[SCM] Samba Shared Repository - annotated tag samba-4.10.9 created

Karolin Seeger kseeger at samba.org
Thu Oct 17 10:26:11 UTC 2019

The annotated tag, samba-4.10.9 has been created
        at  aec6286ad2a278853edf3b2503fafce01041b14b (tag)
   tagging  a1cdfe58b7009e9d9a7b542238566daf818d91c3 (commit)
  replaces  ldb-1.5.6
 tagged by  Karolin Seeger
        on  Thu Oct 17 12:25:42 2019 +0200

- Log -----------------------------------------------------------------
samba: tag release samba-4.10.9


Aaron Haslett (1):
      undoguidx: blackbox test

Amitay Isaacs (1):
      ctdb-vacuum: Process all records not deleted on a remote node

Andreas Schneider (21):
      s3:waf: Do not check for nanosleep() as we don't use it anywhere
      replace: Only link against librt if really needed
      pthreadpool: Only link pthreadpool against librt if we have to
      third_party: Only link cmocka against librt if really needed
      third_party: Link nss_wrapper against pthread
      third_party: Link uid_wrapper against pthread
      waf:replace: Do not link against libpthread if not necessary
      testprogs: Fix failure count in test_net_ads.sh
      s3:libads: Use ldap_add_ext_s() in ads_gen_add()
      s3:libnet: Require sealed LDAP SASL connections for joining
      s3:libads: Cleanup error code paths in ads_create_machine_acct()
      s3:libads: Use a talloc_asprintf in ads_find_machine_acct()
      s3:libads: Fix detection if acount already exists in ads_find_machine_count()
      s3:libads: Don't set supported encryption types during account creation
      s3:libads: Fix creating machine account using LDAP
      s3:libnet: Improve debug messages
      s3:libads: Just change the machine password if account already exists
      testprogs: Add test for 'net ads join createcomputer='
      s3:libsmb: Do not check the SPNEGO neg token for KRB5
      lib:krb5_wrap: Do not create a temporary file for MEMORY keytabs
      s3:libads: Do not turn on canonicalization flag for MIT Kerberos

Andrew Bartlett (3):
      sambaundoguididx: Add flags=ldb.FLG_DONT_CREATE_DB and port to Python3
      sambaundoguididx: fix for -s
      undoduididx: Add "or later" to warning about using tools from Samba 4.8

Anoop C S (1):
      vfs_glusterfs: Enable profiling for file system operations

Björn Jacke (2):
      classicupgrade: fix a a bytes-like object is required, not 'str' error
      fault.c: improve fault_report message text pointing to our wiki

Bryan Mason (1):
      s3:client:Use DEVICE_URI, instead of argv[0],for Device URI

Christof Schmitt (1):
      selftest: Test ID_TYPE_BOTH with idmap_rid module

Douglas Bagnall (1):
      s4/scripting: MORE py3 compatible print functions

Evgeny Sinelnikov (1):
      s3:ldap: Fix join with don't exists machine account

Günther Deschner (1):
      s3-winbindd: fix forest trusts with additional trust attributes.

Isaac Boukris (8):
      nsswitch: Link stress-nss-libwbclient against pthread
      s3:libsmb: Link libsmb against pthread
      spnego: ignore server mech_types list
      selftest: s3: add a test for spnego downgrade from krb5 to ntlm
      spnego: add client option to omit sending an optimistic token
      selftest: add tests for no optimistic spnego exchange
      python/tests/gensec: add spnego downgrade python tests
      spnego: fix server handling of no optimistic exchange

Jeremy Allison (7):
      CVE-2019-10197: smbd: separate out impersonation debug info into a new function.
      s3: libsmbclient: Ensure SMBC_readdir_ctx() also updates the readdirplus pointers.
      s3: libsmbclient: Ensure SMBC_readdirplus_ctx() also updates the readdir pointers.
      s3: libsmbclient: Ensure SMBC_getdents_ctx() also updates the readdirplus pointers.
      s3: libsmbclient: Fix smbc_lseekdir() to work with smbc_readdirplus().
      s3/4: libsmbclient test. Test using smbc_telldir/smbc_lseekdir with smbc_readdir/smbc_readdirplus/smbc_getdents.
      s3: smbclient: Stop an SMB2-connection from blundering into SMB1-specific calls.

Karolin Seeger (7):
      VERSION: Bump version up to 4.10.8...
      WHATSNEW: Add release notes for Samba 4.10.8.
      VERSION: Disable GIT_SNAPSHOT for the 4.10.8 release.
      Merge tag 'samba-4.10.8' into v4-10-test
      VERSION: Bump version up to 4.10.9.
      WHATSNEW: Add release notes for Samba 4.10.9.
      VERSION: Disable GIT_SNAPSHOT for the 4.9.10 release.

Martin Schwenke (22):
      ctdb-daemon: Replace function ctdb_ip_to_nodeid() with ctdb_ip_to_pnn()
      ctdb-daemon: Add function ctdb_ip_to_node()
      ctdb-tcp: Rename fd -> out_fd
      ctdb-tcp: Move incoming fd and queue into struct ctdb_tcp_node
      ctdb-tcp: Use TALLOC_FREE()
      ctdb-tcp: Create outbound queue when the connection becomes writable
      ctdb-tcp: Only mark a node connected if both directions are up
      ctdb-tcp: Mark node as disconnected if incoming connection goes away
      ctdb-daemon: Factor out new function ctdb_node_become_inactive()
      ctdb-daemon: Switch banning code to use ctdb_node_become_inactive()
      ctdb-daemon: Drop unused function ctdb_local_node_got_banned()
      ctdb-daemon: Make node inactive in the NODE_STOP control
      ctdb-tests: Reformat node_has_status()
      ctdb-tests: Drop unused node statuses frozen/unfrozen
      ctdb-tests: Inline handling of recovered and notlmaster statuses
      ctdb-tests: Handle special cases first and return
      ctdb-tests: Don't retrieve the VNN map from target node for notlmaster
      ctdb-recoverd: Only check for LMASTER nodes in the VNN map
      ctdb-tests: Strengthen volatile DB traverse test
      ctdb-tests: Clear deleted record via recovery instead of vacuuming
      ctdb-recoverd: Fix typo in previous fix
      ctdb-tools: Stop deleted nodes from influencing ctdb nodestatus exit code

Michael Adam (1):
      winbind: provide passwd struct for group sid with ID_TYPE_BOTH mapping (again)

Noel Power (1):
      s3/libads: clang: Fix Value stored to 'canon_princ' is never read

Poornima G (1):
      vfs_glusterfs: Use pthreadpool for scheduling aio operations

Ralph Boehme (1):
      ctdb: fix compilation on systems with glibc robust mutexes

Stefan Metzmacher (27):
      CVE-2019-10197: smbd: make sure that change_to_user_internal() always resets current_user.done_chdir
      CVE-2019-10197: smbd: make sure we reset current_user.{need,done}_chdir in become_root()
      CVE-2019-10197: selftest: make fsrvp_share its own independent subdirectory
      CVE-2019-10197: test_smbclient_s3.sh: add regression test for the no permission on share root problem
      CVE-2019-10197: smbd: split change_to_user_impersonate() out of change_to_user_internal()
      libcli/smb: add new COMPRESSION and NETNAME negotiate context ids
      libcli/smb: send SMB2_NETNAME_NEGOTIATE_CONTEXT_ID
      s4:auth: use the correct client realm in gensec_gssapi_update_internal()
      s3:libads: let kerberos_kinit_password_ext() return the canonicalized principal/realm
      s3:libsmb: avoid wrong debug message in cli_session_creds_prepare_krb5()
      s3:libsmb: let cli_session_creds_prepare_krb5() update the canonicalized principal to cli_credentials
      s3:libads/kerberos: always use the canonicalized principal after kinit
      krb5_wrap: smb_krb5_kinit_password_ccache() should always use the canonicalized principal
      s4:auth: kinit_to_ccache() should always use the canonicalized principal
      s3:libads: ads_krb5_chg_password() should always use the canonicalized principal
      krb5_wrap: let smb_krb5_parse_name() accept enterprise principals
      docs-xml: add "winbind use krb5 enterprise principals" option
      s3:winbindd: implement the "winbind use krb5 enterprise principals" logic
      tests/pam_winbind.py: turn pypamtest.PamTestError into a failure
      tests/pam_winbind.py: allow upn names to be used in USERNAME with an empty DOMAIN value
      test_pam_winbind.sh: allow different pam_winbindd config options to be specified
      selftest/tests.py: prepare looping over pam_winbindd tests
      selftest/tests.py: test pam_winbind with krb5_auth
      selftest/tests.py: test pam_winbind with a lot of username variations
      selftest/Samba3.pm: use "winbind scan trusted domains = no" for ad_member
      selftest/Samba3.pm: use "winbind use krb5 enterprise principals = yes" for ad_member
      python/tests/gensec: make it possible to add knownfail tests for gensec.update()


Samba Shared Repository

More information about the samba-cvs mailing list