[SCM] Samba Shared Repository - annotated tag samba-4.19.2 created

Jule Anger janger at samba.org
Mon Oct 16 14:18:04 UTC 2023 

The annotated tag, samba-4.19.2 has been created
        at  2f873ef4364c64ecb6833f67409f1734ff07e00e (tag)
   tagging  5b54d9e2be82545d9401ce474a39c12e6df6901f (commit)
  replaces  samba-4.19.1
 tagged by  Jule Anger
        on  Mon Oct 16 16:16:38 2023 +0200

- Log -----------------------------------------------------------------
samba: tag release samba-4.19.2
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmUtRcYACgkQqplEL7aA
tiDRIw//eaAgNQlg4fYAnWuZFmn1NQuB+rhIhEiH/BdQUMRAo6ez6uUJ8ai0TVzD
HgUXBIPJtxZPyxcME+wfo1SjdQpkKjfDvXHTGRhriK/bTHpEbYKG94x4JXfW55yJ
Kdwm4OF180zNBKaT+hl1GzEDnikZfHcyTvO8EgzRbHInlCV7ogA+15yu/JwMoy8/
iWTuS05MiNjiacS81+G5H8yH/hWe4RI0oi67WiFwFh5Rtk2qpNMomkqS1pA7yy3c
mwBxr0/5i2FqgIkGwq0JHeQxD3jJsoRUgHtkcCoG/tMzU831ZkK09x5h0Q1yCDw5
rnL21lr5p56OMFtcJWV1Y21oW/jPE1aJ5BbMgNiRPdqgWi0pTY1NVcu5bwjEnp69
QZbKb5bOWY7jIFp5rxK2rUDjzdjcQyzZt2WS12fVUyogIGkAwu4ZzXo8+pTzlyon
WkfuR+YM6h1kQLhRta6CrSVHtRHvJ40gcExyPKbiwwavE7N9apPFW/NwxnE4XRgv
pnyykPF/U0mWrA0Edg9Va0fEatTSzcnOqYyG6RuNbV2coqWzTzHXWAEC2Ko86bGE
RGKgYzGrpMP670R1qoSF+Grb4n5LPUAmbWm8JVRUd0viB97TLw2rVb77cOgdutAA
s812cdMxMeS1kVxwev6Tq3BcC3T43XeHFBWLAI94MoIo95PHnFI=
=SF9g
-----END PGP SIGNATURE-----

Andreas Schneider (1):
      CVE-2023-4154 s4:dsdb:tests: Fix code spelling

Andrew Bartlett (12):
      CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice
      CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force()
      CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential at the start
      CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever.
      CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive matches once
      CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE behaviour
      CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests
      CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY
      CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default
      CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC
      CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC
      CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup

Jeremy Allison (9):
      s3: libsmb: Add a missing return statement in the timeout case.
      s3: smbd: Add some DEVELOPER-only code to panic if the destructor for an aio_lnk is called and the associated fsp doesn't exist.
      s3: smbd: named pipe reads are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown.
      s3: smbd: named pipe writes are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown.
      s3: torture: Add a new SMB2 test: SMB2-PIPE-READ-ASYNC-DISCONNECT
      s3: smbd: Ensure we remove any pending aio values for named pipes on forced shutdown.
      CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit socket_dir.
      CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow bad pipenames with unix separators through to the UNIX domain socket code.
      CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames.

Joseph Sutton (2):
      s4:kdc: Add correct Asserted Identity SID in response to an S4U2Self request
      CVE-2023-5568 third_party/heimdal: Fix PKINIT freshness token memory handling (Import lorikeet-heimdal-202310092148 (commit 38aa80e35b6b1e16b081fa9c005c03b1e6994204))

Jule Anger (6):
      VERSION: Bump version up to Samba 4.19.1...
      Merge tag 'samba-4.19.1' into v4-19-stable
      Merge branch 'v4-19-stable' into v4-19-test
      VERSION: Bump version up to Samba 4.19.2...
      WHATSNEW: Add release notes for Samba 4.19.2.
      VERSION: Disable GIT_SNAPSHOT for the 4.19.2 release.

Martin Schwenke (1):
      ctdb-daemon: Call setproctitle_init()

Ralph Boehme (3):
      mdssvc: better support for search with mdfind from Macs
      CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file
      CVE-2023-4091: smbd: use open_access_mask for access check in open_file()

Stefan Metzmacher (5):
      nsswitch: add test for pthread_key_delete missuse (bug 15464)
      nsswitch/wb_common.c: fix build without HAVE_PTHREAD
      nsswitch/wb_common.c: winbind_destructor can always use get_wb_global_ctx()
      nsswitch/wb_common.c: don't operate on a stale wb_global_ctx.key
      nsswitch/wb_common.c: fix socket fd and memory leaks of global state

Volker Lendecke (2):
      tests: Add reproducer for BZ15481
      smbd: Fix BZ15481

-----------------------------------------------------------------------


-- 
Samba Shared Repository

More information about the samba-cvs mailing list