[SCM] Samba Shared Repository - annotated tag samba-4.15.0rc6 created
Jule Anger
janger at samba.org
Thu Sep 9 06:33:24 UTC 2021
The annotated tag, samba-4.15.0rc6 has been created
at 4630cc318db335984b96bc21fbf3fd2cd8810354 (tag)
tagging 30c5a0e60e8b6c4df442ef1ecc872c4b6c599845 (commit)
replaces samba-4.15.0rc5
tagged by Jule Anger
on Thu Sep 9 08:32:11 2021 +0200
- Log -----------------------------------------------------------------
samba: tag release samba-4.15.0rc6
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmE5qmsACgkQqplEL7aA
tiBUZRAAqOjZw0Nqx5wEQJhjYWcNzI323LVwIlGKbW+TfmC6nSjXrlvFfHKc2tKG
2KHKke9xU3owVMM8gAVjDik6OL8uaLTiBcTwBFF3CSOaXe98jX0MvuN1qkvTAki8
Wg7jvMTMT1ILgmZJ5m6t963bTaQ3dgkQEgN3RrCAHyponE1u+xTsfXX1baAYNgWU
nGyyHbtCc6VK7tQC5wSt46wmUyvcYCn5TbxpOkjYt/jqc0yDZxxfgyzLGB7QmpId
F3xqUhNj5FopmGblMUb4IzyH5L29+CxIW27UReQyiba5IiN+W8qsN1Dr7rTZTptV
WT1u0k2r401vDQs/7YWhwTeNCb2E3zdg1AwV2JmBhh40NuPAg2PO9b8FXcAPVNZV
szEYVteVRQM1b8gJJivpALv3BA6fSopQR27eybXSeCWF0/JeXMxmOVvUKWgwtvqy
SvCeNMddAILthfIletxfVeoFNiUgIs0i4MqlfpoGBoK4bXWV+PWCHs2lEHBRmSoR
51jnB2oeJXiRZX0GRRnCVMKys/ccmEAYRkUUg+WUfyB5gGIvXZUsuXSSe3QSsCcA
nEHXGlo2svLf+RNi/F4nKsUgUdU+muyWCBscrjAFZJqNsZaaAzs0PfpNEWQid44/
nuDUzKygwPdeAk5pFIFXSEs0l4p+wBnUteHVFMfjSlyY/2BWsZE=
=mQYI
-----END PGP SIGNATURE-----
Andreas Schneider (10):
bootstrap: Install krb5-workstation on Fedora based distros
python:waf: Correctly check for python-dateutil
bootstrap: Install python3-dateutil instead of python3-iso8601 on RPM distros
selftest: Re-format long lines in selftesthelpers.py
selftest: Add support for setting ENV variables in plansmbtorture4testsuite()
selftest: Add support for setting ENV variables in plantestsuite()
mit-samba: Define debug class for kdb module
mit-samba: Send the logging to the kdc log facility
mit-samba: Use talloc_get_type_abort() instead of casting
mit-samba: Only set the function opening bracket once
Andrew Bartlett (22):
samba-tool domain backup offline: Use passed in samdb when backing up sam.ldb
samba-tool: Rework transations/locks to hold a lock during mdb backup
samba-tool domain backup: Use tdbbackup on metadata.tdb
autobuild.py: Explain why each job is removed from the default set
gitlab-ci/autobuild: Add new build confirming behaviour on older MIT Kerberos
gitlab-ci: Move MIT builds to current Fedora so we can test against a current MIT KDC
autobuild.py: Do not build MIT builds by default (eg sn-devel)
build: Move minimum MIT krb5 version to 1.19 to align with what is tested
mit-kdc: Remove build time support for KDB_API < 10
bootstrap: Update to get newer krb5 on Fedora 34
bootstrap: SAMBA_CI_CONTAINER_TAG is now in .gitlab-ci-main.yml
Update common on currently supported Fedora versions
tests/krb5: Remove harmful and a-typical return in as_req testcase
tests/krb5: Allow KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN for a missing sname
WHATSNEW: Update for KDC crash fixes
WHATSNEW: Update with samba-tool domain backup offline fix
selftest: Split up targets for samba_tool_drs from samba_tool_drs_showrepl
selftest: Only run samba_tool_drs_showrepl test once
dsdb: Be careful to avoid use of the expensive talloc_is_parent()
selftest: Add a test for LookupSids3 and LookupNames4 in python
s4-lsa: Cache sam.ldb handle in lsa_LookupSids3/LookupNames4
selftest: Add prefix to new schema attributes to avoid flapping dsdb_schema_attributes
Gary Lockyer (1):
initial FAST tests
Joseph Sutton (81):
pygensec: Fix memory leaks
pygensec: Don't modify Python bytes objects
tests/krb5: Fix ms_kile_client_principal_lookup_test errors
tests/krb5: Fix comment typo
tests/krb5: Fix method name typo
tests/krb5: formatting
tests/krb5: Remove unneeded statements
tests/krb5: Use more compact dict lookup
tests/krb5: Simplify Python syntax
tests/krb5: Remove magic constants
tests/krb5: Fix including enc-authorization-data
tests/krb5: Fix callback_dict parameter
tests/krb5: Fix encpart_decryption_key with MIT KDC
tests/krb5: Expect e-data except when the error code is KDC_ERR_GENERIC
tests/krb5: Check Kerberos protocol version number
tests/krb5: Use credentials kvno when creating password key
tests/krb5: Allow cf2 to automatically use the enctype of the first key
tests/krb5: Refactor get_pa_data()
tests/krb5: Add get_enc_timestamp_pa_data_from_key()
tests/krb5: Add method to return dict containing padata elements
tests/krb5: Make _test_as_exchange() return value more consistent
tests/krb5: Add get_EpochFromKerberosTime()
tests/krb5: Use encryption with admin credentials
tests/krb5: Allow specifying additional details when creating an account
tests/krb5: Add more methods for obtaining machine and service credentials
tests/krb5: Add method to calculate account salt
tests/krb5: Add check_reply() method to check for AS or TGS reply
tests/krb5: Always specify expected error code
tests/krb5: Include kdc_options in kdc_exchange_dict
tests/krb5: Only allow specifying one of check_rep_fn and check_error_fn
tests/krb5: Ensure in assertElementPresent() that container elements are not empty
tests/krb5: Assert that more variables are not None
tests/krb5: Check version number of obtained ticket
tests/krb5: Make checking less strict
tests/krb5: Check nonce in EncKDCRepPart
tests/krb5: Add generate_ap_req() method
tests/krb5: Ensure generated padata is not None
tests/krb5: Generate AP-REQ for TGS request in _generic_kdc_exchange()
tests/krb5: Add more ASN1 definitions for FAST
tests/krb5: Add more methods to create ASN1 objects for FAST
tests/krb5: Add method to generate FAST encrypted challenge padata
tests/krb5: Add methods to calculate keys for FAST
tests/krb5: Rename generic_check_as_error() to generic_check_kdc_error()
tests/krb5: Include authenticator_subkey in AS-REQ exchange dict
tests/krb5: Modify generate_ap_req() to also generate FAST armor AP-REQ
tests/krb5: Add FAST armor generation to _generic_kdc_exchange()
tests/krb5: Allow specifying parameters specific to the outer request body
tests/krb5: Add method to check PA-FX-FAST-REPLY
tests/krb5: Add method to verify ticket checksum for FAST
tests/krb5: Check FAST response
tests/krb5: Add functions to get dicts of request padata
tests/krb5: Add methods to determine whether elements were included in the request
tests/krb5: Check encrypted-pa-data
tests/krb5: Add expected_cname_private parameter to kdc_exchange_dict
tests/krb5: Include authdata in kdc_exchange_dict
tests/krb5: Add generate_simple_fast() method to generate FX-FAST padata
tests/krb5: Add check_rep_padata() method to check padata in reply
tests/krb5: Don't expect RC4 in ETYPE-INFO2 for a non-error reply
tests/krb5: Remove unused variables
tests/krb5: Add get_krbtgt_sname() method
tests/krb5: Check sname is krbtgt for FAST generic error
tests/krb5: Check reply FAST padata if request included FAST
tests/krb5: Adjust reply padata checking depending on whether FAST was sent
tests/krb5: Check PADATA-ENCRYPTED-CHALLENGE in reply
tests/krb5: Check PADATA-FX-COOKIE in reply
tests/krb5: Make check_rep_padata() also work for checking TGS replies
tests/krb5: Make generic_check_kdc_error() also work for checking TGS replies
tests/krb5: Check PADATA-PAC-OPTIONS in reply
tests/krb5: Allow generic_check_kdc_error() to check inner FAST errors
tests/krb5: Check PADATA-FX-ERROR in reply
tests/krb5: Add FAST tests
tests/krb5: Make e-data checking less strict
tests/krb5: Make cname checking less strict
tests/krb5: Add test for sending PA-ENCRYPTED-CHALLENGE without FAST
CVE-2021-3671 tests/krb5: Add tests for omitting sname in outer request
tests/krb5: Check e-data element for TGS-REP errors without FAST
tests/krb5: Check PADATA-PW-SALT element in e-data
tests/krb5: Add tests for omitting sname in request
tests/krb5: Allow specifying parameters specific to the inner FAST request body
tests/krb5: Add tests for omitting sname in inner request
tests/krb5: Allow expected_error_mode to be a container type
Jule Anger (3):
VERSION: Bump version up to Samba 4.15.0rc6...
WHATSNEW: Add release notes for Samba 4.15.0rc6.
VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc6 release.
Luke Howard (2):
CVE-2021-3671 HEIMDAL kdc: validate sname in TGS-REQ
kdc: KRB5KDC_ERR_{C,S}_PRINCIPAL_UNKNOWN if missing field
-----------------------------------------------------------------------
--
Samba Shared Repository
More information about the samba-cvs
mailing list