The annotated tag, samba-4.18.9 has been created
        at  eeed84fa101a4f76d1c5b81fba82c2c403b86a87 (tag)
   tagging  2669b77d97b55542b6f2bc80c72cf699399e8ec8 (commit)
  replaces  samba-4.18.8
 tagged by  Jule Anger
        on  Wed Nov 29 15:35:36 2023 +0100

- Log -----------------------------------------------------------------
samba: tag release samba-4.18.9
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmVnTDgACgkQqplEL7aA
tiDoHw//S4LC3VJpCXVANwoGxSWUD4h64QuTgMvBD1pxgAELLCkpS9SHxNY7SYa4
YUPCV3vWsbOvRk/ud1Zp1fuDGh4QRLx3cvG917A77iRkaGjlA7XzwhoCofi+4Hcb
7II26N+3aN7bI9c3kfmYW351EalT5Xg8vHDqEFODRjURZCW1SEF2Zah0HiMiJU/X
7DjesbQLQRgOKWs7VaWkbKDiFvLxoyhY8RqFtlMSYjZPk9qvYwJDTEXkUqvl3tp7
oI2ufB1Xi3w81ruwIv9GH0OpaDyiOTi5ivAcZ3NKKjMXbkYVU/gfQULEu5aTdSzJ
TKQtiqmkYmh6y5aBjPZedqIkdrVr3pbDBV80/JrgQPBJRQT1JZRT1Bn9ShPsL8D+
ALyx5V+Rnu7TTMaMrwOse5mefoVvszV/RY5EjBRn4hWhrKnQvkflcnn01LLy8HAn
+Tiyfxdx35EsYy7Rh15VwT1xwMHuRnY26SwtBex9e6c9NNDeZGOnzJAkRjSGnoBF
vJ9bzV9DilJEySfsWr7JABXKTCqvtpA6hC78j6jc9aNCZCUmEe0nHYiBjfD4P0mo
WBHICKQYcb/FkVX4N537hjRTkjLdfsZud3dh1erc8HeHUp06otvV2H8SQ//dIJD0
FrEW0Pb2R6EZS7QePWWEt9XoD5ZP2zY8JdunWtcajQYYfjIphAE=
=iIT/
-----END PGP SIGNATURE-----

Andreas Schneider (1):
      CVE-2023-4154 s4:dsdb:tests: Fix code spelling

Andrew Bartlett (13):
      CVE-2023-4154 dsdb: Remove remaining references to DC_MODE_RETURN_NONE 
and DC_MODE_RETURN_ALL
      CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice
      CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force()
      CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential 
at the start
      CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible 
with DirSync ever.
      CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive 
matches once
      CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE 
behaviour
      CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests
      CVE-2023-4154: Unimplement the original DirSync behaviour without 
LDAP_DIRSYNC_OBJECT_SECURITY
      CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default
      CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD 
DC
      CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in 
conflict with AD DC
      CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup

Björn Jacke (1):
      system.c: fall back to become_root if CAP_DAC_OVERRIDE isn't usable

Christof Schmitt (17):
      build: Add 'make printversion' to provide version string
      vfs_gpfs: Use O_PATH for opening dirfd for stat with CAP_DAC_OVERRIDE
      vfs_gpfs: Move fstatat with DAC_CAP_OVERRIDE to helper function
      vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstat
      vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstatat
      nfs4_acls: Implement fstat with DAC_CAP_OVERRIDE
      vfs_gpfs: Move fstatat_with_cap_dac_override to nfs4_acls.c
      vfs_gpfs: Move stat_with_capability to nfs4_acls.c and rename function
      vfs_gpfs: Move vfs_gpfs_stat to nfs4_acls.c and rename function
      vfs_gpfs: Move vfs_gpfs_fstat to nfs4_acls.c and rename function
      vfs_gpfs: Move vfs_gpfs_lstat to nfs4_acls.c and rename function
      vfs_gpfs: Move vfs_gpfs_fstatat to nfs4_acls.c and rename function
      nfs4_acls: Make fstatat_with_cap_dac_override static
      nfs4_acls: Make stat_with_cap_dac_override static
      nfs4_acls: Make fstat_with_cap_dac_override static
      vfs_aixacl2: Call stat DAC_CAP_OVERRIDE functions
      vfs_zfsacl: Call stat CAP_DAC_OVERRIDE functions

Jeremy Allison (3):
      CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit 
socket_dir.
      CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow 
bad pipenames with unix separators through to the UNIX domain socket code.
      CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad 
pipenames.

Joseph Sutton (2):
      CVE-2023-4154 s4:dsdb:tests: Refactor confidential attributes test
      CVE-2023-4154 s4-dsdb: Remove DSDB_ACL_CHECKS_DIRSYNC_FLAG

Jule Anger (6):
      VERSION: Bump version up to Samba 4.18.8...
      Merge tag 'samba-4.18.8' into v4-18-stable
      Merge branch 'v4-18-stable' into v4-18-test
      VERSION: Bump version up to Samba 4.18.9...
      WHATSNEW: Add release notes for Samba 4.18.9.
      VERSION: Disable GIT_SNAPSHOT for the 4.18.9 release.

Martin Schwenke (1):
      ctdb-daemon: Call setproctitle_init()

Michael Adam (1):
      gitignore: add WAF lockfile

Ralph Boehme (4):
      CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file
      CVE-2023-4091: smbd: use open_access_mask for access check in open_file()
      s3: smbd: Ignore fstat() error on deleted stream in fd_close().
      smbd: fix close order of base_fsp and stream_fsp in 
smb_fname_fsp_destructor()

Stefan Metzmacher (13):
      CVE-2023-4154 python:sd_utils: introduce update_aces_in_dacl() helper
      CVE-2023-4154 python:sd_utils: add dacl_{prepend,append,delete}_aces() 
helpers
      CVE-2023-4154 py_security: allow idx argument to descriptor.[s|d]acl_add()
      CVE-2023-4154 python/samba/ndr: add ndr_deepcopy() helper
      CVE-2023-4154 replace: add ARRAY_INSERT_ELEMENT() helper
      CVE-2023-4154 libcli/security: prepare security_descriptor_acl_add() to 
place the ace at a position
      CVE-2023-4154 libcli/security: add security_descriptor_[s|d]acl_insert() 
helpers
      CVE-2018-14628: python:descriptor: add get_deletedobjects_descriptor()
      CVE-2018-14628: python:provision: make DELETEDOBJECTS_DESCRIPTOR 
available in the ldif files
      CVE-2018-14628: s4:setup: set the correct nTSecurityDescriptor on the 
CN=Deleted Objects container
      CVE-2018-14628: s4:dsdb: remove unused code in dirsync_filter_entry()
      CVE-2018-14628: dbchecker: use get_deletedobjects_descriptor for missing 
deleted objects container
      CVE-2018-14628: python:descriptor: let samba-tool dbcheck fix the 
nTSecurityDescriptor on CN=Deleted Objects containers

-----------------------------------------------------------------------


-- 
Samba Shared Repository

Reply via email to