[SCM] Samba Shared Repository - annotated tag samba-4.19.2 created

Jule Anger janger at samba.org
Mon Oct 16 14:18:04 UTC 2023

The annotated tag, samba-4.19.2 has been created
        at  2f873ef4364c64ecb6833f67409f1734ff07e00e (tag)
   tagging  5b54d9e2be82545d9401ce474a39c12e6df6901f (commit)
  replaces  samba-4.19.1
 tagged by  Jule Anger
        on  Mon Oct 16 16:16:38 2023 +0200

- Log -----------------------------------------------------------------
samba: tag release samba-4.19.2


Andreas Schneider (1):
      CVE-2023-4154 s4:dsdb:tests: Fix code spelling

Andrew Bartlett (12):
      CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice
      CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force()
      CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential at the start
      CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever.
      CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive matches once
      CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE behaviour
      CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests
      CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY
      CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default
      CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC
      CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC
      CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup

Jeremy Allison (9):
      s3: libsmb: Add a missing return statement in the timeout case.
      s3: smbd: Add some DEVELOPER-only code to panic if the destructor for an aio_lnk is called and the associated fsp doesn't exist.
      s3: smbd: named pipe reads are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown.
      s3: smbd: named pipe writes are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown.
      s3: torture: Add a new SMB2 test: SMB2-PIPE-READ-ASYNC-DISCONNECT
      s3: smbd: Ensure we remove any pending aio values for named pipes on forced shutdown.
      CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit socket_dir.
      CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow bad pipenames with unix separators through to the UNIX domain socket code.
      CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames.

Joseph Sutton (2):
      s4:kdc: Add correct Asserted Identity SID in response to an S4U2Self request
      CVE-2023-5568 third_party/heimdal: Fix PKINIT freshness token memory handling (Import lorikeet-heimdal-202310092148 (commit 38aa80e35b6b1e16b081fa9c005c03b1e6994204))

Jule Anger (6):
      VERSION: Bump version up to Samba 4.19.1...
      Merge tag 'samba-4.19.1' into v4-19-stable
      Merge branch 'v4-19-stable' into v4-19-test
      VERSION: Bump version up to Samba 4.19.2...
      WHATSNEW: Add release notes for Samba 4.19.2.
      VERSION: Disable GIT_SNAPSHOT for the 4.19.2 release.

Martin Schwenke (1):
      ctdb-daemon: Call setproctitle_init()

Ralph Boehme (3):
      mdssvc: better support for search with mdfind from Macs
      CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file
      CVE-2023-4091: smbd: use open_access_mask for access check in open_file()

Stefan Metzmacher (5):
      nsswitch: add test for pthread_key_delete missuse (bug 15464)
      nsswitch/wb_common.c: fix build without HAVE_PTHREAD
      nsswitch/wb_common.c: winbind_destructor can always use get_wb_global_ctx()
      nsswitch/wb_common.c: don't operate on a stale wb_global_ctx.key
      nsswitch/wb_common.c: fix socket fd and memory leaks of global state

Volker Lendecke (2):
      tests: Add reproducer for BZ15481
      smbd: Fix BZ15481


Samba Shared Repository

More information about the samba-cvs mailing list