The annotated tag, samba-4.18.8 has been created at 7676a3fa130eb567cdfd4cf18e6028570f357c41 (tag) tagging f1c0d4f1feb8105d22307e29150e0b7d59b5fed9 (commit) replaces samba-4.18.7 tagged by Jule Anger on Tue Oct 10 11:01:42 2023 +0200
- Log ----------------------------------------------------------------- samba: tag release samba-4.18.8 -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmUlEvYACgkQqplEL7aA tiC9HhAAq64Gp32TWA1seKgonOsnt0p2xV2+oFUXistazL80DonMxe9hlEdRV/ZP lVdj0pe5bIUCXCg27IyMBk7cy3+03FvXKibASROgRRMZ/zW261C9P5bHdeFwezBp QJEdQuTv2NJ65HZeiqhi0XibRY0cK9lJ6Eoq0/E5UdJvQtoGzTiW5KxID6TlzzVs KQRZmxxbmAFgtqm7eju9+43foTM5LVMfori4DfaqiJnTyw9tYJDKH61q24j+BY7S +J75ha65XdxVoQD/IgnrMOSfr/9islxsAO6fiWPkDv+fc3HxdeMioHe5FE/GRgm8 aLhZuqi7e0JE9zEw6CqBpGA1UvuzEu4uEioOA/7xob+R61/NMAP8JRnC6McyTq2q s/aCoLIrd1CCXT2/Cek97mAldh4l7A4ZCKy1A9qWEACC9ttpWvpJ0sWE9kF8idTX eLU4cuw1cMF2ePaRvdNUcPpv+y22W77n5sCwpGWtA4kyrt4Q1aJmmPmZhu7St5yu sNi1j2+Eo353fVJmM+/zpPVGEpcqs+aaWAUktJA5C1wQlZSGWhIbjoLUwiW37wid 6cXvWoaH6wsYxb5uEt9Wd5+0XhlMs4fo4ILVgJxi97rRLR82FLZsA2HkN6rCZV7I Ey3aLzQ/TTc8FBjuQQMMekZYTgoK8RK6GgKKHKrW4BCn21N4nR4= =MoPM -----END PGP SIGNATURE----- Andreas Schneider (1): CVE-2023-4154 s4:dsdb:tests: Fix code spelling Andrew Bartlett (13): CVE-2023-4154 dsdb: Remove remaining references to DC_MODE_RETURN_NONE and DC_MODE_RETURN_ALL CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force() CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential at the start CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever. CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive matches once CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE behaviour CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup Jeremy Allison (3): CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit socket_dir. CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow bad pipenames with unix separators through to the UNIX domain socket code. CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames. Joseph Sutton (2): CVE-2023-4154 s4:dsdb:tests: Refactor confidential attributes test CVE-2023-4154 s4-dsdb: Remove DSDB_ACL_CHECKS_DIRSYNC_FLAG Jule Anger (3): VERSION: Bump version up to Samba 4.18.8... WHATSNEW: Add release notes for Samba 4.18.8. VERSION: Disable GIT_SNAPSHOT for the 4.18.8 release. Ralph Boehme (2): CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file CVE-2023-4091: smbd: use open_access_mask for access check in open_file() Stefan Metzmacher (7): CVE-2023-4154 python:sd_utils: introduce update_aces_in_dacl() helper CVE-2023-4154 python:sd_utils: add dacl_{prepend,append,delete}_aces() helpers CVE-2023-4154 py_security: allow idx argument to descriptor.[s|d]acl_add() CVE-2023-4154 python/samba/ndr: add ndr_deepcopy() helper CVE-2023-4154 replace: add ARRAY_INSERT_ELEMENT() helper CVE-2023-4154 libcli/security: prepare security_descriptor_acl_add() to place the ace at a position CVE-2023-4154 libcli/security: add security_descriptor_[s|d]acl_insert() helpers ----------------------------------------------------------------------- -- Samba Shared Repository