Anton Nefedov via samba-technical (1):
      s3:smbd: map nterror on smb2_flush errorpath

Christof Schmitt (5):
      test_smbclient_s3.sh: Use correct separator in "list with backup privilege" test
      nsswitch: Fix wbcListUsers test
      nsswitch: Fix wbcListGroups test
      Add test for wbinfo name lookup
      winbindd: Do not ignore domain in the LOOKUPNAME request

Dan Robertson (1):
      libsmb: Use smb2 tcon if conn_protocol >= SMB2_02

David Disseldorp (1):
      build: fix ceph_statx check when configured with libcephfs_dir

David Mulder (1):
      smbc_opendir should not return EEXIST with invalid login credentials

Eric Vannier (1):
      Allow AESNI to be used on all processor supporting AESNI, not just Intel's This improves performance/reduced CPU usage. Tests performed: - Ran on Ivy Bridge and Ryzen and verified that AESNI is detected (crypto tests) - Ran on Ryzen, and observed 50% increased speed.

Garming Sam (3):
      subnet: Avoid a segfault when renaming subnet objects
      tests/py_creds: Add a SamLogonEx test with an empty string domain
      tests/bind.py: Add a bind test with NTLMSSP with no domain

G√ľnther Deschner (1):
      build: fix libceph-common detection

Jeremy Allison (24):
      CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs.
      s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here.
      s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir()
      s3: vfs_fruit. Ensure we only return one set of the 'virtual' UNIX ACE entries.
      s3: vfs_fruit: Ensure we operate on a copy of the incoming security descriptor.
      s3: vfs_fruit. If the security descriptor was modified, ensure we set the flags correctly to reflect the ACE's left.
      s3: vfs_fruit. Change check_ms_nfs() to remove the virtual ACE's generated by fruit_fget_nt_acl().
      s3: smbd: vfs_fruit: Add remove_virtual_nfs_aces() a generic NFS ACE remover.
      s3: smbd: vfs_fruit: Replace code in check_ms_nfs() with remove_virtual_nfs_aces().
      s3: smbd: vfs_fruit: Replace code in fruit_fget_nt_acl() with remove_virtual_nfs_aces().
      s4: vfs: fruit tests: Add regression test for dealing with NFS ACE entries.
      s3: smbd: Fruit. Make the use of dom_sid_compare_domain() much clearer.
      s3: debug: smb2: Create a new DBGC_SMB2 debug class and mark all smbd/smb2_*.c files with it.
      lib: debug: Add DBGC_XXX versions of the macros to allow class-specific messages.
      s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues.
      s3: docs: Add documentation for "smb2" and "smb2_credits" debug classes.
      s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without delete access.
      s4: torture: Ensure a failed file create doesn't create the file.
      s4: torture: Test all combinations of file create to ensure behavior is the same.
      s4: torture: Test all combinations of file open with existing file to ensure behavior is the same.
      s4: torture: Test all combinations of directory create to ensure behavior is the same.
      s4: torture: Test all combinations of directory open with existing directory to ensure behavior is the same.
      s3: smbd: Fix memory leak in vfswrap_getwd()
      s3: smbd: Unix extensions attempts to change wrong field in fchown call.

Karolin Seeger (8):
      VERSION: Bump version up to 4.7.6...
      WHATSNEW: Add release notes for Samba 4.7.6.
      VERSION: Disable GIT_SNAPSHOT for the 4.7.6 release.
      VERSION: Bump version up to 4.7.7.
      WHATSNEW: Add release notes for Samba 4.7.7.
      VERISON: Bump version up to 4.7.8...
      Revert "VERISON: Bump version up to 4.7.8..."
      WHATSNEW: Fix release date.

Lutz Justen (1):
      s3: lib: messages: Don't use the result of sec_init() before calling sec_init().

Poornima G (1):
      vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async

Ralph Boehme (17):
      CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete
      CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE
      CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values
      CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights()
      CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights()
      CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks
      CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control
      CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights()
      CVE-2018-1057: s4/dsdb: correctly detect password resets
      CVE-2018-1057: s4:dsdb/acl: run password checking only once
      CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control
      CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control
      libcli/security: only announce a session as GUEST if 'Builtin\Guests' is there without 'Authenticated User'
      selftest: run vfs.fruit_netatalk test against seperate share
      selftest: vfs.fruit: add xattr_tdb where possible
      s3:smbd: don't use the directory cache for SMB2/3

Stefan Metzmacher (23):
      Merge tag 'samba-4.7.6' into v4-7-test
      s3:torture: add SMB2-ANONYMOUS which asserts no GUEST bit for anonymous
      s3:selftest: run SMB2-ANONYMOUS
      s3:auth: remove unused auth_serversupplied_info->system
      s3:auth: add the "Unix Groups" sid for the primary gid
      s3:auth: move add_local_groups() out of finalize_local_nt_token()
      s3:passdb: handle dom_sid=NULL in create_builtin_{users,administrators}()
      s3:auth: only call secrets_fetch_domain_sid() once in finalize_local_nt_token()
      s3:auth: add add_builtin_guests() handling to finalize_local_nt_token()
      s3:auth: don't try to expand system or anonymous tokens in finalize_local_nt_token()
      s3:auth: pass AUTH_SESSION_INFO_* flags to finalize_local_nt_token()
      s3:auth: remove static from finalize_local_nt_token()
      auth: add auth_user_info_copy() function
      s3:auth: add auth3_user_info_dc_add_hints() and auth3_session_info_create()
      s3:auth: base make_new_session_info_system() on auth_system_user_info_dc() and auth3_create_session_info()
      s3:auth: pass the whole auth_session_info from copy_session_info_serverinfo_guest() to create_local_token()
      s3:auth: add make_{server,session}_info_anonymous()
      s3:rpc_server: make use of make_session_info_anonymous()
      s3:auth: make use of make_{server,session}_info_anonymous()
      s3:libsmb: allow -U"\\administrator" to work
      s3:cliconnect.c: remove useless ';'
      s4:auth_sam: allow logons with an empty domain name
      s3:smb2_server: correctly maintain request counters for compound requests

Volker Lendecke (8):
      smbd: Fix a typo
      torture4: Fix typos
      smbd: Remove a "!" from an if-condition for easier readability
      smbd: Fix channel sequence number checks for long-running requests
      smbXcli: Add "force_channel_sequence"
      torture: Add test for channel sequence number handling
      dsdb: Fix CID 1034966 Uninitialized scalar variable
      torture: Test compound request request counters


Samba Shared Repository

More information about the samba-cvs mailing list