[SCM] Samba Shared Repository - annotated tag samba-4.14.11 created

Jule Anger janger at samba.org
Wed Dec 15 14:52:44 UTC 2021 

The annotated tag, samba-4.14.11 has been created
        at  8a8cde240a953ac46920742e628cd77b1837459e (tag)
   tagging  ae3229e76d04e79addb2fa03319365a2f7675a82 (commit)
  replaces  samba-4.14.10
 tagged by  Jule Anger
        on  Wed Dec 15 15:52:11 2021 +0100

- Log -----------------------------------------------------------------
samba: tag release samba-4.14.11
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmG6ARsACgkQqplEL7aA
tiAShQ//TZF4iO2dlExzmvgZnqn7XqsiJb6JXBaY5cIxvrdpOy+w61c4Ks3OIbqq
CZsJzqlBbuAkKbzL1TeDkfpWg70TmDNw0Etdt7pny/PD/og7T4AZ2wI5I6SucLb2
cDAxWZ7v/reZ6/7tZH1MgmUvpgU5czcFoeJ1jk06D/96ypOpMgVOnIW0Q64caDN2
1t7LmHb2eBudpO4hHGL0aFEqKHCHtIJVkRhQ2+qBT+aoss00QwKyZDfCgesKu6pj
IpgMFsTraIsYouqCxudpZ/oXQBNWzCJJjONA3d9m6caHpHpCjaSrq+q1nM74QFcp
Zep8hNQDJKLliZwtq8AUX/YzLhjhJiSQ46ak4ryPgozLDf69l+vnCGWNjLVbuhK1
d83nuP99u5oltTD1R9NAviPtT8vEzYt0NECe71OuV/0k+fIiP+j86NqQZChexMr/
+Dq036wtdsSJaPoYsoZ1m47efpQkQE5w0k4bGb0rLjCbWWQIWNi93UB4A8vpdRM1
JOu8Y4GBij8jxaS0414P086RmdM6GWV0KblA0vWEobaAZflD2PD/psnJOrmFImsX
owzjmvbjdiHOzDohzX8i/2vMobeWSimnUMl78YDDiCatDoE//tT6qvutdI7kEZNW
5PaFpuTAhoCheCmL03UvNNdD7M3wWy2lSYAojMAWSP6GplhLx6k=
=pTSX
-----END PGP SIGNATURE-----

Alexander Bokovoy (1):
      IPA DC: add missing checks

Andrew Bartlett (6):
      CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named based lookup fails
      CVE-2021-3670 ldb: Confirm the request has not yet timed out in ldb filter processing
      CVE-2021-3670 ldap_server: Remove duplicate print of LDAP search details
      CVE-2021-3670 dsdb/anr: Do a copy of the potentially anr query before starting to modify it
      CVE-2021-3670 ldap_server: Clearly log LDAP queries and timeouts
      dsdb: Use DSDB_SEARCH_SHOW_EXTENDED_DN when searching for the local replicated object

Jeremy Allison (8):
      s3: smbd: Add two tests showing recursive directory delete of a directory containing veto file and msdfs links over SMB2.
      s3: smbd: Add two tests showing the ability to delete a directory containing a dangling symlink over SMB2 depends on "delete veto files" setting.
      s3: VFS: streams_depot. Allow unlinkat to cope with dangling symlinks.
      s3: VFS: xattr_tdb. Allow unlinkat to cope with dangling symlinks.
      s3: smbd: Fix rmdir_internals() to do an early return if lp_delete_veto_files() is not set.
      s3: smbd: Fix logic in rmdir_internals() to cope with dangling symlinks.
      s3: smbd: Fix logic in can_delete_directory_fsp() to cope with dangling symlinks.
      s3: docs-xml: Clarify the "delete veto files" paramter.

Joseph Sutton (7):
      CVE-2020-25717: tests/krb5: Add method to automatically obtain server credentials
      CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make room for new accounts
      CVE-2020-25717: selftest: turn ad_member_no_nss_wb into ad_member_idmap_nss
      CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to SIDs
      CVE-2021-3670 tests/krb5/test_ldap.py: Add test for LDAP timeouts
      CVE-2021-3670 ldap_server: Set timeout on requests based on MaxQueryDuration
      CVE-2021-3670 ldap_server: Ensure value of MaxQueryDuration is greater than zero

Jule Anger (2):
      WHATSNEW: Add release notes for Samba 4.14.11.
      VERSION: Disable GIT_SNAPSHOT for the 4.14.11 release.

Ralph Boehme (9):
      lib: add NTTIME_THAW
      lib: fix null_nttime() tests
      lib: use NTTIME_FREEZE in a null_nttime() test
      lib: update null_nttime() of -1: -1 is NTTIME_FREEZE
      lib: add a test for null_nttime(NTTIME_THAW)
      torture: add a test for NTTIME_FREEZE and NTTIME_THAW
      lib: handle NTTIME_THAW in nt_time_to_full_timespec()
      CVE-2020-25717: s3-auth: fix MIT Realm regression
      smbd: s3-dsgetdcname: handle num_ips == 0

Stefan Metzmacher (11):
      VERSION: Bump version up to Samba 4.14.11...
      s3:winbindd: fix "allow trusted domains = no" regression
      CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to the configured domain
      s3:smbd: remove dead code from smbd_smb2_request_dispatch()
      libcli/smb: split out smb2cli_raw_tcon* from smb2cli_tcon*
      s4:torture/smb2: add smb2.ioctl.bug14788.VALIDATE_NEGOTIATE
      smb2_server: make sure in_ctl_code = IVAL(body, 0x04); reads valid bytes
      smb2_server: decouple IOCTL check from signing/encryption states
      smb2_server: skip tcon check and chdir_current_service() for FSCTL_VALIDATE_NEGOTIATE_INFO
      smb2_ioctl: return BUFFER_TOO_SMALL in smbd_smb2_request_ioctl_done()
      smb2_server: don't let SMB2_OP_IOCTL force FILE_CLOSED for invalid file ids

-----------------------------------------------------------------------


-- 
Samba Shared Repository

More information about the samba-cvs mailing list