[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 0bf8b25aacd s3/modules: Fix DFS links when widelinks = yes
via 2668dcd0968 s3/modules: Add flag indicating if connected share is a
dfs share
via 3d2e9db8b95 sefltest: Add new regression test dfs with widelinks =
yes
via b57cdfd7efb selftest: Add new dfs share (with widelinks enabled)
from 7319c7596ea ldb: change the version to 2.9.0 for Samba 4.20
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 0bf8b25aacdf2f5c746922320b32e3f0886c81f5
Author: Noel Power
Date: Thu Jul 27 13:26:21 2023 +0100
s3/modules: Fix DFS links when widelinks = yes
In openat(), even if we fail to open the file,
propagate stat if and only if the object is a link in
a DFS share. This allows calling code to further process
the link.
Also remove knownfail
Pair-Programmed-With: Jeremy Alison
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power
Reviewed-by: Jeremy Allison
Autobuild-User(master): Jeremy Allison
Autobuild-Date(master): Sat Jul 29 00:43:52 UTC 2023 on atb-devel-224
commit 2668dcd0968133cca4f8410bf8c41ed0483f5d87
Author: Noel Power
Date: Thu Jul 27 17:36:29 2023 +0100
s3/modules: Add flag indicating if connected share is a dfs share
Not used yet, will be used in the next commit to avoid testing
if the connected share is a dfs one.
Pair-Programmed-With: Jeremy Alison
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power
Reviewed-by: Jeremy Allison
commit 3d2e9db8b95f9f45d486f8272e53584975f177fa
Author: Noel Power
Date: Fri Jul 28 09:41:59 2023 +0100
sefltest: Add new regression test dfs with widelinks = yes
Adds a new test trying to cd into dfs path on share with
widelinks enabled, should generate an error (see BUG:)
Add a knownfail so CI continues
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power
Reviewed-by: Jeremy Allison
commit b57cdfd7efb161cf96b3a39dc7a1652db817e602
Author: Noel Power
Date: Fri Jul 28 09:40:57 2023 +0100
selftest: Add new dfs share (with widelinks enabled)
Adds share (to be used in later test) that has dfs node
but additionally has widelinks set to yes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
Signed-off-by: Noel Power
Reviewed-by: Jeremy Allison
---
Summary of changes:
selftest/target/Samba3.pm | 5
source3/modules/vfs_widelinks.c| 30 +++---
source3/script/tests/test_bug15435_widelink_dfs.sh | 28
source3/selftest/tests.py | 11
4 files changed, 71 insertions(+), 3 deletions(-)
create mode 100755 source3/script/tests/test_bug15435_widelink_dfs.sh
Changeset truncated at 500 lines:
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index b4c3c130e9a..39831afc599 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -3034,6 +3034,11 @@ sub provision($$)
msdfs root = yes
msdfs shuffle referrals = yes
guest ok = yes
+[msdfs-share-wl]
+ path = $msdfs_shrdir
+ msdfs root = yes
+ wide links = yes
+ guest ok = yes
[msdfs-share2]
path = $msdfs_shrdir2
msdfs root = yes
diff --git a/source3/modules/vfs_widelinks.c b/source3/modules/vfs_widelinks.c
index 0045242ba81..29f2d4834f6 100644
--- a/source3/modules/vfs_widelinks.c
+++ b/source3/modules/vfs_widelinks.c
@@ -106,6 +106,7 @@
struct widelinks_config {
bool active;
+ bool is_dfs_share;
char *cwd;
};
@@ -134,7 +135,8 @@ static int widelinks_connect(struct vfs_handle_struct
*handle,
DBG_ERR("vfs_widelinks module loaded with "
"widelinks = no\n");
}
-
+ config->is_dfs_share =
+ (lp_host_msdfs() && lp_msdfs_root(SNUM(handle->conn)));
SMB_VFS_HANDLE_SET_DATA(handle,
config,
NULL, /* free_fn */
@@ -346,7 +348,7 @@ static int widelinks_openat(vfs_handle_struct *handle,
{
struct vfs_open_how how = *_how;
struct widelinks_config *config = NULL;
-
+ int ret;
SMB_VFS_HANDLE_GET_DATA(handle,
config,
struct widelinks_config,
@@ -363,11 +365,33 @@ static int widelinks_openat(vfs_handle_struct *handle,
how.flags = (how.flags & ~O_NOFOLLOW);
}
- return SMB_VFS_NEXT_OPENAT(handle,
+ ret = SMB_VFS_NEXT_OPENAT(handle,
dirfsp,
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 855f970 security: fix security table from ff41962 NEWS[4.19.0rc1]: Samba 4.19.0rc1 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 855f970748e4fcaa6e4fbd3ecd5b391cf4a7c86c Author: Jule Anger Date: Fri Jul 28 15:57:12 2023 +0200 security: fix security table Content for the last security release was inserted in the wrong place. Signed-off-by: Jule Anger --- Summary of changes: history/security.html | 34 +- 1 file changed, 17 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/history/security.html b/history/security.html index 31fb76e..f788763 100755 --- a/history/security.html +++ b/history/security.html @@ -15,6 +15,23 @@ link to full release notes for each release. https://wiki.samba.org/index.php/Samba_Release_Planning;> supported Samba versions. + A list of public https://bugzilla.samba.org/buglist.cgi?f1=alias=regexp=Last Changed=PIDL=Samba 2.2=Samba 3.0=Samba 3.2=Samba 3.3=Samba 3.4=Samba 3.5=Samba 3.6=Samba 4.0=Samba 4.1 and newer_format=advanced=^CVE-.*"> + Samba Security Bugs is available. Some minor issues will + only be listed in https://bugzilla.samba.org;> + The Samba Bugzilla and not here, if they did not result + in a security release + + + Samba Security Releases + +Date Issued + Download + Known Issue(s) + Affected Releases + CVE ID # + Details + + 19 July 2023 @@ -46,23 +63,6 @@ link to full release notes for each release. - A list of public https://bugzilla.samba.org/buglist.cgi?f1=alias=regexp=Last Changed=PIDL=Samba 2.2=Samba 3.0=Samba 3.2=Samba 3.3=Samba 3.4=Samba 3.5=Samba 3.6=Samba 4.0=Samba 4.1 and newer_format=advanced=^CVE-.*"> - Samba Security Bugs is available. Some minor issues will - only be listed in https://bugzilla.samba.org;> - The Samba Bugzilla and not here, if they did not result - in a security release - - - Samba Security Releases - -Date Issued - Download - Known Issue(s) - Affected Releases - CVE ID # - Details - - 29 March 2023 -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-18-test updated
The branch, v4-18-test has been updated
via c1c2a0ec80d s3:winbindd: Fix double close(fd)
via aa2af3c0c20 s3:rpc_server: Fix double blackslash issue in dfs path
via 19e110d7ac5 s3:rpc_server: Initialize consumedcnt to 0 in
_dfs_GetInfo()
via c052d8bdea8 s3:tests: Add rpcclient 'dfsgetinfo' test
from 14ce7756e7a python/samba: Adjust tarfile extraction filter
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-test
- Log -
commit c1c2a0ec80d65e663f4cd6ed144f77b75d0edea7
Author: Pavel Filipenský
Date: Tue Jul 25 11:16:56 2023 +0200
s3:winbindd: Fix double close(fd)
Reported by Red Hat internal coverity
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15433
Signed-off-by: Pavel Filipenský
Reviewed-by: Ralph Boehme
Autobuild-User(master): Pavel Filipensky
Autobuild-Date(master): Tue Jul 25 12:08:49 UTC 2023 on atb-devel-224
(cherry picked from commit dd998cc163358edd6c748e40900247877f91eb1f)
Autobuild-User(v4-18-test): Jule Anger
Autobuild-Date(v4-18-test): Fri Jul 28 13:37:01 UTC 2023 on atb-devel-224
commit aa2af3c0c20daed2f7e69b70544dd1fef34de474
Author: Pavel Filipenský
Date: Tue Jun 20 16:24:55 2023 +0200
s3:rpc_server: Fix double blackslash issue in dfs path
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400
Signed-off-by: Pavel Filipenský
Reviewed-by: Jeremy Allison
Autobuild-User(master): Jeremy Allison
Autobuild-Date(master): Wed Jul 5 20:24:35 UTC 2023 on atb-devel-224
(cherry picked from commit 6f073f258f1f4f03a8eb568ea05be78fdbec49eb)
commit 19e110d7ac5c3a3f1f45115de9ddb9c38f896d65
Author: Pavel Filipenský
Date: Fri Jun 23 10:08:39 2023 +0200
s3:rpc_server: Initialize consumedcnt to 0 in _dfs_GetInfo()
Signed-off-by: Pavel Filipenský
Reviewed-by: Jeremy Allison
(cherry picked from commit 8c10f53928653d02bbb75d6ab05510e87ee97420)
commit c052d8bdea879e20716704234a2049f8c2cfbff2
Author: Pavel Filipenský
Date: Fri Jun 23 12:03:30 2023 +0200
s3:tests: Add rpcclient 'dfsgetinfo' test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400
Signed-off-by: Pavel Filipenský
Reviewed-by: Jeremy Allison
(cherry picked from commit 2af9c65f2a17ace4e1021b5c8fd6df636c904cfe)
---
Summary of changes:
source3/rpc_server/dfs/srv_dfs_nt.c| 32 ++
source3/script/tests/test_rpcclient_dfs.sh | 7 +++
source3/winbindd/winbindd_cm.c | 10 --
3 files changed, 39 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/dfs/srv_dfs_nt.c
b/source3/rpc_server/dfs/srv_dfs_nt.c
index 7b5119bbaf7..8eaa59a8b0e 100644
--- a/source3/rpc_server/dfs/srv_dfs_nt.c
+++ b/source3/rpc_server/dfs/srv_dfs_nt.c
@@ -63,6 +63,7 @@ WERROR _dfs_Add(struct pipes_struct *p, struct dfs_Add *r)
char *altpath = NULL;
NTSTATUS status;
TALLOC_CTX *ctx = talloc_tos();
+ const char *pathnamep = r->in.path;
if (session_info->unix_token->uid != sec_initial_uid()) {
DEBUG(10,("_dfs_add: uid != 0. Access denied.\n"));
@@ -84,10 +85,15 @@ WERROR _dfs_Add(struct pipes_struct *p, struct dfs_Add *r)
return WERR_NOT_ENOUGH_MEMORY;
}
+ while (IS_DIRECTORY_SEP(pathnamep[0]) &&
+ IS_DIRECTORY_SEP(pathnamep[1])) {
+ pathnamep++;
+ }
+
/* The following call can change the cwd. */
status = get_referred_path(ctx,
session_info,
- r->in.path,
+ pathnamep,
remote_address,
local_address,
jn, , _ref);
@@ -141,6 +147,7 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct
dfs_Remove *r)
TALLOC_CTX *ctx = talloc_tos();
char *altpath = NULL;
NTSTATUS status;
+ const char *pathnamep = r->in.dfs_entry_path;
if (session_info->unix_token->uid != sec_initial_uid()) {
DEBUG(10,("_dfs_remove: uid != 0. Access denied.\n"));
@@ -166,9 +173,14 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct
dfs_Remove *r)
r->in.dfs_entry_path, r->in.servername,
r->in.sharename));
}
+ while (IS_DIRECTORY_SEP(pathnamep[0]) &&
+ IS_DIRECTORY_SEP(pathnamep[1])) {
+ pathnamep++;
+ }
+
status = get_referred_path(ctx,
session_info,
- r->in.dfs_entry_path,
+ pathnamep,
remote_address,
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via ff41962 NEWS[4.19.0rc1]: Samba 4.19.0rc1 Available for Download from 73f2b13 team: Add employer for Christof https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit ff41962159d7002349e7c80a1176a8193c4274bb Author: Jule Anger Date: Fri Jul 28 14:15:53 2023 +0200 NEWS[4.19.0rc1]: Samba 4.19.0rc1 Available for Download Signed-off-by: Jule Anger --- Summary of changes: posted_news/20230728-122519.4.19.0rc1.body.html | 12 posted_news/20230728-122519.4.19.0rc1.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20230728-122519.4.19.0rc1.body.html create mode 100644 posted_news/20230728-122519.4.19.0rc1.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20230728-122519.4.19.0rc1.body.html b/posted_news/20230728-122519.4.19.0rc1.body.html new file mode 100644 index 000..b399239 --- /dev/null +++ b/posted_news/20230728-122519.4.19.0rc1.body.html @@ -0,0 +1,12 @@ + +28 July 2023 +Samba 4.19.0rc1 Available for Download + +This is the first release candidate of the upcoming Samba 4.19 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.19.0rc1.tar.gz;>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.19.0rc1.WHATSNEW.txt;>the release notes for more info. + + diff --git a/posted_news/20230728-122519.4.19.0rc1.headline.html b/posted_news/20230728-122519.4.19.0rc1.headline.html new file mode 100644 index 000..aba6cda --- /dev/null +++ b/posted_news/20230728-122519.4.19.0rc1.headline.html @@ -0,0 +1,3 @@ + + 28 July 2023 Samba 4.19.0rc1 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-19-stable updated
The branch, v4-19-stable has been updated via 4f12024cafa VERSION: Disable GIT_SNAPSHOT for the Samba 4.19.0rc1 release. via 6943c1e3cde WHATSNEW: Up to Samba 4.19.0rc1. via 94f11c3c21b ldb: release 2.8.0 for use in Samba 4.19.x via 7920d2ff627 ctdb-tools: Improve printing of multi-line event script output via e3c0b72c340 ctdb-tools: Always print script output in event status via e36a4149d80 librpc/idl: Remove DCOM and WMI IDL via abc3d58e1cc dcom: Remove remainder of DCOM test client code via 959dc9068d1 librpc:crypto: SAFE_FREE() -> krb5_free_enctypes() via 05056775eae librpc:crypto: SAFE_FREE() -> krb5_free_string() via ec121eb831d auth:credentials: SAFE_FREE() -> krb5_free_string() via cd60e3fdef4 auth:credentials: SAFE_FREE() -> krb5_free_enctypes() via c5778a0fbdd krb5_wrap: add krb5_free_string() via 75139445c20 krb5_wrap: add krb5_free_enctypes() via 9338d1b17c4 smbd: move tevent_req_post() out of smbd_smb2_create_after_exec() via 20df26b9081 s3: smbd: Sanitize any "server" and "share" components of SMB1 DFS paths to remove UNIX separators. via 2aa9ffa2f0f s3: torture: Add test to show an SMB1 DFS path of "\x//\/" crashes smbd. via c2e83ebe726 mdssvc: fix returning file modification date for older Mac releases via 620ca1e68d0 mdssvc: fix date marshalling via 9dc66fecf7c mdssvc: prepare for returning timestamps with sub-seconds granularity via 724a0518c90 mdssvc: reduce pagesize to 50 via 7f5e4edf64f tests/mdssvc: match hits:total:value to be the actual amount of entries in hits via d8fa5c8e2a1 mdssvc: fix enforcement of "elasticsearch:max results" via 086c2602d07 mdssvc: add and use SL_PAGESIZE via 925fefae20e mdssvc: fix long running backend queries via 4149ef97e59 mdssvc: set query state for continued queries to SLQ_STATE_RUNNING via e86e0da9de6 WHATSNEW: Add TLS cert reload feature via a1b1f8ffd20 doc-xml: Add entry for reload-certs for new LDAP certificate reload function via 9facc2e1d85 docs-xml: Fix invalid XML in smbcontrol manpage via 4516fee9b52 testprogs/blackbox: add test_ldap_tls_reload.sh via 0c7cfb7a115 s4:ldap_server: reload tls certificates on smbcontrol reload-certs via 321162c9bfc s4:ldap_server: remember dns_host_name in ldap_service via cc4995d932d s4:ldap_server: don't store task_server in ldapsrv_service via 7804bf55ad0 s4:tls_tstream: create tstream_tls_params_internal via bed915d098e s3:smbcontrol: improve destination resolution using names db via 1472e4c9dbf s4:process_prefork: create new messaging context for the master process via 3af6ad6eea7 s4:process: add method called before entering the tevent_loop_wait via c8ee3d45252 s4:process_prefork: avoid memory leaks caused by messaging_post_self via dd998cc1633 s3:winbindd: Fix double close(fd) via 61c951e063e mdscli: correct handling of in-progress searches via 424af98c894 mdscli: increase MAX_SLQ_COUNT via b8e0f02f081 mdscli: increase MAX_SLQ_TOCIDX via 1149d497b35 mdssvc: increase MAX_SLQ_TOC via 68bb582bc51 mdssvc: introduce MAX_MDSCMD_SIZE via c2b4fe3fb7c mdscli: add fragmentation support via 27980c87c9b mdssvc: remove duplicate define of MAX_SL_FRAGMENT_SIZE via 566427c4f0e librpc/idl: mdssvc: unkn4 field is a fragment indicator via 5442c47dad2 libsmb: increase a debug level when site-aware DC lookup failed via 9bab902fc50 CVE-2023-3347: smbd: fix "server signing = mandatory" via 5a222ac3718 CVE-2023-3347: smbd: remove comment in smbd_smb2_request_process_negprot() via 59131d6c345 CVE-2023-3347: smbd: inline smb2_srv_init_signing() code in srv_init_signing() via 1662eeeb7a6 CVE-2023-3347: smbd: pass lp_ctx to smb[1|2]_srv_init_signing() via a9a2b182df7 CVE-2023-3347: CI: add a test for server-side mandatory signing via 578e434a941 CVE-2023-34968: mdssvc: return a fake share path via 94fcbec8af5 CVE-2023-34968: mdscli: return share relative paths via d402c0cc6ad CVE-2023-34968: mdssvc: introduce an allocating wrapper to sl_pack() via ac9008a20c8 CVE-2023-34968: mdssvc: switch to doing an early return via 33b82c6185b CVE-2023-34968: mdssvc: remove response blob allocation via 5c9efa9604d CVE-2023-34968: rpcclient: remove response blob allocation via 6d77daa3af0 CVE-2023-34968: smbtorture: remove response blob allocation in mdssvc.c via e85e09eee93 CVE-2023-34968: mdscli: remove response blob allocation via 617fe37cc2a CVE-2023-34968: mdscli: use correct TALLOC memory context when allocating spotlight_blob via 70184ef3b40 CVE-2023-34968: mdssvc: add missing "kMDSStoreMetaScopes" dict key in
[SCM] Samba Shared Repository - annotated tag samba-4.19.0rc1 created
The annotated tag, samba-4.19.0rc1 has been created at cb492436acd67d4cb1a1585502c530e4c8c45ed3 (tag) tagging 4f12024cafa0aa50325b390418407419a46423ac (commit) replaces ldb-2.8.0 tagged by Jule Anger on Fri Jul 28 14:15:26 2023 +0200 - Log - samba: tag release samba-4.19.0rc1 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmTDsV4ACgkQqplEL7aA tiCbgxAAjyxzMlqqOVtEjXB3K5NMX17E32O4FFoEfkXDuz8pnIFeOXpLJ2u2aURt JRHrBwctt0abwX7XOLQ/91Juhn1Nhd2DZ5nh21whboAz4UAo3ahAIYl+AXl2yIk1 UXwbzhgpDuBhIpQKD3IkvbqjPF4pi54iMU+81u5P4Vz6eeeVbHt81YK+VLBxQQIt gFHsAtZPYOcC6F0v23JsHeD135rUCWoJ7jnFAlL01ba2PONoG1wm1/hvZWFgr5CX NPs/BmeloDbgLMTkQNC0R6oDun7Wxr7vryh8DTFSgbhH0IlsaNTt/Mwd9ujSwIdy l0C8RYTpznqCBxzdRAJM8+E80d6JxIKJaKc4JXtQbGspv5mqIN6WI07KSWOLChKQ eq53c50gm3FVSTthpjng1wxHMqSpCQV8WPE/riGwalGOl1hXKjvvysIgGKuGF2l+ 3zrucSkvchIatTinQn9XCSJns1+EPI//g7BcrnXnRI9orWgwenNMV6EM4S52rMFw qoxiedtIzo8J+4gNf0HPLYXL7IfrB3BqVv3Bcoa93Mgzv1Tw0NXsCgws6QXBEt8j qR1tKac2xz0uQs/FXjbrzUEpYCPoWHoXvAkOiBd9ZNWr/1OycOCE6kWT2bg3xTyk uPNOFAN0R1RwdJ8pRIVJq/7nHljEGBSHUXyOBwYIN2N/hqz7l40= =NZg/ -END PGP SIGNATURE- Jule Anger (1): WHATSNEW: Up to Samba 4.19.0rc1. Stefan Metzmacher (1): VERSION: Disable GIT_SNAPSHOT for the Samba 4.19.0rc1 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-19-test updated
The branch, v4-19-test has been updated via 3bab56a7db6 VERSION: Bump version up to Samba 4.19.0rc2... via 4f12024cafa VERSION: Disable GIT_SNAPSHOT for the Samba 4.19.0rc1 release. via 6943c1e3cde WHATSNEW: Up to Samba 4.19.0rc1. via 94f11c3c21b ldb: release 2.8.0 for use in Samba 4.19.x via 7920d2ff627 ctdb-tools: Improve printing of multi-line event script output via e3c0b72c340 ctdb-tools: Always print script output in event status via e36a4149d80 librpc/idl: Remove DCOM and WMI IDL via abc3d58e1cc dcom: Remove remainder of DCOM test client code via 959dc9068d1 librpc:crypto: SAFE_FREE() -> krb5_free_enctypes() via 05056775eae librpc:crypto: SAFE_FREE() -> krb5_free_string() via ec121eb831d auth:credentials: SAFE_FREE() -> krb5_free_string() via cd60e3fdef4 auth:credentials: SAFE_FREE() -> krb5_free_enctypes() via c5778a0fbdd krb5_wrap: add krb5_free_string() via 75139445c20 krb5_wrap: add krb5_free_enctypes() via 9338d1b17c4 smbd: move tevent_req_post() out of smbd_smb2_create_after_exec() via 20df26b9081 s3: smbd: Sanitize any "server" and "share" components of SMB1 DFS paths to remove UNIX separators. via 2aa9ffa2f0f s3: torture: Add test to show an SMB1 DFS path of "\x//\/" crashes smbd. via c2e83ebe726 mdssvc: fix returning file modification date for older Mac releases via 620ca1e68d0 mdssvc: fix date marshalling via 9dc66fecf7c mdssvc: prepare for returning timestamps with sub-seconds granularity via 724a0518c90 mdssvc: reduce pagesize to 50 via 7f5e4edf64f tests/mdssvc: match hits:total:value to be the actual amount of entries in hits via d8fa5c8e2a1 mdssvc: fix enforcement of "elasticsearch:max results" via 086c2602d07 mdssvc: add and use SL_PAGESIZE via 925fefae20e mdssvc: fix long running backend queries via 4149ef97e59 mdssvc: set query state for continued queries to SLQ_STATE_RUNNING via e86e0da9de6 WHATSNEW: Add TLS cert reload feature via a1b1f8ffd20 doc-xml: Add entry for reload-certs for new LDAP certificate reload function via 9facc2e1d85 docs-xml: Fix invalid XML in smbcontrol manpage via 4516fee9b52 testprogs/blackbox: add test_ldap_tls_reload.sh via 0c7cfb7a115 s4:ldap_server: reload tls certificates on smbcontrol reload-certs via 321162c9bfc s4:ldap_server: remember dns_host_name in ldap_service via cc4995d932d s4:ldap_server: don't store task_server in ldapsrv_service via 7804bf55ad0 s4:tls_tstream: create tstream_tls_params_internal via bed915d098e s3:smbcontrol: improve destination resolution using names db via 1472e4c9dbf s4:process_prefork: create new messaging context for the master process via 3af6ad6eea7 s4:process: add method called before entering the tevent_loop_wait via c8ee3d45252 s4:process_prefork: avoid memory leaks caused by messaging_post_self via dd998cc1633 s3:winbindd: Fix double close(fd) via 61c951e063e mdscli: correct handling of in-progress searches via 424af98c894 mdscli: increase MAX_SLQ_COUNT via b8e0f02f081 mdscli: increase MAX_SLQ_TOCIDX via 1149d497b35 mdssvc: increase MAX_SLQ_TOC via 68bb582bc51 mdssvc: introduce MAX_MDSCMD_SIZE via c2b4fe3fb7c mdscli: add fragmentation support via 27980c87c9b mdssvc: remove duplicate define of MAX_SL_FRAGMENT_SIZE via 566427c4f0e librpc/idl: mdssvc: unkn4 field is a fragment indicator via 5442c47dad2 libsmb: increase a debug level when site-aware DC lookup failed via 9bab902fc50 CVE-2023-3347: smbd: fix "server signing = mandatory" via 5a222ac3718 CVE-2023-3347: smbd: remove comment in smbd_smb2_request_process_negprot() via 59131d6c345 CVE-2023-3347: smbd: inline smb2_srv_init_signing() code in srv_init_signing() via 1662eeeb7a6 CVE-2023-3347: smbd: pass lp_ctx to smb[1|2]_srv_init_signing() via a9a2b182df7 CVE-2023-3347: CI: add a test for server-side mandatory signing via 578e434a941 CVE-2023-34968: mdssvc: return a fake share path via 94fcbec8af5 CVE-2023-34968: mdscli: return share relative paths via d402c0cc6ad CVE-2023-34968: mdssvc: introduce an allocating wrapper to sl_pack() via ac9008a20c8 CVE-2023-34968: mdssvc: switch to doing an early return via 33b82c6185b CVE-2023-34968: mdssvc: remove response blob allocation via 5c9efa9604d CVE-2023-34968: rpcclient: remove response blob allocation via 6d77daa3af0 CVE-2023-34968: smbtorture: remove response blob allocation in mdssvc.c via e85e09eee93 CVE-2023-34968: mdscli: remove response blob allocation via 617fe37cc2a CVE-2023-34968: mdscli: use correct TALLOC memory context when allocating spotlight_blob via 70184ef3b40 CVE-2023-34968:
[SCM] Samba Shared Repository - annotated tag ldb-2.8.0 created
The annotated tag, ldb-2.8.0 has been created at 36364505dcb1edd614a732b93bd6479ac9958da6 (tag) tagging 94f11c3c21bc3b8a34d376ab99becd2c6260af62 (commit) replaces tevent-0.15.0 tagged by Stefan Metzmacher on Fri Jul 28 14:09:13 2023 +0200 - Log - ldb: tag release ldb-2.8.0 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmTDr+kACgkQR5ORYRMI QCWW3wf9HgIHhgkhNfjpcqYtnNUv7YayXZQl7Lw9ZTQzyLZHllfZeydSv67BdUoO XzuZeYLVSxBGQB6B/66MK5Rgpw36uKIGs3+MTGyQ0jvgI33OtujOnvHFHRK01YIB xEXgTdNeQRj7HgG5e5yHA+mhCFcb4aRjegy4abD3IyBmX2Z0V0bzdWI0JS+hSCwm 2uaoMoW3Y7kLSlH7hzavxWAUOuLqwZ2iRTliHaMYRo9FnZqyDXXIXtZnMYJ4wK0r 6OLymDZpX/l3akl2wUksA5P5kyV6b4WYMQAJNnDBZmmPjxw5l6cSPHSQlcFcdIFJ 3+86BARD/dd+TEJw8pLf8WoflOzXPA== =qtS9 -END PGP SIGNATURE- Andreas Schneider (19): s3:param: Rename bLoaded global variable s3:param: Fix code spelling s3:passdb: Fix code spelling s3:printing: Fix trailing white spaces in print_iprint.c s3:printing: Fix code spelling s3:printing: Rename variably to dummy to make codespell happy s3:registry: Fix code spelling s3:rpc_client: Fix code spelling s3:rpc_server: Fix code spelling s3:script: Fix code spelling s3:selftest: Fix code spelling s3:smbd: Fix trailing white spaces in dmapi.c s3:smbd: Fix trailing white spaces in quotas.c s3:smbd: Fix code spelling s3:torture: Fix code spelling s3:utils: Fix code spelling s3:winbindd: Fix code spelling s3:waf: Fix code spelling Revert "s3:winbindd: set TEVENT_DEPRECATED as tevent_thread_call_depth_*() api will change soon" Andrew Bartlett (21): WHATSNEW: Add text on PKINIT Certificate Revocation WHATSNEW: Include info on new samba-tool features WHATSNEW: PKINIT testing WHATSNEW: Expand detail on what of 2012, 2012R2 and 2016 support is implemented WHATSNEW: Mention Heimdal updates WHATSNEW: FAST support, Claims compression, SID compression WHATSNEW: mention KDC auditing WHATSNEW: Mention new unicodePwd only over encrypted LDAP restriction lib/fault: During smb_panic() print process comment and setprocname() title lib/cmdline: Return if the commandline was redacted in samba_cmdline_burn() python: Move PyList_AsStringList to common code so we can reuse python: Remove const from PyList_AsStringList() python: Add glue.burn_commandline() method samba-tool: Use samba.glue.get_burnt_cmdline rather than regex lib/cmdline: Also burn the --password2 parameter if given lib/cmdline: Also redact --newpassword in samba_cmdline_burn() docs-xml: Fix invalid XML in smbcontrol manpage doc-xml: Add entry for reload-certs for new LDAP certificate reload function WHATSNEW: Add TLS cert reload feature dcom: Remove remainder of DCOM test client code librpc/idl: Remove DCOM and WMI IDL Dmitry Antipov (1): s4:param: replace calls to deprecated Python methods Jeremy Allison (2): s3: torture: Add test to show an SMB1 DFS path of "\\x//\\/" crashes smbd. s3: smbd: Sanitize any "server" and "share" components of SMB1 DFS paths to remove UNIX separators. Joseph Sutton (1): claims.idl: Fix AD claims encoding Jule Anger (9): s4:process_prefork: avoid memory leaks caused by messaging_post_self s4:process: add method called before entering the tevent_loop_wait s4:process_prefork: create new messaging context for the master process s4:tls_tstream: create tstream_tls_params_internal s4:ldap_server: don't store task_server in ldapsrv_service s4:ldap_server: remember dns_host_name in ldap_service s4:ldap_server: reload tls certificates on smbcontrol reload-certs testprogs/blackbox: add test_ldap_tls_reload.sh ldb: release 2.8.0 for use in Samba 4.19.x Martin Schwenke (10): ctdb-utils: Drop unused scsi_io.c source file ctdb-doc: Correct bit-rotted documenation ctdb: Do not use egrep ctdb-recoverd: CID 1509028 - Use of 32-bit time_t (Y2K38_SAFETY) ctdb-scripts: Reformat with "shfmt -w -p -i 0 -fn" ctdb-scripts: Avoid ShellCheck warning SC2162 ctdb-scripts: Support script logging to stderr ctdb-tests: Log to stderr in statd-callout tests ctdb-tools: Always print script output in event status ctdb-tools: Improve printing of multi-line event script output Noel Power (1): python/samba: Adjust tarfile extraction filter Pavel Filipenský (13): s3:winbind: Add callback winbind_call_flow() s3:winbind: Update winbind to tevent 0.15.0 API s3:winbind: Set/unset the winbind_call_flow callback if log level changes s3:winbindd: Change the TALLOC_CTX to fix the tevent call depth tracking docs-xml:manpages: Fix tabs in samba-log-parser.1.xml s3:script: Replace --merge
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7319c7596ea ldb: change the version to 2.9.0 for Samba 4.20 via 1771ee694f4 WHATSNEW: Start release notes for Samba 4.20.0pre1. via c403201af33 VERSION: Bump version up to 4.20.0pre1... via 4f12024cafa VERSION: Disable GIT_SNAPSHOT for the Samba 4.19.0rc1 release. via 6943c1e3cde WHATSNEW: Up to Samba 4.19.0rc1. via 94f11c3c21b ldb: release 2.8.0 for use in Samba 4.19.x via 7920d2ff627 ctdb-tools: Improve printing of multi-line event script output via e3c0b72c340 ctdb-tools: Always print script output in event status via e36a4149d80 librpc/idl: Remove DCOM and WMI IDL via abc3d58e1cc dcom: Remove remainder of DCOM test client code via 959dc9068d1 librpc:crypto: SAFE_FREE() -> krb5_free_enctypes() via 05056775eae librpc:crypto: SAFE_FREE() -> krb5_free_string() via ec121eb831d auth:credentials: SAFE_FREE() -> krb5_free_string() via cd60e3fdef4 auth:credentials: SAFE_FREE() -> krb5_free_enctypes() via c5778a0fbdd krb5_wrap: add krb5_free_string() via 75139445c20 krb5_wrap: add krb5_free_enctypes() via 9338d1b17c4 smbd: move tevent_req_post() out of smbd_smb2_create_after_exec() from 20df26b9081 s3: smbd: Sanitize any "server" and "share" components of SMB1 DFS paths to remove UNIX separators. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7319c7596ea93b06c0c8e7b0926ebdbf08851d11 Author: Jule Anger Date: Tue Jul 25 15:56:59 2023 +0200 ldb: change the version to 2.9.0 for Samba 4.20 Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Fri Jul 28 11:49:02 UTC 2023 on atb-devel-224 commit 1771ee694f47db03d24712e75ded55244ffe2418 Author: Stefan Metzmacher Date: Fri Jul 28 11:52:19 2023 +0200 WHATSNEW: Start release notes for Samba 4.20.0pre1. Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher commit c403201af33bc7b5510e2249e1c395a869ed3949 Author: Stefan Metzmacher Date: Fri Jul 28 11:53:50 2023 +0200 VERSION: Bump version up to 4.20.0pre1... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher commit 4f12024cafa0aa50325b390418407419a46423ac Author: Stefan Metzmacher Date: Fri Jul 28 11:49:28 2023 +0200 VERSION: Disable GIT_SNAPSHOT for the Samba 4.19.0rc1 release. Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher commit 6943c1e3cde5359f5c2ebdf90e8985bf97a40ea5 Author: Jule Anger Date: Tue Jul 25 15:59:19 2023 +0200 WHATSNEW: Up to Samba 4.19.0rc1. Signed-off-by: Jule Anger commit 94f11c3c21bc3b8a34d376ab99becd2c6260af62 Author: Jule Anger Date: Tue Jul 18 10:48:57 2023 +0200 ldb: release 2.8.0 for use in Samba 4.19.x * CVE-2023-0614 Not-secret but access controlled LDAP attributes can be discovered (bug 15270) * pyldb: Raise an exception if ldb_dn_get_parent() fails * Implement ldap_whoami in pyldb and add the RFC4532 LDB_EXTENDED_WHOAMI_OID definition * Documentation and spelling fixes * Add ldb_val -> bool,uint64,int64 parsing functions * Split out ldb_val_as_dn() helper function * add LDB_CHANGETYPE_MODRDN support to ldb_ldif_to_pyobject() * add LDB_CHANGETYPE_DELETE support to ldb_ldif_to_pyobject() * let ldb_ldif_parse_modrdn() handle names without 'rdn_name=' prefix * Don't create error string if there is no error * Avoid allocation and memcpy() for every wildcard match candidate * Make ldb_msg_remove_attr O(n) * pyldb: Throw error on invalid controls * pyldb: remove py2 ifdefs * Call tevent_set_max_debug_level(TEVENT_DEBUG_TRACE) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher commit 7920d2ff627c6ef252e59b428236919ed0abb6ba Author: Martin Schwenke Date: Wed Jul 12 10:39:06 2023 +1000 ctdb-tools: Improve printing of multi-line event script output Multi-line output currently prints like this: OUTPUT: aaa bbb ccc This is less beautiful than it could be. Instead, print multi-line output with no inlining and each line indented: OUTPUT: aaa bbb ccc However, continue to inline single line output: OUTPUT: foo Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs commit e3c0b72c340f86b1d6e4fd009d1082c7e477fd04 Author: Martin Schwenke Date: Wed Jul 12 10:39:06 2023 +1000 ctdb-tools: Always print script output in event status When event scripts succeed they generally produce no output. However, when a script succeeds and produces output, such output almost certainly
