[SCM] Samba Shared Repository - annotated tag samba-4.17.1 created
Jule Anger
janger at samba.org
Wed Oct 19 12:22:19 UTC 2022
The annotated tag, samba-4.17.1 has been created
at 41ad24dad0c7d4d0eebe0be6634ee6f033ec0749 (tag)
tagging ed12d43518f06b05f69a93ba9b20d768c64124bc (commit)
replaces samba-4.17.0
tagged by Jule Anger
on Wed Oct 19 14:21:55 2022 +0200
- Log -----------------------------------------------------------------
samba: tag release samba-4.17.1
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmNP6+MACgkQqplEL7aA
tiBUBQ//dlQiZ2pjrhKRc21FSUzHiEFUVk1L+3pzeTftt3YF/2e0wysbK1hOzJaD
Mz+3rtbRwDmAehE9KjscqPrVpmzVPYr47e3lzZFjeqSjEIcNQyO2mApG1e1Zxur4
ua09Sr98kGXnSiFQO0GwPVTkab7lofvBmkQA9Ngrm3QIH+ZgWC0vQl3vMlbmzgPD
gyewI0q8raZpyCo7MJGmrER3mm2vm6fsQSjq0pWo4SlzKj6g+LNnXGz7e2wnMYqk
2CXwcqoBSAlSK66okxU+xDc7Ne9Jfq6HOEqfiim9Ab7QZ0JTvcBy2unQkhTurk63
/vXBQS2aRDA5ZFdR54ou3OpIDNzApa/NbvJwJvf8yP4jx0fhx8yeaiJfxQBG5YiE
CQ3xrblFVWBNfG7ZBskq09MdGuMlvW+nJb2/H9h+VlnDEvponovR3wFqH9tfdHlO
I6NWsOYVIq+Ppi6u0WoU5mXNG5vKSOA5Kdf0StNP2Hdp5h1/CrPLyN/KtBNCIcGN
PbNB326Ey2qaQPolul9nQ9pJli2oG3/x83wMxd9mICg92f3rcB+49S/fEOwxKtYr
BDM9u4+I6rrN2rXEXn0zZVAXV5Xj5Qm1+nAPxqdzVr3OWMTYEWnAR5BRss+lA6mX
6CwnxeVXL8hkfZu44nd7wyA7OoZB4xg3Gj2dr9gn3qKdvJJTSBo=
=WrEk
-----END PGP SIGNATURE-----
Andreas Schneider (1):
s3:auth: Flush the GETPWSID in memory cache for NTLM auth
Andrew Bartlett (13):
CVE-2021-20251 s4-rpc_server: Use authsam_search_account() to find the user
CVE-2021-20251 auth4: Reread the user record if a bad password is noticed.
CVE-2021-20251 s4 auth: make bad password count increment atomic
CVE-2021-20251 auth4: Add missing newline to debug message on PSO read failure
CVE-2021-20251 auth4: Split authsam_calculate_lastlogon_sync_interval() out
CVE-2021-20251 auth4: Inline samdb_result_effective_badPwdCount() in authsam_logon_success_accounting()
CVE-2021-20251 auth4: Avoid reading the database twice by precaculating some variables
selftest: Prepare for "old Samba" mode regarding getncchanges GET_ANC/GET_TGT
selftest: Add tests for GetNCChanges GET_ANC using samba-tool drs clone-dc-database
s4-rpc_server:getncchanges Add "old Samba" mode regarding GET_ANC/GET_TGT
selftest: Enable "old Samba" mode regarding GET_ANC/GET_TGT
s4-libnet: Add messages to object count mismatch failures
python-drs: Add client-side debug and fallback for GET_ANC
Anoop C S (1):
vfs_glusterfs: Remove special handling of O_CREAT flag
Douglas Bagnall (7):
pytest: add file removal helpers for TestCaseInTempDir
pytest/downgradedatabase: use TestCaseInTempDir.rm_files
pytest/samdb_api: use TestCaseInTempDir.rm_files
pytest/join: use TestCaseInTempDir.rm_files/dirs
pytest/samdb: use TestCaseInTempDir.rm_files/.rm_dirs
pytest/samba_tool_drs: use TestCaseInTempDir.rm_files/.rm_dirs
pytest/samba_tool_drs_no_dns: use TestCaseInTempDir.rm_files/.rm_dirs
Gary Lockyer (4):
CVE-2021-20251 auth4: split samdb_result_msds_LockoutObservationWindow() out
CVE-2021-20251 s4 auth: Prepare to make bad password count increment atomic
CVE-2021-20251 s4 auth test: Unit tests for source4/auth/sam.c
CVE-2021-20251 auth4: Return only the result message and free the surrounding result
Jeremy Allison (6):
CVE-2021-20251 s3: ensure bad password count atomic updates
s3: smbd: Fix memory leak in smbd_server_connection_terminate_done().
s4: smbtorture: Add fsync_resource_fork test to fruit tests.
s3: VFS: fruit. Implement fsync_send()/fsync_recv().
s4: torture: libsmbclient: Add a torture test to ensure smbc_stat() returns ENOENT on a non-existent file.
s3: libsmbclient: Fix smbc_stat() to return ENOENT on a non-existent file.
Joseph Sutton (28):
s3:rpc_server: Fix typo in error message
lib:crypto: Zero auth_tag array in encryption test
s4:torture: Zero samr_UserInfo union in password set test
lib:crypto: Check for overflow before filling pauth_tag array
lib:crypto: Use constant time memory comparison to check HMAC
CVE-2021-20251 lib:crypto: Add des_crypt_blob_16() for encrypting data with DES
CVE-2021-20251 lib:crypto: Add md4_hash_blob() for hashing data with MD4
CVE-2021-20251 lib:crypto: Add Python functions for AES SAMR password change
CVE-2021-20251 tests/krb5: Add tests for password lockout race
CVE-2021-20251 auth4: Detect ACCOUNT_LOCKED_OUT error for password change
CVE-2021-20251 s4-auth: Pass through error code from badPwdCount update
CVE-2021-20251 s4:dsdb: Update bad password count inside transaction
CVE-2021-20251 s4:dsdb: Make badPwdCount update atomic
CVE-2021-20251 s4:kdc: Move logon success accounting code into existing branch
CVE-2021-20251 s4:kdc: Check return status of authsam_logon_success_accounting()
CVE-2021-20251 s4:kdc: Check badPwdCount update return status
CVE-2021-20251 s4-rpc_server: Check badPwdCount update return status
CVE-2021-20251 s4:auth_winbind: Check return status of authsam_logon_success_accounting()
CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR password change
lib:util: Check memset_s() error code in talloc_keep_secret_destructor()
libcli:auth: Keep passwords from convert_string_talloc() secret
s3:rpc_server: Use BURN_STR() to zero password
CVE-2021-20251 s4-rpc_server: Use authsam_search_account() to find the user
CVE-2021-20251 s4-rpc_server: Use user privileges for SAMR password change
CVE-2021-20251 s4-rpc_server: Extend scope of transaction for ChangePasswordUser3
CVE-2021-20251 dsdb/common: Remove transaction logic from samdb_set_password()
CVE-2021-20251 s3:rpc_server: Split change_oem_password() call out of samr_set_password_aes()
CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR AES password change
Jule Anger (3):
VERSION: Bump version up to Samba 4.17.1...
WHATSNEW: Add release notes for Samba 4.17.1.
VERSION: Disable GIT_SNAPSHOT for the 4.17.1 release.
Noel Power (9):
s3/rpcclient: Duplicate string returned from poptGetArg
s3/param: Fix use after free with popt-1.19
s3/utils: Add missing poptFreeContext
s3/utils: Fix use after free with popt 1.19
s3/utils: Fix use after free with popt 1.19
s4/lib/registry: Fix use after free with popt 1.19
s3/param: Check return of talloc_strdup
s3/utils: Check return of talloc_strdup
s3/utils: check result of talloc_strdup
Pavel Filipenský (1):
lib:replace: Add macro BURN_STR() to zero memory of a string
Ralph Boehme (1):
vfs_fruit: add missing calls to tevent_req_received()
Stefan Metzmacher (8):
smbXsrv_client: ignore NAME_NOT_FOUND from smb2srv_client_connection_passed
smbXsrv_client: fix a debug message in smbXsrv_client_global_verify_record()
smbXsrv_client: call smb2srv_client_connection_{pass,drop}() before dbwrap_watched_watch_send()
smbXsrv_client: make sure we only wait for smb2srv_client_mc_negprot_filter once and only when needed
smbXsrv_client: handle NAME_NOT_FOUND from smb2srv_client_connection_{pass,drop}()
s4:messaging: add imessaging_init_discard_incoming()
s3:auth_samba4: make use of imessaging_init_discard_incoming()
s4:messaging: let imessaging_client_init() use imessaging_init_discard_incoming()
Volker Lendecke (3):
vfs_gpfs: Prevent mangling of GPFS timestamps after 2106
lib: Map ERANGE to NT_STATUS_INTEGER_OVERFLOW
vfs_gpfs: Protect against timestamps before the Unix epoch
-----------------------------------------------------------------------
--
Samba Shared Repository
More information about the samba-cvs
mailing list