[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  fd69161 VERSION: Disable git snapshots for the 4.1.23 release.
   via  8b05063 WHATSNEW: Add release notes for Samba 4.0.23.
   via  f548984 CVE-2016-0771: tests/dns: Remove dependencies on env 
variables
   via  600af99 CVE-2016-0771: tests/dns: change samba.tests.dns from being 
a unittest
   via  feadfc4 CVE-2016-0771: tests: rename test getopt to get_opt
   via  c7598f1 CVE-2016-0771: tests/dns: RPC => DNS roundtrip test
   via  74fc257 CVE-2016-0771: dnsserver: don't force UTF-8 for TXT
   via  1a97ee3 CVE-2016-0771: tests/dns: modify tests to check via RPC
   via  006551d CVE-2016-0771: tests/dns: Add some more test cases for TXT 
records
   via  6395b6c CVE-2016-0771: tests/dns: Correct error code for formerly 
unrun test
   via  83d94cb CVE-2016-0771: tests/dns: restore formerly segfaulting test
   via  a76db39 CVE-2016-0771: tests/dns: Add a comment regarding odd 
Windows behaviour
   via  a03e3fa CVE-2016-0771: tests/dns: prepare script for further testing
   via  ede159b CVE-2016-0771: tests/dns: Modify dns tests to match new IDL
   via  24c5af7 CVE-2016-0771: dns.idl: make use of dnsp_hinfo
   via  79f2cf1 CVE-2016-0771: s4:dns_server: fix idl for dns_txt_record
   via  4c40108 CVE-2016-0771: librpc: add ndr_dnsp_string_list_copy() 
helper function
   via  b003b71 CVE-2016-0771: librpc: add RPC_NDR_DNSSERVER to 
dcerpc-samba library
   via  757e25a CVE-2016-0771: s4:librpc: python_dns and python_dcerpc_dnsp 
doesn't require client bindings
   via  5b5fcbf CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA test.
   via  2a7b77b CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL test.
   via  72f4892 CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX 
cli_posix_setacl() functions. Needed for tests.
   via  09514d7 CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX() 
functions to cli_posix_getacl() as they operate on pathnames.
   via  e1825c8 CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink.
   via  63a27a3 CVE-2015-7560: s3: smbd: Silently return no EA's available 
on a symlink.
   via  39aaef0 CVE-2015-7560: s3: smbd: Set return values early, allows 
removal of code duplication.
   via  e387562 CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a 
symlink.
   via  c4fade4 CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a 
symlink.
   via  9e6620b CVE-2015-7560: s3: smbd: Refuse to set an ACL from a POSIX 
file handle on a symlink.
   via  7f893ff CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX 
file handle on a symlink.
   via  24f3cb0 CVE-2015-7560: s3: smbd: Add refuse_symlink() function that 
can be used to prevent operations on a symlink.
   via  eba93d6 VERSION: Bump version up to 4.1.23...
  from  cd89c83 VERSION: Disable git snapshots for the 4.1.22 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable


- Log -
commit fd69161868b5aa4d644488cc4e8069ba40266576
Author: Karolin Seeger 
Date:   Wed Feb 24 12:19:51 2016 +0100

VERSION: Disable git snapshots for the 4.1.23 release.

Signed-off-by: Karolin Seeger 

commit 8b0506340901b22a0b2647b0ad7ed15bd4427cdc
Author: Karolin Seeger 
Date:   Wed Feb 24 12:18:19 2016 +0100

WHATSNEW: Add release notes for Samba 4.0.23.

CVE-2015-7560 Getting and setting Windows ACLs on symlinks can change
permissions on link target.
CVE-2016-0771: Read of uninitialized memory DNS TXT handling

Signed-off-by: Karolin Seeger 

commit f548984208aba1fa7237c3b4b072cd9dfbd950b3
Author: Garming Sam 
Date:   Fri Jan 29 17:28:54 2016 +1300

CVE-2016-0771: tests/dns: Remove dependencies on env variables

Now that it is invoked as a normal script, there should be less of them.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Garming Sam 
Reviewed-by: Stefan Metzmacher 
Reviewed-by: Andrew Bartlett 

commit 600af999a418d605705c00708cd9f744fc533a33
Author: Garming Sam 
Date:   Fri Jan 29 17:03:56 2016 +1300

CVE-2016-0771: tests/dns: change samba.tests.dns from being a unittest

This makes it easier to invoke, particularly against Windows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Garming Sam 
Reviewed-by: Stefan Metzmacher 
Reviewed-by: Andrew Bartlett 

commit feadfc41a1f1223d59c8c0e9427d6a8bdb9a5e94
Author: Garming Sam 
Date:   Fri Jan 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  cd89c83 VERSION: Disable git snapshots for the 4.1.22 release.
   via  219533c WHATSNEW: Add release notes for Samba 4.1.22.
   via  bf13cbd CVE-2015-8467: samdb: Match MS15-096 behaviour for 
userAccountControl
   via  c634a14 CVE-2015-5296: libcli/smb: make sure we require signing 
when we demand encryption on a session
   via  4c3a492 CVE-2015-5296: s3:libsmb: force signing when requiring 
encryption in SMBC_server_internal()
   via  d9e943e CVE-2015-5296: s3:libsmb: force signing when requiring 
encryption in do_connect()
   via  fa8 CVE-2015-5299: s3-shadow-copy2: fix missing access check on 
snapdir
   via  f0cb216 CVE-2015-5252: s3: smbd: Fix symlink verification (file 
access outside the share).
   via  9d989c9 CVE-2015-7540: lib: util: Check *every* asn1 return call 
and early return.
   via  530d50a CVE-2015-7540: s4: libcli: ldap message - Ensure all 
asn1_XX returns are checked.
   via  582d0e7 ldb: bump version of the required system ldb to 1.1.24
   via  83f1d39 CVE-2015-5330: ldb_dn_explode: copy strings by length, not 
terminators
   via  f07626d CVE-2015-5330: next_codepoint_handle_ext: don't 
short-circuit UTF16 low bytes
   via  a561ae6 CVE-2015-5330: strupper_talloc_n_handle(): properly count 
characters
   via  5f3c754 CVE-2015-5330: Fix handling of unicode near string endings
   via  7bcac23 CVE-2015-5330: ldb_dn_escape_value: use known string 
length, not strlen()
   via  1aef718 CVE-2015-5330: ldb_dn: simplify and fix 
ldb_dn_escape_internal()
   via  bb1b783 CVE-2015-3223: lib: ldb: Use memmem binary search, not 
strstr text search.
   via  fb45695 CVE-2015-3223: lib: ldb: Cope with canonicalise_fn 
returning string "", length 0.
   via  776eb21 VERSION: Bump version up to 4.1.22...
  from  6397681 VERSION: Disable git snapshots for the 4.1.21 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable


- Log -
commit cd89c8372cbc5868f23094a9b7481be21a89a7e9
Author: Karolin Seeger 
Date:   Thu Dec 10 12:45:56 2015 +0100

VERSION: Disable git snapshots for the 4.1.22 release.

Signed-off-by: Karolin Seeger 

commit 219533c28f8d15465b0faea4624a640255b71801
Author: Karolin Seeger 
Date:   Thu Dec 10 12:09:38 2015 +0100

WHATSNEW: Add release notes for Samba 4.1.22.

This is a security to address CVE-2015-7540, CVE-2015-3223,
CVE-2015-5252, CVE-2015-5299, CVE-2015-5296, CVE-2015-8467,
CVE-2015-5330.

Signed-off-by: Karolin Seeger 

commit bf13cbd3f33c31483b172fc094b0e5946e899bc4
Author: Andrew Bartlett 
Date:   Wed Nov 18 17:36:21 2015 +1300

CVE-2015-8467: samdb: Match MS15-096 behaviour for userAccountControl

Swapping between account types is now restricted

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11552

Signed-off-by: Andrew Bartlett 
Reviewed-by: Jeremy Allison 
Reviewed-by: Ralph Boehme 

commit c634a143a876bd5a724d830c54fe12ef6d68d5fd
Author: Stefan Metzmacher 
Date:   Wed Sep 30 21:23:25 2015 +0200

CVE-2015-5296: libcli/smb: make sure we require signing when we demand 
encryption on a session

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Jeremy Allison 

commit 4c3a492259ceefe3d02df690d4369291627883a2
Author: Stefan Metzmacher 
Date:   Wed Sep 30 21:17:02 2015 +0200

CVE-2015-5296: s3:libsmb: force signing when requiring encryption in 
SMBC_server_internal()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Jeremy Allison 

commit d9e943e351a752ba627314da7fb8d2f6f1eb44b3
Author: Stefan Metzmacher 
Date:   Wed Sep 30 21:17:02 2015 +0200

CVE-2015-5296: s3:libsmb: force signing when requiring encryption in 
do_connect()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Jeremy Allison 

commit fa86d75272e3190dcbd32eeff9b3e4f03bde
Author: Jeremy Allison 
Date:   Fri Oct 23 14:54:31 2015 -0700

CVE-2015-5299: s3-shadow-copy2: fix missing access check on snapdir

Fix originally from 

https://bugzilla.samba.org/show_bug.cgi?id=11529

Signed-off-by: Jeremy Allison 
Reviewed-by: David Disseldorp 

commit f0cb216f6385460d4d3c728257b26a95c5d1
Author: Jeremy Allison 
Date:   Thu Jul 9 10:58:11 2015 -0700

CVE-2015-5252: s3: smbd: Fix symlink 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  6397681 VERSION: Disable git snapshots for the 4.1.21 release.
   via  821493c WHATSNEW: Add release notes for Samba 4.1.21.
   via  18e3eba samr4: Use 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  74be972 VERSION: Disable git snapshots for the 4.1.20 release.
   via  ec3ff76 WHATSNEW: Add release notes for Samba 4.1.20.
   via  487c3b3 s3: winbindd: Fix TALLOC_FREE of uninitialized groups 
variable.
   via  711131e s3-util: Compare the maximum allowed length of a NetBIOS 
name
   via  0c640d0 s3-net: use talloc array in share allowedusers
   via  49e39b0 s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup.
   via  516f518 lib: replace: Add strsep function (missing on Solaris).
   via  e889ea3 s3-auth: Fix a possible null pointer dereference
   via  28ee83d s3-smbd: Leave sys_disk_free() if dfree command is used
   via  d7d60d8 s3-smbd: reset protocol in smbXsrv_connection_init_tables 
failure paths.
   via  7127c60 s3:libsmb: Fix a bug in conversion of ea list to ea array.
   via  5f029fc smbd:trans2: treat new SMB_SIGNING_DESIRED in case
   via  a55bed3 docs:smb.conf: explain effect of new setting 'desired' of 
smb encrypt
   via  aae0423 smbd:smb2: use encryption_desired in send_break
   via  57c879a smbd:smb2: only enable encryption in tcon if desired
   via  2cad86c smbd:smb2: only enable encryption in session if desired
   via  3ed2fbe smbd:smb2: separate between encryption required and enc 
desired
   via  2c19c6f smbXsrv: add bools encryption_desired to session and tcon
   via  b615fb6 Introduce setting "desired" for 'smb encrypt' and 
'client/server signing'
   via  0b97972 smbd: Make SMB3 clients use encryption with "smb encrypt = 
auto"
   via  15b323d s4:selftest: also run rpc.winreg with kerberos and all 
possible auth options
   via  d8df89f s4:selftest: run rpc.echo tests also with krb5 krb5,sign 
krb5,seal
   via  6d6799a s4:rpc_server: fix padding caclucation in 
dcesrv_auth_response()
   via  62966eb s4:rpc_server: let dcesrv_auth_response() handle sig_size 
== 0 with auth_info as error
   via  496d7f9 s4:rpc_server: let dcesrv_reply() use a sig_size for a 
padded payload
   via  e22adb8 s4:rpc_server: let dcesrv_reply() use 
DCERPC_AUTH_PAD_ALIGNMENT define
   via  e661c30 s4:librpc/rpc: fix padding caclucation in 
ncacn_push_request_sign()
   via  3336fb7 s4:librpc/rpc: let ncacn_push_request_sign() handle 
sig_size == 0 with auth_info as internal error
   via  18342a7 s4:librpc/rpc: let dcerpc_ship_next_request() use a 
sig_size for a padded payload
   via  ad94101 s4:librpc/rpc: let dcerpc_ship_next_request() use 
DCERPC_AUTH_PAD_ALIGNMENT define
   via  9ab5872 s3:rpc_server: remove pad handling from 
api_pipe_alter_context()
   via  c17dd15 s3:librpc/rpc: fix padding calculation in 
dcerpc_guess_sizes()
   via  843c953 s3:librpc/rpc: allow up to DCERPC_AUTH_PAD_ALIGNMENT 
padding bytes in dcerpc_add_auth_footer()
   via  213b98b librpc/rpc: add DCERPC_AUTH_PAD_LENGTH(stub_length) helper 
macro
   via  c0432c2 dcerpc.idl: add DCERPC_AUTH_PAD_ALIGNMENT (=16)
   via  5570954 auth/gensec: make sure gensec_start_mech_by_authtype() 
resets SIGN/SEAL before starting
   via  54b9c1c auth/gensec: gensec_[un]seal_packet() should only work with 
GENSEC_FEATURE_DCE_STYLE
   via  b6a59bb winbindd: winbindd_raw_kerberos_login - ensure logon_info 
exists in PAC.
   via  7e05f60 kerberos auth info3 should contain resource group ids 
available from pac_logon
   via  8ddab98 s3: auth: Fix winbindd_pam_auth_pac_send() to create a new 
info3 and merge in resource groups from a trusted PAC.
   via  4bdfb15 s3: auth: Change auth3_generate_session_info_pac() to use a 
copy of the info3 struct from the struct PAC_LOGON_INFO.
   via  02bda07 s3: auth: Add create_info3_from_pac_logon_info() to create 
a new info3 and merge resource group SIDs into it.
   via  a3d6a15 s3: auth: Change make_server_info_info3() to take a const 
struct netr_SamInfo3 pointer instead of a struct PAC_LOGON_INFO.
   via  2ff1428 s3: auth: Add some const to the struct netr_SamInfo3 * 
arguments of copy_netr_SamInfo3() and make_server_info_info3()
   via  7434e77 docs: overhaul the description of "smb encrypt" to include 
SMB3 encryption.
   via  972a97b docs: Change smb encrypt default in docs to match s3 and 
lib/param
   via  290c1ae s3: smbd: Codenomicon crash in do_smb_load_module().
   via  81dde5e s3:winbindd: make sure we pass a valid server to 
rpccli_netlogon_sam_network_logon*()
   via  e700e9d s3: smbd: Use separate flag to track 
become_root()/unbecome_root() state.
   via  af4617a s3:param/loadparm fix testparm --show-all-parameters
   via  9a67af3 VERSION: Bump version up to 4.1.20...
  from  f14dcca VERSION: Disable git snapshots for the 4.1.19 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable


- Log -
---

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  f14dcca VERSION: Disable git snapshots for the 4.1.19 release.
   via  45bd969 WHATSNEW: Add release notes for Samba 4.1.19.
   via  43e2626 s3: libsmbclient: Re-resolving targetcli on every 
read/write/lseek/ftruncate/close is both incorrect and slow.
   via  f8c27d1 nsswitch: Extend idmap_rfc2307 testcase for reverse lookup
   via  2070fa2 idmap_rfc2307: Fix wbinfo --gid-to-sid query
   via  1da224b s4.2/fsmo.py: fixed fsmo transfer exception
   via  3e5744d s3: IPv6 enabled DNS connections for ADS client
   via  a6d7aa5 Add IPv6 support for determining FQDN during ADS join.
   via  ccf557c Add IPv6 support to ADS client side LDAP connects. 
Corrected format for IPv6 LDAP URI.
   via  34cffdb s4:torture:smb2:compound: compound read and padding
   via  9ba2dce s3:smb2: add padding to last command in compound requests
   via  db28391 s3: smbcacls: Ensure we read a hex number as %x, not %u.
   via  995bef1 s4: libcli/finddcs_cldap: continue processing CLDAP until 
all addresses are used
   via  67fbd6d s3:winbindd: make sure we remove pending io requests before 
closing client sockets
   via  d8626e9 s4:lib/tls: fix build with gnutls 3.4
   via  13d1bdd libads: record service ticket endtime for sealed ldap 
connections
   via  0372b33 s3: smbd: VFS: fake_acl module called 
get_full_smb_filename() with a stream path, then used the result to call XATTR 
functions directly.
   via  8ac582e s3: smbd: VFS: For all EA and ACL calls use 
synthetic_smb_fname(), not synthetic_smb_fname_split().
   via  178db7c s3: smbd: VFS: All the places that are currently calling 
vfs_stat_smb_fname() and vfs_lstat_smb_fname() should be calling 
vfs_stat_smb_basename().
   via  bb22fea s3: smbd: VFS: Add vfs_stat_smb_basename() - to be called 
when we *know* stream name parsing has already been done.
   via  18536b8 vfs_gpfs: move failure label before END_PROFILE
   via  007a5fd vfp_gpfs: ensure END_PROFILE is always called
   via  3db0ad9 s3:selftest: run smb2.notify with --signing=required
   via  1b2cf28 s3:smb2_sesssetup: remove unused smbd_smb2_session_setup_* 
destructors
   via  3af2142 s3:smb2_sesssetup: add 
smbd_smb2_session_setup_wrap_send/recv()
   via  f28cbf0 s3:smb2_sesssetup: always assign smb2req-session when a 
session was created.
   via  bd03b6a s3:smb2_sesssetup: let smbd_smb2_logoff_* use 
smbXsrv_session_shutdown_*
   via  6d611c6 s3:smbXsrv_session: cancel pending requests when we logoff 
a previous session
   via  75b9a6f s3:smbXsrv_session: add smb2srv_session_shutdown_send/recv 
helper functions
   via  749e6fd s3:smbXsrv_session: clear smb2req-session of pending 
requests in smbXsrv_session_logoff_all_callback()
   via  21fd82d s3:smbXsrv_session: clear smb2req-session of pending 
requests in smbXsrv_session_destructor()
   via  5e47040 s4:torture/smb2: add smb2.notify.session-reconnect test
   via  dcea20f s4:torture/smb2: add smb2.notify.invalid-reauth test
   via  712d9e5 s4:torture/smb2: add smb2.notify.close test
   via  bc0966d s4:torture/smb2: verify STATUS_NOTIFY_CLEANUP return value
   via  6caba46 s3:smbd: use STATUS_NOTIFY_CLEANUP on smb2 logoff (explicit 
and implicit) and tdis
   via  2284593 s3:smbd: use STATUS_NOTIFY_CLEANUP when closing a smb2 
directory handle
   via  f362fc9 s3:smbd: add a smbd_notify_cancel_by_map() helper function
   via  33e1a4f smbd:smb2: fix error code when the header says the request 
is signed but we don't have a sesseion
   via  f687a77 s3:smb2_server: don't rely on the SMB2_HDR_FLAG_SIGNED if 
signing is required
   via  87b7535 VERSION: Bump version up to 4.1.19...
  from  1a121d1 WHATSNEW: Add release notes for Samba 4.1.18.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable


- Log -
---

Summary of changes:
 VERSION  |   2 +-
 WHATSNEW.txt |  85 -
 lib/addns/dns.h  |   2 +-
 lib/addns/dnssock.c  | 125 +-
 nsswitch/tests/test_idmap_rfc2307.sh |  72 +++-
 python/samba/netcmd/fsmo.py  |   1 -
 selftest/knownfail   |   1 -
 source3/include/libsmb_internal.h|   5 +
 source3/lib/util.c   |  52 +++---
 source3/libads/ldap.c|   8 +-
 source3/libads/sasl.c|  23 +++
 source3/libsmb/libsmb_file.c | 202 ++
 source3/modules/nfs4_acls.c  |   4 +-
 source3/modules/non_posix_acls.c |   2 +-
 source3/modules/vfs_acl_common.c |  19 ++-
 source3/modules/vfs_acl_tdb.c|  16 +-
 source3/modules/vfs_fake_acls.c  |  22 ++-
 source3/modules/vfs_gpfs.c   |   9 +-
 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  1a121d1 WHATSNEW: Add release notes for Samba 4.1.18.
   via  a9ca30c s3: nmbd: Don't set work_changed = True inside 
update_server_ttl().
   via  91e7c41 s3: nmbd: Ensure we only set work_changed = true if we 
modify the record.
   via  bbde543 vfs: kernel_flock and named streams
   via  050f831 s3: smbd: Incorrect file size returned in the response of 
FILE_SUPERSEDE Create
   via  c850922 s4: rpc: Refactor dcesrv_alter() function into setup and 
send steps.
   via  f8ef498 Add DCERPC flag to call unbind hooks without destroying the 
connection itself upon termination of a connection with outstanding pending 
calls.
   via  8b78cc3 s4:rpc_server: Add multiplex state to dcerpc flags and 
control over multiplex PFC flag in bind_ack and and dcesrv_alter replies
   via  2e0df25 Make sure we initialize conn to NULL, because a routine we 
call may give an error and not touch conn, and then we get an error when trying 
to TALLOC_FREE it.
   via  08dd42c s3:smbd: update comment to correctly reflect MS-SMB2
   via  bfde0f0 s3:smbd: missing tevent_req_nterror
   via  9329307 spoolss: purge the printer name cache on name change
   via  1cd5d85 s3: libsmbclient: After getting attribute server, ensure 
main srv pointer is still valid.
   via  05284b8 s3: Fix fsctl_validate_neg_info to pass MS compliance suite.
   via  8628ae2 s3: Refactor smbd_smb2_request_process_negprot
   via  fc4bdf5 s3-passdb: Fix 'force user' with winbind default domain
   via  c2ea207 s4-process_model: Do not close random fds while forking.
   via  ef714b3 s3: libsmbclient: Add missing talloc stackframe.
   via  58deb20 s4:auth/gensec_gssapi: let gensec_gssapi_update() return 
NT_STATUS_LOGON_FAILURE for unknown errors
   via  af95423 s3: client - client use spnego principal = yes code 
checks wrong name.
   via  2f46746 docs: Mark 'client use spnego principal' as deprecated and 
also a bad idea.
   via  c9a9483 s3:winbind:grent: don't stop group enumeration when a group 
has no gid
   via  f5e3b94 s3: lib: libsmbclient: If reusing a server struct, check 
every cli-timout miliseconds if it's still valid before use.
   via  b417ef0 s3: libcli: smb1: Ensure we correctly finish a tevent req 
if the writev fails in the SMB1 case.
   via  9e395c9 s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't 
set, cope with servers that don't send the 2 unused fields.
   via  2355e2d s4: lib: auth: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, 
cope with servers that don't send the 2 unused fields.
   via  f9fd1dc docs/idmap_rid: remove deprecated base_rid from example
   via  f244eaa talloc: version 2.1.2
   via  75d7179 talloc: fix _talloc_total_limit_size prototype
   via  763a569 lib: talloc: Test suite for the new destructor reparent 
logic.
   via  f635357 lib: talloc: Allow destructors to reparent the object 
they're called on.
   via  2a4ca9d lib: talloc: Fix bug when calling a destructor.
   via  1c2f26b talloc:build: improve detection of srcdir
   via  2a59ff1 talloc: version 2.1.1
   via  38aeda4 talloc/tests: avoid some unused variable warnings
   via  21e38ad talloc: fix compiler warning
   via  43049ba talloc: check for TALLOC_GET_TYPE_ABORT_NOOP
   via  32035b0 talloc: avoid a function call in TALLOC_FREE() if possible.
   via  19a86f6 talloc: inline talloc_get_name()
   via  7e2707e talloc: inline more static functions
   via  b77c479 talloc: Tune talloc_vasprintf
   via  7af07a5 talloc: Update flags in pytalloc-util pkgconfig file
   via  4992a53 Add a basic guide on pytalloc.
   via  88c9bff talloc: Add a warning to talloc_reference() documentation.
   via  2aa1291 talloc: Test the pooled object
   via  0f88b87 talloc: Add talloc_pooled_object
   via  62abe79 talloc: Allow nested pools.
   via  1a70518 talloc: Add a separate pool size
   via  8497337 talloc: Put pool-specific data before the chunk
   via  4e36c2f talloc: Introduce __talloc_with_prefix
   via  a6a4ec7 talloc: Decouple the dual use of chunk-pool
   via  133b1c6 Fix valgrind errors with memmove and talloc pools.
   via  834b7ea Add simple limited pool tests to test_memlimit().
   via  105a903 Remove talloc_memlimit_update(). No longer used.
   via  595a97e Inside _talloc_realloc(), keep track of size changes over 
malloc/realloc/free.
   via  a1e788b Don't call talloc_memlimit_update() inside 
_talloc_realloc() when we're just manipulating pool members.
   via  a0b5d06 Fix a conditional check. (size - tc-size  0) is always 
true if size and tc-size are unsigned.
   via  2d9ed12 In _talloc_steal_internal(), correctly decrement the memory 
limit in the source, and increment in the destination.
   via  833b365 Inside _talloc_free_internal(), always call 
talloc_memlimit_update_on_free() before we 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  492c673 VERSION: Disable git snapshots for the 4.1.17 release.
   via  8f38d4b WHATSNEW: Add release notes for Samba 4.1.17.
   via  a9a513c s3-netlogon: Make sure we do not deference a NULL pointer.
   via  1996b18 CVE-2015-0240: s3: netlogon: Ensure we don't call 
talloc_free on an uninitialized pointer.
   via  5a59b1a VERSION: Re-enable git snapshots.
   via  e001101 VERSION: Bump version up to 4.1.17.
  from  1e682c3 VERSION: Disable git snapshots for the 4.1.16 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable


- Log -
commit 492c673de07d68e0e937ca584302fef577318b24
Author: Karolin Seeger ksee...@samba.org
Date:   Sat Feb 21 21:04:20 2015 +0100

VERSION: Disable git snapshots for the 4.1.17 release.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077

CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server
could lead to security vulnerability.

Signed-off-by: Karolin Seeger ksee...@samba.org

commit 8f38d4b5e4ba45d8cc365e150f6e259d8272367c
Author: Karolin Seeger ksee...@samba.org
Date:   Sat Feb 21 21:07:08 2015 +0100

WHATSNEW: Add release notes for Samba 4.1.17.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077

CVE-2015-0240: talloc free on uninitialized stack pointer in netlogon server
could lead to security vulnerability.

Signed-off-by: Karolin Seeger ksee...@samba.org

commit a9a513c926209aa084991528d0f6ab84b20da5f7
Author: Andreas Schneider a...@samba.org
Date:   Mon Feb 16 10:59:23 2015 +0100

s3-netlogon: Make sure we do not deference a NULL pointer.

This is an additional patch for CVE-2015-0240.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11077#c32

Pair-Programmed-With: Michael Adam ob...@samba.org
Pair-Programmed-With: Andreas Schneider a...@samba.org
Signed-off-by: Michael Adam ob...@samba.org
Signed-off-by: Andreas Schneider a...@samba.org
Reviewed-by: Volker Lendecke v...@samba.org

commit 1996b18510a63a2619d813113c6b57e4654be318
Author: Jeremy Allison j...@samba.org
Date:   Wed Jan 28 14:47:31 2015 -0800

CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an 
uninitialized pointer.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11077

Signed-off-by: Jeremy Allison j...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org

commit 5a59b1a8184fe3b483e4f19e024de39b667041ef
Author: Karolin Seeger ksee...@samba.org
Date:   Tue Feb 10 21:30:36 2015 +0100

VERSION: Re-enable git snapshots.

Signed-off-by: Karolin Seeger ksee...@samba.org

commit e001101a9cd49dadc5b818cc7a0c490a305099eb
Author: Karolin Seeger ksee...@samba.org
Date:   Thu Jan 15 12:10:58 2015 +0100

VERSION: Bump version up to 4.1.17.

Signed-off-by: Karolin Seeger ksee...@samba.org
(cherry picked from commit c4e46cd4e32ef5bf25f3a21f74bb40dfb1dd3c0d)

---

Summary of changes:
 VERSION |  2 +-
 WHATSNEW.txt| 62 +++--
 source3/rpc_server/netlogon/srv_netlog_nt.c | 13 +-
 3 files changed, 71 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 47509cb..8876650 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=1
-SAMBA_VERSION_RELEASE=16
+SAMBA_VERSION_RELEASE=17
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 81a1d56..48ebdf9 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,62 @@
==
+   Release Notes for Samba 4.1.17
+  February 23, 2015
+   ==
+
+
+This is a security release in order to address CVE-2015-0240 (Unexpected
+code execution in smbd).
+
+o  CVE-2015-0240:
+   All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an
+   unexpected code execution vulnerability in the smbd file server
+   daemon.
+
+   A malicious client could send packets that may set up the stack in
+   such a way that the freeing of memory in a subsequent anonymous
+   netlogon packet could allow execution of arbitrary code. This code
+   would execute with root privileges.
+
+
+Changes since 4.1.16:
+-
+
+o   Jeremy Allison j...@samba.org
+* BUG 11077: CVE-2015-0240: talloc free on uninitialized stack pointer
+  in netlogon server could lead to security vulnerability.
+
+
+o   Andreas Schneider a...@samba.org
+* BUG 11077: CVE-2015-0240: s3-netlogon: Make sure we do not 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  1e682c3 VERSION: Disable git snapshots for the 4.1.16 release.
   via  8010553 WHATSNEW: Add release notes for Samba 4.1.16.
   via  5cc1c0e CVE-2014-8143:dsdb-samldb: Check for extended access rights 
before we allow changes to userAccountControl
   via  3c93b57 CVE-2014-8143:dsdb: Allow use of 
dsdb_autotransaction_request outside util.c
   via  f2cb9b9 CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag
   via  9e15786 CVE-2014-8143:auth: Force talloc type of session_info 
pointer to match
   via  cc49a60 VERSION: Bump version up to 4.1.16...
  from  28eacea VERSION: Disable git snapshots for the 4.1.15 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable


- Log -
commit 1e682c3ce0593b3cd93acc6a5be0d74db8d04fef
Author: Karolin Seeger ksee...@samba.org
Date:   Mon Jan 12 21:42:02 2015 +0100

VERSION: Disable git snapshots for the 4.1.16 release.

Signed-off-by: Karolin Seeger ksee...@samba.org

commit 801055358de0988717b65b4f6a2a6a4b820b9fcd
Author: Karolin Seeger ksee...@samba.org
Date:   Mon Jan 12 21:41:32 2015 +0100

WHATSNEW: Add release notes for Samba 4.1.16.

Signed-off-by: Karolin Seeger ksee...@samba.org

commit 5cc1c0ec403358d08e208a38feae11631510ab72
Author: Andrew Bartlett abart...@samba.org
Date:   Thu Dec 4 17:23:29 2014 +1300

CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow 
changes to userAccountControl

This requires an additional control to be used in the
LSA server to add domain trust account objects.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993

Signed-off-by: Andrew Bartlett abart...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org

commit 3c93b5772ef002569810b01c39faac8b34168f05
Author: Andrew Bartlett abart...@samba.org
Date:   Mon Dec 8 14:20:21 2014 +1300

CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.c

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993

Change-Id: If6bc90305a1e9a5a92562a01ba7e44330de91cc1
Pair-programmed-with: Garming Sam garm...@catalyst.net.nz
Signed-off-by: Andrew Bartlett abart...@samba.org
Signed-off-by: Garming Sam garm...@catalyst.net.nz
Reviewed-by: Stefan Metzmacher me...@samba.org

commit f2cb9b99235ebfdd0d53c3ebdaaac44f8b958311
Author: Andrew Bartlett abart...@samba.org
Date:   Mon Dec 8 12:19:19 2014 +1300

CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993

Change-Id: I36ad5ebc5d8a4811c41b59af90a3add4ae5fd857
Signed-off-by: Andrew Bartlett abart...@samba.org
Reviewed-by: Garming Sam garm...@catalyst.net.nz
Reviewed-by: Stefan Metzmacher me...@samba.org

commit 9e15786d093ac984262394510333cb3c3d512e1a
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Nov 11 15:23:02 2014 +1300

CVE-2014-8143:auth: Force talloc type of session_info pointer to match

This helps us keep things safe in LDB where we put this in a opaque pointer.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993

Andrew Bartlett

Change-Id: I46fe53ba655ca0810c276b72fbca524884cdf22d
Signed-off-by: Andrew Bartlett abart...@samba.org
Reviewed-by: Garming Sam garm...@catalyst.net.nz
Reviewed-by: Stefan Metzmacher me...@samba.org

commit cc49a6005c4406efd781ebc9ab7bb0ba00a3a603
Author: Karolin Seeger ksee...@samba.org
Date:   Sun Jan 11 20:41:04 2015 +0100

VERSION: Bump version up to 4.1.16...

and re-enable git snapshots.

Signed-off-by: Karolin Seeger ksee...@samba.org
(cherry picked from commit 9f52de75088380915835e815217bdcd0afa8dc85)

---

Summary of changes:
 VERSION |   2 +-
 WHATSNEW.txt|  55 -
 librpc/idl/security.idl |  13 ++-
 source4/auth/session.c  |   5 +
 source4/dsdb/common/util.c  |   4 +-
 source4/dsdb/pydsdb.c   |   1 +
 source4/dsdb/samdb/ldb_modules/samldb.c | 192 +++-
 source4/dsdb/samdb/samdb.h  |   6 +
 source4/rpc_server/lsa/dcesrv_lsa.c |  15 ++-
 source4/setup/schema_samba4.ldif|   1 +
 10 files changed, 282 insertions(+), 12 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index e5a8fba..47509cb 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=1
-SAMBA_VERSION_RELEASE=15
+SAMBA_VERSION_RELEASE=16
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index fe8cbeb..81a1d56 100644
--- 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  28eacea VERSION: Disable git snapshots for the 4.1.15 release.
   via  c72d0e0 WHATSNEW: Add release notes for Samba 4.1.15.
   via  65f891a nsswitch: fix soname of linux nss_*.so.2 modules
   via  5636a48 selftest: use shared/libnss_wrapper_winbind.so.2
   via  b3f140d wafsamba: add optional keep_underscore=True to 
SAMBA_LIBRARY()
   via  16f881c winbind: Retry after SESSION_EXPIRED error in ping-dc
   via  c6ede38 winbind: Retry LogonControl RPC in ping-dc after session 
expiration
   via  45238fe librpc/ndr_drsuapi: Allow ndrdump to dump dsinfo52 blobs
   via  db5d422 idl:drsuapi: Manage all possible lengths of 
drsuapi_DsBindInfo
   via  e3e0c5e librpc-idl: change the drsuapi_DsBindInfoCtr so that it 
match what is on the wire both in NDR32 and NDR64.
   via  e890269 librpc-idl: replace int32 by uint32 as the values are 
always  0
   via  9dd858c librpc-idl: replace int32 by the enumeration as it's the 
type that we use in union's switch drsuapi_DsGetDCInfoCtrLevels
   via  a6a301f drsuapi.idl: change the range for attribute values to 
26214400 bytes.
   via  d6c626a libcli/smb: only force signing of smb2 session setups when 
binding a new session
   via  be1585f s3:smb2_server: allow reauthentication without signing
   via  7aacb3c s3:smb2_server: use the global signing key to check if 
signing is required
   via  b1ecde9 testprogs/test_ldb: check rootdse search with extended-dn 
control
   via  54c8bca s4:dsdb/rootdse: expand extended dn values with the 
AS_SYSTEM control
   via  950506d s3:utils/profiles fix a use after free
   via  b18866b s3:registry/regfio fix some valgrind warnings
   via  d95c2d2 s3:registry/regfio read SD from the correct location
   via  a3d2970 s3: modules: Fix *allocate* calls to follow POSIX error 
return convention.
   via  1a128c4 s3: smbd: Fix *allocate* calls to follow POSIX error return 
convention.
   via  5b5546b s3: smbd: Fix *allocate* calls to follow POSIX error return 
convention.
   via  8999aca s3-libsmb: Duplicate the memory before we free it.
   via  4051499 s3-libsmb: Set the netbios_name in use_ccache case too.
   via  8ca520e s3-lib: Do not require a password with --use-ccache.
   via  6e030c2 pam_winbind: fix warn_pwd_expire implementation.
   via  2bea37d libcli: SMB2: Pure SMB2-only negprot fix to make us behave 
as a Windows client does.
   via  192fa10 s3-smbstatus: Fix exit code of profile output.
   via  9c7b253 s3-smbclient: Return success if we listed the shares.
   via  6931f8d s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 
addresses
   via  05cace7 samba-tool: Fix the IP output of samba-tool dns serverinfo 
some_server
   via  1e02ce0 samba-tool: Fix enum values in dns.py
   via  7dfcd23 VERSION: Bump version up to 4.1.15...
  from  1eb23eb VERSION: Disable git snapshots for the 4.1.14 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable


- Log -
---

Summary of changes:
 VERSION |   2 +-
 WHATSNEW.txt|  89 ++-
 buildtools/wafsamba/wafsamba.py |   6 +-
 libcli/smb/smbXcli_base.c   |  18 ++-
 librpc/idl/drsuapi.idl  | 104 ++---
 librpc/ndr/ndr_drsuapi.c| 190 
 nsswitch/pam_winbind.c  |   5 +-
 nsswitch/wscript_build  |  24 ++-
 python/samba/netcmd/dns.py  |  15 +-
 selftest/target/Samba.pm|   2 +-
 source3/client/client.c |   2 +-
 source3/include/local.h |   2 +
 source3/lib/util_cmdline.c  |   3 +-
 source3/libnet/libnet_dssync.c  |  21 ++-
 source3/libsmb/ntlmssp.c|  18 ++-
 source3/modules/vfs_ceph.c  |  13 +-
 source3/modules/vfs_default.c   |  17 ++-
 source3/modules/vfs_streams_xattr.c |   5 +-
 source3/modules/vfs_time_audit.c|   8 +-
 source3/registry/regfio.c   |  10 +-
 source3/rpcclient/cmd_drsuapi.c |   4 +
 source3/script/tests/test_smbclient_s3.sh   |   4 +-
 source3/smbd/smb2_server.c  |   5 -
 source3/smbd/smb2_sesssetup.c   |   4 +
 source3/smbd/vfs.c  |  22 +--
 source3/utils/profiles.c|   6 +-
 source3/utils/status.c  |   7 +-
 source3/winbindd/winbindd_dual_srv.c|  18 +++
 source3/wscript_build   |   7 -
 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  1eb23eb VERSION: Disable git snapshots for the 4.1.14 release.
   via  b692217 WHATSNEW: Add release notes for Samba 4.1.14.
   via  4ddd4c6 s4-dns: dlz-bind: Add trailing '.' to all fqdn strings
   via  a5adad6 s4-dns: Add support for BIND 9.10
   via  a30eeec s4-dns: Update dlz_minimal.h based on BIND release 9.10
   via  8fed025 s4-dns: Check DLZ_DLOPEN_VERSION for different BIND versions
   via  221934c s4-dns: Update template variables, change BIND98 -- BIND9_8
   via  c4ae1b4 samba: pass down size_t instead of int to 
add_string_to_array().
   via  fed8ae0 lib/util: use size_t for add_string_to_array().
   via  e0b65dd s3-proto: remove duplicate proto for add_string_to_array().
   via  2947da5 Revert buildtools: Rename perl vendorarch configure 
option.
   via  13c1147 Revert buildtools: Add perl vendorlib configure option.
   via  a3a75d7 Revert wafsamba: If perl can't provide defaults, define 
them.
   via  3b4dc66 Revert wafsamba: Fail with error message if perl doesn't 
provide valid dirs.
   via  699bcec pidl/wscript: remove --with-perl-* options
   via  999867a Revert autobuild: Set perl vendorlib direcotry.
   via  8f967e2 Revert script/autobuild: make use of 
--with-perl-{arch,lib}-install-dir
   via  23aba84 pidl: remove superfluous use lib 
   via  6feada1 pidl: fix the perl module search path (use lib ...) when 
installing pidl.
   via  50f3e56 wafsamba: add perl_fixup parameter to INSTALL_FILES
   via  016f1ef s3:build: don't detect perl in source3/wscript again.
   via  711a810 pidl/wscript: don't check for perl again.
   via  94e9dae build: do full SAMBA_CHECK_PERL() check in configure
   via  dff2c03 wafsamba: add samba_perl.py with SAMBA_CHECK_PERL() higher 
level check.
   via  78cb744 dynconfig: implement PERL_ARCH_INSTALL_DIR
   via  89cc025 dynconfig: implement PERL_LIB_INSTALL_DIR.
   via  f839d6c lib/ldb/wscript: pass dep_vars=['LDB_VERSION'] to 
SAMBA_GENERATOR()
   via  226ccc7 docs-xml/wscript_build: pass 
dep_vars=bld.dynconfig_varnames() to SAMBA_GENERATOR()
   via  48e500d dynconfig/wscript: add dynconfig_varnames()
   via  d9d873c wafsamba: let SAMBA_BLDOPTIONS() use dep_vars=['defines'] 
instead of always=True
   via  e19b17a wafsamba: fix dependencies on environment variables for 
python_fixup
   via  81c781d wafsamba: allow an optional dep_vars list to be passed to 
SAMBA_GENERATOR()
   via  f0cf2c0 wafsamba: fix dependency for SAMBA_GENERATOR() when passing 
vars!=None
   via  ae97d88 wafsamba: fix dependency calculation for SAMBA_GENERATOR()
   via  cfbf91e wafsamba: improve wording in a comment
   via  6392749 wafsamba: remove unused variable from 
copy_and_fix_python_path
   via  cda88f3 docs: Always declare rule to build parameters.all.xml and 
do it first
   via  fd0fe9a docs: define and include entities for the docs
   via  422d803 docs: remove the file prefix from included path names
   via  f66abcc docs: update XInclude year to conform with current standard
   via  3aa6401 pdb_tdb: Fix a TALLOC/SAFE_FREE mixup
   via  60501b0 s3-keytab: fix keytab array NULL termination.
   via  1d9c15f spoolss: remove unused fill_job_info3()
   via  bcd16d6 spoolss: fix jobid in level 3 EnumJobs response
   via  20f803b spoolss: fix jobid in level 2 GetJob and EnumJobs responses
   via  e1fb94b spoolss: fix jobid in level 1 GetJob and EnumJobs responses
   via  7bf4cb0 spoolss: fix GetJob jobid lookups
   via  9f438fd printing: add jobid_to_sysjob helper function
   via  00f6184 s3:smbd: fix file corruption using write cache size != 0
   via  907e64c s3: nmbd: Ensure NetBIOS names are only 15 characters 
stored.
   via  56ed600 s3: libsmbclient - smb2. MacOSX 10 SMB2 server doesn't set 
STATUS_NO_MORE_FILES when handed a non-wildcard path.
   via  5126c01 spoolss: fix handling of bad EnumJobs levels
   via  39a9211 s3-nmbd: Fix netbios name truncation.
   via  0e03a17 There are tests all over the SMB1 code to check that 
srv_send_smb fails, but it never returns false.
   via  859a84d s3: daemons - ensure nmbd and winbindd are consistent in 
command line processing by adding POPT_COMMON_DYNCONFIG.
   via  43fbaf6 vfs_glusterfs: Remove integer fd code and store the glfs 
pointers.
   via  ad4629b vfs_glusterfs: smb_stat_ex_from_stat commenting and cleanup.
   via  6a2496a vfs_glusterfs: Comment the top of the file.
   via  1883e25 nss_winbind: add getgroupmembership for FreeBSD
   via  0548c9e VERSION: Bump version up to 4.1.14...
  from  3211982 VERSION: Disable git snapshots for the 4.1.13 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable


- Log -

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  3211982 VERSION: Disable git snapshots for the 4.1.13 release.
   via  b780193 WHATSNEW: Add release notes for Samba 4.1.13.
   via  e0f4517 s3: nmbd: Ensure the main nmbd process doesn't create 
zombies.
   via  26a7036 pthreadpool: Slightly serialize jobs
   via  fda66b9 s3: lib: Signal handling - ensure smbrun and change 
password code save and restore existing SIGCHLD handlers.
   via  78deb22 lib: util: Signal handling - change CatchChild() and 
CatchChildLeaveStatus() to return the previous handler.
   via  429ddb1 s3: smb2cli: query info return length check was reversed.
   via  0e17b3f s3-libads: Add all machine account principals to the keytab.
   via  6602ad3 registry: Don't leave dangling transactions
   via  f2f050c s3-winbindd: Do not use domain SID from LookupSids for 
Sids2UnixIDs call
   via  a0eb3dd s3: Move init_lsa_ref_domain_list to lib
   via  2cd2490 idmap_rfc2307: Fix a crash after connection problem to DC
   via  043415e s3-libnet: Make sure we do not overwrite precreated SPNs.
   via  306e7e3 s3-libnet: Add libnet_join_get_machine_spns().
   via  f42d65e s3-libads: Add function to search for an element in an 
array.
   via  5923c9a s3-libads: Add a function to retrieve the SPNs of a 
computer account.
   via  bff195a s3-libads: Improve service principle guessing.
   via  f93df45 smbd: We now survive smb2.oplock.stream1
   via  05417be s3: smbd: streams - Ensure share mode validation ignores 
internal opens (op_mid == 0).
   via  7bbf54d nsswitch: Skip groups we were not able to map.
   via  bcc8912 s3: smbd - open logic fix.
   via  ad70de6 s3:smbd:open_file: use a more natural check.
   via  4b3c8ad s3:smbd: fix a race in open code
   via  6b1091dc s3: winbindd: Old NT Domain code sets struct 
winbind_domain-alt_name to be NULL. Ensure this is safe with modern AD-DCs.
   via  632e0bc s3-winbindd: Use correct realm for trusted domains in idmap 
child
   via  5cf0aa0 libcli: Fix a segfault calling smbXcli_req_set_pending() on 
NULL.
   via  52b876a media_harmony: Fix a crash bug
   via  62513b7 docs: mention incompatibility between kernel oplocks and 
streams_xattr
   via  a93d931 nmbd: Send waiting status to systemd.
   via  beffc40 lib: Add daemon_status() to util library.
   via  538f62e selftest: Fix selftest where pid is used uninitialized.
   via  6ccee19 Merge tag 'samba-4.1.12' into v4-1-test
   via  a75c1bc VERSION: Bump version up to 4.1.13...
  from  6cc1d30 Merge tag 'samba-4.1.11' into v4-1-test

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable


- Log -
---

Summary of changes:
 VERSION   |2 +-
 WHATSNEW.txt  |   91 +-
 docs-xml/manpages/vfs_streams_xattr.8.xml |4 +
 lib/util/become_daemon.c  |   11 ++
 lib/util/samba_util.h |   10 ++-
 lib/util/signal.c |8 +-
 libcli/smb/smb1cli_echo.c |1 -
 libcli/smb/smb2cli_query_info.c   |2 +-
 nsswitch/winbind_nss_linux.c  |5 +
 selftest/knownfail|1 -
 selftest/target/Samba.pm  |7 +-
 source3/{lib/version_test.c = include/lsa.h} |   17 ++--
 source3/lib/lsa.c |   67 +
 source3/lib/pthreadpool/pthreadpool.c |6 +-
 source3/lib/smbrun.c  |   18 ++--
 source3/libads/ads_proto.h|8 ++
 source3/libads/kerberos_keytab.c  |   74 ++-
 source3/libads/ldap.c |   91 ++
 source3/libads/sasl.c |  124 +
 source3/libnet/libnet_join.c  |   59 +++-
 source3/modules/vfs_media_harmony.c   |4 +-
 source3/nmbd/nmbd.c   |3 +
 source3/nmbd/nmbd_subnetdb.c  |7 +-
 source3/registry/reg_api.c|2 +-
 source3/rpc_server/lsa/srv_lsa_nt.c   |   48 +-
 source3/rpc_server/samr/srv_samr_chgpasswd.c  |9 +-
 source3/rpc_server/wscript_build  |2 +-
 source3/smbd/open.c   |   79 
 source3/winbindd/idmap_rfc2307.c  |1 +
 source3/winbindd/wb_sids2xids.c   |   33 ++-
 source3/winbindd/winbindd_ads.c   |   14 ++-
 source3/winbindd/winbindd_cm.c|8 +-
 source3/wscript_build |4 +
 33 files changed, 620 insertions(+), 200 deletions(-)
 copy source3/{lib/version_test.c = include/lsa.h} (74%)
 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  6cc1d30 Merge tag 'samba-4.1.11' into v4-1-test
   via  85c575d WHATSNEW: Add release notes for Samba 4.1.12.
   via  5475d5e s3: smbd: vfs_dirsort module.
   via  f165bb9 s4-rpc: dnsserver: handle updates of tombstoned dnsNode 
objects
   via  98fb614 s4-rpc: dnsserver: Do not search for deleted DNS entries
   via  132b848 s4:dlz_bind9: let dlz_bind9 use dns_common_lookup() before 
add/modify
   via  8de4f48 s4:dlz_bind9: let dlz_bind9 use dns_common_lookup() before 
removing records
   via  f20179b s4:dlz_bind9: let dlz_bind9 use dns_common_replace()
   via  5a3b783 s4:dlz_bind9: let dlz_bind9 use dns_common_extract()
   via  07f72fc s4:dlz_bind9: let dlz_bind9 use dns_common_lookup() for 
name lookup
   via  4f7d4fd torture-dns: Add test for dlz_bind9 updates
   via  0b9c775 torture-dns: Add test for dlz_bind9 zonedumps
   via  0542349 torture-dns: Add test for dlz_bind9 lookups
   via  f5d39b6 s4:torture:dlz_bind9: fix spnego tests
   via  ce13047 s4:dlz_bind9: do an early talloc_free(el_ctx) in 
dlz_allnodes()
   via  889e958 s4:dlz_bind9: avoid some compiler warnings
   via  f23aa6f s4:dns_server: handle tombstones in handle_one_update()
   via  0329ef4 s4:dns_server: add DNS_TYPE_TOMBSTONE support to 
dns_common_replace()
   via  2fbb9b9 s4:dns_server: make sure dns_common_lookup() doesn't return 
tombstones
   via  31b5192 s4:dns_server: use .wType = DNS_TYPE_TOMBSTONE instead of 
ZERO_STRUCT()
   via  ec0df9f s4:dns_server: split out dns_common_replace()
   via  256349dd s4:dns_server: remove const from dns_replace_records()
   via  f3df058 s4:dns_server: split out dns_common_extract() and 
dns_common_lookup()
   via  f3e6b38 s4:dns_server: split out a private 'dnsserver_common' 
library
   via  d3abd55 s4:dns_server: map LDB_ERR_NO_SUCH_OBJECT to 
WERR_DNS_ERROR_NAME_DOES_NOT_EXIST
   via  e6adf09 s4:dns_server: handle WERR_DNS_ERROR_NAME_DOES_NOT_EXIST in 
werr_to_dns_err()
   via  eb0e0b1 provision: Correctly provision the SOA record minimum TTL
   via  748e78e s4-rpc: dnsserver: return DNS_RANK_NS_GLUE recors when 
explicitly asked for
   via  c371cad s4-rpc: dnsserver: Do not return NS_GLUE records with 
VIEW_GLUE_DATA filter
   via  019c587 s4-rpc: dnsserver: Correctly set rank for glue NS records
   via  5fdc841 s4:setup/dns_update_list: make use of the new substitution 
variables
   via  d3947ea s4:samba_dnsupdate: provide more substitution variables 
e.g. IF_RODC
   via  78cad21 s4:samba_dnsupdate: don't try to be smart when verifying NS 
records
   via  0301b53 s4:samba_dnsupdate: cache the already registered records
   via  f8b7027 s4:samba_dnsupdate: fix dnsobj.__str__()
   via  40bac8e s4:samba_dnsupdate: don't lower case the registered names
   via  a02 python/join: use lowercase for the dnshostname.
   via  0eaca4c selftest/Samba3: also bind to ipv6
   via  2759e97 selftest/Samba4: also bind to ipv6
   via  b62a179 selftest: export _IPV6 environment variables
   via  534f6aa libcli/dns: ignore NS entries in dns_hosts_file.c at a 
higher log level for now
   via  1ef078e libcli/dns: add  support to dns_hosts_file.c
   via  391b29a s3: winbindd: On new client connect, prune idle or hung 
connections older than winbind request timeout
   via  fa781e2 s3: winbindd: Add new parameter winbind request timeout 
set to 60 seconds with man page.
   via  121cad3 dosmode: fix FSCTL_SET_SPARSE request validation
   via  a5f0ec0 smbd: Properly initialize mangle_hash
   via  708986f Don't discard result of checking grouptype
   via  7a58844 docs: Fix typos in smb.conf (inherit acls)
   via  df9396a samba: Retain case sensitivity of cifs client
   via  c556d3e lib: strings: Simplify strcasecmp
   via  7c54339 s4: tests: Added local.charset test for Bug 10716 - smbd 
constantly crashes when filename contains non-ascii character
   via  2765daa lib: strings: Fix the behavior of strncasecmp_m_handle() in 
the face of bad conversions.
   via  a8cbd5a lib: strings: Fix the behavior of strcasecmp_m_handle() in 
the face of bad conversions.
   via  5df60b2 printing: reload printer shares on OpenPrinter
   via  00a0c2d smbd: split printer reload processing
   via  44a3d3f server: remove duplicate snum_is_shared_printer()
   via  728e951 smbd: only reprocess printer_list.tdb if it changed
   via  5a647c5 printing: return last change time with pcap_cache_loaded()
   via  b8042f8 printing: remove pcap_cache_add()
   via  62df2fd printing: reload printer_list.tdb from in memory list
   via  0fae4d3 printing: only reload printer shares on client enum
   via  83f448d printing: traverse_read the printer list for share updates
   via  b95dbbe s3: smbd : SMB2 - fix SMB2_SEARCH when searching non 
wildcard 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  fcc634b Merge commit 'origin/v4-1-test^' into v4-1-stable
   via  80a1dfd VERSION: Disable git snapshots for the 4.1.10 release.
   via  7253047 WHATSNEW: Add release notes for Samba 4.1.10.
   via  1a9a02d ldb-samba: fix a memory leak in 
ldif_canonicalise_objectCategory()
   via  6526cb7 s3: SMB2 : Fix leak of blocking lock records in the 
database.
   via  8fa384d s3: smb2: Simplify logic in reprocess_blocked_smb2_lock().
   via  ead305e s3: smb2: Remove unused code from remove_pending_lock().
   via  4c32263 selftest/knownfail: ignore samba3.smb2.oplock.exclusive5 
failures in v4-1-*
   via  f2da72f smbd: Remove 2 indentation levels
   via  f8af687 s3: smbd - Prevent file truncation on an open that fails 
with share mode violation.
   via  610320e s4:dsdb/repl_meta_data: make sure objectGUID can't be 
deleted
   via  b532f24 selftest: teardown the environments also on getting SIGPIPE
   via  d485ebd libwbclient: allow only one initial_blob/challenge_blob in 
wbcCredentialCache()
   via  0390735 s3: libwbclient: Don't break out of loop too soon - find 
all parameters.
   via  82f4748 s4:dsdb/samldb: don't allow 'userParameters' to be modified 
over LDAP for now
   via  a29068f dbcheck: Add check and test for various invalid 
userParameters values
   via  75eaf99 dsdb: Always store and return the userParameters as a array 
of LE 16-bit values
   via  50b6474 dsdb: Set syntax of userParameters to binary string, not 
unicode string
   via  30e638f torture4: Make raw.lock.multilock fail after 20 seconds
   via  dfe449a torture4: Adapt comment to code
   via  7eb800d s4: smbtorture: Add multi-lock test. Regression test for 
bug #10684.
   via  2f118b6 s3: smbd: Locking - re-add pending lock records if we fail 
to acquire a lock (and the lock hasn't timed out).
   via  01753e8 s3: smbd: Locking - treat lock timeout the same as any 
other error.
   via  6484211 s3: smbd: Locking - add and use utility function 
lock_timed_out().
   via  76dd28b s3: smbd: Locking - convert to using utility macro used 
elsewhere.
   via  b23e9d5 s4:dsdb/extended_dn_in: don't force 
DSDB_SEARCH_SHOW_RECYCLED
   via  f23869c s4:dsdb/kcc: use SHOW_RECYCLED instead of SHOW_DELETED in 
when deleting tombstone/deleted objects
   via  498e7cc s4:dsdb/schema_load: make error message more verbose
   via  38c5f5b dbcheck: Ensure dbcheck can operate with --attrs set
   via  e4bf67a kerberos: Remove un-used event context argument from 
smb_krb5_init_context()
   via  c0091d0 dsdb: Specify no event context to smb_krb5_init_context() 
in dsdb
   via  4c0595f dsdb: Add DSDB_SEARCH_ONE_ONLY support to 
dsdb_module_search*()
   via  bdd363a dsdb: Do not permit nested event loops when in a 
transaction, use a nested event context
   via  5289cb9 dsdb: Rename private_data to rootdse_private_data in rootdse
   via  f377654 dsdb: Add more tests for DN+String and DN+Binary comparisons
   via  f18a67a selftest: Add tests for dbcheck detection and removal of 
partial objects
   via  ddfbfd7 dsdb: Make it harder to corrupt the database by requiring 
DBCHECK or RELAX for final object deletion
   via  5572384 build: Exclude source4/selftest/provisions/release-4-1-0rc3 
from the tarball
   via  f2c728d dbcheck: Directly call dn.get_rdn_{val,name}() for clarity 
and consistency
   via  7746ad2 dbchecker: verify and fix broken dn values
   via  8546c70 dbchecker: make the deleted objects container detection 
more generic
   via  1b4a949 dsdb: Do not refresh the schema using the wrong event 
context
   via  f72899e dsdb: Do not store a struct ldb_dn in struct schema_data
   via  4730d74 samba-tool dbcheck: handle missing objectClass
   via  87b40d4 dsdb: Improve missing objectClass handling
   via  56caec5 dsdb: Improve errors and checks for missing objectClass 
values
   via  483d5e3 dsdb: Clarify how the DSDB_REPL_FLAG_PRIORITISE_INCOMING 
flag works
   via  a2d3f1a dsdb: Do not update notify_uSN until the transaction is 
genuinely committed to the DB
   via  519d069 dsdb: Further assert that we always have an objectClass and 
an rDN
   via  ddf9b85 dsdb: Ensure to sort replPropertyMetaData as UNSIGNED, not 
SIGNED quantities
   via  5ce7f30 s4:samdb: respect SEARCH_FLAG_PRESERVEONDELETE
   via  73e5b13 s4-samldb: Do not allow deletion of objects with RID  1000
   via  f4f9a65 dsdb: Use dsdb_next_callback() rather than a no-op 
per-module callback
   via  b5294f2 s4-dsdb: instanceType NC_HEAD is only allowed combined with 
WRITE for an originating add operation
   via  48b8d0e s4:dsdb/repl: make use of 
dcerpc_binding_handle_is_connected()
   via  0bd326d s3:smb2_read: let smb2_sendfile_send_data() behave like 
send_file_readX()
   via  a8adafa net/doc: make clear that net vampire is 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  b02db8d VERSION: Disable git snapshots for the 4.1.8 release.
   via  7413eb3 WHATSNEW: Add release notes for Samba 4.1.8.
   via  814b88c printing: fix purge of all print jobs
   via  af13e3e s3: smb2: Move from using SBVAL to put NTTIMEs on the wire 
to put_long_date_timespec.
   via  f3fd95f s3: smb2: Move from using SBVAL to put NTTIMEs on the wire 
to put_long_date_timespec.
   via  bb0871c bug #10609: CVE-2014-0239 Don't reply to replies
   via  60dbfbd lib-util: rename memdup to smb_memdup and fix all callers 
(bug #10556)
   via  2763d0f ad-dc: use exit_daemon() to communicate status of startup 
to systemd
   via  93979e0 winbindd: use exit_daemon() to pass startup status to 
systemd
   via  59d9a27 nmbd: use exit_daemon() to report status to systemd
   via  def308a smbd: use exit_daemon() to support reporting to systemd 
from smbd
   via  2c61618 add systemd integration
   via  7982500 pidl/lib/wscript_build: make use of PERL_LIB_INSTALL_DIR
   via  7a6173d script/autobuild: make use of 
--with-perl-{arch,lib}-install-dir
   via  a76395b wafsamba: Fail with error message if perl doesn't provide 
valid dirs.
   via  992e693 wafsamba: If perl can't provide defaults, define them.
   via  dbe2ef7 FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at 
end
   via  ab51cd9 FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to zero
   via  3b7b670 s3: smbd : Fix wildcard unlink to fail if we get an error 
rather than trying to continue.
   via  d514226 s3: smbd: Remove open_file_fchmod().
   via  690aab2 s3: smbd: change file_set_dosmode() to use 
get_file_handle_for_metadata() instead of open_file_fchmod().
   via  db4743a s3: smbd : Ensure file_new doesn't call into 
smbXsrv_open_create() for INTERNAL_OPEN_ONLY.
   via  90871a5 s3 : smbd : Protect all possible code paths from fsp-op == 
NULL.
   via  8f0c74e byteorder: do not assume PowerPC is big-endian
   via  1d255d2 Fix an empty if statement.
   via  a790773 Minor typo fix in source3/wscript.
   via  15a2d25 s3: smbd - smb1 - fix read of deleted memory in 
reply_writeclose().
   via  7346e39 idmap_autorid: fix failure in reverse lookup if ID is from 
domain range index #0
   via  c573720 dsdb: Do checks for invalid renames in samldb, before 
repl_meta_data
   via  423987a build: fix ordering problems with lib-provided and internal 
RPATHs
   via  cebdd0d s4:torture/netlogon: Test netlogon with additional attrs
   via  b81797c s4:torture/ldap: Add test for netlogon over tcp
   via  11a9d8c libcli/cldap: Add utility to create netlogon filter
   via  2e10364 s4:dsdb: Move cldap netlogon functions into 
samdb/ldb_modules
   via  bb6fda9 s4:cldap_server: Do not handle netlogon ourself anymore
   via  a7a61ec s4:dsdb/rootdse: Support netlogon request
   via  19a5ac2 s4:dsdb/rootdse: Pass rootdse context to rootdse_add_dynamic
   via  1e75825 provision: Fix string replacement ordering
   via  2c82031 s4:cldap_server: Move netlogon parsing into utility function
   via  161699f s4:torture/cldap: Fix a typo
   via  aa82073 s3-lib/util: fix logic inside set_namearray loops.
   via  9dbafdc s3-lib/util: fix read across end of namelist string
   via  bb79bdb s3-nmbd: reset debug settings after reading config file 
(bug #10239)
   via  675782c VERSION: Bump version number up to 4.1.8...
  from  9da023a WHATSNEW: Add release notes for Samba 4.1.7.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable


- Log -
---

Summary of changes:
 VERSION|2 +-
 WHATSNEW.txt   |  121 ++-
 buildtools/wafadmin/Tools/config_c.py  |   13 +
 buildtools/wafadmin/Tools/perl.py  |   52 ++-
 lib/util/become_daemon.c   |   37 ++-
 lib/util/byteorder.h   |   10 +-
 lib/util/samba_util.h  |   14 +-
 lib/util/util.c|2 +-
 lib/util/wscript_build |2 +-
 libcli/cldap/cldap.c   |   90 +++--
 libcli/cldap/cldap.h   |2 +
 packaging/systemd/nmb.service  |3 +-
 packaging/systemd/samba.service|3 +-
 packaging/systemd/smb.service  |3 +-
 packaging/systemd/winbind.service  |3 +-
 pidl/lib/wscript_build |4 +-
 python/samba/provision/__init__.py |2 +-
 python/samba/tests/dns.py  |   29 ++
 script/autobuild.py|4 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  9da023a WHATSNEW: Add release notes for Samba 4.1.7.
   via  dadd863 s3: messages: Implement cleanup of dead records.
   via  bdd6da6 s3:libsmb: SMBC_getatr() if no method worked, try all 
methods again on next attempt
   via  4aa742a client: use cli_qpathinfo3 for allinfo
   via  0874ff2 s3:libsmb: cli_qpathinfo3 use cli_qpathinfo2 for smb2
   via  e98e835 client: remove a write only variable
   via  66115ff s3:libsmb: SMBC_getatr use pathinfo3 for second try
   via  0bea2d2 s3:libsmb: SMBC_getatr do not let ino undefined on success
   via  d15c014 s3:libsmb: SMBC_getatr try pathinfo2 only once
   via  976030c s3:libsmb: add function cli_qpathinfo3()
   via  f76511c s3:libsmb: add function cli_qpathinfo_standard()
   via  1f4b445 s3:libsmb: pass creation or birth time in 
cli_qpathinfo_basic()
   via  b1c6431 rpcclient: abort shadow-copy set on commit failure
   via  400e4f0 rpcclient: append a trailing slash to FSRVP request UNCs
   via  c9703c9 s3: smbd: Ensure we always go via getgroups_unix_user() 
when creating an NT token.
   via  34fcb4e lsa.idl: define lsa.ForestTrustCollisionInfo and 
ForestTrustCollisionRecord as public structs
   via  3687ab1 s3-rpc_server: Fix handling of fragmented rpc requests.
   via  f2592b6 s3:rpc_server: minor refactoring of process_request_pdu()
   via  f3f0f62 pidl-waf: Only install Yapp::Driver if it is not available.
   via  c7a35ab pidl-waf: Check for system perl(Parse::Yapp::Driver).
   via  7d66a2c pidl-waf: Add a function to check for a system perl module.
   via  fadd326 pidl-waf: Do not glob to install pidl modules.
   via  3957564 pidl-waf: Install pidl modules to the perl vendorlib 
directory.
   via  7876b4b pidl-waf: Remove unused variable pidl_src.
   via  fe7d930 autobuild: Set perl vendorlib direcotry.
   via  b1d86ee buildtools: Add perl vendorlib configure option.
   via  4ba0f7a buildtools: Rename perl vendorarch configure option.
   via  b53c122 dns: Extend tests for records with another type
   via  5e62b6e bug #10471: Don't respond with NXDOMAIN to records that 
exist with another type
   via  8745204 s3: smbd: Fileserving share access checks.
   via  032ab0b smbreadline: switch to new-style readline typedef
   via  d60f58d s4:lib/socket: simplify iface_list_wildcard() and its 
callers
   via  0644125 s4:lib/socket: use the same logic in iface_list_wildcard() 
as in smbd
   via  8d256c8 s3:smbd: s/BUFFER_SIZE/LARGE_WRITEX_BUFFER_SIZE
   via  3ada2b3 s3:smbd: fix the maxentries calculation depending on the 
max_send.
   via  f5f5e5b s3:smbd: simplify maxentries calculation in reply_search()
   via  57f6afc s3:smbd: fix the read numtoread calculation depending on 
the max_send.
   via  6deb0f2 s3:smbd: fix the lockread numtoread calculation depending 
on the max_send.
   via  434e211 s3:smbd: pass the final numtoread reply_outbuf() for the 
lockread reply.
   via  49197c1 s3:smbd: fix lockread numtoread calculation to match 
reply_outbuf() arguments.
   via  9404bd6 s3:smbd: take less than SMB_BUFFER_SIZE_MIN ('500') as 
header overhead in ipc.c
   via  39af4a7 s3:smbd: reject a MaxBufferSize  SMB_BUFFER_SIZE_MIN (500) 
in a session setup request
   via  8724f6c s3:smbd: use sconn-smb1.sessions.max_send = 
SMB_BUFFER_SIZE_MAX
   via  047f881 s3:smbd: use SMB_BUFFER_SIZE_MIN/MAX to limit lp_max_xmit()
   via  08aa53b s3:include: let CLI_BUFFER_SIZE be an alias of 
SMB_BUFFER_SIZE_MAX
   via  ba91a66 libcli/smb: add SMB_BUFFER_SIZE_MIN/MAX defines
   via  3a36bf7 s3:param: avoid using BUFFER_SIZE to limit the 
lp_min_receive_file_size()
   via  2092577 s3:client: only limit the buffer by the given length 'n'
   via  3528b52 s3:torture: use CLI_BUFFER_SIZE instead of BUFFER_SIZE
   via  8733ce1 s3:utils/smbfilter: use a local variable for the packet 
buffer
   via  3b6d207 s4: smbtorture: Add a proper change_notify going async 
followed by tdis test.
   via  4df79f0 s4: smbtorture: Update the torture_smb2_notify_ulogoff test 
to demonstrate the problem.
   via  91dea25 s3:smb2_tcon: cancel and wait for pending requests on tdis
   via  e039346 s3:smb2_sesssetup: cancel and wait for pending requests on 
logoff
   via  3f4af7f s3:smb2_tcon: split smbd_smb2_tdis into an async 
*_send/recv pair.
   via  0ca9ce8 s3:smb2_sesssetup: split smbd_smb2_logoff into an async 
*_send/recv pair.
   via  ad5d9c3 s3:smb2_lock: return RANGE_NOT_LOCKED instead of CANCELLED 
for logoff and tdis
   via  2ded846 s3:smb2_lock: fix whitespaces/tabs in 
smbd_smb2_lock_cancel()
   via  1a4e5cf s4:torture/smb2: accept NT_STATUS_RANGE_NOT_LOCKED after 
smb2_logoff/tdis
   via  a9703c9 s3: lib: Back-port tevent_queue_wait_send/recv - 
smbd_tevent_queue_wait_send/recv
   via  c77fbd2 tevent: fix 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  48966b6 VERSION: Disable git snapshots for the 4.1.6 release.
   via  6125d12 WHATSNEW: Add release notes for Samba 4.1.6.
   via  7ff3ed7 CVE-2013-6442: s3:smbcacls - ensure we don't lose an 
existing ACL when setting owner or group owner.
   via  435541a CVE-2013-4496:Revert remainder of 
ce895609b04380bfc41e4f8fddc84bd2f9324340
   via  70efaac CVE-2013-4496:samr: Remove ChangePasswordUser
   via  05ba344 CVE-2013-4496:s3:auth: fix memory leak in the 
ACCOUNT_LOCKED_OUT case.
   via  f5743f0 CVE-2013-4496:s3-samr: Block attempts to crack passwords 
via repeated password changes
   via  0a0f17d VERSION: Bump version number up to 4.1.6...
  from  144791e VERSION: Disable git snapshots for the 4.1.5 release.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable


- Log -
commit 48966b660733c9c9726cc3a87fa670b4c8427f5a
Author: Karolin Seeger ksee...@samba.org
Date:   Tue Mar 11 12:42:27 2014 +0100

VERSION: Disable git snapshots for the 4.1.6 release.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
CVE-2013-4496: Enforce password lockout for SAMR password
changes.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327
CVE-2013-6442: ensure we don't lose an existing ACL when
setting owner or group owner.

Signed-off-by: Karolin Seeger ksee...@samba.org

commit 6125d12c4f2fc9853c1bba9cb1725cf277856fdb
Author: Karolin Seeger ksee...@samba.org
Date:   Tue Mar 11 12:40:13 2014 +0100

WHATSNEW: Add release notes for Samba 4.1.6.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
CVE-2013-4496: Password lockout not enforced for SAMR password
changes.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327
CVE-2013-6442: smbcacls --chown | --chgrp dacl regression

Signed-off-by: Karolin Seeger ksee...@samba.org

commit 7ff3ed7f03debca689f79abc6edf591b4459822b
Author: Jeremy Allison j...@samba.org
Date:   Wed Dec 18 13:56:18 2013 -0800

CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when 
setting owner or group owner.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327
Bug 10327 - CVE-2013-6442: smbcacls --chown | --chgrp dacl regression

Signed-off-by: Jeremy Allison j...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org

commit 435541a9bc25879ec5cdd987a72a3a278bae2877
Author: Andrew Bartlett abart...@samba.org
Date:   Thu Nov 28 06:50:01 2013 +1300

CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340

Part of this was removed when ChangePasswordUser was unimplemented,
but remove the remainder of this flawed commit.  Fully check the
password first, as extract_pw_from_buffer() already does a partial
check of the password because it needs a correct old password to
correctly decrypt the length.

Andrew Bartlett

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245

Signed-off-by: Andrew Bartlett abart...@samba.org
Reviewed-by: Andreas Schneider a...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org

commit 70efaacd009f44b9b31403afb3c7c858ecdcaf96
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Nov 5 16:16:46 2013 +1300

CVE-2013-4496:samr: Remove ChangePasswordUser

This old password change mechanism does not provide the plaintext to
validate against password complexity, and it is not used by modern
clients.

The missing features in both implementations (by design) were:

 - the password complexity checks (no plaintext)
 - the minimum password length (no plaintext)

Additionally, the source3 version did not check:

 - the minimum password age
 - pdb_get_pass_can_change() which checks the security
   descriptor for the 'user cannot change password' setting.
 - the password history
 - the output of the 'passwd program' if 'unix passwd sync = yes'.

Finally, the mechanism was almost useless, as it was incorrectly
only made available to administrative users with permission
to reset the password.  It is removed here so that it is not
mistakenly reinstated in the future.

Andrew Bartlett

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245

Signed-off-by: Andrew Bartlett abart...@samba.org
Reviewed-by: Andreas Schneider a...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org

commit 05ba34438145e73d301bc814864aadc237528203
Author: Stefan Metzmacher me...@samba.org
Date:   Tue Nov 5 14:04:20 2013 +0100

CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245

Signed-off-by: Stefan Metzmacher me...@samba.org
Reviewed-by: Jeremy Allison j...@samba.org
Signed-off-by: Andrew Bartlett abart...@samba.org
  

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  144791e VERSION: Disable git snapshots for the 4.1.5 release.
   via  a738491 WHATSNEW: Add release notes for Samba 4.1.5.
   via  8c2ee1f s3:smb2_notify: fix use after free on long living notify 
requests
   via  dd83f1d s3: modules: streaminfo: As we have no VFS function 
SMB_VFS_LLISTXATTR we can't cope with a symlink when lp_posix_pathnames() is 
true.
   via  6763283 s3: vfs_dirsort module.
   via  9cb8ae1 s3: vfs_dirsort module.
   via  4ce9501 smbd: Fix an ancient oplock bug
   via  b5253bf vfs_btrfs: pass-through copy-chunk(len=0) requests
   via  1271434 smbd/smb2_ioctl: fail zero length copy chunk requests
   via  3a3d027 torture: add zero length FSCTL_SRV_COPYCHUNK test
   via  6265959 kdc: Add belts-and-braces check that we fail if the hdb 
version changes
   via  593ce2a Support for Heimdal's unified krb5 and hdb plugin system.
   via  68dc374 Cope with first element in hdb_method having a different 
name in different heimdal versions.
   via  3f09c5c smbd: Fix memory overwrites
   via  dc58296 s3-winbind: Improve performance of 
wb_fill_pwent_sid2uid_done().
   via  e31075d Stop use after free
   via  28ddd77 s3: smbpasswd - fix crashes on invalid input.
   via  13e65fa s3:dir - We now pass the previously spinning directory 
tests on ext4.
   via  da502c0 s3:dir - Introduce a 64-bit directory offset - 32 bit 
wire offset map using memcache.
   via  3f28508 s3:dir - Add a new memcache type (non-talloc) - 
SMB1_SEARCH_OFFSET_MAP.
   via  d8bed98 s3:dir - Map wire offsets to native directory cookies.
   via  45e65e1 s3:dir - Cope with fixed mapping of 'special' values.
   via  23596ff s3: dir - Introduce 32-bit wire versions of the 'special' 
values.
   via  d9e8ac1 s3:dir - Introduce a function to map a directory cookie to 
a 32-bit wire cookie.
   via  9b6d61c s3:dir - In the old SMB1 search code, rename offset to 
wire_offset to distinguish between wire and native offsets.
   via  f4c8846 vfs/glusterfs: in case atime is not passed, set it to the 
current atime
   via  d49d8b6 s3-passdb: Fix string duplication to pointers.
   via  bf88959 wbinfo: Fix a memory leak in wbinfo_ping_dc().
   via  07f1312 s3-libads: Fix memory leaks in ads_build_path().
   via  a498c8a lib: Fix strict-aliasing warning in md5 code.
   via  a91d000 shadow_copy2: add a comment explaining why we don't 
talloc_zero_array().
   via  cc773c5 shadow_copy2: revert expensive and unnecessary 
zero-initialization
   via  e8bc1ac docs: Fix typos in vfs_shadow_copy2.8.xml.
   via  4fe0bad docs: update the manpage of vfs_shadow_copy2
   via  33fb6c1 s3:modules:shadow_copy2: remove redundant documentation 
comment block
   via  572ca24 s3:modules:shadow_copy2: improve headline comment
   via  44db7d8 s3:module:shadow_copy2: add my (C)
   via  db8ea0a shadow_copy2: use stored mount_point instead of 
recalculating.
   via  5e9daae shadow_copy2: improve debug in shadow_copy2_convert() in 
snapdirseverywhere mode
   via  c775897 shadow_copy2: fix shadow_copy2_convert() in the classical 
case.
   via  3672c20 shadow_copy2: add some blank lines for visual separation to 
shadow_copy2_convert()
   via  9f269c9 shadow_copy2: initialize converted string to null in 
shadow_copy2_convert()
   via  285e1e4 shadow_copy2: fix shadow_copy2_strip_snapshot() in the 
classical case
   via  790fcac shadow_copy2: add some debug to 
shadow_copy2_strip_snapshot()
   via  9607710 shadow_copy2: add comments explaining decisions in 
shadow_copy2_strip_snapshot()
   via  9af2451 shadow_copy2: introduce shadow_copy2_snapshot_path()
   via  042b0aa shadow_copy2: factor shadow_copy2_posix_gmt_string() out of 
shadow_copy2_insert_string()
   via  15170c0 shadow_copy2: shadow_copy2_insert_string(): do not prepend 
a / in absolute mode
   via  b6a6eb5 shadow_copy2: make shadow_copy2_find_snapdir() return const 
char *
   via  f61106d shadow_copy2: in the classical case, use configured path in 
shadow_copy2_find_snapdir()
   via  47a0a04 shadow_copy2: implement disk_free
   via  cfa7632 shadow_copy2: log resulting config at the end of 
shadow_copy2_connect()
   via  1b1d020 shadow_copy2: add snapshot_basepath to the config.
   via  fa6b219 shadow_copy2: add rel_connectpath to config.
   via  9b376b7 shadow_copy2: introduce shadow:mountpoint option
   via  52c70fb shadow_copy2: re-add the basedir option.
   via  266a8de shadow_copy2: disable snapdir:crossmountpoints if the 
snapdir is absolute.
   via  e86972d shadow_copy2: introduce the bool snapdir_absolute in the 
config.
   via  5037f83 shadow_copy2: introduce config struct and function 
shadow_copy2_connect()
   via  0985cce shadow_copy2: add comment explaining the SMB level GMT 
format pattern
   via  cd96d92 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  b6d7cae VERSION: Disable git snapshots for the 4.1.4 release.
   via  a6b86bf WHATSNEW: Add release notes for Samba 4.1.4.
   via  c765c2a s3:winbindd fix use of uninitialized variables
   via  9c78cc3 vfs_glusterfs: Enable per client log file
   via  5438b48 ldb: bad if test in ldb_comparison_fold()
   via  80c09fc s3-lib: Fix %G substitution for domain users in smbd
   via  3d62925 smbtorture: New torture test for bug #9870.
   via  c9b6d8c smbd - allow updates on directory write times on open 
handles.
   via  e440444 s3-winbindd: Fix DEBUG statement in winbind_msg_offline().
   via  a15ca71 smbd: Fix a panic when a smb2 brlock times out
   via  c89fb8b selftest: Remove samba3.smb2.lock.*.rw-exclusive from 
flapping file
   via  52db703 selftest: Run smb2.lock tests also against AIO share
   via  e9503d4 selftest: Introduce share for testing AIO
   via  6f46103 s3: Return correct error code from SMB2 AIO read failure
   via  53bdc43 s3-aio: Use correct locking context for SMB2
   via  723d74f s3:smb2_server: avoid calling set_current_user_info() for 
each request
   via  2eb171f s3:smb2_server: generate a header blob for the sendfile path
   via  a399931 s3:smb2_server: allocate smbd_smb2_request on talloc_tos()
   via  79c54dc s3:smb2_server: use tevent_req_notify_callback() in 
smbd_smb2_request_pending_queue()
   via  1b3cf43 s3:smb2_server: for performance reasons we use tevent_fd 
and readv/writev directly
   via  dc55266 s3:smb2_server: fix drain_socket error handling
   via  aa79211 smbd: Always use UCF_PREP_CREATEFILE for filename_convert 
calls to resolve a path for open.
   via  564fe6c smbd: change flag name from UCF_CREATING_FILE to 
UCF_PREP_CREATEFILE
   via  9859090 smbd: Fix regression for the dropbox case.
   via  3641751 lib/util: use proper include for struct stat
   via  180bca8 VERSION: Bump version up to 4.1.4.
   via  ff99526 Merge tag 'samba-4.1.3' into v4-1-test
   via  bfdf098 smbd: Fix bug 10284
   via  9d44b17 s3-libnet: Use a const char for realm.
   via  c0eb9ee s3-vfs: Make glfs_set_preopened() static.
   via  8875b80 s3-vfs: Remove unused variable in vfs_glusterfs.
   via  e0bd27b examples: Fix scanf format in perf_writer_disk.
   via  8c059c0 s3-libsmb: Fix scanf format in parse_ace().
   via  41fc4a4 s3-utils: Fix scanf format in sharesec.
   via  25ba5fb s3-utils: Fix scanf format in smbacls.
   via  eabee6b testsuit: Fix fprintf format.
   via  e1826b8 s3-libsmb: Use the right macro to set uint16_t attr.
   via  03f9a7a printing: always store sytem job-ID in queue state
   via  15cd0e0 spoolss: return the spoolss job ID in notifications
   via  eb9fde4 s3-winbind: Pass the group name to fillup_pw_field().
   via  1788e66 s3-lib: Add grpname to talloc_sub_specified().
   via  e99d701 spoolss: accept XPS_PASS datatype used by Windows 8
   via  e668a11 docs: remove duplicate used from smb.conf manpage.
   via  a68ab7b docs: remove duplicate line from smb.conf manpage.
   via  e28f390 docs: remove duplicate must from smb.conf manpage.
   via  576e5af docs: remove duplicate on from smb.conf manpage.
   via  7d1b124 docs: remove duplicate or from smb.conf manpage.
   via  d17b1c1 docs: remove duplicate not from smb.conf manpage.
   via  5965734 docs: remove duplicate to from smb.conf manpage.
   via  75186f4 docs: remove duplicate the from smb.conf manpage.
   via  8a93864 docs: remove duplicate a from vfs_cacheprime manpage.
   via  2dbe943 docs: document remaining undocumented options in net 
manpage.
   via  cfc9d1e docs: add net registry import specific options in net 
manpage.
   via  c6d953e docs: add net rpc registry check specific options in net 
manpage.
   via  aaee748 docs: add net groupmap set specific options in net manpage.
   via  1176b53 docs: add net rpc share migrate specific options in net 
manpage.
   via  de44156 docs: add net idmap specific options in net manpage.
   via  b14e1bc docs: add net rpc vampire specific options in net manpage.
   via  d24edcd docs: mention more options in net manpage.
   via  5def0e7 docs: use popt.autohelp entity in samba.8 manpage.
   via  9358b50 docs: use popt.autohelp entity in smbd manpage.
   via  943d390 docs: use popt.autohelp entity in winbindd manpage.
   via  8d7651b docs: use popt.autohelp entity in nmbd manpage.
   via  4013bbf docs: fix ntlm_auth manpage.
   via  8e29981 docs: fix smbcontrol manpage.
   via  0b313d5 docs: use popt.autohelp entity in pdbedit manpage.
   via  1d10487 docs: fix testparm manpage.
   via  72ca1f4 docs: use popt.autohelp entity in dbwrap-tools manpage.
   via  dc0cf1b docs: document all long option names in nmblookup manpage.
   via  6dca50e docs: remove 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  6898c4d VERSION: Disable git snapshots for the 4.1.3 release.
   via  98833dc WHATSNEW: Add release notes for Samba 4.1.3.
   via  b89e14d CVE-2012-6150: Fail authentication for single group name 
which cannot be converted to sid
   via  d96f88c CVE-2013-4408:s3:Ensure LookupRids() replies arrays are 
range checked.
   via  c406802 CVE-2013-4408:s3:Ensure LookupNames replies arrays are 
range checked.
   via  ca5d6f5 CVE-2013-4408:s3:Ensure LookupSids replies arrays are range 
checked.
   via  066c6e3 CVE-2013-4408:s3:Ensure we always check call_id when 
validating an RPC reply.
   via  da5dfc7 CVE-2013-4408:s3:ctdb_conn: add some length verification to 
ctdb_packet_more()
   via  bdb643e CVE-2013-4408:libcli/util: add some size verification to 
tstream_read_pdu_blob_done()
   via  c4e31ea CVE-2013-4408:s3:util_tsock: add some overflow detection to 
tstream_read_packet_done()
   via  0ba0b27 CVE-2013-4408:async_sock: add some overflow detection to 
read_packet_handler()
   via  f71b390 CVE-2013-4408:s4:dcerpc_sock: check for invalid frag_len 
within sock_complete_packet()
   via  db102cd CVE-2013-4408:s4:dcerpc_smb2: check for invalid frag_len in 
send_read_request_continue()
   via  e5954aa CVE-2013-4408:s4:dcerpc_smb: check for invalid frag_len in 
send_read_request_continue()
   via  730027c CVE-2013-4408:s4:dcerpc: check for invalid frag_len in 
ncacn_pull()
   via  f557bfe CVE-2013-4408:s3:rpc_client: verify frag_len at least 
contains the header size
   via  895ce91 CVE-2013-4408:s3:rpc_client: check for invalid frag_len in 
dcerpc_pull_ncacn_packet()
   via  c4a1b2e CVE-2013-4408:librpc: check for invalid frag_len within 
dcerpc_read_ncacn_packet_next_vector()
   via  78b4989 CVE-2013-4408:librpc: check for invalid frag_len within 
dcerpc_read_ncacn_packet_done()
   via  dbe7531 VERSION: Bump version number up to 4.1.3...
  from  e1e735a VERSION: Disable git snapshots for the 4.1.2 release.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable


- Log -
commit 6898c4dbf993889a804e77dd6cb32e0be50f653f
Author: Karolin Seeger ksee...@samba.org
Date:   Tue Dec 3 12:19:11 2013 +0100

VERSION: Disable git snapshots for the 4.1.3 release.

Bug 10185 - CVE-2013-4408: DCERPC frag_len not checked
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10185

Bug 10306 - CVE-2012-6150: Fail authentication if user isn't member of *any*
require_membership_of specified groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10306
(BUG: https://bugzilla.samba.org/show_bug.cgi?id=10300)

Signed-off-by: Karolin Seeger ksee...@samba.org

commit 98833dc13ee71c1b6367c63e06a5b73a4bc457d7
Author: Karolin Seeger ksee...@samba.org
Date:   Fri Dec 6 19:45:57 2013 +0100

WHATSNEW: Add release notes for Samba 4.1.3.

Bug 10185 - CVE-2013-4408: DCERPC frag_len not checked
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10185

Bug 10306 - CVE-2012-6150: Fail authentication if user isn't member of *any*
require_membership_of specified groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10306
(BUG: https://bugzilla.samba.org/show_bug.cgi?id=10300)

Signed-off-by: Karolin Seeger ksee...@samba.org

commit b89e14d3c7a2dc3a47d2ffdc8b3412dde6186f1e
Author: Noel Power noel.po...@suse.com
Date:   Wed Oct 16 16:30:55 2013 +0100

CVE-2012-6150: Fail authentication for single group name which cannot be 
converted to sid

furthermore if more than one name is supplied and no sid is converted
then also fail.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10300
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10306

Signed-off-by: Noel Power noel.po...@suse.com
Reviewed-by: Andreas Schneider a...@samba.org
Reviewed-by: David Disseldorp dd...@samba.org
[dd...@samba.org: fixed incorrect bugzilla tag I added to master commit]

commit d96f88c91586c2aed60c9037eb86ffa6bb8259fb
Author: Jeremy Allison j...@samba.org
Date:   Thu Nov 7 22:41:22 2013 -0800

CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185

Signed-off-by: Jeremy Allison j...@samba.org
Signed-off-by: Stefan Metzmacher me...@samba.org

commit c406802cf767929c7016041da51fb512094a7f30
Author: Jeremy Allison j...@samba.org
Date:   Thu Nov 7 21:40:55 2013 -0800

CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185

Signed-off-by: Stefan Metzmacher me...@samba.org
Signed-off-by: Jeremy Allison j...@samba.org

commit ca5d6f5eed28350a7d0a5179e2d4ca31d0069959
Author: Jeremy Allison j...@samba.org
Date:   Thu Nov 7 20:38:01 2013 -0800

CVE-2013-4408:s3:Ensure LookupSids 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  e1e735a VERSION: Disable git snapshots for the 4.1.2 release.
   via  cbd6790 WHATSNEW: Add release notes for Samba 4.1.2.
   via  7c06360 util: Remove 32bit macros breaking strict aliasing.
   via  5df543b s3-winbindd: Fix #10264, cache_traverse_validate_fn failure 
for NDR cache entries.
   via  d815b15 Fix bug 10196 - RW Deny for a specific user is not 
overriding RW Allow for a group.
   via  4c108d4 Fix bug 10196 - RW Deny for a specific user is not 
overriding RW Allow for a group.
   via  2cfa1ef xattr: fix listing EAs on *BSD for non-root users
   via  a52afc3 VERSION: Bump version number up to 4.1.2...
   via  5e64b07 Merge tag 'samba-4.1.1' into v4-1-test
   via  6207530 s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled
   via  5cc42ac vfs: Fix some build warnings in glusterfs.
   via  289b7fa vfs: Fix building the glusterfs module.
   via  8db5ecc libcli/smb: fix smb2cli_ioctl*() against Windows 2008.
   via  67840df nsswitch: Fix short writes in winbind_write_sock
   via  05c9553 vfs_glusterfs: Fix excessive debug output from 
vfs_gluster_open().
   via  683ac33 vfs_glusterfs: Implement proper mashalling/unmarshalling of 
ACLs
   via  cfa1739 VFS plugin was sending the actual size of the volume 
instead of the total number of block units because of which windows was getting 
the wrong volume capacity.
   via  0e8f8b7 dfs_server: Use dsdb_search_one to catch 0 results as well 
as NO_SUCH_OBJECT errors
   via  0419b68 s4:dsdb/rootdse: report 'dnsHostName' instead of 
'dNSHostName'
   via  2a75290 dsdb/tests/ldap: fix test_ldapServiceName against w2k8r2
   via  06c6866 s3-winbind: Send online/offline message of the domain to 
the parent.
   via  944c3e5 s3-winbind: Register handlers for domain online/offline 
messages.
   via  393f6a8 s3-winbind: Add functions for domain online/offline 
handling.
   via  7ea11ba idl: Add a new message for winbind domain states.
   via  45a1cbb ccan: Fix calling memset with zero length parameter
   via  d932142 Fix bug #10187 - Missing talloc_free can leak stackframe in 
error path.
  from  32d78c8 VERSION: Disable git snapshots for the 4.1.1 release.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable


- Log -
---

Summary of changes:
 VERSION  |2 +-
 WHATSNEW.txt |   96 -
 dfs_server/dfs_server_ad.c   |   10 +-
 lib/ccan/tally/tally.c   |2 +-
 lib/replace/xattr.c  |4 +
 lib/util/byteorder.h |   52 +-
 libcli/smb/smb2cli_ioctl.c   |   33 +-
 nsswitch/wb_common.c |4 +-
 python/samba/join.py |   11 ++-
 python/samba/tests/posixacl.py   |  160 
 source3/librpc/idl/messaging.idl |2 +
 source3/modules/vfs_glusterfs.c  |  175 --
 source3/smbd/posix_acls.c|   81 +++---
 source3/winbindd/winbindd.c  |6 +
 source3/winbindd/winbindd_cache.c|3 +-
 source3/winbindd/winbindd_cm.c   |   62 +++
 source3/winbindd/winbindd_dual.c |5 +
 source3/winbindd/winbindd_msrpc.c|5 +-
 source3/winbindd/winbindd_proto.h|   10 ++
 source4/dsdb/samdb/ldb_modules/rootdse.c |2 +-
 source4/dsdb/tests/python/ldap.py|   12 ++-
 21 files changed, 521 insertions(+), 216 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index d7f0a02..c10ccb2 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=1
-SAMBA_VERSION_RELEASE=1
+SAMBA_VERSION_RELEASE=2
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 4c96f34..5e5cfab 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,96 @@
=
+   Release Notes for Samba 4.1.2
+ November 22, 2013
+   =
+
+
+This is is the latest stable release of Samba 4.1.
+
+
+Changes since 4.1.1:
+
+
+o   Jeremy Allison j...@samba.org
+* BUG 10187: Missing talloc_free can leak stackframe in error path.
+* BUG 10196: RW Deny for a specific user is not overriding RW Allow for a
+  group.
+
+
+o   Anand Avati av...@redhat.com
+* BUG 10224: vfs_glusterfs: Implement proper mashalling/unmarshalling of
+  ACLs.
+
+
+o   Andrew Bartlett abart...@samba.org
+* BUG 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  32d78c8 VERSION: Disable git snapshots for the 4.1.1 release.
   via  07be799 WHATSNEW: Add release notes for Samba 4.1.1.
   via  e737fc7 CVE-2013-4476: s4:libtls: check for safe permissions of tls 
private key file (key.pem)
   via  2ca3eae CVE-2013-4476: s4:libtls: Create tls private key file 
(key.pem) with mode 0600
   via  bc067d0 CVE-2013-4476: selftest/Samba4: use umask 0077 within 
mk_keyblobs()
   via  d6988a1 CVE-2013-4476: samba-tool provision: create 
${private_dir}/tls with mode 0700
   via  7fc2f97 CVE-2013-4476: lib-util: split out file_save_mode() from 
file_save()
   via  81e5048 CVE-2013-4476: lib-util: add file_check_permissions()
   via  afe7ffd Add regression test for bug #10229 - No access check 
verification on stream files.
   via  a2c4c0e Fix bug #10229 - No access check verification on stream 
files.
   via  ff0cd26 VERSION: Bump version number up to 4.1.1...
  from  a6fb418 VERSION: Bump version number up to 4.1.0...

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable


- Log -
commit 32d78c867eb259960736121146c7152934f3e6b3
Author: Karolin Seeger ksee...@samba.org
Date:   Fri Nov 8 11:04:28 2013 +0100

VERSION: Disable git snapshots for the 4.1.1 release.

Bug 10234 - CVE-2013-4476: key.pem world readable
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10234

Bug 10235 - CVE-2013-4475: No access check verification on stream files
(BUG: https://bugzilla.samba.org/show_bug.cgi?id=10229).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10235

Signed-off-by: Karolin Seeger ksee...@samba.org

commit 07be7991578578eaeb8eaa8a13588183a5f4b11c
Author: Karolin Seeger ksee...@samba.org
Date:   Fri Nov 8 11:00:06 2013 +0100

WHATSNEW: Add release notes for Samba 4.1.1.

Bug 10234 - CVE-2013-4476: key.pem world readable
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10234

Bug 10235 - CVE-2013-4475: No access check verification on stream files
(bug #10229: https://bugzilla.samba.org/show_bug.cgi?id=10229).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10235

Signed-off-by: Karolin Seeger ksee...@samba.org

commit e737fc794ebd614886ea16cb51850bceaf3ef2e0
Author: Björn Baumbach b...@sernet.de
Date:   Tue Oct 29 17:53:59 2013 +0100

CVE-2013-4476: s4:libtls: check for safe permissions of tls private key 
file (key.pem)

If the tls key is not owned by root or has not mode 0600 samba will not
start up.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Pair-Programmed-With: Stefan Metzmacher me...@samba.org

Signed-off-by: Björn Baumbach b...@sernet.de
Signed-off-by: Stefan Metzmacher me...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org

commit 2ca3eae4c50316a723ca9fcf8ec766d8b40b3908
Author: Björn Baumbach b...@sernet.de
Date:   Tue Oct 29 17:52:39 2013 +0100

CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 
0600

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Signed-off-by: Björn Baumbach b...@sernet.de
Reviewed-by: Stefan Metzmacher me...@samba.org

commit bc067d06682b796ab7abf6a05f103e7ebe0a4cef
Author: Stefan Metzmacher me...@samba.org
Date:   Wed Oct 30 14:48:36 2013 +0100

CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs()

We should generate private keys with 0600.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Pair-Programmed-With: Björn Baumbach b...@sernet.de

Signed-off-by: Stefan Metzmacher me...@samba.org
Signed-off-by: Björn Baumbach b...@sernet.de
Reviewed-by: Stefan Metzmacher me...@samba.org

commit d6988a14b4f82ff5bd6c48a61f8edd02f7b24aa6
Author: Björn Baumbach b...@sernet.de
Date:   Tue Oct 29 17:49:55 2013 +0100

CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 
0700

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Signed-off-by: Björn Baumbach b...@sernet.de
Reviewed-by: Stefan Metzmacher me...@samba.org

commit 7fc2f97fb1dcd85aa1cad461fe611f844d7a3c62
Author: Björn Baumbach b...@sernet.de
Date:   Tue Oct 29 17:48:11 2013 +0100

CVE-2013-4476: lib-util: split out file_save_mode() from file_save()

file_save_mode() writes files with specified mode.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Signed-off-by: Björn Baumbach b...@sernet.de
Reviewed-by: Stefan Metzmacher me...@samba.org

commit 81e50485bb2e623ca06a6dc2996877ccc31120b0
Author: Björn Baumbach b...@sernet.de
Date:   Tue Oct 29 17:43:17 2013 +0100

CVE-2013-4476: lib-util: add file_check_permissions()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Signed-off-by: Björn Baumbach b...@sernet.de
Reviewed-by: Stefan Metzmacher me...@samba.org

commit 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  a6fb418 VERSION: Bump version number up to 4.1.0...
   via  13b7959 WHATSNEW: Add release notes for Samba 4.1.0.
   via  82d6a43 doc: Update documentation of pam_winbind krb5 support.
   via  5a55cb6 s3-winbind: Add support for the kernel krb5 keyring buffer.
   via  58038f6 s3-winbind: Don't set a default directory for DIR.
   via  996415f Revert Support UPN_DNS_INFO in the PAC
   via  76c4a51 Merge tag 'samba-4.1.0rc4' into v4-1-test
   via  7160446 VERSION: Bump version up to 4.1.0rc5...
  from  fcf3fd6 VERSION: Disable git snapshots for the 4.1.0rc4 release.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable


- Log -
---

Summary of changes:
 VERSION  |2 +-
 WHATSNEW.txt |   34 +++--
 docs-xml/manpages/pam_winbind.conf.5.xml |   26 +++
 librpc/idl/krb5pac.idl   |   16 ++
 source3/winbindd/winbindd_pam.c  |4 +-
 5 files changed, 49 insertions(+), 33 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 74fa8d6..9576855 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
 # e.g. SAMBA_VERSION_RC_RELEASE=1  #
 #  -  3.0.0rc1  #
 
-SAMBA_VERSION_RC_RELEASE=4
+SAMBA_VERSION_RC_RELEASE=
 
 
 # To mark SVN snapshots this should be set to 'yes'#
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index c01cb70..857a7ce 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,10 +1,10 @@
-Release Announcements
-=
+   =
+   Release Notes for Samba 4.1.0
+ October 11, 2013
+   =
 
-This is the fourth release candidate of Samba 4.1.  This is *not*
-intended for production environments and is designed for testing
-purposes only.  Please report any defects via the Samba bug reporting
-system at https://bugzilla.samba.org/.
+
+This is is the first stable release of Samba 4.1.
 
 Samba 4.1 will be the next version of the Samba suite and includes
 all the technology found in both the Samba4 series and the stable 3.x
@@ -12,12 +12,7 @@ series. The primary additional features over Samba 3.6 are
 support for the Active Directory logon protocols used by Windows 2000
 and above.
 
-If you are upgrading, or looking to develop, test or deploy Samba 4.1
-releases candidates, you should backup all configuration and data.
-
-
-NEW FEATURES
-
+Major enhancements in Samba 4.1.0 include:
 
 Client tools support SMB2/3
 ===
@@ -126,6 +121,10 @@ REMOVED COMPONENTS
 ==
 
 The Samba Web Administration Tool (SWAT) has been removed.
+Details why SWAT has been removed can be found on the samba-technical mailing
+list:
+
+https://lists.samba.org/archive/samba-technical/2013-February/090572.html
 
 
 ##
@@ -166,6 +165,17 @@ o   David Disseldorp dd...@samba.org
   SMB2 FSCTL_SRV_COPYCHUNK request.
 
 
+CHANGES SINCE 4.1.0rc4
+==
+
+o   Stefan Metzmacher me...@samba.org
+* BUG 10178: Fix PAC parsing failure.
+
+
+o   Andreas Schneider a...@samba.org
+* BUG 10132: pam_winbindd: Support the KEYRING ccache type.
+
+
 CHANGES SINCE 4.1.0rc3
 ==
 
diff --git a/docs-xml/manpages/pam_winbind.conf.5.xml 
b/docs-xml/manpages/pam_winbind.conf.5.xml
index be7f684..725e809 100644
--- a/docs-xml/manpages/pam_winbind.conf.5.xml
+++ b/docs-xml/manpages/pam_winbind.conf.5.xml
@@ -106,16 +106,24 @@
termkrb5_ccache_type = [type]/term
listitempara
 
-   When pam_winbind is configured to try kerberos authentication by
-   enabling the parameterkrb5_auth/parameter option, it can
-   store the retrieved Ticket Granting Ticket (TGT) in a credential
-   cache. The type of credential cache can be controlled with this
-   option.  The supported values are: parameterFILE/parameter
-   and parameterDIR/parameter (when the DIR type is supported
-   by the system's Kerberos library). In case of FILE a credential
+   When pam_winbind is configured to try kerberos authentication
+   by enabling the parameterkrb5_auth/parameter option, it can
+   store the retrieved Ticket Granting Ticket (TGT) in a
+   credential cache. The type of credential cache can be
+   controlled with this option.  The supported 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  fcf3fd6 VERSION: Disable git snapshots for the 4.1.0rc4 release.
   via  0d483e2 VERSION: Disable git snapshots for the 4.1.0rc4 release.
   via  09c540e WHATSNEW: Update changes since rc3.
   via  74cac5c dsdb: Convert the full string from UTF16 to UTF8, including 
embedded NULLs
   via  2c98a54 dbcheck: Add back the elements that were wrongly removed 
from CN=Deleted Objects
   via  2c4f2c5 pydsdb: Raise a more useful exception when 
dsdb_wellknown_dn fails.
   via  c3e5353 pydsdb: Give KeyError when we fail a schema lookup in python
   via  f0e374f dbcheck: Ensure to always increase the error_count
   via  e7eb397 selftst: add tests based on 4.1.0rc3 to check for zero 
invocationID in replPropertyMetaData
   via  2fdacdd selftest: Add release-4-1-0rc3 saved provision
   via  bdab150 selftest: Only run referenceprovision and ldapcmp for the 
4.0.0 test
   via  476e03e selftest: Add script to assist in writing out a tree 
undump.sh can restore
   via  3f2907f dbcheck: Look for and fix the all-zero invocationID in 
replPropertyMetaData
   via  80c3c30 dsdb: Refuse to replicate an all-zero invocationID GUID in 
replPropertyMetaData
   via  f5c378e smb.conf: Fill out the ntvfs handler smb.conf page from 
source4/NEWS
   via  bb4d9a2 Remove NEWS file containing confusing information
   via  ee8a3ed Remove confusing TODO file
   via  39efc6f dsdb: Use WERR_DS_ATT_NOT_DEF_IN_SCHEMA for failed schema 
lookups
   via  b5b15ff dsdb-repl_meta_data: Make handling of Deleted Objects DN 
clearer in delete
   via  5c63561 dsdb-repl_meta_data: Do not re-delete the Deleted Objects 
DN during replication
   via  66f843e dsdb: Refuse to return an all-zero invocationID
   via  8158673 dsdb-repl_meta_data: Check for a NULL invocationID and do 
not proceed
   via  4ef85c7 python/drs: Ensure to pass in the local invocationID during 
the domain join
   via  b5866b1 WHATSNEW: Add changes since 4.1.0rc3.
   via  fd1583b torture3: Trigger a nasty cleanup bug in smbd
   via  3a5ae0c smbd: Fix flawed share_mode_stale_pid API
   via  9cfc001 smbd: Rename parameter i to idx
   via  252a2bc smbd: Don't store in-memory only flags in locking.tdb
   via  1706214 smbd: Simplify find_oplock_types
   via  4182c97 python-samba-tool fsmo: Do not give an error on a 
successful role transfer
   via  7f066b2 Fix bug 10162 - POSIX ACL mapping failing when setting DENY 
ACE's from Windows.
   via  9343c99 docs: point out side-effects of global valid users 
setting.
   via  78240de VERSION: Set version to 4.1.0rc4.
   via  676b5de libcli: continue to read from the socket even if the size 
is 0
   via  a75cbcd s3: libsmb - 10150 - Not all OEM servers support the 
ALTNAME info level.
   via  c69e7c3 s3: libsmb : Bug 10150 - Not all OEM servers support the 
ALTNAME info level.
   via  4e5e7e4 s3: libsmb SMB2 wrapper layer. cli_smb2_get_ea_list_path() 
failed to close file on exit.
   via  ee469fa libcli/smb: only check the SMB2 session setup signature if 
required and valid
   via  f851d26 libcli/smb: fix non mendatory signing against some vendor 
SMB2 servers.
   via  007ed89 Fix is_legal_name() to not emit character conversion error 
messages.
   via  8fd1e54 s3: libsmb : The short name length is only a one byte field.
   via  9a29d7e libcli/smb: use SMB1 MID=0 for the initial Negprot
   via  1e969dc s3:smb2_find: Return that timestamps do not exist as 
directories
   via  ebfa34b docs: Fix typos.
   via  def64cc Raise the level of a debug.
   via  4674cca WHATSNEW: Start to add changes since 4.1.0rc3.
   via  69cf874 docs: document acl allow execute always
   via  434ca3f s3:smbd: ease file server upgrades from 3.6 and earlier 
with acl allow execute aways
   via  3f749ac loadparm: add new parameter acl allow execute always
   via  c4166d0 dbwrap_ctdb: Treat empty records as non-existing
   via  7d791d5 VERSION: Bump version number up to 4.1.0...
   via  dd444e6 VERSION: Disable git snapshots for the 4.1.0rc3 release.
   via  3beda4c WHATSNEW: Update changes since 4.1.0rc2.
  from  6a03c81 VERSION: Disable git snapshots for the 4.1.0rc3 release.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable


- Log -
commit fcf3fd6478090e7bebb65d142edbd097ab260fc4
Merge: 6a03c817b3a0ef278d10893eafd327ee20bdca58 
0d483e25ce4aa53ad3968e947f88b175c8addc1b
Author: Karolin Seeger ksee...@samba.org
Date:   Fri Sep 27 12:35:31 2013 +0200

VERSION: Disable git snapshots for the 4.1.0rc4 release.

Merge commit 'origin/v4-1-test^' into v4-1-stable

---

Summary of changes:
 VERSION|2 +-
 WHATSNEW.txt   

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  6a03c81 VERSION: Disable git snapshots for the 4.1.0rc3 release.
   via  d9517d5 WHATSNEW: Update changes since 4.1.0rc2.
   via  cfa4e2a Optimization. Don't do the retry logic if sitename_fetch() 
returned NULL, we already did a NULL query.
   via  3912eeb9 Move the retry logic when site_name is passed in a NULL or 
 to the wrapper function.
   via  2d7fe2b Move the manipulation of site_name into the caller function 
dsgetdcname().
   via  0c046a4 Refactor dsgetdcname to be called via a wrapper function.
   via  a616bbc dsgetdcname_cache_fetch() doesn't use the site_name 
parameter so don't pass it.
   via  317f960 smbd: Correctly return INFO_LENGTH_MISMATCH for smb1
   via  26ac864 smbd: Fix error return for STREAM_INFO
   via  db4e8a7 smbd: Revert a93f9c3
   via  0e91fd6 smbd: Correctly return BUFFER_OVERFLOW in smb2_getinfo
   via  9444c6f smbd: Correctly return INFO_LENGTH_MISMATCH in smb2_getinfo
   via  b4427b9 smbd: qfsinfo has fixed/variable buffers
   via  3691f46 smbd: qfilepathinfo has fixed/variable buffers
   via  6ee8231 smbd: Use #defines in smb2_getinfo_send
   via  a9ef99c s3:smbd: allow info class SMB_QUERY_FS_ATTRIBUTE_INFO to 
return partial data
   via  25fbced s3:smbd: allow info class SMB_QUERY_FS_VOLUME_INFO to 
return partial data
   via  342afee s3:smbd: allow status code in smbd_do_qfsinfo() to be set 
by information class handler
   via  5e75d4b s3:smbd: allow GetInfo responses with 
STATUS_BUFFER_OVERFLOW to return partial, but valid data
   via  2b411e6 s3:smbd: return NT_STATUS_INFO_LENGTH_MISMATCH for GetInfo 
in case output_buffer_length is too small
   via  a654601 torture: Ensure that GSSAPI and SPNEGO packets are accepted 
by dlz_bind9
   via  1e653e4 selftest: Add a basic test of samba_upgradedns
   via  79b7888 selftest: Start internal DNS server on domain provisioned 
for BIND9_DLZ
   via  0d7c1f0 selftest: Test creation of the dns-SERVER account during 
selftest
   via  e00be93 scripting/samba_upgradedns: Tighten up exception and 
attribute list handling
   via  fee6fa5 scripting/join.py: Handle creating the dns-NAME account 
during a DC join
   via  e6cbc39 WHATSNEW: Add paragraph about SMB2/3 support for client 
tools/library.
   via  cf677c4 WHATSNEW: Add release notes for Samba 4.1.0rc3.
   via  bfd3cc3 python/provision: remove unused linklocal=False argument 
from interface_ips_v6()
   via  21708c1 s4:samba_upgradedns: don't pass linklocal=False to 
interface_ips_v6()
   via  10c1784 python/pyglue: filter out loopback and linklocal addresses 
unless all_interfaces is given
   via  ac1a309 client: add missing newlines to error messages for invalid 
iosize parameter.
   via  5ba00cf Add documentation for the new internal command timeout to 
smbclient.
   via  b455784 Add documentation for the new -t timeout parameter in 
smbclient.
   via  742c5c6 Fix the documentation of --encrypt to explain SMB3 
encryption for smbclient.
   via  4b3ce19 Fix the documentation of the iosize command to explain the 
new zero default for smbclient.
   via  bd16454 Fix the documentation for --send-buffersize for the new 
default value of zero for smbclient.
   via  11890a5 Expand on the documentation of -m max-protocol for SMB2/3 
for smbclient.
   via  cda1b51 Add -e encrypt transport command line option 
documentation for smbcacls.
   via  ff43be5 Add max protocol command line documentation for smbcacls.
   via  69058ee Add new timeout command and -t option to smbclient to set 
the per-operation timeout.
   via  c0aed70 As SMB3 has transport level encryption, allow smbclient -e 
to force encryted SMB3 transport.
   via  449503d Remove restrictions on setting iosize inside smbclient for 
SMB2 connections.
   via  947cd1d libsmb: Fix a bunch of Coverity IDs
   via  2fb817c s3:libsmb: call smb2cli_logoff() from cli_ulogoff()
   via  159b051 s3:libsmb: make cli_ulogoff_send/recv static
   via  409ab74 s3:libsmb: call smb2cli_tdis() from cli_tdis()
   via  9d2ecfe s3:libsmb: only set tcon to invalid in smb2cli_tdis*
   via  c935ba3 s3:libsmb: make cli_tdis_send/recv static
   via  26a1fd3 s3:libsmb: add support for SMB2 in cli_writeall()
   via  1d0a87e s3:libsmb: add SMB2 support to cli_pull*
   via  e9d7054 s3:libsmb: add SMB2 support to cli_push*
   via  bd104ef s3:libsmb: Plumb cli_smb2_set_security_descriptor() inside 
cli_set_security_descriptor().
   via  c774061 s3:libsmb: Plumb cli_smb2_query_security_descriptor() 
inside cli_query_security_descriptor().
   via  5ef4556 s3:libsmb: Plumb cli_smb2_qpathinfo_alt_name() inside 
cli_qpathinfo_alt_name().
   via  919cb48 s3:libsmb: Plumb cli_smb2_qpathinfo_basic() inside 
cli_qpathinfo_basic().
   via  e7ff8b9 s3:libsmb: Plumb cli_smb2_qfileinfo_basic() inside 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  589cb52 VERSION: Disable git snapshots for the 4.1.0rc2 release.
   via  8b468af WHATSNEW: Add release notes for Samba 4.1.0rc2.
   via  099fd4c Ensure gpfs kernel leases are wrapped in a 
become_root()/unbecome_root() pair.
   via  224ea46 Wrap setting leases in become_root()/unbecome_root() to 
ensure correct delivery of signals.
   via  cd0f88d Add torture tests to raw.eas to check sending Windows 
invalid names in the middle of an EA list.
   via  7f52ae9 Reply with correct trans2 message on a setpathinfo with a 
bad EA name.
   via  e413edd Ensure we do pathname processing before SD and EA 
processing in NTTRANS_CREATE.
   via  12d06fb Ensure we can't create a file using NTTRANS with an invalid 
EA list.
   via  b22b1bc Ensure we can't create a file using TRANS2_OPEN with an 
invalid EA list.
   via  2b165a1 Add error map of STATUS_INVALID_EA_NAME - ERRDOS, 
ERRbadfile
   via  65d4a4c Add the ability to send an NTSTATUS result back with a 
trans2 reply so we can return a parameter block with an error code.
   via  d3b9f6c Ensure we can't create a file using SMB2_CREATE with an 
invalid EA list.
   via  dc2320a Ensure we never return an EA name to a Windows client it 
can't handle.
   via  36bca02 Ensure set_ea cannot set invalid Windows EA names.
   via  a6df18d Add ea_list_has_invalid_name() function.
   via  4bf25ec nsswitch: Add OPT_KRB5CCNAME to avoid an error message.
   via  597846c s3: Remove old mode special substitution.
   via  1ed811b s4:server: avoid calling into nss_winbind from within 
'samba'
   via  8925c93 s4:rpc_server: make sure we don't terminate a connection 
with pending requests (bug #9820)
   via  3f86c28 s4-winbindd: Do not terminate a connection that is still 
pending (bug #9820)
   via  8e4d407 service_stream: Log if the connection termination is 
deferred or not (bug #9820)
   via  30b8af7 Fix bug 9678 - Windows 8 Roaming profiles fail
   via  2b6a6fd security.idl: add new security_secinfo bits
   via  34e6d50 samba-tool dbcheck: Correctly remove deleted DNs in dbcheck
   via  d0e3791 dsdb: Include MS-ADTS doc references on deleted object 
contstraints
   via  0a2a985 dsdb tests: Add member/memberOf checking to delete_objects 
testing
   via  7004a3d dsdb: Improve DRS deleted link source/target handing in 
repl_meta_data
   via  d6e1e12 dsdb: Ensure we always force deleted objects back under the 
deleted objects DN
   via  042b3e5 dsdb/repl_meta_data: split out replmd_deletion_state()
   via  20d8a33 dsdb: Prune deleted objects of links and extra attributes 
of replicated deletes
   via  a0a3b58 torture/drs: Expand an error message to aid debugging
   via  071b36b dsdb/samdb: use RECYCLED it implies DELETED...
   via  55f0779 selftest: ensure samba4.rpc.samr.large-dc.two.samr.many is 
always tested
   via  8cbc577 rpc_server-drsuapi: Improve comments and DEBUG lines
   via  5acbbd7 dsdb: Add assert in drepl_take_FSMO_role
   via  498c92d selftest: Ensure the DC has started and and got a RID set 
before we proceed
   via  6287ac3 dsdb-ridalloc: Rework ridalloc to return error strings 
where RID allocation fails
   via  e97dfe2 dsdb: Rework subtree_rename module to use recursive 
LDB_SCOPE_ONELEVEL searches
   via  75ef73f dsdb-descriptor: Do not do a subtree search unless we have 
child entries
   via  c4c3d7f Fix bug #10010 - Missing integer wrap protection in EA list 
reading can cause server to loop with DOS.
   via  2036f25 Fix bug #10010 - Missing integer wrap protection in EA list 
reading can cause server to loop with DOS.
   via  216b3f4 s4-lib/socket: Allocate a the larger sockaddr_un and not 
just a sockaddr_in in unixdom_get_my_addr()
   via  580b51c s4-lib/socket: Allocate a the larger sockaddr_un and not 
just a sockaddr_in in unixdom_get_peer_addr()
   via  4bbb4c8 docs-xml: Remove obsolete swat manpage and references.
   via  f65b92c pam_winbind: update documentation for DIR krb5ccname 
pragma.
   via  2978a06 s3-winbindd: support the DIR pragma for raw kerberos user 
pam authentication.
   via  60be5a7 wbinfo: allow to define a custom krb5ccname for kerberized 
pam auth.
   via  eb3b931 s3-waf: Rename regedit to samba-regedit.
   via  2e6fdd7 lib/param: sync debug related options with source3/param
   via  348cb51 lib/ldb-samba: only debug LDB_DEBUG_TRACE at level 10
   via  e92be34 lib/ldb-samba: make use of DBGC_LDB
   via  65fadd4 lib/util: add 'ldb' debug class
   via  2c8bd5b s3-winbind: Do not delete an existing valid credential 
cache.
   via  4e74c61 smbd: Fix a 100% loop at shutdown time
   via  54ee31e s3-smbstatus: display [u|g]id of -1 as -1 in connection 
list
   via  d07b694 s3-lib: hide incomplete smbXsrv_tcon_global records
   via  38841bb s3-lib: fix segf while reading 

[SCM] Samba Shared Repository - branch v4-1-stable updated

[Karolin Seeger]

The branch, v4-1-stable has been updated
   via  ae2e0a6 VERSION: Disable git snapshots for the 4.1.0rc1 release.
   via  55b3970 WHATSNEW: Some updates.
   via  fd036b8 WHATSNEW: Start release notes for Samba 4.1.0rc1.
   via  e5465d7 VERSION: Set version to 4.1.0rc1-GITSNAPSHOT.
   via  a0130c6 Merge remote-tracking branch 'origin/v4-1-test' into master
   via  e56343f VERSION: Set version to 4.1.0rc1-GITSNAPSHOT.
   via  af6d9ce tevent: Fix a typo
   via  0025e97 WHATSNEW: Start release notes for Samba 4.1.0rc1.
   via  a68cea6 docs: Fix typos in use ntdb section.
   via  2763cad dsdb-ridalloc: Fix RID pools - RID numbers increase too 
quickly
   via  d641469 Make the output of the crackname script more readable
   via  47bd903 s3-winbind: Allow sec_initial_uid() to store creds.
   via  c153e6c selftest: Use higher ip numbers.
   via  bb122b0 selftest: Add a newline to root entries in the nss files.
   via  6a0cb7d selftest: Fix domain name of plugindc.
   via  99c800b torture: Don't segfault in smb2.session on error.
   via  096ff2e torture: Don't segfault in raw.session on error.
   via  67c8f87 torture: Fix comparsion of uninitalized bytes.
   via  2536ee8 Make the output of the crackname script more readable
   via  caf3af3 s3-winbind: Allow sec_initial_uid() to store creds.
   via  a4af4fa selftest: Use higher ip numbers.
   via  d5511b1 selftest: Add a newline to root entries in the nss files.
   via  7392985 selftest: Fix domain name of plugindc.
   via  bf5bc72 torture: Don't segfault in smb2.session on error.
   via  d295e18 torture: Don't segfault in raw.session on error.
   via  474eee0 torture: Fix comparsion of uninitalized bytes.
   via  bef3fc8 tsocket: Pass the full port number to getaddrinfo().
   via  0b58eed tsocket: Pass the full port number to getaddrinfo().
   via  3d20d20 smbtorture: Make cracksname easier to debug by outputing 
the offered format
   via  74dd365 Fix a missing parenthesis in the LDAP search request
   via  af41eb6 docs-xml/manpages/smbclient.1.xml: fix case of -T flag in 
example.
   via  59462f2 winbindd and nmbd don't set their umask to zero on startup 
like smbd does.
   via  011dc52 sharesec: Document --view-all
   via  4da8984 sharesec: Document -v/--view
   via  780e2b0 sharesec: Implement --view-all
   via  4ee73fd s3:smbd/close remove filesystem lock before removing 
sharemode
   via  935992f s3:smbd/close use common exit path
   via  245b5ff s3:lib add mapping for ETXTBSY
   via  526f0df s3-ctdb: Fix auto-enabling of CTDB readonly support
   via  c9924eb s3:smbd/aio mark file as modified in the SMB2 case
   via  e65c532 nsswitch: fix a comment
   via  48ae86f heimdal_build: Add missing dep on samba4kgetcred
   via  7bf8fc7 torture: Add tests for LDAP substring search with no 
strings provided
   via  70cb7fd libcli/ldap: Cope with substring match with no chunks in 
ldap_push_filter
   via  4ca9639 ldb: bump version to allow a depencency on the substring 
crash fix
   via  1a279f7 ldb: Cope with substring match with no chunks in 
ldb_filter_from_tree
   via  32d0b75 Note how vfs_gpfs uses the acl map full control parameter.
   via  056e636 Add missing documentation for vfs_zfsacl.
   via  b00d9d2 Use existing acl map full control parameter to control 
the adding of the DELETE_CHILD parameter on NFSv4/ZFS/GPFS file ACE's.
   via  398ee49 s3/smbclient: fix incorrect command tab completions
   via  d544d17 build: Remove the struct MD5Context conf file check.
   via  9b88166 lsa4: Fix a set but unused variable warning
   via  0ee8650 ldb: Ensure not to segfault on a filter such as (mail=)
   via  bbe09b3 Add missing SMB2/SMB3 share capability flag define
   via  06e5401 lsa4: Fix a set but unused variable warning
   via  7d5daaa lsa4: Remove an unused variable
   via  2448fe3 lsa4: Remove an unused variable
   via  720b4d3 lsa4: Remove an unused variable
   via  6c49f90 Fix glusterfs backend crash found at the Microsoft interop 
event.
   via  b96cea4 Fix some blank line endings
   via  d2642cb dns: Fix CID 1034969 Uninitialized scalar variable
   via  ad86e2a s3:passdb/pdb_util make pdb_create_builtin consider whether 
backend deals with BUILTIN
   via  2d2d13e s3:passdb add a gid argument to pdb_create_builtin_alias
   via  212baed s3:utils/net_sam make use of pdb_create_builtin helper 
function
   via  df41835 s3:passdb expose pdb_create_builtin function
   via  6a048b4 s3:passdb/pdb_tdb add parameter to control handling of 
BUILTIN
   via  324b3cc s3:passdb/pdb_ldap remove an unnecessary check
   via  01e094b s3:passdb/pdb_ldap make the module handle well-known
   via  987de8a s3:passdb make pdb_sid_to_id honor backend responsibilities
   via  55dd9e6 s3:passdb/pdb_samba_dsdb make