The annotated tag, samba-4.4.6 has been created at 45d8621ac892f449a980564e4777e93b7f0749bb (tag) tagging 99ced630b38aa6009630b06c4fa45d4f094239d2 (commit) replaces samba-4.4.5 tagged by Karolin Seeger on Thu Sep 22 08:51:21 2016 +0200
- Log ----------------------------------------------------------------- samba: tag release samba-4.4.6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQBX439pbzORW2Vot+oRAhCoAJ4rWVXlA+z8iWly++nSSKBVKKiPBQCcDk8l P//zAh9tPQwliLXRUrFYYUk= =WwQx -----END PGP SIGNATURE----- Alexander Bokovoy (1): libnet_join: use sitename if it was set by pre-join detection Amitay Isaacs (41): ctdb-recoverd: Freeze databases whenever the node is INACTIVE ctdb-recovery: Create recovery databases in state dir ctdb-recovery: Add a log message when marshalling recovery database fails ctdb-client: Add async version of set/remove message handler functions ctdb-doc: Sort the tunable variables in alphabetical order ctdb-doc: Update tunables documentation ctdb-doc: Add documentation for missing tunables ctdb-recovery-helper: Get tunables first, so control timeout can be set ctdb-client: Add client API for sending message to multiple nodes ctdb-tunables: Add new tunable RecBufferSizeLimit ctdb-protocol: Add new data type ctdb_pulldb_ext for new control ctdb-protocol: Add new controls DB_PULL and DB_PUSH_START/DB_PUSH_CONFIRM ctdb-daemon: Implement new controls DB_PULL and DB_PUSH_START/DB_PUSH_CONFIRM ctdb-client: Add client API functions for new controls ctdb-recovery-helper: Factor out generic recv function ctdb-recovery-helper: Pass capabilities to database recovery functions ctdb-recovery-helper: Rename pnn to dmaster in recdb_records() ctdb-recovery-helper: Create accessors for recdb structure fields ctdb-protocol: Add file IO functions for ctdb_rec_buffer ctdb-recovery-helper: Re-factor function to retain records from recdb ctdb-recovery-helper: Write recovery records to a recovery file ctdb-protocol: Add srvid for messages during recovery ctdb-protocol: Add new capability ctdb-recovery-helper: Introduce pull database abstraction ctdb-recovery-helper: Introduce push database abstraction ctdb-tests: Add a test for recovery of large databases ctdb-recovery-helper: Improve log message ctdb-recovery-helper: Introduce new #define variable ctdb-recovery: Update timeout and number of retries during recovery ctdb-daemon: Reset push_started flag once DB_PUSH_CONFIRM is done ctdb-protocol: Add srvid for assigning banning credits ctdb-recoverd: Add message handler to assigning banning credits ctdb-recovery-helper: Add banning to parallel recovery lib/util: Avoid splitting tevent-unix-util as public library ctdb-packaging: Remove tevent-unix-util public library ctdb-recoverd: Avoid duplicate recoverd event in parallel recovery ctdb-takeover: Do not kill smbd processes on releasing IP ctdb-takeover: Inform clients when dropping all IP addresses ctdb-protocol: Fix marshalling for GET_DB_SEQNUM control request ctdb-recovery: Terminate if recovery fails without any banning credits ctdb-recovery-helper: Add missing initialisation of ban_credits Andreas Schneider (4): libutil: Support systemd 230 s3-winbind: Fix memory leak with each cached credential login ctdb-waf: Move ctdb tests to libexec directory s3-util: Fix asking for username and password in smbget. Andrew Bartlett (7): selftest: Add a DNS test matching Windows build: Build less of Samba when building --without-ntvfs-fileserver build: Always build eventlog6. This is not a duplicate of eventlog param: Correct the defaults for "dcerpc endpoint services" ldb-samba: Add "secret" as a value to hide in LDIF files dsdb: Allow missing a mandatory attribute from a dbcheck fix dbcheck: Abandon dbcheck if we get an error during a transaction Douglas Bagnall (8): configure: set HAVE___ATTRIBUTE__ for heimdal util/attr.h: use HAVE___ATTRIBUTE__, not __GNUC__ comparisons libreplace: use HAVE___ATTRIBUTE__ instead of __GNUC__ tevent.h: use HAVE___ATTRIBUTE__ instead of __GNUC__ s3/modules/getdate: use HAVE___ATTRIBUTE__ instead of __GNUC__ mdssvc/sparql_parser.c: use HAVE___ATTRIBUTE__ instead of __GNUC__ s4/lib/wmi_wrap: use HAVE___ATTRIBUTE__ instead of __GNUC__ third_party/zlib/zlib.h: use HAVE___ATTRIBUTE__ instead of __GNUC__ Garming Sam (2): autobuild: Return the last 50 log lines autobuild: fix typo in autobuild success subject line Günther Deschner (1): s3-libnet: Print error string even on successfuly completion of libnetjoin. Jeremy Allison (19): lib: Fix uninitialized read in msghdr_copy s3: krb5: keytab - The done label can be jumped to with context == NULL. s3: smbd: Remove unused 'req' argument from setup_readX_header() s3: smbd: Make setup_readX_header() externally accessible s3: smbd: Use common function setup_readX_header() in aio read code. s3: smbd: In reply_read_and_X() SMB1 server is overwriting part of the 'reserved' zero fields with reply data length. s4: torture: Added raw readX test to ensure 'reserved' fields are zero. s4: dns: Correctly check for talloc failure. s3: libsmb: Correctly trim a trailing \\ character in cli_smb2_create_fnum_send() when passing a pathname to SMB2 create. s4: ldb: Ignore case of "range" in sscanf as we've already checked for its presence. s3: smbd: Change lp_set_posix_pathnames() to take a newval parameter and return the old one. s3: smbd: Fix delete operations enumerating streams inside a file. This must always be done as a Windows operation. s3: libsmb: Protect cli_connect_nb_send() from being passed a NULL hostname and dest_ss. libgpo: Correctly use the 'server' parameter after parsing it out of the GPO path. smbd: oplock: Fixup debug messages inside remove_oplock(). smbd: oplock: Factor out internals of remove_oplock() into new remove_oplock_under_lock(). s3: oplock: Fix race condition when closing an oplocked file. lib/poll_funcs: free contexts in poll_funcs_state_destructor() lib: poll_funcs : poll_funcs_context_slot_find can select the wrong slot to replace. Karolin Seeger (5): VERSION: Bump version up to 4.4.5... Merge tag 'samba-4.4.5' into v4-4-test WHATSNEW: Add release notes for Samba 4.4.6. VERSION: Disable git snapshots for the 4.4.6 release. Revert "script/release.sh: use 8 byte gpg key ids" Lorinczy Zsigmond (1): lib: replace: snprintf - Fix length calculation for hex/octal 64-bit values. Marc Muehlfeld (1): man: Wrong option for parameter ldap ssl in smb.conf man page Martin Schwenke (24): ctdb-packaging: Move ctdb tests to libexec directory ctdb-daemon: Fix CID 1364527/8/9: Null pointer dereferences (NULL_RETURNS) ctdb-common: Fix CID 1125553 Buffer not null terminated (BUFFER_SIZE_WARNING) ctdb-common: Consistently use strlcpy() on interface names ctdb-utils: Fix CID 1297451 Explicit null dereferenced (FORWARD_NULL) ctdb-daemon: Fix CID 1363233 Resource leak (RESOURCE_LEAK) ctdb-daemon: Fix CID 1363067 Resource leak (RESOURCE_LEAK) ctdb-common: Fix CID 1125581 Dereference after null check (FORWARD_NULL) ctdb-common: Fix CID 1125583 Dereference after null check (FORWARD_NULL) ctdb-common: Fix CID 1125585 Dereference after null check (FORWARD_NULL) ctdb-daemon: Fix CID 1125627 Resource leak (RESOURCE_LEAK) ctdb-daemon: Try to release IP address even if interface is unknown ctdb-daemon: Do not update the VNN state on RELEASE_IP failure ctdb-daemon: Do not copy address for RELEASE_IP message ctdb-daemon: Factor out new function release_ip_post() ctdb-daemon: Use release_ip_post() when releasing all IP addresses ctdb-daemon: Rename takeover_callback_state -> release_ip_callback_state ctdb-daemon: When releasing an IP, update PNN in callback ctdb-daemon: Schedule running of callback if there are no event scripts ctdb-daemon: Handle failure immediately, do housekeeping later ctdb-daemon: Don't steal control structure before synchronous reply ctdb-packaging: Fix systemd network dependency ctdb-ipalloc: Use a cumulative timeout for takeover run stages ctdb-ipalloc: Fix cumulative takeover timeout Michael Adam (3): libnet: ignore realm setting for domain security joins to AD domains if 'winbind rpc only = true' idmap: don't generally forbid id==0 from idmap_unix_id_is_in_range() idmap: centrally check that unix IDs returned by the idmap backends are in range Ralph Boehme (48): librpc/ndr: add flag LIBNDR_FLAG_NO_COMPRESSION librpc/dns: don't compress strings in TKEY and TSIG responses librpc/dns: remove original_id from dns_fake_tsig_rec s4/dns_server: include request MAC in TSIG response MAC calculation s4/dns_server: split out function that does the MAC computation s4/dns_server: not finding the key here is a fatal error s4/dns_server: ensure we store the key name in error code paths s4/dns_server: error codes for failing MAC verification in TSIG requests s4/dns_server: don't compute TSIG MAC in TSIG error records s4/dns_server: prepare sending correct error responses for dns_verify_tsig() errors s4/dns_server: enable sending of TSIG error records selftest: add test for DNS updates with TKEY/TSIG s3/smbd: add helper func dos_mode_from_name() s3/smbd: call dos_mode_from_name after get_ea_dos_attribute() s3/smbd: move check for "hide files" to dos_mode_from_name() s3/smbd: make get_ea_dos_attribute() public s3/smbd: only use stored dos attributes for open_match_attributes() check s4/torture: add a test for dosmode and hidden files s3:mdssvc: older glib2 versions require g_type_init() winbindd/idmap_rfc2307: fix a crash winbindd: in wb_lookupsids return domain name if we have it selftest: make autorid the default idmap backend in admember_rfc2307 selftest: test idmap backend id allocation for unknown SIDS smbd/cleanupd: use smbd_reinit_after_fork() smbd/notifyd: use smbd_reinit_after_fork() s3-rpc_server/mdssd: use smbd_reinit_after_fork() s3/smbd: move make_default_filesystem_acl() to vfs_acl_common.c vfs_acl_xattr: objects without NT ACL xattr async_req: make async_connect_send() "reentrant" smbd: ignore ctdb tombstone records in fetch_share_mode_unlocked_parser() s4/torture: add a test for ctdb-tombstrone-record deadlock dbwrap_ctdb: treat empty records in ltdb as non-existing s3/smbd: in call_trans2qfilepathinfo call lstat when dealing with posix pathnames Revert "vfs_acl_xattr: objects without NT ACL xattr" vfs_acl_common: rename psd to psd_blob in get_nt_acl_internal() vfs_acl_common: rename pdesc_next to psd_fs vfs_acl_common: remove redundant NULL assignment vfs_acl_common: simplify ACL logic, cleanup and talloc hierarchy vfs_acl_common: move the ACL blob validation to a helper function vfs_acl_tdb|xattr: use a config handle vfs_acl_common: move stat stuff to a helper function vfs_acl_common: check for ignore_system_acls before fetching filesystem ACL vfs_acl_xattr|tdb: add option to control default ACL style vfs_acl_common: Windows style default ACL s4/torture: tests for vfs_acl_xattr default ACL styles vfs_acl_common: use DBG_LEVEL and remove function prefixes in DEBUG statements docs: document vfs_acl_xattr|tdb enforced settings vfs_acl_xattr|tdb: enforced settings when ignore system acls=yes Stefan Metzmacher (19): s4:rpc_server: parse auth data only for BIND,ALTER_REQ,AUTH3 s4:librpc/rpc: don't ask for auth_length if we ask for auth data only librpc/rpc: let dcerpc_pull_auth_trailer() only accept auth_length!=NULL or auth_data_only=true librpc/rpc: let dcerpc_pull_auth_trailer() check that auth_pad_length fits within the whole pdu. librpc/rpc: ignore invalid auth_pad_length values in BIND, ALTER and AUTH3 pdus s4:rpc_server: generate the correct error when we got an invalid auth_pad_length on BIND,ALTER,AUTH3 python/tests: add auth_pad test for the dcerpc raw_protocol test dcerpc.idl: add DCERPC_NCACN_{REQUEST,RESPONSE}_DEFAULT_MAX_SIZE s4:librpc/rpc: allow a total reassembled response payload of 240 MBytes s4:rpc_server: use a variable for the max total reassembled request payload dcerpc.idl: remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE VERSION: Bump version up to 4.4.6... libads: ensure the right ccache is used during gssapi bind libads: ensure the right ccache is used during spnego bind python/remove_dc: handle dnsNode objects without dnsRecord attribute script/autobuild.py: include the branch name in the output samba-tool/ldapcmp: ignore differences of whenChanged script/release.sh: use 8 byte gpg key ids gensec/spnego: work around missing server mechListMIC in SMB servers Uri Simchoni (20): s3-libads: fix a memory leak in ads_sasl_spnego_bind() auth: fix a memory leak in gssapi_get_session_key() quotas: small cleanup smbd: get a valid file stat to disk_quotas smbd: use owner uid for free disk calculation if owner is inherited selftest: refactor test_dfree_quota.sh - add share parameter selftest: add definition of smbcacls to selftesthelpers.py selftest: add tests for dfree with inherit owner enabled s4-smbtorture: use standard macros in smb2.read test s4-selftest: add functions which create with desired access s4-selftest: add test for read access check seltest: implicit FILE_READ_DATA non-reporting seltest: allow opening files with arbitrary rights in smb2.ioctl tests s4-smbtorture: pin copychunk exec right behavior smbd: look only at handle readability for COPYCHUNK dest smbd: allow reading files based on FILE_EXECUTE access right selftest: add content to files created during shadow_copy2 test selftest: check file readability in shadow_copy2 test selftest: test listing directories inside snapshots vfs_shadow_copy: handle non-existant files and wildcards Volker Lendecke (1): smbd: Reset O_NONBLOCK on open files ----------------------------------------------------------------------- -- Samba Shared Repository