Karolin Seeger
2018-04-17 07:41:24 UTC
The annotated tag, samba-4.7.7 has been created
at 3ba0bc501c62b8fe3f2484ba1a1edea8c50b5271 (tag)
tagging 41f51e0180615494bc61ec643ba4e921208cc369 (commit)
replaces samba-4.7.6
tagged by Karolin Seeger
on Tue Apr 17 09:40:42 2018 +0200
- Log -----------------------------------------------------------------
samba: tag release samba-4.7.7
-----BEGIN PGP SIGNATURE-----
iEYEABECAAYFAlrVpPoACgkQbzORW2Vot+qVWwCeIbRewQTNt3rZI6WZ8Dvazd8u
nDcAoI3XGlWop7SMVAnj87QuOpVwE7F3
=hiOM
-----END PGP SIGNATURE-----
Amitay Isaacs (1):
ctdb-scripts: Drop "net serverid wipe" from 50.samba event script
Andreas Schneider (1):
s3:smbd: Do not crash if we fail to init the session table
Anton Nefedov via samba-technical (1):
s3:smbd: map nterror on smb2_flush errorpath
Christof Schmitt (5):
test_smbclient_s3.sh: Use correct separator in "list with backup privilege" test
nsswitch: Fix wbcListUsers test
nsswitch: Fix wbcListGroups test
Add test for wbinfo name lookup
winbindd: Do not ignore domain in the LOOKUPNAME request
Dan Robertson (1):
libsmb: Use smb2 tcon if conn_protocol >= SMB2_02
David Disseldorp (1):
build: fix ceph_statx check when configured with libcephfs_dir
David Mulder (1):
smbc_opendir should not return EEXIST with invalid login credentials
Eric Vannier (1):
Allow AESNI to be used on all processor supporting AESNI, not just Intel's This improves performance/reduced CPU usage. Tests performed: - Ran on Ivy Bridge and Ryzen and verified that AESNI is detected (crypto tests) - Ran on Ryzen, and observed 50% increased speed.
Garming Sam (3):
subnet: Avoid a segfault when renaming subnet objects
tests/py_creds: Add a SamLogonEx test with an empty string domain
tests/bind.py: Add a bind test with NTLMSSP with no domain
Günther Deschner (1):
build: fix libceph-common detection
Jeremy Allison (24):
CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs.
s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here.
s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir()
s3: vfs_fruit. Ensure we only return one set of the 'virtual' UNIX ACE entries.
s3: vfs_fruit: Ensure we operate on a copy of the incoming security descriptor.
s3: vfs_fruit. If the security descriptor was modified, ensure we set the flags correctly to reflect the ACE's left.
s3: vfs_fruit. Change check_ms_nfs() to remove the virtual ACE's generated by fruit_fget_nt_acl().
s3: smbd: vfs_fruit: Add remove_virtual_nfs_aces() a generic NFS ACE remover.
s3: smbd: vfs_fruit: Replace code in check_ms_nfs() with remove_virtual_nfs_aces().
s3: smbd: vfs_fruit: Replace code in fruit_fget_nt_acl() with remove_virtual_nfs_aces().
s4: vfs: fruit tests: Add regression test for dealing with NFS ACE entries.
s3: smbd: Fruit. Make the use of dom_sid_compare_domain() much clearer.
s3: debug: smb2: Create a new DBGC_SMB2 debug class and mark all smbd/smb2_*.c files with it.
lib: debug: Add DBGC_XXX versions of the macros to allow class-specific messages.
s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues.
s3: docs: Add documentation for "smb2" and "smb2_credits" debug classes.
s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without delete access.
s4: torture: Ensure a failed file create doesn't create the file.
s4: torture: Test all combinations of file create to ensure behavior is the same.
s4: torture: Test all combinations of file open with existing file to ensure behavior is the same.
s4: torture: Test all combinations of directory create to ensure behavior is the same.
s4: torture: Test all combinations of directory open with existing directory to ensure behavior is the same.
s3: smbd: Fix memory leak in vfswrap_getwd()
s3: smbd: Unix extensions attempts to change wrong field in fchown call.
Karolin Seeger (8):
VERSION: Bump version up to 4.7.6...
WHATSNEW: Add release notes for Samba 4.7.6.
VERSION: Disable GIT_SNAPSHOT for the 4.7.6 release.
VERSION: Bump version up to 4.7.7.
WHATSNEW: Add release notes for Samba 4.7.7.
VERISON: Bump version up to 4.7.8...
Revert "VERISON: Bump version up to 4.7.8..."
WHATSNEW: Fix release date.
Lutz Justen (1):
s3: lib: messages: Don't use the result of sec_init() before calling sec_init().
Poornima G (1):
vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async
Ralph Boehme (17):
CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete
CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE
CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values
CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights()
CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights()
CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks
CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control
CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights()
CVE-2018-1057: s4/dsdb: correctly detect password resets
CVE-2018-1057: s4:dsdb/acl: run password checking only once
CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control
CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID
CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control
libcli/security: only announce a session as GUEST if 'Builtin\Guests' is there without 'Authenticated User'
selftest: run vfs.fruit_netatalk test against seperate share
selftest: vfs.fruit: add xattr_tdb where possible
s3:smbd: don't use the directory cache for SMB2/3
Stefan Metzmacher (23):
Merge tag 'samba-4.7.6' into v4-7-test
s3:torture: add SMB2-ANONYMOUS which asserts no GUEST bit for anonymous
s3:selftest: run SMB2-ANONYMOUS
s3:auth: remove unused auth_serversupplied_info->system
s3:auth: add the "Unix Groups" sid for the primary gid
s3:auth: move add_local_groups() out of finalize_local_nt_token()
s3:passdb: handle dom_sid=NULL in create_builtin_{users,administrators}()
s3:auth: only call secrets_fetch_domain_sid() once in finalize_local_nt_token()
s3:auth: add add_builtin_guests() handling to finalize_local_nt_token()
s3:auth: don't try to expand system or anonymous tokens in finalize_local_nt_token()
s3:auth: pass AUTH_SESSION_INFO_* flags to finalize_local_nt_token()
s3:auth: remove static from finalize_local_nt_token()
auth: add auth_user_info_copy() function
s3:auth: add auth3_user_info_dc_add_hints() and auth3_session_info_create()
s3:auth: base make_new_session_info_system() on auth_system_user_info_dc() and auth3_create_session_info()
s3:auth: pass the whole auth_session_info from copy_session_info_serverinfo_guest() to create_local_token()
s3:auth: add make_{server,session}_info_anonymous()
s3:rpc_server: make use of make_session_info_anonymous()
s3:auth: make use of make_{server,session}_info_anonymous()
s3:libsmb: allow -U"\\administrator" to work
s3:cliconnect.c: remove useless ';'
s4:auth_sam: allow logons with an empty domain name
s3:smb2_server: correctly maintain request counters for compound requests
Volker Lendecke (8):
smbd: Fix a typo
torture4: Fix typos
smbd: Remove a "!" from an if-condition for easier readability
smbd: Fix channel sequence number checks for long-running requests
smbXcli: Add "force_channel_sequence"
torture: Add test for channel sequence number handling
dsdb: Fix CID 1034966 Uninitialized scalar variable
torture: Test compound request request counters
-----------------------------------------------------------------------
at 3ba0bc501c62b8fe3f2484ba1a1edea8c50b5271 (tag)
tagging 41f51e0180615494bc61ec643ba4e921208cc369 (commit)
replaces samba-4.7.6
tagged by Karolin Seeger
on Tue Apr 17 09:40:42 2018 +0200
- Log -----------------------------------------------------------------
samba: tag release samba-4.7.7
-----BEGIN PGP SIGNATURE-----
iEYEABECAAYFAlrVpPoACgkQbzORW2Vot+qVWwCeIbRewQTNt3rZI6WZ8Dvazd8u
nDcAoI3XGlWop7SMVAnj87QuOpVwE7F3
=hiOM
-----END PGP SIGNATURE-----
Amitay Isaacs (1):
ctdb-scripts: Drop "net serverid wipe" from 50.samba event script
Andreas Schneider (1):
s3:smbd: Do not crash if we fail to init the session table
Anton Nefedov via samba-technical (1):
s3:smbd: map nterror on smb2_flush errorpath
Christof Schmitt (5):
test_smbclient_s3.sh: Use correct separator in "list with backup privilege" test
nsswitch: Fix wbcListUsers test
nsswitch: Fix wbcListGroups test
Add test for wbinfo name lookup
winbindd: Do not ignore domain in the LOOKUPNAME request
Dan Robertson (1):
libsmb: Use smb2 tcon if conn_protocol >= SMB2_02
David Disseldorp (1):
build: fix ceph_statx check when configured with libcephfs_dir
David Mulder (1):
smbc_opendir should not return EEXIST with invalid login credentials
Eric Vannier (1):
Allow AESNI to be used on all processor supporting AESNI, not just Intel's This improves performance/reduced CPU usage. Tests performed: - Ran on Ivy Bridge and Ryzen and verified that AESNI is detected (crypto tests) - Ran on Ryzen, and observed 50% increased speed.
Garming Sam (3):
subnet: Avoid a segfault when renaming subnet objects
tests/py_creds: Add a SamLogonEx test with an empty string domain
tests/bind.py: Add a bind test with NTLMSSP with no domain
Günther Deschner (1):
build: fix libceph-common detection
Jeremy Allison (24):
CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs.
s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here.
s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir()
s3: vfs_fruit. Ensure we only return one set of the 'virtual' UNIX ACE entries.
s3: vfs_fruit: Ensure we operate on a copy of the incoming security descriptor.
s3: vfs_fruit. If the security descriptor was modified, ensure we set the flags correctly to reflect the ACE's left.
s3: vfs_fruit. Change check_ms_nfs() to remove the virtual ACE's generated by fruit_fget_nt_acl().
s3: smbd: vfs_fruit: Add remove_virtual_nfs_aces() a generic NFS ACE remover.
s3: smbd: vfs_fruit: Replace code in check_ms_nfs() with remove_virtual_nfs_aces().
s3: smbd: vfs_fruit: Replace code in fruit_fget_nt_acl() with remove_virtual_nfs_aces().
s4: vfs: fruit tests: Add regression test for dealing with NFS ACE entries.
s3: smbd: Fruit. Make the use of dom_sid_compare_domain() much clearer.
s3: debug: smb2: Create a new DBGC_SMB2 debug class and mark all smbd/smb2_*.c files with it.
lib: debug: Add DBGC_XXX versions of the macros to allow class-specific messages.
s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues.
s3: docs: Add documentation for "smb2" and "smb2_credits" debug classes.
s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without delete access.
s4: torture: Ensure a failed file create doesn't create the file.
s4: torture: Test all combinations of file create to ensure behavior is the same.
s4: torture: Test all combinations of file open with existing file to ensure behavior is the same.
s4: torture: Test all combinations of directory create to ensure behavior is the same.
s4: torture: Test all combinations of directory open with existing directory to ensure behavior is the same.
s3: smbd: Fix memory leak in vfswrap_getwd()
s3: smbd: Unix extensions attempts to change wrong field in fchown call.
Karolin Seeger (8):
VERSION: Bump version up to 4.7.6...
WHATSNEW: Add release notes for Samba 4.7.6.
VERSION: Disable GIT_SNAPSHOT for the 4.7.6 release.
VERSION: Bump version up to 4.7.7.
WHATSNEW: Add release notes for Samba 4.7.7.
VERISON: Bump version up to 4.7.8...
Revert "VERISON: Bump version up to 4.7.8..."
WHATSNEW: Fix release date.
Lutz Justen (1):
s3: lib: messages: Don't use the result of sec_init() before calling sec_init().
Poornima G (1):
vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async
Ralph Boehme (17):
CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete
CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE
CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values
CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights()
CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights()
CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks
CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control
CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights()
CVE-2018-1057: s4/dsdb: correctly detect password resets
CVE-2018-1057: s4:dsdb/acl: run password checking only once
CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control
CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID
CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control
libcli/security: only announce a session as GUEST if 'Builtin\Guests' is there without 'Authenticated User'
selftest: run vfs.fruit_netatalk test against seperate share
selftest: vfs.fruit: add xattr_tdb where possible
s3:smbd: don't use the directory cache for SMB2/3
Stefan Metzmacher (23):
Merge tag 'samba-4.7.6' into v4-7-test
s3:torture: add SMB2-ANONYMOUS which asserts no GUEST bit for anonymous
s3:selftest: run SMB2-ANONYMOUS
s3:auth: remove unused auth_serversupplied_info->system
s3:auth: add the "Unix Groups" sid for the primary gid
s3:auth: move add_local_groups() out of finalize_local_nt_token()
s3:passdb: handle dom_sid=NULL in create_builtin_{users,administrators}()
s3:auth: only call secrets_fetch_domain_sid() once in finalize_local_nt_token()
s3:auth: add add_builtin_guests() handling to finalize_local_nt_token()
s3:auth: don't try to expand system or anonymous tokens in finalize_local_nt_token()
s3:auth: pass AUTH_SESSION_INFO_* flags to finalize_local_nt_token()
s3:auth: remove static from finalize_local_nt_token()
auth: add auth_user_info_copy() function
s3:auth: add auth3_user_info_dc_add_hints() and auth3_session_info_create()
s3:auth: base make_new_session_info_system() on auth_system_user_info_dc() and auth3_create_session_info()
s3:auth: pass the whole auth_session_info from copy_session_info_serverinfo_guest() to create_local_token()
s3:auth: add make_{server,session}_info_anonymous()
s3:rpc_server: make use of make_session_info_anonymous()
s3:auth: make use of make_{server,session}_info_anonymous()
s3:libsmb: allow -U"\\administrator" to work
s3:cliconnect.c: remove useless ';'
s4:auth_sam: allow logons with an empty domain name
s3:smb2_server: correctly maintain request counters for compound requests
Volker Lendecke (8):
smbd: Fix a typo
torture4: Fix typos
smbd: Remove a "!" from an if-condition for easier readability
smbd: Fix channel sequence number checks for long-running requests
smbXcli: Add "force_channel_sequence"
torture: Add test for channel sequence number handling
dsdb: Fix CID 1034966 Uninitialized scalar variable
torture: Test compound request request counters
-----------------------------------------------------------------------
--
Samba Shared Repository
Samba Shared Repository