The annotated tag, samba-4.6.7 has been created at 18d701bbbf26fedf022296e08d6329dcb9e3db26 (tag) tagging a42a92b09dab03e7872c5f5ee21e651c1ab5542d (commit) replaces samba-4.6.6 tagged by Karolin Seeger on Tue Aug 8 09:51:36 2017 +0200
- Log ----------------------------------------------------------------- samba: tag release samba-4.6.7 -----BEGIN PGP SIGNATURE----- iEYEABECAAYFAlmJbYgACgkQbzORW2Vot+qP6QCeL1uBQZWuFbGopmimhA9BqReF 5mIAoJ4IdEXC3IObYjIQqtTMPefxTqH1 =Vo5I -----END PGP SIGNATURE----- Amitay Isaacs (7): ctdb-scripts: Don't send empty argument string to logger ctdb-recovery: Assign banning credits if database fails to freeze ctdb-recovery: Setting up of recmode should be idempotent ctdb-recovery: Simplify logging of recovery mode setting ctdb-recovery: Finish processing for recovery mode ACTIVE first ctdb-recovery: Get recmode unconditionally in the main_loop ctdb-recovery: Do not run local ip verification when in recovery Andreas Schneider (10): replace: Use the same size as d_name member of struct dirent waf: Do not trhow a format-truncation error for test/snprintf.c s4:torture: Fix comparison between pointer and zero character constant libcli:smb2: Gracefully handle not supported for FSCTL_VALIDATE_NEGOTIATE_INFO s3:popt_common: Reparse the username in popt_common_credentials_post() s3:tests: Add test for smbclient -UDOMAIN+username s3:tests: Do not delete the contets of LOCAL_PATH with tarmode test selftest: Do *NOT* flush the complete gencache! s3:tests: Do *NOT* flush the complete gencache! s3:client: The smbspool krb5 wrapper needs negotiate for authentication Andrew Bartlett (3): selftest: Also wait for winbindd to start selftest: Do not enable inbound replication during replica_sync s4-cldap/netlogon: Match Windows 2012R2 and return NETLOGON_NT_VERSION_5 when version unspecified Arvid Requate (2): s4:torture/ldap: Test netlogon without NtVer s4-dsdb/netlogon: allow missing ntver in cldap ping Bernhard M. Wiedemann via samba-technical (1): docs-xml: Sort input file list Bob Campbell (1): selftest: Do not force run of kcc at start of selftest Daniel Kobras (1): s3: smbd: fix regression with non-wide symlinks to directories over SMB3. David Disseldorp (1): vfs_ceph: fix cephwrap_chdir() David Mulder via samba-technical (1): messaging: fix net command failure due to unhandled return code Douglas Bagnall (2): ndr tests: silence a harmless warning shadow_copy_get_shadow_copy_data: fix GCC snprintf warning Dustin L. Howett via samba-technical (1): idmap_ad: Retry query_user exactly once if we get TLDAP_SERVER_DOWN Garming Sam (1): dnsserver: Stop dns_name_equal doing OOB read Günther Deschner (1): vfs_fruit: add fruit:model = <modelname> parametric option Jeremy Allison (11): s3: smbd: When deleting an fsp pointer ensure we don't keep any references to it around. libcli: smb: Add smbXcli_tcon_copy(). libcli: smb: Add smb2cli_tcon_set_id(). s3: libsmb: Add cli_state_save_tcon() / cli_state_restore_tcon(). s3: smbtorture: Show correct use of cli_state_save_tcon() / cli_state_restore_tcon(). s3: libsmb: Widen cli_state_get_tid() / cli_state_set_tid() to 32-bits. s3: libsmb: Fix cli_state_has_tcon() to cope with SMB2 connections. s3: libsmb: Correctly do lifecycle management on cli->smb1.tcon and cli->smb2.tcon. s3: libsmb: Correctly save and restore connection tcon in smbclient, smbcacls and smbtorture3. s3: smbd: Add regression test for non-wide symlinks to directories fail over SMB3. s3: smbd: Fix a read after free if a chained SMB1 call goes async. Karolin Seeger (2): WHATSNEW: Add release notes for Samba 4.6.7. VERSION: Disable GIT_SNAPSHOTS for the 4.6.7 release. Martin Schwenke (3): ctdb-scripts: NFS call-out failures should cause event failure ctdb-tests: Add more NFS eventscript tests for call-out failures ctdb-common: Set close-on-exec when creating PID file Michael Saxl (1): s3:gse_krb5: fix a possible crash in fill_mem_keytab_from_system_keytab() Noel Power (1): s3/utils: smbcacls failed to detect DIRECTORIES using SMB2 (windows only) Ralph Boehme (4): s3/smbd: let non_widelink_open() chdir() to directories directly selftest: add a test for accessing previous version of directories with snapdirseverywhere vfs_fruit: don't use MS NFS ACEs with Windows clients s3/notifyd: ensure notifyd doesn't return from smbd_notifyd_init Richard Sharpe (1): Bug 15852. There are valid paths where conn->lsa_pipe_tcp->transport is NULL. Protect against this. Stefan Metzmacher (70): libcli/smb: Fix alignment problems of smb_bytes_pull_str() s3:libsmb: add cli_state_update_after_sesssetup() helper function s3:smb2_tcon: allow a compound request after a TreeConnect s3:smb2_sesssetup: allow a compound request after a SessionSetup auth/ntlmssp: enforce NTLMSSP_NEGOTIATE_NTLM2 for the NTLMv2 client case samba-tool: fix log message of 'samba-tool user syncpasswords' s3:smbd: unimplement FSCTL_VALIDATE_NEGOTIATE_INFO with "server max protocol = SMB2_02" auth/spnego: fix gensec_update_ev() argument order for the SPNEGO_FALLBACK case s3:smb2_create: avoid reusing the 'tevent_req' within smbd_smb2_create_send() wafsamba: add maxversion and version_blacklist to CHECK_BUNDLED_SYSTEM[_PKG]() ldb: protect Samba < 4.7 against incompatible ldb versions and require ldb < 1.2.0 Merge branch 'v4-6-stable' into v4-6-test VERSION: Bump version up to 4.6.7... s3:smbd: consistently use talloc_tos() memory for rpc_pipe_open_interface() pidl:NDR/Parser: add missing {start,end}_flags() to ParseElementPrint() librpc/ndr: align the definition of LIBNDR_STRING_FLAGS with currently defined flags librpc/ndr: add LIBNDR_FLAG_IS_SECRET handling idl_types.h: add NDR_SECRET shortcut s3:librpc: let NDR_SECRETS depend on NDR_SECURITY s3:libads: remove unused kerberos_secrets_store_salting_principal() krb5_wrap: add smb_krb5_salt_principal() krb5_wrap: add smb_krb5_salt_principal2data() s3:libnet_join: remove dead code from libnet_join_connect_ads() s3:libnet_join: calculate r->out.account_name in libnet_join_pre_processing() s3:libnet_join.idl: return the domain_guid in libnet_JoinCtx s3:libnet_join: remember the domain_guid for AD domains s3:libnet_join.idl: add krb5_salt to libnet_JoinCtx s3:libnet_join: remember r->out.krb5_salt in libnet_join_derive_salting_principal() s3:libnet_join: move kerberos_secrets_store_des_salt() out of libnet_join_derive_salting_principal() s3:libnet_join: split libnet_join_post_processing_ads() into modify/sync s3:libnet_join: call do_JoinConfig() after we did remote changes on the server s3:libnet_join: move libnet_join_joindomain_store_secrets() to libnet_join_post_processing() s3:libnet_join: move kerberos_secrets_store_des_salt() to libnet_join_joindomain_store_secrets() s3:libads: remove kerberos_secrets_fetch_salting_principal() fallback s3:libads: provide a simpler kerberos_fetch_salt_princ() function s3:gse_krb5: simplify fill_keytab_from_password() by using kerberos_fetch_salt_princ() s3:libnet: make use of kerberos_secrets_fetch_salt_princ() s3:libads: make use of kerberos_secrets_fetch_salt_princ() in ads_keytab_add_entry() s3:libads: remove unused kerberos_fetch_salt_princ_for_host_princ() s3:secrets: move kerberos_secrets_*salt related functions to machine_account_secrets.c s3:secrets: rework des_salt_key() to take the realm as argument s3:secrets: split out a domain_guid_keystr() function s3:secrets: add some const to secrets_store_domain_guid() s3:secrets: make use of des_salt_key() in secrets_store_machine_pw_sync() s3:secrets: rename secrets_delete() to secrets_delete_entry() s3:secrets: re-add secrets_delete() helper to simplify deleting optional keys s3:secrets: make use of secrets_delete() in secrets_store_machine_pw_sync() s3:secrets: let secrets_store_machine_pw_sync() delete the des_salt_key when there's no value s3:secrets: replace secrets_delete_prev_machine_password() by secrets_delete() s3:secrets: rewrite secrets_delete_machine_password_ex() using helper variables s3:secrets: let secrets_delete_machine_password_ex() remove SID and GUID too s3:secrets: let secrets_delete_machine_password_ex() also remove the des_salt key s3:secrets: use secrets_delete for all keys in secrets_delete_machine_password_ex() s3:trusts_util: pass dcname to trust_pw_change() libcli/auth: pass an array of nt_hashes to netlogon_creds_cli_auth*() libcli/auth: add const to set_pw_in_buffer() libcli/auth: pass the cleartext blob to netlogon_creds_cli_ServerPasswordSet*() s3:trusts_util: also pass the previous_nt_hash to netlogon_creds_cli_auth() lsa.idl: make lsa_DnsDomainInfo [public] netlogon.idl: make netr_TrustFlags [public] netlogon.idl: use lsa_TrustType and lsa_TrustAttributes in netr_trust_extension secrets.idl: add secrets_domain_info that will be used in secrets.tdb for machine account trusts s3:secrets: add infrastructure to use secrets_domain_infoB to store credentials net: add "net primarytrust dumpinfo" command that dumps the details of the workstation trust s3:libnet: make use of secrets_store_JoinCtx() s3:trusts_util: make use the workstation password change more robust net: make use of secrets_*_password_change() for "net changesecretpw" s3:libads: make use of secrets_*_password_change() in ads_change_trust_account_password() s3:secrets: remove unused secrets_store_[prev_]machine_password() selftest:Samba3: call "net primarytrust dumpinfo" setup_nt4_member() after the join Thomas Jarosch (1): s3: libsmb: Fix use-after-free when accessing pointer *p. Volker Lendecke (1): smbd: Fix a connection run-down race condition ----------------------------------------------------------------------- -- Samba Shared Repository