[SCM] Samba Shared Repository - annotated tag samba-4.18.8 created

Jule Anger janger at samba.org
Tue Oct 10 14:31:29 UTC 2023

The annotated tag, samba-4.18.8 has been created
        at  7676a3fa130eb567cdfd4cf18e6028570f357c41 (tag)
   tagging  f1c0d4f1feb8105d22307e29150e0b7d59b5fed9 (commit)
  replaces  samba-4.18.7
 tagged by  Jule Anger
        on  Tue Oct 10 11:01:42 2023 +0200

- Log -----------------------------------------------------------------
samba: tag release samba-4.18.8


Andreas Schneider (1):
      CVE-2023-4154 s4:dsdb:tests: Fix code spelling

Andrew Bartlett (13):
      CVE-2023-4154 dsdb: Remove remaining references to DC_MODE_RETURN_NONE and DC_MODE_RETURN_ALL
      CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice
      CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force()
      CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential at the start
      CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever.
      CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive matches once
      CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE behaviour
      CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests
      CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY
      CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default
      CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC
      CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC
      CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup

Jeremy Allison (3):
      CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit socket_dir.
      CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow bad pipenames with unix separators through to the UNIX domain socket code.
      CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames.

Joseph Sutton (2):
      CVE-2023-4154 s4:dsdb:tests: Refactor confidential attributes test
      CVE-2023-4154 s4-dsdb: Remove DSDB_ACL_CHECKS_DIRSYNC_FLAG

Jule Anger (3):
      VERSION: Bump version up to Samba 4.18.8...
      WHATSNEW: Add release notes for Samba 4.18.8.
      VERSION: Disable GIT_SNAPSHOT for the 4.18.8 release.

Ralph Boehme (2):
      CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file
      CVE-2023-4091: smbd: use open_access_mask for access check in open_file()

Stefan Metzmacher (7):
      CVE-2023-4154 python:sd_utils: introduce update_aces_in_dacl() helper
      CVE-2023-4154 python:sd_utils: add dacl_{prepend,append,delete}_aces() helpers
      CVE-2023-4154 py_security: allow idx argument to descriptor.[s|d]acl_add()
      CVE-2023-4154 python/samba/ndr: add ndr_deepcopy() helper
      CVE-2023-4154 replace: add ARRAY_INSERT_ELEMENT() helper
      CVE-2023-4154 libcli/security: prepare security_descriptor_acl_add() to place the ace at a position
      CVE-2023-4154 libcli/security: add security_descriptor_[s|d]acl_insert() helpers


Samba Shared Repository

More information about the samba-cvs mailing list