[SCM] Samba Shared Repository - annotated tag samba-4.16.4 created

Jule Anger Wed, 27 Jul 2022 03:01:16 -0700

The annotated tag, samba-4.16.4 has been created
        at  e0d6e97e1f3a26a0258f61b4074684b7ca9dc85d (tag)
   tagging  9618af1b66aa7503e02b25c9a0bb5b1f31baffbc (commit)
  replaces  ldb-2.5.2
 tagged by  Jule Anger
        on  Wed Jul 27 09:21:14 2022 +0200


- Log -----------------------------------------------------------------
samba: tag release samba-4.16.4
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmLg52oACgkQqplEL7aA
tiCzthAAiazYyt3KGpriOgtIpkVH/UgkWsk2OY2yLRNNEZwPcc+Ok6TdQiAYO0gK
mjAYbzq6/h4bShGbqa/KcNKbkJDSh+wrwX9vmMqSTd4Fmtc02099PzPAwCB/spug
cBu/5BbAs6+UWPytlSMYi4ByF1WMQz7kmtEfZuWOHBlAGtV967sKCSzuCoHlpJl4
IvQkRw9BytNkJa9/uuTRxbtxoy5MnRr2MRGcT1HVakalI48+yNslngmrXWXmPMIs
jpPmEZNDRyTJ7Bdd0pzF+hiT/8+drK3fEsN4W/aAxMF9tacXz6yd24CisWNroZZA
sBNcpN7//Fx+1iIiwP5K9Flae8un1/+85i/ajvV6oyAPxoQOWG7bPjs557MpHdA3
ra+zdt2GpesNAg0Rzo08uZ7g2qmAcpzkZB8/j/1vQQeGR/dj+raHfZaWfGTQ0G+S
mYq7Li+jpZcVAo1JY/yrBK8vnTn10/W3Cj7G/nQWfnKWt6LPmyF/zFe4mZvkH+Pt
HE7zcQ/DB1frQzjgcNxCpmNr9HeDDXEBvm2zpPxycoGrPDTbJljvTYrNUFI5kggW
Akwoe1uJ60CH9A5pfIiWonsUMoexWvIXJGlPGbHLvD28GIQNaQCLU86MvARBSSj3
kIYtVlOVNjpXyc1SggqbRNtMvds/Yn+TP9x5LRus9/sDy6YKH1E=
=ls1N
-----END PGP SIGNATURE-----

Andreas Schneider (4):
      s4:kdc: Also cannoicalize krbtgt principals when enforcing 
canonicalization
      CVE-2022-2031 testprogs: Fix auth with smbclient and krb5 ccache
      CVE-2022-2031 testprogs: Add kadmin/changepw canonicalization test with 
MIT kpasswd
      CVE-2022-2031 s4:kdc: Implement is_kadmin_changepw() helper function

Jeremy Allison (2):
      CVE-2022-32742: s4: torture: Add raw.write.bad-write test.
      CVE-2022-32742: s3: smbd: Harden the smbreq_bufrem() macro.

Joseph Sutton (48):
      CVE-2022-32745 s4/dsdb/samldb: Check for empty values array
      CVE-2022-32745 s4/dsdb/util: Use correct value for loop count limit
      CVE-2022-32745 s4/dsdb/util: Don't call memcpy() with a NULL pointer
      CVE-2022-32745 s4/dsdb/util: Correctly copy values into message element
      tests/krb5: Add helper function to modify ticket flags
      selftest: Simplify krb5 test environments
      CVE-2022-2031 s4:kdc: Add MIT support for ATTRIBUTES_INFO and 
REQUESTER_SID PAC buffers
      CVE-2022-2031 third_party/heimdal: Check generate_pac() return code
      CVE-2022-2031 s4:kpasswd: Account for missing target principal
      CVE-2022-2031 s4:kpasswd: Add MIT fallback for decoding setpw structure
      CVE-2022-32744 tests/krb5: Correctly handle specifying account kvno
      CVE-2022-2031 tests/krb5: Split out _make_tgs_request()
      CVE-2022-32744 tests/krb5: Correctly calculate salt for pre-existing 
accounts
      CVE-2022-2031 tests/krb5: Add new definitions for kpasswd
      CVE-2022-2031 tests/krb5: Add methods to create ASN1 kpasswd structures
      CVE-2022-2031 tests/krb5: Add 'port' parameter to connect()
      CVE-2022-2031 tests/krb5: Add methods to send and receive generic messages
      tests/krb5: Fix enum typo
      tests/krb5: Add option for creating accounts with expired passwords
      CVE-2022-2031 tests/krb5: Allow requesting a TGT to a different sname and 
realm
      CVE-2022-2031 tests/krb5: Add kpasswd_exchange() method
      CVE-2022-32744 selftest: Specify Administrator kvno for Python krb5 tests
      CVE-2022-2031 tests/krb5: Add tests for kpasswd service
      CVE-2022-2031 s4:kpasswd: Correctly generate error strings
      CVE-2022-2031 s4:kpasswd: Don't return AP-REP on failure
      CVE-2022-2031 lib:krb5_wrap: Generate valid error codes in 
smb_krb5_mk_error()
      CVE-2022-2031 s4:kpasswd: Return a kpasswd error code in KRB-ERROR
      CVE-2022-2031 gensec_krb5: Add helper function to check if client sent an 
initial ticket
      CVE-2022-2031 s4:kpasswd: Require an initial ticket
      s4:kpasswd: Restructure code for clarity
      CVE-2022-2031 s4:kdc: Split out a samba_kdc_get_entry_principal() function
      CVE-2022-2031 s4:kdc: Refactor samba_kdc_get_entry_principal()
      CVE-2022-2031 s4:kdc: Fix canonicalisation of kadmin/changepw principal
      CVE-2022-2031 s4:kdc: Limit kpasswd ticket lifetime to two minutes or less
      CVE-2022-2031 third_party/heimdal: Add function to get current KDC time
      CVE-2022-2031 s4:kdc: Reject tickets during the last two minutes of their 
life
      CVE-2022-32744 s4:kdc: Don't allow HDB keytab iteration
      CVE-2022-2031 tests/krb5: Test truncated forms of server principals
      CVE-2022-2031 s4:kdc: Don't use strncmp to compare principal components
      CVE-2022-32744 s4:kdc: Rename keytab_name -> kpasswd_keytab_name
      s4:kdc: Remove kadmin mode from HDB plugin
      CVE-2022-32744 s4:kdc: Modify HDB plugin to only look up kpasswd principal
      CVE-2022-32744 s4:kpasswd: Ensure we pass the kpasswd server principal 
into krb5_rd_req_ctx()
      CVE-2022-2031 tests/krb5: Add test that we cannot provide a TGT to kpasswd
      CVE-2022-2031 auth: Add ticket type field to auth_user_info_dc and 
auth_session_info
      CVE-2022-2031 s4:auth: Use PAC to determine whether ticket is a TGT
      CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd tickets
      CVE-2022-2031 testprogs: Add test for short-lived ticket across an 
incoming trust

Jule Anger (2):
      WHATSNEW: Add release notes for Samba 4.16.4.
      VERSION: Disable GIT_SNAPSHOT for the 4.16.4 release.

-----------------------------------------------------------------------


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - annotated tag samba-4.16.4 created

Reply via email to