[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6f073f258f1 s3:rpc_server: Fix double blackslash issue in dfs path via 8c10f539286 s3:rpc_server: Initialize consumedcnt to 0 in _dfs_GetInfo() via 2af9c65f2a1 s3:tests: Add rpcclient 'dfsgetinfo' test from 083fe1c28c6 smbd: call exit_server_cleanly() to avoid panicking https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6f073f258f1f4f03a8eb568ea05be78fdbec49eb Author: Pavel Filipenský Date: Tue Jun 20 16:24:55 2023 +0200 s3:rpc_server: Fix double blackslash issue in dfs path BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400 Signed-off-by: Pavel Filipenský Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Jul 5 20:24:35 UTC 2023 on atb-devel-224 commit 8c10f53928653d02bbb75d6ab05510e87ee97420 Author: Pavel Filipenský Date: Fri Jun 23 10:08:39 2023 +0200 s3:rpc_server: Initialize consumedcnt to 0 in _dfs_GetInfo() Signed-off-by: Pavel Filipenský Reviewed-by: Jeremy Allison commit 2af9c65f2a17ace4e1021b5c8fd6df636c904cfe Author: Pavel Filipenský Date: Fri Jun 23 12:03:30 2023 +0200 s3:tests: Add rpcclient 'dfsgetinfo' test BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400 Signed-off-by: Pavel Filipenský Reviewed-by: Jeremy Allison --- Summary of changes: source3/rpc_server/dfs/srv_dfs_nt.c| 32 ++ source3/script/tests/test_rpcclient_dfs.sh | 7 +++ 2 files changed, 31 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/dfs/srv_dfs_nt.c b/source3/rpc_server/dfs/srv_dfs_nt.c index 7b5119bbaf7..8eaa59a8b0e 100644 --- a/source3/rpc_server/dfs/srv_dfs_nt.c +++ b/source3/rpc_server/dfs/srv_dfs_nt.c @@ -63,6 +63,7 @@ WERROR _dfs_Add(struct pipes_struct *p, struct dfs_Add *r) char *altpath = NULL; NTSTATUS status; TALLOC_CTX *ctx = talloc_tos(); + const char *pathnamep = r->in.path; if (session_info->unix_token->uid != sec_initial_uid()) { DEBUG(10,("_dfs_add: uid != 0. Access denied.\n")); @@ -84,10 +85,15 @@ WERROR _dfs_Add(struct pipes_struct *p, struct dfs_Add *r) return WERR_NOT_ENOUGH_MEMORY; } + while (IS_DIRECTORY_SEP(pathnamep[0]) && + IS_DIRECTORY_SEP(pathnamep[1])) { + pathnamep++; + } + /* The following call can change the cwd. */ status = get_referred_path(ctx, session_info, - r->in.path, + pathnamep, remote_address, local_address, jn, &consumedcnt, &self_ref); @@ -141,6 +147,7 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct dfs_Remove *r) TALLOC_CTX *ctx = talloc_tos(); char *altpath = NULL; NTSTATUS status; + const char *pathnamep = r->in.dfs_entry_path; if (session_info->unix_token->uid != sec_initial_uid()) { DEBUG(10,("_dfs_remove: uid != 0. Access denied.\n")); @@ -166,9 +173,14 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct dfs_Remove *r) r->in.dfs_entry_path, r->in.servername, r->in.sharename)); } + while (IS_DIRECTORY_SEP(pathnamep[0]) && + IS_DIRECTORY_SEP(pathnamep[1])) { + pathnamep++; + } + status = get_referred_path(ctx, session_info, - r->in.dfs_entry_path, + pathnamep, remote_address, local_address, jn, &consumedcnt, &self_ref); @@ -390,20 +402,25 @@ WERROR _dfs_GetInfo(struct pipes_struct *p, struct dfs_GetInfo *r) dcesrv_connection_get_remote_address(dcesrv_conn); struct auth_session_info *session_info = dcesrv_call_session_info(dce_call); - size_t consumedcnt = strlen(r->in.dfs_entry_path); + size_t consumedcnt = 0; struct junction_map *jn = NULL; bool self_ref = False; TALLOC_CTX *ctx = talloc_tos(); bool ret; NTSTATUS status; + const char *pathnamep = r->in.dfs_entry_path; jn = talloc_zero(ctx, struct junction_map); if (!jn) { return WERR_NOT_ENOUGH_MEMORY; } - ret = create_junction(ctx, r->in.dfs_entry_path, - jn); + while (IS_DIRECTORY_SEP(pathnamep[0]) && + IS_DIRECTORY_SEP(pathnamep[1])) { + pathnamep++; + } + +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 083fe1c28c6 smbd: call exit_server_cleanly() to avoid panicking via 50e771c12f8 s3:winbindd: let winbind_samlogon_retry_loop() fallback to NT_STATUS_NO_LOGON_SERVERS via b317b10dffd s3:winbindd: make use of reset_cm_connection_on_error() in winbind_samlogon_retry_loop() via 0cb6de4b1d5 s3:winbindd: let winbind_samlogon_retry_loop() always start with authoritative = 1 via 4ad5a35a3f6 s3:winbindd: make use of reset_cm_connection_on_error() for winbindd_lookup_{names,sids}() via cb59fd43bbf s3:winbindd: call reset_cm_connection_on_error() in wb_cache_query_user_list() from d2940694c6a ctdb-tests: Run ShellCheck on event-script unit test support scripts https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 083fe1c28c6ec69cbd15d8cc2f7f06b1b630f2bc Author: Ralph Boehme Date: Wed Jul 5 11:33:58 2023 +0200 smbd: call exit_server_cleanly() to avoid panicking The parent smdb forwards SIGTERM to its process group in order to kill all children like the scavenger. This happens from a function registered via atexit() which means the signal forwarding is happening very briefly before the main smbd process exits. When exiting the pipe between smbd and scavenger is closed which triggers a file event in the scavenger. However, due to kernel sheduling it is possible that the file descriptor event is received before the signal, where we call exit_server() which call smb_panic() at the end. Change the exit to exit_server_cleanly() and just log this event at level 2 which we already do. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15275 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Wed Jul 5 13:14:08 UTC 2023 on atb-devel-224 commit 50e771c12f84f9268c2e9ddeef0965f79f85de3d Author: Stefan Metzmacher Date: Tue Jul 4 14:12:03 2023 +0200 s3:winbindd: let winbind_samlogon_retry_loop() fallback to NT_STATUS_NO_LOGON_SERVERS When we were not able to get a valid response from any DC we should report NT_STATUS_NO_LOGON_SERVERS with authoritative = 1. This matches what windows does. In a chain of transitive trusts the ACCESS_DENIED/authoritative=0 is not propagated, instead NT_STATUS_NO_LOGON_SERVERS/authoritative=1 is passed along the chain if there's no other DC is available. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider Reviewed-by: Volker Lendecke commit b317b10dffd99d1add3ff0b85b958edd9639abc8 Author: Stefan Metzmacher Date: Tue Jul 4 13:01:24 2023 +0200 s3:winbindd: make use of reset_cm_connection_on_error() in winbind_samlogon_retry_loop() Note this is more than a simple invalidate_cm_connection() as it may set domain->conn.netlogon_force_reauth = true, which is important in order to recover from NT_STATUS_RPC_SEC_PKG_ERROR errors. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider Reviewed-by: Volker Lendecke commit 0cb6de4b1d5410f3699172952be81c6eb75c2c86 Author: Stefan Metzmacher Date: Wed Feb 16 14:19:16 2022 +0100 s3:winbindd: let winbind_samlogon_retry_loop() always start with authoritative = 1 Otherwise we could treat a local problem as non-authoritative. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider Reviewed-by: Volker Lendecke commit 4ad5a35a3f67860aa7a1345efcfc92fe40578e31 Author: Stefan Metzmacher Date: Tue Jul 4 12:32:34 2023 +0200 s3:winbindd: make use of reset_cm_connection_on_error() for winbindd_lookup_{names,sids}() Note this is more than a simple invalidate_cm_connection() as it may set domain->conn.netlogon_force_reauth = true. This is not strictly needed as the callers call reset_cm_connection_on_error() via reconnect_need_retry(). But it might avoid one roundtrip. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider Reviewed-by: Volker Lendecke commit cb59fd43bbf758e4bad774cfc19ef87b157052c2 Author: Stefan Metzmacher Date: Tue Jul 4 12:32:34 2023 +0200 s3:winbindd: call reset_cm_connection_on_error() in wb_cache_query_user_list() This is mostly for consistency, every remote call should call reset_cm_connection_on_error(). Note this is more than a simple invalidate_cm_connection() as it may set domain->conn.netlogon_force_reauth = true. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d2940694c6a ctdb-tests: Run ShellCheck on event-script unit test support scripts via b2026e92d68 ctdb-tests: Avoid ShellCheck warnings via a45a76fd19c ctdb-tests: Avoid ShellCheck warning SC2059 via 58a117d3d57 ctdb-tests: Avoid ShellCheck warnings SC2046, SC2005 via 1190c91090a ctdb-tests: Drop unreachable code via cbda1a78dc8 ctdb-tests: Reformat with "shfmt -w -p -i 0 -fn" via 7813c979edb ctdb-tests: Drop unused test code for tunables via 92f17474484 ctdb-tests: Avoid ShellCheck warning SC2086 via 37105addecc ctdb-scripts: Avoid ShellCheck warnings SC2317, SC2086 via aeb5b0adfa7 ctdb-tools: Avoid ShellCheck warning SC2317 from 6965e77268e s3:libads: re-initialize num_requests to 0 for cldap_ping_list retries https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d2940694c6a1d7a842d5d91792f36974846da4e0 Author: Martin Schwenke Date: Mon Jul 3 12:02:36 2023 +1000 ctdb-tests: Run ShellCheck on event-script unit test support scripts Signed-off-by: Martin Schwenke Reviewed-by: Andreas Schneider Autobuild-User(master): Martin Schwenke Autobuild-Date(master): Wed Jul 5 12:16:57 UTC 2023 on atb-devel-224 commit b2026e92d68c12e0b6169742954a706b6faa7bf8 Author: Martin Schwenke Date: Mon Jul 3 09:32:26 2023 +1000 ctdb-tests: Avoid ShellCheck warnings These are all trivial, so handle them in bulk. * Change code to avoid (approximately sorted by frequency): SC2004 $/${} is unnecessary on arithmetic variables. SC2086 Double quote to prevent globbing and word splitting. SC2162 read without -r will mangle backslashes. SC2254 Quote expansions in case patterns to match literally rather than as a glob. SC2154 (warning): is referenced but not assigned. SC3037 (warning): In POSIX sh, echo flags are undefined. SC2016 (info): Expressions don't expand in single quotes, use double quotes for that. SC2069 (warning): To redirect stdout+stderr, 2>&1 must be last (or use '{ cmd > file; } 2>&1' to clarify). SC2124 (warning): Assigning an array to a string! Assign as array, or use * instead of @ to concatenate. SC2166 (warning): Prefer [ p ] && [ q ] as [ p -a q ] is not well defined. SC2223 (info): This default assignment may cause DoS due to globbing. Quote it. * Locally disable checks: SC2034 (warning): appears unused. Verify use (or export if used externally). SC2086 (info): Double quote to prevent globbing and word splitting. [once] SC2120 (warning): references arguments, but none are ever passed. SC2317 (info): Command appears to be unreachable. Check usage (or ignore if invoked indirectly). While touching reads for SC2162, switch unused variables to "_" instead of "_x", which seems to be preferred by ShellCheck. Signed-off-by: Martin Schwenke Reviewed-by: Andreas Schneider commit a45a76fd19ce486049583e1e7435320be40f9ef9 Author: Martin Schwenke Date: Tue Jul 4 10:30:05 2023 +1000 ctdb-tests: Avoid ShellCheck warning SC2059 SC2059 (info): Don't use variables in the printf format string. Use printf '..%s..' "$foo". Move the format string to the function and just parameterise the share type. Signed-off-by: Martin Schwenke Reviewed-by: Andreas Schneider commit 58a117d3d57de416b946c91bf78107d507616e63 Author: Martin Schwenke Date: Mon Jul 3 11:54:15 2023 +1000 ctdb-tests: Avoid ShellCheck warnings SC2046, SC2005 In ./tests/UNIT/eventscripts/scripts/local.sh line 328: echo $(ctdb ifaces -X | awk -F'|' 'FNR > 1 {print $2}') ^-- SC2046 (warning): Quote this to prevent word splitting. ^-- SC2005 (style): Useless echo? Instead of 'echo $(cmd)', just use 'cmd'. Use xargs to get output on 1 line. Signed-off-by: Martin Schwenke Reviewed-by: Andreas Schneider commit 1190c91090a0b2ea718ebc5a48860d4362bf4c41 Author: Martin Schwenke Date: Mon Jul 3 11:42:56 2023 +1000 ctdb-tests: Drop unreachable code This generates ShellCheck warnings: In ./tests/UNIT/eventscripts/scripts/60.nfs.sh line 412: if [ -n "$service_check_cmd" ]; then ^^ SC2031 (info): service_check_cmd was modified in a subshell. That change might be lost. In ./tests/UNIT/eventscripts/scripts/60.nfs.sh line 413: if eval "$service_check_cmd"; then ^^ SC2031 (info): service_check_cmd was modified in a subshell. That change might be lost. service_check_cmd will never be set here because it is only set in a sub-shell in rp
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via cbef3ec NEWS[4.18.4]: Samba 4.18.4 Available for Download from f09ac97 NEWS[4.18.3]: Samba 4.18.3 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit cbef3ec36079d6f7d705961801cd699b9ec31c9a Author: Jule Anger Date: Wed Jul 5 13:27:45 2023 +0200 NEWS[4.18.4]: Samba 4.18.4 Available for Download Signed-off-by: Jule Anger --- Summary of changes: history/header_history.html | 1 + history/samba-4.18.4.html| 69 posted_news/20230705-113408.4.18.4.body.html | 13 + posted_news/20230705-113408.4.18.4.headline.html | 3 ++ 4 files changed, 86 insertions(+) create mode 100644 history/samba-4.18.4.html create mode 100644 posted_news/20230705-113408.4.18.4.body.html create mode 100644 posted_news/20230705-113408.4.18.4.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index d201e8b..285a0cb 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.18.4 samba-4.18.3 samba-4.18.2 samba-4.18.1 diff --git a/history/samba-4.18.4.html b/history/samba-4.18.4.html new file mode 100644 index 000..b30aa4a --- /dev/null +++ b/history/samba-4.18.4.html @@ -0,0 +1,69 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> +http://www.w3.org/1999/xhtml";> + +Samba 4.18.4 - Release Notes + + +Samba 4.18.4 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.18.4.tar.gz";>Samba 4.18.4 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.18.4.tar.asc";>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.18.3-4.18.4.diffs.gz";>Patch (gzipped) against Samba 4.18.3 +https://download.samba.org/pub/samba/patches/samba-4.18.3-4.18.4.diffs.asc";>Signature + + + + == + Release Notes for Samba 4.18.4 + July 05, 2023 + == + + +This is the latest stable release of the Samba 4.18 release series. + + +Changes since 4.18.3 + + +o Douglas Bagnall <douglas.bagn...@catalyst.net.nz> + * BUG 15404: Backport --pidl-developer fixes. + +o Samuel Cabrero <scabr...@samba.org> + * BUG 14030: Named crashes on DLZ zone update. + +o Björn Jacke <b...@sernet.de> + * BUG 2312: smbcacls and smbcquotas do not check // before the server. + +o Volker Lendecke <v...@samba.org> + * BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers. + * BUG 15391: smbclient leaks fds with showacls. + * BUG 15402: smbd returns NOT_FOUND when creating files on a r/o filesystem. + +o Stefan Metzmacher <me...@samba.org> + * BUG 15355: NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and + causes test timeouts. + +o Noel Power <noel.po...@suse.com> + * BUG 15384: net ads lookup (with unspecified realm) fails. + +o Christof Schmitt <c...@samba.org> + * BUG 15381: Register Samba processes with GPFS. + +o Andreas Schneider <a...@samba.org> + * BUG 15390: Python tarfile extraction needs change to avoid a warning + (CVE-2007-4559 mitigation). + * BUG 15398: The winbind child segfaults when listing users with `winbind + scan trusted domains = yes`. + +o Jones Syue <joness...@qnap.com> + * BUG 15383: Remove comments about deprecated 'write cache size'. + * BUG 15403: smbget memory leak if failed to download files recursively. + + + + + + diff --git a/posted_news/20230705-113408.4.18.4.body.html b/posted_news/20230705-113408.4.18.4.body.html new file mode 100644 index 000..756313b --- /dev/null +++ b/posted_news/20230705-113408.4.18.4.body.html @@ -0,0 +1,13 @@ + +05 July 2023 +Samba 4.18.4 Available for Download + +This is the latest stable release of the Samba 4.18 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/stable/samba-4.18.4.tar.gz";>downloaded now. +A https://download.samba.org/pub/samba/patches/samba-4.18.3-4.18.4.diffs.gz";>patch against Samba 4.18.3 is also available. +See https://www.samba.org/samba/history/samba-4.18.4.html";>the release notes for more info. + + diff --git a/posted_news/20230705-113408.4.18.4.headline.html b/posted_news/20230705-113408.4.18.4.headline.html new file mode 100644 index 000..90ba14d --- /dev/nu
[SCM] Samba Shared Repository - branch v4-18-stable updated
The branch, v4-18-stable has been updated via 273696dc5d4 VERSION: Disable GIT_SNAPSHOT for the 4.18.4 release. via bcdc186bb67 WHATSNEW: Add release notes for Samba 4.18.4. via d4b86186d29 selftest:Samba3: use the correct NSS_WRAPPER_HOSTNAME via d35c773e969 pidl: avoid py compile issues with --pidl-developer via 29c08b5891d s3:utils: smbget fix a memory leak via 694829f1872 smbd: Don't mask open error if fstatat() fails via 5d040beed2c tests: Show smbd returns wrong error code when creating on r/o fs via 14cbe1b8671 error_inject: Enable returning EROFS for O_CREAT via 3350e196a7e error_inject: map EROFS via ccb235c2f4e vfs_gpfs: Register smbd process with GPFS via 2492a18d762 gpfswrap: Add wrapper for gpfs_register_cifs_export via fe17ff2cfc4 s3:winbind: Fix talloc parent in find_dc() leading to a segfault via a6edfaa4985 python:safe_tarfile: Improve safe extract() via b7cad429a52 python:safe_tarfile: Implement safer extractall() via eff4e88d2cc python:safe_tarfile: Set extraction_filter for pythons providing it via 4a79ee44c31 python:tests: Adopt safe_tarfile for extraction_filter raises via d2c86925f62 s3/utils: avoid erronous NO MEMORY detection via c7e3c042fbc smbcacls/smbcquotas: check for valid UNC path via c4968128b7f smbclient: Fix fd leak with "showacls;ls" via d49f9f4be7d smbd: remove comments about deprecated 'write cache size' via 3662ddaadc9 libsmb: Fix directory listing against old servers via ad3f78b4ab6 tests: Show that we 100% loop in cli_list_old_recv() via 6f0d17e1210 tests: Make timelimit available to test scripts via af4d536ad20 s4:dnsserver: Rename dns_name_equal() to samba_dns_name_equal() via fcf2e89167f VERSION: Bump version up to Samba 4.18.4... from 897e67a7cf8 VERSION: Disable GIT_SNAPSHOT for the 4.18.3 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 73 - docs-xml/smbdotconf/locking/smb2leases.xml | 2 - docs-xml/smbdotconf/tuning/aioreadsize.xml | 2 +- docs-xml/smbdotconf/tuning/aiowritesize.xml | 2 +- lib/util/gpfswrap.c | 12 + lib/util/gpfswrap.h | 1 + pidl/lib/Parse/Pidl/Samba4/Python.pm| 8 ++-- python/samba/safe_tarfile.py| 73 - python/samba/tests/safe_tarfile.py | 27 --- selftest/selftesthelpers.py | 1 + selftest/target/Samba3.pm | 4 +- source3/client/client.c | 1 + source3/libsmb/clilist.c| 6 +++ source3/modules/vfs_error_inject.c | 20 source3/modules/vfs_gpfs.c | 6 +++ source3/script/tests/test_old_dirlisting.sh | 28 +++ source3/script/tests/test_rofs.sh | 34 ++ source3/selftest/tests.py | 13 + source3/smbd/open.c | 9 source3/smbd/smb2_read.c| 1 - source3/utils/net_ads.c | 10 ++-- source3/utils/smbcacls.c| 5 ++ source3/utils/smbcquotas.c | 5 ++ source3/utils/smbget.c | 1 + source3/winbindd/winbindd_cm.c | 2 +- source4/dns_server/dns_crypto.c | 2 +- source4/dns_server/dns_update.c | 4 +- source4/dns_server/dnsserver_common.c | 21 + source4/dns_server/dnsserver_common.h | 2 +- source4/rpc_server/dnsserver/dnsutils.c | 2 +- source4/torture/dns/dlz_bind9.c | 8 ++-- 32 files changed, 334 insertions(+), 53 deletions(-) create mode 100755 source3/script/tests/test_old_dirlisting.sh create mode 100755 source3/script/tests/test_rofs.sh Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 93ebe2430aa..35e338ed4d5 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=18 -SAMBA_VERSION_RELEASE=3 +SAMBA_VERSION_RELEASE=4 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 01c121a8e48..c5dbc985f28 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,73 @@ + == + Release Notes for Samba 4.18.4 + July 05, 2023 + == + + +This is the latest stable release of the Samba 4.1
[SCM] Samba Shared Repository - annotated tag samba-4.18.4 created
The annotated tag, samba-4.18.4 has been created at f9a1b51ed7e03867e08a5125892dbf18557fc8af (tag) tagging 273696dc5d4c485735cfea0be9e71e28c97ffcf9 (commit) replaces samba-4.18.3 tagged by Jule Anger on Wed Jul 5 13:26:14 2023 +0200 - Log - samba: tag release samba-4.18.4 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmSlU1YACgkQqplEL7aA tiCpsBAArrKikaRNC8DVFABXy4T6Tr90/XUTmg79Rn9BIZtQQUH7xM50BPFXAw19 niiNDwCyu7a4KNuElnh1cO7+m7UBtdX1pfNLqON4wwqwR9oQNzEP1NKxsxQ+WfzP jFohHXo91lc6ESkqSvHcF38XvG4Os/Caj63PWQBksQoYpa/sLmsvg2rMA3HD154f yGQNSIjWCDDNY1lLKQL+iNFjDJqcdBjIfCeSyQZt/MewhYJqKC2mqyL6Z9zygSCe OsqVFxUbL0ECbxl9ZabQX4FheIt0o+fYoRrQ1lY2KthN8oJj9UzzFWdt1X9QrCCp 839pAU8qOLhngSWSA9V9uz1LB5+H3dTvLfKX/G8LTQ/oTIQDP8irc+rD8/B5UoR0 FNJplaHrqfvBwmsA6S6dqMYmysSVCoUqUKqwVG2WGXBBfpxdnjtqScUIRTeGrP6V 3vvs7dtHfocViH1gOOB1ITluChPz2ApcjyjuPOFYw59ZWz2NMZ70xHQNtY0aCq17 hsQyiVEiYWeA4Ln00fEa8F9xZSZjN3CCt2pXiXIg01CEQDJK9rBDHBy9FJquxaeP pwT5sSR7AZrYBtgubcE2Sdj1FZLGfcBZrabag2e/Rkvk+T6wh2ElK8XysjDuPZQv lRxRrUx9hgu7Tm1ohngtEMbzNa+c7xeqW5gXJTkrWZLs4wYkfQE= =rC8U -END PGP SIGNATURE- Andreas Schneider (5): python:tests: Adopt safe_tarfile for extraction_filter raises python:safe_tarfile: Set extraction_filter for pythons providing it python:safe_tarfile: Implement safer extractall() python:safe_tarfile: Improve safe extract() s3:winbind: Fix talloc parent in find_dc() leading to a segfault Björn Jacke (1): smbcacls/smbcquotas: check for valid UNC path Christof Schmitt (2): gpfswrap: Add wrapper for gpfs_register_cifs_export vfs_gpfs: Register smbd process with GPFS Douglas Bagnall (1): pidl: avoid py compile issues with --pidl-developer Jones Syue (2): smbd: remove comments about deprecated 'write cache size' s3:utils: smbget fix a memory leak Jule Anger (3): VERSION: Bump version up to Samba 4.18.4... WHATSNEW: Add release notes for Samba 4.18.4. VERSION: Disable GIT_SNAPSHOT for the 4.18.4 release. Noel Power (1): s3/utils: avoid erronous NO MEMORY detection Samuel Cabrero (1): s4:dnsserver: Rename dns_name_equal() to samba_dns_name_equal() Stefan Metzmacher (1): selftest:Samba3: use the correct NSS_WRAPPER_HOSTNAME Volker Lendecke (8): tests: Make timelimit available to test scripts tests: Show that we 100% loop in cli_list_old_recv() libsmb: Fix directory listing against old servers smbclient: Fix fd leak with "showacls;ls" error_inject: map EROFS error_inject: Enable returning EROFS for O_CREAT tests: Show smbd returns wrong error code when creating on r/o fs smbd: Don't mask open error if fstatat() fails --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6965e77268e s3:libads: re-initialize num_requests to 0 for cldap_ping_list retries from bf7fbf7e2b6 s3-net: no secrets access required when processing a ODJ provisioning https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6965e77268e1abfc21f1793c7cd006444938ac03 Author: Stefan Metzmacher Date: Tue Jul 4 18:07:12 2023 +0200 s3:libads: re-initialize num_requests to 0 for cldap_ping_list retries Commit 8132edf119757ee91070facffef016c93de9c2a6 introduced a retry loop arround cldap_multi_netlogon(), but it forgot to reset num_requests to 0 for the retries. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15416 Signed-off-by: Stefan Metzmacher Reviewed-by: Volker Lendecke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Wed Jul 5 11:17:43 UTC 2023 on atb-devel-224 --- Summary of changes: source3/libads/ldap.c | 1 + 1 file changed, 1 insertion(+) Changeset truncated at 500 lines: diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index a01b1193013..3ba32d0cf44 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -446,6 +446,7 @@ again: * The retry loop is bound by the timeout */ retry = false; + num_requests = 0; for (i = 0; i < count; i++) { char server[INET6_ADDRSTRLEN]; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-18-test updated
The branch, v4-18-test has been updated via f2c18045a57 VERSION: Bump version up to Samba 4.18.5... via 273696dc5d4 VERSION: Disable GIT_SNAPSHOT for the 4.18.4 release. via bcdc186bb67 WHATSNEW: Add release notes for Samba 4.18.4. from d4b86186d29 selftest:Samba3: use the correct NSS_WRAPPER_HOSTNAME https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-test - Log - commit f2c18045a57e95597b4841e704e67b5811454979 Author: Jule Anger Date: Wed Jul 5 12:35:59 2023 +0200 VERSION: Bump version up to Samba 4.18.5... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 273696dc5d4c485735cfea0be9e71e28c97ffcf9 Author: Jule Anger Date: Wed Jul 5 12:35:33 2023 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.18.4 release. Signed-off-by: Jule Anger commit bcdc186bb67ac6889e08b6c534f72ce0cc1461d6 Author: Jule Anger Date: Wed Jul 5 12:34:37 2023 +0200 WHATSNEW: Add release notes for Samba 4.18.4. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 73 ++-- 2 files changed, 72 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index b11e1c9469e..80ff8c0c369 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=18 -SAMBA_VERSION_RELEASE=4 +SAMBA_VERSION_RELEASE=5 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 01c121a8e48..c5dbc985f28 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,73 @@ + == + Release Notes for Samba 4.18.4 + July 05, 2023 + == + + +This is the latest stable release of the Samba 4.18 release series. + + +Changes since 4.18.3 + + +o Douglas Bagnall + * BUG 15404: Backport --pidl-developer fixes. + +o Samuel Cabrero + * BUG 14030: Named crashes on DLZ zone update. + +o Björn Jacke + * BUG 2312: smbcacls and smbcquotas do not check // before the server. + +o Volker Lendecke + * BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers. + * BUG 15391: smbclient leaks fds with showacls. + * BUG 15402: smbd returns NOT_FOUND when creating files on a r/o filesystem. + +o Stefan Metzmacher + * BUG 15355: NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and + causes test timeouts. + +o Noel Power + * BUG 15384: net ads lookup (with unspecified realm) fails. + +o Christof Schmitt + * BUG 15381: Register Samba processes with GPFS. + +o Andreas Schneider + * BUG 15390: Python tarfile extraction needs change to avoid a warning + (CVE-2007-4559 mitigation). + * BUG 15398: The winbind child segfaults when listing users with `winbind + scan trusted domains = yes`. + +o Jones Syue + * BUG 15383: Remove comments about deprecated 'write cache size'. + * BUG 15403: smbget memory leak if failed to download files recursively. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + == Release Notes for Samba 4.18.3 May 31, 2023 @@ -58,8 +128,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- == Release Notes for Samba 4.18.2 April 19, 2023 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-18-test updated
The branch, v4-18-test has been updated via d4b86186d29 selftest:Samba3: use the correct NSS_WRAPPER_HOSTNAME from d35c773e969 pidl: avoid py compile issues with --pidl-developer https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-test - Log - commit d4b86186d293c80682b4e2189b8dbbec4572a9e8 Author: Stefan Metzmacher Date: Wed Apr 12 17:22:02 2023 +0200 selftest:Samba3: use the correct NSS_WRAPPER_HOSTNAME The value of NSS_WRAPPER_HOSTNAME needs to match value we put into the NSS_WRAPPER_HOSTS file. We had a mismatch of idmapridmember.samba.example.com vs. idmapridmember.addom.samba.example.com This causes getaddrinfo() in nss_wrapper to fallback to the libc version, which talks to a dns server. It's not clear if recent glibc code will reach resolve/socket wrapper. So it's not unlikely that idmapridmember.samba.example.com will be passed via the internet, which causes delays up to 20 seconds. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15355 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Wed Apr 12 20:29:05 UTC 2023 on atb-devel-224 (cherry picked from commit 53f0a292f8057a63ddee951058e380b43b9d2916) Autobuild-User(v4-18-test): Jule Anger Autobuild-Date(v4-18-test): Wed Jul 5 10:19:29 UTC 2023 on atb-devel-224 --- Summary of changes: selftest/target/Samba3.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 0556efd4741..ba3268f147c 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -3678,7 +3678,7 @@ jacknomappergroup:x:$gid_jacknomapper:jacknomapper $createuser_env{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd; $createuser_env{NSS_WRAPPER_GROUP} = $nss_wrapper_group; $createuser_env{NSS_WRAPPER_HOSTS} = $nss_wrapper_hosts; - $createuser_env{NSS_WRAPPER_HOSTNAME} = "${hostname}.samba.example.com"; + $createuser_env{NSS_WRAPPER_HOSTNAME} = "${hostname}.${dns_domain}"; if ($ENV{SAMBA_DNS_FAKING}) { $createuser_env{RESOLV_WRAPPER_HOSTS} = $dns_host_file; } else { @@ -3732,7 +3732,7 @@ jacknomappergroup:x:$gid_jacknomapper:jacknomapper $ret{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd; $ret{NSS_WRAPPER_GROUP} = $nss_wrapper_group; $ret{NSS_WRAPPER_HOSTS} = $nss_wrapper_hosts; - $ret{NSS_WRAPPER_HOSTNAME} = "${hostname}.samba.example.com"; + $ret{NSS_WRAPPER_HOSTNAME} = "${hostname}.${dns_domain}"; $ret{NSS_WRAPPER_MODULE_SO_PATH} = Samba::nss_wrapper_winbind_so_path($self); $ret{NSS_WRAPPER_MODULE_FN_PREFIX} = "winbind"; if ($ENV{SAMBA_DNS_FAKING}) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via bf7fbf7e2b6 s3-net: no secrets access required when processing a ODJ provisioning from 0bfdefffc8b s3:include: Fix code spelling https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit bf7fbf7e2b675145e25ce7bffc29abbf44c35540 Author: Günther Deschner Date: Tue Jun 6 11:14:01 2023 +0200 s3-net: no secrets access required when processing a ODJ provisioning It should be possible to call "net offlinejoin provision" as non-root, no access to secrets.tdb required in that case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15414 Guenther Signed-off-by: Guenther Deschner Reviewed-by: Andreas Schneider Autobuild-User(master): Günther Deschner Autobuild-Date(master): Wed Jul 5 09:23:22 UTC 2023 on atb-devel-224 --- Summary of changes: source3/libnet/libnet_join.c | 8 1 file changed, 8 insertions(+) Changeset truncated at 500 lines: diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 3bff7ec1412..b60eb112d0a 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -2369,6 +2369,14 @@ static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx, r->in.admin_account = admin_account; } + if (r->in.provision_computer_account_only) { + /* +* When in the "provision_computer_account_only" path we do not +* need to have access to secrets.tdb at all - gd +*/ + return WERR_OK; + } + if (!secrets_init()) { libnet_join_set_error_string(mem_ctx, r, "Unable to open secrets database"); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0bfdefffc8b s3:include: Fix code spelling via a26c00db11d s4:client: Fix code spelling via ef5ab45be70 s3:auth: Use new debug macros for logging via e57f034f013 s3:auth: Fix code spelling via 60b02126a3c selftest: Fix code spelling via 2bba3ef297f script: Fix code spelling via 3233fc03356 python:tests: Fix code spelling from 3522cddf9cf libcli/smb: Remove unused fallback case for ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0bfdefffc8b269674e4ffeb273170ad68f8efa32 Author: Andreas Schneider Date: Fri Jun 30 12:10:26 2023 +0200 s3:include: Fix code spelling Signed-off-by: Andreas Schneider Reviewed-by: Joseph Sutton Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Wed Jul 5 07:32:15 UTC 2023 on atb-devel-224 commit a26c00db11d9e02b18e7ef9a516eca4a107764d6 Author: Andreas Schneider Date: Fri Jun 30 12:06:20 2023 +0200 s4:client: Fix code spelling Signed-off-by: Andreas Schneider Reviewed-by: Joseph Sutton commit ef5ab45be70469b9471455574ac38e7fb435c043 Author: Andreas Schneider Date: Mon Jul 3 11:19:33 2023 +0200 s3:auth: Use new debug macros for logging Signed-off-by: Andreas Schneider Reviewed-by: Joseph Sutton commit e57f034f013bda65618898f22f3fb0cb903f0d94 Author: Andreas Schneider Date: Fri Jun 30 12:06:01 2023 +0200 s3:auth: Fix code spelling Signed-off-by: Andreas Schneider Reviewed-by: Joseph Sutton commit 60b02126a3c0c05e710ad5be59257e969c0f1e2a Author: Andreas Schneider Date: Fri Jun 30 12:04:33 2023 +0200 selftest: Fix code spelling Signed-off-by: Andreas Schneider Reviewed-by: Joseph Sutton commit 2bba3ef297f5f9a8ff55db0b73da5e9ec253e9cb Author: Andreas Schneider Date: Fri Jun 30 11:57:55 2023 +0200 script: Fix code spelling Signed-off-by: Andreas Schneider Reviewed-by: Joseph Sutton commit 3233fc0335607ee67c1e03b6387d4b3efb0cc24d Author: Andreas Schneider Date: Fri Jun 30 11:56:06 2023 +0200 python:tests: Fix code spelling Signed-off-by: Andreas Schneider Reviewed-by: Joseph Sutton --- Summary of changes: python/samba/tests/dsdb.py | 2 +- script/traffic_replay| 2 +- script/traffic_summary.pl| 8 +++--- selftest/create_smb1_fail_skipfile.txt | 6 ++--- selftest/flapping.d/nbt_dgram| 2 +- selftest/knownfail | 4 +-- selftest/knownfail.d/dns | 2 +- selftest/knownfail.d/samba-4.5-emulation | 2 +- selftest/knownfail_heimdal_kdc | 2 +- selftest/knownfail_mit_kdc | 2 +- selftest/knownfail_mit_kdc_pre_1_20 | 2 +- selftest/manage-ca/manage-ca.sh | 2 +- selftest/ns/mk_nsenter.sh| 2 +- selftest/selftest.pl | 2 +- selftest/target/Samba3.pm| 6 ++--- selftest/todo_smb2_tests_to_port.list| 2 +- source3/auth/auth.c | 46 ++-- source3/auth/auth_builtin.c | 2 +- source3/auth/auth_generic.c | 2 +- source3/auth/auth_util.c | 2 +- source3/auth/auth_winbind.c | 2 +- source3/auth/check_samsec.c | 4 +-- source3/auth/pampass.c | 10 +++ source3/auth/pass_check.c| 2 +- source3/auth/proto.h | 12 - source3/client/clitar.c | 4 +-- source3/include/fake_file.h | 2 +- source3/include/idmap.h | 6 ++--- source3/include/idmap_autorid_tdb.h | 4 +-- source3/include/libsmbclient.h | 20 +++--- source3/include/local.h | 6 ++--- source3/include/messages.h | 4 +-- source3/include/nameserv.h | 2 +- source3/include/passdb.h | 30 ++--- source3/include/smb.h| 2 +- source3/include/vfs.h| 8 +++--- 36 files changed, 112 insertions(+), 106 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/tests/dsdb.py b/python/samba/tests/dsdb.py index d8d9ac1ee3c..37c36d6ab02 100644 --- a/python/samba/tests/dsdb.py +++ b/python/samba/tests/dsdb.py @@ -1189,7 +1189,7 @@ class DsdbStartUpTests(TestCase): lp = samba.tests.env_loadparm() path = lp.configfile -# This is to avoid a tatoo of the global state +# This is to avoid a tattoo of the global state self.lp = LoadParm(filename_for_non_global_lp=path) self.creds = Credentials() self.creds.guess(self.lp) diff