The annotated tag, samba-4.15.3 has been created
at 579069ee4ec96d45215e791062624a3e3e3a80bd (tag)
tagging 0c85a0adaa57df2541ec2d395d1f7cf936bc2e43 (commit)
replaces samba-4.15.2
tagged by Jule Anger
on Wed Dec 8 15:37:57 2021 +0100
- Log -----------------------------------------------------------------
samba: tag release samba-4.15.3
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmGww0UACgkQqplEL7aA
tiCWrhAAumxyIGrnervT06lZzt1LnJYSSYnowgwqfXazwyHH8/BIoS7vkl6mr8qS
Yv2XmmV1647vBe9jhfJtmAFdLuxj3mjcbElMhHBR6AVIwUkPN4Ij4M9SebHg4dyf
297ygHJfdMff30uT6dMk7F7TjouRXydVI8syIB69d74hHsz5sRRu/irHJZ3wKHjy
RZP0nRgOeGUa4Ua9vHF2qF+nl/8azjvpWa7j2m22AUC8mgpHkYvnqjeuydJykTw9
pEUBdEdtLsTCypC6ONoKKUz0nq+340WnA5fg5DIh5ObTooceYXE/9lYXK8x29ezh
h3ba/PjbCd8FcVbfrA1mnScH1xkFKuzwsBYFoz3VIKwkX1GeOCHTviROWxiTf5b+
6OhiAPByi7VEwmpl6Wj7ZM20cvCk98aFrW4M/IrXhNvi2HQfXzCbxt6HS5qmuU+S
xzUxClY3HhGLdM7ZXSnYVZ43t0ESL7gvbBcx0064zG7yvjEg1pXWBRnzOsJqHyoj
ZYVoCHu6iDhKb/9DwX9WpKKfh04ee3F9o7Rjofv7fFzz6zIXEMTWpgImHvEClcrs
YbYoVttgAb3biF8BqkfTwRpt5nmYv6trpOvD4A1jIK3DaOhA8cZm7v8B8ppPbLyy
MjB5RBAypR5soMI1aXX+jyF6JQB770QZQWC2yiruxuYkhXAZVGI=
=369D
-----END PGP SIGNATURE-----
Alexander Bokovoy (1):
IPA DC: add missing checks
Andreas Schneider (11):
testprogs: Use new cmdline option for kerberos
lib:cmdline: Fix -k option which doesn't expect anything
auth:creds: Guess the username first via getpwuid(my_id)
s3:winbind: Fix possible NULL pointer dereference
testprogs: Add rpcclient schannel tests
s3:rpc_client: Remove trailing white spaces from cli_pipe.c
s3:rpcclient: Remove trailing white spaces in rpcclient.c
s3:libnet: Remove tailing whitespaces in libnet_join.c
s3:libsmb: Remove trailing white spaces from passchange.c
s3:rpc_client: Add remote name and socket to
cli_rpc_pipe_open_bind_schannel()
libcli:auth: Allow to connect to netlogon server offering only AES
Andrew Bartlett (6):
CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named
based lookup fails
CVE-2021-3670 ldb: Confirm the request has not yet timed out in ldb
filter processing
CVE-2021-3670 ldap_server: Remove duplicate print of LDAP search details
CVE-2021-3670 dsdb/anr: Do a copy of the potentially anr query before
starting to modify it
CVE-2021-3670 ldap_server: Clearly log LDAP queries and timeouts
dsdb: Use DSDB_SEARCH_SHOW_EXTENDED_DN when searching for the local
replicated object
Andrew Walker (1):
s3:modules:recycle - fix crash in recycle_unlink_internal
Günther Deschner (5):
s3-winexe: Fix winexe core dump (use-after-free)
s3:rpc_client: Pass remote name and socket to cli_rpc_pipe_open()
s3:rpc_client: Pass remote name and socket to
cli_rpc_pipe_open_noauth_transport()
s3:rpc_client: Pass remote name and socket to
cli_rpc_pipe_open_with_creds()
s3:rpc_client: Pass remote name and socket to
cli_rpc_pipe_open_schannel_with_creds()
Jeremy Allison (12):
s3: smbd: Add two tests showing recursive directory delete of a directory
containing veto file and msdfs links over SMB2.
s3: smbd: Fix recursive directory delete of a directory containing veto
file and msdfs links.
s3: smbd: Add two tests showing the ability to delete a directory
containing a dangling symlink over SMB2 depends on "delete veto files" setting.
s3: VFS: streams_depot. Allow unlinkat to cope with dangling symlinks.
s3: VFS: xattr_tdb. Allow unlinkat to cope with dangling symlinks.
s3: smbd: Fix rmdir_internals() to do an early return if
lp_delete_veto_files() is not set.
s3: smbd: Fix logic in rmdir_internals() to cope with dangling symlinks.
s3: smbd: Fix logic in can_delete_directory_fsp() to cope with dangling
symlinks.
s3: docs-xml: Clarify the "delete veto files" paramter.
s3: smbd: dirfsp is being used uninitialized inside rmdir_internals().
s3: smbtorture3: Add test for setting delete on close on a directory,
then creating a file within to see if delete succeeds.
s3: smbd: Ensure in the directory scanning loops inside rmdir_internals()
we don't overwrite the 'ret' variable.
Joseph Sutton (7):
CVE-2020-25717: tests/krb5: Add method to automatically obtain server
credentials
CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make room
for new accounts
CVE-2020-25717: selftest: turn ad_member_no_nss_wb into
ad_member_idmap_nss
CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to SIDs
CVE-2021-3670 tests/krb5/test_ldap.py: Add test for LDAP timeouts
CVE-2021-3670 ldap_server: Set timeout on requests based on
MaxQueryDuration
CVE-2021-3670 ldap_server: Ensure value of MaxQueryDuration is greater
than zero
Jule Anger (2):
WHATSNEW: Add release notes for Samba 4.15.3.
VERSION: Disable GIT_SNAPSHOT for the 4.15.3 release.
Martin Schwenke (2):
bootstrap: Add Debian 11
bootstrap: Debian 11 has liburing-dev
Ralph Boehme (21):
lib: add NTTIME_THAW
lib: fix null_nttime() tests
lib: use NTTIME_FREEZE in a null_nttime() test
lib: update null_nttime() of -1: -1 is NTTIME_FREEZE
lib: add a test for null_nttime(NTTIME_THAW)
torture: add a test for NTTIME_FREEZE and NTTIME_THAW
lib: handle NTTIME_THAW in nt_time_to_full_timespec()
CI: add a test for bug 14882
lib/dbwrap: reset deleted record to tdb_null
vfs_fruit: remove a fsp check from ad_fset()
source3: move lib/substitute.c functions out of proto.h
samba-bgqd: fix startup and logging
winbindd: remove is_default_dyn_LOGFILEBASE() logic
lib/debug: fix fd check before dup'ing to stderr
lib/debug: in debug_set_logfile() call reopen_logs_internal()
lib/cmdline: fix indentation
lib/cmdline: remember config_type in samba_cmdline_init()
lib/cmdline: setup default file logging for servers
smbd: get rid of get_file_handle_for_metadata()
CVE-2020-25717: s3-auth: fix MIT Realm regression
smbd: s3-dsgetdcname: handle num_ips == 0
Stefan Metzmacher (15):
VERSION: Bump version up to Samba 4.15.3...
s3/libsmb: check for global parametric option "libsmb:client_guid"
s3:winbindd: fix "allow trusted domains = no" regression
CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to the
configured domain
libcli/smb: split out smb2cli_raw_tcon* from smb2cli_tcon*
s4:torture/smb2: add smb2.ioctl.bug14788.VALIDATE_NEGOTIATE
smb2_server: make sure in_ctl_code = IVAL(body, 0x04); reads valid bytes
smb2_server: decouple IOCTL check from signing/encryption states
smb2_server: skip tcon check and chdir_current_service() for
FSCTL_VALIDATE_NEGOTIATE_INFO
s4:torture/smb2: test FSCTL_QUERY_NETWORK_INTERFACE_INFO with
BUFFER_TOO_SMALL
smb2_ioctl: return BUFFER_TOO_SMALL in smbd_smb2_request_ioctl_done()
s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO gives
INVALID_PARAMETER with invalid file ids
smb2_server: don't let SMB2_OP_IOCTL force FILE_CLOSED for invalid file
ids
s4:torture/smb2: FSCTL_QUERY_NETWORK_INTERFACE_INFO should work on noperm
share
smb2_server: skip tcon check and chdir_current_service() for
FSCTL_QUERY_NETWORK_INTERFACE_INFO
Volker Lendecke (4):
selftest: Add reproducer for bug 14908
lib: Add required includes to source3/include/secrets.h
cmdline: Add a callback to set the machine account details
cmdline: Make -P work in clustered mode
-----------------------------------------------------------------------
--
Samba Shared Repository
