[SCM] Samba Shared Repository - annotated tag samba-4.16.4 created
Jule Anger
janger at samba.org
Wed Jul 27 10:01:07 UTC 2022
The annotated tag, samba-4.16.4 has been created
at e0d6e97e1f3a26a0258f61b4074684b7ca9dc85d (tag)
tagging 9618af1b66aa7503e02b25c9a0bb5b1f31baffbc (commit)
replaces ldb-2.5.2
tagged by Jule Anger
on Wed Jul 27 09:21:14 2022 +0200
- Log -----------------------------------------------------------------
samba: tag release samba-4.16.4
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmLg52oACgkQqplEL7aA
tiCzthAAiazYyt3KGpriOgtIpkVH/UgkWsk2OY2yLRNNEZwPcc+Ok6TdQiAYO0gK
mjAYbzq6/h4bShGbqa/KcNKbkJDSh+wrwX9vmMqSTd4Fmtc02099PzPAwCB/spug
cBu/5BbAs6+UWPytlSMYi4ByF1WMQz7kmtEfZuWOHBlAGtV967sKCSzuCoHlpJl4
IvQkRw9BytNkJa9/uuTRxbtxoy5MnRr2MRGcT1HVakalI48+yNslngmrXWXmPMIs
jpPmEZNDRyTJ7Bdd0pzF+hiT/8+drK3fEsN4W/aAxMF9tacXz6yd24CisWNroZZA
sBNcpN7//Fx+1iIiwP5K9Flae8un1/+85i/ajvV6oyAPxoQOWG7bPjs557MpHdA3
ra+zdt2GpesNAg0Rzo08uZ7g2qmAcpzkZB8/j/1vQQeGR/dj+raHfZaWfGTQ0G+S
mYq7Li+jpZcVAo1JY/yrBK8vnTn10/W3Cj7G/nQWfnKWt6LPmyF/zFe4mZvkH+Pt
HE7zcQ/DB1frQzjgcNxCpmNr9HeDDXEBvm2zpPxycoGrPDTbJljvTYrNUFI5kggW
Akwoe1uJ60CH9A5pfIiWonsUMoexWvIXJGlPGbHLvD28GIQNaQCLU86MvARBSSj3
kIYtVlOVNjpXyc1SggqbRNtMvds/Yn+TP9x5LRus9/sDy6YKH1E=
=ls1N
-----END PGP SIGNATURE-----
Andreas Schneider (4):
s4:kdc: Also cannoicalize krbtgt principals when enforcing canonicalization
CVE-2022-2031 testprogs: Fix auth with smbclient and krb5 ccache
CVE-2022-2031 testprogs: Add kadmin/changepw canonicalization test with MIT kpasswd
CVE-2022-2031 s4:kdc: Implement is_kadmin_changepw() helper function
Jeremy Allison (2):
CVE-2022-32742: s4: torture: Add raw.write.bad-write test.
CVE-2022-32742: s3: smbd: Harden the smbreq_bufrem() macro.
Joseph Sutton (48):
CVE-2022-32745 s4/dsdb/samldb: Check for empty values array
CVE-2022-32745 s4/dsdb/util: Use correct value for loop count limit
CVE-2022-32745 s4/dsdb/util: Don't call memcpy() with a NULL pointer
CVE-2022-32745 s4/dsdb/util: Correctly copy values into message element
tests/krb5: Add helper function to modify ticket flags
selftest: Simplify krb5 test environments
CVE-2022-2031 s4:kdc: Add MIT support for ATTRIBUTES_INFO and REQUESTER_SID PAC buffers
CVE-2022-2031 third_party/heimdal: Check generate_pac() return code
CVE-2022-2031 s4:kpasswd: Account for missing target principal
CVE-2022-2031 s4:kpasswd: Add MIT fallback for decoding setpw structure
CVE-2022-32744 tests/krb5: Correctly handle specifying account kvno
CVE-2022-2031 tests/krb5: Split out _make_tgs_request()
CVE-2022-32744 tests/krb5: Correctly calculate salt for pre-existing accounts
CVE-2022-2031 tests/krb5: Add new definitions for kpasswd
CVE-2022-2031 tests/krb5: Add methods to create ASN1 kpasswd structures
CVE-2022-2031 tests/krb5: Add 'port' parameter to connect()
CVE-2022-2031 tests/krb5: Add methods to send and receive generic messages
tests/krb5: Fix enum typo
tests/krb5: Add option for creating accounts with expired passwords
CVE-2022-2031 tests/krb5: Allow requesting a TGT to a different sname and realm
CVE-2022-2031 tests/krb5: Add kpasswd_exchange() method
CVE-2022-32744 selftest: Specify Administrator kvno for Python krb5 tests
CVE-2022-2031 tests/krb5: Add tests for kpasswd service
CVE-2022-2031 s4:kpasswd: Correctly generate error strings
CVE-2022-2031 s4:kpasswd: Don't return AP-REP on failure
CVE-2022-2031 lib:krb5_wrap: Generate valid error codes in smb_krb5_mk_error()
CVE-2022-2031 s4:kpasswd: Return a kpasswd error code in KRB-ERROR
CVE-2022-2031 gensec_krb5: Add helper function to check if client sent an initial ticket
CVE-2022-2031 s4:kpasswd: Require an initial ticket
s4:kpasswd: Restructure code for clarity
CVE-2022-2031 s4:kdc: Split out a samba_kdc_get_entry_principal() function
CVE-2022-2031 s4:kdc: Refactor samba_kdc_get_entry_principal()
CVE-2022-2031 s4:kdc: Fix canonicalisation of kadmin/changepw principal
CVE-2022-2031 s4:kdc: Limit kpasswd ticket lifetime to two minutes or less
CVE-2022-2031 third_party/heimdal: Add function to get current KDC time
CVE-2022-2031 s4:kdc: Reject tickets during the last two minutes of their life
CVE-2022-32744 s4:kdc: Don't allow HDB keytab iteration
CVE-2022-2031 tests/krb5: Test truncated forms of server principals
CVE-2022-2031 s4:kdc: Don't use strncmp to compare principal components
CVE-2022-32744 s4:kdc: Rename keytab_name -> kpasswd_keytab_name
s4:kdc: Remove kadmin mode from HDB plugin
CVE-2022-32744 s4:kdc: Modify HDB plugin to only look up kpasswd principal
CVE-2022-32744 s4:kpasswd: Ensure we pass the kpasswd server principal into krb5_rd_req_ctx()
CVE-2022-2031 tests/krb5: Add test that we cannot provide a TGT to kpasswd
CVE-2022-2031 auth: Add ticket type field to auth_user_info_dc and auth_session_info
CVE-2022-2031 s4:auth: Use PAC to determine whether ticket is a TGT
CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd tickets
CVE-2022-2031 testprogs: Add test for short-lived ticket across an incoming trust
Jule Anger (2):
WHATSNEW: Add release notes for Samba 4.16.4.
VERSION: Disable GIT_SNAPSHOT for the 4.16.4 release.
-----------------------------------------------------------------------
--
Samba Shared Repository
More information about the samba-cvs
mailing list