[SCM] Samba Shared Repository - annotated tag samba-4.14.8 created
Jule Anger
janger at samba.org
Tue Oct 5 13:17:54 UTC 2021
The annotated tag, samba-4.14.8 has been created
at b88740df312f4fcbd650dcb950ce61b4095170b7 (tag)
tagging d1c9330fa69ba6942ab23843e21acc11767d54ee (commit)
replaces samba-4.14.7
tagged by Jule Anger
on Tue Oct 5 15:17:24 2021 +0200
- Log -----------------------------------------------------------------
samba: tag release samba-4.14.8
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmFcUGQACgkQqplEL7aA
tiA5TBAAhl4lBzgwUpjwOHxyXfJMmylJX5rN7sht/Xsy3OCo8CKFTWOo6peqcJk/
klumM4JjT7h24ptfOEQVEebvDujQ23b718YGnRJ0gZnYf0sitr3dRLULRL/qNwyF
omW63gWjcs/xsNhBO7Hucp7ZUyWeJx0ZYZSbjQ+ZZvU7q4nmRxENMdK/gQpsdWjj
diz/rYG2iLgwYQ7p42ScnSRGlSdCIaKtLcMbXXf8unIF4yfj+ePcxJCKrvucwZmf
349QIkUFboRswNTSfth+PoIlgHDLpOeqCop1tWA1hpU3H7t1pen3t8MyV4fjuiqU
QhzSypg+mdhHGYgRVHGFt1mTrM3v5dNssx6hqx/KuKCDAB25dCFywhd8GuH3dIue
kNI59G/uVishLhL0bFZg70nQL6pvCmZZ+ObJ+SDOfL1WaNwUQYfy/i8RwOm1AvVo
/rNk9pHbmxfQBWaq1NbI+X2mhTFDg/mmglfw7XbMEuOYWyeCdb3NaiKNAwMLayxh
iXpKYCaZavIoEg/dOWez7lBuvdUeDWso7ySsBkvjkkvP0dZ5J+dmXAIGodLTPcn7
mMFXocHvUoWxegeatOd1Do3irHZimd32b2ua4Z9yvG4q/5noD74vuuktDLVJEZaI
YC1//IRHrQjkIcD9m3zKdVtVNVJX+VuMSeqUmuwPB4KyJ3jiGWc=
=Hp4n
-----END PGP SIGNATURE-----
Andreas Schneider (3):
selftest: Re-format long lines in selftesthelpers.py
selftest: Add support for setting ENV variables in plansmbtorture4testsuite()
selftest: Add support for setting ENV variables in plantestsuite()
Andrew Bartlett (12):
selftest: Split up targets for samba_tool_drs from samba_tool_drs_showrepl
selftest: Only run samba_tool_drs_showrepl test once
dsdb: Be careful to avoid use of the expensive talloc_is_parent()
selftest: Add a test for LookupSids3 and LookupNames4 in python
s4-lsa: Cache sam.ldb handle in lsa_LookupSids3/LookupNames4
selftest: Add prefix to new schema attributes to avoid flapping dsdb_schema_attributes
selftest: add space after --list in output of selftesthelpers.py
selftest: Remove knownfail for no_etypes FAST tests
tests/krb5: Remove harmful and a-typical return in as_req testcase
tests/krb5: Allow KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN for a missing sname
autobuild: allow AUTOBUILD_FAIL_IMMEDIATELY=0 (say from a gitlab variable)
samldb: Address birthday paradox adding an RODC
Gary Lockyer (2):
tests python krb5: MS-KILE client principal look-up
initial FAST tests
Jeremy Allison (6):
s3: smbd: Ensure all returns from OpenDir() correctly set errno.
s3: smbd: Fix smbd crash on dangling symlink with posix connection calling several non-posix info levels.
s3: mdssvc: Correctly disconnect the VFS connection inside the mds_ctx destructor.
s3: smbd: In create_conn_struct_cwd(), don't TALLOC_FREE() an unallocated pointer on error.
s3: smbd: Add fifo test for the DISABLE_OPATH case.
s3: smbd: Fix openat_pathref_fsp() to cope with FIFO's in the filesystem.
Joseph Sutton (123):
auth:creds: Remove unused variable
auth:creds: Fix parameter in creds.set_named_ccache()
pygensec: Fix method documentation
Revert "s4-test: fixed ndrdump test for top level build"
krb5ccache.idl: Add definition for a Kerberos credentials cache
librpc: Test parsing a Kerberos 5 credentials cache with ndrdump
krb5: Add Python functions to create a credentials cache containing a service ticket
python: Add credentials cache test
python: Add LDAP credentials cache test
python: Add RPC credentials cache test
Revert "libsmb: Use sid_parse()"
libsmb: Remove overflow check
libsmb: Avoid undefined behaviour when parsing whoami state
libsmb: Check to see that whoami is not receiving more data than it requested
libsmb: Ensure that whoami parses all the data provided to it
pylibsmb: Add posix_whoami()
python: Add SMB credentials cache test
python: Ensure reference counts are properly incremented
python: Fix erroneous increments of reference counts
python: Fix ticket timestamp conversion when local timezone is not UTC
python: Make credentials cache test run against Windows
tests/krb5/kdc_base_test.py: Defer account deletion until tearDownClass() is called
tests/krb5/raw_testcase.py: Add get_admin_creds()
tests/krb5/kdc_base_test.py: Create database connection only when needed
tests/krb5/kdc_base_test.py: Remove 'credentials' class attribute
tests/krb5/kdc_base_test.py: Create loadparm only when needed
tests/krb5/kdc_base_test.py: Add methods to determine supported encryption types
tests/krb5/raw_testcase.py: Add method to obtain Kerberos keys over DRS
tests/krb5/raw_testcase.py: Make env_get_var() a standalone method
tests/krb5/raw_testcase.py: Add allow_missing_keys parameter for getting creds
tests/krb5/raw_testcase.py: Cache obtained credentials
tests/krb5/raw_testcase.py: Allow specifying a fallback credentials function
tests/krb5/raw_testcase.py: Simplify conditionals
tests/krb5/kdc_base_test.py: Add fallback methods to obtain client and krbtgt credentials
tests/krb5/as_req_tests.py: Automatically obtain credentials
tests/krb5/as_req_tests.py: Check the client kvno
tests/krb5/raw_testcase.py: Check for an explicit 'unspecified kvno' value
tests/krb5: Deduplicate 'host' attribute initialisation
tests/krb5/as_canonicalization_tests.py: Refactor account creation
tests/krb5: Use admin creds for SamDB rather than user creds
s4:torture/krb5/kdc-heimdal: Automatically determine AS-REP enctype to check against
pygensec: Fix memory leaks
pygensec: Don't modify Python bytes objects
tests/krb5: Fix ms_kile_client_principal_lookup_test errors
tests/krb5: Fix comment typo
tests/krb5: Fix method name typo
tests/krb5: formatting
tests/krb5: Remove unneeded statements
tests/krb5: Use more compact dict lookup
tests/krb5: Simplify Python syntax
tests/krb5: Remove magic constants
tests/krb5: Fix including enc-authorization-data
tests/krb5: Fix callback_dict parameter
tests/krb5: Fix encpart_decryption_key with MIT KDC
tests/krb5: Expect e-data except when the error code is KDC_ERR_GENERIC
tests/krb5: Check Kerberos protocol version number
tests/krb5: Use credentials kvno when creating password key
tests/krb5: Allow cf2 to automatically use the enctype of the first key
tests/krb5: Refactor get_pa_data()
tests/krb5: Add get_enc_timestamp_pa_data_from_key()
tests/krb5: Add method to return dict containing padata elements
tests/krb5: Make _test_as_exchange() return value more consistent
tests/krb5: Add get_EpochFromKerberosTime()
tests/krb5: Use encryption with admin credentials
tests/krb5: Allow specifying additional details when creating an account
tests/krb5: Add more methods for obtaining machine and service credentials
tests/krb5: Add method to calculate account salt
tests/krb5: Add check_reply() method to check for AS or TGS reply
tests/krb5: Always specify expected error code
tests/krb5: Include kdc_options in kdc_exchange_dict
tests/krb5: Only allow specifying one of check_rep_fn and check_error_fn
tests/krb5: Ensure in assertElementPresent() that container elements are not empty
tests/krb5: Assert that more variables are not None
tests/krb5: Check version number of obtained ticket
tests/krb5: Make checking less strict
tests/krb5: Check nonce in EncKDCRepPart
tests/krb5: Add generate_ap_req() method
tests/krb5: Ensure generated padata is not None
tests/krb5: Generate AP-REQ for TGS request in _generic_kdc_exchange()
tests/krb5: Add more ASN1 definitions for FAST
tests/krb5: Add more methods to create ASN1 objects for FAST
tests/krb5: Add method to generate FAST encrypted challenge padata
tests/krb5: Add methods to calculate keys for FAST
tests/krb5: Rename generic_check_as_error() to generic_check_kdc_error()
tests/krb5: Include authenticator_subkey in AS-REQ exchange dict
tests/krb5: Modify generate_ap_req() to also generate FAST armor AP-REQ
tests/krb5: Add FAST armor generation to _generic_kdc_exchange()
tests/krb5: Allow specifying parameters specific to the outer request body
tests/krb5: Add method to check PA-FX-FAST-REPLY
tests/krb5: Add method to verify ticket checksum for FAST
tests/krb5: Check FAST response
tests/krb5: Add functions to get dicts of request padata
tests/krb5: Add methods to determine whether elements were included in the request
tests/krb5: Check encrypted-pa-data
tests/krb5: Add expected_cname_private parameter to kdc_exchange_dict
tests/krb5: Include authdata in kdc_exchange_dict
tests/krb5: Add generate_simple_fast() method to generate FX-FAST padata
tests/krb5: Add check_rep_padata() method to check padata in reply
tests/krb5: Don't expect RC4 in ETYPE-INFO2 for a non-error reply
tests/krb5: Remove unused variables
tests/krb5: Add get_krbtgt_sname() method
tests/krb5: Check sname is krbtgt for FAST generic error
tests/krb5: Check reply FAST padata if request included FAST
tests/krb5: Adjust reply padata checking depending on whether FAST was sent
tests/krb5: Check PADATA-ENCRYPTED-CHALLENGE in reply
tests/krb5: Check PADATA-FX-COOKIE in reply
tests/krb5: Make check_rep_padata() also work for checking TGS replies
tests/krb5: Make generic_check_kdc_error() also work for checking TGS replies
tests/krb5: Check PADATA-PAC-OPTIONS in reply
tests/krb5: Allow generic_check_kdc_error() to check inner FAST errors
tests/krb5: Check PADATA-FX-ERROR in reply
tests/krb5: Add FAST tests
tests/krb5: Make e-data checking less strict
tests/krb5: Make cname checking less strict
CVE-2021-3671 tests/krb5: Add tests for omitting sname in outer request
tests/krb5: Check e-data element for TGS-REP errors without FAST
tests/krb5: Check PADATA-PW-SALT element in e-data
tests/krb5: Add tests for omitting sname in request
tests/krb5: Allow specifying parameters specific to the inner FAST request body
tests/krb5: Allow expected_error_mode to be a container type
pytest:segfault: Add test for ldb.msg_diff()
ldb_msg: Don't fail in ldb_msg_copy() if source DN is NULL
pyldb: Avoid use-after-free in msg_diff()
Jule Anger (3):
VERSION: Bump version up to 4.14.8...
WHATSNEW: Add release notes for Samba 4.14.8.
VERSION: Disable GIT_SNAPSHOT for the 4.14.8 release.
Luke Howard (2):
CVE-2021-3671 HEIMDAL kdc: validate sname in TGS-REQ
kdc: KRB5KDC_ERR_{C,S}_PRINCIPAL_UNKNOWN if missing field
Martin Schwenke (19):
ctdb-recoverd: Add a helper variable
ctdb-recoverd: Update the local node map before pushing out flags
ctdb-recoverd: Push flags for a node if any remote node disagrees
ctdb-protocol: Add new controls to disable and enable nodes
ctdb-protocol: Add marshalling for controls DISABLE_NODE/ENABLE_NODE
ctdb-daemon: Add a helper variable
ctdb-daemon: Factor out a function to get node structure from PNN
ctdb-daemon: Start as disabled means PERMANENTLY_DISABLED
ctdb_daemon: Implement controls DISABLE_NODE/ENABLE_NODE
ctdb-client: Add client code for disable/enable controls
ctdb-tools: Use disable and enable controls in tool
ctdb-daemon: Correct the condition for logging unchanged flags
ctdb-daemon: Update logging for flag changes
ctdb-daemon: Modernise remaining debug macro in this function
ctdb-daemon: Don't bother sending CTDB_SRVID_SET_NODE_FLAGS
ctdb-recoverd: Mark CTDB_SRVID_SET_NODE_FLAGS obsolete
ctdb-daemon: Simplify ctdb_control_modflags()
ctdb-daemon: Ignore flag changes for disconnected nodes
ctdb-daemon: Don't mark a node as unhealthy when connecting to it
Ralph Boehme (13):
selftest: add a test for the "deadtime" parameter
s3/rpc_server: track the number of policy handles with a talloc destructor
s3/lib/dbwrap: check if global_messaging_context() succeeded
registry: check for running as root in clustering mode
vfs_gpfs: call SMB_VFS_NEXT_CONNECT() before running some module initialization code
vfs_gpfs: make vfs_gpfs_connect() a no-op on IPC shares
vfs_gpfs: check for O_PATH support in gpfswrap_fstat_x()
vfs_gpfs: add path based fallback for gpfswrap_fstat_x() on pathref handles
vfs_gpfs: remove ENOSYS fallback from vfs_gpfs_fset_dos_attributes()
vfs_gpfs: add sys_proc_fd_path() fallback to vfs_gpfs_fset_dos_attributes()
winbindd: call wb_parent_idmap_setup_send() in wb_queryuser_send()
winbind: ensure wb_parent_idmap_setup_send() gets called in winbindd_allocate_uid_send()
vfs_btrfs: fix btrfs_fget_compression()
Stefan Metzmacher (17):
vfs_gpfs: don't check for struct gpfs_config_data in vfs_gpfs_[l]stat()
auth/credentials: allow credentials.Credentials to act as base class
Rename python/samba/tests/krb5/{rfc4120_pyasn1_regen.sh => pyasn1_regen.sh}
tests/krb5/rfc4120.asn1: Improve definitions to allow expanded testing
tests/krb5/raw_testcase.py: Add get_{client,server,krbtgt}_creds()
tests/krb5/raw_testcase.py: introduce STRICT_CHECKING=0 in order to relax the checks in future
tests/krb5/raw_testcase.py: add assertElement*()
tests/krb5/raw_testcase.py: Allow prettyPrint of more RFC-defined values
tests/krb5/raw_testcase.py: Allow prettyPrint of more MS-KILE-defined values
tests/krb5/raw_testcase.py: split KDC_REQ_BODY_create() from KDC_REQ_create()
tests/krb5/raw_testcase.py: add KERB_PA_PAC_REQUEST_create()
tests/krb5/raw_testcase.py: add methods to iterate over etype permutations
tests/krb5/raw_testcase.py: Add TicketDecryptionKey_from_creds()
tests/krb5/raw_testcase.py: introduce a _generic_kdc_exchange() infrastructure
tests/krb5/as_req_tests.py: add new tests to cover more of the AS-REQ protocol
selftest: run new as_req_tests against fl2008r2dc and fl2003dc
tests/krb5/as_req_tests.py: add simple test_as_req_enc_timestamp test
Volker Lendecke (1):
librpc: Add py_descriptor_richcmp() equality function
-----------------------------------------------------------------------
--
Samba Shared Repository
More information about the samba-cvs
mailing list