[SCM] Samba Shared Repository - annotated tag samba-4.17.1 created

Jule Anger janger at samba.org
Wed Oct 19 12:22:19 UTC 2022 

The annotated tag, samba-4.17.1 has been created
        at  41ad24dad0c7d4d0eebe0be6634ee6f033ec0749 (tag)
   tagging  ed12d43518f06b05f69a93ba9b20d768c64124bc (commit)
  replaces  samba-4.17.0
 tagged by  Jule Anger
        on  Wed Oct 19 14:21:55 2022 +0200

- Log -----------------------------------------------------------------
samba: tag release samba-4.17.1
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmNP6+MACgkQqplEL7aA
tiBUBQ//dlQiZ2pjrhKRc21FSUzHiEFUVk1L+3pzeTftt3YF/2e0wysbK1hOzJaD
Mz+3rtbRwDmAehE9KjscqPrVpmzVPYr47e3lzZFjeqSjEIcNQyO2mApG1e1Zxur4
ua09Sr98kGXnSiFQO0GwPVTkab7lofvBmkQA9Ngrm3QIH+ZgWC0vQl3vMlbmzgPD
gyewI0q8raZpyCo7MJGmrER3mm2vm6fsQSjq0pWo4SlzKj6g+LNnXGz7e2wnMYqk
2CXwcqoBSAlSK66okxU+xDc7Ne9Jfq6HOEqfiim9Ab7QZ0JTvcBy2unQkhTurk63
/vXBQS2aRDA5ZFdR54ou3OpIDNzApa/NbvJwJvf8yP4jx0fhx8yeaiJfxQBG5YiE
CQ3xrblFVWBNfG7ZBskq09MdGuMlvW+nJb2/H9h+VlnDEvponovR3wFqH9tfdHlO
I6NWsOYVIq+Ppi6u0WoU5mXNG5vKSOA5Kdf0StNP2Hdp5h1/CrPLyN/KtBNCIcGN
PbNB326Ey2qaQPolul9nQ9pJli2oG3/x83wMxd9mICg92f3rcB+49S/fEOwxKtYr
BDM9u4+I6rrN2rXEXn0zZVAXV5Xj5Qm1+nAPxqdzVr3OWMTYEWnAR5BRss+lA6mX
6CwnxeVXL8hkfZu44nd7wyA7OoZB4xg3Gj2dr9gn3qKdvJJTSBo=
=WrEk
-----END PGP SIGNATURE-----

Andreas Schneider (1):
      s3:auth: Flush the GETPWSID in memory cache for NTLM auth

Andrew Bartlett (13):
      CVE-2021-20251 s4-rpc_server: Use authsam_search_account() to find the user
      CVE-2021-20251 auth4: Reread the user record if a bad password is noticed.
      CVE-2021-20251 s4 auth: make bad password count increment atomic
      CVE-2021-20251 auth4: Add missing newline to debug message on PSO read failure
      CVE-2021-20251 auth4: Split authsam_calculate_lastlogon_sync_interval() out
      CVE-2021-20251 auth4: Inline samdb_result_effective_badPwdCount() in authsam_logon_success_accounting()
      CVE-2021-20251 auth4: Avoid reading the database twice by precaculating some variables
      selftest: Prepare for "old Samba" mode regarding getncchanges GET_ANC/GET_TGT
      selftest: Add tests for GetNCChanges GET_ANC using samba-tool drs clone-dc-database
      s4-rpc_server:getncchanges Add "old Samba" mode regarding GET_ANC/GET_TGT
      selftest: Enable "old Samba" mode regarding GET_ANC/GET_TGT
      s4-libnet: Add messages to object count mismatch failures
      python-drs: Add client-side debug and fallback for GET_ANC

Anoop C S (1):
      vfs_glusterfs: Remove special handling of O_CREAT flag

Douglas Bagnall (7):
      pytest: add file removal helpers for TestCaseInTempDir
      pytest/downgradedatabase: use TestCaseInTempDir.rm_files
      pytest/samdb_api: use TestCaseInTempDir.rm_files
      pytest/join: use TestCaseInTempDir.rm_files/dirs
      pytest/samdb: use TestCaseInTempDir.rm_files/.rm_dirs
      pytest/samba_tool_drs: use TestCaseInTempDir.rm_files/.rm_dirs
      pytest/samba_tool_drs_no_dns: use TestCaseInTempDir.rm_files/.rm_dirs

Gary Lockyer (4):
      CVE-2021-20251 auth4: split samdb_result_msds_LockoutObservationWindow() out
      CVE-2021-20251 s4 auth: Prepare to make bad password count increment atomic
      CVE-2021-20251 s4 auth test: Unit tests for source4/auth/sam.c
      CVE-2021-20251 auth4: Return only the result message and free the surrounding result

Jeremy Allison (6):
      CVE-2021-20251 s3: ensure bad password count atomic updates
      s3: smbd: Fix memory leak in smbd_server_connection_terminate_done().
      s4: smbtorture: Add fsync_resource_fork test to fruit tests.
      s3: VFS: fruit. Implement fsync_send()/fsync_recv().
      s4: torture: libsmbclient: Add a torture test to ensure smbc_stat() returns ENOENT on a non-existent file.
      s3: libsmbclient: Fix smbc_stat() to return ENOENT on a non-existent file.

Joseph Sutton (28):
      s3:rpc_server: Fix typo in error message
      lib:crypto: Zero auth_tag array in encryption test
      s4:torture: Zero samr_UserInfo union in password set test
      lib:crypto: Check for overflow before filling pauth_tag array
      lib:crypto: Use constant time memory comparison to check HMAC
      CVE-2021-20251 lib:crypto: Add des_crypt_blob_16() for encrypting data with DES
      CVE-2021-20251 lib:crypto: Add md4_hash_blob() for hashing data with MD4
      CVE-2021-20251 lib:crypto: Add Python functions for AES SAMR password change
      CVE-2021-20251 tests/krb5: Add tests for password lockout race
      CVE-2021-20251 auth4: Detect ACCOUNT_LOCKED_OUT error for password change
      CVE-2021-20251 s4-auth: Pass through error code from badPwdCount update
      CVE-2021-20251 s4:dsdb: Update bad password count inside transaction
      CVE-2021-20251 s4:dsdb: Make badPwdCount update atomic
      CVE-2021-20251 s4:kdc: Move logon success accounting code into existing branch
      CVE-2021-20251 s4:kdc: Check return status of authsam_logon_success_accounting()
      CVE-2021-20251 s4:kdc: Check badPwdCount update return status
      CVE-2021-20251 s4-rpc_server: Check badPwdCount update return status
      CVE-2021-20251 s4:auth_winbind: Check return status of authsam_logon_success_accounting()
      CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR password change
      lib:util: Check memset_s() error code in talloc_keep_secret_destructor()
      libcli:auth: Keep passwords from convert_string_talloc() secret
      s3:rpc_server: Use BURN_STR() to zero password
      CVE-2021-20251 s4-rpc_server: Use authsam_search_account() to find the user
      CVE-2021-20251 s4-rpc_server: Use user privileges for SAMR password change
      CVE-2021-20251 s4-rpc_server: Extend scope of transaction for ChangePasswordUser3
      CVE-2021-20251 dsdb/common: Remove transaction logic from samdb_set_password()
      CVE-2021-20251 s3:rpc_server: Split change_oem_password() call out of samr_set_password_aes()
      CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR AES password change

Jule Anger (3):
      VERSION: Bump version up to Samba 4.17.1...
      WHATSNEW: Add release notes for Samba 4.17.1.
      VERSION: Disable GIT_SNAPSHOT for the 4.17.1 release.

Noel Power (9):
      s3/rpcclient: Duplicate string returned from poptGetArg
      s3/param: Fix use after free with popt-1.19
      s3/utils: Add missing poptFreeContext
      s3/utils: Fix use after free with popt 1.19
      s3/utils: Fix use after free with popt 1.19
      s4/lib/registry: Fix use after free with popt 1.19
      s3/param: Check return of talloc_strdup
      s3/utils: Check return of talloc_strdup
      s3/utils: check result of talloc_strdup

Pavel Filipenský (1):
      lib:replace: Add macro BURN_STR() to zero memory of a string

Ralph Boehme (1):
      vfs_fruit: add missing calls to tevent_req_received()

Stefan Metzmacher (8):
      smbXsrv_client: ignore NAME_NOT_FOUND from smb2srv_client_connection_passed
      smbXsrv_client: fix a debug message in smbXsrv_client_global_verify_record()
      smbXsrv_client: call smb2srv_client_connection_{pass,drop}() before dbwrap_watched_watch_send()
      smbXsrv_client: make sure we only wait for smb2srv_client_mc_negprot_filter once and only when needed
      smbXsrv_client: handle NAME_NOT_FOUND from smb2srv_client_connection_{pass,drop}()
      s4:messaging: add imessaging_init_discard_incoming()
      s3:auth_samba4: make use of imessaging_init_discard_incoming()
      s4:messaging: let imessaging_client_init() use imessaging_init_discard_incoming()

Volker Lendecke (3):
      vfs_gpfs: Prevent mangling of GPFS timestamps after 2106
      lib: Map ERANGE to NT_STATUS_INTEGER_OVERFLOW
      vfs_gpfs: Protect against timestamps before the Unix epoch

-----------------------------------------------------------------------


-- 
Samba Shared Repository

More information about the samba-cvs mailing list