[SCM] Samba Shared Repository - branch v4-2-stable updated
The branch, v4-2-stable has been updated via c7c5fe1 VERSION: Disable git snapshots for the 4.2.14 release. via eb480ea WHATSNEW: Add release notes for Samba 4.2.14. via 13437f9 CVE-2016-2019: s3:selftest: add regression tests for guest logins and mandatory signing via db256b6 CVE-2016-2019: s3:libsmb: add comment regarding smbXcli_session_is_guest() with mandatory signing via b9200a6 CVE-2016-2019: libcli/smb: don't allow guest sessions if we require signing via 7e73588 ctdb-common: For AF_PACKET socket types, protocol is in network order via 8368f6f ctdb-common: Use documented names for protocol family in socket() via ea9ddb4 ctdb-common: Protocol argument must be in host order for socket() call via 434aaaf dcerpc.idl: remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE via f772649 s4:rpc_server: use a variable for the max total reassembled request payload via d069b66 s4:librpc/rpc: allow a total reassembled response payload of 240 MBytes via 6509689 dcerpc.idl: add DCERPC_NCACN_{REQUEST,RESPONSE}_DEFAULT_MAX_SIZE via 9c6e913 VERSION: Bump version up to 4.2.14... from f03201a VERSION: Disable git snapshots for the 4.2.13 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable - Log - commit c7c5fe127366aa8edb69247f80a4e015969cf1b3 Author: Karolin SeegerDate: Tue Jul 5 12:58:16 2016 +0200 VERSION: Disable git snapshots for the 4.2.14 release. CVE-2016-2119: Client side SMB2 signing downgrade. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860 Signed-off-by: Karolin Seeger commit eb480ea5ee84ca73519b8b9667664cff0aa04e1f Author: Karolin Seeger Date: Tue Jul 5 12:57:02 2016 +0200 WHATSNEW: Add release notes for Samba 4.2.14. CVE-2016-2119: Client side SMB2 signing downgrade. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860 Signed-off-by: Karolin Seeger commit 13437f93b7bf52eefe8dfa824e31b24722f9ea44 Author: Stefan Metzmacher Date: Thu Apr 28 02:24:52 2016 +0200 CVE-2016-2019: s3:selftest: add regression tests for guest logins and mandatory signing BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860 Signed-off-by: Stefan Metzmacher commit db256b6163fc010b4d895366327a81ee7e0eb24a Author: Stefan Metzmacher Date: Thu Apr 28 02:36:35 2016 +0200 CVE-2016-2019: s3:libsmb: add comment regarding smbXcli_session_is_guest() with mandatory signing BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860 Signed-off-by: Stefan Metzmacher commit b9200a6fe1f2e78d714420d162e00590de6827b0 Author: Stefan Metzmacher Date: Wed Apr 20 11:26:57 2016 +0200 CVE-2016-2019: libcli/smb: don't allow guest sessions if we require signing Note real anonymous sessions (with "" as username) don't hit this as we don't even call smb2cli_session_set_session_key() in that case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860 Signed-off-by: Stefan Metzmacher commit 7e73588cdd3280a1866c27a9309cb5fc65b21a00 Author: Amitay Isaacs Date: Thu Mar 3 14:17:40 2016 +1100 ctdb-common: For AF_PACKET socket types, protocol is in network order BUG: https://bugzilla.samba.org/show_bug.cgi?id=11770 From man page of packet(7): protocol is the IEEE 802.3 protocol number in network byte order. See the include file for a list of allowed protocols. When protocol is set to htons(ETH_P_ALL), then all protocols are received. Protocol argument was changed from network order to host order wrongly in commit 9f8395cb7d49b63a82f75bf504f5f83920102b29. Specifying "protocol" field to socket(AF_PACKET, ...) call only affects the packets that are recevied. So use protocol = 0 when sending raw packets. Signed-off-by: Amitay Isaacs Reviewed-by: Martin Schwenke Autobuild-User(master): Martin Schwenke Autobuild-Date(master): Fri Mar 4 12:58:50 CET 2016 on sn-devel-144 (cherry picked from commit f5b6a5b13406c245ab9cc8c1699483af9eb21f88) commit 8368f6fb9617f066d88deb41da902c5c59aa280e Author: Amitay Isaacs Date: Fri Jan 29 00:06:18 2016 +1100 ctdb-common: Use documented names for protocol family in socket() Instead of using PF_*, use AF_*. https://bugzilla.samba.org/show_bug.cgi?id=11705 Signed-off-by: Amitay Isaacs Reviewed-by: Volker Lendecke (cherry picked from commit
[SCM] Samba Shared Repository - branch v4-2-stable updated
The branch, v4-2-stable has been updated via f03201a VERSION: Disable git snapshots for the 4.2.13 release. via 1ff9b09 WHATSNEW: Add release notes for Samba 4.2.13. via 3af9006 s3: krb5: keytab - The done label can be jumped to with context == NULL. via 4759f64 smbd: Fix an assert via 0ab3ef3 s3: auth: Move the declaration of struct dom_sid tmp_sid to function level scope. via 615516b s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT via b6c9438 s3:smbd: fix anonymous authentication if signing is mandatory via 93155fa s3:ntlm_auth: make ntlm_auth_generate_session_info() more complete via e410d79 libcli/auth: let msrpc_parse() return talloc'ed empty strings via 0ef06ee VERSION: Bump version up to 4.2.12... from e4e16a1 VERSION: Disable git snapshots for the 4.2.12 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 58 ++-- libcli/auth/msrpc_parse.c| 24 ++--- source3/auth/token_util.c| 2 +- source3/libads/kerberos_keytab.c | 18 ++--- source3/rpcclient/rpcclient.c| 13 - source3/smbd/oplock.c| 1 + source3/smbd/sesssetup.c | 8 -- source3/utils/ntlm_auth.c| 51 +++ 9 files changed, 151 insertions(+), 26 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 9c39699..fb30286 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=2 -SAMBA_VERSION_RELEASE=12 +SAMBA_VERSION_RELEASE=13 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 8b3fcc8..d061b6c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,59 @@ == + Release Notes for Samba 4.2.13 +June 17, 2016 + == + + +Although Samba 4.2 is in the security only mode, the Samba Team decided to ship +this very last bug fix release to address some important issues. + + +Changes since 4.2.12: +- + +o Jeremy Allison+ * BUG 10618: s3: auth: Move the declaration of struct dom_sid tmp_sid to + function level scope. + * BUG 11959: s3: krb5: keytab - The done label can be jumped to with + context == NULL. + + +o Volker Lendecke + * BUG 11844: smbd: Fix an assert. + + +o Stefan Metzmacher + * BUG 11910: s3:smbd: Fix anonymous authentication if signing is mandatory. + * BUG 11912: libcli/auth: Let msrpc_parse() return talloc'ed empty strings. + * BUG 11914: s3:ntlm_auth: Make ntlm_auth_generate_session_info() more + complete. + * BUG 11927: s3:rpcclient: Make use of SMB_SIGNING_IPC_DEFAULT. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 4.2.12 May 02, 2016 == @@ -124,8 +179,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- == diff --git a/libcli/auth/msrpc_parse.c b/libcli/auth/msrpc_parse.c index d499d9e..74a7bcc 100644 --- a/libcli/auth/msrpc_parse.c +++ b/libcli/auth/msrpc_parse.c @@ -262,7 +262,11 @@ bool msrpc_parse(TALLOC_CTX *mem_ctx, ps = va_arg(ap, char **); if
[SCM] Samba Shared Repository - branch v4-2-stable updated
The branch, v4-2-stable has been updated via e4e16a1 VERSION: Disable git snapshots for the 4.2.12 release. via 4ce9415 WHATSNEW: Add release date. via 7f48c16 WHATSNEW: Last bugfix release. via a107bcb WHATSNEW: Update release notes. via ec6c73a s3:selftest: add smbclient_ntlm tests via 53ce995 selftest:Samba4: let fl2000dc use Windows2000 style SPNEGO/NTLMSSP via ea33b55 selftest:Samba4: let fl2000dc use Windows2000 supported_enctypes via f83d138 s3:test_smbclient_auth.sh: this script reqiures 5 arguments via 89bc1eb selftest:Samba4: provide DC_* variables for fl2000dc and fl2008r2dc via 7f1596f auth/ntlmssp: add ntlmssp_{client,server}:force_old_spnego option for testing via e23df9d auth/spnego: add spnego:simulate_w2k option for testing via 30f511f auth/ntlmssp: do map to guest checking after the authentication via 2ceed5d s3:smbd: only mark real guest sessions with the GUEST flag via a2e3c76 s3:smbd: make use SMB_SETUP_GUEST constant via 4b5e95a libcli/security: implement SECURITY_GUEST via 5f10f25 s3:auth_builtin: anonymous authentication doesn't allow a password via 00f2691 s4:auth_anonymous: anonymous authentication doesn't allow a password via d7e9f09 auth/spnego: only try to verify the mechListMic if signing was negotiated. via 40c1d53 s3:libsmb: use anonymous authentication via spnego if possible via 0eebd68 s3:libsmb: don't finish the gensec handshake for guest logins via 163b9ac s3:libsmb: record the session setup action flags via 5c18afa libcli/smb: add smbXcli_session_is_guest() helper function via d84dde7 libcli/smb: add SMB1 session setup action flags via 1b1ae2b libcli/smb: add smb1cli_session_set_action() helper function via bba0194 libcli/smb: fix NULL pointer derreference in smbXcli_session_is_authenticated(). via 8c6865d s3:libsmb: use password = NULL for anonymous connections via abbb1ab auth/ntlmssp: don't require NTLMSSP_SIGN for smb connections via 9dc49c9 auth/ntlmssp: don't require any flags in the ccache_resume code via 26351cd auth/spnego: handle broken mechListMIC response from Windows 2000 via 44ddc56 auth/spnego: change log level for 'Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR' via e17baf8 s3:librpc:crypto:gse: increase debug level for gse_init_client(). via d82ec8a lib:krb5_wrap:krb5_samba: increase debug level for smb_krb5_get_default_realm_from_ccache(). via 64df993 s3:libads/sasl: allow wrapped messages up to a size of 0xfff via 2bebe80 s4:gensec_tstream: allow wrapped messages up to a size of 0xfff via 65cdf7e WHATSNEW: Start release notes for Samba 4.2.12. via e3a7138 configure: Don't check for inotify on illumos via e16c8ed nwrap: Fix the build on Solaris via aec25b0 libads: record session expiry for spnego sasl binds via 9729bdc build: mark explicit dependencies on pytalloc-util via e29becc s3:wscript: pylibsmb depends on pycredentials via 452d393 libsmb/pysmb: add pytalloc-util dependency to fix the build. via cb827b7 pydsdb: Fix returning of ldb.MessageElement. via 513b5d7 pydsdb: Also accept ldb.MessageElement values to dsdb routines via 75f26e3 vfs_catia: Fix bug 11827, memleak via b7e46c1 tevent: version 0.9.28 via a8fb85f lib: tevent: Fix memory leak reported by Pavel Březinawhen old signal action restored. via 331383c tevent: version 0.9.27 via c496c85 Fix ETIME handling for Solaris event ports. via a10d492 tevent: Only set public headers field when installing as a public library. via 0345678 Simplify handling of dependencies on external libraries in test_headers. via 06a87da lib: tevent: Whitespace cleanup. via 1ca26ea lib: tevent: Fix bug in poll backend - poll_event_loop_poll() via 316ce07 tevent: version 0.9.26 via 78f5f86 lib: tevent: docs: Add tutorial on thread usage. via b88f6e9 lib: tevent: tests: Add a second thread test that does request/reply. via a050245 lib: tevent: Initial test of tevent threaded context code. via 46d3bb7 lib: tevent: Initial checkin of threaded tevent context calling code. via 4882bde VERSION: Bump version up to 4.2.12 via 47f3a1f Merge tag 'samba-4.2.11' into v4-2-test via 0dd1749 smbd: Only check dev/inode in open_directory, not the full stat() via ffccce5 s3:smbd: add negprot remote arch detection for OSX via bd11d39 s3:smbd: rework negprot remote arch detection via 0108e51 VERSION: Bump version up to 4.2.10... via a93f708 Merge tag 'samba-4.2.9' into v4-2-test via fe4a09d Real memeory leak(buildup) issue in loadparm. via
[SCM] Samba Shared Repository - branch v4-2-stable updated
The branch, v4-2-stable has been updated via c0aa427 VERSION: Disable git snapshots for the 4.2.9 release. via c3eeba3 WHATSNEW: Add release notes for Samba 4.2.9. via 981cbe1 CVE-2016-0771: tests/dns: Remove dependencies on env variables via 4dfa41d CVE-2016-0771: tests/dns: change samba.tests.dns from being a unittest via 409ec58 CVE-2016-0771: tests: rename test getopt to get_opt via 93662cf CVE-2016-0771: tests/dns: RPC => DNS roundtrip test via b9c595f CVE-2016-0771: dnsserver: don't force UTF-8 for TXT via 43de2c0 CVE-2016-0771: tests/dns: modify tests to check via RPC via 18a1a7c CVE-2016-0771: tests/dns: Add some more test cases for TXT records via 1cae991 CVE-2016-0771: tests/dns: Correct error code for formerly unrun test via ffe5757 CVE-2016-0771: tests/dns: restore formerly segfaulting test via 9f1f669 CVE-2016-0771: tests/dns: Add a comment regarding odd Windows behaviour via 5462a4c CVE-2016-0771: tests/dns: FORMERR can simply timeout against Windows via 356cc26 CVE-2016-0771: tests/dns: prepare script for further testing via d076289 CVE-2016-0771: tests/dns: Modify dns tests to match new IDL via 9c50144 CVE-2016-0771: dns.idl: make use of dnsp_hinfo via 50972cc CVE-2016-0771: s4:dns_server: fix idl for dns_txt_record via 69a4def CVE-2016-0771: librpc: add ndr_dnsp_string_list_copy() helper function via 192a619 CVE-2016-0771: librpc: add RPC_NDR_DNSSERVER to dcerpc-samba library via 8070e38 CVE-2016-0771: s4:librpc: python_dns and python_dcerpc_dnsp doesn't require client bindings via 6296447 CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA test. via db00d27 CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL test. via 6122a71 CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX cli_posix_setacl() functions. Needed for tests. via 10e5700 CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX() functions to cli_posix_getacl() as they operate on pathnames. via 5923745 CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink. via e77fb42 CVE-2015-7560: s3: smbd: Silently return no EA's available on a symlink. via ef5f235 CVE-2015-7560: s3: smbd: Set return values early, allows removal of code duplication. via 3898806 CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a symlink. via cb5b446 CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a symlink. via 478ed76 CVE-2015-7560: s3: smbd: Refuse to set an ACL from a POSIX file handle on a symlink. via cc73ba9 CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX file handle on a symlink. via e20deaf CVE-2015-7560: s3: smbd: Add refuse_symlink() function that can be used to prevent operations on a symlink. via 0549f6e VERSION: Bump version up to 4.2.9... from ba74960 VERSION: Disable git snapshots for the 4.2.8 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable - Log - commit c0aa42785d6b942b58a167da80f5e64385beff02 Author: Karolin SeegerDate: Wed Feb 24 12:23:53 2016 +0100 VERSION: Disable git snapshots for the 4.2.9 release. Signed-off-by: Karolin Seeger commit c3eeba393fb92e006597fffb09720ce33be5795b Author: Karolin Seeger Date: Wed Feb 24 12:22:26 2016 +0100 WHATSNEW: Add release notes for Samba 4.2.9. CVE-2015-7560 Getting and setting Windows ACLs on symlinks can change permissions on link target. CVE-2016-0771: Read of uninitialized memory DNS TXT handling Signed-off-by: Karolin Seeger commit 981cbe1e9be9de8d9775ba1fc9a53b2f719472d6 Author: Garming Sam Date: Fri Jan 29 17:28:54 2016 +1300 CVE-2016-0771: tests/dns: Remove dependencies on env variables Now that it is invoked as a normal script, there should be less of them. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Garming Sam Reviewed-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett commit 4dfa41df9a87cb4793de3e9cd36d9b38f215d7cb Author: Garming Sam Date: Fri Jan 29 17:03:56 2016 +1300 CVE-2016-0771: tests/dns: change samba.tests.dns from being a unittest This makes it easier to invoke, particularly against Windows. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Garming Sam Reviewed-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett commit
[SCM] Samba Shared Repository - branch v4-2-stable updated
The branch, v4-2-stable has been updated via ba74960 VERSION: Disable git snapshots for the 4.2.8 release. via 4464e65 WHATSNEW: Add release notes for Samba 4.2.8. via be4f52b s4:torture: add SMB2 test for directory creation initial allocation size via e33472d s3:smbd: Ignore initial allocation size for directory creation via 279246d smbcacls: fix uninitialized variable via d63f0b11 s3:smbd/oplock obey kernel oplock setting when releasing oplocks via c1f06fe s3:smbd: fix a corner case of the symlink verification via 6b1c418 s3: libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections. via 76213b0 vfs_streams_xattr: fix and simplify streams_xattr_get_name() via 73dac61 vfs_fruit: hide the Netatalk metadata xattr in streaminfo via 9bedefb vfs_fruit: add and use define for the Netatalk metadata xattr via 6d7e711 s4:torture:vfs_fruit: add test test_read_afpinfo via 985d331 s4:torture:vfs_fruit: add tests for AFP_Resource delete-on-close and eof via 3892a74 vfs_fruit: ignore delete on the AFP_Resource stream via a48eb89 s4:torture:vfs_fruit: update AFP_AfpInfo IO tests via c99c910 vfs_fruit: fix offset and len handling for AFP_AfpInfo stream via d8511c0 s4:torture:vfs_fruit: test nulling out AFP_AfpInfo stream via 293363b vfs_fruit: writing all 0 to AFP_AfpInfo stream via 95699b3 s4:torture:vfs_fruit: add tests for AFP_AfpInfo delete-on-close and eof via 642b62b vfs_fruit: handling of ftruncate() on AFP_AfpInfo stream via a4e0639 s4:torture:vfs_fruit: file without AFP_AfpInfo via d26b979 vfs_fruit: stat AFP_AfpInfo must fail when it doesn't exist via aa95842 vfs_fruit: fix some debug messages via 8a25a0a s3:lib/errmap_unix: map EOVERFLOW to NT_STATUS_ALLOTTED_SPACE_EXCEEDED via b32587e s4:torture:vfs_fruit: fix flakey test_write_atalk_rfork_io with OS X via 7b2f35b s4:torture:vfs_fruit: fix test_rename_dir_openfile() to work with OS X via b8512d4 s4:torture:vfs_fruit: fix test_aapl() to work with OS X via 08f61fa s4:torture:vfs_fruit: skip test_stream_names() without "localdir" via 4d7b2ab s4:torture:vfs_fruit: skip test_adouble_conversion() without "localdir" via 6a9f21c s4:torture:vfs_fruit: skip test test_read_atalk_metadata() without "localdir" and rename it via 6dba57e s4:torture:vfs_fruit: add explicit cleanup of testfiles via 432e9a1 s4:torture:vfs_fruit: add --option=torture:osx for enable_aapl() via 3bf1846 s4:torture:vfs_fruit: enhance check_stream via b883c09 s4:torture:vfs_fruit: use AFPINFO_STREAM_NAME via 62a455a s4:torture:vfs_fruit: tweak check_stream_list() via 4eeb6db s4:torture:vfs_fruit: rename tree1 -> tree via 468c551 s4:torture:vfs_fruit: remove unused tree2 via 2028bac docs: Fix typos in man vfs_gpfs. via fd92549 smbd: make "hide dot files" option work with "store dos attributes = yes" via 6d1ee8b lib/async_req: do not install async_connect_send_test. via 3f05db5 lib/param: add a fixed unified lpcfg_string_{free,set,set_upper}() infrastructure via 417eca7 s4:torture:vfs_fruit: add a test for POSIX rename via 8b3e19b vfs_fruit: enable POSIX directory rename semantics via 3a1a67e vfs_fruit: add a flag that tracks whether use of AAPL was negotiated via b5a081b s3:smbd: file_struct: seperate POSIX directory rename cap from POSIX open via c91214f s3:smbd: convert file_struct.posix_open to a bitmap with flags via b73894c VERSION: Bump version up to 4.2.8... via f51d78c Merge tag 'samba-4.2.7' into v4-2-test via b8077d8 Fix bug #11394 - Crash: Bad talloc magic value - access after free from add4fe9 VERSION: Disable git snapshots for the 4.2.7 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable - Log - --- Summary of changes: VERSION |2 +- WHATSNEW.txt| 76 +- docs-xml/manpages/vfs_gpfs.8.xml|6 +- lib/async_req/wscript_build |3 +- lib/dbwrap/dbwrap_rbt.c | 208 +++--- lib/param/loadparm.c| 56 +- source3/include/vfs.h | 12 +- source3/lib/errmap_unix.c |3 + source3/libsmb/libsmb_server.c |4 +- source3/locking/locking.c |3 +- source3/modules/vfs_acl_common.c|4 +- source3/modules/vfs_fruit.c | 185 +++-- source3/modules/vfs_streams_xattr.c | 39 +- source3/param/loadparm.c| 212 +++--- source3/selftest/tests.py |4 +- source3/smbd/close.c|6 +-
[SCM] Samba Shared Repository - branch v4-2-stable updated
The branch, v4-2-stable has been updated via add4fe9 VERSION: Disable git snapshots for the 4.2.7 release. via e59d852 WHATSNEW: Add release notes for Samba 4.2.7. via 2483d66 CVE-2015-8467: samdb: Match MS15-096 behaviour for userAccountControl via 41e1e8b CVE-2015-5296: libcli/smb: make sure we require signing when we demand encryption on a session via 3e8f112 CVE-2015-5296: s3:libsmb: force signing when requiring encryption in SMBC_server_internal() via 05d09fb CVE-2015-5296: s3:libsmb: force signing when requiring encryption in do_connect() via 1d8efe6 CVE-2015-5299: s3-shadow-copy2: fix missing access check on snapdir via 79e5023 CVE-2015-5252: s3: smbd: Fix symlink verification (file access outside the share). via 6dc18a6 ldb: bump version of the required system ldb to 1.1.24 via aa68bd3 CVE-2015-5330: ldb_dn_explode: copy strings by length, not terminators via 75b3ce6 CVE-2015-5330: next_codepoint_handle_ext: don't short-circuit UTF16 low bytes via 9c06833 CVE-2015-5330: strupper_talloc_n_handle(): properly count characters via 405170b CVE-2015-5330: Fix handling of unicode near string endings via 06f2d95 CVE-2015-5330: ldb_dn_escape_value: use known string length, not strlen() via 813ecea CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal() via 3c68b50 CVE-2015-3223: lib: ldb: Use memmem binary search, not strstr text search. via 9c7e988 CVE-2015-3223: lib: ldb: Cope with canonicalise_fn returning string "", length 0. via 5f9d311 VERSION: Bump version up to 4.2.7... from 0a7b693 VERSION: Disable git snapshots for the 4.2.6 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable - Log - commit add4fe9079dda8fb0bfd9763da85d65ed0063523 Author: Karolin SeegerDate: Thu Dec 10 12:49:10 2015 +0100 VERSION: Disable git snapshots for the 4.2.7 release. Signed-off-by: Karolin Seeger commit e59d852d7dbc828ca810180a62189c96d68d8104 Author: Karolin Seeger Date: Thu Dec 10 12:24:44 2015 +0100 WHATSNEW: Add release notes for Samba 4.2.7. This is a security to address CVE-2015-3223, CVE-2015-5252, CVE-2015-5299, CVE-2015-5296, CVE-2015-8467, CVE-2015-5330. Signed-off-by: Karolin Seeger commit 2483d66af2a298e1722dbe45ccadddf609817d67 Author: Andrew Bartlett Date: Wed Nov 18 17:36:21 2015 +1300 CVE-2015-8467: samdb: Match MS15-096 behaviour for userAccountControl Swapping between account types is now restricted Bug: https://bugzilla.samba.org/show_bug.cgi?id=11552 Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison Reviewed-by: Ralph Boehme commit 41e1e8b9a25ef1052258f4355e2d2c2f41e29b14 Author: Stefan Metzmacher Date: Wed Sep 30 21:23:25 2015 +0200 CVE-2015-5296: libcli/smb: make sure we require signing when we demand encryption on a session BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison commit 3e8f1123b2f89951b498d3d9a9af7f8dd68038c9 Author: Stefan Metzmacher Date: Wed Sep 30 21:17:02 2015 +0200 CVE-2015-5296: s3:libsmb: force signing when requiring encryption in SMBC_server_internal() BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison commit 05d09fb2415f386ce9f2a3f4a86d10ef1abca020 Author: Stefan Metzmacher Date: Wed Sep 30 21:17:02 2015 +0200 CVE-2015-5296: s3:libsmb: force signing when requiring encryption in do_connect() BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison commit 1d8efe6abf1c98f62f07c4c4b869d8169d6904b4 Author: Jeremy Allison Date: Fri Oct 23 14:54:31 2015 -0700 CVE-2015-5299: s3-shadow-copy2: fix missing access check on snapdir Fix originally from https://bugzilla.samba.org/show_bug.cgi?id=11529 Signed-off-by: Jeremy Allison Reviewed-by: David Disseldorp commit 79e5023a77b851b60a3a3e723013539f1e39b99b Author: Jeremy Allison Date: Thu Jul 9 10:58:11 2015 -0700 CVE-2015-5252: s3: smbd: Fix symlink verification (file access outside the share). Ensure matching component ends in '/' or '\0'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395 Signed-off-by: Jeremy Allison
[SCM] Samba Shared Repository - branch v4-2-stable updated
The branch, v4-2-stable has been updated via 0a7b693 VERSION: Disable git snapshots for the 4.2.6 release. via a6f9a79 WHATSNEW: Add release notes for Samba 4.2.6. via 785158f docs: Fix some typos in the idmap backend section. via b83e261 doc: fix a typo in the smb.conf manpage, explanation of idmap config via fdac7f1 s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle. via 6f47535 wafsamba: Also build libraries with RELRO protection via 6033569 fix writev(vector[...]) points to uninitialised bytes in call_trans2findfirst via 1eb6f36 fix 'Invalid read of size 1' in reply_search via 9e8475e fix writev(vector[...]) points to uninitialised bytes in call_trans2findnext via 579c13de fix uninitialised read in process_host_announce via 6a7f87b remove many valgrind errors for base.lock test via 7cbca2f nss_wins: Use lp_global_no_reinit() via 92cc4e0 s3: winbind: Prevent null ptr access by returning error if no creds available via d9afa70 s3: rpcclient: Prevent null ptr access by returning error if no creds available via 01ca2cf s3: smbd: If EA's are turned off on a share don't allow an SMB2 create containing them. via c63638e vfs_gpfs: Re-enable share modes via 95232e6 Changing log level of two entries to from 1 to 3 via 2aded40 lib: util: Make non-critical message a warning. via 6f95e55 manpage: corrected small typo error via 1998b07 ctdb: strip trailing spaces from nodes file. via f0238b7 ctdb: open the RO tracking db with perms 0600 instead of via 1bbb6bf selftest: Avoid system krb5.conf in "none" test env via fbf5c79 selftest: Avoid system krb5.conf in some test envs that don't use kerberos via 0d3fd03 selftest: Avoid system krb5.conf in testenv provisioning via 52e3615 auth: gensec: Parameters out_mem_ctx and ev are passed in the wrong order to gensec_spnego_server_try_fallback(). via fc280ca async_req: fix non-blocking connect() via c016c1a selftest: add a test for async_connect_send() via a915f8f s3-torture: Remove (incorrect) samba3-specific behavior in samba3.raw.unlink now the server is correct via 7c535ad s3-torture: Add WILDDELETE test to smbtorture3 to test old wildcard delete with zero attribute via 84f6010 s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute type of zero via d098372 smbd: Send SMB2 oplock breaks unencrypted via 929166e VERSION: Bump version up to 4.2.6... from 851ea18 VERSION: Disable git snapshots for the 4.2.5 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 91 +++- auth/gensec/spnego.c | 2 +- buildtools/wafsamba/wafsamba.py | 2 + ctdb/server/ctdb_ltdb_server.c | 2 +- ctdb/server/ctdb_server.c| 15 ++- ctdb/tools/ctdb.c| 15 ++- docs-xml/smbdotconf/security/aclgroupcontrol.xml | 2 +- docs-xml/smbdotconf/winbind/idmapconfig.xml | 15 +-- lib/async_req/async_connect_send_test.c | 130 +++ lib/async_req/async_sock.c | 56 +- lib/async_req/wscript_build | 4 + lib/util/util.c | 2 +- nsswitch/wins.c | 2 +- selftest/selftest.pl | 5 +- selftest/target/Samba3.pm| 14 +++ selftest/target/Samba4.pm| 18 +++- source3/auth/auth_generic.c | 2 +- source3/auth/user_krb5.c | 2 +- source3/locking/brlock.c | 2 + source3/modules/vfs_gpfs.c | 3 +- source3/nmbd/nmbd_incomingdgrams.c | 2 + source3/rpcclient/cmd_netlogon.c | 5 + source3/script/tests/test_async_req.sh | 11 ++ source3/selftest/tests.py| 5 +- source3/smbd/dir.c | 13 ++- source3/smbd/reply.c | 12 ++- source3/smbd/smb2_create.c | 6 ++ source3/smbd/smb2_server.c | 2 +- source3/smbd/trans2.c| 11 +- source3/torture/torture.c| 67 source3/winbindd/winbindd_pam.c | 7 +- source4/torture/raw/unlink.c | 7 +- 33 files changed, 457 insertions(+), 77
[SCM] Samba Shared Repository - branch v4-2-stable updated
The branch, v4-2-stable has been updated via 851ea18 VERSION: Disable git snapshots for the 4.2.5 release. via 0c46d4a WHATSNEW: Add release notes for Samba 4.2.5. via bf344f7 dcerpc.idl: accept invalid dcerpc_bind_nak pdus via 4cb9657 s3:smbstatus: add stream name to share_entry_forall() via 2b1a40d s3: lsa: lookup_name() logic for unqualified (no DOMAIN\ component) names is incorrect. via 8bd6345 s3:lib: validate domain name in lookup_wellknown_name() via 8c5990a s3:locking: initialize lease pointer in share_mode_traverse_fn() via f1ea5fd s4: torture: Add SMB2 access-based enumeration test. Passes against Win2k12R2. via b13c829 lib: cli: Add accessor function smb2cli_tcon_flags() to get tcon flags. via 3695d46 s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows. via deaa748 smbd: Fix file name buflen and padding in notify repsonse via dd39bd2 vfs_fruit: return value of ad_pack in vfs_fruit.c via 95b17d5 tdb: Fix bug 11381, deadlock via 0349f95 vfs_commit: set the fd on open before calling SMB_VFS_FSTAT via ba280e6 s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket via 5bc3a2f kerberos: make sure we only use prompter type when available. via b6f1310 winbind: Fix 100% loop via f9a820a s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bug #11522). via d69db57 s3: smbd: fix a crash in unix_convert() via 2df7b85 net: fix a crash with net ads keytab create via 2e516a7 s3: tests: smbclient test to ensure we can create and see a :foobar stream on the top level directory in a share. via 22d55ca s3: smbd: Fix opening/creating :stream files on the root share directory. via 29f057c s3: smbd: Remove unused parameter from build_stream_path(). via eb1aa45 s3: smbclient: Move cmd_setmode out of clitar.c and back into client.c via 6c6b62f pam_winbind: Fix a segfault if initialization fails via d2105b7 s4: torture: Test mkdir race condition. via d194836 s3: smbd: Fix mkdir race condition. via 105f949 s3: dfs: Fix a crash when the dfs targets are disabled. via 68801fb nss_winbind: fix hang on Solaris on big groups via f4bc73f build: use as-needed linker flag also on OpenBSD via 7cabb4c VERSION: Bump version up to 4.2.5... from 413fb83 VERSION: Disable git snapshots for the 4.2.4 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 95 +++- lib/tdb/common/traverse.c | 14 +- libcli/smb/smbXcli_base.c | 5 + libcli/smb/smbXcli_base.h | 1 + librpc/idl/dcerpc.idl | 6 +- librpc/idl/notify.idl | 4 +- librpc/ndr/ndr_dcerpc.c | 49 +++ nsswitch/pam_winbind.c| 19 ++- nsswitch/winbind_nss_solaris.c| 6 + selftest/knownfail| 2 + source3/client/client.c | 118 +++ source3/client/client_proto.h | 6 + source3/client/clitar.c | 130 - source3/lib/ctdbd_conn.c | 6 +- source3/lib/util_wellknown.c | 13 +- source3/libads/kerberos.c | 26 source3/libads/ldap.c | 7 + source3/libsmb/clidfs.c | 4 +- source3/locking/proto.h | 3 +- source3/locking/share_mode_lock.c | 21 ++- source3/modules/vfs_commit.c | 11 +- source3/modules/vfs_fruit.c | 14 +- source3/passdb/lookup_sid.c | 31 +++- source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 21 ++- source3/script/tests/test_smbclient_s3.sh | 36 + source3/smbd/dir.c| 64 - source3/smbd/filename.c | 35 - source3/smbd/notify.c | 14 +- source3/smbd/open.c | 19 +++ source3/utils/status.c| 6 +- source4/heimdal_build/wscript_configure | 1 + source4/torture/smb2/acls.c | 230 ++ source4/torture/smb2/create.c | 151 wscript | 3 +- wscript_configure_system_mitkrb5 | 2 + 36 files changed, 987 insertions(+), 188 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 381f62e..967a8fa 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@
[SCM] Samba Shared Repository - branch v4-2-stable updated
The branch, v4-2-stable has been updated via 413fb83 VERSION: Disable git snapshots for the 4.2.4 release. via a10eacd WHATSNEW: Add release notes for Samba 4.2.4. via e806635 s4:torture:vfs_fruit: created empty resourceforks via 1f796a5 s4:torture:vfs_fruit: add a resource fork truncation test via 33bc5d2 vfs_fruit: delete ._ file when deleting the basefile via aeda612 vfs_fruit: split and simplify fruit_ftruncate via 09653dc vfs_fruit: handling of empty resource fork via 9bc968a samr4: Use
[SCM] Samba Shared Repository - branch v4-2-stable updated
The branch, v4-2-stable has been updated via baf4349 VERSION: Disable git snapshots for the 4.2.3 release. via d770ed8 WHATSNEW: Add release notes for Samba 4.2.3. via 74ae99f ncacn_http: fix GNUism via 4c8b66e s4:torture:vfs_fruit: check offset and length when reading AFP_AfpInfo stream via 0691890 vfs_fruit: check offset and length for AFP_AfpInfo read requests via a70531c winbindd: disconnect child process if request is cancelled at main process via 1f51989 s4:selftest: also run rpc.winreg with kerberos and all possible auth options via 05a0995 s4:selftest: run rpc.echo tests also with krb5 krb5,sign krb5,seal via 30b9074 s4:rpc_server: fix padding caclucation in dcesrv_auth_response() via ae37b34 s4:rpc_server: let dcesrv_auth_response() handle sig_size == 0 with auth_info as error via eac0b78 s4:rpc_server: let dcesrv_reply() use a sig_size for a padded payload via a0fbd5e s4:rpc_server: let dcesrv_reply() use DCERPC_AUTH_PAD_ALIGNMENT define via 1dae656 s4:librpc/rpc: fix padding caclucation in ncacn_push_request_sign() via f9fce60 s4:librpc/rpc: let ncacn_push_request_sign() handle sig_size == 0 with auth_info as internal error via 97bedee s4:librpc/rpc: let dcerpc_ship_next_request() use a sig_size for a padded payload via db644ad s4:librpc/rpc: let dcerpc_ship_next_request() use DCERPC_AUTH_PAD_ALIGNMENT define via 452a2f8 s3:rpc_server: remove pad handling from api_pipe_alter_context() via 8249470 s3:librpc/rpc: fix padding calculation in dcerpc_guess_sizes() via dba57bd s3:librpc/rpc: allow up to DCERPC_AUTH_PAD_ALIGNMENT padding bytes in dcerpc_add_auth_footer() via 50d7029 librpc/rpc: add DCERPC_AUTH_PAD_LENGTH(stub_length) helper macro via 3467356 dcerpc.idl: add DCERPC_AUTH_PAD_ALIGNMENT (=16) via f6e6167 auth/gensec: make sure gensec_start_mech_by_authtype() resets SIGN/SEAL before starting via 685876a auth/gensec: gensec_[un]seal_packet() should only work with GENSEC_FEATURE_DCE_STYLE via c53828d s3:auth_domain: fix talloc problem in connect_to_domain_password_server() via 2429bd6 s3:smb2_setinfo: fix memory leak in the defer_rename case via 27aa4d4 winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC. via 8782e06 kerberos auth info3 should contain resource group ids available from pac_logon via fcc7112 docs: overhaul the description of smb encrypt to include SMB3 encryption. via 645ec21 pidl: Make the compilation of PIDL producing the same results if the content hasn't change via cbd98bf s3: smbd: Codenomicon crash in do_smb_load_module(). via 251544b selftest: Change chgdcpass environment to use winbindd via 4bacf0d winbindd: Sync secrets.ldb into secrets.tdb on startup via fc6074c winbindd: Use pdb_get_domain_info() to get exactly the local domain info when we are an AD DC via 7896b84 selftest: Run winbind tests in chgdcpass environment via 4099e13 s3: smbd: Use separate flag to track become_root()/unbecome_root() state. via b02152f docs-xml: Update sharesec manpage to reflect current output via 94c5af4 selftest: Add test for sharesec command via 8fafa9d sharesec: Use non-numerical output for sharesec via 3e219f4 ctdb-ib: make sure the tevent_fd is removed before the fd is closed via a66870b libcli/smb: make sure we remove the writev_send() request when a request is destroyed via b909752 libcli/smb: add smb1 requests to the pending array before writev_send() via 1fdf3b3 libcli/smb: make sure the writev_send of smbXcli_conn_samba_suicide() is removed before closing the socket via 2eeecae libcli/smb: remove unused split of read_fd and write_fd via 92c456d libcli/smb: close the socket fd at the end of smbXcli_conn_disconnect() via 1b55fab libcli/smb: use tevent_req_received(req) in read_smb_recv() via e34065b lib/async_req: remove the tevent_fd as early as possible via a wait_for_read_cleanup() hook via 4d10c2b lib/async_req: remove the tevent_fd as early as possible via a read_packet_cleanup() hook via 41b593a lib/async_req: use tevent_req_nomem/tevent_req_post in read_packet_send() via cc01ff4 lib/async_req: s/result/req/ in read_packet_send() via 4b39759 lib/async_req: remove the tevent_fd as early as possible via a writev_cleanup() hook via d7d9f4e lib/async_req: simplify async_connect_* using a _cleanup() hook via ad8c901 lib/async_req: s/result/req/ in async_connect_send() via 65dc14c lib/async_req: remove unused sendto_{send,recv} and recvfrom_{send,recv} via a9e2d2a s3:libsmb: convert nb_trans_send/recv internals to tdgram via 109e579 s3:libsmb: convert nb_packet_reader to tstream_* functions
[SCM] Samba Shared Repository - branch v4-2-stable updated
The branch, v4-2-stable has been updated via f312bf9 VERSION: Disable git snapshot for the 4.2.2 release. via 0ce6ad8 WHATSNEW: Add release notes for Samba 4.2.2. via c78585f s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used via c7e4454 torture: Add smb2.notify.rmdir via b3e3e41 smbd: Cancel pending notifies if the directory goes away via bd09b15 smbd: Remove bool arg from set_delete_on_close_lck via e41c7a7 smbd: Use reset_delete_on_close_lck directly via d754099 smbd: Introduce reset_delete_on_close_lck via fa55c75 s3:winbindd: make sure we remove pending io requests before closing client sockets via 60f1f76 libads: record service ticket endtime for sealed ldap connections via 6db3de7 gencache: don't fail gencache_stabilize if there were records to delete. via 691a887 s3: torture: Add regression test for bug #11249. via 80db448 s3: smbd: VFS: fake_acl module called get_full_smb_filename() with a stream path, then used the result to call XATTR functions directly. via 177d620 s3: smbd: VFS: For all EA and ACL calls use synthetic_smb_fname(), not synthetic_smb_fname_split(). via cf8235a s3: smbd: VFS: All the places that are currently calling vfs_stat_smb_fname() and vfs_lstat_smb_fname() should be calling vfs_stat_smb_basename(). via 87f2dd8 s3: smbd: VFS: Add vfs_stat_smb_basename() - to be called when we *know* stream name parsing has already been done. via 86ed62a vfs_gpfs: move failure label before END_PROFILE via 08a72cb vfp_gpfs: ensure END_PROFILE is always called via c071f95 vfs_fruit: comment fix: the options are documented via 37e5d67 vfs_fruit: add option nfs_aces that controls the NFS ACEs stuff via ea27c56 s3:smbXsrv: refactor duplicate code into smbXsrv_session_clear_and_logoff() via 688352c s3:selftest: run smb2.notify with --signing=required via f8e64d7 s3:smb2_tcon: cancel pending requests on all connections on tdis via abe61f4 s3:smb2_sesssetup: remove unused smbd_smb2_session_setup_* destructors via 3a2b5ec s3:smb2_sesssetup: add smbd_smb2_session_setup_wrap_send/recv() via 7a56711 s3:smb2_sesssetup: always assign smb2req-session when a session was created. via b653861 s3:smb2_sesssetup: let smbd_smb2_logoff_* use smbXsrv_session_shutdown_* via 6233772 s3:smbXsrv_session: cancel pending requests when we logoff a previous session via 03263c7 s3:smbXsrv_session: add smb2srv_session_shutdown_send/recv helper functions via 1340130 s3:smbXsrv_session: clear smb2req-session of pending requests in smbXsrv_session_logoff_all_callback() via 72ceb73 s3:smbXsrv_session: clear smb2req-session of pending requests in smbXsrv_session_destructor() via 09a5282 s4:torture/smb2: add smb2.notify.session-reconnect test via 398400b s4:torture/smb2: add smb2.notify.invalid-reauth test via e3bb691 s4:torture/smb2: add smb2.notify.close test via ef5a649 s4:torture/smb2: verify STATUS_NOTIFY_CLEANUP return value via 06a7050 s3:smbd: use STATUS_NOTIFY_CLEANUP on smb2 logoff (explicit and implicit) and tdis via 26496f9 s3:smbd: use STATUS_NOTIFY_CLEANUP when closing a smb2 directory handle via a4f1a49 s3:smbd: add a smbd_notify_cancel_by_map() helper function via bd7bc99 s3: nmbd: Don't set work_changed = True inside update_server_ttl(). via c79abc9 s3: nmbd: Ensure we only set work_changed = true if we modify the record. via 82f7a0c vfs: kernel_flock and named streams via 509f2bb s4: torture: Test for incorrect file size returned in the response of FILE_SUPERSEDE Create. via 251accf s3: smbd: Incorrect file size returned in the response of FILE_SUPERSEDE Create via 794cc5d s4: rpc: Refactor dcesrv_alter() function into setup and send steps. via e0aead2 sharesec: Use common parse_ace function via d79a504 sharesec: Print ACEs in similar format as expected in input via 667b3a3 util_sd: Make server conncection optional via af26539 smbcacls: Move sec_desc_print to common file via f4ac982 smbcacls: Move print_ace and parse_ace to common file via 5bad1a2 smbcacls: Move StringToSid to common file via 989ec37 smbcacls: Move SidToString to common file via cb564bf smbcacls: Use defines for security flags via 2d2702a smbcacls: Make 'numeric' a local variable via f330a2e Add DCERPC flag to call unbind hooks without destroying the connection itself upon termination of a connection with outstanding pending calls. via 69d632d Add multiplex state to dcerpc flags and control over multiplex PFC flag in bind_ack and and dcesrv_alter replies via 967679c Make sure we initialize conn to NULL, because a routine we call may give an
[SCM] Samba Shared Repository - branch v4-2-stable updated
The branch, v4-2-stable has been updated via c2633a9 VERSION: Disable git snapshot for the 4.2.1 release. via 172cdbd WHATSNEW: Add release notes for Samba 4.2.1. via be7b660 s3-passdb: Fix 'force user' with winbind default domain via 57f54da s4-process_model: Do not close random fds while forking. via fad13d7 s3: libsmbclient: Add missing talloc stackframe. via 100cd28 lib: tdb: Use sigaction when testing for robust mutexes. via 6cab690 s4:auth/gensec_gssapi: let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors via f4525a5 s3: client - client use spnego principal = yes code checks wrong name. via faaf9af docs: Mark 'client use spnego principal' as deprecated and also a bad idea. via c286a17 vfs_fruit: enhance handling of malformed AppleDouble files via f93f74c s3:winbind:grent: don't stop group enumeration when a group has no gid via 903dfd6 backupkey: Use ndr_pull_struct_blob_all() via 1dca6ee Ensure we always initialise the winbind context via 84782d4 replace: Remove superfluous check for gcrypt header. via b8253f2 backupkey: Explicitly link to gnutls and gcrypt via 2ee70a1 lib/tls: Fix behaviour of --disable-gnutls and remove link to gcrypt via 1f4edb0 s3: lib: libsmbclient: If reusing a server struct, check every cli-timout miliseconds if it's still valid before use. via a5156c6 s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case. via 6b4a52c s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields. via 6f262f6 s4: lib: auth: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields. via e1bf5b7 docs/idmap_rid: remove deprecated base_rid from example via 1346811 libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation via 7b7602c Update libwbclient version to 0.12 via fe5ac73 Move wbc global variables into global context instead via bb70e50 Add context versions of wbclient functions via b9d75f6 Add wbcContext to wbcRequestResponse via a52f418 Add wbcContext struct, create and free functions via ae434f4 Use global context for winbindd_request_response via 7f787b4 Make winbind client library thread-safe by adding context via f56d56e talloc: version 2.1.2 via 0693e46 talloc: fix _talloc_total_limit_size prototype via f6df1e9 lib: talloc: Test suite for the new destructor reparent logic. via a21e4e2 lib: talloc: Allow destructors to reparent the object they're called on. via 599ca10 lib: talloc: Fix bug when calling a destructor. via bb97c5e s3-winbind: Fix chached user group lookup of trusted domains. via e92a548 Be consistent about what functions add $LISTOPT and $LOADLIST to the command-line. via ebcba7a selftest: Add separate command line for listing tests, allowing us of subunit-filter (which doesn't support subunit v2). via d8aafcd selftest/tests.py: Remove testsuite samba.tests.samdb which does not have any tests. via b953fbd Re-use add_prefix function. via df04a81 selftest: Drop support for TESTSUITE-IDLIST, and remove its last user. via 6bf5d33 sam: Use samba.tests.subunitrun. via f847bb0 Use samba.tests.subunitrun in dsdb ldap and ldap_schema tests. via 84547fa Use samba.tests.subunitrun in urgent replication test. via 502f424 Include mimeparse, which is used by subunit/testtools. via c845ccb ldap: Use samba.tests.subunitrun. via fbf9611 deletetest: use samba.tests.subunitrun. via 6fbfee3 ldap_syntaxes: Use samba.tests.subunitrun. via 2494914 password lockout: Use samba.tests.subunitrun. via 0bd1fde passwords: Use samba.tests.subunitrun. via fb37077 sec_descriptor: Use samba.tests.subunitrun. via 17f62c0 token_group: Use samba.tests.subunitrun. via c42d07e sites: Use samba.tests.subunitrun. via 84d21d8 speedtest: Use samba.tests.subunitrun. via c41dfc5 credentials test: Use samba.tests.subunitrun. via 8f76884 sec_descriptor test: Simplify, use samba.tests.subunitrun module. via 368e50f Move option handling into samba.tests.subunitrun. via 247974b Move option parsing to samba.tests.subunitrun. via 2969bbe subunitrun: Use new samba.tests.subunitrun module. via 4e1e255 Add convenience class for old-style Samba subunit python tests. via 5ef9651 Add bundled copy of 'extras' python module used by newer versions of testtools/subunit. via 48a92dd filter-subunit: Consistently use spaces rather than tabs. via 88b864a Support using system ldbmodify. via daa54fd Fix subunit test suite name. via
[SCM] Samba Shared Repository - branch v4-2-stable updated
The branch, v4-2-stable has been updated via 1d4445a VERSION: Disable git snapshot for the 4.2.0 release. via b32bc91 WHATSNEW: Add release notes for Samba 4.2.0. via 1309af4 tevent: version 0.9.24 via 5db8d19 tevent: Ignore unexpected signal events in the same way the epoll backend does. via 7ad61f9 backupkey: Explain more why we use GnuTLS here via 19796dc torture-backupkey: Check the dcerpc call return code before calling ndr pull via defd635 backupkey: replace heimdal rsa key generation with GnuTLS via b39c155 build: Require GnuTLS if building with Active Directory via 3e03d5f torture-backupkey: Add tests that read the secret from the server, and validate via c39dccc backupkey: Better handling for different wrap version headers via a29cf10 backupkey: Add tests for ServerWrap protocol via 3b27850 backupkey: Change expected error codes to match Windows 2008R2 and Windows 2012R2 via ff5494a backupkey: Implement ServerWrap Decrypt via 2533cef backupkey: Handle more clearly the case where we find the secret, but it has no value via b66edeb backupkey: Improve variable names to make clear this is client-provided data via b3dd7ae backupkey: Use the name lsa_secret rather than just secret via 9408f0c backupkey: Implement ServerWrap Encrypt protocol via a0bf67d backupkey: Improve function names and comments for clarity via 8d45cf5 backupkey: Move SID comparison to inside get_and_verify_access_check() via 9372640 backupkey: Improve IDL via c6b61e1 backupkey: begin by factoring out the server wrap functions via 9ddd067 torture-backupkey: Assert dcerpc_bkrp_BackupKey_r call was successful via bad22e6 torture-backupkey: Add consistent assertions that createRestoreGUIDStruct() suceeds via 3d44076 s4:torture/rpc/backupkey: Require 2048 bit RSA key via 2ff5c42 s4-backupkey: consistent naming of werr variable via 0168673 s4-backupkey: improve variable name via 48a659d s4-backupkey: typo fix via a701eeb s4-backupkey: IDL for ServerWrap subprotocol via 87c525d s4-backupkey: fix ndr_pull error on empty input via 2ee3031 s4-backupkey: Initialize ndr-switchlist for print via a03df47 s4-backupkey: Comply with [MS-BKRP] 2.2.1 via 0d6e32f s4-backupkey: Set defined cert serialnumber via 0dd6cfa s4-backupkey: de-duplicate error handling via c998e9d s4-backupkey: check for talloc failure via 0b75a0c s4-backupkey: Cert lifetime of 365 days, not secs via 899f4db s4-backupkey: Ensure RSA modulus is 2048 bits via 93fe498 Add link to the Samba User Survey 2015 to WHATSNEW.txt via f158785 doc-xml: Add 'sharesec' reference to 'access based share enum' via f645571 snprintf: Try to support %j via d0a5a6f tevent: version 0.9.23 via bc8585b Add Solaris ports as a tevent backend. via 2f50cd2 Update the tevent_data.dox tutrial stuff to fix some errors, including white space problems. via 3c4e071 ctdb-io: Do not use sys_write to write to client sockets via 811fad3 smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT. via a8d285f vfs: Add a brief vfs_ceph manpage. via aadfc40 doc:man:vfs_glusterfs: improve the configuration section. via 081a730 doc:man:vfs_glusterfs: improve and update description. via 9c5e310 doc:man:vfs_glusterfs: remove extra % signs. via 38d6d20 debug: Set close-on-exec for the main log file FD via 3a1f881 VERSION: Bump version up to 4.2.0... from 6c9d254 VERSION: Disable git snapshots for the 4.2.0rc5 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable - Log - --- Summary of changes: VERSION|2 +- WHATSNEW.txt | 72 +- ctdb/common/ctdb_io.c |6 +- .../manpages/{vfs_snapper.8.xml = vfs_ceph.8.xml} | 65 +- docs-xml/manpages/vfs_glusterfs.8.xml | 61 +- .../smbdotconf/security/accessbasedshareenum.xml |5 +- docs-xml/wscript_build |1 + lib/replace/snprintf.c |4 + lib/replace/system/select.h|4 + lib/replace/wscript|5 + .../ABI/{tevent-0.9.21.sigs = tevent-0.9.23.sigs} |0 .../ABI/{tevent-0.9.21.sigs = tevent-0.9.24.sigs} |0 lib/tevent/doc/tevent_data.dox | 30 +- lib/tevent/tevent.c|5 +- lib/tevent/tevent_internal.h |3 + lib/tevent/tevent_port.c | 785 ++
[SCM] Samba Shared Repository - branch v4-2-stable updated
The branch, v4-2-stable has been updated via 6c9d254 VERSION: Disable git snapshots for the 4.2.0rc5 release. via 5ab7f96 WHATSNEW: Add release notes for Samba 4.2.0rc5. via 3bd8850 s3-netlogon: Make sure we do not deference a NULL pointer. via 9988930 CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer. via bba7796 s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting. via 381e601 s3: smbd: SMB2 close. Call utility function setup_close_full_information() via 66acf5b s3: smbd: SMB2 close. Add utility function setup_close_full_information() via 22578e8 s4: smbtorture: leases - show stat opens grant leases and can be broken. via 6eadda1 s3: smbd: leases - losen paranoia check. Stat opens can grant leases. via 8b7e8ee s3: smbd: leases - new torture test shows stat opens can get leases. via 8409939 samba-tool: Create NIS enabled users and unixHomeDirectory attribute via b4f965d s3: smbclient: Allinfo leaves the file handle open. via 9cfaed4 printing/cups: pack requested-attributes with IPP_TAG_KEYWORD via 26f58b7 s3:smb2_server: protect against integer wrap with smb2 max credits = 65535 via fc8cab8 s3:smb2_server: always try to grant the credits the client just consumed via a4fdd14 wafsamba: create unique names when building shared modules via 47c1038 wafsamba: remove unused variable in SAMBA_MODULE() via 3e865e1 wafsamba: passing 'subsystem' to SAMBA_MODULE() is not optional via f9fbb92 wafsamba: make it possible to pass bundled_name to SAMBA_LIBRARY() via 23a4ba8 wafadmin: backported the openbsd fixes from waf 1.7 via aada20e wafsamba: remove commented out code. via 8001ec4 Revert waf: added suncc_wrap via deb4041 wafsamba: generate an empty.c file if a SAMBA_{LIBRARY,SUBSYSTEM} doesn't have any source files via b2bb6ae wafsamba: flags from enviroment are put before our own internal versions via 573c452 wafsamba: filter out standard library paths from RPATH and LIBPATH via 28e48f3 wafsamba: fix ordering problems with lib-provided and internal RPATHs via c2a5e08 wafsamba: make it possible to specify ADDITIONAL_{CFLAGS,LDFLAGS} as env var to ./configure via 320ee4e wafsamba: improve -fvisibility=hidden, we should check it together this WERROR_CFLAGS via f36016e wafsamba: let CURRENT_CFLAGS() use bld.env.VISIBILITY_CFLAGS via c6f5361 wafsamba: move -fvisibility=hidden checks from lib/replace to wafsamba via 57855ba wafsamba: move '-fstack-protector' checks from lib/replace to wafsamba via 1e84abd0 wafsamba: move WERROR_CFLAGS checks from lib/replace to wafsamba via 17ae6ba wafsamba: move compiler / cflags related stuff from lib/replace to wafsamba via cb71b4b wafsamba: let TO_LIST(mylist) return a copy of mylist via 1b57443 wafsamba: check for rpath compiler/linker flags via fe9897b wafsamba: fill PRIVATE_NAME() logic again via 5a257a0 wafsamba: add -Werror=return-type for developer builds via 1b31b8e Reduce the no-op build times by 30% via 94aceed Don't use a nested function when testing for visibility attribute support. via ac06d67 Fix more pep8 issues in code I touched recently. via 488def5 Remove last instances of pep8 error E712 (use 'is' rather than '==' for booleans) via 99b4213 s3: lib, s3: modules: Fix compilation on Solaris. via 8a5df7d s4:dsdb/tests: add test_timevalues1() to verify timestamp values via a707d53 ldb: version 1.1.20 via cd82192 lib/ldb: fix logic in ldb_val_to_time() via 62487b6 Remove use of the staticforward macro via 84008fe ldb: bump to version 1.1.19 via 3a97cea ldb: Allow to register extended match rules via f45d30c s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(). via e38f3ea utils: Fix 'net time' segfault. via a5d30bd cli_connect_nb_send: don't segfault on host == NULL. via 69dd558 vfs_snapper: encode and decode Snapper DBus strings via 428c582 vfs_snapper: add DBus string encoding and decoding helpers via 1381ac0 vfs_snapper: free dbus req messages in error paths via f922899 s3-vfs: Fix developer build of vfs_ceph module. via ffc1cca vfs_glusterfs: Add comments to the pipe(2) code. via 0c9e53b vfs: Fix a typo via 7e0e0e0 vfs:glusterfs: whitespace fix. via 42b9b52 vfs_glusterfs: Replace eventfd with pipes, for AIO use via 1d05617 vfs/glusterfs: Change xattr key to match gluster key. via d35fa8e vfs_glusterfs: Implement AIO support via bab4805 vfs_glusterfs: Change sys_get_acl_file/fd to return ACLs corresponding to mode bits when there are no ACLs set. via d56da88
[SCM] Samba Shared Repository - branch v4-2-stable updated
The branch, v4-2-stable has been updated via c88a4f4 VERSION: Disable git snapshots for the 4.2.0rc4 release. via 8fdb354 WHATSNEW: Add release notes for Samba 4.2.0rc4. via 2a699e4 CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl via df1f7ce CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.c via 0b97e8b CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag via 239c0f2 CVE-2014-8143:auth: Force talloc type of session_info pointer to match via 923827c vfs_fruit: mmap under FreeBSD needs PROT_READ via e3d7893 vfs_fruit: fix base_fsp name conversion via eaeeb51 s3-libads: Fix a possible segfault in kerberos_fetch_pac(). via ec80439 lib/util: Avoid collision which alread defined consumer DEBUG macro. via a756e65 spoolss: clear PrinterInfo on GetPrinter error via 4e3e5e7 spoolss: clear info on GetPrinterDriverDirectory error via d2d2f8a spoolss: clear info on GetPrintProcessorDirectory error via e9e576a spoolss: clear FormInfo on GetForm error via 9762d72 spoolss: clear DriverInfo on GetPrinterDriver2 error via 2141975 spoolss: clear JobInfo on GetJob error via f0040c6 [PATCH] vfs: Add glusterfs manpage. via 92b34c5 net: Fix sam addgroupmem via 561eb6c s3:passdb: fix logic in pdb_set_pw_history() via bdc182f s3-util: Fix authentication with long hostnames. via d196b54 winbind: Retry after SESSION_EXPIRED error in ping-dc via ec07387 winbind: Retry LogonControl RPC in ping-dc after session expiration via 4701d74 tdb_wrap: Make mutexes easier to use via c6dc67a nss_wrapper: check for nss.h via 2201a3c ctdb-daemon: Use correct tdb flags when enabling robust mutex support via 2887007 tdb: version 1.3.4 via 4a52345 tdb/toos: allow transactions with TDB_MUTEX_LOCKING via 9ec5518 tdb/test: add tdb1-run-mutex-transaction1 test via 953d373 tdb: allow transactions on on tdb's with TDB_MUTEX_LOCKING via 93b73bf VERSION: Bump version up to 4.2.0rc4 and... from f139544 VERSION: Disable git snapshots for the 4.2.0rc3 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable - Log - --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 48 - ctdb/client/ctdb_client.c | 30 +++- ctdb/server/ctdb_lock.c| 30 +++- ctdb/server/ctdb_lock_helper.c | 28 +-- ctdb/server/ctdb_ltdb_server.c | 4 +- docs-xml/manpages/vfs_glusterfs.8.xml | 151 docs-xml/wscript_build | 1 + lib/nss_wrapper/wscript| 4 +- lib/tdb/ABI/{tdb-1.3.0.sigs = tdb-1.3.4.sigs} | 0 lib/tdb/common/transaction.c | 2 +- lib/tdb/test/run-mutex-transaction1.c | 236 + lib/tdb/tools/tdbtorture.c | 1 - lib/tdb/wscript| 3 +- lib/tdb_wrap/tdb_wrap.c| 7 + lib/util/debug.h | 6 +- lib/util/fault.h | 5 + librpc/idl/security.idl| 13 +- source3/lib/util.c | 4 +- source3/libads/authdata.c | 26 +-- source3/modules/vfs_fruit.c| 4 +- source3/passdb/pdb_get_set.c | 15 +- source3/rpc_server/spoolss/srv_spoolss_nt.c| 78 +--- source3/utils/net_sam.c| 8 +- source3/winbindd/winbindd_dual_srv.c | 18 ++ source4/auth/session.c | 5 + source4/dsdb/common/util.c | 4 +- source4/dsdb/pydsdb.c | 1 + source4/dsdb/samdb/ldb_modules/samldb.c| 190 +++- source4/dsdb/samdb/samdb.h | 6 + source4/rpc_server/lsa/dcesrv_lsa.c| 15 +- source4/setup/schema_samba4.ldif | 1 + 32 files changed, 856 insertions(+), 90 deletions(-) create mode 100644 docs-xml/manpages/vfs_glusterfs.8.xml copy lib/tdb/ABI/{tdb-1.3.0.sigs = tdb-1.3.4.sigs} (100%) create mode 100644 lib/tdb/test/run-mutex-transaction1.c Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 507ad30..7d26f52 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # - 3.0.0rc1 # -SAMBA_VERSION_RC_RELEASE=3
[SCM] Samba Shared Repository - branch v4-2-stable updated
The branch, v4-2-stable has been updated via f139544 VERSION: Disable git snapshots for the 4.2.0rc3 release. via 2277f6a WHATSNEW: Add release notes for Samba 4.2.0rc3. via 60748d1 s3:passdb: let pdb_get_trust_credentials() try pdb_get_trusteddom_creds() first via 26c011d s3:passdb: add optional get_trusteddom_creds() hooks via 611e95e pdb: fix build issues with shared modules via ddc2bba s3:idmap_cache: remove unused idmap_cache_set_sid2[u|g]id() via dac59a2 pdb: Increase version number to fix ABI via 1a91c09 idmap: return the correct id type to *id_to_sid methods via d655b56 idmap: unify passdb *id_to_sid methods via 0c32df4 s3:passdb: avoid invalid pointer type warnings in pdb_wbc_sam.c via f87e9b1 s3:passdb: always copy the history in pdb_set_plaintext_passwd() via f1f0ca3 pdb_tdb: Avoid a nasty error message with ctdb via a681688 pdb_tdb: don't leak state_path onto talloc tos via 741ac3b account_pol: don't leak state_path onto talloc tos via b14bed4 passdb: Use common code in cli_credentials_set_machine_account_db_ctx() via d26278a auth/credentials: Ensure that we set the realm when reading secrets.tdb via e3b6d3b credentials: Allow the secret.tdb handle to be passed in to cli_credentials_set_machine_account() via a81b814 credentials: Improve error message on failure to set machine account password via a13c21b credentials: Set secure_channel_type from secrets.tdb in cli_credentials_set_machine_account via f80a108 s3:locking: fix uninitialiazed variable in brl_get_locks_readonly_parser() via 5d3a3c8b ctdb-build: fix build without xsltproc via c0d778c packaging: Include CTDB man pages in the tarball via 6c01512 ctdb-build: Fix the installation of config files for top-level build via d09a0e0 ctdb-build: Fix the indentation via 27219c0 libcli/smb: only force signing of smb2 session setups when binding a new session via 8bb6039 s3:smb2_server: allow reauthentication without signing via c0aee74 vfs_streams_xattr: add missing call to SMB_VFS_NEXT_CONNECT via 4190813 testprogs/test_ldb: check rootdse search with extended-dn control via 23e43c3 s4:dsdb/rootdse: expand extended dn values with the AS_SYSTEM control via 02ad559 s3:utils/profiles fix a use after free via adb4618 s3:registry/regfio fix some valgrind warnings via 238eb48 s3:registry/regfio read SD from the correct location via 0055b0d ctdb-tests: Need to drop public IPs in kill-failover tests via 12c1e89 ctdb-daemon: Gratuitous ARP equivalent for IPv6 is neighbor advertisement via 7787cfa ctdb-tests: More debug on SSH failure via bdaa7f2 ctdb-tests: Make tcpdump output more verbose via 67bda03 ctdb-tests: Use ip neigh command instead of arp via fe23b5b ctdb-tests: Generalise the gratarp and tickle sniffing code for IPv6 via aa84dec ctdb-tests: Match IPv6 connections in netstat output via 1e6681f ctdb-tests: Use ping_wrapper to do relevant ping or ping6 via 2b9facf ctdb-tests: Extend regexps to handle IPv6 address matching via 6299649 ctdb-tests: Bracket IP addresses in NFS mounts and scp command (for IPv6) via 4f05acc ctdb-tests: Try to handle IPv6 addresses for local daemons via 5d4a412 ctdb-tests: Extend regexp to match IPv6 addresses via 6c245c5 ctdb-tools: Bracket IP addresses in onnode (for IPv6) via 78f35cb ctdb-daemon: Fix IP address comparisons for IPv6 addresses via dd6534f ctdb-scripts: Wait until IPv6 addresses are not tentative via fee8c94 ctdb-eventscripts: Specify broadcast optionally to ip addr add via 6e59d32 ctdb-daemon: Trust vnn-interface for an IP when releasing it via cd26059 ctdb-scripts: Make 10.interface IPv6-safe via 231fab1 ctdb-scripts: New functions ip6tables() and iptables_wrapper() via fd796e6 ctdb-scripts: Add IPv6 addresses support in ip_maskbits_iface() via 410c785 ctdb-utils: Update Nagios code to use ctdb -X via 4d3d4bc ctdb-doc: Update examples to use ctdb -X via 2524621 ctdb-tool: Fix ctdb -Y ifaces output to have trailing delimiters via 645f1e2 ctdb-tests: Update integration tests to use ctdb -X via dbda14a ctdb-tools: Update onnode and ctdb-diagnostics to use ctdb -X via 8df3a81 ctdb-scripts: Update eventscripts to use ctdb -X instead of ctdb -Y via a5ffa96 ctdb-tools: Add -X option for machine parsable output with separator '|' via dbfc67a ctdb-tools: Add -x option to specify delimiter for machine readable output via 9acafe9 ctdb-tools: Produce machine readable output with new function printm() via decb761 ctdb-recoverd: Process all the records for vacuum fetch in a loop via 7d4e0f0
[SCM] Samba Shared Repository - branch v4-2-stable updated
The branch, v4-2-stable has been updated via 3011777 VERSION: Bump version up to 4.2.0rc1... via 1ef2be6 vfs_fruit: deal with vfs_catia not being loaded via b2626c2 vfs_fruit: remove redundant assignment via 04ebed1 vfs_fruit: fix possible uninitialized use via 26ff9f3 libcli/smb: call smb2cli_validate_negotiate_info*() after each authenticated tcon via 7729ba5 libcli/smb: add smb2cli_validate_negotiate_info*() via 6a82cb7 libcli/smb: list NT_STATUS_FILE_CLOSED as expected ioctl response. via a51b623 s4:libcli/tcon: remove unused smb2_tree_connect*() via 609b31a s4:torture/smb2: remove unused variable in torture_smb2_con_sopt() via fe13b0c s4:torture/smb2: use smb2cli_tcon*() in torture_smb2_tree_connect() via 04d0110 s4:torture/smb2: use torture_smb2_tree_connect() in notify.c via a8d1f26 s4:torture/smb2: torture_smb2_tree_connect() creates a secondary tree connect via c723d57 s4:libcli/smb2: make use of smb2cli_tcon*() in connect.c via d11b0c4 s3:libsmb: remove unused smb2cli.h via b77bb5a libcli/smb: move smb2cli_tcon.c to the toplevel via 7ee18fb s3:smb2cli_tcon: use smb2 signing if possible via 8c846f7 libcli/smb: add smb2cli_tcon_{should_sign,is_signing_on}() via e954f92 libcli/smb: add smb2cli_tcon_should_encrypt() via ca1081e libcli/smb: add smbXcli_session_is_authenticated() via aa4310b libcli/smb: support additional_flags = SMB2_HDR_FLAG_SIGNED via e9a5074 s3:libsmb: remove unused ';' via 854f579 s4:libcli/smb_composite: don't try anonymous smb signing via 760f23a s3:smb2_negprot: allow really large io sizes up to allmost 16MB via 703ef59 tdb: Fix a comment via 93e81d423 s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers. via fc8e105 lib: util [ctdb]: Signal handling - change CatchChild() and CatchChildLeaveStatus() to return the previous handler. via 16e460e s3: nmbd: Ensure the main nmbd process doesn't create zombies. via ba33426 s3:torture: transfer 1M message with fds in LOCAL-MESSAGING-FDPASS2 test via d4bf2be s3:torture: wait in tevent-loop for child to confirm receive in FDPASS2 msg test via 3628102 s3:torture: fix a message in LOCAL-MESSAGING-FDPASS2 test via bc5c029 selftest: run LOCAL-MESSAGING-READ4 via f16dd64 s3:torture: add LOCAL-MESSAGING-READ4 - send 1MB message via 797ada1 s3:messaging: explain why the messaging_send*() functions need a tevent-loop. via d7d9ec3 s3:unix_msg: document closing of fds in the receive handler via 0ab5e89 s3:unix_msg: close the fds in unix_dgram_recv_handler() after the callback has run via 6e47886 s3:messaging: upon receiving fds, dup them so the caller can safely close them. via 00d9ee0 s3:messaging: allow the messaging receive callback to change the fds via d8af3e7 s3:unix_msg: don't fill cmsg buffer in unix_dgram_send_job() via b38ed73 s3:unix_msg: add close_fd_array_cmsg() via 20cd934 s3:unix_msg: factor extract_fd_array_from_msghdr() out of unix_dgram_recv_handler() via 67684dc s3:unix_msg: simplify queue_msg() by moving space calculations up. via a96f0f4 s3:unix_msg: use an iov in unix_dgram_msg/queue_msg instead of buffer and length via e38f4f4 s3:unix_msg: rename a variable buflen-data_len in queue_msg() via 2564a5f s3:unix_msg: use a buffer pointer instead of array indexes for the iov buffer via 9ddb661 s3:unix_msg: remember errno in unix_dgram_send_job in case of send error. via 9fa673b s3:unix_msg: don't close the fd-array at the end of unix_dgram_send_job() via 698e8a2 s3:unix_msg: add close_fds exit point to unix_msg_recv() via 2795bdf s3:messaging: msg_type int-uint32_t in struct messaging_hdr via 40b4853 s3:messaging: fix uninitialized data introduced by padding via 1dbd0be tevent: version 0.9.22 via a65df7e tevent: remove unused exit_code in tevent_select.c via 1ea3364 tevent: remove unused exit_code in tevent_poll.c via 22eb416 repl: Specify the target realm in dreplsrv_get_target_principal() via 736098e WHATSNEW: Include info on secured winbindd connections via afe02d1 winbindd: Change value of ldap sasl wrapping to sign via e2cd325 winbindd: Do not make anonymous connections by default via b9701a0 provision: Change the default functional level of new Samba domains to 2008R2. via bf0ee5f ldb: fix a typo in the comment, LDB_FLAGS_MOD_xxx - LDB_FLAG_MOD_xxx via 9c92164 s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call via 16594e7 s3: Move init_lsa_ref_domain_list to lib via f3ce6b4 s3:net_rpc_printer: make use of cli_credentials_get_username()
[SCM] Samba Shared Repository - branch v4-2-stable updated
The branch, v4-2-stable has been updated via e05a432 VERSION: Set version to 4.2.0rc2... via 8309ab7 WHATSNEW: Add release notes for Samba 4.2.0rc2. via 9164e5f build: do not install texpect binary anymore. via 2cd5450 libcli/smb: fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02 via 066fb45 [PATCH] WHATSNEW: Added information about the VFS WORM module that is via 4cc2dda WHATSNEW: Fix typo. via 721033d WHATSNEW: Fix typos. via 63017ac [PATCH] WHATSNEW: Add more features for Samba 4.2 via 25d26f4 WHATSNEW: Add samba-regedit. via 3430afa idmap_rfc2307: Fix a crash after connection problem to DC via 02e1c6b SO_PROTOCOL is platform-dependent via 13c7b80 regedit: remove an old comment via a38ad98 regedit: print error msg if opening registry fails via 96a5321 regedit: handle pgup/pgdn/home/end keys on lists via 0b70ddd regedit: handle del and backspace in hexeditor via fb01459 regedit: grow hexedit buffer as the user types via 0f548f9 regedit: add a button to resize hexedit buffer via 6c736e2 regedit: add a number input box via cf71665 regedit: don't expand single line text field buffer with cursor movement via 7720184 regedit: handle DEL key in text fields via 27e99f6 regedit: adjust some variable names to make them more distinct via d9b67e6 regedit: find previous items via 05be096 regedit: search values and repeat search from cursor positions via 45afe22 regedit: flesh out search dialog and simplify search opts via 60b6297 regedit: don't use subwindows in hexedit via afafda2 regedit: use pad as a canvas for dialogs via 77d9d4c regedit: clear value list after creating new key via 00ff031 regedit: use the right function to reopen a hive via a226a52 regedit: move cursor to edited value in list and report edit errors via 47caf0b regedit: Introduce a new API to build the dialogs. via ceafd11 regedit: improvements for hexedit via 7e11ecb regedit: add padding to fit REG_MULTI_SZ to the text field via bff6822 regedit: simplify cleanup after loading children via 1fb0690 regedit: add a panic handler to restore terminal via 5e3df48 regedit: make all hives descend from a root node via 8bc4a73 regedit: add a refresh command to clear cache and reload current path via ee89de1 regedit: reopen key after editing or removing values via 894f516 regedit: reopen parent keys when adding or removing subkeys via 6d61540 regedit: set cursor after creating a new key via 36cd9af regedit: set cursor to the parent node when ascending via 92d302f regedit: don't fail loading keys if just a few are unavailable via d4c1b36 regedit: include error description in popups via 544c4ec regedit: notify user if there's a failure loading subkeys via 4867e76 regedit: handle awkward window sizes better via 2b74ee0 regedit: use talloc typesafety features via fe5b9cd regedit: restore list cursor when window is resized via db7aef6 regedit: make value list display data in multiple columns via 1ca1c74 regedit: add multicolumn list widget via ca81665 regedit: add search feature. via f5ac8ec regedit: add a color scheme for path and context help sections via 1ab3b87 regedit: sort keys via 196055d regedit: free value list subwindow via 93aa394 regedit: add borders around key and value lists, and change headings via bb1b0ab regedit: add padding for key labels when there's not a prefix. via c7802fc regedit: add white on blue color scheme via 0288af3 regedit: silence some warnings via c7ebcd6 s3: smb2cli: query info return length check was reversed. via ce0c5f6 registry: Don't leave dangling transactions via ff9dd62 WHATSNEW: Fix typo. via 137c096 VERSION: Re-enable git snapshots. from 3011777 VERSION: Bump version up to 4.2.0rc1... http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable - Log - --- Summary of changes: VERSION |2 +- WHATSNEW.txt| 123 ++- lib/socket_wrapper/socket_wrapper.c |3 + lib/texpect/wscript |6 +- libcli/smb/smb2cli_query_info.c |2 +- libcli/smb/smbXcli_base.c |6 +- source3/registry/reg_api.c |2 +- source3/utils/regedit.c | 483 +-- source3/utils/regedit.h | 18 +- source3/utils/regedit_dialog.c | 2738 --- source3/utils/regedit_dialog.h | 204 +++- source3/utils/regedit_hexedit.c | 243
[SCM] Samba Shared Repository - branch v4-2-stable updated
The branch, v4-2-stable has been updated via 8428085 WHATSNEW: Remove double entry. from e05a432 VERSION: Set version to 4.2.0rc2... http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable - Log - commit 8428085139aac09c0f47a03f0a9507eb51ac704c Author: Karolin Seeger ksee...@samba.org Date: Wed Oct 15 10:06:14 2014 +0200 WHATSNEW: Remove double entry. Signed-off-by: Karolin Seeger ksee...@samba.org (cherry picked from commit e10ffb3bb3f61e25faf913b48d233cace6427abe) --- Summary of changes: WHATSNEW.txt |4 1 files changed, 0 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 47f3697..fc17aae 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -44,10 +44,6 @@ to (other) domain controllers was rewritten in order to maintain global state in a netlogon_creds_cli.tdb. This is the proper fix for a large number of bugs: - - -o Volker Lendecke v...@samba.org -* BUG 10860: registry: Don't leave dangling transactions. https://bugzilla.samba.org/show_bug.cgi?id=6563 https://bugzilla.samba.org/show_bug.cgi?id=7944 https://bugzilla.samba.org/show_bug.cgi?id=7945 -- Samba Shared Repository