[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0bf8b25aacd s3/modules: Fix DFS links when widelinks = yes via 2668dcd0968 s3/modules: Add flag indicating if connected share is a dfs share via 3d2e9db8b95 sefltest: Add new regression test dfs with widelinks = yes via b57cdfd7efb selftest: Add new dfs share (with widelinks enabled) from 7319c7596ea ldb: change the version to 2.9.0 for Samba 4.20 https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0bf8b25aacdf2f5c746922320b32e3f0886c81f5 Author: Noel Power Date: Thu Jul 27 13:26:21 2023 +0100 s3/modules: Fix DFS links when widelinks = yes In openat(), even if we fail to open the file, propagate stat if and only if the object is a link in a DFS share. This allows calling code to further process the link. Also remove knownfail Pair-Programmed-With: Jeremy Alison BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435 Signed-off-by: Noel Power Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Sat Jul 29 00:43:52 UTC 2023 on atb-devel-224 commit 2668dcd0968133cca4f8410bf8c41ed0483f5d87 Author: Noel Power Date: Thu Jul 27 17:36:29 2023 +0100 s3/modules: Add flag indicating if connected share is a dfs share Not used yet, will be used in the next commit to avoid testing if the connected share is a dfs one. Pair-Programmed-With: Jeremy Alison BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435 Signed-off-by: Noel Power Reviewed-by: Jeremy Allison commit 3d2e9db8b95f9f45d486f8272e53584975f177fa Author: Noel Power Date: Fri Jul 28 09:41:59 2023 +0100 sefltest: Add new regression test dfs with widelinks = yes Adds a new test trying to cd into dfs path on share with widelinks enabled, should generate an error (see BUG:) Add a knownfail so CI continues BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435 Signed-off-by: Noel Power Reviewed-by: Jeremy Allison commit b57cdfd7efb161cf96b3a39dc7a1652db817e602 Author: Noel Power Date: Fri Jul 28 09:40:57 2023 +0100 selftest: Add new dfs share (with widelinks enabled) Adds share (to be used in later test) that has dfs node but additionally has widelinks set to yes BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435 Signed-off-by: Noel Power Reviewed-by: Jeremy Allison --- Summary of changes: selftest/target/Samba3.pm | 5 source3/modules/vfs_widelinks.c| 30 +++--- source3/script/tests/test_bug15435_widelink_dfs.sh | 28 source3/selftest/tests.py | 11 4 files changed, 71 insertions(+), 3 deletions(-) create mode 100755 source3/script/tests/test_bug15435_widelink_dfs.sh Changeset truncated at 500 lines: diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index b4c3c130e9a..39831afc599 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -3034,6 +3034,11 @@ sub provision($$) msdfs root = yes msdfs shuffle referrals = yes guest ok = yes +[msdfs-share-wl] + path = $msdfs_shrdir + msdfs root = yes + wide links = yes + guest ok = yes [msdfs-share2] path = $msdfs_shrdir2 msdfs root = yes diff --git a/source3/modules/vfs_widelinks.c b/source3/modules/vfs_widelinks.c index 0045242ba81..29f2d4834f6 100644 --- a/source3/modules/vfs_widelinks.c +++ b/source3/modules/vfs_widelinks.c @@ -106,6 +106,7 @@ struct widelinks_config { bool active; + bool is_dfs_share; char *cwd; }; @@ -134,7 +135,8 @@ static int widelinks_connect(struct vfs_handle_struct *handle, DBG_ERR("vfs_widelinks module loaded with " "widelinks = no\n"); } - + config->is_dfs_share = + (lp_host_msdfs() && lp_msdfs_root(SNUM(handle->conn))); SMB_VFS_HANDLE_SET_DATA(handle, config, NULL, /* free_fn */ @@ -346,7 +348,7 @@ static int widelinks_openat(vfs_handle_struct *handle, { struct vfs_open_how how = *_how; struct widelinks_config *config = NULL; - + int ret; SMB_VFS_HANDLE_GET_DATA(handle, config, struct widelinks_config, @@ -363,11 +365,33 @@ static int widelinks_openat(vfs_handle_struct *handle, how.flags = (how.flags & ~O_NOFOLLOW); } - return SMB_VFS_NEXT_OPENAT(handle, + ret = SMB_VFS_NEXT_OPENAT(handle, dirfsp,
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 855f970 security: fix security table from ff41962 NEWS[4.19.0rc1]: Samba 4.19.0rc1 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 855f970748e4fcaa6e4fbd3ecd5b391cf4a7c86c Author: Jule Anger Date: Fri Jul 28 15:57:12 2023 +0200 security: fix security table Content for the last security release was inserted in the wrong place. Signed-off-by: Jule Anger --- Summary of changes: history/security.html | 34 +- 1 file changed, 17 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/history/security.html b/history/security.html index 31fb76e..f788763 100755 --- a/history/security.html +++ b/history/security.html @@ -15,6 +15,23 @@ link to full release notes for each release. https://wiki.samba.org/index.php/Samba_Release_Planning;> supported Samba versions. + A list of public https://bugzilla.samba.org/buglist.cgi?f1=alias=regexp=Last Changed=PIDL=Samba 2.2=Samba 3.0=Samba 3.2=Samba 3.3=Samba 3.4=Samba 3.5=Samba 3.6=Samba 4.0=Samba 4.1 and newer_format=advanced=^CVE-.*"> + Samba Security Bugs is available. Some minor issues will + only be listed in https://bugzilla.samba.org;> + The Samba Bugzilla and not here, if they did not result + in a security release + + + Samba Security Releases + +Date Issued + Download + Known Issue(s) + Affected Releases + CVE ID # + Details + + 19 July 2023 @@ -46,23 +63,6 @@ link to full release notes for each release. - A list of public https://bugzilla.samba.org/buglist.cgi?f1=alias=regexp=Last Changed=PIDL=Samba 2.2=Samba 3.0=Samba 3.2=Samba 3.3=Samba 3.4=Samba 3.5=Samba 3.6=Samba 4.0=Samba 4.1 and newer_format=advanced=^CVE-.*"> - Samba Security Bugs is available. Some minor issues will - only be listed in https://bugzilla.samba.org;> - The Samba Bugzilla and not here, if they did not result - in a security release - - - Samba Security Releases - -Date Issued - Download - Known Issue(s) - Affected Releases - CVE ID # - Details - - 29 March 2023 -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-18-test updated
The branch, v4-18-test has been updated via c1c2a0ec80d s3:winbindd: Fix double close(fd) via aa2af3c0c20 s3:rpc_server: Fix double blackslash issue in dfs path via 19e110d7ac5 s3:rpc_server: Initialize consumedcnt to 0 in _dfs_GetInfo() via c052d8bdea8 s3:tests: Add rpcclient 'dfsgetinfo' test from 14ce7756e7a python/samba: Adjust tarfile extraction filter https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-test - Log - commit c1c2a0ec80d65e663f4cd6ed144f77b75d0edea7 Author: Pavel Filipenský Date: Tue Jul 25 11:16:56 2023 +0200 s3:winbindd: Fix double close(fd) Reported by Red Hat internal coverity BUG: https://bugzilla.samba.org/show_bug.cgi?id=15433 Signed-off-by: Pavel Filipenský Reviewed-by: Ralph Boehme Autobuild-User(master): Pavel Filipensky Autobuild-Date(master): Tue Jul 25 12:08:49 UTC 2023 on atb-devel-224 (cherry picked from commit dd998cc163358edd6c748e40900247877f91eb1f) Autobuild-User(v4-18-test): Jule Anger Autobuild-Date(v4-18-test): Fri Jul 28 13:37:01 UTC 2023 on atb-devel-224 commit aa2af3c0c20daed2f7e69b70544dd1fef34de474 Author: Pavel Filipenský Date: Tue Jun 20 16:24:55 2023 +0200 s3:rpc_server: Fix double blackslash issue in dfs path BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400 Signed-off-by: Pavel Filipenský Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Jul 5 20:24:35 UTC 2023 on atb-devel-224 (cherry picked from commit 6f073f258f1f4f03a8eb568ea05be78fdbec49eb) commit 19e110d7ac5c3a3f1f45115de9ddb9c38f896d65 Author: Pavel Filipenský Date: Fri Jun 23 10:08:39 2023 +0200 s3:rpc_server: Initialize consumedcnt to 0 in _dfs_GetInfo() Signed-off-by: Pavel Filipenský Reviewed-by: Jeremy Allison (cherry picked from commit 8c10f53928653d02bbb75d6ab05510e87ee97420) commit c052d8bdea879e20716704234a2049f8c2cfbff2 Author: Pavel Filipenský Date: Fri Jun 23 12:03:30 2023 +0200 s3:tests: Add rpcclient 'dfsgetinfo' test BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400 Signed-off-by: Pavel Filipenský Reviewed-by: Jeremy Allison (cherry picked from commit 2af9c65f2a17ace4e1021b5c8fd6df636c904cfe) --- Summary of changes: source3/rpc_server/dfs/srv_dfs_nt.c| 32 ++ source3/script/tests/test_rpcclient_dfs.sh | 7 +++ source3/winbindd/winbindd_cm.c | 10 -- 3 files changed, 39 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/dfs/srv_dfs_nt.c b/source3/rpc_server/dfs/srv_dfs_nt.c index 7b5119bbaf7..8eaa59a8b0e 100644 --- a/source3/rpc_server/dfs/srv_dfs_nt.c +++ b/source3/rpc_server/dfs/srv_dfs_nt.c @@ -63,6 +63,7 @@ WERROR _dfs_Add(struct pipes_struct *p, struct dfs_Add *r) char *altpath = NULL; NTSTATUS status; TALLOC_CTX *ctx = talloc_tos(); + const char *pathnamep = r->in.path; if (session_info->unix_token->uid != sec_initial_uid()) { DEBUG(10,("_dfs_add: uid != 0. Access denied.\n")); @@ -84,10 +85,15 @@ WERROR _dfs_Add(struct pipes_struct *p, struct dfs_Add *r) return WERR_NOT_ENOUGH_MEMORY; } + while (IS_DIRECTORY_SEP(pathnamep[0]) && + IS_DIRECTORY_SEP(pathnamep[1])) { + pathnamep++; + } + /* The following call can change the cwd. */ status = get_referred_path(ctx, session_info, - r->in.path, + pathnamep, remote_address, local_address, jn, , _ref); @@ -141,6 +147,7 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct dfs_Remove *r) TALLOC_CTX *ctx = talloc_tos(); char *altpath = NULL; NTSTATUS status; + const char *pathnamep = r->in.dfs_entry_path; if (session_info->unix_token->uid != sec_initial_uid()) { DEBUG(10,("_dfs_remove: uid != 0. Access denied.\n")); @@ -166,9 +173,14 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct dfs_Remove *r) r->in.dfs_entry_path, r->in.servername, r->in.sharename)); } + while (IS_DIRECTORY_SEP(pathnamep[0]) && + IS_DIRECTORY_SEP(pathnamep[1])) { + pathnamep++; + } + status = get_referred_path(ctx, session_info, - r->in.dfs_entry_path, + pathnamep, remote_address,
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via ff41962 NEWS[4.19.0rc1]: Samba 4.19.0rc1 Available for Download from 73f2b13 team: Add employer for Christof https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit ff41962159d7002349e7c80a1176a8193c4274bb Author: Jule Anger Date: Fri Jul 28 14:15:53 2023 +0200 NEWS[4.19.0rc1]: Samba 4.19.0rc1 Available for Download Signed-off-by: Jule Anger --- Summary of changes: posted_news/20230728-122519.4.19.0rc1.body.html | 12 posted_news/20230728-122519.4.19.0rc1.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20230728-122519.4.19.0rc1.body.html create mode 100644 posted_news/20230728-122519.4.19.0rc1.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20230728-122519.4.19.0rc1.body.html b/posted_news/20230728-122519.4.19.0rc1.body.html new file mode 100644 index 000..b399239 --- /dev/null +++ b/posted_news/20230728-122519.4.19.0rc1.body.html @@ -0,0 +1,12 @@ + +28 July 2023 +Samba 4.19.0rc1 Available for Download + +This is the first release candidate of the upcoming Samba 4.19 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.19.0rc1.tar.gz;>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.19.0rc1.WHATSNEW.txt;>the release notes for more info. + + diff --git a/posted_news/20230728-122519.4.19.0rc1.headline.html b/posted_news/20230728-122519.4.19.0rc1.headline.html new file mode 100644 index 000..aba6cda --- /dev/null +++ b/posted_news/20230728-122519.4.19.0rc1.headline.html @@ -0,0 +1,3 @@ + + 28 July 2023 Samba 4.19.0rc1 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-19-stable updated
The branch, v4-19-stable has been updated via 4f12024cafa VERSION: Disable GIT_SNAPSHOT for the Samba 4.19.0rc1 release. via 6943c1e3cde WHATSNEW: Up to Samba 4.19.0rc1. via 94f11c3c21b ldb: release 2.8.0 for use in Samba 4.19.x via 7920d2ff627 ctdb-tools: Improve printing of multi-line event script output via e3c0b72c340 ctdb-tools: Always print script output in event status via e36a4149d80 librpc/idl: Remove DCOM and WMI IDL via abc3d58e1cc dcom: Remove remainder of DCOM test client code via 959dc9068d1 librpc:crypto: SAFE_FREE() -> krb5_free_enctypes() via 05056775eae librpc:crypto: SAFE_FREE() -> krb5_free_string() via ec121eb831d auth:credentials: SAFE_FREE() -> krb5_free_string() via cd60e3fdef4 auth:credentials: SAFE_FREE() -> krb5_free_enctypes() via c5778a0fbdd krb5_wrap: add krb5_free_string() via 75139445c20 krb5_wrap: add krb5_free_enctypes() via 9338d1b17c4 smbd: move tevent_req_post() out of smbd_smb2_create_after_exec() via 20df26b9081 s3: smbd: Sanitize any "server" and "share" components of SMB1 DFS paths to remove UNIX separators. via 2aa9ffa2f0f s3: torture: Add test to show an SMB1 DFS path of "\x//\/" crashes smbd. via c2e83ebe726 mdssvc: fix returning file modification date for older Mac releases via 620ca1e68d0 mdssvc: fix date marshalling via 9dc66fecf7c mdssvc: prepare for returning timestamps with sub-seconds granularity via 724a0518c90 mdssvc: reduce pagesize to 50 via 7f5e4edf64f tests/mdssvc: match hits:total:value to be the actual amount of entries in hits via d8fa5c8e2a1 mdssvc: fix enforcement of "elasticsearch:max results" via 086c2602d07 mdssvc: add and use SL_PAGESIZE via 925fefae20e mdssvc: fix long running backend queries via 4149ef97e59 mdssvc: set query state for continued queries to SLQ_STATE_RUNNING via e86e0da9de6 WHATSNEW: Add TLS cert reload feature via a1b1f8ffd20 doc-xml: Add entry for reload-certs for new LDAP certificate reload function via 9facc2e1d85 docs-xml: Fix invalid XML in smbcontrol manpage via 4516fee9b52 testprogs/blackbox: add test_ldap_tls_reload.sh via 0c7cfb7a115 s4:ldap_server: reload tls certificates on smbcontrol reload-certs via 321162c9bfc s4:ldap_server: remember dns_host_name in ldap_service via cc4995d932d s4:ldap_server: don't store task_server in ldapsrv_service via 7804bf55ad0 s4:tls_tstream: create tstream_tls_params_internal via bed915d098e s3:smbcontrol: improve destination resolution using names db via 1472e4c9dbf s4:process_prefork: create new messaging context for the master process via 3af6ad6eea7 s4:process: add method called before entering the tevent_loop_wait via c8ee3d45252 s4:process_prefork: avoid memory leaks caused by messaging_post_self via dd998cc1633 s3:winbindd: Fix double close(fd) via 61c951e063e mdscli: correct handling of in-progress searches via 424af98c894 mdscli: increase MAX_SLQ_COUNT via b8e0f02f081 mdscli: increase MAX_SLQ_TOCIDX via 1149d497b35 mdssvc: increase MAX_SLQ_TOC via 68bb582bc51 mdssvc: introduce MAX_MDSCMD_SIZE via c2b4fe3fb7c mdscli: add fragmentation support via 27980c87c9b mdssvc: remove duplicate define of MAX_SL_FRAGMENT_SIZE via 566427c4f0e librpc/idl: mdssvc: unkn4 field is a fragment indicator via 5442c47dad2 libsmb: increase a debug level when site-aware DC lookup failed via 9bab902fc50 CVE-2023-3347: smbd: fix "server signing = mandatory" via 5a222ac3718 CVE-2023-3347: smbd: remove comment in smbd_smb2_request_process_negprot() via 59131d6c345 CVE-2023-3347: smbd: inline smb2_srv_init_signing() code in srv_init_signing() via 1662eeeb7a6 CVE-2023-3347: smbd: pass lp_ctx to smb[1|2]_srv_init_signing() via a9a2b182df7 CVE-2023-3347: CI: add a test for server-side mandatory signing via 578e434a941 CVE-2023-34968: mdssvc: return a fake share path via 94fcbec8af5 CVE-2023-34968: mdscli: return share relative paths via d402c0cc6ad CVE-2023-34968: mdssvc: introduce an allocating wrapper to sl_pack() via ac9008a20c8 CVE-2023-34968: mdssvc: switch to doing an early return via 33b82c6185b CVE-2023-34968: mdssvc: remove response blob allocation via 5c9efa9604d CVE-2023-34968: rpcclient: remove response blob allocation via 6d77daa3af0 CVE-2023-34968: smbtorture: remove response blob allocation in mdssvc.c via e85e09eee93 CVE-2023-34968: mdscli: remove response blob allocation via 617fe37cc2a CVE-2023-34968: mdscli: use correct TALLOC memory context when allocating spotlight_blob via 70184ef3b40 CVE-2023-34968: mdssvc: add missing "kMDSStoreMetaScopes" dict key in
[SCM] Samba Shared Repository - annotated tag samba-4.19.0rc1 created
The annotated tag, samba-4.19.0rc1 has been created at cb492436acd67d4cb1a1585502c530e4c8c45ed3 (tag) tagging 4f12024cafa0aa50325b390418407419a46423ac (commit) replaces ldb-2.8.0 tagged by Jule Anger on Fri Jul 28 14:15:26 2023 +0200 - Log - samba: tag release samba-4.19.0rc1 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmTDsV4ACgkQqplEL7aA tiCbgxAAjyxzMlqqOVtEjXB3K5NMX17E32O4FFoEfkXDuz8pnIFeOXpLJ2u2aURt JRHrBwctt0abwX7XOLQ/91Juhn1Nhd2DZ5nh21whboAz4UAo3ahAIYl+AXl2yIk1 UXwbzhgpDuBhIpQKD3IkvbqjPF4pi54iMU+81u5P4Vz6eeeVbHt81YK+VLBxQQIt gFHsAtZPYOcC6F0v23JsHeD135rUCWoJ7jnFAlL01ba2PONoG1wm1/hvZWFgr5CX NPs/BmeloDbgLMTkQNC0R6oDun7Wxr7vryh8DTFSgbhH0IlsaNTt/Mwd9ujSwIdy l0C8RYTpznqCBxzdRAJM8+E80d6JxIKJaKc4JXtQbGspv5mqIN6WI07KSWOLChKQ eq53c50gm3FVSTthpjng1wxHMqSpCQV8WPE/riGwalGOl1hXKjvvysIgGKuGF2l+ 3zrucSkvchIatTinQn9XCSJns1+EPI//g7BcrnXnRI9orWgwenNMV6EM4S52rMFw qoxiedtIzo8J+4gNf0HPLYXL7IfrB3BqVv3Bcoa93Mgzv1Tw0NXsCgws6QXBEt8j qR1tKac2xz0uQs/FXjbrzUEpYCPoWHoXvAkOiBd9ZNWr/1OycOCE6kWT2bg3xTyk uPNOFAN0R1RwdJ8pRIVJq/7nHljEGBSHUXyOBwYIN2N/hqz7l40= =NZg/ -END PGP SIGNATURE- Jule Anger (1): WHATSNEW: Up to Samba 4.19.0rc1. Stefan Metzmacher (1): VERSION: Disable GIT_SNAPSHOT for the Samba 4.19.0rc1 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-19-test updated
The branch, v4-19-test has been updated via 3bab56a7db6 VERSION: Bump version up to Samba 4.19.0rc2... via 4f12024cafa VERSION: Disable GIT_SNAPSHOT for the Samba 4.19.0rc1 release. via 6943c1e3cde WHATSNEW: Up to Samba 4.19.0rc1. via 94f11c3c21b ldb: release 2.8.0 for use in Samba 4.19.x via 7920d2ff627 ctdb-tools: Improve printing of multi-line event script output via e3c0b72c340 ctdb-tools: Always print script output in event status via e36a4149d80 librpc/idl: Remove DCOM and WMI IDL via abc3d58e1cc dcom: Remove remainder of DCOM test client code via 959dc9068d1 librpc:crypto: SAFE_FREE() -> krb5_free_enctypes() via 05056775eae librpc:crypto: SAFE_FREE() -> krb5_free_string() via ec121eb831d auth:credentials: SAFE_FREE() -> krb5_free_string() via cd60e3fdef4 auth:credentials: SAFE_FREE() -> krb5_free_enctypes() via c5778a0fbdd krb5_wrap: add krb5_free_string() via 75139445c20 krb5_wrap: add krb5_free_enctypes() via 9338d1b17c4 smbd: move tevent_req_post() out of smbd_smb2_create_after_exec() via 20df26b9081 s3: smbd: Sanitize any "server" and "share" components of SMB1 DFS paths to remove UNIX separators. via 2aa9ffa2f0f s3: torture: Add test to show an SMB1 DFS path of "\x//\/" crashes smbd. via c2e83ebe726 mdssvc: fix returning file modification date for older Mac releases via 620ca1e68d0 mdssvc: fix date marshalling via 9dc66fecf7c mdssvc: prepare for returning timestamps with sub-seconds granularity via 724a0518c90 mdssvc: reduce pagesize to 50 via 7f5e4edf64f tests/mdssvc: match hits:total:value to be the actual amount of entries in hits via d8fa5c8e2a1 mdssvc: fix enforcement of "elasticsearch:max results" via 086c2602d07 mdssvc: add and use SL_PAGESIZE via 925fefae20e mdssvc: fix long running backend queries via 4149ef97e59 mdssvc: set query state for continued queries to SLQ_STATE_RUNNING via e86e0da9de6 WHATSNEW: Add TLS cert reload feature via a1b1f8ffd20 doc-xml: Add entry for reload-certs for new LDAP certificate reload function via 9facc2e1d85 docs-xml: Fix invalid XML in smbcontrol manpage via 4516fee9b52 testprogs/blackbox: add test_ldap_tls_reload.sh via 0c7cfb7a115 s4:ldap_server: reload tls certificates on smbcontrol reload-certs via 321162c9bfc s4:ldap_server: remember dns_host_name in ldap_service via cc4995d932d s4:ldap_server: don't store task_server in ldapsrv_service via 7804bf55ad0 s4:tls_tstream: create tstream_tls_params_internal via bed915d098e s3:smbcontrol: improve destination resolution using names db via 1472e4c9dbf s4:process_prefork: create new messaging context for the master process via 3af6ad6eea7 s4:process: add method called before entering the tevent_loop_wait via c8ee3d45252 s4:process_prefork: avoid memory leaks caused by messaging_post_self via dd998cc1633 s3:winbindd: Fix double close(fd) via 61c951e063e mdscli: correct handling of in-progress searches via 424af98c894 mdscli: increase MAX_SLQ_COUNT via b8e0f02f081 mdscli: increase MAX_SLQ_TOCIDX via 1149d497b35 mdssvc: increase MAX_SLQ_TOC via 68bb582bc51 mdssvc: introduce MAX_MDSCMD_SIZE via c2b4fe3fb7c mdscli: add fragmentation support via 27980c87c9b mdssvc: remove duplicate define of MAX_SL_FRAGMENT_SIZE via 566427c4f0e librpc/idl: mdssvc: unkn4 field is a fragment indicator via 5442c47dad2 libsmb: increase a debug level when site-aware DC lookup failed via 9bab902fc50 CVE-2023-3347: smbd: fix "server signing = mandatory" via 5a222ac3718 CVE-2023-3347: smbd: remove comment in smbd_smb2_request_process_negprot() via 59131d6c345 CVE-2023-3347: smbd: inline smb2_srv_init_signing() code in srv_init_signing() via 1662eeeb7a6 CVE-2023-3347: smbd: pass lp_ctx to smb[1|2]_srv_init_signing() via a9a2b182df7 CVE-2023-3347: CI: add a test for server-side mandatory signing via 578e434a941 CVE-2023-34968: mdssvc: return a fake share path via 94fcbec8af5 CVE-2023-34968: mdscli: return share relative paths via d402c0cc6ad CVE-2023-34968: mdssvc: introduce an allocating wrapper to sl_pack() via ac9008a20c8 CVE-2023-34968: mdssvc: switch to doing an early return via 33b82c6185b CVE-2023-34968: mdssvc: remove response blob allocation via 5c9efa9604d CVE-2023-34968: rpcclient: remove response blob allocation via 6d77daa3af0 CVE-2023-34968: smbtorture: remove response blob allocation in mdssvc.c via e85e09eee93 CVE-2023-34968: mdscli: remove response blob allocation via 617fe37cc2a CVE-2023-34968: mdscli: use correct TALLOC memory context when allocating spotlight_blob via 70184ef3b40 CVE-2023-34968:
[SCM] Samba Shared Repository - annotated tag ldb-2.8.0 created
The annotated tag, ldb-2.8.0 has been created at 36364505dcb1edd614a732b93bd6479ac9958da6 (tag) tagging 94f11c3c21bc3b8a34d376ab99becd2c6260af62 (commit) replaces tevent-0.15.0 tagged by Stefan Metzmacher on Fri Jul 28 14:09:13 2023 +0200 - Log - ldb: tag release ldb-2.8.0 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmTDr+kACgkQR5ORYRMI QCWW3wf9HgIHhgkhNfjpcqYtnNUv7YayXZQl7Lw9ZTQzyLZHllfZeydSv67BdUoO XzuZeYLVSxBGQB6B/66MK5Rgpw36uKIGs3+MTGyQ0jvgI33OtujOnvHFHRK01YIB xEXgTdNeQRj7HgG5e5yHA+mhCFcb4aRjegy4abD3IyBmX2Z0V0bzdWI0JS+hSCwm 2uaoMoW3Y7kLSlH7hzavxWAUOuLqwZ2iRTliHaMYRo9FnZqyDXXIXtZnMYJ4wK0r 6OLymDZpX/l3akl2wUksA5P5kyV6b4WYMQAJNnDBZmmPjxw5l6cSPHSQlcFcdIFJ 3+86BARD/dd+TEJw8pLf8WoflOzXPA== =qtS9 -END PGP SIGNATURE- Andreas Schneider (19): s3:param: Rename bLoaded global variable s3:param: Fix code spelling s3:passdb: Fix code spelling s3:printing: Fix trailing white spaces in print_iprint.c s3:printing: Fix code spelling s3:printing: Rename variably to dummy to make codespell happy s3:registry: Fix code spelling s3:rpc_client: Fix code spelling s3:rpc_server: Fix code spelling s3:script: Fix code spelling s3:selftest: Fix code spelling s3:smbd: Fix trailing white spaces in dmapi.c s3:smbd: Fix trailing white spaces in quotas.c s3:smbd: Fix code spelling s3:torture: Fix code spelling s3:utils: Fix code spelling s3:winbindd: Fix code spelling s3:waf: Fix code spelling Revert "s3:winbindd: set TEVENT_DEPRECATED as tevent_thread_call_depth_*() api will change soon" Andrew Bartlett (21): WHATSNEW: Add text on PKINIT Certificate Revocation WHATSNEW: Include info on new samba-tool features WHATSNEW: PKINIT testing WHATSNEW: Expand detail on what of 2012, 2012R2 and 2016 support is implemented WHATSNEW: Mention Heimdal updates WHATSNEW: FAST support, Claims compression, SID compression WHATSNEW: mention KDC auditing WHATSNEW: Mention new unicodePwd only over encrypted LDAP restriction lib/fault: During smb_panic() print process comment and setprocname() title lib/cmdline: Return if the commandline was redacted in samba_cmdline_burn() python: Move PyList_AsStringList to common code so we can reuse python: Remove const from PyList_AsStringList() python: Add glue.burn_commandline() method samba-tool: Use samba.glue.get_burnt_cmdline rather than regex lib/cmdline: Also burn the --password2 parameter if given lib/cmdline: Also redact --newpassword in samba_cmdline_burn() docs-xml: Fix invalid XML in smbcontrol manpage doc-xml: Add entry for reload-certs for new LDAP certificate reload function WHATSNEW: Add TLS cert reload feature dcom: Remove remainder of DCOM test client code librpc/idl: Remove DCOM and WMI IDL Dmitry Antipov (1): s4:param: replace calls to deprecated Python methods Jeremy Allison (2): s3: torture: Add test to show an SMB1 DFS path of "\\x//\\/" crashes smbd. s3: smbd: Sanitize any "server" and "share" components of SMB1 DFS paths to remove UNIX separators. Joseph Sutton (1): claims.idl: Fix AD claims encoding Jule Anger (9): s4:process_prefork: avoid memory leaks caused by messaging_post_self s4:process: add method called before entering the tevent_loop_wait s4:process_prefork: create new messaging context for the master process s4:tls_tstream: create tstream_tls_params_internal s4:ldap_server: don't store task_server in ldapsrv_service s4:ldap_server: remember dns_host_name in ldap_service s4:ldap_server: reload tls certificates on smbcontrol reload-certs testprogs/blackbox: add test_ldap_tls_reload.sh ldb: release 2.8.0 for use in Samba 4.19.x Martin Schwenke (10): ctdb-utils: Drop unused scsi_io.c source file ctdb-doc: Correct bit-rotted documenation ctdb: Do not use egrep ctdb-recoverd: CID 1509028 - Use of 32-bit time_t (Y2K38_SAFETY) ctdb-scripts: Reformat with "shfmt -w -p -i 0 -fn" ctdb-scripts: Avoid ShellCheck warning SC2162 ctdb-scripts: Support script logging to stderr ctdb-tests: Log to stderr in statd-callout tests ctdb-tools: Always print script output in event status ctdb-tools: Improve printing of multi-line event script output Noel Power (1): python/samba: Adjust tarfile extraction filter Pavel Filipenský (13): s3:winbind: Add callback winbind_call_flow() s3:winbind: Update winbind to tevent 0.15.0 API s3:winbind: Set/unset the winbind_call_flow callback if log level changes s3:winbindd: Change the TALLOC_CTX to fix the tevent call depth tracking docs-xml:manpages: Fix tabs in samba-log-parser.1.xml s3:script: Replace --merge
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7319c7596ea ldb: change the version to 2.9.0 for Samba 4.20 via 1771ee694f4 WHATSNEW: Start release notes for Samba 4.20.0pre1. via c403201af33 VERSION: Bump version up to 4.20.0pre1... via 4f12024cafa VERSION: Disable GIT_SNAPSHOT for the Samba 4.19.0rc1 release. via 6943c1e3cde WHATSNEW: Up to Samba 4.19.0rc1. via 94f11c3c21b ldb: release 2.8.0 for use in Samba 4.19.x via 7920d2ff627 ctdb-tools: Improve printing of multi-line event script output via e3c0b72c340 ctdb-tools: Always print script output in event status via e36a4149d80 librpc/idl: Remove DCOM and WMI IDL via abc3d58e1cc dcom: Remove remainder of DCOM test client code via 959dc9068d1 librpc:crypto: SAFE_FREE() -> krb5_free_enctypes() via 05056775eae librpc:crypto: SAFE_FREE() -> krb5_free_string() via ec121eb831d auth:credentials: SAFE_FREE() -> krb5_free_string() via cd60e3fdef4 auth:credentials: SAFE_FREE() -> krb5_free_enctypes() via c5778a0fbdd krb5_wrap: add krb5_free_string() via 75139445c20 krb5_wrap: add krb5_free_enctypes() via 9338d1b17c4 smbd: move tevent_req_post() out of smbd_smb2_create_after_exec() from 20df26b9081 s3: smbd: Sanitize any "server" and "share" components of SMB1 DFS paths to remove UNIX separators. https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7319c7596ea93b06c0c8e7b0926ebdbf08851d11 Author: Jule Anger Date: Tue Jul 25 15:56:59 2023 +0200 ldb: change the version to 2.9.0 for Samba 4.20 Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Fri Jul 28 11:49:02 UTC 2023 on atb-devel-224 commit 1771ee694f47db03d24712e75ded55244ffe2418 Author: Stefan Metzmacher Date: Fri Jul 28 11:52:19 2023 +0200 WHATSNEW: Start release notes for Samba 4.20.0pre1. Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher commit c403201af33bc7b5510e2249e1c395a869ed3949 Author: Stefan Metzmacher Date: Fri Jul 28 11:53:50 2023 +0200 VERSION: Bump version up to 4.20.0pre1... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher commit 4f12024cafa0aa50325b390418407419a46423ac Author: Stefan Metzmacher Date: Fri Jul 28 11:49:28 2023 +0200 VERSION: Disable GIT_SNAPSHOT for the Samba 4.19.0rc1 release. Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher commit 6943c1e3cde5359f5c2ebdf90e8985bf97a40ea5 Author: Jule Anger Date: Tue Jul 25 15:59:19 2023 +0200 WHATSNEW: Up to Samba 4.19.0rc1. Signed-off-by: Jule Anger commit 94f11c3c21bc3b8a34d376ab99becd2c6260af62 Author: Jule Anger Date: Tue Jul 18 10:48:57 2023 +0200 ldb: release 2.8.0 for use in Samba 4.19.x * CVE-2023-0614 Not-secret but access controlled LDAP attributes can be discovered (bug 15270) * pyldb: Raise an exception if ldb_dn_get_parent() fails * Implement ldap_whoami in pyldb and add the RFC4532 LDB_EXTENDED_WHOAMI_OID definition * Documentation and spelling fixes * Add ldb_val -> bool,uint64,int64 parsing functions * Split out ldb_val_as_dn() helper function * add LDB_CHANGETYPE_MODRDN support to ldb_ldif_to_pyobject() * add LDB_CHANGETYPE_DELETE support to ldb_ldif_to_pyobject() * let ldb_ldif_parse_modrdn() handle names without 'rdn_name=' prefix * Don't create error string if there is no error * Avoid allocation and memcpy() for every wildcard match candidate * Make ldb_msg_remove_attr O(n) * pyldb: Throw error on invalid controls * pyldb: remove py2 ifdefs * Call tevent_set_max_debug_level(TEVENT_DEBUG_TRACE) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher commit 7920d2ff627c6ef252e59b428236919ed0abb6ba Author: Martin Schwenke Date: Wed Jul 12 10:39:06 2023 +1000 ctdb-tools: Improve printing of multi-line event script output Multi-line output currently prints like this: OUTPUT: aaa bbb ccc This is less beautiful than it could be. Instead, print multi-line output with no inlining and each line indented: OUTPUT: aaa bbb ccc However, continue to inline single line output: OUTPUT: foo Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs commit e3c0b72c340f86b1d6e4fd009d1082c7e477fd04 Author: Martin Schwenke Date: Wed Jul 12 10:39:06 2023 +1000 ctdb-tools: Always print script output in event status When event scripts succeed they generally produce no output. However, when a script succeeds and produces output, such output almost certainly