[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 7289e15 support/globalsupport.html: update my description from 2896b86 support/globalsupport.html: Order SerNet colleagues by name. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 7289e15f747fb618a7ff07a8c5bb5523a0af09c7 Author: Ralph Boehme Date: Wed Sep 8 09:57:35 2021 +0200 support/globalsupport.html: update my description --- Summary of changes: support/globalsupport.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/support/globalsupport.html b/support/globalsupport.html index aa4982f..1f733c1 100644 --- a/support/globalsupport.html +++ b/support/globalsupport.html @@ -82,7 +82,7 @@ Members of the core http://samba.TEAM; target=_blank>samba.TEAM wor mailto:b...@samba.org>Bjrn Baumbach is maintainer of SAMBA+ and fixes numerous Samba bugs. -mailto:r...@samba.org>Ralph Bhme is maintainer of Netatalk and implements its features to Samba. +mailto:s...@samba.org>Ralph Bhme works on the Samba fileserver and is the team lead of the SerNet Samba team. mailto:b...@samba.org>Bjrn Jacke is Samba expert since almost ever and integrated Samba in networks of all sizes. -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 2896b86 support/globalsupport.html: Order SerNet colleagues by name. from c5678e5 support/globalsupport.html: Add Jule, Samba's new release manager. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 2896b861db677af997ac3218981d859ebf399f96 Author: Karolin Seeger Date: Tue Sep 7 13:34:59 2021 +0200 support/globalsupport.html: Order SerNet colleagues by name. Signed-off-by: Karolin Seeger --- Summary of changes: support/globalsupport.html | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/support/globalsupport.html b/support/globalsupport.html index a1d0105..aa4982f 100644 --- a/support/globalsupport.html +++ b/support/globalsupport.html @@ -79,18 +79,18 @@ Members of the core http://samba.TEAM; target=_blank>samba.TEAM wor mailto:j...@samba.org>Jule Anger works as release manager for the Samba team. -mailto:v...@samba.org>Volker Lendecke, one of the first Samba Team members, is one of the founders of SerNet. - -mailto:me...@samba.org>Stefan Metzmacher works on ActiveDirectory and security, he is one of the main Samba 4 authors. +mailto:b...@samba.org>Bjrn Baumbach is maintainer of SAMBA+ and +fixes numerous Samba bugs. mailto:r...@samba.org>Ralph Bhme is maintainer of Netatalk and implements its features to Samba. -mailto:k...@samba.org>Karolin Seeger is member of the Samba Project Leadership committee. - mailto:b...@samba.org>Bjrn Jacke is Samba expert since almost ever and integrated Samba in networks of all sizes. -mailto:b...@samba.org>Bjrn Baumbach is maintainer of SAMBA+ and -fixes numerous Samba bugs. +mailto:v...@samba.org>Volker Lendecke, one of the first Samba Team members, is one of the founders of SerNet. + +mailto:me...@samba.org>Stefan Metzmacher works on ActiveDirectory and security, he is one of the main Samba 4 authors. + +mailto:k...@samba.org>Karolin Seeger is member of the Samba Project Leadership committee. Links: -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via c5678e5 support/globalsupport.html: Add Jule, Samba's new release manager. from 2cc1a93 NEWS[4.15.0rc5]: Samba 4.15.0rc5 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit c5678e52c5cbe36e3d8ec9cddb5e17e13043fb56 Author: Karolin Seeger Date: Tue Sep 7 13:17:15 2021 +0200 support/globalsupport.html: Add Jule, Samba's new release manager. Signed-off-by: Karolin Seeger --- Summary of changes: support/globalsupport.html | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/support/globalsupport.html b/support/globalsupport.html index 7f9ba65..a1d0105 100644 --- a/support/globalsupport.html +++ b/support/globalsupport.html @@ -77,13 +77,15 @@ SerNet also organizes the annual http://www.sambaXP.org/;>sambaXP, Members of the core http://samba.TEAM; target=_blank>samba.TEAM work with SerNet: +mailto:j...@samba.org>Jule Anger works as release manager for the Samba team. + mailto:v...@samba.org>Volker Lendecke, one of the first Samba Team members, is one of the founders of SerNet. mailto:me...@samba.org>Stefan Metzmacher works on ActiveDirectory and security, he is one of the main Samba 4 authors. mailto:r...@samba.org>Ralph Bhme is maintainer of Netatalk and implements its features to Samba. -mailto:k...@samba.org>Karolin Seeger works as release manager for Samba team. +mailto:k...@samba.org>Karolin Seeger is member of the Samba Project Leadership committee. mailto:b...@samba.org>Bjrn Jacke is Samba expert since almost ever and integrated Samba in networks of all sizes. -- Samba Website Repository
[Announce] Samba 4.15.0rc4 Available for Download
Release Announcements = This is the fourth release candidate of Samba 4.15. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.15 will be the next version of the Samba suite. UPGRADING = Removed SMB (development) dialects -- The following SMB (development) dialects are no longer supported: SMB2_22, SMB2_24 and SMB3_10. They are were only supported by Windows technical preview builds. They used to be useful in order to test against the latest Windows versions, but it's no longer useful to have them. If you have them explicitly specified in your smb.conf or an the command line, you need to replace them like this: - SMB2_22 => SMB3_00 - SMB2_24 => SMB3_00 - SMB3_10 => SMB3_11 Note that it's typically not useful to specify "client max protocol" or "server max protocol" explicitly to a specific dialect, just leave them unspecified or specify the value "default". New GPG key --- The GPG release key for Samba releases changed from: pub dsa1024/6F33915B6568B7EA 2007-02-04 [SC] [expires: 2021-02-05] Key fingerprint = 52FB C0B8 6D95 4B08 4332 4CDC 6F33 915B 6568 B7EA uid [ full ] Samba Distribution Verification Key sub elg2048/9C6ED163DA6DFB44 2007-02-04 [E] [expires: 2021-02-05] to the following new key: pub rsa4096/AA99442FB680B620 2020-12-21 [SC] [expires: 2022-12-21] Key fingerprint = 81F5 E283 2BD2 545A 1897 B713 AA99 442F B680 B620 uid [ultimate] Samba Distribution Verification Key sub rsa4096/97EF9386FBFD4002 2020-12-21 [E] [expires: 2022-12-21] Starting from Jan 21th 2021, all Samba releases will be signed with the new key. See also GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt NEW FEATURES/CHANGES Bind DLZ: add the ability to set allow/deny lists for zone transfer clients --- Up to now, any client could use a DNS zone transfer request to the bind server, and get an answer from Samba. Now the default behaviour will be to deny those request. Two new options have been added to manage the list of authorized/denied clients for zone transfer requests. In order to be accepted, the request must be issued by a client that is in the allow list and NOT in the deny list. "server multi channel support" no longer experimental - This option is enabled by default starting with 4.15 (on Linux and FreeBSD). Due to dependencies on kernel APIs of Linux or FreeBSD, it's only possible to use this feature on Linux and FreeBSD for now. samba-tool available without the ad-dc -- The 'samba-tool' command is now available when samba is configured "--without-ad-dc". Not all features will work, and some ad-dc specific options have been disabled. The 'samba-tool domain' options, for example, are limited when no ad-dc is present. Samba must still be built with ads in order to enable 'samba-tool'. Improved command line user experience - Samba utilities did not consistently implement their command line interface. A number of options were requiring to specify values in one tool and not in the other, some options meant different in different tools. These should be stories of the past now. A new command line parser has been implemented with sanity checking. Also the command line interface has been simplified and provides better control for encryption, singing and kerberos. Also several command line options have a smb.conf variable to control the default now. All tools are logging to stderr by default. You can use "--debug-stdout" to change the behavior. ### Common parser: Options added: --client-protection=off|sign|encrypt Options renamed: --kerberos ->--use-kerberos=required|desired|off --krb5-ccache->--use-krb5-ccache=CCACHE --scope ->--netbios-scope=SCOPE --use-ccache ->--use-winbind-ccache Options removed: -e|--encrypt -C removed from --use-winbind-ccache -i removed from --netbios-scope -S|--signing ### Duplicates in command line utils ldbadd/ldbsearch/ldbdel/ldbmodify/ldbrename: -e is not available for --editor anymore -s is not used for --configfile anymore ndrdump: -l is not available for --load-dso anymore net: -l is not available for --long anymore sharesec: -V is not available for --viewsddl anymore smbcquotas: --user->--quota-user nmbd: --log-stdout ->--debug-stdout smbd: --log-stdout ->--debug-stdout winbindd: --log-stdout ->--debug-stdout Scanning of trusted domains and enterprise principals - As an artifact from the NT4 times, we still scanned the list of trusted domains on
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via e45c559 NEWS[4.15.0rc4]: Samba 4.15.0rc4 Available for Download from 875b4c5 NEWS[4.15.0rc3]: Samba 4.15.0rc3 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit e45c559b5b996e0a7f57fcf505b948dbd7240173 Author: Karolin Seeger Date: Wed Sep 1 11:31:14 2021 +0200 NEWS[4.15.0rc4]: Samba 4.15.0rc4 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: posted_news/20210901-093254.4.15.0rc4.body.html | 12 posted_news/20210901-093254.4.15.0rc4.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20210901-093254.4.15.0rc4.body.html create mode 100644 posted_news/20210901-093254.4.15.0rc4.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20210901-093254.4.15.0rc4.body.html b/posted_news/20210901-093254.4.15.0rc4.body.html new file mode 100644 index 000..96912ac --- /dev/null +++ b/posted_news/20210901-093254.4.15.0rc4.body.html @@ -0,0 +1,12 @@ + +01 September 2021 +Samba 4.15.0rc4 Available for Download + +This is the fourth release candidate of the upcoming Samba 4.15 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.15.0rc4.tar.gz;>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.15.0rc4.WHATSNEW.txt;>the release notes for more info. + + diff --git a/posted_news/20210901-093254.4.15.0rc4.headline.html b/posted_news/20210901-093254.4.15.0rc4.headline.html new file mode 100644 index 000..efb1335 --- /dev/null +++ b/posted_news/20210901-093254.4.15.0rc4.headline.html @@ -0,0 +1,3 @@ + + 01 September 2021 Samba 4.15.0rc4 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-15-stable updated
The branch, v4-15-stable has been updated via 8a2c51f268b VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc4 release. via bf634d022cf WHATSNEW: Add release notes for Samba 4.15.0rc4. via 3f8db63d9bc util_sock: fix assignment of sa_socklen via 522fd7b38be WHATSNEW: Fix formatting. via e0dc3168210 s3/rpc_server: track the number of policy handles with a talloc destructor via 1e56dc7dd19 selftest: add a test for the "deadtime" parameter via 068bdf8fbfb VERSION: Bump version up to Samba 4.15.0rc4... from 16a28116179 VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc3 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 45 +-- source3/lib/util_sock.c | 9 + source3/rpc_server/rpc_handles.c | 20 +-- source3/script/tests/test_deadtime.sh | 67 +++ source3/selftest/tests.py | 4 +++ 6 files changed, 126 insertions(+), 21 deletions(-) create mode 100755 source3/script/tests/test_deadtime.sh Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index c529cb04f23..b185563e6ae 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=3 +SAMBA_VERSION_RC_RELEASE=4 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 0e6aeea6530..9b072788ad1 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the third release candidate of Samba 4.15. This is *not* +This is the fourth release candidate of Samba 4.15. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -70,18 +70,19 @@ client that is in the allow list and NOT in the deny list. "server multi channel support" no longer experimental - -This option is enabled by default starting with to 4.15 (on Linux and FreeBSD). +This option is enabled by default starting with 4.15 (on Linux and FreeBSD). Due to dependencies on kernel APIs of Linux or FreeBSD, it's only possible to use this feature on Linux and FreeBSD for now. + samba-tool available without the ad-dc -- -The samba-tool command is now available when samba is configured ---without-ad-dc. Not all features will work, and some ad-dc specific options -have been disabled. The samba-tool domain options, for example, are limited +The 'samba-tool' command is now available when samba is configured +"--without-ad-dc". Not all features will work, and some ad-dc specific options +have been disabled. The 'samba-tool domain' options, for example, are limited when no ad-dc is present. Samba must still be built with ads in order to enable -samba-tool. +'samba-tool'. Improved command line user experience @@ -98,7 +99,7 @@ simplified and provides better control for encryption, singing and kerberos. Also several command line options have a smb.conf variable to control the default now. -All tools are logging to stderr by default. You can use --debug-stdout to +All tools are logging to stderr by default. You can use "--debug-stdout" to change the behavior. ### Common parser: @@ -158,23 +159,24 @@ to redirect ticket requests to the right DC. This is e.g. needed for one way trusts. The options `winbind use krb5 enterprise principals` and `winbind scan trusted domains` will be deprecated in one of the next releases. + Support for Offline Domain Join (ODJ) - The net utility is now able to support the offline domain join feature as known from the Windows djoin.exe command for many years. Samba's -implementation is accessible via the "net offlinejoin" subcommand. It +implementation is accessible via the 'net offlinejoin' subcommand. It can provision computers and request offline joining for both Windows and Unix machines. It is also possible to provision computers from -Windows (using djoin.exe) and use the generated data in Samba's net +Windows (using djoin.exe) and use the generated data in Samba's 'net' utility. The existing options for the provisioning and joining steps are documented in the net(8) manpage. -samba-tool dns zoneoptions for aging control -
[SCM] Samba Shared Repository - annotated tag samba-4.15.0rc4 created
The annotated tag, samba-4.15.0rc4 has been created at 99aed55748a7f7d065c40d47372cfd02418419e5 (tag) tagging 8a2c51f268bd62a081d4e1b43b5746e1cd39ca94 (commit) replaces samba-4.15.0rc3 tagged by Karolin Seeger on Wed Sep 1 11:30:51 2021 +0200 - Log - samba: tag release samba-4.15.0rc4 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmEvSEsACgkQqplEL7aA tiBHqxAAhQKq3AzJz0Uq7ncsQfsFUd2BY7wOUD76g7Q1IFtqaDtKWv5K6HyBxKIn 8rdFTSLe5BYzGez0P0RoZSGGNG5QoENQ3mgFC4Qoz/XHNZIJNMuASWQ/8KSISc5Z fZYFPs9SYM9jq9tjG4iXbVnVU1xTC0NuAnA/ihbDCg8T7wL99950GJlFtCqNJc51 CkxwfksfoMZAPERmc4HHsCzCOa+CZ7DdkeWqKV786HQzqX8Q2UyKIYDqaQmVoRnX yJqgRJ8Gbv35qLRvyYCos3xfPmp5rr9aTZap/qvu1W/T01xXe2bEho0+mKlv3nhS lqW5zWo74durwQyh3AB9Jgco4odOufybRXmKZW4CcIXrDWRyWIDZBxkKZrDNw9b7 o92sIy7u3BXAaPRLuQkj8SlOSpZiE8qn1pvvkM71DYUL1OmgXqkejA3zjbSC0uSv NdAVy9sOtyh194dgGD2MZxmk2l+0wrsq7QZ6wPvdsq4xYCU5ayQuzptQYniPLbkk jwo+P/WsQFrlEjkH7PRC5h9GMlDyQU3fSlVS2ITMnip+4EvjpcYo6z7/tKUJXonj S3YTvOQiwmRkaifHTyOHzn75Cm8Wo7+COHPmDjUZf+ZYV1J/ftk2kZrNuicamk+w ALu/i1F5ukvY7E0lM9OFsDS4P3Yh7gMu3XWWg9RU5QrEj+0SqW4= =K6M1 -END PGP SIGNATURE- Bjoern Jacke (1): util_sock: fix assignment of sa_socklen Jule Anger (1): VERSION: Bump version up to Samba 4.15.0rc4... Karolin Seeger (3): WHATSNEW: Fix formatting. WHATSNEW: Add release notes for Samba 4.15.0rc4. VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc4 release. Ralph Boehme (2): selftest: add a test for the "deadtime" parameter s3/rpc_server: track the number of policy handles with a talloc destructor --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 8cc118dacc9 VERSION: Bump version up to 4.15.0rc5... via 8a2c51f268b VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc4 release. via bf634d022cf WHATSNEW: Add release notes for Samba 4.15.0rc4. from 3f8db63d9bc util_sock: fix assignment of sa_socklen https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 8cc118dacc96586f3135cee123bb048778c49b26 Author: Karolin Seeger Date: Wed Sep 1 11:27:48 2021 +0200 VERSION: Bump version up to 4.15.0rc5... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 8a2c51f268bd62a081d4e1b43b5746e1cd39ca94 Author: Karolin Seeger Date: Wed Sep 1 11:26:18 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.15.0rc4 release. Signed-off-by: Karolin Seeger commit bf634d022cf459d16d013ed56c8af2dad8f90a21 Author: Karolin Seeger Date: Wed Sep 1 11:24:59 2021 +0200 WHATSNEW: Add release notes for Samba 4.15.0rc4. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 9 - 2 files changed, 9 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index c95cc28532b..17431e06943 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=4 +SAMBA_VERSION_RC_RELEASE=5 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 99e6eda40f4..9b072788ad1 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the third release candidate of Samba 4.15. This is *not* +This is the fourth release candidate of Samba 4.15. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -315,6 +315,13 @@ smb.conf changes winbind scan trusted domainsChanged No +CHANGES SINCE 4.15.0rc3 +=== + +o Bjoern Jacke + * BUG 14800: util_sock: fix assignment of sa_socklen. + + CHANGES SINCE 4.15.0rc2 === -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 3f8db63d9bc util_sock: fix assignment of sa_socklen via 522fd7b38be WHATSNEW: Fix formatting. from e0dc3168210 s3/rpc_server: track the number of policy handles with a talloc destructor https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 3f8db63d9bc802800566c73e12bb73491d503d1d Author: Bjoern Jacke Date: Tue Aug 17 11:39:24 2021 + util_sock: fix assignment of sa_socklen Signed-off-by: Stefan Metzmacher Reviewed-by: Bjoern Jacke Reviewed-by: Volker Lendecke BUG: https://bugzilla.samba.org/show_bug.cgi?id=14800 Autobuild-User(master): Björn Jacke Autobuild-Date(master): Tue Aug 31 09:54:35 UTC 2021 on sn-devel-184 (cherry picked from commit 1209c89dcf6371bbfa4f3929a47a573ef2916c1a) Autobuild-User(v4-15-test): Karolin Seeger Autobuild-Date(v4-15-test): Wed Sep 1 09:00:08 UTC 2021 on sn-devel-184 commit 522fd7b38be1502b3f614225de8040e4c1d1f36f Author: Karolin Seeger Date: Wed Sep 1 08:15:11 2021 +0200 WHATSNEW: Fix formatting. Signed-off-by: Karolin Seeger --- Summary of changes: WHATSNEW.txt| 36 +++- source3/lib/util_sock.c | 9 + 2 files changed, 28 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 0e6aeea6530..99e6eda40f4 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -70,18 +70,19 @@ client that is in the allow list and NOT in the deny list. "server multi channel support" no longer experimental - -This option is enabled by default starting with to 4.15 (on Linux and FreeBSD). +This option is enabled by default starting with 4.15 (on Linux and FreeBSD). Due to dependencies on kernel APIs of Linux or FreeBSD, it's only possible to use this feature on Linux and FreeBSD for now. + samba-tool available without the ad-dc -- -The samba-tool command is now available when samba is configured ---without-ad-dc. Not all features will work, and some ad-dc specific options -have been disabled. The samba-tool domain options, for example, are limited +The 'samba-tool' command is now available when samba is configured +"--without-ad-dc". Not all features will work, and some ad-dc specific options +have been disabled. The 'samba-tool domain' options, for example, are limited when no ad-dc is present. Samba must still be built with ads in order to enable -samba-tool. +'samba-tool'. Improved command line user experience @@ -98,7 +99,7 @@ simplified and provides better control for encryption, singing and kerberos. Also several command line options have a smb.conf variable to control the default now. -All tools are logging to stderr by default. You can use --debug-stdout to +All tools are logging to stderr by default. You can use "--debug-stdout" to change the behavior. ### Common parser: @@ -158,23 +159,24 @@ to redirect ticket requests to the right DC. This is e.g. needed for one way trusts. The options `winbind use krb5 enterprise principals` and `winbind scan trusted domains` will be deprecated in one of the next releases. + Support for Offline Domain Join (ODJ) - The net utility is now able to support the offline domain join feature as known from the Windows djoin.exe command for many years. Samba's -implementation is accessible via the "net offlinejoin" subcommand. It +implementation is accessible via the 'net offlinejoin' subcommand. It can provision computers and request offline joining for both Windows and Unix machines. It is also possible to provision computers from -Windows (using djoin.exe) and use the generated data in Samba's net +Windows (using djoin.exe) and use the generated data in Samba's 'net' utility. The existing options for the provisioning and joining steps are documented in the net(8) manpage. -samba-tool dns zoneoptions for aging control - +'samba-tool dns zoneoptions' for aging control +-- -The samba-tool dns zoneoptions command can be used to turn aging on +The 'samba-tool dns zoneoptions' command can be used to turn aging on and off, alter the refresh and no-refresh periods, and manipulate the timestamps of existing records. @@ -193,8 +195,8 @@ step process will help prevent the temporary loss of dynamic records if scavenging happens before their first renewal. -Marking old records as static or dynamic with samba-tool - +Marking old recor
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via a7d66e00fa8 s3: smbd: Fix smbd crash on dangling symlink with posix connection calling several non-posix info levels. from 07b062c489f s3/rpc_server: track the number of policy handles with a talloc destructor https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit a7d66e00fa811512b0b44288474271453b914f21 Author: Jeremy Allison Date: Tue Jun 15 15:42:33 2021 -0700 s3: smbd: Fix smbd crash on dangling symlink with posix connection calling several non-posix info levels. Tidy up fsp == NULL checks. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14742 Signed-off-by: Jeremy Allison Reviewed-by: Noel Power Autobuild-User(master): Noel Power Autobuild-Date(master): Wed Jun 16 11:58:00 UTC 2021 on sn-devel-184 (cherry picked from commit 263c95aee38c9198ad9a30c4d960d72f46b7c27a) Autobuild-User(v4-14-test): Karolin Seeger Autobuild-Date(v4-14-test): Fri Aug 27 08:14:42 UTC 2021 on sn-devel-184 --- Summary of changes: source3/smbd/trans2.c | 14 +- 1 file changed, 13 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index fac45df586e..70a492a96a8 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -785,6 +785,10 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp, return NT_STATUS_EAS_NOT_SUPPORTED; } + if (fsp == NULL) { + return NT_STATUS_INVALID_HANDLE; + } + posix_pathnames = (fsp->fsp_name->flags & SMB_FILENAME_POSIX_PATH); status = refuse_symlink(conn, fsp, fsp->fsp_name); @@ -6860,7 +6864,7 @@ static NTSTATUS smb_set_file_full_ea_info(connection_struct *conn, struct ea_list *ea_list = NULL; NTSTATUS status; - if (!fsp) { + if (fsp == NULL) { return NT_STATUS_INVALID_HANDLE; } @@ -7899,6 +7903,10 @@ static NTSTATUS smb_set_file_basic_info(connection_struct *conn, return NT_STATUS_INVALID_PARAMETER; } + if (fsp == NULL) { + return NT_STATUS_INVALID_HANDLE; + } + status = check_access_fsp(fsp, FILE_WRITE_ATTRIBUTES); if (!NT_STATUS_IS_OK(status)) { return status; @@ -7956,6 +7964,10 @@ static NTSTATUS smb_set_info_standard(connection_struct *conn, return NT_STATUS_INVALID_PARAMETER; } + if (fsp == NULL) { + return NT_STATUS_INVALID_HANDLE; + } + /* create time */ ft.create_time = time_t_to_full_timespec(srv_make_unix_date2(pdata)); /* access time */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 3228383d8ae vfs_shadow_copy2: ensure we call convert_sbuf() in shadow_copy2_*stat() on already converted paths with absolute path via 8222ff1110c vfs_streams_xattr: ensure fstat calls NEXT fstat via 262d09c511a selftest: add a test for shadow:fixinodes via 9d6d585ca00 selftest: simplify snapshot directory creation in test_shadow_copy_torture.sh via 5ae4300a36b selftest: enable "shadow:fixinodes" in "shadow_write" share via a2ac4ee3d71 selftest: pass smbclient arg to samba3.blackbox.shadow_copy_torture test via 93383852f0d smbd: update smb_fname statinfo from fsp via e12c92d0175 smbd: canonicalize SMB_VFS_FSTAT() stat buffer via 46995a8b146 smbd: return correct timestamps for quota fake file via b53968656ee smbd: handle fake file handles in fdos_mode() via 7e1d4a4b138 smbd: add dosmode_from_fake_filehandle() via 8abd1abca64 smbtorture: verify attributes on fake quota file handle from 618fd6c2594 s3: smbd: For FSCTL calls that go async, add the outstanding tevent_reqs to the aio list on the file handle. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 3228383d8ae56d53dd8d726eec8e81353b988624 Author: Ralph Boehme Date: Sat Jul 3 15:46:11 2021 +0200 vfs_shadow_copy2: ensure we call convert_sbuf() in shadow_copy2_*stat() on already converted paths with absolute path shadow_copy2_strip_snapshot() will happily return without modifying the passed timestamp=0 if the path is already converted and refers to an object in a snapshot, eg (first debug line from extra debugging patch [1]): [10 2021/07/02 08:19:28.811424 pid=738290 ../../source3/modules/vfs_shadow_copy2.c:1303 shadow_copy2_fstat] shadow_copy2_fstat: fsp [test.txt {@GMT-2000.01.02-03.04.05}] [10 2021/07/02 08:19:28.811449 pid=738290 ../../source3/modules/vfs_shadow_copy2.c:607 _shadow_copy2_strip_snapshot_internal] _shadow_copy2_strip_snapshot_internal: [from shadow_copy2_fstat()] Path 'test.txt {@GMT-2000.01.02-03.04.05}' [10 2021/07/02 08:19:28.811474 pid=738290 ../../source3/modules/vfs_shadow_copy2.c:619 _shadow_copy2_strip_snapshot_internal] _shadow_copy2_strip_snapshot_internal: abs path '/gpfs0/smb_snapshots2/filesetone/.snapshots/@GMT-2000.01.02-03.04.05/test.txt' [10 2021/07/02 08:19:28.811496 pid=738290 ../../source3/modules/vfs_shadow_copy2.c:1924 shadow_copy2_snapshot_to_gmt] shadow_copy2_snapshot_to_gmt: match @GMT-%Y.%m.%d-%H.%M.%S: @GMT-2000.01.02-03.04.05 [10 2021/07/02 08:19:28.811536 pid=738290 ../../source3/modules/vfs_shadow_copy2.c:566 check_for_converted_path] check_for_converted_path: path |/gpfs0/smb_snapshots2/filesetone/.snapshots/@GMT-2000.01.02-03.04.05/test.txt| is already converted. connect path = |/gpfs0/smb_snapshots2/filesetone/.snapshots/@GMT-2000.01.02-03.04.05| As check_for_converted_path() detects an "already converted path", _shadow_copy2_strip_snapshot_internal() just returns without modifying the value of the timestamp. By using shadow_copy2_strip_snapshot_converted() instead of shadow_copy2_strip_snapshot() we can check if the path is in fact referring to a VSS object by checking the "converted" bool. An alternative way would have been directly checking fsp->fsp_name->twrp != 0, but that would be a new semantic in the module, I'll leave this excersize for the future when we clean up the usage of shadow_copy2_strip_snapshot() in the whole module. This change also switches to using the absolute paths in both place where convert_sbuf() is called. [1] @@ -1309,8 +1348,16 @@ static int shadow_copy2_fstat(vfs_handle_struct *handle, files_struct *fsp, saved_errno = errno; } + DBG_DEBUG("fsp [%s]\n", fsp_str_dbg(fsp)); RN: vfs_shadow_copy2 fixinodes not correctly updating inode numbers BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit c7d6745858f2efdd24ed6fd353ec5ece898033fa) Autobuild-User(v4-14-test): Karolin Seeger Autobuild-Date(v4-14-test): Tue Aug 17 10:07:42 UTC 2021 on sn-devel-184 commit 8222ff1110c3ff506e3153b3294f2979206cdbfd Author: Ralph Boehme Date: Wed Jul 28 17:16:27 2021 +0200 vfs_streams_xattr: ensure fstat calls NEXT fstat This ensures fstat behaves the same as stat by calling the NEXT VFS stat function. This is required for matching path and handle based inode numbers. This bug is currently only exposed in a special case: a VSS snapshot of a stream. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
[SCM] Samba Shared Repository - branch v4-15-test updated
The branch, v4-15-test has been updated via 68bd2229bd4 WHATSNEW: mention the offline domain join feature via 8380f21aadd libcli/smb: allow unexpected padding in SMB2 READ responses via 170b8195507 libcli/smb: make smb2cli_ioctl_parse_buffer() available as smb2cli_parse_dyn_buffer() via b644b297bf8 s3:smbd: implement FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8 via 0be68189ffc s3:smbd: introduce a body_size variable in smbd_smb2_request_read_done via 570b3ced84a s4:torture/smb2: add smb2.read.bug14607 test from 81eeb1c6708 VERSION: Bump version up to 4.15.0rc2... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-15-test - Log - commit 68bd2229bd4528505ab9695bbcbde59fc0fe2a33 Author: Günther Deschner Date: Tue Jul 20 14:21:34 2021 +0200 WHATSNEW: mention the offline domain join feature Guenther Signed-off-by: Guenther Deschner Reviewed-by: Karolin Seeger Autobuild-User(v4-15-test): Karolin Seeger Autobuild-Date(v4-15-test): Wed Jul 21 10:27:55 UTC 2021 on sn-devel-184 commit 8380f21aadde1b5433b0770e8a2d9ed53b61101a Author: Stefan Metzmacher Date: Tue Jun 29 15:42:56 2021 +0200 libcli/smb: allow unexpected padding in SMB2 READ responses Make use of smb2cli_parse_dyn_buffer() in smb2cli_read_done() as it was exactly introduced for a similar problem see: commit 4c6c71e1378401d66bf2ed230544a75f7b04376f Author: Stefan Metzmacher AuthorDate: Thu Jan 14 17:32:15 2021 +0100 Commit: Volker Lendecke CommitDate: Fri Jan 15 08:36:34 2021 + libcli/smb: allow unexpected padding in SMB2 IOCTL responses A NetApp Ontap 7.3.7 SMB server add 8 padding bytes to an offset that's already 8 byte aligned. RN: Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607 Pair-Programmed-With: Volker Lendecke Signed-off-by: Stefan Metzmacher Signed-off-by: Volker Lendecke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Fri Jan 15 08:36:34 UTC 2021 on sn-devel-184 RN: Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Jul 15 23:53:55 UTC 2021 on sn-devel-184 (cherry picked from commit 155348cda65b441a6c4db1ed84dbf1682d02973c) commit 170b81955078c5cb9620516cfd31fe02db6f11f6 Author: Stefan Metzmacher Date: Tue Jun 29 15:24:13 2021 +0200 libcli/smb: make smb2cli_ioctl_parse_buffer() available as smb2cli_parse_dyn_buffer() It will be used in smb2cli_read.c soon... BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit 1faf15b3d0f41fa8a94b76d1616a4460ce0c6fa4) commit b644b297bf83e49d81c97593f5e33b4dc57686dc Author: Stefan Metzmacher Date: Mon Jul 5 17:49:00 2021 +0200 s3:smbd: implement FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8 This turns the 'smb2.read.bug14607' test from 'skip' into 'xfailure', as the 2nd smb2cli_read() function will now return NT_STATUS_INVALID_NETWORK_RESPONSE. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit ef57fba5dbf359b204ba952451e1e33ed68f1c91) commit 0be68189ffcc746c67dd1ae0610f4b33973c8eee Author: Stefan Metzmacher Date: Mon Jul 5 17:49:00 2021 +0200 s3:smbd: introduce a body_size variable in smbd_smb2_request_read_done This will simplify the following changes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit 5ecac656fde4e81aa6e51e7b3134ea3fb75f564a) commit 570b3ced84ae14a5e3a0f4b89bc8f2944683d6e1 Author: Stefan Metzmacher Date: Tue Jul 6 16:24:59 2021 +0200 s4:torture/smb2: add smb2.read.bug14607 test This test will use a FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8 in order to change the server behavior of READ responses regarding the data offset. It will demonstrate the problem in smb2cli_read*() triggered by NetApp Ontap servers. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison (cherry picked from commit b3c9823d907b91632679e6f0ffce1b7192e4b9b6
[Announce] Samba 4.15.0rc1 Available for Download
Release Announcements = This is the first release candidate of Samba 4.15. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.15 will be the next version of the Samba suite. UPGRADING = Removed SMB (development) dialects -- The following SMB (development) dialects are no longer supported: SMB2_22, SMB2_24 and SMB3_10. They are were only supported by Windows technical preview builds. They used to be useful in order to test against the latest Windows versions, but it's no longer useful to have them. If you have them explicitly specified in your smb.conf or an the command line, you need to replace them like this: - SMB2_22 => SMB3_00 - SMB2_24 => SMB3_00 - SMB3_10 => SMB3_11 Note that it's typically not useful to specify "client max protocol" or "server max protocol" explicitly to a specific dialect, just leave them unspecified or specify the value "default". New GPG key --- The GPG release key for Samba releases changed from: pub dsa1024/6F33915B6568B7EA 2007-02-04 [SC] [expires: 2021-02-05] Key fingerprint = 52FB C0B8 6D95 4B08 4332 4CDC 6F33 915B 6568 B7EA uid [ full ] Samba Distribution Verification Key sub elg2048/9C6ED163DA6DFB44 2007-02-04 [E] [expires: 2021-02-05] to the following new key: pub rsa4096/AA99442FB680B620 2020-12-21 [SC] [expires: 2022-12-21] Key fingerprint = 81F5 E283 2BD2 545A 1897 B713 AA99 442F B680 B620 uid [ultimate] Samba Distribution Verification Key sub rsa4096/97EF9386FBFD4002 2020-12-21 [E] [expires: 2022-12-21] Starting from Jan 21th 2021, all Samba releases will be signed with the new key. See also GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt NEW FEATURES/CHANGES - bind DLZ: Added the ability to set allow/deny lists for zone transfer clients. Up to now, any client could use a DNS zone transfer request to the bind server, and get an answer from Samba. Now the default behaviour will be to deny those request. Two new options have been added to manage the list of authorized/denied clients for zone transfer requests. In order to be accepted, the request must be issued by a client that is in the allow list and NOT in the deny list. "server multi channel support" no longer experimental - This option is enabled by default starting with to 4.15 (on Linux and FreeBSD). Due to dependencies on kernel APIs of Linux or FreeBSD, it's only possible to use this feature on Linux and FreeBSD for now. samba-tool available without the ad-dc -- The samba-tool command is now available when samba is configured --without-ad-dc. Not all features will work, and some ad-dc specific options have been disabled. The samba-tool domain options, for example, are limited when no ad-dc is present. Samba must still be built with ads in order to enable samba-tool. Improved command line user experience - Samba utilities did not consistently implement their command line interface. A number of options were requiring to specify values in one tool and not in the other, some options meant different in different tools. These should be stories of the past now. A new command line parser has been implemented with sanity checking. Also the command line interface has been simplified and provides better control for encryption, singing and kerberos. Also several command line options have a smb.conf variable to control the default now. All tools are logging to stderr by default. You can use --debug-stdout to change the behavior. ### Common parser: Options added: --client-protection=off|sign|encrypt Options renamed: --kerberos ->--use-kerberos=required|desired|off --krb5-ccache->--use-krb5-ccache=CCACHE --scope ->--netbios-scope=SCOPE --use-ccache ->--use-winbind-ccache Options removed: -e|--encrypt -C removed from --use-winbind-ccache -i removed from --netbios-scope -S|--signing ### Duplicates in command line utils ldbadd/ldbsearch/ldbdel/ldbmodify/ldbrename: -e is not available for --editor anymore -s is not used for --configfile anymore ndrdump: -l is not available for --load-dso anymore net: -l is not available for --long anymore sharesec: -V is not available for --viewsddl anymore smbcquotas: --user->--quota-user nmbd: --log-stdout ->--debug-stdout smbd: --log-stdout ->--debug-stdout winbindd: --log-stdout ->--debug-stdout Scanning of trusted domains and enterprise principals - As an artifact from the NT4 times, we still scanned the list of trusted domains on winbindd startup. This is wrong as we never can get a full picture in Active
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 109fdbb NEWS[4.15.0rc1]: Samba 4.15.0rc1 Available for Download from 2b3c9b5 Add Samba 4.13.10. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 109fdbbfe7d10e4833a8a26a280538882b0c5a75 Author: Karolin Seeger Date: Thu Jul 15 10:52:22 2021 +0200 NEWS[4.15.0rc1]: Samba 4.15.0rc1 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: posted_news/20210715-085411.4.15.0rc1.body.html | 12 posted_news/20210715-085411.4.15.0rc1.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20210715-085411.4.15.0rc1.body.html create mode 100644 posted_news/20210715-085411.4.15.0rc1.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20210715-085411.4.15.0rc1.body.html b/posted_news/20210715-085411.4.15.0rc1.body.html new file mode 100644 index 000..761c14f --- /dev/null +++ b/posted_news/20210715-085411.4.15.0rc1.body.html @@ -0,0 +1,12 @@ + +15 July 2021 +Samba 4.15.0rc1 Available for Download + +This is the first release candidate of the upcoming Samba 4.15 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.15.0rc1.tar.gz;>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.15.0rc1.WHATSNEW.txt;>the release notes for more info. + + diff --git a/posted_news/20210715-085411.4.15.0rc1.headline.html b/posted_news/20210715-085411.4.15.0rc1.headline.html new file mode 100644 index 000..16626f2 --- /dev/null +++ b/posted_news/20210715-085411.4.15.0rc1.headline.html @@ -0,0 +1,3 @@ + + 15 July 2021 Samba 4.15.0rc1 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - annotated tag samba-4.15.0rc1 created
The annotated tag, samba-4.15.0rc1 has been created at d3c94a1c4139d35d4d700f24a7f8ea8f6331f27d (tag) tagging 6a6f60447719d274011bd9575403f2fb0099ca91 (commit) replaces ldb-2.4.0 tagged by Karolin Seeger on Thu Jul 15 10:52:04 2021 +0200 - Log - samba: tag release samba-4.15.0rc1 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmDv9zQACgkQqplEL7aA tiAScg/8DPnmSVPkFqcA9O6ijC0iP7Aj8ECoOJNEMcOsrEXK0Vgu0o4B7+5lf8kb AN6pEEyYQokfXR0noEmSkVhtEkf8kLC9ayAMzpxQCEWiwf2949C8YQ2CgCrLrCGm kIoSlQdGsJQjDbqlwvZFatDaR0fjGlDHycgzT/IfvaCskwWnKo5JjxrUZmGSgpv3 Tg04NQZiieJf09j88qhXIot9gjUQdnuy5ws06b2+QnnRbZWz8edW9M8ybzQ2hBk/ mow7M1Rz1CdTejqryFg2d9zbQ8RPfvykiowm5+nUDjdiqtYq178DIY8EJNcrrl88 ShI0TYHm/KI5a+1/PZKovzF1KiDcSGyxSIQRJOb4+SI/VuIs9x0vFSceANZsuJYV iXB8stlyd2z2snzQjIbC3buDbBnLwjqFbsJZq9vPhRMpHdclFGsbZw1sTU2e/IB5 l6nIspUbtUjoAWDYs56aTkiabz0BWrXF2U+mZh61CfPdoGGfPHV/s410BKfxhBlb V3481YCsMlMCWkVpyAQx8AezF+KPvPRD5kUFTKqUiT3D23M5YbS3cVTB3LQsKgWQ ONSDGmastuIk4HuQ5th6DZxkSOKVAMlUEEwjw/UGSWfuKJS2eBM91qMF1sAAGT0p vrSIuGkzU6XPLhJiHB6SE/GoT9naiPhK4NfnOPUk8ggt/IP8iRg= =ZMh0 -END PGP SIGNATURE- Jeremy Allison (7): s3: tests: Our tests for "smbd async dosmode = yes" haven't been working correctly as the parameter has been set incorrectly. s3: tests: Add "SMB2-LIST-DIR-ASYNC" test. s3: smbd: Allow "smbd async dosmode = yes" to return valid DOS attributes again. s3: VFS: default: Move vfswrap_fgetxattr() before the async versions. s3: VFS: default: Add 'handle' member to struct vfswrap_getxattrat_state s3: VFS: default. In vfswrap_getxattrat_do_sync() always use the pathref fsp. s3: VFS: default. In vfswrap_getxattrat_do_async() always use the pathref fsp. Karolin Seeger (3): WHATSNEW: Fix typos. WHATSNEW: Up to Samba 4.15.0rc1. VERSION: Disable GIT_SNAPSHOT for the Samba 4.15.0rc1 release. Stefan Metzmacher (61): s3:tests: use SAMBA_DEPRECATED_SUPPRESS=1 for backbox tests selftest: use SAMBA_DEPRECATED_SUPPRESS=1 for all tests s4:torture:libsmbclient: make use of PROTOCOL_* enum values instead of of hardcoded int values libcli/smb: no longer use experimental dialects 2.2.2, 2.2.4, 3.1.0 on the wire smb2_negprot: no longer use experimental dialects 2.2.2, 2.2.4, 3.1.0 on the wire s3:torture: replace PROTOCOL_SMB2_22 with PROTOCOL_SMB3_00 s3:smbd: replace PROTOCOL_SMB2_22 with PROTOCOL_SMB3_00 libcli/smb: replace PROTOCOL_SMB2_22 with PROTOCOL_SMB3_00 docs-xml: remove support for "SMB2_22" libcli/smb: remove unused PROTOCOL_SMB2_22 definition s3:smbd: replace PROTOCOL_SMB2_24 with PROTOCOL_SMB3_00 libcli/smb: replace PROTOCOL_SMB2_24 with PROTOCOL_SMB3_00 docs-xml: remove support for "SMB2_24" libcli/smb: remove unused PROTOCOL_SMB2_24 definition s3:smbd: replace PROTOCOL_SMB3_10 with PROTOCOL_SMB3_11 libcli/smb: replace PROTOCOL_SMB3_10 with PROTOCOL_SMB3_11 docs-xml: remove support for "SMB3_10" libcli/smb: remove unused PROTOCOL_SMB3_10 definition WHATSNEW: document the removal of SMB2_22, SMB2_24 and SMB3_10 s4:torture: let smb2.session.bind_negative_* also test without session keys s4:torture: let smb2.session.bind_negative_* tests also use a different client guid s3:smbd: let smb2srv_session_lookup_global() clear the signing/encryption_flags s3:smbd: fix a NULL pointer deference caused by smb2srv_update_crypto_flags() s3:smbd: make sure smbXsrv_session_update() doesn't segfault with table == NULL s3:smbd: remove dead code from smbd_smb2_request_dispatch() s3:smbd: fallback to smb2srv_session_lookup_global() for session setups with failed signing lib/param: add lpcfg_parm_is_unspecified() helper lib/param: enable "server multi channel support" by default on Linux and FreeBSD WHATNEW: document "server multi channel support" change smb2_negprot: make use of struct smb311_capabilities.encryption docs-xml: add "client/server smb3 encryption algorithms" options libcli/smb: add helpers to parse client/server smb3 encryption algorithms into struct smb311_capabilities s3:libsmb: make use of 'client smb3 encryption algorithms' s4:param: make use of 'client smb3 encryption algorithms' s3:smbd: make use of 'server smb3 encryption algorithms' libcli/smb: let 'client smb3 encryption algorithms' disable aes-128-ccm for SMB3_0* libcli/smb: add smb311_capabilities_check() helper s3:smbd: let 'server smb3 encryption algorithms' disable aes-128-ccm for SMB3_0* libcli/smb: add aes-256-{gcm,ccm} support to smb2_signing_[en|de]crypt_pdu() lib/param: offer aes-256-{gcm,ccm} encryption by default libcli/smb:
[SCM] Samba Shared Repository - branch v4-15-stable created
The branch, v4-15-stable has been created at 6a6f60447719d274011bd9575403f2fb0099ca91 (commit) - Log - --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-15-test created
The branch, v4-15-test has been created at 81eeb1c6708bbe0e26e6e683073f46dfe69eb4a5 (commit) - Log - commit 81eeb1c6708bbe0e26e6e683073f46dfe69eb4a5 Author: Karolin Seeger Date: Thu Jul 15 09:58:05 2021 +0200 VERSION: Bump version up to 4.15.0rc2... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger Signed-off-by: Stefan Metzmacher Signed-off-by: Jule Anger --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via cca9ce5977c WHATSNEW: Start release notes for Samba 4.16.0pre1. via 34b168b4a1c VERSION: Bump version up to 4.16.0pre1... via 6a6f6044771 VERSION: Disable GIT_SNAPSHOT for the Samba 4.15.0rc1 release. via 47c50755352 WHATSNEW: Up to Samba 4.15.0rc1. via 961548296e6 WHATSNEW: Fix typos. from 447c9380dcb s3: VFS: default. In vfswrap_getxattrat_do_async() always use the pathref fsp. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cca9ce5977c42ccffe4d459193ff1cfa011680c3 Author: Karolin Seeger Date: Thu Jul 15 09:42:49 2021 +0200 WHATSNEW: Start release notes for Samba 4.16.0pre1. Signed-off-by: Karolin Seeger Signed-off-by: Stefan Metzmacher Signed-off-by: Jule Anger commit 34b168b4a1ccc13a67cc073b147d6a27e26a8ca8 Author: Karolin Seeger Date: Thu Jul 15 09:38:41 2021 +0200 VERSION: Bump version up to 4.16.0pre1... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger Signed-off-by: Stefan Metzmacher Signed-off-by: Jule Anger commit 6a6f60447719d274011bd9575403f2fb0099ca91 Author: Karolin Seeger Date: Thu Jul 15 09:09:37 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the Samba 4.15.0rc1 release. Signed-off-by: Karolin Seeger Signed-off-by: Stefan Metzmacher Signed-off-by: Jule Anger commit 47c507553521aec077ea5d761ff394f3d0c96830 Author: Karolin Seeger Date: Thu Jul 15 09:06:20 2021 +0200 WHATSNEW: Up to Samba 4.15.0rc1. Signed-off-by: Karolin Seeger Signed-off-by: Stefan Metzmacher Signed-off-by: Jule Anger commit 961548296e697dc3de1a3b4a8216efd3316dd9d7 Author: Karolin Seeger Date: Thu Jul 15 09:04:18 2021 +0200 WHATSNEW: Fix typos. Signed-off-by: Karolin Seeger Signed-off-by: Stefan Metzmacher Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 173 ++- 2 files changed, 4 insertions(+), 171 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index a560fcfe060..ec3b043eaaa 100644 --- a/VERSION +++ b/VERSION @@ -24,7 +24,7 @@ # -> "3.0.0" # SAMBA_VERSION_MAJOR=4 -SAMBA_VERSION_MINOR=15 +SAMBA_VERSION_MINOR=16 SAMBA_VERSION_RELEASE=0 diff --git a/WHATSNEW.txt b/WHATSNEW.txt index acde58ed7ad..f3db6341e06 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,204 +1,37 @@ Release Announcements = -This is the first pre release of Samba 4.15. This is *not* +This is the first pre release of Samba 4.16. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. -Samba 4.15 will be the next version of the Samba suite. +Samba 4.16 will be the next version of the Samba suite. UPGRADING = -Removed SMB (development) dialects --- - -The following SMB (development) dialects are no longer -supported: SMB2_22, SMB2_24 and SMB3_10. They are were -only supported by Windows technical preview builds. -They used to be useful in order to test against the -latest Windows versions, but it's no longer useful -to have them. If you have them explicitly specified -in your smb.conf or an the command line, -you need to replace them like this: -- SMB2_22 => SMB3_00 -- SMB2_24 => SMB3_00 -- SMB3_10 => SMB3_11 -Note that it's typically not useful to specify -"client max protocol" or "server max protocol" -explicitly to a specific dialect, just leave -them unspecified or specify the value "default". - -New GPG key - -The GPG release key for Samba releases changed from: - -pub dsa1024/6F33915B6568B7EA 2007-02-04 [SC] [expires: 2021-02-05] - Key fingerprint = 52FB C0B8 6D95 4B08 4332 4CDC 6F33 915B 6568 B7EA -uid [ full ] Samba Distribution Verification Key -sub elg2048/9C6ED163DA6DFB44 2007-02-04 [E] [expires: 2021-02-05] - -to the following new key: - -pub rsa4096/AA99442FB680B620 2020-12-21 [SC] [expires: 2022-12-21] - Key fingerprint = 81F5 E283 2BD2 545A 1897 B713 AA99 442F B680 B620 -uid [ultimate] Samba Distribution Verification Key -sub rsa4096/97EF9386FBFD4002 2020-12-21 [E] [expires: 2022-12-21] - -Starting from Jan 21th 2021, all Samba releases will be signed with the new key. - -See also GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt - NEW FEATURES/CHANGES -- bind DLZ: Added the ability to set allow/deny l
[SCM] Samba Shared Repository - annotated tag ldb-2.4.0 created
The annotated tag, ldb-2.4.0 has been created at 563f487af1f81cf5d3f01a23d57eb70af63c1a9f (tag) tagging 12bc55ff7aae653bb3894bc55fe4f1ba86902a2d (commit) replaces tdb-1.4.4 tagged by Karolin Seeger on Thu Jul 15 09:35:05 2021 +0200 - Log - ldb: tag release ldb-2.4.0 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmDv5SkACgkQR5ORYRMI QCVRxQf+O85AgFAkiaVd3ENTTS7NnQIIsavUqyApRFqKBHGQN9t4eGxxn0PIRc/d ABwC0rQi+nKbr9BIvG6XE7A9AVWnMNIoRSvztS1QCBUzQIrcBV7qj/kWJLgT9f1v pDsIFdC/v3lMH1jgVgVhw78bldLpx1FmPgW1NnsdLYbQkx5bJCYVIVkal3K6K7js N04OsecXMP7kfCLtbguw6jUIpA6y8jFRkqU9RYpw5l4+n/6CkG9/zEh2YleIDvxJ MY8SDOhvuKI2nvfuj49E668V2Y02N0TmmE0X+YayTvMIK21rR48TUM99GanwRB7q XW/EGgZJFlaQWet7m+w/zW6ZORhmZQ== =XQp5 -END PGP SIGNATURE- Stefan Metzmacher (1): ldb: version 2.4 will be used for Samba 4.15 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag tdb-1.4.4 created
The annotated tag, tdb-1.4.4 has been created at 02b2f3328c3683f066377512d5133a8704b3125d (tag) tagging 1ad5df9f74426c78ff128d963a785aad707e7ed1 (commit) replaces talloc-2.3.3 tagged by Karolin Seeger on Thu Jul 15 09:31:11 2021 +0200 - Log - tdb: tag release tdb-1.4.4 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmDv5D8ACgkQR5ORYRMI QCXkgAf+MdvUTGRlE65h5uBYOuDs3ePQkgdk2e+Icpr8/c4cy/AZS6upAw93mlWe Ttal0Bli+AymCyTjQLa2N09q+Ug5GOH6F4MHeSoz9j1gkAsjxzUUqKTt90Ts5LL6 TZrgcg2SeRCjTZf/Jtnh3W9mlPhThpKnBkwOLVhpM4X8Vr1JzUkux+W3EmpIG4R2 468HmQ6CQ57I/l4HNgIgB50Zqj7TxrQa44jzGBrABy7KsFLQN+oFeJK53IutMUbv hRLmSGv2Obg834wsdE+hpRUtNFM5nCpYPvi6jyhWiLBrgnAjgLfcZh7frutGk9OE VrPYbgYw8dxLNbSULBjdK5O+n+1RkQ== =x43U -END PGP SIGNATURE- Stefan Metzmacher (1): tdb: version 1.4.4 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag talloc-2.3.3 created
The annotated tag, talloc-2.3.3 has been created at 6d3d9423060a7bc046fcc36cccb6260ef285ccf7 (tag) tagging bc1ee7ca0640f0136e5af7dcc4ca8ed0a5893053 (commit) replaces tevent-0.11.0 tagged by Karolin Seeger on Thu Jul 15 09:27:26 2021 +0200 - Log - talloc: tag release talloc-2.3.3 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmDv414ACgkQR5ORYRMI QCVpXgf+ISNPNakxfNMrqdzDo2IsxR6VXwBat7J+0IiAUXFYUDtIsilN0frxpZXS T7DoD3MVPh2LUoP4gON3WBVNmpku6lXwB9MxHyRYG2tDouA7l4nEazY8bDMgerBr j/jxYqA1gdRDl9IKNQnMT7VOZrqyQXGUIRmXv5PN8VsITUT14Cy8Wz/SBppqpBui nvgUXMY1waZK7q8KWB3EkvJXLEqfB7oUKmkiwvBl5+avvlyowq+9RDIKsUN+aE5/ oYyiMKDwnj370njHF9yz0giJ0KL0bm3ZEyXJ/NlUcMYPwXoFETC/wNS80zFgj/48 aAcd9JV6+yCq+kVaDTvoR5RQH/kPpg== =kH2b -END PGP SIGNATURE- Andreas Schneider (11): Add editorconfig config file s3:tests: Fix wbinfo_lookuprids_cache test with system tdb-tools selftest: Add the trusted domain realms to krb5.conf testprogs: Rename TRUST_CREDS variables in test_trust_utils.sh testprogs: Show that DOM\user and REALM\user work for auth selftest: fl2000dc: Add outgoing trust from fl2000dc to ad_dc lib:tdb: Fix a memory leak on error auth:creds: Remove unused simple.c file s3:winbind: Remove trailing whitespaces in winbindd.c s3:winbind: Remove trailing whitespaces in winbindd_cm.c s3:winbind: Remove trailing whitespaces in winbindd_dual.c Andrew Bartlett (1): selftest: Print dns_update_cache path into the logs David Mulder (1): WHATSNEW: samba-tool without ad-dc Günther Deschner (48): librpc/ndr: do not print strings when NDR_SECRET is used librpc: add "Offline Domain Join" (ODJ) IDL librpc: compile ODJ idl librpc: add custom odj_switch_level_from_guid() librpc: more work on ODJ IDL librpc: make sure the 4 byte _pad in ODJ_WIN7BLOB is never 0 s4-torture: add odj ndr testsuite s3-libnet_join: add new provision_computer_account_only flag s3-libnet_join: let libnetjoin return a netr_DsRGetDCNameInfo s3-rpc_client: add copy_netr_DsRGetDCNameInfo() helper s3-libnet_join: return the allocated netr_DsRGetDCNameInfo struct s3-libnet_join: add some libnet_JoinCtx-to-ODJ helpers s3-libnet_join: add libnet_odj_find_win7blob to libnet_offline_join s3-libnet_join: add libnet_odj_find_joinprov3() s3-libnet_join: return account rid in libnet_JoinCtx s3-librpc: add ODJ_PROVISION_DATA pointer to libnet_JoinCtx s3-libnet_join: fully implement libnet_odj_compose_OP_JOINPROV3_PART s3-libnet_join: add request_offline_join flag s3-dsgetdcname: the returned dcinfo unc should always be prefixed s3-dsgetdcname: return dcinfo also when delivering from the cache. s3-libnet_join: add support for libnet_DomainOfflineJoin s3-libnet_join: use joinprov3 struct in libnet_DomainOfflineJoin() s3-dsgetdcname: add dsgetonedcname() s3-libnet_join: use dsgetonedcname to validate given DC s3-libnet_join: set netbios name as well when modification is requested s3-libnet_join: check for netbios name correctness as well s3-libnet_join: always check config correctness while joining offline re-run make libnetapi s3-libnetapi: add libnetapi_get_use_kerberos() s3-libnetapi: add libnetapi_set_logfile() s3-libnetapi: add missing NetJoinFlags for netapi s3-libnetapi: add offline domain join related error codes (not WERRORs) s3-libnetapi: add netapi_read_file helper s3-libnetapi: add netapi_save_file_ucs2() to example code s3-libnetapi: add NetProvisionComputerAccount() to IDL s3-libnetapi: add NetProvisionComputerAccount() boilerplate s3-libnetapi: add NetProvisionComputerAccount to api. s3-libnetapi: add NetProvisionComputerAccount example code s3-libnetapi: implement NetProvisionComputerAccount_l s3-libnetapi: add NetRequestOfflineDomainJoin to IDL s3-libnetapi: add NetRequestOfflineDomainJoin() boilerplate. s3-libnetapi: add NetRequestOfflineDomainJoin to api s3-libnetapi: add NetRequestOfflineDomainJoin example code s3-libnetapi: implement NetRequestOfflineDomainJoin_l s3-libnetapi: add djoin tool s3-net: add "net offlinejoin" command docs: document "net offlinejoin" set of commands s4-selftest: add net offlinejoin tests Isaac Boukris (3): selftest: Fix "outgoing" test in kinit_trust heimdal selftest: Add test for one-way trust wbinfo auth s3:winbind: Get rid of the winbind dc-connect child Jeremy Allison (21): s3: smbd: Explicitly code the semantics of "dos filemode" into the chown code. s3: VFS: fruit. In ad_get_meta_fsp(), we only need a handle on the base file, not the stream. s
[Announce] Samba 4.13.10 Available for Download
Release Announcements - This is the latest stable release of the Samba 4.13 release series. Changes since 4.13.9 o Jeremy Allison * BUG 14708: s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles. * BUG 14721: Take a copy to make sure we don't reference free'd memory. * BUG 14722: s3: lib: Fix talloc heirarcy error in parent_smb_fname(). * BUG 14736: s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path. o Andrew Bartlett * BUG 14575: samba-tool: Give better error information when the 'domain backup restore' fails with a duplicate SID. o Ralph Boehme * BUG 14714: smbd: Correctly initialize close timestamp fields. * BUG 14740: Spotlight RPC service doesn't work with vfs_glusterfs. o Volker Lendecke * BUG 14475: ctdb: Fix a crash in run_proc_signal_handler(). o Stefan Metzmacher * BUG 14750: gensec_krb5: Restore ipv6 support for kpasswd. * BUG 14752: smbXsrv_{open,session,tcon}: Protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records. o Joseph Sutton * BUG 14027: samba-tool domain backup offline doesn't work against bind DLZ backend. * BUG 14669: netcmd: Use next_free_rid() function to calculate a SID for restoring a backup. ### Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 4.1 and newer product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID AA99442FB680B620). The source code can be downloaded from: https://download.samba.org/pub/samba/stable/ The release notes are available online at: https://www.samba.org/samba/history/samba-4.13.10.html Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team signature.asc Description: PGP signature
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 2b3c9b5 Add Samba 4.13.10. via d1feb7c NEWS[4.13.10]: Samba 4.13.10 Available for Download from af20d51 Add Samba 4.14.6. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 2b3c9b5b229913cf71439db70bbf55c5d662f1ee Author: Karolin Seeger Date: Wed Jul 14 10:16:00 2021 +0200 Add Samba 4.13.10. Signed-off-by: Karolin Seeger commit d1feb7caf307b11f9163b43225deeb93d7410eb1 Author: Karolin Seeger Date: Wed Jul 14 10:14:08 2021 +0200 NEWS[4.13.10]: Samba 4.13.10 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.13.10.html| 65 +++ posted_news/20210714-081532.4.13.10.body.html | 13 + posted_news/20210714-081532.4.13.10.headline.html | 3 ++ 4 files changed, 82 insertions(+) create mode 100644 history/samba-4.13.10.html create mode 100644 posted_news/20210714-081532.4.13.10.body.html create mode 100644 posted_news/20210714-081532.4.13.10.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index d6f2cef..25a507f 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -16,6 +16,7 @@ samba-4.14.2 samba-4.14.1 samba-4.14.0 + samba-4.13.10 samba-4.13.9 samba-4.13.8 samba-4.13.7 diff --git a/history/samba-4.13.10.html b/history/samba-4.13.10.html new file mode 100644 index 000..d7162cb --- /dev/null +++ b/history/samba-4.13.10.html @@ -0,0 +1,65 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.13.10 - Release Notes + + +Samba 4.13.10 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.13.10.tar.gz;>Samba 4.13.10 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.13.10.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.13.9-4.13.10.diffs.gz;>Patch (gzipped) against Samba 4.13.9 +https://download.samba.org/pub/samba/patches/samba-4.13.9-4.13.10.diffs.asc;>Signature + + + + === + Release Notes for Samba 4.13.10 +July 14, 2021 + === + + +This is the latest stable release of the Samba 4.13 release series. + + +Changes since 4.13.9 + + +o Jeremy Allison j...@samba.org + * BUG 14708: s3: smbd: Ensure POSIX default ACL is mapped into returned + Windows ACL for directory handles. + * BUG 14721: Take a copy to make sure we dont reference freed memory. + * BUG 14722: s3: lib: Fix talloc heirarcy error in parent_smb_fname(). + * BUG 14736: s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in + change_file_owner_to_parent() error path. + +o Andrew Bartlett abart...@samba.org + * BUG 14575: samba-tool: Give better error information when the + domain backup restore fails with a duplicate SID. + +o Ralph Boehme s...@samba.org + * BUG 14714: smbd: Correctly initialize close timestamp fields. + * BUG 14740: Spotlight RPC service doesnt work with vfs_glusterfs. + +o Volker Lendecke v...@samba.org + * BUG 14475: ctdb: Fix a crash in run_proc_signal_handler(). + +o Stefan Metzmacher me...@samba.org + * BUG 14750: gensec_krb5: Restore ipv6 support for kpasswd. + * BUG 14752: smbXsrv_{open,session,tcon}: Protect + smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records. + +o Joseph Sutton josephsut...@catalyst.net.nz + * BUG 14027: samba-tool domain backup offline doesnt work against bind DLZ + backend. + * BUG 14669: netcmd: Use next_free_rid() function to calculate a SID for + restoring a backup. + + + + + + diff --git a/posted_news/20210714-081532.4.13.10.body.html b/posted_news/20210714-081532.4.13.10.body.html new file mode 100644 index 000..5c74459 --- /dev/null +++ b/posted_news/20210714-081532.4.13.10.body.html @@ -0,0 +1,13 @@ + +14 July 2021 +Samba 4.13.10 Available for Download + +This is the latest stable release of the Samba 4.13 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/stable/samba-4.13.10.tar.gz;>downloaded now. +A https://download.samba.org/pub/samba/patches/samba-4.13.9-4.13.10.diffs.gz;>patch against Samba 4.13.9 is also available. +See https://www.samba.org/samba/history/samba-4.13.10.html;>the release notes for more info. + + diff --git a/posted_n
[SCM] Samba Shared Repository - branch v4-13-stable updated
The branch, v4-13-stable has been updated via 85bb95881bb VERSION: Disable GIT_SNAPSHOT for the 4.13.10 release. via 22882df5ac4 WHATSNEW: Add release notes for Samba 4.13.10. via b9b1d98af4c smbXsrv_{open,session,tcon}: protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records via 7065f203a9f gensec_krb5: restore ipv6 support for kpasswd via 82e0f3e7997 netcmd: Use next_free_rid() function to calculate a SID for restoring a backup via e5c3a675464 python/tests/dsdb: Add tests for RID allocation functions via afad2fd9e24 dsdb: Add next_free_rid() function to allocate a RID without modifying the database via b3d59842fd9 netcmd: Add tests for performing an offline backup immediately after joining a domain via 00444ac64f5 netcmd: Ignore rIDUsedPool attribute in offline domain backup test via 445fb770c77 netcmd: Fix error-checking condition via 303a0ecdd9d netcmd: Avoid database corruption by opting not to create database files during an offline domain backup via 54c353e9ad6 netcmd: Determine which files are to be copied for an offline domain backup via 4a68b1cb2dc netcmd: Add test for an offline backup of nested directories via 6569d0b9967 netcmd: Add test for an offline backup of a directory containing hardlinks via d0bde5703b2 samba-tool: Give better error information when the 'domain backup restore' fails with a duplicate SID via 6e284db7877 samba-tool domain backup: Confirm the sidForRestore we will put into the backup is free via b01c4526fef s3: smbd: Fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2(). via a708c9b48a2 mdssvc: avoid direct filesystem access, use the VFS via 9f4e3da5eec mdssvc: chdir() to the conn of the RPC request via 7c924449b87 mdssvc: maintain a connection struct in the mds_ctx via 48b2dc3c5cc smbd: add create_conn_struct_cwd() via 60e091a153e smbd: pass tevent context to create_conn_struct_as_root() via 63ff1e37d55 mdssvc: pass messaging context to mds_init_ctx() via dce4c5ed911 mdssvc: don't fail mds_add_result() if result is not found in CNID set via 0484804d9f6 mdssvc: use a helper variable in mds_add_result() via b0746202c20 s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path. via 0b75c272368 s3: lib: Fix talloc heirarcy error in parent_smb_fname(). via 5d4bbaff8b6 smbd: correctly initialize close timestamp fields via 37233cbdf8f torture: add a test that verifies SMB2 close fields without postqueryattrib via c67dbd55aad ctdb: Fix a crash in run_proc_signal_handler() via 037f4b8fb9a ctdb: Introduce output before and after the 10-second timeout via 87265cef4b7 ctdb: Wait for SIGCHLD if script timed out via e70a8cbdb4a ctdb: Introduce a helper variable in run_event_test.c via 5e55d2c0dcf ctdb: Call run_event_recv() in a callback function via 83511576a1c ctdb: fix typos via abcddbae481 s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles. from 46c071544f1 VERSION: Bump version up to 4.13.10... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 70 ++- ctdb/common/run_proc.c | 6 +- ctdb/tests/UNIT/cunit/run_event_001.sh | 3 + ctdb/tests/src/run_event_test.c | 52 - python/samba/netcmd/domain_backup.py| 173 +++- python/samba/samdb.py | 105 ++ python/samba/tests/domain_backup_offline.py | 162 --- python/samba/tests/dsdb.py | 305 +++- source3/lib/filename_util.c | 2 +- source3/rpc_server/mdssvc/mdssvc.c | 127 ++-- source3/rpc_server/mdssvc/mdssvc.h | 2 + source3/rpc_server/mdssvc/srv_mdssvc_nt.c | 1 + source3/smbd/msdfs.c| 54 - source3/smbd/open.c | 18 +- source3/smbd/posix_acls.c | 12 +- source3/smbd/proto.h| 8 + source3/smbd/smb2_close.c | 8 +- source3/smbd/smbXsrv_open.c | 9 + source3/smbd/smbXsrv_session.c | 7 + source3/smbd/smbXsrv_tcon.c | 7 + source4/auth/gensec/gensec_krb5.c | 6 +- source4/selftest/tests.py | 2 +- source4/torture/smb2/timestamps.c | 65 ++ 24 files changed, 1073 insertions(+), 133 deletions(-)
[SCM] Samba Shared Repository - annotated tag samba-4.13.10 created
The annotated tag, samba-4.13.10 has been created at 85c23ad5757b1e97ecc2cc645e8dd095e4d64e9f (tag) tagging 85bb95881bbe6e3953fcbf80ee42208420d72f70 (commit) replaces samba-4.13.9 tagged by Karolin Seeger on Wed Jul 14 10:13:26 2021 +0200 - Log - samba: tag release samba-4.13.10 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmDunKYACgkQqplEL7aA tiBA2RAAuhluJSIkEYy3VoT/IuM8H0o2M/Y9HISorCQacqZ0KgVIVrbIX4at0BN2 F/Au5/1mrA0rpfX7xydVvy1ULHZRW17ehfdgVxj3ENBv7xZMhJVoJNDDQ3iobTBm L+ff02LtHH0Uj2sNjYAsh1cJa86AxRRzWdrmBugzDDjJUhIESKUMP/J22+wdqq/I TyERSFpqmSdodLC2mR/YBO6jqG6nddjY6yFY50l5SYMEJ4Mwo6Rsm3j7dKDiLOGQ 7CxWiQAKt+mfy34LO7x4pM8Qm9l1E5EXYgL6Omn/oiDB2YeHLhfsYOaizZQKcctf KXg6l+71V29kcC9jC/WgKgbV6KZdoY9G5AUSUk92mW/ROXMcggFZveO9hoCG3xLJ A5oWwNGH/OVZBeHqq7ACrptkHFinkIHqhIc6oio40RfPXwgWvTAi0NevnolkIAw7 Mh08XNKcgNi/IhqHNEC9HypVQX6EPUl4y5YNUW5/C5adgsAJHXOB3UWpInqYHmP5 Ffy8zFw346xdTCpKQerGc7WugljFHH3heIIDkA8a73459qTqwLYe42sZ1ikaveZA y53+ITs+v6n7bvM8fxaAgvCN27nwfy9DprhlQAylLlix54RkQs/jGMQKiR+fXbDa c0by6mpFEdUHyv0blyQb2gFnXhOydtjxa4dpPTK2eGVpIx6jDac= =vrFC -END PGP SIGNATURE- Andrew Bartlett (2): samba-tool domain backup: Confirm the sidForRestore we will put into the backup is free samba-tool: Give better error information when the 'domain backup restore' fails with a duplicate SID Jeremy Allison (4): s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles. s3: lib: Fix talloc heirarcy error in parent_smb_fname(). s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path. s3: smbd: Fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2(). Joseph Sutton (10): netcmd: Add test for an offline backup of a directory containing hardlinks netcmd: Add test for an offline backup of nested directories netcmd: Determine which files are to be copied for an offline domain backup netcmd: Avoid database corruption by opting not to create database files during an offline domain backup netcmd: Fix error-checking condition netcmd: Ignore rIDUsedPool attribute in offline domain backup test netcmd: Add tests for performing an offline backup immediately after joining a domain dsdb: Add next_free_rid() function to allocate a RID without modifying the database python/tests/dsdb: Add tests for RID allocation functions netcmd: Use next_free_rid() function to calculate a SID for restoring a backup Karolin Seeger (3): VERSION: Bump version up to 4.13.10... WHATSNEW: Add release notes for Samba 4.13.10. VERSION: Disable GIT_SNAPSHOT for the 4.13.10 release. Ralph Boehme (10): torture: add a test that verifies SMB2 close fields without postqueryattrib smbd: correctly initialize close timestamp fields mdssvc: use a helper variable in mds_add_result() mdssvc: don't fail mds_add_result() if result is not found in CNID set mdssvc: pass messaging context to mds_init_ctx() smbd: pass tevent context to create_conn_struct_as_root() smbd: add create_conn_struct_cwd() mdssvc: maintain a connection struct in the mds_ctx mdssvc: chdir() to the conn of the RPC request mdssvc: avoid direct filesystem access, use the VFS Stefan Metzmacher (2): gensec_krb5: restore ipv6 support for kpasswd smbXsrv_{open,session,tcon}: protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records Volker Lendecke (6): ctdb: fix typos ctdb: Call run_event_recv() in a callback function ctdb: Introduce a helper variable in run_event_test.c ctdb: Wait for SIGCHLD if script timed out ctdb: Introduce output before and after the 10-second timeout ctdb: Fix a crash in run_proc_signal_handler() --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via 6fa28f4eb3a VERSION: Bump version up to Samba 4.13.11... via 85bb95881bb VERSION: Disable GIT_SNAPSHOT for the 4.13.10 release. via 22882df5ac4 WHATSNEW: Add release notes for Samba 4.13.10. from b9b1d98af4c smbXsrv_{open,session,tcon}: protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit 6fa28f4eb3ad9d6040b6108d4db87103944dd6a4 Author: Karolin Seeger Date: Wed Jul 14 08:31:55 2021 +0200 VERSION: Bump version up to Samba 4.13.11... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 85bb95881bbe6e3953fcbf80ee42208420d72f70 Author: Karolin Seeger Date: Wed Jul 14 08:31:24 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.13.10 release. Signed-off-by: Karolin Seeger commit 22882df5ac49a27a3563e71919a422afa30b7c45 Author: Karolin Seeger Date: Wed Jul 14 08:30:52 2021 +0200 WHATSNEW: Add release notes for Samba 4.13.10. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 70 ++-- 2 files changed, 69 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index addb12d75e0..49a0d6e775a 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=13 -SAMBA_VERSION_RELEASE=10 +SAMBA_VERSION_RELEASE=11 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index da680c071d9..c141d32b62e 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,70 @@ + === + Release Notes for Samba 4.13.10 +July 14, 2021 + === + + +This is the latest stable release of the Samba 4.13 release series. + + +Changes since 4.13.9 + + +o Jeremy Allison + * BUG 14708: s3: smbd: Ensure POSIX default ACL is mapped into returned + Windows ACL for directory handles. + * BUG 14721: Take a copy to make sure we don't reference free'd memory. + * BUG 14722: s3: lib: Fix talloc heirarcy error in parent_smb_fname(). + * BUG 14736: s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in + change_file_owner_to_parent() error path. + +o Andrew Bartlett + * BUG 14575: samba-tool: Give better error information when the + 'domain backup restore' fails with a duplicate SID. + +o Ralph Boehme + * BUG 14714: smbd: Correctly initialize close timestamp fields. + * BUG 14740: Spotlight RPC service doesn't work with vfs_glusterfs. + +o Volker Lendecke + * BUG 14475: ctdb: Fix a crash in run_proc_signal_handler(). + +o Stefan Metzmacher + * BUG 14750: gensec_krb5: Restore ipv6 support for kpasswd. + * BUG 14752: smbXsrv_{open,session,tcon}: Protect + smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records. + +o Joseph Sutton + * BUG 14027: samba-tool domain backup offline doesn't work against bind DLZ + backend. + * BUG 14669: netcmd: Use next_free_rid() function to calculate a SID for + restoring a backup. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 4.13.9 May 11, 2021 @@ -61,8 +128,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- == -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via b9b1d98af4c smbXsrv_{open,session,tcon}: protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records via 7065f203a9f gensec_krb5: restore ipv6 support for kpasswd via 82e0f3e7997 netcmd: Use next_free_rid() function to calculate a SID for restoring a backup via e5c3a675464 python/tests/dsdb: Add tests for RID allocation functions via afad2fd9e24 dsdb: Add next_free_rid() function to allocate a RID without modifying the database via b3d59842fd9 netcmd: Add tests for performing an offline backup immediately after joining a domain via 00444ac64f5 netcmd: Ignore rIDUsedPool attribute in offline domain backup test via 445fb770c77 netcmd: Fix error-checking condition via 303a0ecdd9d netcmd: Avoid database corruption by opting not to create database files during an offline domain backup via 54c353e9ad6 netcmd: Determine which files are to be copied for an offline domain backup via 4a68b1cb2dc netcmd: Add test for an offline backup of nested directories via 6569d0b9967 netcmd: Add test for an offline backup of a directory containing hardlinks via d0bde5703b2 samba-tool: Give better error information when the 'domain backup restore' fails with a duplicate SID via 6e284db7877 samba-tool domain backup: Confirm the sidForRestore we will put into the backup is free from b01c4526fef s3: smbd: Fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2(). https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit b9b1d98af4c7cd2326e12e1c3b734056663932d1 Author: Stefan Metzmacher Date: Mon Jul 5 17:17:30 2021 +0200 smbXsrv_{open,session,tcon}: protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records I saw systems with locking.tdb records being part of: ctdb catdb smbXsrv_tcon_global.tdb It's yet unknown how that happened, but we should not panic in srvsvc_* calls because the info0 pointer was NULL. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14752 Signed-off-by: Stefan Metzmacher Reviewed-by: Volker Lendecke Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Tue Jul 6 11:08:43 UTC 2021 on sn-devel-184 (cherry picked from commit 00bab5b3c821f272153a25ded9743460887a7907) Autobuild-User(v4-13-test): Karolin Seeger Autobuild-Date(v4-13-test): Tue Jul 13 13:18:20 UTC 2021 on sn-devel-184 commit 7065f203a9fa0618e9a72043ec925eee7c7cdd01 Author: Stefan Metzmacher Date: Fri Jul 2 09:37:25 2021 +0200 gensec_krb5: restore ipv6 support for kpasswd We need to offer as much space we have in order to get the address out of tsocket_address_bsd_sockaddr(). This fixes a regression in commit 43c808f2ff907497dfff0988ff90a48fdcfc16ef. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14750 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit 0388a8f33bdde49f1cc805a0291859203c1a52b4) commit 82e0f3e79975ffdffd5afca77b6458a33488eff7 Author: Joseph Sutton Date: Thu May 27 15:35:35 2021 +1200 netcmd: Use next_free_rid() function to calculate a SID for restoring a backup This means we won't get errors if the DC doesn't have a rIDNextRID attribute, but we will still error if there is no RID Set or if all its pools are exhausted. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Reviewed-by: Douglas Bagnall (cherry picked from commit 59d293b60608172ae61551c642d13d3b215924e4) commit e5c3a675464208bffad08a0e923406c9a2d4b0a5 Author: Joseph Sutton Date: Mon May 24 16:46:28 2021 +1200 python/tests/dsdb: Add tests for RID allocation functions BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Reviewed-by: Douglas Bagnall (cherry picked from commit 7c7cad81844950c3efe9a540a47b9d4e1ce1b2a1) commit afad2fd9e2499f6ddacae9ddace22c81e9de7da0 Author: Joseph Sutton Date: Mon May 24 12:59:59 2021 +1200 dsdb: Add next_free_rid() function to allocate a RID without modifying the database If used to generate SIDs for objects, care should be taken, as the possibility for having duplicate objectSIDs can arise. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Reviewed-by: Douglas Bagnall (cherry picked from commit cc98e03e7a0f2bf7a1ace2950fe6500f53640c1b) commit b3d59842fd99c8d72dbc6f65259efad05bd5d897 Author: Joseph Sutton Date: Mon May 24 14:58:40 2021 +1200 netcmd: Add tests for performing
[Announce] Samba 4.14.6 Available for Download
Release Announcements - This is the latest stable release of the Samba 4.14 release series. Changes since 4.14.5 o Jeremy Allison * BUG 14722: s3: lib: Fix talloc heirarcy error in parent_smb_fname(). * BUG 14732: smbd: Fix pathref unlinking in create_file_unixpath(). * BUG 14734: s3: VFS: default: Add proc_fd's fallback for vfswrap_fchown(). * BUG 14736: s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path. o Ralph Boehme * BUG 14730: NT_STATUS_FILE_IS_A_DIRECTORY error messages when using glusterfs VFS module. * BUG 14734: s3/modules: fchmod: Fallback to path based chmod if pathref. * BUG 14740: Spotlight RPC service doesn't work with vfs_glusterfs. o Stefan Metzmacher * BUG 14750: gensec_krb5: Restore ipv6 support for kpasswd. * BUG 14752: smbXsrv_{open,session,tcon}: protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records. o Joseph Sutton * BUG 14027: samba-tool domain backup offline doesn't work against bind DLZ backend. * BUG 14669: netcmd: Use next_free_rid() function to calculate a SID for restoring a backup. ### Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 4.1 and newer product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID AA99442FB680B620). The source code can be downloaded from: https://download.samba.org/pub/samba/stable/ The release notes are available online at: https://www.samba.org/samba/history/samba-4.14.6.html Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team signature.asc Description: PGP signature
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via af20d51 Add Samba 4.14.6. via f358d51 NEWS[4.14.6]: Samba 4.14.6 Available for Download from 0c295f2 fix accent https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit af20d51ee9eeaa5c66e73aa5a55d6a86ee4d3c43 Author: Karolin Seeger Date: Tue Jul 13 12:34:29 2021 +0200 Add Samba 4.14.6. Signed-off-by: Karolin Seeger commit f358d511094d455ea264dd052f4a165a12d86b90 Author: Karolin Seeger Date: Tue Jul 13 12:30:40 2021 +0200 NEWS[4.14.6]: Samba 4.14.6 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.14.6.html| 59 posted_news/20210713-103410.4.14.6.body.html | 13 ++ posted_news/20210713-103410.4.14.6.headline.html | 3 ++ 4 files changed, 76 insertions(+) create mode 100644 history/samba-4.14.6.html create mode 100644 posted_news/20210713-103410.4.14.6.body.html create mode 100644 posted_news/20210713-103410.4.14.6.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index c28a296..d6f2cef 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.14.6 samba-4.14.5 samba-4.14.4 samba-4.14.3 diff --git a/history/samba-4.14.6.html b/history/samba-4.14.6.html new file mode 100644 index 000..8f04c94 --- /dev/null +++ b/history/samba-4.14.6.html @@ -0,0 +1,59 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.14.6 - Release Notes + + +Samba 4.14.6 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.14.6.tar.gz;>Samba 4.14.6 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.14.6.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.14.5-4.14.6.diffs.gz;>Patch (gzipped) against Samba 4.14.5 +https://download.samba.org/pub/samba/patches/samba-4.14.5-4.14.6.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.14.6 +July 13, 2021 + == + + +This is the latest stable release of the Samba 4.14 release series. + + +Changes since 4.14.5 + + +o Jeremy Allison j...@samba.org + * BUG 14722: s3: lib: Fix talloc heirarcy error in parent_smb_fname(). + * BUG 14732: smbd: Fix pathref unlinking in create_file_unixpath(). + * BUG 14734: s3: VFS: default: Add proc_fds fallback for vfswrap_fchown(). + * BUG 14736: s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in + change_file_owner_to_parent() error path. + +o Ralph Boehme s...@samba.org + * BUG 14730: NT_STATUS_FILE_IS_A_DIRECTORY error messages when using + glusterfs VFS module. + * BUG 14734: s3/modules: fchmod: Fallback to path based chmod if pathref. + * BUG 14740: Spotlight RPC service doesnt work with vfs_glusterfs. + +o Stefan Metzmacher me...@samba.org + * BUG 14750: gensec_krb5: Restore ipv6 support for kpasswd. + * BUG 14752: smbXsrv_{open,session,tcon}: protect + smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records. + +o Joseph Sutton josephsut...@catalyst.net.nz + * BUG 14027: samba-tool domain backup offline doesnt work against bind DLZ + backend. + * BUG 14669: netcmd: Use next_free_rid() function to calculate a SID for + restoring a backup. + + + + + + diff --git a/posted_news/20210713-103410.4.14.6.body.html b/posted_news/20210713-103410.4.14.6.body.html new file mode 100644 index 000..cc34824 --- /dev/null +++ b/posted_news/20210713-103410.4.14.6.body.html @@ -0,0 +1,13 @@ + +13 July 2021 +Samba 4.14.6 Available for Download + +This is the latest stable release of the Samba 4.14 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/stable/samba-4.14.6.tar.gz;>downloaded now. +A https://download.samba.org/pub/samba/patches/samba-4.14.5-4.14.6.diffs.gz;>patch against Samba 4.14.5 is also available. +See https://www.samba.org/samba/history/samba-4.14.6.html;>the release notes for more info. + + diff --git a/posted_news/20210713-103410.4.14.6.headline.html b/posted_news/20210713-103410.4.14.6.headline.html new file mode 100644 index 000..7363805 --- /dev/null +++ b/posted_news/20210713-103410.4.14.6.headline.html @@ -0,0 +1,3 @@ + + 13 July 2021 Samba 4.14.6 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-14-stable updated
The branch, v4-14-stable has been updated via 507cdfb744e VERSION: Disable GIT_SNAPSHOT for the 4.14.6 release. via dc3702b5113 WHATSNEW: Add release notes for Samba 4.14.6. via 8f7ab597969 smbXsrv_{open,session,tcon}: protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records via c1662a81220 gensec_krb5: restore ipv6 support for kpasswd via a6447a1dce1 netcmd: Use next_free_rid() function to calculate a SID for restoring a backup via 69d8b64fdc1 python/tests/dsdb: Add tests for RID allocation functions via 94ca97bd121 dsdb: Add next_free_rid() function to allocate a RID without modifying the database via f9d2652a0b4 netcmd: Add tests for performing an offline backup immediately after joining a domain via b226e83a3dc netcmd: Ignore rIDUsedPool attribute in offline domain backup test via 79029224ee0 netcmd: Fix error-checking condition via c1ac591c197 netcmd: Avoid database corruption by opting not to create database files during an offline domain backup via 7a7bfba1d98 netcmd: Determine which files are to be copied for an offline domain backup via 5b361227e7c netcmd: Add test for an offline backup of nested directories via b095932a303 netcmd: Add test for an offline backup of a directory containing hardlinks via 60714069b2c mdssvc: avoid direct filesystem access, use the VFS via 19115477256 mdssvc: chdir() to the conn of the RPC request via f8e857aeed3 mdssvc: maintain a connection struct in the mds_ctx via 9439cfe7142 smbd: add create_conn_struct_cwd() via 5ee1c6a0b01 smbd: pass tevent context to create_conn_struct_as_root() via b1cb178ab9d mdssvc: pass messaging context to mds_init_ctx() via db5326a7f7a mdssvc: don't fail mds_add_result() if result is not found in CNID set via 6ce42a067f3 mdssvc: use a helper variable in mds_add_result() via 858a116e796 smbd: add synthetic_pathref() via 4936ad99859 s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path. via f8c4bcb0b22 s3/modules: fchmod: fallback to path based chmod if pathref via 866efccfa90 s3: VFS: default: Add proc_fd's fallback for vfswrap_fchown(). via 35d7a23d720 s3: lib: Fix talloc heirarcy error in parent_smb_fname(). via 42fa9f800fd smbd: fix pathref unlinking in create_file_unixpath() via 1c8ba016208 smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from call_trans2findfirst() via c8355298be5 smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from copy_file() via 94fc3ac176a smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from copy_file() via acd2c1fed8d smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from rename_internals() via fc8becea75d smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from rename_internals() via 89851bdfb8a smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from reply_search() via 8dc1552ce2a smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from create_file_unixpath() via b87ada0acd7 smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from open_streams_for_delete() via 12a375df83b smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from get_file_handle_for_metadata() via 15e52ebd028 net: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from openat_pathref_fsp() via ec89546b9b2 smbd: don't return NT_STATUS_STOPPED_ON_SYMLINK in openat_pathref_fsp() via 4b1918ca9a7 smbd: simplify error codepath in openat_pathref_fsp() via 95183a05af1 smbd: expect valid stat info in openat_pathref_fsp() via 19fe725a117 smbd: stat path before calling openat_pathref_fsp() in smbd_dirptr_get_entry() via 445b97d3168 smbd: move smb_fname creation to earlier point in smbd_dirptr_get_entry() via 821992641c3 smbd: stat path before calling openat_pathref_fsp() in open_pathref_base_fsp() via 5505b9a6834 smbd: remove a redundant fstat()in create_file_unixpath() via 2dff00e034a smbd: call stat before openat_pathref_fsp() in create_file_unixpath() via af4737c4011 smbd: fix a resource leak in create_file_unixpath() via 589c10e91b9 smbd: stat path before calling openat_pathref_fsp() in unlink_internals() via 40583d313c3 s3/libadouble: stat path before calling openat_pathref_fsp() in ad_unconvert_open_ad() via cfccd7792e1 VERSION: Bump version up to 4.14.6... from 852d0c036f0 VERSION: Disable GIT_SNAPSHOT for the 4.14.5 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-stable - Log - --- Summary of changes: VERSION
[SCM] Samba Shared Repository - annotated tag samba-4.14.6 created
The annotated tag, samba-4.14.6 has been created at 3dab93fc85e214dac45cc268ed7aaf555aa8218d (tag) tagging 507cdfb744e8f6d5023ba821959b6572bc71a709 (commit) replaces samba-4.14.5 tagged by Karolin Seeger on Tue Jul 13 12:29:09 2021 +0200 - Log - samba: tag release samba-4.14.6 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmDtavUACgkQqplEL7aA tiBFuxAAs3wzPY49ZCZao1L+qFX3WSB5Y1GSEPqTqJqdnG1GArlg24m8UorjeX3a a6BP8ZdwcKlhz1TidD6N1QriDLJFSFg3YprP2zh/uep8buykbreFRHWeTUm/sKBz 0UtH+YHsnJyDNemlxJ7xFHLG+pRtYljz9h8oWwFN2PjtI9hraAwtPINT8xikZdEs FmlRjwitTEjWbiGowpoX/sa/tdH5ZK7ctB+4bbvb1WCwBbnO5b+/+5wNaA/bqykQ 50flXbjSTwC4TSpHAvDeQQWIsqKmsmN5gTpW7i/K3fJFKGZViM9JW4MyTrdrwQQd 1r2wPyZMoyvNtOErajxB5jgzrB/QVhXZ6T5hPiiB6sYst6IfB96OnkG733yVIZ9+ LWDZ/gTJvDeQWLRfo+aYWkYUhHQmU1OYyepkqLU2lkC/9Ofirqe6H0gcr/S7Y/Mu XmOqG5lJpFsdE4Sw5rozLtHPe4yNthyUNHesGbCL7BgCKMGxe9nmOVhjhHanif10 BI4Tyq0AHgujqBQnnUMOUqAK2Fzy3xVm6HukbZbKB7JNzOCuZ996mdWqz89AZpnQ aFz7PymIbAkQHE+O5wtMzL6RXXr3NOLwsq+yRKEl8NGaGxSuKEUwEGNuQbntaCvp bBWArfyx44vLCveCSTOxxQNvEl2UzU9pjtJmzDb99SLhvuZxbIY= =pyny -END PGP SIGNATURE- Jeremy Allison (4): smbd: fix pathref unlinking in create_file_unixpath() s3: lib: Fix talloc heirarcy error in parent_smb_fname(). s3: VFS: default: Add proc_fd's fallback for vfswrap_fchown(). s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path. Joseph Sutton (10): netcmd: Add test for an offline backup of a directory containing hardlinks netcmd: Add test for an offline backup of nested directories netcmd: Determine which files are to be copied for an offline domain backup netcmd: Avoid database corruption by opting not to create database files during an offline domain backup netcmd: Fix error-checking condition netcmd: Ignore rIDUsedPool attribute in offline domain backup test netcmd: Add tests for performing an offline backup immediately after joining a domain dsdb: Add next_free_rid() function to allocate a RID without modifying the database python/tests/dsdb: Add tests for RID allocation functions netcmd: Use next_free_rid() function to calculate a SID for restoring a backup Karolin Seeger (3): VERSION: Bump version up to 4.14.6... WHATSNEW: Add release notes for Samba 4.14.6. VERSION: Disable GIT_SNAPSHOT for the 4.14.6 release. Ralph Boehme (31): s3/libadouble: stat path before calling openat_pathref_fsp() in ad_unconvert_open_ad() smbd: stat path before calling openat_pathref_fsp() in unlink_internals() smbd: fix a resource leak in create_file_unixpath() smbd: call stat before openat_pathref_fsp() in create_file_unixpath() smbd: remove a redundant fstat()in create_file_unixpath() smbd: stat path before calling openat_pathref_fsp() in open_pathref_base_fsp() smbd: move smb_fname creation to earlier point in smbd_dirptr_get_entry() smbd: stat path before calling openat_pathref_fsp() in smbd_dirptr_get_entry() smbd: expect valid stat info in openat_pathref_fsp() smbd: simplify error codepath in openat_pathref_fsp() smbd: don't return NT_STATUS_STOPPED_ON_SYMLINK in openat_pathref_fsp() net: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from openat_pathref_fsp() smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from get_file_handle_for_metadata() smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from open_streams_for_delete() smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from create_file_unixpath() smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from reply_search() smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from rename_internals() smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from rename_internals() smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from copy_file() smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from copy_file() smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from call_trans2findfirst() s3/modules: fchmod: fallback to path based chmod if pathref smbd: add synthetic_pathref() mdssvc: use a helper variable in mds_add_result() mdssvc: don't fail mds_add_result() if result is not found in CNID set mdssvc: pass messaging context to mds_init_ctx() smbd: pass tevent context to create_conn_struct_as_root() smbd: add create_conn_struct_cwd() mdssvc: maintain a connection struct in the mds_ctx mdssvc: chdir() to the conn of the RPC request mdssvc: avoid direct filesystem access, use the VFS Stefan Metzmacher (2): gensec_krb5: restore ipv6 support for kpasswd smbXsrv_{open,session,tcon}: protect smbXsrv_{open,session,tcon
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 4801b6c298b VERSION: Bump version up to 4.14.7... via 507cdfb744e VERSION: Disable GIT_SNAPSHOT for the 4.14.6 release. via dc3702b5113 WHATSNEW: Add release notes for Samba 4.14.6. from 8f7ab597969 smbXsrv_{open,session,tcon}: protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 4801b6c298bde2fed4a8abbf0de29c9d0edff563 Author: Karolin Seeger Date: Tue Jul 13 12:26:05 2021 +0200 VERSION: Bump version up to 4.14.7... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 507cdfb744e8f6d5023ba821959b6572bc71a709 Author: Karolin Seeger Date: Tue Jul 13 12:25:23 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.14.6 release. Signed-off-by: Karolin Seeger commit dc3702b511324b77cea68decff66acf2a5113b0c Author: Karolin Seeger Date: Tue Jul 13 12:24:33 2021 +0200 WHATSNEW: Add release notes for Samba 4.14.6. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 64 ++-- 2 files changed, 63 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index a50dae275cf..3a5ec52ebd0 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=14 -SAMBA_VERSION_RELEASE=6 +SAMBA_VERSION_RELEASE=7 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 7a1af731a94..452eee13b54 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,64 @@ + == + Release Notes for Samba 4.14.6 +July 13, 2021 + == + + +This is the latest stable release of the Samba 4.14 release series. + + +Changes since 4.14.5 + + +o Jeremy Allison + * BUG 14722: s3: lib: Fix talloc heirarcy error in parent_smb_fname(). + * BUG 14732: smbd: Fix pathref unlinking in create_file_unixpath(). + * BUG 14734: s3: VFS: default: Add proc_fd's fallback for vfswrap_fchown(). + * BUG 14736: s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in + change_file_owner_to_parent() error path. + +o Ralph Boehme + * BUG 14730: NT_STATUS_FILE_IS_A_DIRECTORY error messages when using + glusterfs VFS module. + * BUG 14734: s3/modules: fchmod: Fallback to path based chmod if pathref. + * BUG 14740: Spotlight RPC service doesn't work with vfs_glusterfs. + +o Stefan Metzmacher + * BUG 14750: gensec_krb5: Restore ipv6 support for kpasswd. + * BUG 14752: smbXsrv_{open,session,tcon}: protect + smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records. + +o Joseph Sutton + * BUG 14027: samba-tool domain backup offline doesn't work against bind DLZ + backend. + * BUG 14669: netcmd: Use next_free_rid() function to calculate a SID for + restoring a backup. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 4.14.5 June 01, 2021 @@ -59,8 +120,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- == -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 8f7ab597969 smbXsrv_{open,session,tcon}: protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records via c1662a81220 gensec_krb5: restore ipv6 support for kpasswd via a6447a1dce1 netcmd: Use next_free_rid() function to calculate a SID for restoring a backup via 69d8b64fdc1 python/tests/dsdb: Add tests for RID allocation functions via 94ca97bd121 dsdb: Add next_free_rid() function to allocate a RID without modifying the database via f9d2652a0b4 netcmd: Add tests for performing an offline backup immediately after joining a domain via b226e83a3dc netcmd: Ignore rIDUsedPool attribute in offline domain backup test via 79029224ee0 netcmd: Fix error-checking condition via c1ac591c197 netcmd: Avoid database corruption by opting not to create database files during an offline domain backup via 7a7bfba1d98 netcmd: Determine which files are to be copied for an offline domain backup via 5b361227e7c netcmd: Add test for an offline backup of nested directories via b095932a303 netcmd: Add test for an offline backup of a directory containing hardlinks via 60714069b2c mdssvc: avoid direct filesystem access, use the VFS via 19115477256 mdssvc: chdir() to the conn of the RPC request via f8e857aeed3 mdssvc: maintain a connection struct in the mds_ctx via 9439cfe7142 smbd: add create_conn_struct_cwd() via 5ee1c6a0b01 smbd: pass tevent context to create_conn_struct_as_root() via b1cb178ab9d mdssvc: pass messaging context to mds_init_ctx() via db5326a7f7a mdssvc: don't fail mds_add_result() if result is not found in CNID set via 6ce42a067f3 mdssvc: use a helper variable in mds_add_result() via 858a116e796 smbd: add synthetic_pathref() via 4936ad99859 s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path. via f8c4bcb0b22 s3/modules: fchmod: fallback to path based chmod if pathref via 866efccfa90 s3: VFS: default: Add proc_fd's fallback for vfswrap_fchown(). via 35d7a23d720 s3: lib: Fix talloc heirarcy error in parent_smb_fname(). from 42fa9f800fd smbd: fix pathref unlinking in create_file_unixpath() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 8f7ab597969e6e834ef333d5cf314f770325d6a9 Author: Stefan Metzmacher Date: Mon Jul 5 17:17:30 2021 +0200 smbXsrv_{open,session,tcon}: protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records I saw systems with locking.tdb records being part of: ctdb catdb smbXsrv_tcon_global.tdb It's yet unknown how that happened, but we should not panic in srvsvc_* calls because the info0 pointer was NULL. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14752 Signed-off-by: Stefan Metzmacher Reviewed-by: Volker Lendecke Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Tue Jul 6 11:08:43 UTC 2021 on sn-devel-184 (cherry picked from commit 00bab5b3c821f272153a25ded9743460887a7907) Autobuild-User(v4-14-test): Karolin Seeger Autobuild-Date(v4-14-test): Mon Jul 12 13:52:06 UTC 2021 on sn-devel-184 commit c1662a8122011aa550b2ae2325de97c6f57e1485 Author: Stefan Metzmacher Date: Fri Jul 2 09:37:25 2021 +0200 gensec_krb5: restore ipv6 support for kpasswd We need to offer as much space we have in order to get the address out of tsocket_address_bsd_sockaddr(). This fixes a regression in commit 43c808f2ff907497dfff0988ff90a48fdcfc16ef. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14750 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit 0388a8f33bdde49f1cc805a0291859203c1a52b4) commit a6447a1dce1bed1a33ab6aa729f5837acc3895f6 Author: Joseph Sutton Date: Thu May 27 15:35:35 2021 +1200 netcmd: Use next_free_rid() function to calculate a SID for restoring a backup This means we won't get errors if the DC doesn't have a rIDNextRID attribute, but we will still error if there is no RID Set or if all its pools are exhausted. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Reviewed-by: Douglas Bagnall (cherry picked from commit 59d293b60608172ae61551c642d13d3b215924e4) commit 69d8b64fdc1b2d9b5ac88385af704e2935d6ca4e Author: Joseph Sutton Date: Mon May 24 16:46:28 2021 +1200 python/tests/dsdb: Add tests for RID allocation functions BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669 Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Reviewed-by: Douglas Bagnall (cherry picked from commit
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via b01c4526fef s3: smbd: Fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2(). via a708c9b48a2 mdssvc: avoid direct filesystem access, use the VFS via 9f4e3da5eec mdssvc: chdir() to the conn of the RPC request via 7c924449b87 mdssvc: maintain a connection struct in the mds_ctx via 48b2dc3c5cc smbd: add create_conn_struct_cwd() via 60e091a153e smbd: pass tevent context to create_conn_struct_as_root() via 63ff1e37d55 mdssvc: pass messaging context to mds_init_ctx() via dce4c5ed911 mdssvc: don't fail mds_add_result() if result is not found in CNID set via 0484804d9f6 mdssvc: use a helper variable in mds_add_result() via b0746202c20 s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path. via 0b75c272368 s3: lib: Fix talloc heirarcy error in parent_smb_fname(). from 5d4bbaff8b6 smbd: correctly initialize close timestamp fields https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit b01c4526fef64ac7458459111d0715434ca3f2a2 Author: Jeremy Allison Date: Wed May 26 22:41:53 2021 -0700 s3: smbd: Fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2(). Valgrind trace follows. ==3627798== Invalid read of size 1 ==3627798==at 0x483FF46: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==3627798==by 0x55DE412: strdup (strdup.c:41) ==3627798==by 0x4F4657E: smb_xstrdup (util.c:660) ==3627798==by 0x4C62C2E: vfs_ChDir (vfs.c:988) ==3627798==by 0x4C4A51C: process_symlink_open (open.c:656) ==3627798==by 0x4C4ADE7: non_widelink_open (open.c:862) ==3627798==by 0x4C4AFB7: fd_openat (open.c:918) ==3627798==by 0x4BBE895: openat_pathref_fsp (files.c:506) ==3627798==by 0x4C48A00: filename_convert_internal (filename.c:2027) ==3627798==by 0x4C48B77: filename_convert (filename.c:2067) ==3627798==by 0x4C32408: call_trans2qfilepathinfo (trans2.c:6173) ==3627798==by 0x4C3C5DA: handle_trans2 (trans2.c:10143) ==3627798== Address 0xda8bc90 is 96 bytes inside a block of size 217 free'd ==3627798==at 0x483DA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==3627798==by 0x4FCA3C9: _tc_free_internal (talloc.c:1222) ==3627798==by 0x4FCA481: _talloc_free_internal (talloc.c:1248) ==3627798==by 0x4FCB825: _talloc_free (talloc.c:1792) ==3627798==by 0xDB248DD: store_cwd_data (vfs_shadow_copy2.c:1473) ==3627798==by 0xDB24BEF: shadow_copy2_chdir (vfs_shadow_copy2.c:1542) ==3627798==by 0x4C662A4: smb_vfs_call_chdir (vfs.c:2257) ==3627798==by 0x4C62B48: vfs_ChDir (vfs.c:940) ==3627798==by 0x4C4A51C: process_symlink_open (open.c:656) ==3627798==by 0x4C4ADE7: non_widelink_open (open.c:862) ==3627798==by 0x4C4AFB7: fd_openat (open.c:918) ==3627798==by 0x4BBE895: openat_pathref_fsp (files.c:506) ==3627798== Block was alloc'd at ==3627798==at 0x483C7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==3627798==by 0x4FC9365: __talloc_with_prefix (talloc.c:783) ==3627798==by 0x4FC94FF: __talloc (talloc.c:825) ==3627798==by 0x4FCCFDC: __talloc_strlendup (talloc.c:2454) ==3627798==by 0x4FCD096: talloc_strdup (talloc.c:2470) ==3627798==by 0xDB24977: store_cwd_data (vfs_shadow_copy2.c:1476) ==3627798==by 0xDB24BEF: shadow_copy2_chdir (vfs_shadow_copy2.c:1542) ==3627798==by 0x4C662A4: smb_vfs_call_chdir (vfs.c:2257) ==3627798==by 0x4C62B48: vfs_ChDir (vfs.c:940) ==3627798==by 0x4C4A92D: non_widelink_open (open.c:755) ==3627798==by 0x4C4AFB7: fd_openat (open.c:918) ==3627798==by 0x4BBE895: openat_pathref_fsp (files.c:506) ==3627798== Even though SMB_VFS_CONNECTPATH() returns a const char, vfs_shadow_copy2() can free and reallocate this whilst in use inside process_symlink_open(). Take a copy to make sure we don't reference free'd memory. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14721 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Böhme Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu May 27 17:25:43 UTC 2021 on sn-devel-184 (cherry picked from commit 2f0cfe82907516ecf23cc385d41b8d29ed6b8c96) Autobuild-User(v4-13-test): Karolin Seeger Autobuild-Date(v4-13-test): Mon Jul 12 11:03:04 UTC 2021 on sn-devel-184 commit a708c9b48a212e5ccedf0f34e899bb0d565d77f6 Author: Ralph Boehme Date: Mon May 10 12:34:32 2021 +0200 mdssvc: avoid direct filesystem access, use the VFS This ensures
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 42fa9f800fd smbd: fix pathref unlinking in create_file_unixpath() via 1c8ba016208 smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from call_trans2findfirst() via c8355298be5 smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from copy_file() via 94fc3ac176a smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from copy_file() via acd2c1fed8d smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from rename_internals() via fc8becea75d smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from rename_internals() via 89851bdfb8a smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from reply_search() via 8dc1552ce2a smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from create_file_unixpath() via b87ada0acd7 smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from open_streams_for_delete() via 12a375df83b smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from get_file_handle_for_metadata() via 15e52ebd028 net: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from openat_pathref_fsp() via ec89546b9b2 smbd: don't return NT_STATUS_STOPPED_ON_SYMLINK in openat_pathref_fsp() via 4b1918ca9a7 smbd: simplify error codepath in openat_pathref_fsp() via 95183a05af1 smbd: expect valid stat info in openat_pathref_fsp() via 19fe725a117 smbd: stat path before calling openat_pathref_fsp() in smbd_dirptr_get_entry() via 445b97d3168 smbd: move smb_fname creation to earlier point in smbd_dirptr_get_entry() via 821992641c3 smbd: stat path before calling openat_pathref_fsp() in open_pathref_base_fsp() via 5505b9a6834 smbd: remove a redundant fstat()in create_file_unixpath() via 2dff00e034a smbd: call stat before openat_pathref_fsp() in create_file_unixpath() via af4737c4011 smbd: fix a resource leak in create_file_unixpath() via 589c10e91b9 smbd: stat path before calling openat_pathref_fsp() in unlink_internals() via 40583d313c3 s3/libadouble: stat path before calling openat_pathref_fsp() in ad_unconvert_open_ad() from cfccd7792e1 VERSION: Bump version up to 4.14.6... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 42fa9f800fd008881c70cf37e63954f5987d0c78 Author: Jeremy Allison Date: Tue Jun 8 18:53:18 2021 +0200 smbd: fix pathref unlinking in create_file_unixpath() This is really subtle. If someone passes in an smb_fname where smb_fname actually is taken from fsp->fsp_name, then the lifetime of these objects is meant to be the same. This is commonly the case from an SMB1 path-based call (eg call_trans2qfilepathinfo()) where we use the pathref fsp (smb_fname->fsp) as the handle. In this case we must not unlink smb_fname->fsp from it's owner. The asserts below: SMB_ASSERT(fsp->fsp_name->fsp != NULL); SMB_ASSERT(fsp->fsp_name->fsp == fsp); ensure the required invarients are met. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14732 Pair-Programmed-With: Ralph Boehme Signed-off-by: Jeremy Allison Signed-off-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Jun 8 20:44:41 UTC 2021 on sn-devel-184 (cherry picked from commit 8a427783e5e780d3ffbe4f9710ac4a17c483ca33) Autobuild-User(v4-14-test): Karolin Seeger Autobuild-Date(v4-14-test): Thu Jun 10 10:31:11 UTC 2021 on sn-devel-184 commit 1c8ba016208458d97a78bc3a1d954c2df915cafd Author: Ralph Boehme Date: Tue Feb 2 16:01:19 2021 +0100 smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from call_trans2findfirst() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14730 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Feb 5 07:26:44 UTC 2021 on sn-devel-184 (cherry picked from commit 1b3d70e9ae95892a70bd0f46ae5bf733c1bc9548) commit c8355298be5c27c841725bcb08be462a922507c5 Author: Ralph Boehme Date: Tue Feb 2 16:00:32 2021 +0100 smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from copy_file() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14730 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 5898f5769e0b126cca33ba0002f1e4c3eb80d21a) commit 94fc3ac176aa0f97cd98750197a7d5c5d0189002 Author: Ralph Boehme Date: Tue Feb 2 15:58:57 2021 +0100 smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from copy_file() BUG: https://bugzilla.samba.org/show_bug.cgi?id=14730 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cher
[Announce] Samba 4.14.5 Available for Download
Release Announcements - This is the latest stable release of the Samba 4.14 release series. Changes since 4.14.4 o Jeremy Allison * BUG 14696: s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success. * BUG 14708: s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles. * BUG 14721: s3: smbd: Fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2(). o Andrew Bartlett * BUG 14689: docs: Expand the "log level" docs on audit logging. o Ralph Boehme * BUG 14714: smbd: Correctly initialize close timestamp fields. o Günther Deschner * BUG 14699: Fix gcc11 compiler issues. o Pavel Filipenský * BUG 14718: docs-xml: Update smbcacls manpage. * BUG 14719: docs: Update list of available commands in rpcclient. o Volker Lendecke * BUG 14475: ctdb: Fix a crash in run_proc_signal_handler(). o Andreas Schneider * BUG 14695: s3:winbind: For 'security = ADS' require realm/workgroup to be set. * BUG 14699: lib:replace: Do not build strndup test with gcc 11 or newer. ### Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 4.1 and newer product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID AA99442FB680B620). The source code can be downloaded from: https://download.samba.org/pub/samba/stable/ The release notes are available online at: https://www.samba.org/samba/history/samba-4.14.5.html Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team signature.asc Description: PGP signature
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 0c295f2 fix accent from 73b2f72 Add Samba 4.14.5 to the list. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 0c295f216818d945d835e8221c037781279e4d4a Author: Karolin Seeger Date: Tue Jun 1 09:39:37 2021 +0200 fix accent Signed-off-by: Karolin Seeger --- Summary of changes: history/samba-4.14.5.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/history/samba-4.14.5.html b/history/samba-4.14.5.html index f822860..611359c 100644 --- a/history/samba-4.14.5.html +++ b/history/samba-4.14.5.html @@ -44,7 +44,7 @@ o Ralph Boehme s...@samba.org o Gnther Deschner g...@samba.org * BUG 14699: Fix gcc11 compiler issues. -o Pavel Filipenský pfili...@redhat.com +o Pavel Filipensk pfili...@redhat.com * BUG 14718: docs-xml: Update smbcacls manpage. * BUG 14719: docs: Update list of available commands in rpcclient. -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-14-stable updated
The branch, v4-14-stable has been updated via 852d0c036f0 VERSION: Disable GIT_SNAPSHOT for the 4.14.5 release. via c237a2b610d WHATSNEW: Add release notes for Samba 4.14.5. via e7e537d77cc s3: smbd: Fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2(). via a29ee1ff68c docs: Update list of available commands in rpcclient via c91ea2d31b2 s3:rpcclient: Document command of witness protocol via 46cf8514c76 docs-xml: Update smbcacls manpage via c58029aa274 smbd: correctly initialize close timestamp fields via 94ba90fa755 torture: add a test that verifies SMB2 close fields without postqueryattrib via 1780305b193 ctdb: Fix a crash in run_proc_signal_handler() via 477da04a550 ctdb: Introduce output before and after the 10-second timeout via 95966b17f23 ctdb: Wait for SIGCHLD if script timed out via a41f3fd29fe ctdb: Introduce a helper variable in run_event_test.c via d75983a ctdb: Call run_event_recv() in a callback function via ee9fbada695 ctdb: fix typos via 42726c3f665 s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles. via 5611a6999c0 lib:replace: Do not build strndup test with gcc 11 or newer via a18d6bdaa54 Fix gcc11 compiler issue "-Werror=stringop-overflow=" via 657a1edd1b7 Fix gcc11 compiler issue "-Werror=maybe-uninitialized" via 0ce7c5e7a62 s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success. via 1c4e89f0e32 s3:winbind: For 'security = ADS' require realm/workgroup to be set via edf1b31ea82 s3:utils: Tell users that workgroup/realm is required for ADS mode via 7db0a50a8f8 docs: Expand the "log level" docs on audit logging via cc4e8ec610b docs: underline special words in the audit logging part of "log level" in man smb.conf via ecfca707d5f docs: Further discourage the use of the "event notification" options via 54ef0e6d6bb docs: Add proper explination on why transactions need to be audited. via 990997cae28 docs: Add missing documentation on dsdb_group_audit and dsdb_group_audit_json via 60527b07cbd debug: Synchronise "log level" in smb.conf with the code via c650f7738bf VERSION: Bump version up to 4.14.5. via 73195193503 Merge tag 'samba-4.14.4' into v4-14-test via a8b9ea7e1aa VERSION: Bump version up to 4.14.4... from e29fc62e1d6 VERSION: Disable GIT_SNAPSHOT for the 4.14.4 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-stable - Log - --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 68 +++- ctdb/common/run_proc.c | 6 +- ctdb/tests/UNIT/cunit/run_event_001.sh | 3 + ctdb/tests/src/run_event_test.c| 52 ++- docs-xml/manpages/rpcclient.1.xml | 377 ++--- docs-xml/manpages/smbcacls.1.xml | 22 ++ docs-xml/smbdotconf/logging/loglevel.xml | 108 -- .../smbdotconf/logon/autheventnotification.xml | 17 +- docs-xml/smbdotconf/misc/dsdbeventnotification.xml | 14 +- .../misc/dsdbgroupchangenotification.xml | 16 +- .../misc/dsdbpasswordeventnotification.xml | 16 +- lib/replace/tests/testsuite.c | 13 + libcli/auth/smbencrypt.c | 2 +- source3/rpc_client/cli_samr.c | 4 +- source3/rpcclient/cmd_spotlight.c | 2 +- source3/rpcclient/cmd_witness.c| 10 +- source3/smbd/open.c| 15 +- source3/smbd/posix_acls.c | 12 +- source3/smbd/reply.c | 2 + source3/smbd/smb2_close.c | 8 +- source3/utils/testparm.c | 22 ++ source3/winbindd/winbindd.c| 17 + source3/winbindd/winbindd_creds.c | 4 +- source3/winbindd/winbindd_proto.h | 4 +- source4/dsdb/common/util_links.c | 2 +- source4/torture/rpc/samr.c | 8 +- source4/torture/smb2/timestamps.c | 65 28 files changed, 666 insertions(+), 225 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 4b9426fa79b..45b88aa82a8 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=14 -SAMBA_VERSION_RELEASE=4 +SAMBA_VERSION_RELEASE=5 # If a official release has a serious
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 73b2f72 Add Samba 4.14.5 to the list. via f9c09b4 NEWS[4.14.5]: Samba 4.14.5 Available for Download from 75c8d9d NEWS[sambaXP21]: Videos SambaXP 2021 Available https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 73b2f729c22c53fcc9ad37dc486929e9a17248e6 Author: Karolin Seeger Date: Tue Jun 1 09:24:38 2021 +0200 Add Samba 4.14.5 to the list. Signed-off-by: Karolin Seeger commit f9c09b49c9923e81512b9401011f383ad2bb6e76 Author: Karolin Seeger Date: Tue Jun 1 09:23:11 2021 +0200 NEWS[4.14.5]: Samba 4.14.5 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.14.5.html| 63 posted_news/20210601-072412.4.14.5.body.html | 13 + posted_news/20210601-072412.4.14.5.headline.html | 3 ++ 4 files changed, 80 insertions(+) create mode 100644 history/samba-4.14.5.html create mode 100644 posted_news/20210601-072412.4.14.5.body.html create mode 100644 posted_news/20210601-072412.4.14.5.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index a4ae2ac..c28a296 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.14.5 samba-4.14.4 samba-4.14.3 samba-4.14.2 diff --git a/history/samba-4.14.5.html b/history/samba-4.14.5.html new file mode 100644 index 000..f822860 --- /dev/null +++ b/history/samba-4.14.5.html @@ -0,0 +1,63 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.14.5 - Release Notes + + +Samba 4.14.5 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.14.5.tar.gz;>Samba 4.14.5 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.14.5.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.14.4-4.14.5.diffs.gz;>Patch (gzipped) against Samba 4.14.4 +https://download.samba.org/pub/samba/patches/samba-4.14.4-4.14.5.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.14.5 +June 01, 2021 + == + + +This is the latest stable release of the Samba 4.14 release series. + + +Changes since 4.14.4 + + +o Jeremy Allison j...@samba.org + * BUG 14696: s3: smbd: SMB1 SMBsplwr doesnt send a reply packet on success. + * BUG 14708: s3: smbd: Ensure POSIX default ACL is mapped into returned + Windows ACL for directory handles. + * BUG 14721: s3: smbd: Fix uninitialized memory read in + process_symlink_open() when used with vfs_shadow_copy2(). + +o Andrew Bartlett abart...@samba.org + * BUG 14689: docs: Expand the log level docs on audit logging. + +o Ralph Boehme s...@samba.org + * BUG 14714: smbd: Correctly initialize close timestamp fields. + +o Gnther Deschner g...@samba.org + * BUG 14699: Fix gcc11 compiler issues. + +o Pavel Filipenský pfili...@redhat.com + * BUG 14718: docs-xml: Update smbcacls manpage. + * BUG 14719: docs: Update list of available commands in rpcclient. + +o Volker Lendecke v...@samba.org + * BUG 14475: ctdb: Fix a crash in run_proc_signal_handler(). + +o Andreas Schneider a...@samba.org + * BUG 14695: s3:winbind: For security = ADS require realm/workgroup to be + set. + * BUG 14699: lib:replace: Do not build strndup test with gcc 11 or newer. + + + + + + diff --git a/posted_news/20210601-072412.4.14.5.body.html b/posted_news/20210601-072412.4.14.5.body.html new file mode 100644 index 000..95dd360 --- /dev/null +++ b/posted_news/20210601-072412.4.14.5.body.html @@ -0,0 +1,13 @@ + +01 June 2021 +Samba 4.14.5 Available for Download + +This is the latest stable release of the Samba 4.14 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/stable/samba-4.14.5.tar.gz;>downloaded now. +A https://download.samba.org/pub/samba/patches/samba-4.14.4-4.14.5.diffs.gz;>patch against Samba 4.14.4 is also available. +See https://www.samba.org/samba/history/samba-4.14.5.html;>the release notes for more info. + + diff --git a/posted_news/20210601-072412.4.14.5.headline.html b/posted_news/20210601-072412.4.14.5.headline.html new file mode 100644 index 000..72e2538 --- /dev/null +++ b/posted_news/20210601-072412.4.14.5.headline.html @@ -0,0 +1,3 @@ + + 01 June 2021 Samba 4.1
[SCM] Samba Shared Repository - annotated tag samba-4.14.5 created
The annotated tag, samba-4.14.5 has been created at c3dbd5285bbf1f3dc2d2c7da8cb791b6bb87cd1b (tag) tagging 852d0c036f044ec8231efd77416f63be3905c259 (commit) replaces samba-4.14.4 tagged by Karolin Seeger on Tue Jun 1 09:21:43 2021 +0200 - Log - samba: tag release samba-4.14.5 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmC14AcACgkQqplEL7aA tiD8pg//eMrQu+w3us4Et1P4y6Pp7TvWkzAGSgXWR9GNeMtJ3Oqu5XlBrxJ3abb5 2WXeFLXNHyBMRwVlg4ymF0Uq7eBK55QpXJPVJ+cVBweYFlHkkQ09opDtlR9+OFAb Dr0jdn8Kz8b85NGtYN11iLMHksATcnvoeNk2bYqSbuZAVQ2DV2s9z7IhhYtrVEBc v3GlzJ9vaiDNZ1MdHUP1tib2Hw48F5pm2OZjnH87Bft36bpKnqauE3ayp8WCBUPd VtirMg2zAzK6UyMy0Ps2q0WnV6p0D+O9gC2VSsDXc7hW35mGUXahOgnZ3C84ZY9Q RFdPMnCNXFzIo1jMSeSuUTwFnaIZFaHqH0XXX0mo4QcN7n+ETnuKmuhWWsLC2/Ws SDocK1RwslJHFJSk35hrEhJNbQya24lA0HyYIlJllG+ZOJUWbwRxZrfnlCIR2ehq vs0thOe/2mcPPU80f3f6BWdtCkpOcMDETZlGy0LrwjIKoffhChC64SVpeCJIZKLi ZMUQIEIYlvTRzP2T3sPZRP7qxNCIrZQhrnylUIr0KaHbMrOCGdD+mYx4UBPpY8B8 0SkEVmVi/SEKxxwysImRTfM65Id+QN+b4Fmuwyht0vRxn+ew1AREJY1q3BYyfiMS XRZ5xHqzwtGHLa3/cR5qwVwnRdk49zjrZGY7O+528W2zhSU399o= =9TFI -END PGP SIGNATURE- Andreas Schneider (3): s3:utils: Tell users that workgroup/realm is required for ADS mode s3:winbind: For 'security = ADS' require realm/workgroup to be set lib:replace: Do not build strndup test with gcc 11 or newer Andrew Bartlett (6): debug: Synchronise "log level" in smb.conf with the code docs: Add missing documentation on dsdb_group_audit and dsdb_group_audit_json docs: Add proper explination on why transactions need to be audited. docs: Further discourage the use of the "event notification" options docs: underline special words in the audit logging part of "log level" in man smb.conf docs: Expand the "log level" docs on audit logging Günther Deschner (2): Fix gcc11 compiler issue "-Werror=maybe-uninitialized" Fix gcc11 compiler issue "-Werror=stringop-overflow=" Jeremy Allison (3): s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success. s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles. s3: smbd: Fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2(). Karolin Seeger (5): VERSION: Bump version up to 4.14.4... Merge tag 'samba-4.14.4' into v4-14-test VERSION: Bump version up to 4.14.5. WHATSNEW: Add release notes for Samba 4.14.5. VERSION: Disable GIT_SNAPSHOT for the 4.14.5 release. Pavel Filipenský (3): docs-xml: Update smbcacls manpage s3:rpcclient: Document command of witness protocol docs: Update list of available commands in rpcclient Ralph Boehme (2): torture: add a test that verifies SMB2 close fields without postqueryattrib smbd: correctly initialize close timestamp fields Volker Lendecke (6): ctdb: fix typos ctdb: Call run_event_recv() in a callback function ctdb: Introduce a helper variable in run_event_test.c ctdb: Wait for SIGCHLD if script timed out ctdb: Introduce output before and after the 10-second timeout ctdb: Fix a crash in run_proc_signal_handler() --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via cfccd7792e1 VERSION: Bump version up to 4.14.6... via 852d0c036f0 VERSION: Disable GIT_SNAPSHOT for the 4.14.5 release. via c237a2b610d WHATSNEW: Add release notes for Samba 4.14.5. from e7e537d77cc s3: smbd: Fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2(). https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit cfccd7792e1bd68b8d28ea451c098b21ce0e4449 Author: Karolin Seeger Date: Mon May 31 11:18:34 2021 +0200 VERSION: Bump version up to 4.14.6... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 852d0c036f044ec8231efd77416f63be3905c259 Author: Karolin Seeger Date: Mon May 31 11:17:22 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.14.5 release. Signed-off-by: Karolin Seeger commit c237a2b610df6bc655bfacf11cfbcd1cab9fefde Author: Karolin Seeger Date: Mon May 31 11:07:52 2021 +0200 WHATSNEW: Add release notes for Samba 4.14.5. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 68 ++-- 2 files changed, 67 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 94094eb0afb..a50dae275cf 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=14 -SAMBA_VERSION_RELEASE=5 +SAMBA_VERSION_RELEASE=6 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 8fa0ee3caf1..7a1af731a94 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,68 @@ + == + Release Notes for Samba 4.14.5 +June 01, 2021 + == + + +This is the latest stable release of the Samba 4.14 release series. + + +Changes since 4.14.4 + + +o Jeremy Allison + * BUG 14696: s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success. + * BUG 14708: s3: smbd: Ensure POSIX default ACL is mapped into returned + Windows ACL for directory handles. + * BUG 14721: s3: smbd: Fix uninitialized memory read in + process_symlink_open() when used with vfs_shadow_copy2(). + +o Andrew Bartlett + * BUG 14689: docs: Expand the "log level" docs on audit logging. + +o Ralph Boehme + * BUG 14714: smbd: Correctly initialize close timestamp fields. + +o Günther Deschner + * BUG 14699: Fix gcc11 compiler issues. + +o Pavel Filipenský + * BUG 14718: docs-xml: Update smbcacls manpage. + * BUG 14719: docs: Update list of available commands in rpcclient. + +o Volker Lendecke + * BUG 14475: ctdb: Fix a crash in run_proc_signal_handler(). + +o Andreas Schneider + * BUG 14695: s3:winbind: For 'security = ADS' require realm/workgroup to be + set. + * BUG 14699: lib:replace: Do not build strndup test with gcc 11 or newer. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 4.14.4 April 29, 2021 @@ -59,8 +124,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- == -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via e7e537d77cc s3: smbd: Fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2(). from a29ee1ff68c docs: Update list of available commands in rpcclient https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit e7e537d77ccfdaa526e5759ea770e034426a4f23 Author: Jeremy Allison Date: Wed May 26 22:41:53 2021 -0700 s3: smbd: Fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2(). Valgrind trace follows. ==3627798== Invalid read of size 1 ==3627798==at 0x483FF46: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==3627798==by 0x55DE412: strdup (strdup.c:41) ==3627798==by 0x4F4657E: smb_xstrdup (util.c:660) ==3627798==by 0x4C62C2E: vfs_ChDir (vfs.c:988) ==3627798==by 0x4C4A51C: process_symlink_open (open.c:656) ==3627798==by 0x4C4ADE7: non_widelink_open (open.c:862) ==3627798==by 0x4C4AFB7: fd_openat (open.c:918) ==3627798==by 0x4BBE895: openat_pathref_fsp (files.c:506) ==3627798==by 0x4C48A00: filename_convert_internal (filename.c:2027) ==3627798==by 0x4C48B77: filename_convert (filename.c:2067) ==3627798==by 0x4C32408: call_trans2qfilepathinfo (trans2.c:6173) ==3627798==by 0x4C3C5DA: handle_trans2 (trans2.c:10143) ==3627798== Address 0xda8bc90 is 96 bytes inside a block of size 217 free'd ==3627798==at 0x483DA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==3627798==by 0x4FCA3C9: _tc_free_internal (talloc.c:1222) ==3627798==by 0x4FCA481: _talloc_free_internal (talloc.c:1248) ==3627798==by 0x4FCB825: _talloc_free (talloc.c:1792) ==3627798==by 0xDB248DD: store_cwd_data (vfs_shadow_copy2.c:1473) ==3627798==by 0xDB24BEF: shadow_copy2_chdir (vfs_shadow_copy2.c:1542) ==3627798==by 0x4C662A4: smb_vfs_call_chdir (vfs.c:2257) ==3627798==by 0x4C62B48: vfs_ChDir (vfs.c:940) ==3627798==by 0x4C4A51C: process_symlink_open (open.c:656) ==3627798==by 0x4C4ADE7: non_widelink_open (open.c:862) ==3627798==by 0x4C4AFB7: fd_openat (open.c:918) ==3627798==by 0x4BBE895: openat_pathref_fsp (files.c:506) ==3627798== Block was alloc'd at ==3627798==at 0x483C7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==3627798==by 0x4FC9365: __talloc_with_prefix (talloc.c:783) ==3627798==by 0x4FC94FF: __talloc (talloc.c:825) ==3627798==by 0x4FCCFDC: __talloc_strlendup (talloc.c:2454) ==3627798==by 0x4FCD096: talloc_strdup (talloc.c:2470) ==3627798==by 0xDB24977: store_cwd_data (vfs_shadow_copy2.c:1476) ==3627798==by 0xDB24BEF: shadow_copy2_chdir (vfs_shadow_copy2.c:1542) ==3627798==by 0x4C662A4: smb_vfs_call_chdir (vfs.c:2257) ==3627798==by 0x4C62B48: vfs_ChDir (vfs.c:940) ==3627798==by 0x4C4A92D: non_widelink_open (open.c:755) ==3627798==by 0x4C4AFB7: fd_openat (open.c:918) ==3627798==by 0x4BBE895: openat_pathref_fsp (files.c:506) ==3627798== Even though SMB_VFS_CONNECTPATH() returns a const char, vfs_shadow_copy2() can free and reallocate this whilst in use inside process_symlink_open(). Take a copy to make sure we don't reference free'd memory. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14721 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Böhme Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu May 27 17:25:43 UTC 2021 on sn-devel-184 (cherry picked from commit 2f0cfe82907516ecf23cc385d41b8d29ed6b8c96) Autobuild-User(v4-14-test): Karolin Seeger Autobuild-Date(v4-14-test): Fri May 28 08:55:50 UTC 2021 on sn-devel-184 --- Summary of changes: source3/smbd/open.c | 15 +++ 1 file changed, 11 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 87c14bb4367..acb248047bf 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -532,7 +532,7 @@ static NTSTATUS process_symlink_open(const struct files_struct *dirfsp, { struct connection_struct *conn = dirfsp->conn; const char *conn_rootdir = NULL; - struct smb_filename conn_rootdir_fname; + struct smb_filename conn_rootdir_fname = { 0 }; char *link_target = NULL; int link_len = -1; struct smb_filename *oldwd_fname = NULL; @@ -547,9 +547,15 @@ static NTSTATUS process_symlink_open(const struct files_struct *dirfsp, if (conn_rootdir == NULL) { return NT_STATUS_NO_MEMORY; } - conn_rootdir_fname = (struct smb_filen
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 75c8d9d NEWS[sambaXP21]: Videos SambaXP 2021 Available from a245a47 Freenode -> Libera.chat https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 75c8d9dbf95a080b1f2579008a7ef37ff8219bb8 Author: Karolin Seeger Date: Thu May 27 09:49:22 2021 +0200 NEWS[sambaXP21]: Videos SambaXP 2021 Available Signed-off-by: Karolin Seeger --- Summary of changes: posted_news/20210527-074357.sambaXP21.body.html | 8 posted_news/20210527-074357.sambaXP21.headline.html | 3 +++ 2 files changed, 11 insertions(+) create mode 100644 posted_news/20210527-074357.sambaXP21.body.html create mode 100644 posted_news/20210527-074357.sambaXP21.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20210527-074357.sambaXP21.body.html b/posted_news/20210527-074357.sambaXP21.body.html new file mode 100644 index 000..9935204 --- /dev/null +++ b/posted_news/20210527-074357.sambaXP21.body.html @@ -0,0 +1,8 @@ + +27 May 2021 +Videos SambaXP 2021 Available + +Videos of the past SambaXP 2021 online conference are now available +https://www.youtube.com/channel/UCnCsHprEpW2uGPsUvwQ73-w;>here. + + diff --git a/posted_news/20210527-074357.sambaXP21.headline.html b/posted_news/20210527-074357.sambaXP21.headline.html new file mode 100644 index 000..796dee1 --- /dev/null +++ b/posted_news/20210527-074357.sambaXP21.headline.html @@ -0,0 +1,3 @@ + + 27 May 2021 Videos SambaXP 2021 Available + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via a29ee1ff68c docs: Update list of available commands in rpcclient via c91ea2d31b2 s3:rpcclient: Document command of witness protocol via 46cf8514c76 docs-xml: Update smbcacls manpage via c58029aa274 smbd: correctly initialize close timestamp fields via 94ba90fa755 torture: add a test that verifies SMB2 close fields without postqueryattrib from 1780305b193 ctdb: Fix a crash in run_proc_signal_handler() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit a29ee1ff68c480fb6c668c43660cf966575a415a Author: Pavel Filipenský Date: Wed May 19 13:12:31 2021 +0200 docs: Update list of available commands in rpcclient The list of available commands in rpcclient.1 manpage is updated to match the current state, which is visible via help commnad of rpcclient. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14719 Signed-off-by: Pavel Filipenský Reviewed-by: Andrew Bartlett Reviewed-by: Alexander Bokovoy Reviewed-by: Andreas Schneider (cherry picked from commit 2d7740f65c69497de665043051228f6315de4f5c) Autobuild-User(v4-14-test): Karolin Seeger Autobuild-Date(v4-14-test): Wed May 26 12:45:16 UTC 2021 on sn-devel-184 commit c91ea2d31b29074d3c7e6312e618ca6b52086360 Author: Pavel Filipenský Date: Wed May 19 14:51:00 2021 +0200 s3:rpcclient: Document command of witness protocol BUG: https://bugzilla.samba.org/show_bug.cgi?id=14719 Signed-off-by: Pavel Filipenský Reviewed-by: Andrew Bartlett Reviewed-by: Alexander Bokovoy Reviewed-by: Andreas Schneider (cherry picked from commit 139cefceca20bd21ad557830f551eb51b343c660) commit 46cf8514c76eb32b51a41c13fe461739c995839a Author: Pavel Filipenský Date: Wed May 19 15:10:36 2021 +0200 docs-xml: Update smbcacls manpage BUG: https://bugzilla.samba.org/show_bug.cgi?id=14718 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit 9d9ed421b26f733c59f9fac44e2034df704cef6a) commit c58029aa27436114d5ed7f7b682e544f4d2542b3 Author: Ralph Boehme Date: Mon May 24 12:03:28 2021 +0200 smbd: correctly initialize close timestamp fields BUG: https://bugzilla.samba.org/show_bug.cgi?id=14714 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Mon May 24 16:56:22 UTC 2021 on sn-devel-184 (cherry picked from commit f96cc29711181b5237a5b92c4bfb5e75fe2a73b9) commit 94ba90fa7559fb3bb3c331a9c8703d1fa7c468cb Author: Ralph Boehme Date: Mon May 24 12:21:38 2021 +0200 torture: add a test that verifies SMB2 close fields without postqueryattrib The server must set all fields to 0 if postqueryattrib is not set. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14714 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit ac9042ff4dc6c892764abd23a9445116ad40e62a) --- Summary of changes: docs-xml/manpages/rpcclient.1.xml | 377 +- docs-xml/manpages/smbcacls.1.xml | 22 +++ source3/rpcclient/cmd_witness.c | 10 +- source3/smbd/smb2_close.c | 8 +- source4/torture/smb2/timestamps.c | 65 +++ 5 files changed, 344 insertions(+), 138 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/rpcclient.1.xml b/docs-xml/manpages/rpcclient.1.xml index 18f9c14b09e..ae658647b81 100644 --- a/docs-xml/manpages/rpcclient.1.xml +++ b/docs-xml/manpages/rpcclient.1.xml @@ -167,75 +167,76 @@ LSARPC - lsaqueryQuery info policy - - lookupsidsResolve a list - of SIDs to usernames. - - - lookupnamesResolve a list - of usernames to SIDs. - - + lookupsidsConvert SIDs to names + lookupsids3Convert SIDs to names + lookupsids_levelConvert SIDs to names + lookupnamesConvert names to SIDs + lookupnames4Convert names to SIDs + lookupnames_levelConvert names to SIDs enumtrustEnumerate trusted domains - enumprivsEnumerate privileges - getdispnameGet the privilege name - lsaenumsidEnumerate the LSA SIDS - + lsacreateaccountCreate a new lsa account lsaenumprivsaccountEnumerate the privileges of an SID - lsaenumacctrightsEnumerate the rights of an SID - - lsaenumacctwithrightEnumerate accounts with a right
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via 5d4bbaff8b6 smbd: correctly initialize close timestamp fields via 37233cbdf8f torture: add a test that verifies SMB2 close fields without postqueryattrib from c67dbd55aad ctdb: Fix a crash in run_proc_signal_handler() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit 5d4bbaff8b62504f20074c08bc8f07093a9f52cc Author: Ralph Boehme Date: Mon May 24 12:03:28 2021 +0200 smbd: correctly initialize close timestamp fields BUG: https://bugzilla.samba.org/show_bug.cgi?id=14714 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Mon May 24 16:56:22 UTC 2021 on sn-devel-184 (cherry picked from commit f96cc29711181b5237a5b92c4bfb5e75fe2a73b9) Autobuild-User(v4-13-test): Karolin Seeger Autobuild-Date(v4-13-test): Wed May 26 11:43:14 UTC 2021 on sn-devel-184 commit 37233cbdf8fc95cd63f24419d8516e303cff Author: Ralph Boehme Date: Mon May 24 12:21:38 2021 +0200 torture: add a test that verifies SMB2 close fields without postqueryattrib The server must set all fields to 0 if postqueryattrib is not set. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14714 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit ac9042ff4dc6c892764abd23a9445116ad40e62a) --- Summary of changes: source3/smbd/smb2_close.c | 8 ++--- source4/torture/smb2/timestamps.c | 65 +++ 2 files changed, 69 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb2_close.c b/source3/smbd/smb2_close.c index a7f1eb7ae46..8ea84c3f0cf 100644 --- a/source3/smbd/smb2_close.c +++ b/source3/smbd/smb2_close.c @@ -215,10 +215,10 @@ static NTSTATUS smbd_smb2_close(struct smbd_smb2_request *req, uint16_t flags = 0; bool posix_open = false; - ZERO_STRUCTP(out_creation_ts); - ZERO_STRUCTP(out_last_access_ts); - ZERO_STRUCTP(out_last_write_ts); - ZERO_STRUCTP(out_change_ts); + *out_creation_ts = (struct timespec){0, SAMBA_UTIME_OMIT}; + *out_last_access_ts = (struct timespec){0, SAMBA_UTIME_OMIT}; + *out_last_write_ts = (struct timespec){0, SAMBA_UTIME_OMIT}; + *out_change_ts = (struct timespec){0, SAMBA_UTIME_OMIT}; *out_flags = 0; *out_allocation_size = 0; diff --git a/source4/torture/smb2/timestamps.c b/source4/torture/smb2/timestamps.c index f0cc9c269ff..c37e81d2adc 100644 --- a/source4/torture/smb2/timestamps.c +++ b/source4/torture/smb2/timestamps.c @@ -29,6 +29,70 @@ #define BASEDIR "smb2-timestamps" #define FNAME "testfile.dat" +static bool test_close_no_attrib(struct torture_context *tctx, +struct smb2_tree *tree) +{ + const char *filename = BASEDIR "/" FNAME; + struct smb2_create cr; + struct smb2_handle handle = {{0}}; + struct smb2_handle testdirh = {{0}}; + struct smb2_close c; + NTSTATUS status; + bool ret = true; + + smb2_deltree(tree, BASEDIR); + + status = torture_smb2_testdir(tree, BASEDIR, ); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "torture_smb2_testdir failed\n"); + smb2_util_close(tree, testdirh); + + cr = (struct smb2_create) { + .in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED, + .in.file_attributes = FILE_ATTRIBUTE_NORMAL, + .in.share_access = NTCREATEX_SHARE_ACCESS_MASK, + .in.create_disposition = NTCREATEX_DISP_OPEN_IF, + .in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS, + .in.fname = filename, + }; + + status = smb2_create(tree, tctx, ); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "smb2_create failed\n"); + handle = cr.out.file.handle; + + c = (struct smb2_close) { + .in.file.handle = handle, + }; + + status = smb2_close(tree, ); + torture_assert_ntstatus_ok_goto(tctx, status, ret, done, + "close failed\n"); + ZERO_STRUCT(handle); + + torture_assert_u64_equal_goto(tctx, c.out.create_time, NTTIME_OMIT, + ret, done, "Unexpected create time\n"); + torture_assert_u64_equal_goto(tctx, c.out.access_time, NTTIME_OMIT, + ret, done, "Unexpected access time\n"); + torture_assert_u64_equal_goto(tctx, c.out.write_time, NTTIME_OMIT, + r
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 1780305b193 ctdb: Fix a crash in run_proc_signal_handler() via 477da04a550 ctdb: Introduce output before and after the 10-second timeout via 95966b17f23 ctdb: Wait for SIGCHLD if script timed out via a41f3fd29fe ctdb: Introduce a helper variable in run_event_test.c via d75983a ctdb: Call run_event_recv() in a callback function via ee9fbada695 ctdb: fix typos from 42726c3f665 s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 1780305b1939d1f31612223c95f78340830f1a09 Author: Volker Lendecke Date: Tue May 18 08:32:45 2021 +0200 ctdb: Fix a crash in run_proc_signal_handler() If a script times out the caller can talloc_free() the script_list output of run_event_recv, which talloc_free's proc->output from run_proc.c as well. If the script generates further output after the timeout and then exits after a while, the SIGCHLD handler in the eventd tries to read into proc->output, which was already free'ed. Fix this by not doing just a talloc_steal but a talloc_move. This way proc_read_handler() called from run_proc_signal_handler() does not try to realloc the stale reference to proc->output but gets a NULL reference. I don't really know how to do a knownfail in ctdb, so this commit actually activates catching the signal by waiting long enough for 22.bar to exit and generate the SIGCHLD. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme (cherry picked from commit adef87a621b17baf746d12f991c60a8a3ffcfcd3) Autobuild-User(v4-14-test): Karolin Seeger Autobuild-Date(v4-14-test): Tue May 25 09:51:20 UTC 2021 on sn-devel-184 commit 477da04a55003825802e56c783e4f3d184729a55 Author: Volker Lendecke Date: Tue May 18 08:28:16 2021 +0200 ctdb: Introduce output before and after the 10-second timeout This will lead to a crash in run_event_test.c soon Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme (cherry picked from commit f320d1a7ab0f81eefdb28b36bfe346eacb8980de) commit 95966b17f23020d8574c861a3e4beda8dab0283b Author: Volker Lendecke Date: Tue May 18 08:23:05 2021 +0200 ctdb: Wait for SIGCHLD if script timed out Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme (cherry picked from commit 19290f10c7d39e055847eb45affd9e229a116b18) commit a41f3fd29fead4b36152743dc7bdce647c8d335d Author: Volker Lendecke Date: Tue May 18 08:18:25 2021 +0200 ctdb: Introduce a helper variable in run_event_test.c Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme (cherry picked from commit 07ab9b7a71d59f3ff2b9dee662632315062213ab) commit d75983a45f11a481ff48be5c0d90dee7bbfe Author: Volker Lendecke Date: Tue May 18 08:01:06 2021 +0200 ctdb: Call run_event_recv() in a callback function Triggers a different code path in run_event_* and aligns it more what the ctdb eventd really does. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme (cherry picked from commit 9398d4b912387be8cde0c2ca30734eca7d547d19) commit ee9fbada6958f67991997db31e6ab92d5b673065 Author: Volker Lendecke Date: Fri May 7 17:36:58 2021 +0200 ctdb: fix typos Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme (cherry picked from commit f188c9d732e4b9b3d37c4cb09608aba747845997) --- Summary of changes: ctdb/common/run_proc.c | 6 ++-- ctdb/tests/UNIT/cunit/run_event_001.sh | 3 ++ ctdb/tests/src/run_event_test.c| 52 +++--- 3 files changed, 47 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/ctdb/common/run_proc.c b/ctdb/common/run_proc.c index 0c3c1de72fe..d55af6c3a1e 100644 --- a/ctdb/common/run_proc.c +++ b/ctdb/common/run_proc.c @@ -426,7 +426,7 @@ static void run_proc_done(struct tevent_req *req) state->result = state->proc->result; if (state->proc->output != NULL) { - state->output = talloc_steal(state, state->proc->output); + state->output = talloc_move(state, >proc->output); } talloc_steal(state, state->proc); @@ -464,7 +464,7 @@ static void run_proc_timedout(struct tevent_req *su
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via c67dbd55aad ctdb: Fix a crash in run_proc_signal_handler() via 037f4b8fb9a ctdb: Introduce output before and after the 10-second timeout via 87265cef4b7 ctdb: Wait for SIGCHLD if script timed out via e70a8cbdb4a ctdb: Introduce a helper variable in run_event_test.c via 5e55d2c0dcf ctdb: Call run_event_recv() in a callback function via 83511576a1c ctdb: fix typos from abcddbae481 s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit c67dbd55aadfffb8ee7623aacbda13aa5c676418 Author: Volker Lendecke Date: Tue May 18 08:32:45 2021 +0200 ctdb: Fix a crash in run_proc_signal_handler() If a script times out the caller can talloc_free() the script_list output of run_event_recv, which talloc_free's proc->output from run_proc.c as well. If the script generates further output after the timeout and then exits after a while, the SIGCHLD handler in the eventd tries to read into proc->output, which was already free'ed. Fix this by not doing just a talloc_steal but a talloc_move. This way proc_read_handler() called from run_proc_signal_handler() does not try to realloc the stale reference to proc->output but gets a NULL reference. I don't really know how to do a knownfail in ctdb, so this commit actually activates catching the signal by waiting long enough for 22.bar to exit and generate the SIGCHLD. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme (cherry picked from commit adef87a621b17baf746d12f991c60a8a3ffcfcd3) Autobuild-User(v4-13-test): Karolin Seeger Autobuild-Date(v4-13-test): Tue May 25 08:55:59 UTC 2021 on sn-devel-184 commit 037f4b8fb9a3f3ee373441ea31ab0755053df3c2 Author: Volker Lendecke Date: Tue May 18 08:28:16 2021 +0200 ctdb: Introduce output before and after the 10-second timeout This will lead to a crash in run_event_test.c soon Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme (cherry picked from commit f320d1a7ab0f81eefdb28b36bfe346eacb8980de) commit 87265cef4b7e47d8b7a0eac7bb30ff3682714f43 Author: Volker Lendecke Date: Tue May 18 08:23:05 2021 +0200 ctdb: Wait for SIGCHLD if script timed out Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme (cherry picked from commit 19290f10c7d39e055847eb45affd9e229a116b18) commit e70a8cbdb4a1b571651bdc8712ae905d9d9d5283 Author: Volker Lendecke Date: Tue May 18 08:18:25 2021 +0200 ctdb: Introduce a helper variable in run_event_test.c Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme (cherry picked from commit 07ab9b7a71d59f3ff2b9dee662632315062213ab) commit 5e55d2c0dcfa41c10ae0637cd930625a5a273b3a Author: Volker Lendecke Date: Tue May 18 08:01:06 2021 +0200 ctdb: Call run_event_recv() in a callback function Triggers a different code path in run_event_* and aligns it more what the ctdb eventd really does. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme (cherry picked from commit 9398d4b912387be8cde0c2ca30734eca7d547d19) commit 83511576a1c8a4b3b674b176cf190fc8710eb421 Author: Volker Lendecke Date: Fri May 7 17:36:58 2021 +0200 ctdb: fix typos Bug: https://bugzilla.samba.org/show_bug.cgi?id=14475 Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme (cherry picked from commit f188c9d732e4b9b3d37c4cb09608aba747845997) --- Summary of changes: ctdb/common/run_proc.c | 6 ++-- ctdb/tests/UNIT/cunit/run_event_001.sh | 3 ++ ctdb/tests/src/run_event_test.c| 52 +++--- 3 files changed, 47 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/ctdb/common/run_proc.c b/ctdb/common/run_proc.c index 0c3c1de72fe..d55af6c3a1e 100644 --- a/ctdb/common/run_proc.c +++ b/ctdb/common/run_proc.c @@ -426,7 +426,7 @@ static void run_proc_done(struct tevent_req *req) state->result = state->proc->result; if (state->proc->output != NULL) { - state->output = talloc_steal(state, state->proc->output); + state->output = talloc_move(state, >proc->output); } talloc_steal(state, state->proc); @@ -464,7 +464,7 @@ static void run_proc_timedout(struct tevent_req *su
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via abcddbae481 s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles. from 46c071544f1 VERSION: Bump version up to 4.13.10... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit abcddbae481034e35da7062e46ac86bc1c0b37d1 Author: Jeremy Allison Date: Mon May 17 15:34:55 2021 -0700 s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14708 Signed-off-by: Jeremy Allison Reviewed-by: Noel Power Autobuild-User(master): Noel Power Autobuild-Date(master): Wed May 19 09:22:56 UTC 2021 on sn-devel-184 (cherry picked from commit b7f62e13933da14c381f70cd46ad13849b108e68) Autobuild-User(v4-13-test): Karolin Seeger Autobuild-Date(v4-13-test): Fri May 21 08:50:20 UTC 2021 on sn-devel-184 --- Summary of changes: source3/smbd/posix_acls.c | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index db2d36a89a1..1e39261828b 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3475,6 +3475,7 @@ NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info, { SMB_STRUCT_STAT sbuf; SMB_ACL_T posix_acl = NULL; + SMB_ACL_T def_acl = NULL; struct pai_val *pal; TALLOC_CTX *frame = talloc_stackframe(); NTSTATUS status; @@ -3493,10 +3494,19 @@ NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info, /* Get the ACL from the fd. */ posix_acl = SMB_VFS_SYS_ACL_GET_FD(fsp, frame); + /* If it's a directory get the default POSIX ACL. */ + if(fsp->fsp_flags.is_directory) { + def_acl = SMB_VFS_SYS_ACL_GET_FILE(fsp->conn, + fsp->fsp_name, + SMB_ACL_TYPE_DEFAULT, + frame); + def_acl = free_empty_sys_acl(fsp->conn, def_acl); + } + pal = fload_inherited_info(fsp); status = posix_get_nt_acl_common(fsp->conn, fsp->fsp_name->base_name, -, pal, posix_acl, NULL, +, pal, posix_acl, def_acl, security_info, mem_ctx, ppdesc); TALLOC_FREE(frame); return status; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 42726c3f665 s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles. from 5611a6999c0 lib:replace: Do not build strndup test with gcc 11 or newer https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 42726c3f665516a22006e2c6af8367ab377e15c4 Author: Jeremy Allison Date: Mon May 17 15:34:55 2021 -0700 s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14708 Signed-off-by: Jeremy Allison Reviewed-by: Noel Power Autobuild-User(master): Noel Power Autobuild-Date(master): Wed May 19 09:22:56 UTC 2021 on sn-devel-184 (cherry picked from commit b7f62e13933da14c381f70cd46ad13849b108e68) Autobuild-User(v4-14-test): Karolin Seeger Autobuild-Date(v4-14-test): Fri May 21 07:59:08 UTC 2021 on sn-devel-184 --- Summary of changes: source3/smbd/posix_acls.c | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index c1d5b7cd047..473223ea133 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3432,6 +3432,7 @@ NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info, { SMB_STRUCT_STAT sbuf; SMB_ACL_T posix_acl = NULL; + SMB_ACL_T def_acl = NULL; struct pai_val *pal; TALLOC_CTX *frame = talloc_stackframe(); NTSTATUS status; @@ -3450,10 +3451,19 @@ NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info, /* Get the ACL from the fd. */ posix_acl = SMB_VFS_SYS_ACL_GET_FD(fsp, frame); + /* If it's a directory get the default POSIX ACL. */ + if(fsp->fsp_flags.is_directory) { + def_acl = SMB_VFS_SYS_ACL_GET_FILE(fsp->conn, + fsp->fsp_name, + SMB_ACL_TYPE_DEFAULT, + frame); + def_acl = free_empty_sys_acl(fsp->conn, def_acl); + } + pal = fload_inherited_info(fsp); status = posix_get_nt_acl_common(fsp->conn, fsp->fsp_name->base_name, -, pal, posix_acl, NULL, +, pal, posix_acl, def_acl, security_info, mem_ctx, ppdesc); TALLOC_FREE(frame); return status; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 5611a6999c0 lib:replace: Do not build strndup test with gcc 11 or newer via a18d6bdaa54 Fix gcc11 compiler issue "-Werror=stringop-overflow=" via 657a1edd1b7 Fix gcc11 compiler issue "-Werror=maybe-uninitialized" from 0ce7c5e7a62 s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 5611a6999c00e4fd6c4ff641765ede9a8bf35899 Author: Andreas Schneider Date: Thu May 6 19:07:04 2021 +0200 lib:replace: Do not build strndup test with gcc 11 or newer BUG: https://bugzilla.samba.org/show_bug.cgi?id=14699 gcc11 with -O3 detects that the size is incorrect: lib/replace/tests/testsuite.c:286:13: error: ‘strndup’ specified bound 10 exceeds source size 4 [-Werror=stringop-overread] 286 | x = strndup("bla", 10); | ^~ Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner (cherry picked from commit 8f12793ca5e7c9aa7c23a17400986878ae110e70) Autobuild-User(v4-14-test): Karolin Seeger Autobuild-Date(v4-14-test): Wed May 12 09:07:45 UTC 2021 on sn-devel-184 commit a18d6bdaa54adf31aeb5ae1b99453593d617477f Author: Günther Deschner Date: Mon May 3 21:27:58 2021 +0200 Fix gcc11 compiler issue "-Werror=stringop-overflow=" BUG: https://bugzilla.samba.org/show_bug.cgi?id=14699 [3548/3991] Compiling source3/winbindd/winbindd_pam.c ../../source3/winbindd/winbindd_pam.c: In function ‘winbindd_dual_pam_auth_cached’: ../../source3/winbindd/winbindd_pam.c:1069:18: error: ‘winbindd_get_creds’ accessing 128 bytes in a region of size 8 [-Werror=stringop-overflow=] 1069 | result = winbindd_get_creds(domain, | ^~ 1070 | state->mem_ctx, | ~~~ 1071 | , | ~ 1072 | _info3, | ~~ 1073 | _nt_pass, | 1074 | _salt); | ~ ../../source3/winbindd/winbindd_pam.c:1069:18: note: referencing argument 5 of type ‘const uint8_t **’ {aka ‘const unsigned char **’} ../../source3/winbindd/winbindd_pam.c:1069:18: error: ‘winbindd_get_creds’ accessing 128 bytes in a region of size 8 [-Werror=stringop-overflow=] ../../source3/winbindd/winbindd_pam.c:1069:18: note: referencing argument 6 of type ‘const uint8_t **’ {aka ‘const unsigned char **’} In file included from ../../source3/winbindd/winbindd.h:359, from ../../source3/winbindd/winbindd_pam.c:26: ../../source3/winbindd/winbindd_proto.h:251:10: note: in a call to function ‘winbindd_get_creds’ 251 | NTSTATUS winbindd_get_creds(struct winbindd_domain *domain, | ^~ cc1: all warnings being treated as errors Guenther Signed-off-by: Guenther Deschner Reviewed-by: Andreas Schneider (cherry picked from commit 17ae9974f36ce8929f0c50c357dd4f88fbf37d7c) commit 657a1edd1b765504f026a50ef685b7b9e10ac59b Author: Günther Deschner Date: Mon May 3 21:27:43 2021 +0200 Fix gcc11 compiler issue "-Werror=maybe-uninitialized" BUG: https://bugzilla.samba.org/show_bug.cgi?id=14699 ../../source4/dsdb/common/util_links.c: In function ‘ndr_guid_compare’: ../../source4/dsdb/common/util_links.c:38:29: error: ‘v1_data’ may be used uninitialized [-Werror=maybe-uninitialized] 38 | struct ldb_val v1 = data_blob_const(v1_data, sizeof(v1_data)); | ^ In file included from ../../source4/../lib/util/samba_util.h:48, from ../../source4/include/includes.h:62, from ../../source4/dsdb/common/util_links.c:22: ../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here 116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length); |^~~ ../../source4/dsdb/common/util_links.c:37:17: note: ‘v1_data’ declared here 37 | uint8_t v1_data[16]; | ^~~ cc1: all warnings being treated as errors ../../libcli/auth/smbencrypt.c: In function ‘decode_wkssvc_join_password_buffer’: ../../libcli/auth/smbencrypt.c:1045:32: error: ‘_
[Announce] Samba 4.13.9 Available for Download
Release Announcements - This is the latest stable release of the Samba 4.13 release series. Changes since 4.13.8 o Jeremy Allison * BUG 14696: s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success. o Andrew Bartlett * BUG 14689: Add documentation for dsdb_group_audit and dsdb_group_json_audit to "log level", synchronise "log level" in smb.conf with the code. o Ralph Boehme * BUG 14672: Fix smbd panic when two clients open same file. * BUG 14675: Fix memory leak in the RPC server. * BUG 14679: s3: smbd: Fix deferred renames. o Samuel Cabrero * BUG 14675: s3-iremotewinspool: Set the per-request memory context. o Volker Lendecke * BUG 14675: rpc_server3: Fix a memleak for internal pipes. o Stefan Metzmacher * BUG 11899: third_party: Update socket_wrapper to version 1.3.2. * BUG 14640: third_party: Update socket_wrapper to version 1.3.3. o Christof Schmitt * BUG 14663: idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid conflict. o Martin Schwenke https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID AA99442FB680B620). The source code can be downloaded from: https://download.samba.org/pub/samba/stable/ The release notes are available online at: https://www.samba.org/samba/history/samba-4.13.9.html Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team signature.asc Description: PGP signature
[SCM] Samba Shared Repository - branch v4-13-stable updated
The branch, v4-13-stable has been updated via 46c071544f1 VERSION: Bump version up to 4.13.10... from 1d232e39a02 Merge branch 'v4-13-stable' into 'v4-13-test' again for the 4.13.9 release https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-stable - Log - commit 46c071544f134cf8f04af9f7be5dc9c05f50a2cc Author: Karolin Seeger Date: Tue May 11 09:52:03 2021 +0200 VERSION: Bump version up to 4.13.10... and re-enable GIT_SNAPSHOT Signed-off-by: Karolin Seeger (cherry picked from commit ca362d33d752459e9f799d49a944247f50e124a2) --- Summary of changes: VERSION | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index c1be6703e7d..addb12d75e0 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=13 -SAMBA_VERSION_RELEASE=9 +SAMBA_VERSION_RELEASE=10 # If a official release has a serious bug # @@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE= # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # -> "3.0.0-SVN-build-199" # -SAMBA_VERSION_IS_GIT_SNAPSHOT=no +SAMBA_VERSION_IS_GIT_SNAPSHOT=yes # This is for specifying a release nickname# -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 3548fc7 Add Samba 4.13.9. via d14e9b2 NEWS[4.13.9]: Samba 4.13.9 Available for Download from 8309630 CVE-2021-20254.html: ö -> https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 3548fc7279e5ea85cc1748fdadeae60aba7d797c Author: Karolin Seeger Date: Tue May 11 12:26:05 2021 +0200 Add Samba 4.13.9. Signed-off-by: Karolin Seeger commit d14e9b247517ba17fa5a8e221a1cbdcee010dc79 Author: Karolin Seeger Date: Tue May 11 12:24:30 2021 +0200 NEWS[4.13.9]: Samba 4.13.9 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.13.9.html| 65 posted_news/20210511-102540.4.13.9.body.html | 13 + posted_news/20210511-102540.4.13.9.headline.html | 3 ++ 4 files changed, 82 insertions(+) create mode 100644 history/samba-4.13.9.html create mode 100644 posted_news/20210511-102540.4.13.9.body.html create mode 100644 posted_news/20210511-102540.4.13.9.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 73047a3..a4ae2ac 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -14,6 +14,7 @@ samba-4.14.2 samba-4.14.1 samba-4.14.0 + samba-4.13.9 samba-4.13.8 samba-4.13.7 samba-4.13.6 diff --git a/history/samba-4.13.9.html b/history/samba-4.13.9.html new file mode 100644 index 000..b64e035 --- /dev/null +++ b/history/samba-4.13.9.html @@ -0,0 +1,65 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.13.9 - Release Notes + + +Samba 4.13.9 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.13.9.tar.gz;>Samba 4.13.9 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.13.9.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.13.8-4.13.9.diffs.gz;>Patch (gzipped) against Samba 4.13.8 +https://download.samba.org/pub/samba/patches/samba-4.13.8-4.13.9.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.13.9 +May 11, 2021 + == + + +This is the latest stable release of the Samba 4.13 release series. + + +Changes since 4.13.8 + + +o Jeremy Allison j...@samba.org + * BUG 14696: s3: smbd: SMB1 SMBsplwr doesnt send a reply packet on success. + +o Andrew Bartlett abart...@samba.org + * BUG 14689: Add documentation for dsdb_group_audit and dsdb_group_json_audit + to log level, synchronise log level in smb.conf with the code. + +o Ralph Boehme s...@samba.org + * BUG 14672: Fix smbd panic when two clients open same file. + * BUG 14675: Fix memory leak in the RPC server. + * BUG 14679: s3: smbd: Fix deferred renames. + +o Samuel Cabrero scabr...@samba.org + * BUG 14675: s3-iremotewinspool: Set the per-request memory context. + +o Volker Lendecke v...@samba.org + * BUG 14675: rpc_server3: Fix a memleak for internal pipes. + +o Stefan Metzmacher me...@samba.org + * BUG 11899: third_party: Update socket_wrapper to version 1.3.2. + * BUG 14640: third_party: Update socket_wrapper to version 1.3.3. + + +o Christof Schmitt c...@samba.org + * BUG 14663: idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid + conflict. + +o Martin Schwenke mar...@meltin.net + * BUG 14288: Fix the build on OmniOS. + + + + + + diff --git a/posted_news/20210511-102540.4.13.9.body.html b/posted_news/20210511-102540.4.13.9.body.html new file mode 100644 index 000..e788734 --- /dev/null +++ b/posted_news/20210511-102540.4.13.9.body.html @@ -0,0 +1,13 @@ + +11 May 2021 +Samba 4.13.9 Available for Download + +This is the latest stable release of the Samba 4.13 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/stable/samba-4.13.9.tar.gz;>downloaded now. +A https://download.samba.org/pub/samba/patches/samba-4.13.8-4.13.9.diffs.gz;>patch against Samba 4.13.8 is also available. +See https://www.samba.org/samba/history/samba-4.13.9.html;>the release notes for more info. + + diff --git a/posted_news/20210511-102540.4.13.9.headline.html b/posted_news/20210511-102540.4.13.9.headline.html new file mode 100644 index 000..37ade0e --- /dev/null +++ b/posted_news/20210511-102540.4.13.9.headline.html @@ -0,0 +1,3 @@ + + 11 May 2021 Samba 4.13.9 Availa
[SCM] Samba Shared Repository - annotated tag samba-4.13.9 created
The annotated tag, samba-4.13.9 has been created at 6f02e09c3087430b379ca359baa7e6f7699dc731 (tag) tagging 1d232e39a02d5b69af9551136f375c5372fef432 (commit) replaces samba-4.13.8 tagged by Karolin Seeger on Tue May 11 12:24:03 2021 +0200 - Log - samba: tag release samba-4.13.9 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmCaW0MACgkQqplEL7aA tiCDYhAAo43HPc0VPv4wqo8jOT/xKdLZdvrzbxRLP1oooexEzH76Hf+Q9wVnFTGw 8q/ihtBRekfAMC3WChJl5j6EBZBAE5d9PmnCpMQdNu7vxPXMwJjxFMqpdLdmidM6 agAIoOM/jmIhMBClub/8BtzI1PRixQPo7e6hY5w4cTlTECGow1E4lGQwJmg4lgD8 5khHy9znQwJc0k2pEtlGbVaDj83lN6HxdnDIyBJSbD6WRbT8GM+nQzAyeKCj7gn4 ugbGcvD37Ou1u1h9GRnnfaSE9Sm5XJfAYX2pqDveQiqQdQPLYie2U5qUIH06FmRm 6kkRxbkQEI8xjYUyb5hr/SZUc222JPx/6vZPiKjkuFWFHQCZdACQh6QucqYb2U+e q/5wJvA3tE1zC5lL0JZL9s57Roqg1QzdAckXLI1T5EPsrUHzNW1i24vPjXgfOodb 7868fhR85ILaR7xszIMz1moGXgpOUGYzOGNuBFUbXMcvFiaqs5SZKa/wrPEn01Je 4bb+JWJxzpCR+Cv+3uarR79YxeJziX1sWG+BfefmgXQG7x2La6KsnptPpm+BeXcE 6FjsW6FI3B3MkpoKoNC6iNfP6/AyStDgijIUfVytnDlQL9PMUTtlZKowNqgp8Rc0 zbhPqyL8eP0xOWAciKO+pc3c+JX8yI53d0HQdTaphANMPFubjGQ= =IKJ7 -END PGP SIGNATURE- Andrew Bartlett (6): debug: Synchronise "log level" in smb.conf with the code docs: Add missing documentation on dsdb_group_audit and dsdb_group_audit_json docs: Add proper explination on why transactions need to be audited. docs: Further discourage the use of the "event notification" options docs: underline special words in the audit logging part of "log level" in man smb.conf docs: Expand the "log level" docs on audit logging Christof Schmitt (3): winbind: Only use unixid2sid mapping when module reports ID_MAPPED idmap_rfc2307: Do not return SID from unixids_to_sids on type mismatch idmap_nss: Do not return SID from unixids_to_sids on type mismatch Jeremy Allison (2): s4: torture. Add smb2.lease.rename_wait test to reproduce regression in delay rename for lease break code. s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success. Karolin Seeger (9): VERSION: Bump version up to 4.13.6... VERSION: Enable GIT_SNAPSHOT. WHATSNEW: Add release notes for Samba 4.13.8. VERSION: Disable GIT_SNAPSHOT for the 4.13.8 release. Merge tag 'samba-4.13.8' into v4-13-test VERSION: Bump version up to 4.13.9. WHATSNEW: Add release notes for Samba 4.13.9. VERSION: Disable GIT_SNAPSHOT for the Samba 4.13.9 release. VERSION: Bump version up to 4.13.10... Martin Schwenke (1): build: Only add -Wl,--as-needed when supported Ralph Boehme (6): smbd: reset dangling watch_req pointer in poll_open_done smbd: cancel pending poll open timer in poll_open_done() smbd: free open_rec state in remove_deferred_open_message_smb2_internal() pidl: set the per-request memory context in the pidl generator spools: avoid leaking memory into the callers mem_ctx s3: smbd: fix deferred renames Samuel Cabrero (1): s3-iremotewinspool: set the per-request memory context Stefan Metzmacher (6): Merge tag 'samba-4.13.7' into HEAD VERSION: Bump version up to 4.13.8... third_party: Update socket_wrapper to version 1.3.2 third_party: Update socket_wrapper to version 1.3.3 Revert "VERSION: Bump version up to 4.13.10..." for now Merge branch 'v4-13-stable' into 'v4-13-test' again for the 4.13.9 release Volker Lendecke (2): rpc_server3: Fix a memleak for internal pipes CVE-2021-20254 passdb: Simplify sids_to_unixids() --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via ca362d33d75 VERSION: Bump version up to 4.13.10... via 37540e4f90e VERSION: Disable GIT_SNAPSHOT for the Samba 4.13.9 release. via 6afc37ae5d9 WHATSNEW: Add release notes for Samba 4.13.9. from aae24152b8d s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit ca362d33d752459e9f799d49a944247f50e124a2 Author: Karolin Seeger Date: Tue May 11 09:52:03 2021 +0200 VERSION: Bump version up to 4.13.10... and re-enable GIT_SNAPSHOT Signed-off-by: Karolin Seeger commit 37540e4f90edc80f6073956ec373bb8bdeb4e55e Author: Karolin Seeger Date: Tue May 11 09:51:07 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the Samba 4.13.9 release. Signed-off-by: Karolin Seeger commit 6afc37ae5d94e50faccad7cf06fb103d892c1a2d Author: Karolin Seeger Date: Tue May 11 09:50:16 2021 +0200 WHATSNEW: Add release notes for Samba 4.13.9. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 70 ++-- 2 files changed, 69 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index b151df5266d..addb12d75e0 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=13 -SAMBA_VERSION_RELEASE=9 +SAMBA_VERSION_RELEASE=10 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 6fe057c5b40..da680c071d9 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,70 @@ + == + Release Notes for Samba 4.13.9 +May 11, 2021 + == + + +This is the latest stable release of the Samba 4.13 release series. + + +Changes since 4.13.8 + + +o Jeremy Allison + * BUG 14696: s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success. + +o Andrew Bartlett + * BUG 14689: Add documentation for dsdb_group_audit and dsdb_group_json_audit + to "log level", synchronise "log level" in smb.conf with the code. + +o Ralph Boehme + * BUG 14672: Fix smbd panic when two clients open same file. + * BUG 14675: Fix memory leak in the RPC server. + * BUG 14679: s3: smbd: Fix deferred renames. + +o Samuel Cabrero + * BUG 14675: s3-iremotewinspool: Set the per-request memory context. + +o Volker Lendecke + * BUG 14675: rpc_server3: Fix a memleak for internal pipes. + +o Stefan Metzmacher + * BUG 11899: third_party: Update socket_wrapper to version 1.3.2. + * BUG 14640: third_party: Update socket_wrapper to version 1.3.3. + + +o Christof Schmitt + * BUG 14663: idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid + conflict. + +o Martin Schwenke https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 4.13.8 April 29, 2021 @@ -59,8 +126,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- == -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via aae24152b8d s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success. via 8feeac11f7e docs: Expand the "log level" docs on audit logging via 83c39f1e4ee docs: underline special words in the audit logging part of "log level" in man smb.conf via ef386397d34 docs: Further discourage the use of the "event notification" options via 78562c46bed docs: Add proper explination on why transactions need to be audited. via 56e4cb8f3d0 docs: Add missing documentation on dsdb_group_audit and dsdb_group_audit_json via bd6f38ed8b7 debug: Synchronise "log level" in smb.conf with the code from 4484b030c0d VERSION: Bump version up to 4.13.9. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit aae24152b8d4691252fb56b095ed892e11b40bec Author: Jeremy Allison Date: Thu Apr 29 09:50:30 2021 -0700 s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success. Missing call to set up req->outbuf means no reply is sent. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14696 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Apr 29 21:27:58 UTC 2021 on sn-devel-184 (cherry picked from commit 47d79d7e7e406f7dd204ded7c72cfed3e0761ad5) Autobuild-User(v4-13-test): Karolin Seeger Autobuild-Date(v4-13-test): Mon May 3 09:06:36 UTC 2021 on sn-devel-184 commit 8feeac11f7e4453bc3c5f826ba2694ea9937b430 Author: Andrew Bartlett Date: Fri Apr 16 10:43:07 2021 +1200 docs: Expand the "log level" docs on audit logging BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689 Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider (cherry picked from commit 38fe888f95f8d22736080ed521939be932e7bca0) commit 83c39f1e4ee15ba4660a102b487eb4a44d6084dd Author: Andrew Bartlett Date: Thu Apr 15 14:40:30 2021 +1200 docs: underline special words in the audit logging part of "log level" in man smb.conf BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689 Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider (cherry picked from commit d03e7ffcff32452bb92f2ced9f06cbeab9843e04) commit ef386397d34cedd0a7068dd2e8ff4e4d40a68e5a Author: Andrew Bartlett Date: Thu Apr 15 14:45:07 2021 +1200 docs: Further discourage the use of the "event notification" options BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689 Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider (cherry picked from commit 364b8be9816b34b2a1b07c6259345c406d68c9f2) commit 78562c46beddf870aeb696a81f1efdac6a281de2 Author: Andrew Bartlett Date: Thu Apr 15 14:44:22 2021 +1200 docs: Add proper explination on why transactions need to be audited. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689 Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider (cherry picked from commit a778a3a6420f094a953563b87f84457fdebd20a3) commit 56e4cb8f3d008382850fa51c45c31a31193ae05e Author: Andrew Bartlett Date: Thu Apr 15 14:39:49 2021 +1200 docs: Add missing documentation on dsdb_group_audit and dsdb_group_audit_json BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689 Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider (cherry picked from commit 2e533664e756ccde8fc1b3e41e70437c9e7bafcd) commit bd6f38ed8b7d50f93e6d629280b11d090920f133 Author: Andrew Bartlett Date: Thu Apr 15 13:52:38 2021 +1200 debug: Synchronise "log level" in smb.conf with the code This is done by pasting in the contents of default_classname_table[] in lib/util/debug.c into cut -f 2 -d \"| xargs -i sh -c 'echo "\t{}"' BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689 Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider (cherry picked from commit 0d30d74e89829cc7b4faa6ba835e3d90c1c410aa) --- Summary of changes: docs-xml/smbdotconf/logging/loglevel.xml | 108 +++-- .../smbdotconf/logon/autheventnotification.xml | 17 ++-- docs-xml/smbdotconf/misc/dsdbeventnotification.xml | 14 ++- .../misc/dsdbgroupchangenotification.xml | 16 +-- .../misc/dsdbpasswordeventnotification.xml | 16 +-- source3/smbd/reply.c | 2 + 6 files changed, 121 insertions(+), 52 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/logging/loglevel.xml b/docs-xml/smbdotconf/logging/loglevel.xml index 273765c6fbe..4c6bb5e7e73 100644 --- a/docs-xml/smbdotconf/logging/
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 0ce7c5e7a62 s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success. via 1c4e89f0e32 s3:winbind: For 'security = ADS' require realm/workgroup to be set via edf1b31ea82 s3:utils: Tell users that workgroup/realm is required for ADS mode via 7db0a50a8f8 docs: Expand the "log level" docs on audit logging via cc4e8ec610b docs: underline special words in the audit logging part of "log level" in man smb.conf via ecfca707d5f docs: Further discourage the use of the "event notification" options via 54ef0e6d6bb docs: Add proper explination on why transactions need to be audited. via 990997cae28 docs: Add missing documentation on dsdb_group_audit and dsdb_group_audit_json via 60527b07cbd debug: Synchronise "log level" in smb.conf with the code from c650f7738bf VERSION: Bump version up to 4.14.5. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 0ce7c5e7a6298f0f97129ec4e0889b1889d4bdcd Author: Jeremy Allison Date: Thu Apr 29 09:50:30 2021 -0700 s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success. Missing call to set up req->outbuf means no reply is sent. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14696 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Apr 29 21:27:58 UTC 2021 on sn-devel-184 (cherry picked from commit 47d79d7e7e406f7dd204ded7c72cfed3e0761ad5) Autobuild-User(v4-14-test): Karolin Seeger Autobuild-Date(v4-14-test): Mon May 3 08:16:14 UTC 2021 on sn-devel-184 commit 1c4e89f0e326fb2e040a8ed3c9115ab652d84313 Author: Andreas Schneider Date: Wed Apr 28 12:25:42 2021 +0200 s3:winbind: For 'security = ADS' require realm/workgroup to be set BUG: https://bugzilla.samba.org/show_bug.cgi?id=14695 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit 757c49f6dc52afd6ee39c0b282e9a787b6df7a12) commit edf1b31ea822172a996eed3bed2eee55d84af6a0 Author: Andreas Schneider Date: Wed Apr 28 12:09:21 2021 +0200 s3:utils: Tell users that workgroup/realm is required for ADS mode BUG: https://bugzilla.samba.org/show_bug.cgi?id=14695 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit 328682860940679553831b6ff23acff4ce80a22f) commit 7db0a50a8f8911d89af40bba8a6d3db9a70c827d Author: Andrew Bartlett Date: Fri Apr 16 10:43:07 2021 +1200 docs: Expand the "log level" docs on audit logging BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689 Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider (cherry picked from commit 38fe888f95f8d22736080ed521939be932e7bca0) commit cc4e8ec610b4db3743ba9823b1abdd7abd15091f Author: Andrew Bartlett Date: Thu Apr 15 14:40:30 2021 +1200 docs: underline special words in the audit logging part of "log level" in man smb.conf BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689 Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider (cherry picked from commit d03e7ffcff32452bb92f2ced9f06cbeab9843e04) commit ecfca707d5ff2d0cc88e6350f8023d7a1a7dce67 Author: Andrew Bartlett Date: Thu Apr 15 14:45:07 2021 +1200 docs: Further discourage the use of the "event notification" options BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689 Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider (cherry picked from commit 364b8be9816b34b2a1b07c6259345c406d68c9f2) commit 54ef0e6d6bb99303562c67c23de50067b8a5a6b2 Author: Andrew Bartlett Date: Thu Apr 15 14:44:22 2021 +1200 docs: Add proper explination on why transactions need to be audited. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689 Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider (cherry picked from commit a778a3a6420f094a953563b87f84457fdebd20a3) commit 990997cae28dc427eeb4d5235ba6b093a4015de0 Author: Andrew Bartlett Date: Thu Apr 15 14:39:49 2021 +1200 docs: Add missing documentation on dsdb_group_audit and dsdb_group_audit_json BUG: https://bugzilla.samba.org/show_bug.cgi?id=14689 Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider (cherry picked from commit 2e533664e756ccde8fc1b3e41e70437c9e7bafcd) commit 60527b07cbd7fdec13fdb8ca812abd629ce76114 Author: Andrew Bartlett Date: Thu Apr 15 13:52:38 2021 +1200 debug: Synchronise "log level" in smb.conf with the code This is done by pasting in the contents of default_classname_table[] in lib/util/debug.c into cut -f 2 -d \"| xargs -i sh -c 'ech
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 75ad84167f5 CVE-2021-20254 passdb: Simplify sids_to_unixids() from 757c49f6dc5 s3:winbind: For 'security = ADS' require realm/workgroup to be set https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 75ad84167f5d2379557ec078d17c9a1c244402fc Author: Volker Lendecke Date: Sat Feb 20 15:50:12 2021 +0100 CVE-2021-20254 passdb: Simplify sids_to_unixids() Best reviewed with "git show -b", there's a "continue" statement that changes subsequent indentation. Decouple lookup status of ids from ID_TYPE_NOT_SPECIFIED Add comments to explain the use of the three lookup loops. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14571 Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Thu Apr 29 09:55:51 UTC 2021 on sn-devel-184 --- Summary of changes: source3/passdb/lookup_sid.c | 123 1 file changed, 101 insertions(+), 22 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index cf80a300189..0e01467b3cb 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -29,6 +29,7 @@ #include "../libcli/security/security.h" #include "lib/winbind_util.h" #include "../librpc/gen_ndr/idmap.h" +#include "lib/util/bitmap.h" static bool lookup_unix_user_name(const char *name, struct dom_sid *sid) { @@ -1266,7 +1267,9 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, { struct wbcDomainSid *wbc_sids = NULL; struct wbcUnixId *wbc_ids = NULL; + struct bitmap *found = NULL; uint32_t i, num_not_cached; + uint32_t wbc_ids_size = 0; wbcErr err; bool ret = false; @@ -1274,6 +1277,20 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, if (wbc_sids == NULL) { return false; } + found = bitmap_talloc(wbc_sids, num_sids); + if (found == NULL) { + goto fail; + } + + /* +* We go through the requested SID array three times. +* First time to look for global_sid_Unix_Users +* and global_sid_Unix_Groups SIDS, and to look +* for mappings cached in the idmap_cache. +* +* Use bitmap_set() to mark an ids[] array entry as +* being mapped. +*/ num_not_cached = 0; @@ -1285,17 +1302,20 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, [i], )) { ids[i].type = ID_TYPE_UID; ids[i].id = rid; + bitmap_set(found, i); continue; } if (sid_peek_check_rid(_sid_Unix_Groups, [i], )) { ids[i].type = ID_TYPE_GID; ids[i].id = rid; + bitmap_set(found, i); continue; } if (idmap_cache_find_sid2unixid([i], [i], ) && !expired) { + bitmap_set(found, i); continue; } ids[i].type = ID_TYPE_NOT_SPECIFIED; @@ -1306,62 +1326,121 @@ bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, if (num_not_cached == 0) { goto done; } - wbc_ids = talloc_array(talloc_tos(), struct wbcUnixId, num_not_cached); + + /* +* For the ones that we couldn't map in the loop above, query winbindd +* via wbcSidsToUnixIds(). +*/ + + wbc_ids_size = num_not_cached; + wbc_ids = talloc_array(talloc_tos(), struct wbcUnixId, wbc_ids_size); if (wbc_ids == NULL) { goto fail; } - for (i=0; i id is a union anyway */ - ids[i].type = (enum id_type)wbc_ids[num_not_cached].type; - ids[i].id = wbc_ids[num_not_cached].id.gid; - break; - } - num_not_cached += 1; + if (bitmap_query(found, i)) { + continue; + } + + SMB_ASSERT(num_not_cached < wbc_ids_size); + + switch (wbc_ids[num_not_cached].type) { + case WBC_ID_TYPE_UID: + ids[i].type = ID_TYPE_UID; + ids[i].id = wbc_ids[num_not_cached].id.uid; + bitmap_set(found, i); + break; +
[SCM] Samba Shared Repository - branch v4-12-test updated
The branch, v4-12-test has been updated via a0531b507d1 VERSION: Bump version up to 4.12.16. via 5ab7bbd30bd Merge tag 'samba-4.12.15' into v4-12-test via 703c6301013 VERSION: Disable GIT_SNAPSHOT for the 4.12.15 release. via 05214a24860 WHATSNEW: Add release notes for Samba 4.12.15. via 6a6a33274c0 CVE-2021-20254 passdb: Simplify sids_to_unixids() via 80c8c8552ed VERSION: Enable GIT_SNAPSHOT. via 70a4b0269e9 VERSION: Bump version up to 4.12.15... from deb7b32b437 VERSION: Bump version up to 4.12.15... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test - Log - commit a0531b507d1087ef1e1242d707c5d02d455a3177 Author: Karolin Seeger Date: Thu Apr 29 11:13:50 2021 +0200 VERSION: Bump version up to 4.12.16. Signed-off-by: Karolin Seeger commit 5ab7bbd30bd8cdd4510c07b37577f6c4d78ee187 Merge: deb7b32b437 703c6301013 Author: Karolin Seeger Date: Thu Apr 29 11:12:26 2021 +0200 Merge tag 'samba-4.12.15' into v4-12-test samba: tag release samba-4.12.15 --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 68 - source3/passdb/lookup_sid.c | 140 +--- 3 files changed, 185 insertions(+), 25 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 1f011252804..8c7f01c0903 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=12 -SAMBA_VERSION_RELEASE=15 +SAMBA_VERSION_RELEASE=16 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index f3c64a7050c..d77b074f2a7 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,68 @@ + === + Release Notes for Samba 4.12.15 + April 29, 2021 + === + + +This is a security release in order to address the following defect: + +o CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries + in the Samba file server process token. + + +=== +Details +=== + +o CVE-2021-20254: + The Samba smbd file server must map Windows group identities (SIDs) into unix + group ids (gids). The code that performs this had a flaw that could allow it + to read data beyond the end of the array in the case where a negative cache + entry had been added to the mapping cache. This could cause the calling code + to return those values into the process token that stores the group + membership for a user. + + Most commonly this flaw caused the calling code to crash, but an alert user + (Peter Eriksson, IT Department, Linköping University) found this flaw by + noticing an unprivileged user was able to delete a file within a network + share that they should have been disallowed access to. + + Analysis of the code paths has not allowed us to discover a way for a + remote user to be able to trigger this flaw reproducibly or on demand, + but this CVE has been issued out of an abundance of caution. + + +Changes since 4.12.14 +- + +o Volker Lendecke + * BUG 14571: CVE-2021-20254: Fix buffer overrun in sids_to_unixids(). + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + === Release Notes for Samba 4.12.14 March 24, 2021 @@ -55,8 +120,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- === diff --git a/source3/passdb/lookup_sid.c b/source3/pa
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via 4484b030c0d VERSION: Bump version up to 4.13.9. via 5e9cd05325e Merge tag 'samba-4.13.8' into v4-13-test via 058aaad5f4a WHATSNEW: Add release notes for Samba 4.13.8. via 32c511d439b CVE-2021-20254 passdb: Simplify sids_to_unixids() via 2f7500d3927 VERSION: Bump version up to 4.13.8... from 2022e490d5e s3-iremotewinspool: set the per-request memory context https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit 4484b030c0dc20285950da1b65d3cfad6393464d Author: Karolin Seeger Date: Thu Apr 29 11:11:31 2021 +0200 VERSION: Bump version up to 4.13.9. Signed-off-by: Karolin Seeger commit 5e9cd05325ea0220426cef1fe8990c1f303a0867 Merge: 2022e490d5e 058aaad5f4a Author: Karolin Seeger Date: Thu Apr 29 11:11:10 2021 +0200 Merge tag 'samba-4.13.8' into v4-13-test samba: tag release samba-4.13.8 commit 058aaad5f4a2399dc0c11b42a6650c251957f24d Author: Karolin Seeger Date: Mon Apr 26 12:45:26 2021 +0200 WHATSNEW: Add release notes for Samba 4.13.8. Signed-off-by: Karolin Seeger commit 32c511d439b23d880133b8d9d32274eba3952a88 Author: Volker Lendecke Date: Sat Feb 20 15:50:12 2021 +0100 CVE-2021-20254 passdb: Simplify sids_to_unixids() Best reviewed with "git show -b", there's a "continue" statement that changes subsequent indentation. Decouple lookup status of ids from ID_TYPE_NOT_SPECIFIED Bug: https://bugzilla.samba.org/show_bug.cgi?id=14571 Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison (backported from patch from master) [backport by npo...@samba.org as master commit 493f5d6b078e0b0f80d1ef25043e2834cb4fcb87 and 58e9b6ad62c81cdf11d704859a227cb2902b creates conflicts due to rename of WBC_ID_TYPE_* -> ID_TYPE_*] --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 68 +++- source3/passdb/lookup_sid.c | 123 3 files changed, 168 insertions(+), 25 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index ae39d7d1aac..b151df5266d 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=13 -SAMBA_VERSION_RELEASE=8 +SAMBA_VERSION_RELEASE=9 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 7df21d367c1..6fe057c5b40 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,68 @@ + == + Release Notes for Samba 4.13.8 + April 29, 2021 + == + + +This is a security release in order to address the following defect: + +o CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries + in the Samba file server process token. + + +=== +Details +=== + +o CVE-2021-20254: + The Samba smbd file server must map Windows group identities (SIDs) into unix + group ids (gids). The code that performs this had a flaw that could allow it + to read data beyond the end of the array in the case where a negative cache + entry had been added to the mapping cache. This could cause the calling code + to return those values into the process token that stores the group + membership for a user. + + Most commonly this flaw caused the calling code to crash, but an alert user + (Peter Eriksson, IT Department, Linköping University) found this flaw by + noticing an unprivileged user was able to delete a file within a network + share that they should have been disallowed access to. + + Analysis of the code paths has not allowed us to discover a way for a + remote user to be able to trigger this flaw reproducibly or on demand, + but this CVE has been issued out of an abundance of caution. + + +Changes since 4.13.7 + + +o Volker Lendecke + * BUG 14571: CVE-2021-20254: Fix buffer overrun in sids_to_unixids(). + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via c650f7738bf VERSION: Bump version up to 4.14.5. via 73195193503 Merge tag 'samba-4.14.4' into v4-14-test via e29fc62e1d6 VERSION: Disable GIT_SNAPSHOT for the 4.14.4 release. via 45f106c1218 WHATSNEW: Add release notes for Samba 4.14.4. via 55b8f31679b CVE-2021-20254 passdb: Simplify sids_to_unixids() via 77aa340ad8c VERSION: Bump version up to 4.14.4... from a8b9ea7e1aa VERSION: Bump version up to 4.14.4... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit c650f7738bf12b8375a07bfc395686f6bf4d02ad Author: Karolin Seeger Date: Thu Apr 29 11:09:46 2021 +0200 VERSION: Bump version up to 4.14.5. Signed-off-by: Karolin Seeger commit 7319519350329db148959c6e4532aab390a2140f Merge: a8b9ea7e1aa e29fc62e1d6 Author: Karolin Seeger Date: Thu Apr 29 11:09:10 2021 +0200 Merge tag 'samba-4.14.4' into v4-14-test samba: tag release samba-4.14.4 --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 68 +++- source3/passdb/lookup_sid.c | 123 3 files changed, 168 insertions(+), 25 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 23737d21667..94094eb0afb 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=14 -SAMBA_VERSION_RELEASE=4 +SAMBA_VERSION_RELEASE=5 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 71eff9a756c..8fa0ee3caf1 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,68 @@ + == + Release Notes for Samba 4.14.4 + April 29, 2021 + == + + +This is a security release in order to address the following defect: + +o CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries + in the Samba file server process token. + + +=== +Details +=== + +o CVE-2021-20254: + The Samba smbd file server must map Windows group identities (SIDs) into unix + group ids (gids). The code that performs this had a flaw that could allow it + to read data beyond the end of the array in the case where a negative cache + entry had been added to the mapping cache. This could cause the calling code + to return those values into the process token that stores the group + membership for a user. + + Most commonly this flaw caused the calling code to crash, but an alert user + (Peter Eriksson, IT Department, Linköping University) found this flaw by + noticing an unprivileged user was able to delete a file within a network + share that they should have been disallowed access to. + + Analysis of the code paths has not allowed us to discover a way for a + remote user to be able to trigger this flaw reproducibly or on demand, + but this CVE has been issued out of an abundance of caution. + + +Changes since 4.14.3 + + +o Volker Lendecke + * BUG 14571: CVE-2021-20254: Fix buffer overrun in sids_to_unixids(). + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 4.14.3 April 20, 2021 @@ -67,8 +132,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- == diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index cf80a300189..0e01467b3cb 100644 --- a/source3/pa
[Announce] Samba 4.14.4, 4.13.8 and 4.12.15 Security Releases Available
Release Announcements - These are security releases in order to address the following defect: o CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token. === Details === o CVE-2021-20254: The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. Most commonly this flaw caused the calling code to crash, but an alert user (Peter Eriksson, IT Department, Linköping University) found this flaw by noticing an unprivileged user was able to delete a file within a network share that they should have been disallowed access to. Analysis of the code paths has not allowed us to discover a way for a remote user to be able to trigger this flaw reproducibly or on demand, but this CVE has been issued out of an abundance of caution. Changes --- o Volker Lendecke * BUG 14571: CVE-2021-20254: Fix buffer overrun in sids_to_unixids(). ### Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 4.1 and newer product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID AA99442FB680B620). The source code can be downloaded from: https://download.samba.org/pub/samba/stable/ The release notes are available online at: https://www.samba.org/samba/history/samba-4.14.4.html https://www.samba.org/samba/history/samba-4.13.8.html https://www.samba.org/samba/history/samba-4.12.15.html Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team signature.asc Description: PGP signature
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 8309630 CVE-2021-20254.html: ö -> from c84ca93 NEWS[4.14.4]: Samba 4.14.4, 4.13.8 and 4.12.15 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 830963018dde9c16921921789ab4ae2b7b974fa3 Author: Karolin Seeger Date: Thu Apr 29 10:55:36 2021 +0200 CVE-2021-20254.html: ö -> Signed-off-by: Karolin Seeger --- Summary of changes: security/CVE-2021-20254.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/security/CVE-2021-20254.html b/security/CVE-2021-20254.html index bf96419..1f766d8 100644 --- a/security/CVE-2021-20254.html +++ b/security/CVE-2021-20254.html @@ -40,7 +40,7 @@ cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. Most commonly this flaw caused the calling code to crash, but an alert -user (Peter Eriksson, IT Department, Linköping University) found this +user (Peter Eriksson, IT Department, Linkping University) found this flaw by noticing an unprivileged user was able to delete a file within a network share that they should have been disallowed access to. -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via c84ca93 NEWS[4.14.4]: Samba 4.14.4, 4.13.8 and 4.12.15 Available for Download from 470c809 fix Lightspeed address https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit c84ca93f6eb37183b210b042486fd88a3fb6e97b Author: Karolin Seeger Date: Mon Apr 26 11:21:29 2021 +0200 NEWS[4.14.4]: Samba 4.14.4, 4.13.8 and 4.12.15 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 3 + history/samba-4.12.15.html | 63 history/samba-4.13.8.html| 63 history/samba-4.14.4.html| 63 history/security.html| 19 + posted_news/20210429-080831.4.14.4.body.html | 22 ++ posted_news/20210429-080831.4.14.4.headline.html | 4 + security/CVE-2021-20254.html | 96 8 files changed, 333 insertions(+) create mode 100644 history/samba-4.12.15.html create mode 100644 history/samba-4.13.8.html create mode 100644 history/samba-4.14.4.html create mode 100644 posted_news/20210429-080831.4.14.4.body.html create mode 100644 posted_news/20210429-080831.4.14.4.headline.html create mode 100644 security/CVE-2021-20254.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index e7bf5c2..73047a3 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,10 +9,12 @@ Release Notes + samba-4.14.4 samba-4.14.3 samba-4.14.2 samba-4.14.1 samba-4.14.0 + samba-4.13.8 samba-4.13.7 samba-4.13.6 samba-4.13.5 @@ -21,6 +23,7 @@ samba-4.13.2 samba-4.13.1 samba-4.13.0 + samba-4.12.15 samba-4.12.14 samba-4.12.13 samba-4.12.12 diff --git a/history/samba-4.12.15.html b/history/samba-4.12.15.html new file mode 100644 index 000..907c80f --- /dev/null +++ b/history/samba-4.12.15.html @@ -0,0 +1,63 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.12.15 - Release Notes + + +Samba 4.12.15 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.12.15.tar.gz;>Samba 4.12.15 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.12.15.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.12.14-4.12.15.diffs.gz;>Patch (gzipped) against Samba 4.12.14 +https://download.samba.org/pub/samba/patches/samba-4.12.14-4.12.15.diffs.asc;>Signature + + + + === + Release Notes for Samba 4.12.15 + April 29, 2021 + === + + +This is a security release in order to address the following defect: + +o CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries + in the Samba file server process token. + + +=== +Details +=== + +o CVE-2021-20254: + The Samba smbd file server must map Windows group identities (SIDs) into unix + group ids (gids). The code that performs this had a flaw that could allow it + to read data beyond the end of the array in the case where a negative cache + entry had been added to the mapping cache. This could cause the calling code + to return those values into the process token that stores the group + membership for a user. + + Most commonly this flaw caused the calling code to crash, but an alert user + (Peter Eriksson, IT Department, Linkping University) found this flaw by + noticing an unprivileged user was able to delete a file within a network + share that they should have been disallowed access to. + + Analysis of the code paths has not allowed us to discover a way for a + remote user to be able to trigger this flaw reproducibly or on demand, + but this CVE has been issued out of an abundance of caution. + + +Changes since 4.12.14 +- + +o Volker Lendecke v...@samba.org + * BUG 14571: CVE-2021-20254: Fix buffer overrun in sids_to_unixids(). + + + + + + diff --git a/history/samba-4.13.8.html b/history/samba-4.13.8.html new file mode 100644 index 000..59c8ef3 --- /dev/null +++ b/history/samba-4.13.8.html @@ -0,0 +1,63 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xh
[SCM] Samba Shared Repository - branch v4-12-stable updated
The branch, v4-12-stable has been updated via 703c6301013 VERSION: Disable GIT_SNAPSHOT for the 4.12.15 release. via 05214a24860 WHATSNEW: Add release notes for Samba 4.12.15. via 6a6a33274c0 CVE-2021-20254 passdb: Simplify sids_to_unixids() via 80c8c8552ed VERSION: Enable GIT_SNAPSHOT. via 70a4b0269e9 VERSION: Bump version up to 4.12.15... from 94c36535bfd WHATSNEW: Add release notes for Samba 4.12.14. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-stable - Log - commit 703c6301013f78e80882abfe8375d6a45a176b7f Author: Karolin Seeger Date: Mon Apr 26 13:38:31 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.12.15 release. BUG 14571: CVE-2021-20254: Buffer overrun in sids_to_unixids(). Signed-off-by: Karolin Seeger commit 05214a2486061a3bf6c06a70a2016a2994bb37e3 Author: Karolin Seeger Date: Mon Apr 26 13:37:22 2021 +0200 WHATSNEW: Add release notes for Samba 4.12.15. Signed-off-by: Karolin Seeger commit 6a6a33274c0829bb48c280f65c06213a185bee81 Author: Volker Lendecke Date: Sat Feb 20 15:50:12 2021 +0100 CVE-2021-20254 passdb: Simplify sids_to_unixids() Best reviewed with "git show -b", there's a "continue" statement that changes subsequent indentation. Decouple lookup status of ids from ID_TYPE_NOT_SPECIFIED Bug: https://bugzilla.samba.org/show_bug.cgi?id=14571 Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison (backported from patch from master) [backport by npo...@samba.org as master commit 493f5d6b078e0b0f80d1ef25043e2834cb4fcb87 and 58e9b6ad62c81cdf11d704859a227cb2902b creates conflicts due to rename of WBC_ID_TYPE_* -> ID_TYPE_*] [backport by j...@samba.org to work around a compiler bug showing this error on gcc 5.6 -> 6.x, seen on Debian 9 and Ubuntu 16.04 under -O3: ../../source3/passdb/lookup_sid.c:1246:6: error: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Werror=strict-overflow]] commit 80c8c8552ed7522fadad7a861fda6594b47d02fa Author: Karolin Seeger Date: Mon Apr 26 13:20:37 2021 +0200 VERSION: Enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 70a4b0269e9573560d319591813f4e5ee4513fa2 Author: Stefan Metzmacher Date: Wed Mar 24 11:32:11 2021 +0100 VERSION: Bump version up to 4.12.15... GIT_SNAPSHOT is already 'yes'. Signed-off-by: Stefan Metzmacher (cherry picked from commit deb7b32b4372625211a4d6ba26e3d00223e903ca) --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 68 - source3/passdb/lookup_sid.c | 140 +--- 3 files changed, 185 insertions(+), 25 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index b3cc915133d..01596d8c954 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=12 -SAMBA_VERSION_RELEASE=14 +SAMBA_VERSION_RELEASE=15 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index f3c64a7050c..d77b074f2a7 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,68 @@ + === + Release Notes for Samba 4.12.15 + April 29, 2021 + === + + +This is a security release in order to address the following defect: + +o CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries + in the Samba file server process token. + + +=== +Details +=== + +o CVE-2021-20254: + The Samba smbd file server must map Windows group identities (SIDs) into unix + group ids (gids). The code that performs this had a flaw that could allow it + to read data beyond the end of the array in the case where a negative cache + entry had been added to the mapping cache. This could cause the calling code + to return those values into the process token that stores the group + membership for a user. + + Most commonly this flaw caused the calling code to crash, but an alert user + (Peter Eriksson, IT Department, Linköping University) found this flaw by + noticing an unprivileged user was able to delete a file within a network + share that they should have been disallowed access to. + + Analysis of the code paths has not allowed us to discover a way for a + remote user to be able to trigger this flaw reproducibly or on demand, + but this CVE has been issued out of an abundance of caution. + + +Changes since 4.12.14 +
[SCM] Samba Shared Repository - annotated tag samba-4.12.15 created
The annotated tag, samba-4.12.15 has been created at d744541db986a2e6cdcbc2a9cb13edd64b0d025a (tag) tagging 703c6301013f78e80882abfe8375d6a45a176b7f (commit) replaces samba-4.12.14 tagged by Karolin Seeger on Mon Apr 26 13:42:29 2021 +0200 - Log - samba: tag release samba-4.12.15 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmCGpyUACgkQqplEL7aA tiDyYg//U428Khapx91YuFPFXDt5+NWPwTq0xLaIjYLzTM/Twz51GSLnrBR860yl AmZ4G4/pvLVqHyeT9LDZWCyqvrenieL/qnfusFMBS796oPRwwtrnEIhSLaD0GD/x BRKKS6HHSACs6anhJn155rvVn6v3cA1+6IC7jXoh6fNNDU0AVWD/RB+v2llYd7kg YP8+Y9g0gYFHceJBHMlLbuOrKqkHKtdMZPlnhYRvUIBkaqtg/qCqPrVCMx1GQHMM xmSb8xMTklz0eMvXkrItd/SFB6eKpXXSUC+zj/m4XqcGDZB3zLeGPgOww+QUku8z u0o1Yg76MzFLxtBBkq24RZBRBWEGOYfLpdXbYIKc3YB/714U+0w+0QfMSKA9odlk y9r08iUePQ+CeyEdzMvNO1x6EykBuLkxB+25T7fF4Rxb+raARP9wru997yyHK+Vy EBFmnrM1/iMdmwPaWGnBEjJUOH4dZ8pHu8H2HiOVW7KXfoeV3HzXOJG3up64Nw13 vRgkkltlKhSnQEySSM8Rht9Ms8RXvqeS/3bQXLIwuxy//J87GBtqPTSrjno/M2wB EktBMost8d+6zKmQBHj8fZLq246Q2ZO0S3Yq958+Eg6eguDRE3HGCckElCqwfVXF wqL0e1Ogk2FnKjOGbHN5zFuq4ETeevPjDaRRuYfoy095V1OJCkA= =TwNZ -END PGP SIGNATURE- Karolin Seeger (4): WHATSNEW: Add release notes for Samba 4.12.14. VERSION: Enable GIT_SNAPSHOT. WHATSNEW: Add release notes for Samba 4.12.15. VERSION: Disable GIT_SNAPSHOT for the 4.12.15 release. Stefan Metzmacher (1): VERSION: Bump version up to 4.12.15... Volker Lendecke (1): CVE-2021-20254 passdb: Simplify sids_to_unixids() --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-13-stable updated
The branch, v4-13-stable has been updated via 692d5287eaf VERSION: Disable GIT_SNAPSHOT for the 4.13.8 release. via dc853e700d4 WHATSNEW: Add release notes for Samba 4.13.8. via 39d9e71cfcf CVE-2021-20254 passdb: Simplify sids_to_unixids() via a44be607c9d VERSION: Enable GIT_SNAPSHOT. via 2f7500d3927 VERSION: Bump version up to 4.13.8... from bf1d38a7a16 WHATSNEW: Add release notes for Samba 4.13.7. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-stable - Log - commit 692d5287eaf0559777b8aeeef11e62549da06068 Author: Karolin Seeger Date: Mon Apr 26 13:09:58 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.13.8 release. BUG 14571: CVE-2021-20254: Buffer overrun in sids_to_unixids(). Signed-off-by: Karolin Seeger commit dc853e700d4bb1d6faf4d2d8aac180d458d76c8b Author: Karolin Seeger Date: Mon Apr 26 12:45:26 2021 +0200 WHATSNEW: Add release notes for Samba 4.13.8. Signed-off-by: Karolin Seeger commit 39d9e71cfcff17395ba26c076e2dc5fe0ddc1d65 Author: Volker Lendecke Date: Sat Feb 20 15:50:12 2021 +0100 CVE-2021-20254 passdb: Simplify sids_to_unixids() Best reviewed with "git show -b", there's a "continue" statement that changes subsequent indentation. Decouple lookup status of ids from ID_TYPE_NOT_SPECIFIED Bug: https://bugzilla.samba.org/show_bug.cgi?id=14571 Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison (backported from patch from master) [backport by npo...@samba.org as master commit 493f5d6b078e0b0f80d1ef25043e2834cb4fcb87 and 58e9b6ad62c81cdf11d704859a227cb2902b creates conflicts due to rename of WBC_ID_TYPE_* -> ID_TYPE_*] commit a44be607c9d6dca5052e82d12d487e90376e2d28 Author: Karolin Seeger Date: Mon Apr 26 13:08:23 2021 +0200 VERSION: Enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 2f7500d3927812bab01680e26bf1b49224e6bd2a Author: Stefan Metzmacher Date: Wed Mar 24 11:52:22 2021 +0100 VERSION: Bump version up to 4.13.8... GIT_SNAPSHOT is already 'yes'. Signed-off-by: Stefan Metzmacher (cherry picked from commit 5677103fe7b49ed7738d5df5e5231473c673e08c) --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 68 +++- source3/passdb/lookup_sid.c | 123 3 files changed, 168 insertions(+), 25 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 9f3a9e91308..030268366fc 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=13 -SAMBA_VERSION_RELEASE=7 +SAMBA_VERSION_RELEASE=8 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 7df21d367c1..6fe057c5b40 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,68 @@ + == + Release Notes for Samba 4.13.8 + April 29, 2021 + == + + +This is a security release in order to address the following defect: + +o CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries + in the Samba file server process token. + + +=== +Details +=== + +o CVE-2021-20254: + The Samba smbd file server must map Windows group identities (SIDs) into unix + group ids (gids). The code that performs this had a flaw that could allow it + to read data beyond the end of the array in the case where a negative cache + entry had been added to the mapping cache. This could cause the calling code + to return those values into the process token that stores the group + membership for a user. + + Most commonly this flaw caused the calling code to crash, but an alert user + (Peter Eriksson, IT Department, Linköping University) found this flaw by + noticing an unprivileged user was able to delete a file within a network + share that they should have been disallowed access to. + + Analysis of the code paths has not allowed us to discover a way for a + remote user to be able to trigger this flaw reproducibly or on demand, + but this CVE has been issued out of an abundance of caution. + + +Changes since 4.13.7 + + +o Volker Lendecke + * BUG 14571: CVE-2021-20254: Fix buffer overrun in sids_to_unixids(). + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC
[SCM] Samba Shared Repository - annotated tag samba-4.13.8 created
The annotated tag, samba-4.13.8 has been created at 69f2c1b0e1cb59656fb33a965d4756a3cb3bd6ab (tag) tagging 058aaad5f4a2399dc0c11b42a6650c251957f24d (commit) replaces samba-4.13.7 tagged by Karolin Seeger on Mon Apr 26 13:03:23 2021 +0200 - Log - samba: tag release samba-4.13.8 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmCGnfsACgkQqplEL7aA tiD/Pw//WvpLzJSFaJfSYKOScgdA28add5G8OfLC+6k2zGL8AMXsDYOmBdp2dPDh EdLBdMC1qYWM0tWz6Y5P0ZI1GEso+ZarXA9yNWaPUA4xxRKu/TJA0Es5Pt0OAQe6 Sg42U9WecgP3ENnbPu9QNX5/5/EsbNAy48icQl4GVJdQddopvRXLmBw/sNvhGmSE SJY3rNVbpPSf8/93wfFDjFwhA4gQ3wxpYv0cY8fyLOAwWgj2ITzrv3Iwt4Gnwa79 9nXfhyJu60N754dsdM+QeF08W0bTLibpvP2cjuOOvn2iZn9GYGG4yoY6brGU7xwm mkLsjEIypvaSinQYeHmlOmZfaed2GjXPA8ATLEa06hbOEJ3edJoAdXzIWjbJj+1M KCOfJlKp+Tpo2eBdTjO/3VuXi2zEi4GcS5XCt9MtIXw2pzUWYSxjH2THTFSUxt3U ros3CeCjGM2bVrO96V+uaVDSTCG6LBpzGwy5+vc9al4XVGoGXTpG9+I99kn+yD95 ZvXAqKE3PRwnD850w8D5l6+iHsNsaZU1Wm1n3Z9v8cf5dRLVo4vBJDBbhYOeRexm KjKhg8GNaJem+oUdpvYj6zzShtdMpU8zzi5SJN7vLSThTLCdZqP2cX7IFGh5QVnx wvU0TWDZnrEuP72dOaC7AYxCOdVaSexFhrheWHM8XRsNeUnmZfc= =evdV -END PGP SIGNATURE- Karolin Seeger (1): WHATSNEW: Add release notes for Samba 4.13.8. Stefan Metzmacher (1): VERSION: Bump version up to 4.13.8... Volker Lendecke (1): CVE-2021-20254 passdb: Simplify sids_to_unixids() --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-14-stable updated
The branch, v4-14-stable has been updated via e29fc62e1d6 VERSION: Disable GIT_SNAPSHOT for the 4.14.4 release. via 45f106c1218 WHATSNEW: Add release notes for Samba 4.14.4. via 55b8f31679b CVE-2021-20254 passdb: Simplify sids_to_unixids() via 77aa340ad8c VERSION: Bump version up to 4.14.4... from def81d0a59d VERSION: Disable GIT_SNAPSHOT for the 4.14.3 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-stable - Log - commit e29fc62e1d60a1add177fca059d0d67dcf6a1866 Author: Karolin Seeger Date: Mon Apr 26 10:26:38 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.14.4 release. BUG 14571: CVE-2021-20254: Buffer overrun in sids_to_unixids(). Signed-off-by: Karolin Seeger commit 45f106c121814c0166fe7f9905b55c05a67dbda0 Author: Karolin Seeger Date: Mon Apr 26 10:26:10 2021 +0200 WHATSNEW: Add release notes for Samba 4.14.4. Signed-off-by: Karolin Seeger commit 55b8f31679b57545d7808cae8527663d770b10bc Author: Volker Lendecke Date: Sat Feb 20 15:50:12 2021 +0100 CVE-2021-20254 passdb: Simplify sids_to_unixids() Best reviewed with "git show -b", there's a "continue" statement that changes subsequent indentation. Decouple lookup status of ids from ID_TYPE_NOT_SPECIFIED Add comments to explain the use of the three lookup loops. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14571 Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison (cherry-picked from commit for master) commit 77aa340ad8c22a1f3ea43c90fbcedf5a424de56b Author: Karolin Seeger Date: Mon Apr 19 09:57:25 2021 +0200 VERSION: Bump version up to 4.14.4... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger (cherry picked from commit a8b9ea7e1aa4f526bd73baee45f0a3483c95381a) --- Summary of changes: VERSION | 2 +- WHATSNEW.txt| 68 +++- source3/passdb/lookup_sid.c | 123 3 files changed, 168 insertions(+), 25 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index fbdb45a2349..4b9426fa79b 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=14 -SAMBA_VERSION_RELEASE=3 +SAMBA_VERSION_RELEASE=4 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 71eff9a756c..8fa0ee3caf1 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,68 @@ + == + Release Notes for Samba 4.14.4 + April 29, 2021 + == + + +This is a security release in order to address the following defect: + +o CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries + in the Samba file server process token. + + +=== +Details +=== + +o CVE-2021-20254: + The Samba smbd file server must map Windows group identities (SIDs) into unix + group ids (gids). The code that performs this had a flaw that could allow it + to read data beyond the end of the array in the case where a negative cache + entry had been added to the mapping cache. This could cause the calling code + to return those values into the process token that stores the group + membership for a user. + + Most commonly this flaw caused the calling code to crash, but an alert user + (Peter Eriksson, IT Department, Linköping University) found this flaw by + noticing an unprivileged user was able to delete a file within a network + share that they should have been disallowed access to. + + Analysis of the code paths has not allowed us to discover a way for a + remote user to be able to trigger this flaw reproducibly or on demand, + but this CVE has been issued out of an abundance of caution. + + +Changes since 4.14.3 + + +o Volker Lendecke + * BUG 14571: CVE-2021-20254: Fix buffer overrun in sids_to_unixids(). + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (ht
[SCM] Samba Shared Repository - annotated tag samba-4.14.4 created
The annotated tag, samba-4.14.4 has been created at deeab6c9742780a4fcc8b73700625472f38248be (tag) tagging e29fc62e1d60a1add177fca059d0d67dcf6a1866 (commit) replaces samba-4.14.3 tagged by Karolin Seeger on Mon Apr 26 11:20:40 2021 +0200 - Log - samba: tag release samba-4.14.4 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmCGhegACgkQqplEL7aA tiAIgRAAkSTJ6znwcGwwb6m6dSz+pgxUJ64Z1NiQg5v3VJ4k+nGecGX+z0dNJTH2 zkaj/sWWP7U45pliq5y6tZbV4a5JZKDOX6pGutazno3m3RrDdkhUueaiait/GNMH lM1eBCgLgSwOKTJ8bKP+79KIWQNLFwgX0Z+GyU+PjJB8ytmDqxFjn8DUC4bbCnvh ysJMY77RK1VHaRfPkijpTPUCd/ZVEOWWtod/vS7qbzqgL5WGF/9Wq89MO5CKyOu2 kqmIF/K1XDZAgynFJ5qyLrXokNCtQW5sMYJw7nt78/3SG5U5X1OGgxrWkJNyp+IX vdU0MQBfVICX/fnwNy0lQ6WjBzVx4QyYXk/FZiE4J0CNk+RPQI3Bsa4foe3outeD mavnsuLJx4GwlIoBoBziexKqu8R9Zb/v5jM1enQf1O0DLutXbJXWeAu7W7dJ7AGb sLaWkJichL+GZ5aQ2iDa76frtDzmoVBT2XTig5p+lxtPi/a3wScBOUiPcFeoA1jD Eq9MwIm79DScpV0hte+Macktx1OWWFZWDd6NRtpB/027RchxeC3SXsMsg/6eDFb6 BmqlscRDoxIsg6ICBr+jqGJKmGKCc5ykBqRSnV4qPWzmsVBqWbnErCq5PdGSv3Ma BEpx4oz64rdseYG6ojDBospseGs8EYx7J/eSQDo1jYJZOJxIdJg= =7u/u -END PGP SIGNATURE- Karolin Seeger (3): VERSION: Bump version up to 4.14.4... WHATSNEW: Add release notes for Samba 4.14.4. VERSION: Disable GIT_SNAPSHOT for the 4.14.4 release. Volker Lendecke (1): CVE-2021-20254 passdb: Simplify sids_to_unixids() --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7e63e84d47d WHATSNEW: Document removal of NIS support from eb573067425 docs-xml: Add doc entities for the options of the new cmdline parser https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7e63e84d47d63d023bd1e540968ee1efd8bc262d Author: Andreas Schneider Date: Tue Apr 27 14:58:20 2021 +0200 WHATSNEW: Document removal of NIS support Signed-off-by: Andreas Schneider Reviewed-by: Karolin Seeger Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Wed Apr 28 08:47:21 UTC 2021 on sn-devel-184 --- Summary of changes: WHATSNEW.txt | 3 +++ 1 file changed, 3 insertions(+) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 4154e0849f2..013f5b6eb35 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -46,6 +46,9 @@ REMOVED FEATURES Tru64 ACL support has been removed from this release. The last supported release of Tru64 UNIX was in 2012. +NIS support has been removed from this release. This is not +available in Linux distributions anymore. + smb.conf changes -- Samba Shared Repository
[Announce] Samba 4.14.3 Available for Download
Release Announcements - This is the latest stable release of the Samba 4.14 release series. Changes since 4.14.2 o Trever L. Adams * BUG 14671: s3:modules:vfs_virusfilter: Recent New_VFS changes break vfs_virusfilter_openat. o Andrew Bartlett * BUG 14586: build: Notice if flex is missing at configure time. o Ralph Boehme * BUG 14672: Fix smbd panic when two clients open same file. * BUG 14675: Fix memory leak in the RPC server. * BUG 14679: s3: smbd: fix deferred renames. o Samuel Cabrero * BUG 14675: s3-iremotewinspool: Set the per-request memory context. o Volker Lendecke * BUG 14675: Fix memory leak in the RPC server. o Stefan Metzmacher * BUG 11899: third_party: Update socket_wrapper to version 1.3.2. * BUG 14640: third_party: Update socket_wrapper to version 1.3.3. o David Mulder * BUG 14665: samba-gpupdate: Test that sysvol paths download in case-insensitive way. o Sachin Prabhu * BUG 14662: smbd: Ensure errno is preserved across fsp destructor. o Christof Schmitt * BUG 14663: idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid conflict. o Martin Schwenke * BUG 14288: build: Only add -Wl,--as-needed when supported. ### Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 4.1 and newer product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID AA99442FB680B620). The source code can be downloaded from: https://download.samba.org/pub/samba/stable/ The release notes are available online at: https://www.samba.org/samba/history/samba-4.14.3.html Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team signature.asc Description: PGP signature
[SCM] Samba Shared Repository - branch v4-14-stable updated
The branch, v4-14-stable has been updated via def81d0a59d VERSION: Disable GIT_SNAPSHOT for the 4.14.3 release. via 794e1610385 WHATSNEW: Add release notes for Samba 4.14.3. via 1cf726dd52f build: Notice if flex is missing at configure time via b74a079a202 s3-iremotewinspool: set the per-request memory context via 12bfc430063 build: Only add -Wl,--as-needed when supported via 0662726974b s3: smbd: fix deferred renames via f5bb7a55018 s4: torture. Add smb2.lease.rename_wait test to reproduce regression in delay rename for lease break code. via e85d111f54f rpc_server3: Fix a memleak for internal pipes via ed30ce7aa0c spools: avoid leaking memory into the callers mem_ctx via 55c76604ca2 pidl: set the per-request memory context in the pidl generator via 051585ef361 smbd: free open_rec state in remove_deferred_open_message_smb2_internal() via ebec84c886e smbd: cancel pending poll open timer in poll_open_done() via da71738e987 smbd: reset dangling watch_req pointer in poll_open_done via 288c7472083 s3:modules:vfs_virusfilter: Recent New_VFS changes break vfs_virusfilter_openat. via a164468a406 samba-gpupdate: Check sysvol download paths in case-insensitive way via 702e0c55989 samba-gpupdate: Test that sysvol paths download in case-insensitive way via 231342faf2f idmap_nss: Do not return SID from unixids_to_sids on type mismatch via 7628a27a96b idmap_rfc2307: Do not return SID from unixids_to_sids on type mismatch via e7b1ee061ea winbind: Only use unixid2sid mapping when module reports ID_MAPPED via 6b8226b7355 smbd: Ensure errno is preserved across fsp destructor via a0862d6d6de third_party: Update socket_wrapper to version 1.3.3 via ed3c83a7f8c third_party: Update socket_wrapper to version 1.3.2 via 6e981465fce VERSION: Bump version up to 4.14.2... via 3dceb3ac569 Merge tag 'samba-4.14.2' into v4-14-test via 3fa3608e8f0 VERSION: Bump version up to 4.14.1... from 5b5f4deb88a WHATSNEW: Add release notes for Samba 4.14.2. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-stable - Log - --- Summary of changes: VERSION |2 +- WHATSNEW.txt | 76 +- buildtools/wafsamba/samba_third_party.py |2 +- pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm |2 + python/samba/gpclass.py |5 +- python/samba/tests/gpo.py| 10 + source3/modules/vfs_virusfilter.c|8 +- source3/rpc_server/rpc_handles.c |6 - source3/rpc_server/rpc_ncacn_np.c|2 +- source3/rpc_server/spoolss/srv_iremotewinspool.c |2 + source3/rpc_server/spoolss/srv_spoolss_nt.c |6 +- source3/smbd/files.c |3 + source3/smbd/open.c |3 + source3/smbd/smb2_create.c |1 + source3/smbd/smb2_setinfo.c |1 + source3/winbindd/idmap_nss.c |6 +- source3/winbindd/idmap_rfc2307.c |4 +- source3/winbindd/winbindd_dual_srv.c |8 +- source3/wscript |9 - source4/torture/smb2/lease.c | 145 ++ third_party/socket_wrapper/socket_wrapper.c | 1710 ++ third_party/socket_wrapper/socket_wrapper.h | 89 ++ third_party/socket_wrapper/wscript |8 +- wscript | 19 +- wscript_configure_embedded_heimdal |3 + 25 files changed, 1802 insertions(+), 328 deletions(-) create mode 100644 third_party/socket_wrapper/socket_wrapper.h Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index a1b3f67bdd1..fbdb45a2349 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=14 -SAMBA_VERSION_RELEASE=2 +SAMBA_VERSION_RELEASE=3 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 1ef1779c841..71eff9a756c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,76 @@ + == + Release Notes for Samba 4.14.3 + April 20, 2021 + == + + +This is the latest stable release of the Samba 4.14 release series. + + +Changes since 4.14.2 + + +o Trever L. Adams + * BUG 14671: s3:modules:vfs_virusfilter: Recent New_VFS changes break +
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via dadbd28 Add Samba 4.14.3 to the list. via e7fa145 NEWS[4.14.3]: Samba 4.14.3 Available for Download from 03b684e add width/height value for paypal logo https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit dadbd28cb3e326aacd828e062c307242d26e7d1b Author: Karolin Seeger Date: Tue Apr 20 12:07:16 2021 +0200 Add Samba 4.14.3 to the list. Signed-off-by: Karolin Seeger commit e7fa145d5e9b9968619995048552a9ce0d1f03c4 Author: Karolin Seeger Date: Tue Apr 20 12:05:43 2021 +0200 NEWS[4.14.3]: Samba 4.14.3 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.14.3.html| 71 posted_news/20210420-100655.4.14.3.body.html | 13 + posted_news/20210420-100655.4.14.3.headline.html | 3 + 4 files changed, 88 insertions(+) create mode 100644 history/samba-4.14.3.html create mode 100644 posted_news/20210420-100655.4.14.3.body.html create mode 100644 posted_news/20210420-100655.4.14.3.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 81d04cf..e7bf5c2 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.14.3 samba-4.14.2 samba-4.14.1 samba-4.14.0 diff --git a/history/samba-4.14.3.html b/history/samba-4.14.3.html new file mode 100644 index 000..55dcaeb --- /dev/null +++ b/history/samba-4.14.3.html @@ -0,0 +1,71 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.14.3 - Release Notes + + +Samba 4.14.3 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.14.3.tar.gz;>Samba 4.14.3 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.14.3.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.14.2-4.14.3.diffs.gz;>Patch (gzipped) against Samba 4.14.2 +https://download.samba.org/pub/samba/patches/samba-4.14.2-4.14.3.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.14.3 + April 20, 2021 + == + + +This is the latest stable release of the Samba 4.14 release series. + + +Changes since 4.14.2 + + +o Trever L. Adams trever.ad...@gmail.com + * BUG 14671: s3:modules:vfs_virusfilter: Recent New_VFS changes break + vfs_virusfilter_openat. + +o Andrew Bartlett abart...@samba.org + * BUG 14586: build: Notice if flex is missing at configure time. + +o Ralph Boehme s...@samba.org + * BUG 14672: Fix smbd panic when two clients open same file. + * BUG 14675: Fix memory leak in the RPC server. + * BUG 14679: s3: smbd: fix deferred renames. + +o Samuel Cabrero scabr...@samba.org + * BUG 14675: s3-iremotewinspool: Set the per-request memory context. + +o Volker Lendecke v...@samba.org + * BUG 14675: Fix memory leak in the RPC server. + +o Stefan Metzmacher me...@samba.org + * BUG 11899: third_party: Update socket_wrapper to version 1.3.2. + * BUG 14640: third_party: Update socket_wrapper to version 1.3.3. + +o David Mulder dmul...@suse.com + * BUG 14665: samba-gpupdate: Test that sysvol paths download in + case-insensitive way. + +o Sachin Prabhu spra...@redhat.com + * BUG 14662: smbd: Ensure errno is preserved across fsp destructor. + +o Christof Schmitt c...@samba.org + * BUG 14663: idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid + conflict. + +o Martin Schwenke mar...@meltin.net + * BUG 14288: build: Only add -Wl,--as-needed when supported. + + + + + + diff --git a/posted_news/20210420-100655.4.14.3.body.html b/posted_news/20210420-100655.4.14.3.body.html new file mode 100644 index 000..f8c4937 --- /dev/null +++ b/posted_news/20210420-100655.4.14.3.body.html @@ -0,0 +1,13 @@ + +20 April 2021 +Samba 4.14.3 Available for Download + +This is the latest stable release of the Samba 4.14 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/stable/samba-4.14.3.tar.gz;>downloaded now. +A https://download.samba.org/pub/samba/patches/samba-4.14.2-4.14.3.diffs.gz;>patch against Samba 4.14.2 is also available. +See https://www.samba.org/samba/history/samba-4.14.3.html;>the release notes for more info. + + diff --git a/posted_news/20210420-100655.4.14.3.headline.html b/posted_news/20210420-
[SCM] Samba Shared Repository - annotated tag samba-4.14.3 created
The annotated tag, samba-4.14.3 has been created at 8014da62334e05a95296b26a1faa0a0fc9ce3b80 (tag) tagging def81d0a59d5155e9a4337f3a5960bc98c78e263 (commit) replaces samba-4.14.2 tagged by Karolin Seeger on Tue Apr 20 12:05:16 2021 +0200 - Log - samba: tag release samba-4.14.3 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmB+p1wACgkQqplEL7aA tiBlhQ//WtjURY9XgS9lidp2LguyBj5UIJ0cywk+iRVbp/ucavhw9Ac2KCzNlKh1 iUFb2n9dkJlz9WkOyKVTslgNHge0YFhLwPKsLMPhrAQbmbZF5ZRL+V+/bkWm9/dB a1qkzoDAGFO0Fdtx5cFOnBLBxZ2M/1hIj4bLrI4Zt1v+jTQhWXM1W4JpCAUatE/l +GIpeV7cKzU3SBM4g5BpaHXk+Hu0RAXmCgjB/zjGt7mfg5h/5EFb6mTyFEo0Y1Ub llUG6wfG1emTY34DESPdoTkzI9YWiRp5zkgkwPkRImyTw690A9WLsL3+abMNJZMA 738hUAa9sv0/EiAHi/4eVbVpArP/cHfmlRyitrgAB6TJSIUpdhVNjs6/jmj42f1G OSoKihdZ8hfq+5WC23vgPQe3d5dLT4PVqCyk/acWGsxus4NuEQ5BtW7N4iib/tjl ICecAKaaiJOezl4+2j1RHUDTm9EqjO/GuZzTGF+hlr8kBod9UnMyl00l+Ln8z48N 9HZlSYaOiZkXINN8/LA3WThJeah8NrCXgtWY41/uNK0tLL+vdPr/nTG6iAXo666G uZmJAGODTTTEFQWh2yRQEZx1Jsp9YxWlcJnDVjx+3I748zg4xS2DY5o/1+BrvwOS t9K72iLAIhQu6AX9OGxKowfDkF8IJvvy5M0lcZK0PKaNyZR64uQ= =u7YG -END PGP SIGNATURE- Andrew Bartlett (1): build: Notice if flex is missing at configure time Christof Schmitt (3): winbind: Only use unixid2sid mapping when module reports ID_MAPPED idmap_rfc2307: Do not return SID from unixids_to_sids on type mismatch idmap_nss: Do not return SID from unixids_to_sids on type mismatch David Mulder (2): samba-gpupdate: Test that sysvol paths download in case-insensitive way samba-gpupdate: Check sysvol download paths in case-insensitive way Jeremy Allison (1): s4: torture. Add smb2.lease.rename_wait test to reproduce regression in delay rename for lease break code. Karolin Seeger (3): VERSION: Bump version up to 4.14.1... WHATSNEW: Add release notes for Samba 4.14.3. VERSION: Disable GIT_SNAPSHOT for the 4.14.3 release. Martin Schwenke (1): build: Only add -Wl,--as-needed when supported Ralph Boehme (6): smbd: reset dangling watch_req pointer in poll_open_done smbd: cancel pending poll open timer in poll_open_done() smbd: free open_rec state in remove_deferred_open_message_smb2_internal() pidl: set the per-request memory context in the pidl generator spools: avoid leaking memory into the callers mem_ctx s3: smbd: fix deferred renames Sachin Prabhu (1): smbd: Ensure errno is preserved across fsp destructor Samuel Cabrero (1): s3-iremotewinspool: set the per-request memory context Stefan Metzmacher (4): Merge tag 'samba-4.14.2' into v4-14-test VERSION: Bump version up to 4.14.2... third_party: Update socket_wrapper to version 1.3.2 third_party: Update socket_wrapper to version 1.3.3 Trever L. Adams (1): s3:modules:vfs_virusfilter: Recent New_VFS changes break vfs_virusfilter_openat. Volker Lendecke (1): rpc_server3: Fix a memleak for internal pipes --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via a8b9ea7e1aa VERSION: Bump version up to 4.14.4... via def81d0a59d VERSION: Disable GIT_SNAPSHOT for the 4.14.3 release. via 794e1610385 WHATSNEW: Add release notes for Samba 4.14.3. from 1cf726dd52f build: Notice if flex is missing at configure time https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit a8b9ea7e1aa4f526bd73baee45f0a3483c95381a Author: Karolin Seeger Date: Mon Apr 19 09:57:25 2021 +0200 VERSION: Bump version up to 4.14.4... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit def81d0a59d5155e9a4337f3a5960bc98c78e263 Author: Karolin Seeger Date: Mon Apr 19 09:56:47 2021 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.14.3 release. Signed-off-by: Karolin Seeger commit 794e1610385191345e16e70f61c712bccc4778c7 Author: Karolin Seeger Date: Mon Apr 19 09:56:20 2021 +0200 WHATSNEW: Add release notes for Samba 4.14.3. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 76 ++-- 2 files changed, 75 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 43019d5a7f4..23737d21667 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=14 -SAMBA_VERSION_RELEASE=3 +SAMBA_VERSION_RELEASE=4 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 1ef1779c841..71eff9a756c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,76 @@ + == + Release Notes for Samba 4.14.3 + April 20, 2021 + == + + +This is the latest stable release of the Samba 4.14 release series. + + +Changes since 4.14.2 + + +o Trever L. Adams + * BUG 14671: s3:modules:vfs_virusfilter: Recent New_VFS changes break + vfs_virusfilter_openat. + +o Andrew Bartlett + * BUG 14586: build: Notice if flex is missing at configure time. + +o Ralph Boehme + * BUG 14672: Fix smbd panic when two clients open same file. + * BUG 14675: Fix memory leak in the RPC server. + * BUG 14679: s3: smbd: fix deferred renames. + +o Samuel Cabrero + * BUG 14675: s3-iremotewinspool: Set the per-request memory context. + +o Volker Lendecke + * BUG 14675: Fix memory leak in the RPC server. + +o Stefan Metzmacher + * BUG 11899: third_party: Update socket_wrapper to version 1.3.2. + * BUG 14640: third_party: Update socket_wrapper to version 1.3.3. + +o David Mulder + * BUG 14665: samba-gpupdate: Test that sysvol paths download in + case-insensitive way. + +o Sachin Prabhu + * BUG 14662: smbd: Ensure errno is preserved across fsp destructor. + +o Christof Schmitt + * BUG 14663: idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid + conflict. + +o Martin Schwenke + * BUG 14288: build: Only add -Wl,--as-needed when supported. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 4.14.2 March 24, 2021 @@ -55,8 +128,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- == -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 1cf726dd52f build: Notice if flex is missing at configure time via b74a079a202 s3-iremotewinspool: set the per-request memory context from 12bfc430063 build: Only add -Wl,--as-needed when supported https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 1cf726dd52fe0ba383a67e7292f642090e8931cf Author: Andrew Bartlett Date: Fri Mar 26 21:48:45 2021 +1300 build: Notice if flex is missing at configure time This may also fix the coverage build by ensuring --noline is always specified to flex. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14586 Signed-off-by: Andrew Bartlett Reviewed-by: Gary Lockyer Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Mon Mar 29 02:12:23 UTC 2021 on sn-devel-184 (cherry picked from commit 942c0d2128cb8e64a9354dde6bdae82a1c1c3d88) Autobuild-User(v4-14-test): Karolin Seeger Autobuild-Date(v4-14-test): Tue Apr 20 07:39:05 UTC 2021 on sn-devel-184 commit b74a079a202089644090094dac06d327ff31aeec Author: Samuel Cabrero Date: Thu Apr 8 18:45:38 2021 +0200 s3-iremotewinspool: set the per-request memory context The iremotewinspool service is not using the pidl autogenerated code. Set the per-request memory context following the changes made is commit 5a7e9ade9a4cdfa68900c6a64b639f53c0da47ad. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675 CI: https://gitlab.com/samba-team/samba/-/merge_requests/1890 Signed-off-by: Samuel Cabrero Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Apr 9 15:20:02 UTC 2021 on sn-devel-184 (cherry picked from commit 1efa9ffd7ae77ebf22b28c12dd642a89991b75d2) --- Summary of changes: source3/rpc_server/spoolss/srv_iremotewinspool.c | 2 ++ source3/wscript | 9 - wscript | 16 +--- wscript_configure_embedded_heimdal | 3 +++ 4 files changed, 18 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/spoolss/srv_iremotewinspool.c b/source3/rpc_server/spoolss/srv_iremotewinspool.c index 26b225818f8..d6a983c722a 100644 --- a/source3/rpc_server/spoolss/srv_iremotewinspool.c +++ b/source3/rpc_server/spoolss/srv_iremotewinspool.c @@ -100,6 +100,7 @@ static NTSTATUS iremotewinspool__op_dispatch_internal(struct dcesrv_call_state * /* Update pipes struct opnum */ p->opnum = opnum; p->dce_call = dce_call; + p->mem_ctx = mem_ctx; /* Update pipes struct session info */ pipe_session_info = p->session_info; p->session_info = dce_call->auth_state->session_info; @@ -1238,6 +1239,7 @@ fail: } p->dce_call = NULL; + p->mem_ctx = NULL; /* Restore session info */ p->session_info = pipe_session_info; p->auth.auth_type = 0; diff --git a/source3/wscript b/source3/wscript index ba02a3586b9..adc31ce57b8 100644 --- a/source3/wscript +++ b/source3/wscript @@ -1838,15 +1838,6 @@ main() { define=None, on_target=False) -Logs.info("Checking for flex") -conf.find_program('flex', var='FLEX') -if conf.env['FLEX']: -conf.env.FLEXFLAGS = ['-t'] -conf.CHECK_COMMAND('%s --version' % conf.env.FLEX[0], - msg='Using flex version', - define=None, - on_target=False) - with_spotlight_tracker_backend = ( conf.CONFIG_SET('HAVE_TRACKER') and conf.CONFIG_SET('HAVE_GLIB') diff --git a/wscript b/wscript index 172d05c052b..83d94211338 100644 --- a/wscript +++ b/wscript @@ -240,6 +240,19 @@ def configure(conf): if not (Options.options.without_ad_dc): conf.DEFINE('AD_DC_BUILD_IS_ENABLED', 1) +# Check for flex before doing the embedded heimdal checks so we can bail if we don't have it. +Logs.info("Checking for flex") +conf.find_program('flex', var='FLEX') +if conf.env['FLEX']: +conf.CHECK_COMMAND('%s --version' % conf.env.FLEX[0], + msg='Using flex version', + define=None, + on_target=False) +conf.env.FLEXFLAGS = ['-t'] + +# #line statements in these generated files cause issues for lcov +conf.env.FLEXFLAGS += ["--noline"] + if Options.options.with_system_mitkrb5: if not Options.options.with_experimental_mit_ad_dc and \ not Options.options.without_ad_dc: @@ -372,9 +385,6 @@ def configure(conf): msg=&qu
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via 2022e490d5e s3-iremotewinspool: set the per-request memory context from 56156a8fd54 build: Only add -Wl,--as-needed when supported https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit 2022e490d5e506b5b07b02578a68b124241bdad6 Author: Samuel Cabrero Date: Thu Apr 8 18:45:38 2021 +0200 s3-iremotewinspool: set the per-request memory context The iremotewinspool service is not using the pidl autogenerated code. Set the per-request memory context following the changes made is commit 5a7e9ade9a4cdfa68900c6a64b639f53c0da47ad. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675 CI: https://gitlab.com/samba-team/samba/-/merge_requests/1890 Signed-off-by: Samuel Cabrero Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Apr 9 15:20:02 UTC 2021 on sn-devel-184 (cherry picked from commit 1efa9ffd7ae77ebf22b28c12dd642a89991b75d2) Autobuild-User(v4-13-test): Karolin Seeger Autobuild-Date(v4-13-test): Mon Apr 19 07:53:48 UTC 2021 on sn-devel-184 --- Summary of changes: source3/rpc_server/spoolss/srv_iremotewinspool.c | 2 ++ 1 file changed, 2 insertions(+) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/spoolss/srv_iremotewinspool.c b/source3/rpc_server/spoolss/srv_iremotewinspool.c index 26b225818f8..d6a983c722a 100644 --- a/source3/rpc_server/spoolss/srv_iremotewinspool.c +++ b/source3/rpc_server/spoolss/srv_iremotewinspool.c @@ -100,6 +100,7 @@ static NTSTATUS iremotewinspool__op_dispatch_internal(struct dcesrv_call_state * /* Update pipes struct opnum */ p->opnum = opnum; p->dce_call = dce_call; + p->mem_ctx = mem_ctx; /* Update pipes struct session info */ pipe_session_info = p->session_info; p->session_info = dce_call->auth_state->session_info; @@ -1238,6 +1239,7 @@ fail: } p->dce_call = NULL; + p->mem_ctx = NULL; /* Restore session info */ p->session_info = pipe_session_info; p->auth.auth_type = 0; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 12bfc430063 build: Only add -Wl,--as-needed when supported from 0662726974b s3: smbd: fix deferred renames https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 12bfc43006347ad6f775181528b872c0a968f8cd Author: Martin Schwenke Date: Mon Mar 29 16:30:37 2021 +1100 build: Only add -Wl,--as-needed when supported If -Wl,--as-needed is added to EXTRA_LDFLAGS (via ADD_LDFLAGS, as per commit 996560191ac6bd603901dcd6c0de5d239e019ef4) then on some platforms (at least CentOS 8 and Fedora 33), any indirect/recursive dependencies (i.e. private libraries) are added to both the binary (reqid_test in the CTDB case) and to samba-util.so. However, only samba-util.so has rpath set to find private libraries. When ld.so tries to resolve these dependencies for the binary it fails. This may be a bug on those platforms, but it occurs reliably and our users will also hit the bug. For binaries that have other private library dependencies (e.g. bundled talloc) rpath will contain the private library directory so the duplicate private library dependencies are then found... that is, when it works, it works by accident! For some reason (deep in waf or wafsamba) if -Wl,--as-needed is added to LINKFLAGS (as is done in conf.add_as_needed()) then it works: the direct dependencies are only added to samba-util.so and the same depenencies (indirect dependencies for binaries) are not added incorrectly to the binaries. So, without changing 1/2 of waf/wafsamba the simplest fix is to revert to adding -Wl,--as-needed to LINKFLAGS, which was the case before commit 996560191ac6bd603901dcd6c0de5d239e019ef4. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14288 RN: Fix the build on OmniOS Signed-off-by: Amitay Isaacs Signed-off-by: Martin Schwenke Reviewed-by: Bjoern Jacke Reviewed-by: Andrew Bartlett (backported from commit ff1c3af603b47a7e8f9faad8d1c2e4a489559155) Autobuild-User(v4-14-test): Karolin Seeger Autobuild-Date(v4-14-test): Wed Apr 14 07:34:20 UTC 2021 on sn-devel-184 --- Summary of changes: wscript | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/wscript b/wscript index 334b2988234..172d05c052b 100644 --- a/wscript +++ b/wscript @@ -340,7 +340,8 @@ def configure(conf): # allows us to find problems on our development hosts faster. # It also results in faster load time. -conf.add_as_needed() +if conf.CHECK_LDFLAGS('-Wl,--as-needed'): +conf.env.append_unique('LINKFLAGS', '-Wl,--as-needed') if not conf.CHECK_NEED_LC("-lc not needed"): conf.ADD_LDFLAGS('-lc', testflags=False) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via 56156a8fd54 build: Only add -Wl,--as-needed when supported from 7436dde6ef6 s3: smbd: fix deferred renames https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit 56156a8fd5432728b3d0526bb3ac3165ab5ebc90 Author: Martin Schwenke Date: Mon Mar 29 16:30:37 2021 +1100 build: Only add -Wl,--as-needed when supported If -Wl,--as-needed is added to EXTRA_LDFLAGS (via ADD_LDFLAGS, as per commit 996560191ac6bd603901dcd6c0de5d239e019ef4) then on some platforms (at least CentOS 8 and Fedora 33), any indirect/recursive dependencies (i.e. private libraries) are added to both the binary (reqid_test in the CTDB case) and to samba-util.so. However, only samba-util.so has rpath set to find private libraries. When ld.so tries to resolve these dependencies for the binary it fails. This may be a bug on those platforms, but it occurs reliably and our users will also hit the bug. For binaries that have other private library dependencies (e.g. bundled talloc) rpath will contain the private library directory so the duplicate private library dependencies are then found... that is, when it works, it works by accident! For some reason (deep in waf or wafsamba) if -Wl,--as-needed is added to LINKFLAGS (as is done in conf.add_as_needed()) then it works: the direct dependencies are only added to samba-util.so and the same depenencies (indirect dependencies for binaries) are not added incorrectly to the binaries. So, without changing 1/2 of waf/wafsamba the simplest fix is to revert to adding -Wl,--as-needed to LINKFLAGS, which was the case before commit 996560191ac6bd603901dcd6c0de5d239e019ef4. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14288 RN: Fix the build on OmniOS Signed-off-by: Amitay Isaacs Signed-off-by: Martin Schwenke Reviewed-by: Bjoern Jacke Reviewed-by: Andrew Bartlett (backported from commit ff1c3af603b47a7e8f9faad8d1c2e4a489559155) Autobuild-User(v4-13-test): Karolin Seeger Autobuild-Date(v4-13-test): Tue Apr 13 13:16:05 UTC 2021 on sn-devel-184 --- Summary of changes: wscript | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/wscript b/wscript index e50aba255a7..51b0376ac18 100644 --- a/wscript +++ b/wscript @@ -340,7 +340,8 @@ def configure(conf): # allows us to find problems on our development hosts faster. # It also results in faster load time. -conf.add_as_needed() +if conf.CHECK_LDFLAGS('-Wl,--as-needed'): +conf.env.append_unique('LINKFLAGS', '-Wl,--as-needed') if not conf.CHECK_NEED_LC("-lc not needed"): conf.ADD_LDFLAGS('-lc', testflags=False) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via 7436dde6ef6 s3: smbd: fix deferred renames via a85f7995740 s4: torture. Add smb2.lease.rename_wait test to reproduce regression in delay rename for lease break code. via 3644afc38c7 rpc_server3: Fix a memleak for internal pipes via 85b5657cbd6 spools: avoid leaking memory into the callers mem_ctx via 890cc945e33 pidl: set the per-request memory context in the pidl generator from 42e7b36454d smbd: free open_rec state in remove_deferred_open_message_smb2_internal() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit 7436dde6ef68826174b9f74a014e2a2040cb14a2 Author: Ralph Boehme Date: Mon Mar 29 12:24:39 2021 +0200 s3: smbd: fix deferred renames This was broken by c7a9e0e4cdfb22e66533b5c8e20af3cfdb8ae78c. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14679 CI: https://gitlab.com/samba-team/samba/-/merge_requests/1875 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Mar 31 06:13:39 UTC 2021 on sn-devel-184 (cherry picked from commit 10d753868e810604d8f60673bbd48f55aaff0797) Autobuild-User(v4-13-test): Karolin Seeger Autobuild-Date(v4-13-test): Thu Apr 1 12:19:23 UTC 2021 on sn-devel-184 commit a85f79957407b0369166c63e30537b5170ba0ea7 Author: Jeremy Allison Date: Tue Mar 30 15:05:47 2021 -0700 s4: torture. Add smb2.lease.rename_wait test to reproduce regression in delay rename for lease break code. Passes against Windows 10. Add to knownfail, the next commit will fix this. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14679 CI: https://gitlab.com/samba-team/samba/-/merge_requests/1875 Back-ported from 8d9a0b8d57713781c72440c7e91746b5d89e6f6a. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 3644afc38c726a19f39f1d4f96badfb7827fb1a4 Author: Volker Lendecke Date: Tue Mar 23 17:06:15 2021 +0100 rpc_server3: Fix a memleak for internal pipes state->call should not be talloc'ed off a long-lived context BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675 CI: https://gitlab.com/samba-team/samba/-/merge_requests/1861 RN: Memory leak in the RPC server Signed-off-by: Volker Lendecke Reviewed-by: Samuel Cabrero Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Mar 31 12:14:01 UTC 2021 on sn-devel-184 (cherry picked from commit 12f516e4680753460e7fe8811e6c6ff70057580c) commit 85b5657cbd685968045fcaad2e7d3323b902edc9 Author: Ralph Boehme Date: Mon Mar 22 12:06:39 2021 +0100 spools: avoid leaking memory into the callers mem_ctx BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675 CI: https://gitlab.com/samba-team/samba/-/merge_requests/1861 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke (cherry picked from commit 481176ec745c14b78fca68e01a61c83405a4b97b) commit 890cc945e338bbe3047bee45772330ec32feb5a2 Author: Ralph Boehme Date: Tue Mar 23 11:40:21 2021 +0100 pidl: set the per-request memory context in the pidl generator The talloc memory context referenced by the pipe_struct mem_ctx member is used as talloc parent for RPC response data by the RPC service implementations. In Samba versions up to 4.10 all talloc children of p->mem_ctx were freed after a RPC response was delivered by calling talloc_free_children(p->mem_ctx). Commit 60fa8e255254d38e9443bf96f2c0f31430be6ab8 removed this call which resulted in all memory allocations on this context not getting released, which can consume significant memory in long running RPC connections. Instead of putting the talloc_free_children(p->mem_ctx) back, just use the mem_ctx argument of the ${pipename}_op_dispatch_internal() function which is a dcesrv_call_state object created by dcesrv_process_ncacn_packet() and released by the RPC server when the RPC request processing is finished. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675 CI: https://gitlab.com/samba-team/samba/-/merge_requests/1861 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke (cherry picked from commit 4c3fb2a5912966a61e7ebdb05eb3231a0e1d6033) --- Summary of changes: pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm | 2 + source3/rpc_server/rpc_handles.c | 6 - source3/rpc_server/rpc_ncacn_np.c | 2 +- source3/rpc_server/spoolss/srv_spoolss_nt.c| 6 +- source3/smbd/smb2_setinfo.c| 1 + source4/torture/smb2/lease.c | 145 + 6 files changed, 153 inse
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 0662726974b s3: smbd: fix deferred renames via f5bb7a55018 s4: torture. Add smb2.lease.rename_wait test to reproduce regression in delay rename for lease break code. via e85d111f54f rpc_server3: Fix a memleak for internal pipes via ed30ce7aa0c spools: avoid leaking memory into the callers mem_ctx via 55c76604ca2 pidl: set the per-request memory context in the pidl generator from 051585ef361 smbd: free open_rec state in remove_deferred_open_message_smb2_internal() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 0662726974b43c2caa9d4a143c98d6935ca28eb7 Author: Ralph Boehme Date: Mon Mar 29 12:24:39 2021 +0200 s3: smbd: fix deferred renames This was broken by c7a9e0e4cdfb22e66533b5c8e20af3cfdb8ae78c. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14679 CI: https://gitlab.com/samba-team/samba/-/merge_requests/1875 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Mar 31 06:13:39 UTC 2021 on sn-devel-184 (cherry picked from commit 10d753868e810604d8f60673bbd48f55aaff0797) Autobuild-User(v4-14-test): Karolin Seeger Autobuild-Date(v4-14-test): Thu Apr 1 11:26:31 UTC 2021 on sn-devel-184 commit f5bb7a550180a60d929d854e01aeb84ddb00791f Author: Jeremy Allison Date: Tue Mar 30 15:05:47 2021 -0700 s4: torture. Add smb2.lease.rename_wait test to reproduce regression in delay rename for lease break code. Passes against Windows 10. Add to knownfail, the next commit will fix this. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14679 CI: https://gitlab.com/samba-team/samba/-/merge_requests/1875 Back-ported from 8d9a0b8d57713781c72440c7e91746b5d89e6f6a. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme commit e85d111f54f7aa77803f1e9fef92d5dd97968fd9 Author: Volker Lendecke Date: Tue Mar 23 17:06:15 2021 +0100 rpc_server3: Fix a memleak for internal pipes state->call should not be talloc'ed off a long-lived context BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675 CI: https://gitlab.com/samba-team/samba/-/merge_requests/1861 RN: Memory leak in the RPC server Signed-off-by: Volker Lendecke Reviewed-by: Samuel Cabrero Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Mar 31 12:14:01 UTC 2021 on sn-devel-184 (cherry picked from commit 12f516e4680753460e7fe8811e6c6ff70057580c) commit ed30ce7aa0cce39bf0e0a6a97afc8716873692fc Author: Ralph Boehme Date: Mon Mar 22 12:06:39 2021 +0100 spools: avoid leaking memory into the callers mem_ctx BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675 CI: https://gitlab.com/samba-team/samba/-/merge_requests/1861 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke (cherry picked from commit 481176ec745c14b78fca68e01a61c83405a4b97b) commit 55c76604ca2fac7348a6bddba1dfdc128c728f30 Author: Ralph Boehme Date: Tue Mar 23 11:40:21 2021 +0100 pidl: set the per-request memory context in the pidl generator The talloc memory context referenced by the pipe_struct mem_ctx member is used as talloc parent for RPC response data by the RPC service implementations. In Samba versions up to 4.10 all talloc children of p->mem_ctx were freed after a RPC response was delivered by calling talloc_free_children(p->mem_ctx). Commit 60fa8e255254d38e9443bf96f2c0f31430be6ab8 removed this call which resulted in all memory allocations on this context not getting released, which can consume significant memory in long running RPC connections. Instead of putting the talloc_free_children(p->mem_ctx) back, just use the mem_ctx argument of the ${pipename}_op_dispatch_internal() function which is a dcesrv_call_state object created by dcesrv_process_ncacn_packet() and released by the RPC server when the RPC request processing is finished. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14675 CI: https://gitlab.com/samba-team/samba/-/merge_requests/1861 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke (cherry picked from commit 4c3fb2a5912966a61e7ebdb05eb3231a0e1d6033) --- Summary of changes: pidl/lib/Parse/Pidl/Samba4/NDR/ServerCompat.pm | 2 + source3/rpc_server/rpc_handles.c | 6 - source3/rpc_server/rpc_ncacn_np.c | 2 +- source3/rpc_server/spoolss/srv_spoolss_nt.c| 6 +- source3/smbd/smb2_setinfo.c| 1 + source4/torture/smb2/lease.c | 145 + 6 files changed, 153 inse
[SCM] Samba Shared Repository - branch v4-14-test updated
The branch, v4-14-test has been updated via 051585ef361 smbd: free open_rec state in remove_deferred_open_message_smb2_internal() via ebec84c886e smbd: cancel pending poll open timer in poll_open_done() via da71738e987 smbd: reset dangling watch_req pointer in poll_open_done via 288c7472083 s3:modules:vfs_virusfilter: Recent New_VFS changes break vfs_virusfilter_openat. via a164468a406 samba-gpupdate: Check sysvol download paths in case-insensitive way via 702e0c55989 samba-gpupdate: Test that sysvol paths download in case-insensitive way via 231342faf2f idmap_nss: Do not return SID from unixids_to_sids on type mismatch via 7628a27a96b idmap_rfc2307: Do not return SID from unixids_to_sids on type mismatch via e7b1ee061ea winbind: Only use unixid2sid mapping when module reports ID_MAPPED via 6b8226b7355 smbd: Ensure errno is preserved across fsp destructor via a0862d6d6de third_party: Update socket_wrapper to version 1.3.3 via ed3c83a7f8c third_party: Update socket_wrapper to version 1.3.2 from 6e981465fce VERSION: Bump version up to 4.14.2... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-test - Log - commit 051585ef3616fc845ebbcbcf18c46f9d0cab2b00 Author: Ralph Boehme Date: Tue Mar 16 18:18:46 2021 +0100 smbd: free open_rec state in remove_deferred_open_message_smb2_internal() The lifetime of open_rec (struct deferred_open_record) ojects is the time processing the SMB open request every time the request is scheduled, ie once we reschedule we must wipe the slate clean. In case the request gets deferred again, a new open_rec will be created by the schedule functions. This ensures any timer-event tied to the open_rec gets cancelled and doesn't fire unexpectedly. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672 CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843 RN: smbd panic when two clients open same file Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Mar 18 18:04:09 UTC 2021 on sn-devel-184 (cherry picked from commit 591c9196962b695b01c0d86918b8f8a263e9665c) Autobuild-User(v4-14-test): Karolin Seeger Autobuild-Date(v4-14-test): Wed Mar 31 11:10:29 UTC 2021 on sn-devel-184 commit ebec84c886e7d7807609a3492e02fd1347898aba Author: Ralph Boehme Date: Wed Mar 17 16:24:28 2021 +0100 smbd: cancel pending poll open timer in poll_open_done() The retry of the open is scheduled below, avoid rescheduling it a second time in the open retry timeout function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672 CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 171a58ff3e8ee07cf5d7af08eabcb4a7379e7ce5) commit da71738e987310f19d63d2b575c354156dadbf8f Author: Ralph Boehme Date: Wed Mar 17 16:22:37 2021 +0100 smbd: reset dangling watch_req pointer in poll_open_done We just freed subreq and a pointer to subreq is stored in open_rec->watch_req, so we must invalidate the pointer. Otherwise if the poll open timer fires it will do a TALLOC_FREE(open_rec->watch_req); on the dangling pointer which may crash or do something worse like freeing some other random talloc memory. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672 CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 065ed088b3d5710c288e46a5bf1e063f9a29c8cc) commit 288c747208318a067836ed74afa138ae7b261464 Author: Trever L. Adams Date: Sat Mar 13 12:47:21 2021 -0700 s3:modules:vfs_virusfilter: Recent New_VFS changes break vfs_virusfilter_openat. The_New_VFS introduces several changes that broke vfs_virusfilter_openat. The assert to make sure certain checks would work broke. This patch fixes those breaks and converts to the SMB_VFS_FSTAT_NEXT instead of SMB_VFS_STAT_NEXT. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14671 RN: vfs_virusfilter_openat support New_VFS FSTAT, avoid SMB_ASSERT(fsp_get_pathref_fd(dirfsp) == AT_FDCWD); problem. Signed-off-by: Trever L. Adams" Reviewed-by: Jeremy Allison Reviewed-by: Noel Power Autobuild-User(master): Noel Power Autobuild-Date(master): Mon Mar 22 19:44:30 UTC 2021 on sn-devel-184 (cherry picked from commit d6a16ad00e426a6f815215af71c071dd8e85a50a) commit a164468a406fb19f017752bb4de377c6bd0eaaa1 Author: David Mulder Date: Tue Mar 9 11:13:40 2021 -0700 samba-gpupdate: Check sysvol download paths in case-inse
[SCM] Samba Shared Repository - branch v4-13-test updated
The branch, v4-13-test has been updated via 42e7b36454d smbd: free open_rec state in remove_deferred_open_message_smb2_internal() via 27cd9103dc6 smbd: cancel pending poll open timer in poll_open_done() via f8d67bc3d7d smbd: reset dangling watch_req pointer in poll_open_done via 3f366878d33 idmap_nss: Do not return SID from unixids_to_sids on type mismatch via af37d5abae9 idmap_rfc2307: Do not return SID from unixids_to_sids on type mismatch via 3aa06edf38b winbind: Only use unixid2sid mapping when module reports ID_MAPPED via f2be1673ede third_party: Update socket_wrapper to version 1.3.3 via 4da1c2301fa third_party: Update socket_wrapper to version 1.3.2 from 5677103fe7b VERSION: Bump version up to 4.13.8... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test - Log - commit 42e7b36454db64120b9940c42592f2fa6d668ad7 Author: Ralph Boehme Date: Tue Mar 16 18:18:46 2021 +0100 smbd: free open_rec state in remove_deferred_open_message_smb2_internal() The lifetime of open_rec (struct deferred_open_record) ojects is the time processing the SMB open request every time the request is scheduled, ie once we reschedule we must wipe the slate clean. In case the request gets deferred again, a new open_rec will be created by the schedule functions. This ensures any timer-event tied to the open_rec gets cancelled and doesn't fire unexpectedly. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672 CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843 RN: smbd panic when two clients open same file Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Mar 18 18:04:09 UTC 2021 on sn-devel-184 (cherry picked from commit 591c9196962b695b01c0d86918b8f8a263e9665c) Autobuild-User(v4-13-test): Karolin Seeger Autobuild-Date(v4-13-test): Wed Mar 31 10:13:40 UTC 2021 on sn-devel-184 commit 27cd9103dc68bf5a23026eb1be75127f0bc831cd Author: Ralph Boehme Date: Wed Mar 17 16:24:28 2021 +0100 smbd: cancel pending poll open timer in poll_open_done() The retry of the open is scheduled below, avoid rescheduling it a second time in the open retry timeout function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672 CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 171a58ff3e8ee07cf5d7af08eabcb4a7379e7ce5) commit f8d67bc3d7d4c2cf1a16a67072fdd097044072dd Author: Ralph Boehme Date: Wed Mar 17 16:22:37 2021 +0100 smbd: reset dangling watch_req pointer in poll_open_done We just freed subreq and a pointer to subreq is stored in open_rec->watch_req, so we must invalidate the pointer. Otherwise if the poll open timer fires it will do a TALLOC_FREE(open_rec->watch_req); on the dangling pointer which may crash or do something worse like freeing some other random talloc memory. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672 CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 065ed088b3d5710c288e46a5bf1e063f9a29c8cc) commit 3f366878d33cf977230137021f6376936b2a1862 Author: Christof Schmitt Date: Fri Mar 5 16:07:54 2021 -0700 idmap_nss: Do not return SID from unixids_to_sids on type mismatch The call to winbind_lookup_name already wrote the result in the id_map array. The later check for the type detected a mismatch, but that did not remove the SID from the result struct. Change this by first assigning the SID to a temporary variable and only write it to the id_map array after the type checks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663 Signed-off-by: Christof Schmitt Reviewed-by: Volker Lendecke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Thu Mar 11 08:38:41 UTC 2021 on sn-devel-184 (cherry picked from commit 0e789ba1802ca22e5a01abd6e93ef66cd45566a7) commit af37d5abae924d095e7b35620d850cf1f19021c4 Author: Christof Schmitt Date: Fri Mar 5 16:01:13 2021 -0700 idmap_rfc2307: Do not return SID from unixids_to_sids on type mismatch The call to winbind_lookup_name already wrote the result in the id_map array. The later check for the type detected a mismatch, but that did not remove the SID from the result struct. Change this by first assigning the SID to a temporary variable and only write it to the id_map array after the type checks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14663 Signed-off-by: Christof S
[Announce] Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6) and 4.12.14 (4.12.13) Security Releases
Release Announcements - These are security releases in order to address the following defects: o CVE-2020-27840: Heap corruption via crafted DN strings. o CVE-2021-20277: Out of bounds read in AD DC LDAP server. === Details === o CVE-2020-27840: An anonymous attacker can crash the Samba AD DC LDAP server by sending easily crafted DNs as part of a bind request. More serious heap corruption is likely also possible. o CVE-2021-20277: User-controlled LDAP filter strings against the AD DC LDAP server may crash the LDAP server. For more details, please refer to the security advisories. ### Reporting bugs & Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 4.1 and newer product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID AA99442FB680B620). The source code can be downloaded from: https://download.samba.org/pub/samba/stable/ The release notes are available online at: https://www.samba.org/samba/history/samba-4.14.2.html https://www.samba.org/samba/history/samba-4.13.7.html https://www.samba.org/samba/history/samba-4.12.14.html Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team signature.asc Description: PGP signature
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 4e1e3f6 NEWS[4.14.1]: Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6) and 4.12.14 (4.12.13) Security Releases from 837ed7a update ml etiquette https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 4e1e3f656288f06f197d83cbefe74920d544739b Author: Karolin Seeger Date: Tue Mar 23 09:32:25 2021 +0100 NEWS[4.14.1]: Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6) and 4.12.14 (4.12.13) Security Releases Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 6 ++ history/samba-4.12.13.html | 62 history/samba-4.12.14.html | 59 +++ history/samba-4.13.6.html| 62 history/samba-4.13.7.html| 59 +++ history/samba-4.14.1.html| 62 history/samba-4.14.2.html| 59 +++ history/security.html| 20 + posted_news/20210324-085952.4.14.1.body.html | 83 + posted_news/20210324-085952.4.14.1.headline.html | 4 + security/CVE-2020-27840.html | 93 security/CVE-2021-20277.html | 86 ++ 12 files changed, 655 insertions(+) create mode 100644 history/samba-4.12.13.html create mode 100644 history/samba-4.12.14.html create mode 100644 history/samba-4.13.6.html create mode 100644 history/samba-4.13.7.html create mode 100644 history/samba-4.14.1.html create mode 100644 history/samba-4.14.2.html create mode 100644 posted_news/20210324-085952.4.14.1.body.html create mode 100644 posted_news/20210324-085952.4.14.1.headline.html create mode 100644 security/CVE-2020-27840.html create mode 100644 security/CVE-2021-20277.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index f079984..81d04cf 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,13 +9,19 @@ Release Notes + samba-4.14.2 + samba-4.14.1 samba-4.14.0 + samba-4.13.7 + samba-4.13.6 samba-4.13.5 samba-4.13.4 samba-4.13.3 samba-4.13.2 samba-4.13.1 samba-4.13.0 + samba-4.12.14 + samba-4.12.13 samba-4.12.12 samba-4.12.11 samba-4.12.10 diff --git a/history/samba-4.12.13.html b/history/samba-4.12.13.html new file mode 100644 index 000..454a204 --- /dev/null +++ b/history/samba-4.12.13.html @@ -0,0 +1,62 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.12.13 - Release Notes + + +Samba 4.12.13 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.12.13.tar.gz;>Samba 4.12.13 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.12.13.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.12.12-4.12.13.diffs.gz;>Patch (gzipped) against Samba 4.12.12 +https://download.samba.org/pub/samba/patches/samba-4.12.12-4.12.13.diffs.asc;>Signature + + + + === + Release Notes for Samba 4.12.13 + March 24, 2021 + === + + +This is a security release in order to address the following defects: + +o CVE-2020-27840: Heap corruption via crafted DN strings. +o CVE-2021-20277: Out of bounds read in AD DC LDAP server. + + +=== +Details +=== + +o CVE-2020-27840: + An anonymous attacker can crash the Samba AD DC LDAP server by sending easily + crafted DNs as part of a bind request. More serious heap corruption is likely + also possible. + +o CVE-2021-20277: + User-controlled LDAP filter strings against the AD DC LDAP server may crash + the LDAP server. + +For more details, please refer to the security advisories. + + +Changes since 4.12.12 +- + +o Andrew Bartlett abart...@samba.org + * BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold. + +o Douglas Bagnall douglas.bagn...@catalyst.net.nz + * BUG 14595: CVE-2020-27840: Fix unauthenticated remote heap corruption via + bad DNs. + * BUG 14655: CVE-2021-20277: Fix out of bounds read in ldb_handler_fold. + + + + + + diff --git a/history/samba-4.12.14.html b/history/samba-4.12.14.html new file
[SCM] Samba Shared Repository - branch v4-12-stable updated
The branch, v4-12-stable has been updated via 94c36535bfd WHATSNEW: Add release notes for Samba 4.12.14. from c7627de2c65 VERSION: Bump version for Samba 4.12.14 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-stable - Log - commit 94c36535bfd4d25654cea80e1296a78f22cc2e71 Author: Karolin Seeger Date: Wed Mar 24 11:15:31 2021 +0100 WHATSNEW: Add release notes for Samba 4.12.14. Signed-off-by: Karolin Seeger --- Summary of changes: WHATSNEW.txt | 64 ++-- 1 file changed, 62 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 21db21b8de0..f3c64a7050c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,64 @@ + === + Release Notes for Samba 4.12.14 + March 24, 2021 + === + + +This is a follow-up release to depend on the correct ldb version. This is only +needed when building against a system ldb library. + +This is a security release in order to address the following defects: + +o CVE-2020-27840: Heap corruption via crafted DN strings. +o CVE-2021-20277: Out of bounds read in AD DC LDAP server. + + +=== +Details +=== + +o CVE-2020-27840: + An anonymous attacker can crash the Samba AD DC LDAP server by sending easily + crafted DNs as part of a bind request. More serious heap corruption is likely + also possible. + +o CVE-2021-20277: + User-controlled LDAP filter strings against the AD DC LDAP server may crash + the LDAP server. + +For more details, please refer to the security advisories. + + +Changes since 4.12.13 +- + +o Release with dependency on ldb version 2.1.5. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + === Release Notes for Samba 4.12.13 March 24, 2021 @@ -58,8 +119,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- === -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-14-stable updated
The branch, v4-14-stable has been updated via 5b5f4deb88a WHATSNEW: Add release notes for Samba 4.14.2. from e2409cb5480 VERSION: Bump version for Samba 4.14.2 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-stable - Log - commit 5b5f4deb88a5677c82e29c1e9812741662c0cb05 Author: Karolin Seeger Date: Wed Mar 24 11:07:42 2021 +0100 WHATSNEW: Add release notes for Samba 4.14.2. Signed-off-by: Karolin Seeger --- Summary of changes: WHATSNEW.txt | 64 ++-- 1 file changed, 62 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 3a0a4589fbf..1ef1779c841 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,64 @@ + == + Release Notes for Samba 4.14.2 + March 24, 2021 + == + + +This is a follow-up release to depend on the correct ldb version. This is only +needed when building against a system ldb library. + +This is a security release in order to address the following defects: + +o CVE-2020-27840: Heap corruption via crafted DN strings. +o CVE-2021-20277: Out of bounds read in AD DC LDAP server. + + +=== +Details +=== + +o CVE-2020-27840: + An anonymous attacker can crash the Samba AD DC LDAP server by sending easily + crafted DNs as part of a bind request. More serious heap corruption is likely + also possible. + +o CVE-2021-20277: + User-controlled LDAP filter strings against the AD DC LDAP server may crash + the LDAP server. + +For more details, please refer to the security advisories. + + +Changes since 4.14.1 + + +o Release with dependency on ldb version 2.3.0. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 4.14.1 March 24, 2021 @@ -58,8 +119,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- == -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-4.14.2 created
The annotated tag, samba-4.14.2 has been created at 1f93f263068cebb1ccfc7c1b52302bdda382451b (tag) tagging 5b5f4deb88a5677c82e29c1e9812741662c0cb05 (commit) replaces ldb-2.3.0 tagged by Karolin Seeger on Wed Mar 24 11:13:27 2021 +0100 - Log - samba: tag release samba-4.14.2 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmBbEMcACgkQqplEL7aA tiBLBQ//b7oxluu+o7rE2uvoR6wT7rWGm7urY+8Y+v+99vHtwf9ujfy1FAeLvEnO BY6jaZy4Whoi1WZU5FFCA7pfc4am5ay76r0w0wTV7aTcF47niGPurEGcK9Y9S3Uw VHVB6GRCEVUIP2SJYkY7LOV971PxoMk7I9Q130rLKIrlgsNxAhRkN/x2cfwwS0qC PUozITdTWoIbRZr1H/PMiM7WxN/aYFWz/1WNCVIstJR2OrYtWd1u3SGMB8Vjj7ia tK14TrtrEIs/w4O5Xpk8rPXT7AnfTnjvURelDlEv9ggYr5Y+K0vEl4EexCqrD3p8 oHO6JSuV/g2NI+C/rSXKebxKD0J8o17pBHPyjC/YJ9bcxGWkdrSGcBME9KinzB3M RrefK3mxtSUdUYBUz37zHb+SCNP4iy6ph/MJyl/BlCzg5vnmMwgMaUofnBci3XbA qVLA1bYXj7dP1grp4XX7irN3/z4WCrKV8fGu8Oc2bpG404KujXH8D/DlMIQy2zse osNsbBBz53xEsOduDourAg3M+L899iUy9Ay4CWfXQe1dBHVplcGNb+CMVMTZ6zIV FO6zhHKuDYUfPxsRnaVG5oiaoIDujnU3jWIbYPxDWamEp20NbYuONJsALHU4rDoK Tn3R3t//LfilaAHxl+T1MwfcNyuNAdurZvQQ8MqnmEl9/eHibfA= =lQ48 -END PGP SIGNATURE- Karolin Seeger (1): WHATSNEW: Add release notes for Samba 4.14.2. Stefan Metzmacher (1): VERSION: Bump version for Samba 4.14.2 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag ldb-2.3.0 created
The annotated tag, ldb-2.3.0 has been created at 64de708b7bdb42beb93aee0211578f27b9976191 (tag) tagging f31a64c133388e4b40bc4e54f3d72f64e13aea86 (commit) replaces samba-4.14.1 tagged by Karolin Seeger on Wed Mar 24 11:03:59 2021 +0100 - Log - ldb: tag release ldb-2.3.0 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmBbDo8ACgkQR5ORYRMI QCV63Af+OhlWk0zrzjKfwcg0mUgx9PMFmVlLXwBkVy3+1KvS8aIqldeOQzoRsy0h f2WcHDE9mGLik+s0e6u1t2T929Utz2mYAuhEznbQTDd86PsAL9Rorbh/urxRQa4p 0J/jIc5mP9CfCKDZRoZSzS/1oGQWn5mMxhCJfqnlOgPInO0t1Qi5lRgr21NpHE2Q z8liaaTJLzwfI7Wy5kWbO09/P7pM7/DHET456aJ+XBNqMqDcTJl2ek1jk33j5hh6 XGWAbUOsO5FY1oT+443MONaVIhpvsw1vFUFchPqGV9Tf5Evry7FIXZhSAZYMmpFk oQiysN0aiuH3KTKAN6kLM/k1825YOw== =6WdP -END PGP SIGNATURE- Stefan Metzmacher (1): ldb: version 2.3.0 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-13-stable updated
The branch, v4-13-stable has been updated via bf1d38a7a16 WHATSNEW: Add release notes for Samba 4.13.7. from 2afbb6d42e6 VERSION: Bump version for Samba 4.13.7 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-stable - Log - commit bf1d38a7a1624fd75eb763f8bc55733016b6f607 Author: Karolin Seeger Date: Wed Mar 24 10:59:29 2021 +0100 WHATSNEW: Add release notes for Samba 4.13.7. Signed-off-by: Karolin Seeger --- Summary of changes: WHATSNEW.txt | 64 ++-- 1 file changed, 62 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 4083894bcbb..7df21d367c1 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,64 @@ + == + Release Notes for Samba 4.13.7 + March 24, 2021 + == + + +This is a follow-up release to depend on the correct ldb version. This is only +needed when building against a system ldb library. + +This is a security release in order to address the following defects: + +o CVE-2020-27840: Heap corruption via crafted DN strings. +o CVE-2021-20277: Out of bounds read in AD DC LDAP server. + + +=== +Details +=== + +o CVE-2020-27840: + An anonymous attacker can crash the Samba AD DC LDAP server by sending easily + crafted DNs as part of a bind request. More serious heap corruption is likely + also possible. + +o CVE-2021-20277: + User-controlled LDAP filter strings against the AD DC LDAP server may crash + the LDAP server. + +For more details, please refer to the security advisories. + + +Changes since 4.13.6 + + +o Release with dependency on ldb version 2.2.1. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 4.13.6 March 24, 2021 @@ -58,8 +119,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- == -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-4.13.7 created
The annotated tag, samba-4.13.7 has been created at 5226b27587eef027128991c2978140484aae0775 (tag) tagging bf1d38a7a1624fd75eb763f8bc55733016b6f607 (commit) replaces ldb-2.2.1 tagged by Karolin Seeger on Wed Mar 24 11:01:21 2021 +0100 - Log - samba: tag release samba-4.13.7 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmBbDfEACgkQqplEL7aA tiBh8A/9GZWZf3FKZdiWXftB0Ty3OIucYdpNyo5i+4G8tX0kf4p0T08/4zc3YGnJ 0uhlaRB0VTLv9vquXjW/WCdUnTGc8o/+GUN8TAFIUlhA9DrSuz9X1D0D8Vztg/Ql 0JPUZTMgpFs7IWgljk60C7T1Ci7UMdx7a95NhV4jTkSC6Nq7CYR9IVDBF1bNdahu MfJBqQbhkBOXBEKRwayZYg+kBwLznUib4+Knaa0gLCgJeyt1Jifn5XSzVX48frYi nUx006/fUm/BbRfNBn8OH5fE8vFdL6wzQCcBOwLZONcHWHghb6bi2dDlVRlauQoG 42pMmlxtOwGtYMVP59h1IzOlNuA8gqffMiZVy1NEXYBrWmNZRTO5QL/7w97Ar02e 8sGRPXTlwPI1jr044PKhi5k40e/lIdHcLJhMVE2d5ZvJwIKim9cht8tiIYwKvIxK XLb6OlB4onrFCkoUr4SXnbJmgMB8kNwxgwAXhsKHQWYGrHsZuT0vSwWsN1cUB6Q4 yf0NfdLqMSlgtmKm6rNv4zvXRO3S/BGt7GCvJZdhaDY6JV7vDldfnV/lTFsFHFIu 1e8w2PflWasXJxc+u6JnDKSVBXZFjyFOY9hao4Cskd/hyjTsfRW9JOVcSyzEXAZD KQdT9PEH9QR7O+ZdsqmlMPJVpduXBQn7tyJpZhmXNQje5EY+wE8= =yFhl -END PGP SIGNATURE- Karolin Seeger (1): WHATSNEW: Add release notes for Samba 4.13.7. Stefan Metzmacher (1): VERSION: Bump version for Samba 4.13.7 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag ldb-2.2.1 created
The annotated tag, ldb-2.2.1 has been created at 024837ca63ee79fc5ff2dd5c4efac27e1b469616 (tag) tagging 7cb60d4209ab416d37896f8dd6a3175fd3c6d657 (commit) replaces samba-4.13.6 tagged by Karolin Seeger on Wed Mar 24 10:45:45 2021 +0100 - Log - ldb: tag release ldb-2.2.1 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmBbCkkACgkQR5ORYRMI QCU7mwf+IX+D5WcMiDKXV4oSb3Se1bisWy1BEUxCo9mPTq+1OXJgr/eeA10qDx+q 9eqGL9QmDQXUVHFyBEfY+z40DR3y6c72lsvrogJavRR+ZqQjA+xRSwAXfJov6SO1 +2YBC8eNwcDLCRpJ+YJBydh7+zlnN1L78FTPklNRAp/bduinfbOXfTmi8PuGfZcJ wGRUpJMIN5Yti95WlSKxZZLGzN0cwN9VxAxgX1kfzmHT0Kzh8eoYyXC0aeM4YD9i kRTQAIUD06woGAm5WDl70eaQQxDwmHn9QBLFJvkELO2zX+8i3/qNHe2WFWwJ4/mp OtyqPHL2VFT0W86gBkKOvR6jPzRcnA== =8viH -END PGP SIGNATURE- Stefan Metzmacher (1): ldb: version 2.2.1 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag samba-4.12.14 created
The annotated tag, samba-4.12.14 has been created at 61ed9cad137f6af5dbf3b3ea3889fb69b0e7a119 (tag) tagging c7627de2c654eee34126011f3fe5174b6143486d (commit) replaces ldb-2.1.5 tagged by Karolin Seeger on Wed Mar 24 10:43:14 2021 +0100 - Log - samba: tag release samba-4.12.14 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmBbCbIACgkQqplEL7aA tiDgFg/9FS2IzfBcPFSqhYdTC4ERsiAbKiPsgNoqpDsYT5mdGtLRhsyarFY7EV2T j0QXiz9RUYQM3kplQAv1qO1YFA/Wj1Pz4sEUz+oDV00uCdiVmuPTvIrg/MHbPqwG wEB7iuHvfy51kU7Im5S6yCNU7i2pJNPcl9TRjlnMx7aQ1tKInO0fDePlRYGVb5ER q81UDChWC9TqWNKcYbT5OpXGHaZGlkX9Vj3iM3TMnu8iT1a/5LokiycBvNmbSaGu mC98ThB+2ZWJ1TMjcVT6okvw6g/xERcmDRS2VdKISFpDE2ruz+07thiLJna5ilpU 9+QFpaGsB//8ZIGwpA7cJAyLbYG11jKGVhZwRj/rOicFHReHrAFXXmUkc7ucsfPh Z3vMfiUQPT7D9vKQqsVQwWNsBQu6bPxn72AVVwMW9n5iq/wZyKF46JlGdac2IsD7 HzDeUDBBNu6AemcVCC2m/MWXmlCwFwFcVDP//cfDxTF5eGTxqOZ5yirge5ZKJL27 86B7DPfplSTvXR87ZmdTaCRGCTG+bz/MghILKG8hN0NNh97JLI1nKqXnxJg2TUHy qVs555Y5HKhVjLWLZpG9zAo7eyAAfJjlXtCuW1Lg+xxhpKMd6UZ4/YK5gCUgl2LF 7BZSeithiVxRsWOjSb12JeLvXcX85YPA34WUkJLrMlL3TIRw4ao= =6g1n -END PGP SIGNATURE- Stefan Metzmacher (1): VERSION: Bump version for Samba 4.12.14 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag ldb-2.1.5 created
The annotated tag, ldb-2.1.5 has been created at db438a50a7a014a27e7d05dead970cc283f02039 (tag) tagging 6e82957b969036fc4670d2d7e500c09e5b880112 (commit) replaces samba-4.12.13 tagged by Karolin Seeger on Wed Mar 24 10:40:35 2021 +0100 - Log - ldb: tag release ldb-2.1.5 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmBbCRMACgkQR5ORYRMI QCXsrwf/SPJKZzE/tQudxYhD8dGfDfkOUOCRn+AlSyaeibd61PN253Mvs1bd0xcr cZ9z0vcEF0yaqD/Cad+O2etiz08hDIe2dLN0nAJcuaLwFG4wZaFTywMPyRgK5k90 hkKk1r1luqqjtfQIkWdEuXah7FUBc/8jm+XUddHnR6Qqp9kSAV2xlqdG5uMgNKJ9 bNs6Ey02ri5zDYj5w9IN9tvFZFOZodZWDpyE9Ab7ZPELqrvXIAKzIrlyK8LrWcrg zTRPEIdM95qwBe3R9Uk1Tx45qRGJLGach2njInOICRB/Rm/q5zB0SKWnioj2ikTW BlPRjIj1e/XMU9a6vtxTnWnXv/TPew== =Pn5O -END PGP SIGNATURE- Stefan Metzmacher (1): ldb: version 2.1.5 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-12-stable updated
The branch, v4-12-stable has been updated via bb2f64babf1 VERSION: Disable GIT_SNAPSHOT for the Samba 4.12.13 release. via 48b89864efa WHATSNEW: Add release notes for Samba 4.12.13. via 4d40e9ce9c7 CVE-2020-27840: pytests: move Dn.validate test to ldb via 4caf1ebc7a0 CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode via d59379853d8 CVE-2020-27840: pytests:segfault: add ldb.Dn validate test via 719c8484bf5 CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds via 93d0e1cbc27 CVE-2021-20277 ldb: Remove tests from ldb_match_test that do not pass via bc967501aeb CVE-2021-20277 ldb tests: ldb_match tests with extra spaces via c99c29e1e34 ldb: add tests for ldb_wildcard_compare via 0f911f85a8e WHATSNEW: Fix typo. via 1965283812e VERSION: Bump version up to 4.12.13... from f8b775d9620 VERSION: Disable GIT_SNAPSHOT for the 4.12.12 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-stable - Log - commit bb2f64babf1a2bfb780d0325e859f796d0ce1647 Author: Karolin Seeger Date: Tue Mar 23 11:11:31 2021 +0100 VERSION: Disable GIT_SNAPSHOT for the Samba 4.12.13 release. o BUG #14595: CVE-2020-27840: Heap corruption via crafted DN strings. o BUG #14655: CVE-2021-20277: Out of bounds read in AD DC LDAP server. Signed-off-by: Karolin Seeger commit 48b89864efa1176703774c54e1fb220f9827e934 Author: Karolin Seeger Date: Tue Mar 23 11:10:55 2021 +0100 WHATSNEW: Add release notes for Samba 4.12.13. Signed-off-by: Karolin Seeger commit 4d40e9ce9c7c36d8cd07cc79440811f97428bb80 Author: Douglas Bagnall Date: Thu Feb 11 16:28:43 2021 +1300 CVE-2020-27840: pytests: move Dn.validate test to ldb We had the test in the Samba Python segfault suite because a) the signal catching infrastructure was there, and b) the ldb tests lack Samba's knownfail mechanism, which allowed us to assert the failure. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit 4caf1ebc7a09d2743757da31db7e88b0321a3533 Author: Douglas Bagnall Date: Fri Dec 11 16:32:25 2020 +1300 CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode A DN string with lots of trailing space can cause ldb_dn_explode() to put a zero byte in the wrong place in the heap. When a DN string has a value represented with trailing spaces, like this "CN=foo ,DC=bar" the whitespace is supposed to be ignored. We keep track of this in the `t` pointer, which is NULL when we are not walking through trailing spaces, and points to the first space when we are. We are walking with the `p` pointer, writing the value to `d`, and keeping the length in `l`. "CN=foo ,DC= " ==> "foo " ^ ^ ^ t p d --l--- The value is finished when we encounter a comma or the end of the string. If `t` is not NULL at that point, we assume there are trailing spaces and wind `d and `l` back by the correct amount. Then we switch to expecting an attribute name (e.g. "CN"), until we get to an "=", which puts us back into looking for a value. Unfortunately, we forget to immediately tell `t` that we'd finished the last value, we can end up like this: "CN=foo ,DC= " ==>"" ^ ^^ t pd l=0 where `p` is pointing to a new value that contains only spaces, while `t` is still referring to the old value. `p` notices the value ends, and we subtract `p - t` from `d`: "CN=foo ,DC= " ==> ? "" ^ ^^ t pd l ~= SIZE_MAX - 8 At that point `d` wants to terminate its string with a '\0', but instead it terminates someone else's byte. This does not crash if the number of trailing spaces is small, as `d` will point into a previous value (a copy of "foo" in this example). Corrupting that value will ultimately not matter, as we will soon try to allocate a buffer `l` long, which will be greater than the available memory and the whole operation will fail properly. However, with more spaces, `d` will point into memory before the beginning of the allocated buffer, with the exact offset depending on the length of the earlier attributes and the number of space
[SCM] Samba Shared Repository - annotated tag samba-4.12.13 created
The annotated tag, samba-4.12.13 has been created at bedee524bebf25f8f4c7c7cdd7b295fa014e6032 (tag) tagging bb2f64babf1a2bfb780d0325e859f796d0ce1647 (commit) replaces samba-4.12.12 tagged by Karolin Seeger on Tue Mar 23 12:39:58 2021 +0100 - Log - samba: tag release samba-4.12.13 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmBZ044ACgkQqplEL7aA tiAPEhAAqA5imozS8jv6RX5qF2iluQQTSrioKKMY1nI4P09ozGJC9xmzu3h1j6Rb BQBjlNtfXqcNMMAuBEKbKq9XLNjxTB5dfSWhpXff7a96d0+4/Vumfxa6wrVjyiZE 2c3A77h5aAEOkP/Jr3vkhLRdP2/uEgr2F6ajN1JZhAQxRkLgfqbQ2dXZG0E8ws8q FZ+xa+QXF8ZLUrOrHaLMKxNuPdw027rwO2JnIi039MUdiE9YHs/gNR/f7QoVAt3h k5aTPgy9A4ErmaeYdBA4mbar7oWHZwlTRNCD0pJNYX29QMVoQhdk3GDqXqdedNz3 ptkQfx3Ax4mFmFwERi+gY0Dyrp99jiC4mJ4fqiANxqDCHhdDFvjBj8W8cg6qWYLl 8N59Onk3w+Ghqtq4PbEH1g9rjibFid7vcKE2piA9oi2zeWndjn0gboOpp8RVd63X D1U6LbIQKjh0gLlokGgEImqdocsGMybE5+Gq9RimAU/6TT+7LI3X/tzKu2h5G5k9 nR0eY+lHlwFgMMQGW5Yq8Pr+HitTsdH6W9Hs4YuL5fUhlyurnkvPUnRdo0D3y1Tg r7+x/fl5xuERv8tUcyHgeiW71KwS3IovBNxYZmk6PrH7uduKNZT7KZbLE3ntku1i VuHa3s+IeNDQIyZ7hJSLbH0ssmB/dRQcAFZDAUdi4jo7qM2LgKU= =F81h -END PGP SIGNATURE- Andrew Bartlett (1): CVE-2021-20277 ldb: Remove tests from ldb_match_test that do not pass Douglas Bagnall (6): ldb: add tests for ldb_wildcard_compare CVE-2021-20277 ldb tests: ldb_match tests with extra spaces CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds CVE-2020-27840: pytests:segfault: add ldb.Dn validate test CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode CVE-2020-27840: pytests: move Dn.validate test to ldb Karolin Seeger (4): VERSION: Bump version up to 4.12.13... WHATSNEW: Fix typo. WHATSNEW: Add release notes for Samba 4.12.13. VERSION: Disable GIT_SNAPSHOT for the Samba 4.12.13 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-13-stable updated
The branch, v4-13-stable has been updated via 440b75fda70 VERSION: Disable GIT_SNAPSHOT for the 4.13.6 release. via ef48e861e84 WHATSNEW: Add release notes for Samba 4.13.6. via 56a72e2562a CVE-2020-27840: pytests: move Dn.validate test to ldb via 2193d840045 CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode via 7924431e7e4 CVE-2020-27840: pytests:segfault: add ldb.Dn validate test via e0901deb314 CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds via 309b18d53c1 CVE-2021-20277 ldb: Remove tests from ldb_match_test that do not pass via 736cdfad05c CVE-2021-20277 ldb tests: ldb_match tests with extra spaces via 99d849abc3b ldb: add tests for ldb_wildcard_compare via b3f66d56baa VERSION: Bump version up to 4.13.6... from 6df178003a3 VERSION: Disable GIT_SNAPSHOT for the 4.13.5 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-stable - Log - commit 440b75fda7092b88b1986759c40f95ed65c2da24 Author: Karolin Seeger Date: Fri Mar 19 10:12:15 2021 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.13.6 release. o BUG #14595: CVE-2020-27840: Heap corruption via crafted DN strings. o BUG #14655: CVE-2021-20277: Out of bounds read in AD DC LDAP server. Signed-off-by: Karolin Seeger commit ef48e861e8428f4b90e690e4fdad4cb3d893c289 Author: Karolin Seeger Date: Fri Mar 19 10:11:37 2021 +0100 WHATSNEW: Add release notes for Samba 4.13.6. Signed-off-by: Karolin Seeger commit 56a72e2562a1e7c690ff2500309fce0371c3576d Author: Douglas Bagnall Date: Thu Feb 11 16:28:43 2021 +1300 CVE-2020-27840: pytests: move Dn.validate test to ldb We had the test in the Samba Python segfault suite because a) the signal catching infrastructure was there, and b) the ldb tests lack Samba's knownfail mechanism, which allowed us to assert the failure. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit 2193d84004581d68a6e5b5cac76b7c78bdfc4e33 Author: Douglas Bagnall Date: Fri Dec 11 16:32:25 2020 +1300 CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode A DN string with lots of trailing space can cause ldb_dn_explode() to put a zero byte in the wrong place in the heap. When a DN string has a value represented with trailing spaces, like this "CN=foo ,DC=bar" the whitespace is supposed to be ignored. We keep track of this in the `t` pointer, which is NULL when we are not walking through trailing spaces, and points to the first space when we are. We are walking with the `p` pointer, writing the value to `d`, and keeping the length in `l`. "CN=foo ,DC= " ==> "foo " ^ ^ ^ t p d --l--- The value is finished when we encounter a comma or the end of the string. If `t` is not NULL at that point, we assume there are trailing spaces and wind `d and `l` back by the correct amount. Then we switch to expecting an attribute name (e.g. "CN"), until we get to an "=", which puts us back into looking for a value. Unfortunately, we forget to immediately tell `t` that we'd finished the last value, we can end up like this: "CN=foo ,DC= " ==>"" ^ ^^ t pd l=0 where `p` is pointing to a new value that contains only spaces, while `t` is still referring to the old value. `p` notices the value ends, and we subtract `p - t` from `d`: "CN=foo ,DC= " ==> ? "" ^ ^^ t pd l ~= SIZE_MAX - 8 At that point `d` wants to terminate its string with a '\0', but instead it terminates someone else's byte. This does not crash if the number of trailing spaces is small, as `d` will point into a previous value (a copy of "foo" in this example). Corrupting that value will ultimately not matter, as we will soon try to allocate a buffer `l` long, which will be greater than the available memory and the whole operation will fail properly. However, with more spaces, `d` will point into memory before the beginning of the allocated buffer, with the exact offset depending on the length of the earlier attributes and the number of spaces. What about a longer DN with more attributes? For example
[SCM] Samba Shared Repository - annotated tag samba-4.13.6 created
The annotated tag, samba-4.13.6 has been created at 6378166d3506443e0faedfbe14eaa8928f597797 (tag) tagging 440b75fda7092b88b1986759c40f95ed65c2da24 (commit) replaces samba-4.13.5 tagged by Karolin Seeger on Tue Mar 23 08:13:17 2021 +0100 - Log - samba: tag release samba-4.13.6 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmBZlQ0ACgkQqplEL7aA tiDD0w/+PB8kITptSjMLbPHzkXNQkV6f6lWf365JlTuDAKzFF66DxB89yW+nrD/S TI9X26hkrP7hJjSOS/Z78SdtqUaS+oGp0FRdLspMhAFwmdljgL3NcFXsKJvwhG7a KmdCB64uwuaPP1JY43Lu7vBtD9XzrBnBdCTiqdZ17S/UX76TZRfCuynw7DD+TKv1 7eg75byE/6PuVIf0YTJ0YC7X0Eksvu/OnQw0paDTOvyH98uoGwVfuJwCdFbn1Cm7 VgEsb0mx+hgHEDKHXI7HijsZIICf0+B/PLBNTAzZ4Acx+Xw2qBI/s6RADfIPMEk2 nJwPGFqXwgUfBnlz0EfSr8u8TyxCdK5x/RXjQuD+wu9gc2sG1eCUu/D+owsfVr7X DbQBf/YXLKDX5n0MBrRFIFdOMxrNnC9t7kQNL/qc8ZVn67Id5xqNhR4rdOTJfDIY X0+xGISEvIpmGYEeg32pIWTrWt8pHOb292Spiym3xmv0z6j1Zqd+As+jKn+0gJIL PbGW+SrvtlpZR5zfqZnV1rihm/1H8r2HDZs9GXiHvVMSkxt7G0bTd1+eLwFBn/1h N7NnGaGvWowbcvVRwaJYA8bIGksDDd6m1tB7t1R4bjBnpnXNM5XZx4UGaaRrQDUe RAIHwWiuadiDchJkqwiRXlH/jEoBkvlBCwgwtxqrck0vc/ZYAzg= =eRM3 -END PGP SIGNATURE- Andrew Bartlett (1): CVE-2021-20277 ldb: Remove tests from ldb_match_test that do not pass Douglas Bagnall (6): ldb: add tests for ldb_wildcard_compare CVE-2021-20277 ldb tests: ldb_match tests with extra spaces CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds CVE-2020-27840: pytests:segfault: add ldb.Dn validate test CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode CVE-2020-27840: pytests: move Dn.validate test to ldb Karolin Seeger (3): VERSION: Bump version up to 4.13.6... WHATSNEW: Add release notes for Samba 4.13.6. VERSION: Disable GIT_SNAPSHOT for the 4.13.6 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-14-stable updated
The branch, v4-14-stable has been updated via ed4a04eca53 VERSION: Disable GIT_SNAPSHOT for the 4.14.1 release. via 94b42a3a393 WHATSNEW: Add release notes for Samba 4.14.1. via 2d82f0e1b84 CVE-2020-27840: pytests: move Dn.validate test to ldb via f89767bea73 CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode via c82bea2b723 CVE-2020-27840: pytests:segfault: add ldb.Dn validate test via fab6b79b772 CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds via 50e44877c3d CVE-2021-20277 ldb: Remove tests from ldb_match_test that do not pass via 1d966cb12e7 CVE-2021-20277 ldb tests: ldb_match tests with extra spaces via ff12bd2fa12 ldb: add tests for ldb_wildcard_compare via 72ca2fb73a9 VERSION: Bump version up to 4.14.1... from 9b49519cae3 VERSION: Bump version up to 4.14.0... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-stable - Log - commit ed4a04eca53906ab7d69667545b414fa84fe5404 Author: Karolin Seeger Date: Tue Mar 23 09:29:08 2021 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.14.1 release. o BUG #14595: CVE-2020-27840: Heap corruption via crafted DN strings. o BUG #14655: CVE-2021-20277: Out of bounds read in AD DC LDAP server. Signed-off-by: Karolin Seeger commit 94b42a3a3932169a68b5efccbff2acf7d6464805 Author: Karolin Seeger Date: Tue Mar 23 09:28:00 2021 +0100 WHATSNEW: Add release notes for Samba 4.14.1. Signed-off-by: Karolin Seeger commit 2d82f0e1b84bb390dbf6a3547e4234bfec4eac21 Author: Douglas Bagnall Date: Thu Feb 11 16:28:43 2021 +1300 CVE-2020-27840: pytests: move Dn.validate test to ldb We had the test in the Samba Python segfault suite because a) the signal catching infrastructure was there, and b) the ldb tests lack Samba's knownfail mechanism, which allowed us to assert the failure. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit f89767bea7330ec1936d2312e2b1da7b435c04b7 Author: Douglas Bagnall Date: Fri Dec 11 16:32:25 2020 +1300 CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode A DN string with lots of trailing space can cause ldb_dn_explode() to put a zero byte in the wrong place in the heap. When a DN string has a value represented with trailing spaces, like this "CN=foo ,DC=bar" the whitespace is supposed to be ignored. We keep track of this in the `t` pointer, which is NULL when we are not walking through trailing spaces, and points to the first space when we are. We are walking with the `p` pointer, writing the value to `d`, and keeping the length in `l`. "CN=foo ,DC= " ==> "foo " ^ ^ ^ t p d --l--- The value is finished when we encounter a comma or the end of the string. If `t` is not NULL at that point, we assume there are trailing spaces and wind `d and `l` back by the correct amount. Then we switch to expecting an attribute name (e.g. "CN"), until we get to an "=", which puts us back into looking for a value. Unfortunately, we forget to immediately tell `t` that we'd finished the last value, we can end up like this: "CN=foo ,DC= " ==>"" ^ ^^ t pd l=0 where `p` is pointing to a new value that contains only spaces, while `t` is still referring to the old value. `p` notices the value ends, and we subtract `p - t` from `d`: "CN=foo ,DC= " ==> ? "" ^ ^^ t pd l ~= SIZE_MAX - 8 At that point `d` wants to terminate its string with a '\0', but instead it terminates someone else's byte. This does not crash if the number of trailing spaces is small, as `d` will point into a previous value (a copy of "foo" in this example). Corrupting that value will ultimately not matter, as we will soon try to allocate a buffer `l` long, which will be greater than the available memory and the whole operation will fail properly. However, with more spaces, `d` will point into memory before the beginning of the allocated buffer, with the exact offset depending on the length of the earlier attributes and the number of spaces. What about a longer DN with more attributes? For example, "CN=foo