[SCM] Samba Shared Repository - annotated tag samba-4.14.13 created

Jule Anger janger at samba.org
Mon Apr 4 12:48:39 UTC 2022

The annotated tag, samba-4.14.13 has been created
        at  27559685f2f44c0575cee1fdcc22ee7da3814177 (tag)
   tagging  744c4b0cc6955aab275da3f8cacee3d89d82d455 (commit)
  replaces  ldb-2.3.3
 tagged by  Jule Anger
        on  Mon Apr 4 14:48:16 2022 +0200

- Log -----------------------------------------------------------------
samba: tag release samba-4.14.13


Andreas Schneider (1):
      builtools: Make abi_gen.sh less prone to errors

Andrew Bartlett (1):
      WHATSNEW: Mention our matrix room as well

Björn Jacke (2):
      readlink test: inverse return code
      waf: re-add missing readlink test

Douglas Bagnall (2):
      pytest:auth_log: expect TLS connections when using ldaps
      s4/auth/simple_bind: correctly report TLS state

Elia Geretto (1):
      s3:libsmb: Fix errno for failed authentication in SMBC_server_internal()

Garming Sam (1):
      rodc: Add tests for simple BIND alongside NTLMSSP binds

Jeremy Allison (13):
      s4: test: Add samba4.libsmbclient.rename test. Currently fails for SMB3.
      lib: libsmbclient: Ensure cli_rename() always sets cli->raw_status.
      s3: tests: Add a new test test_msdfs_hardlink() that does simple hardlinks on MSDFS root shares.
      s3: tests: Add a new test test_msdfs_rename() that does simple renames on MSDFS root shares.
      s3: libsmb: Add cli_dfs_target_check() function.
      s3: libsmb: Call cli_dfs_target_check() from cli_smb2_hardlink_send().
      s3: libsmb: Call cli_dfs_target_check() from cli_ntrename_internal_send().
      s3: libsmb: Call cli_dfs_target_check() from cli_smb1_rename_send().
      s3: libsmb: Call cli_dfs_target_check() from cli_cifs_rename_send().
      s3: libsmb: Call cli_dfs_target_check() from cli_smb2_rename_send().
      s4: torture: Add new SMB2 lease test test_lease_duplicate_create().
      s4: torture: Add new SMB2 lease test test_lease_duplicate_open().
      s3: smbd: Fix our leases code to return the correct error in the non-dynamic share case.

Joseph Sutton (3):
      CVE-2022-0336: pytest: Add a test for an SPN conflict with a re-added SPN
      CVE-2022-0336: s4/dsdb/samldb: Don't return early when an SPN is re-added to an object
      provision: Decrease the length of random machine passwords

Jule Anger (6):
      WHATSNEW: Add release notes for Samba 4.14.12.
      VERSION: Disable GIT_SNAPSHOT for the 4.14.12 release.
      Merge tag 'samba-4.14.12' into v4-14-test
      VERSION: Bump version up to Samba 4.14.13...
      WHATSNEW: Add release notes for Samba 4.14.13.
      VERSION: Disable GIT_SNAPSHOT for the 4.14.13 release.

Pavel Filipenský (5):
      s3:modules: Implement dummy virus scanner that uses filename matching
      docs-xml:manpages: Document 'dummy' virusfilter and 'virusfilter:infected files'
      selftest: Fix trailing whitespace in Samba3.pm
      s3:selftest: Add test for virus scanner
      s3:modules: Fix virusfilter_vfs_openat

Ralph Boehme (7):
      CVE-2021-44142: libadouble: add defines for icon lengths
      CVE-2021-44142: smbd: add Netatalk xattr used by vfs_fruit to the list of private Samba xattrs
      CVE-2021-44142: libadouble: harden ad_unpack_xattrs()
      CVE-2021-44142: libadouble: add basic cmocka tests
      CVE-2021-44142: libadouble: harden parsing code
      s3/libads: simplify storing existing ads->ldap.ss
      s3/libads: ensure a sockaddr variable is correctly zero initialized

Samuel Cabrero (6):
      s3:libads: Fix memory leak in kerberos_return_pac() error path
      lib:krb5_wrap: Improve debug message and use newer debug macro
      lib:krb5_wrap: Fix wrong debug message and use newer debug macro
      s3:libads: Return canonical principal and realm from kerberos_return_pac()
      s3:winbind: Store canonical principal and realm in ccache entry
      s3:winbind: Use the canonical principal name to renew the credentials

Stefan Metzmacher (50):
      s4:torture/rpc: test how CSDVersion="" wipes operatingSystemServicePack
      s4:rpc_server/netlogon: let CSDVersion="" wipe operatingSystemServicePack
      s4:dsdb/paged_results: fix segfault in paged_results()
      s4:dsdb/vlv_pagination: fix segfault in vlv_results()
      dcesrv_core: wrap gensec_*() calls in [un]become_root() calls
      lib/util: split out a dump_data_block16() helper
      blackbox.ndrdump: adjust example files to changed dump_data() output.
      lib/util: add dump_data_diff*() helpers
      ndrdump: make use of dump_data_file_diff() in order to show differences
      blackbox.ndrdump: adjust example files to the usage of dump_data_diff output.
      s4:torture/ndr: demonstrate the ndr_push_string(STR_NOTERM|REMAINING) of "" is wrong
      librpc/ndr: let ndr_push_string() let s_len == 0 result in d_len = 0
      blackbox.ndrdump: fix test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE test
      selftest/quick: add smb2.session
      libcli/smb: fix error checking in smb2_signing_decrypt_pdu() invalid ptext_len
      libcli/smb: let smb2_signing_decrypt_pdu() cope with gnutls_aead_cipher_decrypt() ptext_len bug
      s4:sam: Don't use talloc_steal for msg attributes in authsam_make_user_info_dc()
      provision: use 120 characters for the dns account password
      upgradehelpers.py: let update_machine_account_password() use 120 character passwords
      provision: add a comment that the value of krbtgtpass is ignored in the backend
      upgradehelpers.py: add a comment to update_krbtgt_account_password()
      s3:trusts_utils: use a password length of 120 for machine accounts
      python:tests: let insta_creds() also copy the bind_dn from the template
      dsdb/tests: passwords.py don't need to import BasePasswordTestCase
      dsdb/tests: let all BasePasswordTestCase tests provide self.host_url[_ldaps]
      dsdb/tests: make use of assertLoginFailure helper
      dsdb/tests: introduce assertLoginSuccess
      dsdb/tests: prepare BasePasswordTestCase for simple bind tests
      dsdb/tests: add test_login_basics_simple()
      s3:auth: let make_user_info_netlogon_interactive() set USER_INFO_INTERACTIVE_LOGON
      s4:auth_sam: use USER_INFO_INTERACTIVE_LOGON as inducation for an interactive logon
      s3:rpc_client: let rpccli_netlogon_network_logon() fallback to workstation = lp_netbios_name()
      s4:auth: a simple bind uses the DCs name as workstation
      s4:auth: encrypt_user_info() should set password_state instead of mapped_state
      auth/ntlmssp: don't set mapped_state explicitly in auth_usersupplied_info
      s4:smb_server: don't set mapped_state explicitly in auth_usersupplied_info
      s4:dsdb: don't set mapped_state in auth_usersupplied_info for audit logging
      s4:kdc: don't set mapped_state in auth_usersupplied_info for audit logging
      s4:rpc_server/samr: don't set mapped_state in auth_usersupplied_info for audit logging
      s4:auth: check for user_info->mapped.account_name if it needs to be filled
      s4:auth: fix confusing DEBUG message in authsam_want_check()
      s3:auth: make_user_info_map() should not set mapped_state
      nsswitch: let test_wbinfo.sh also test wbinfo -a $USERNAME@$DOMAIN
      winbindd: don't set mapped_state in winbindd_dual_auth_passdb()
      s4:auth: rename user_info->mapped_state to user_info->cracknames_called
      auth: let auth logging prefer user_info->orig_client.{account,domain}_name if available
      s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4names
      s4:kdc: redirect pre-authentication failured to an RWDC
      s4:kdc: strictly have 2 16-bit parts in krbtgt kvnos

Thomas Debesse (1):
      WHATSNEW: IRC is irc.libera.chat according to https://www.samba.org/samba/irc.html


Samba Shared Repository

More information about the samba-cvs mailing list