The annotated tag, samba-4.6.7 has been created
        at  18d701bbbf26fedf022296e08d6329dcb9e3db26 (tag)
   tagging  a42a92b09dab03e7872c5f5ee21e651c1ab5542d (commit)
  replaces  samba-4.6.6
 tagged by  Karolin Seeger
        on  Tue Aug 8 09:51:36 2017 +0200

- Log -----------------------------------------------------------------
samba: tag release samba-4.6.7
-----BEGIN PGP SIGNATURE-----

iEYEABECAAYFAlmJbYgACgkQbzORW2Vot+qP6QCeL1uBQZWuFbGopmimhA9BqReF
5mIAoJ4IdEXC3IObYjIQqtTMPefxTqH1
=Vo5I
-----END PGP SIGNATURE-----

Amitay Isaacs (7):
      ctdb-scripts: Don't send empty argument string to logger
      ctdb-recovery: Assign banning credits if database fails to freeze
      ctdb-recovery: Setting up of recmode should be idempotent
      ctdb-recovery: Simplify logging of recovery mode setting
      ctdb-recovery: Finish processing for recovery mode ACTIVE first
      ctdb-recovery: Get recmode unconditionally in the main_loop
      ctdb-recovery: Do not run local ip verification when in recovery

Andreas Schneider (10):
      replace: Use the same size as d_name member of struct dirent
      waf: Do not trhow a format-truncation error for test/snprintf.c
      s4:torture: Fix comparison between pointer and zero character constant
      libcli:smb2: Gracefully handle not supported for 
FSCTL_VALIDATE_NEGOTIATE_INFO
      s3:popt_common: Reparse the username in popt_common_credentials_post()
      s3:tests: Add test for smbclient -UDOMAIN+username
      s3:tests: Do not delete the contets of LOCAL_PATH with tarmode test
      selftest: Do *NOT* flush the complete gencache!
      s3:tests: Do *NOT* flush the complete gencache!
      s3:client: The smbspool krb5 wrapper needs negotiate for authentication

Andrew Bartlett (3):
      selftest: Also wait for winbindd to start
      selftest: Do not enable inbound replication during replica_sync
      s4-cldap/netlogon: Match Windows 2012R2 and return NETLOGON_NT_VERSION_5 
when version unspecified

Arvid Requate (2):
      s4:torture/ldap: Test netlogon without NtVer
      s4-dsdb/netlogon: allow missing ntver in cldap ping

Bernhard M. Wiedemann via samba-technical (1):
      docs-xml: Sort input file list

Bob Campbell (1):
      selftest: Do not force run of kcc at start of selftest

Daniel Kobras (1):
      s3: smbd: fix regression with non-wide symlinks to directories over SMB3.

David Disseldorp (1):
      vfs_ceph: fix cephwrap_chdir()

David Mulder via samba-technical (1):
      messaging: fix net command failure due to unhandled return code

Douglas Bagnall (2):
      ndr tests: silence a harmless warning
      shadow_copy_get_shadow_copy_data: fix GCC snprintf warning

Dustin L. Howett via samba-technical (1):
      idmap_ad: Retry query_user exactly once if we get TLDAP_SERVER_DOWN

Garming Sam (1):
      dnsserver: Stop dns_name_equal doing OOB read

G√ľnther Deschner (1):
      vfs_fruit: add fruit:model = <modelname> parametric option

Jeremy Allison (11):
      s3: smbd: When deleting an fsp pointer ensure we don't keep any 
references to it around.
      libcli: smb: Add smbXcli_tcon_copy().
      libcli: smb: Add smb2cli_tcon_set_id().
      s3: libsmb: Add cli_state_save_tcon() / cli_state_restore_tcon().
      s3: smbtorture: Show correct use of cli_state_save_tcon() / 
cli_state_restore_tcon().
      s3: libsmb: Widen cli_state_get_tid() / cli_state_set_tid() to 32-bits.
      s3: libsmb: Fix cli_state_has_tcon() to cope with SMB2 connections.
      s3: libsmb: Correctly do lifecycle management on cli->smb1.tcon and 
cli->smb2.tcon.
      s3: libsmb: Correctly save and restore connection tcon in smbclient, 
smbcacls and smbtorture3.
      s3: smbd: Add regression test for non-wide symlinks to directories fail 
over SMB3.
      s3: smbd: Fix a read after free if a chained SMB1 call goes async.

Karolin Seeger (2):
      WHATSNEW: Add release notes for Samba 4.6.7.
      VERSION: Disable GIT_SNAPSHOTS for the 4.6.7 release.

Martin Schwenke (3):
      ctdb-scripts: NFS call-out failures should cause event failure
      ctdb-tests: Add more NFS eventscript tests for call-out failures
      ctdb-common: Set close-on-exec when creating PID file

Michael Saxl (1):
      s3:gse_krb5: fix a possible crash in fill_mem_keytab_from_system_keytab()

Noel Power (1):
      s3/utils: smbcacls failed to detect DIRECTORIES using SMB2 (windows only)

Ralph Boehme (4):
      s3/smbd: let non_widelink_open() chdir() to directories directly
      selftest: add a test for accessing previous version of directories with 
snapdirseverywhere
      vfs_fruit: don't use MS NFS ACEs with Windows clients
      s3/notifyd: ensure notifyd doesn't return from smbd_notifyd_init

Richard Sharpe (1):
      Bug 15852. There are valid paths where conn->lsa_pipe_tcp->transport is 
NULL. Protect against this.

Stefan Metzmacher (70):
      libcli/smb: Fix alignment problems of smb_bytes_pull_str()
      s3:libsmb: add cli_state_update_after_sesssetup() helper function
      s3:smb2_tcon: allow a compound request after a TreeConnect
      s3:smb2_sesssetup: allow a compound request after a SessionSetup
      auth/ntlmssp: enforce NTLMSSP_NEGOTIATE_NTLM2 for the NTLMv2 client case
      samba-tool: fix log message of 'samba-tool user syncpasswords'
      s3:smbd: unimplement FSCTL_VALIDATE_NEGOTIATE_INFO with "server max 
protocol = SMB2_02"
      auth/spnego: fix gensec_update_ev() argument order for the 
SPNEGO_FALLBACK case
      s3:smb2_create: avoid reusing the 'tevent_req' within 
smbd_smb2_create_send()
      wafsamba: add maxversion and version_blacklist to 
CHECK_BUNDLED_SYSTEM[_PKG]()
      ldb: protect Samba < 4.7 against incompatible ldb versions and require 
ldb < 1.2.0
      Merge branch 'v4-6-stable' into v4-6-test
      VERSION: Bump version up to 4.6.7...
      s3:smbd: consistently use talloc_tos() memory for 
rpc_pipe_open_interface()
      pidl:NDR/Parser: add missing {start,end}_flags() to ParseElementPrint()
      librpc/ndr: align the definition of LIBNDR_STRING_FLAGS with currently 
defined flags
      librpc/ndr: add LIBNDR_FLAG_IS_SECRET handling
      idl_types.h: add NDR_SECRET shortcut
      s3:librpc: let NDR_SECRETS depend on NDR_SECURITY
      s3:libads: remove unused kerberos_secrets_store_salting_principal()
      krb5_wrap: add smb_krb5_salt_principal()
      krb5_wrap: add smb_krb5_salt_principal2data()
      s3:libnet_join: remove dead code from libnet_join_connect_ads()
      s3:libnet_join: calculate r->out.account_name in 
libnet_join_pre_processing()
      s3:libnet_join.idl: return the domain_guid in libnet_JoinCtx
      s3:libnet_join: remember the domain_guid for AD domains
      s3:libnet_join.idl: add krb5_salt to libnet_JoinCtx
      s3:libnet_join: remember r->out.krb5_salt in 
libnet_join_derive_salting_principal()
      s3:libnet_join: move kerberos_secrets_store_des_salt() out of 
libnet_join_derive_salting_principal()
      s3:libnet_join: split libnet_join_post_processing_ads() into modify/sync
      s3:libnet_join: call do_JoinConfig() after we did remote changes on the 
server
      s3:libnet_join: move libnet_join_joindomain_store_secrets() to 
libnet_join_post_processing()
      s3:libnet_join: move kerberos_secrets_store_des_salt() to 
libnet_join_joindomain_store_secrets()
      s3:libads: remove kerberos_secrets_fetch_salting_principal() fallback
      s3:libads: provide a simpler kerberos_fetch_salt_princ() function
      s3:gse_krb5: simplify fill_keytab_from_password() by using 
kerberos_fetch_salt_princ()
      s3:libnet: make use of kerberos_secrets_fetch_salt_princ()
      s3:libads: make use of kerberos_secrets_fetch_salt_princ() in 
ads_keytab_add_entry()
      s3:libads: remove unused kerberos_fetch_salt_princ_for_host_princ()
      s3:secrets: move kerberos_secrets_*salt related functions to 
machine_account_secrets.c
      s3:secrets: rework des_salt_key() to take the realm as argument
      s3:secrets: split out a domain_guid_keystr() function
      s3:secrets: add some const to secrets_store_domain_guid()
      s3:secrets: make use of des_salt_key() in secrets_store_machine_pw_sync()
      s3:secrets: rename secrets_delete() to secrets_delete_entry()
      s3:secrets: re-add secrets_delete() helper to simplify deleting optional 
keys
      s3:secrets: make use of secrets_delete() in 
secrets_store_machine_pw_sync()
      s3:secrets: let secrets_store_machine_pw_sync() delete the des_salt_key 
when there's no value
      s3:secrets: replace secrets_delete_prev_machine_password() by 
secrets_delete()
      s3:secrets: rewrite secrets_delete_machine_password_ex() using helper 
variables
      s3:secrets: let secrets_delete_machine_password_ex() remove SID and GUID 
too
      s3:secrets: let secrets_delete_machine_password_ex() also remove the 
des_salt key
      s3:secrets: use secrets_delete for all keys in 
secrets_delete_machine_password_ex()
      s3:trusts_util: pass dcname to trust_pw_change()
      libcli/auth: pass an array of nt_hashes to netlogon_creds_cli_auth*()
      libcli/auth: add const to set_pw_in_buffer()
      libcli/auth: pass the cleartext blob to 
netlogon_creds_cli_ServerPasswordSet*()
      s3:trusts_util: also pass the previous_nt_hash to 
netlogon_creds_cli_auth()
      lsa.idl: make lsa_DnsDomainInfo [public]
      netlogon.idl: make netr_TrustFlags [public]
      netlogon.idl: use lsa_TrustType and lsa_TrustAttributes in 
netr_trust_extension
      secrets.idl: add secrets_domain_info that will be used in secrets.tdb for 
machine account trusts
      s3:secrets: add infrastructure to use secrets_domain_infoB to store 
credentials
      net: add "net primarytrust dumpinfo" command that dumps the details of 
the workstation trust
      s3:libnet: make use of secrets_store_JoinCtx()
      s3:trusts_util: make use the workstation password change more robust
      net: make use of secrets_*_password_change() for "net changesecretpw"
      s3:libads: make use of secrets_*_password_change() in 
ads_change_trust_account_password()
      s3:secrets: remove unused secrets_store_[prev_]machine_password()
      selftest:Samba3: call "net primarytrust dumpinfo" setup_nt4_member() 
after the join

Thomas Jarosch (1):
      s3: libsmb: Fix use-after-free when accessing pointer *p.

Volker Lendecke (1):
      smbd: Fix a connection run-down race condition

-----------------------------------------------------------------------


-- 
Samba Shared Repository

Reply via email to