<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<h3>
Mathieu Parent pushed to branch upstream_4.9
at <a href="https://salsa.debian.org/samba-team/samba">Debian Samba Team / samba</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/424d4d2b4084e8778d82684d29514b5b45cdfd36">424d4d2b</a></strong>
<div>
<span>by Karolin Seeger</span>
<i>at 2018-11-08T07:56:10Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">VERSION: Bump version up to 4.9.3...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/7a54219050197351b2829fa12c095ee27f1fdb95">7a542190</a></strong>
<div>
<span>by Andreas Schneider</span>
<i>at 2018-11-12T15:04:51Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">lib:util: Fix DEBUGCLASS pointer initializiation
This fixes a segfault in pyglue:
==10142== Process terminating with default action of signal 11 (SIGSEGV)
==10142== Bad permissions for mapped region at address 0x6F00A20
==10142== at 0x6F1074B: py_set_debug_level (pyglue.c:165)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13679
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 71ef09c1afdbf967b829cb66b33c3a5cb1c18ba0)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Mon Nov 12 16:04:51 CET 2018 on sn-devel-144
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/7f8740c0acfbd9f18971dec233140822053d9b67">7f8740c0</a></strong>
<div>
<span>by Volker Lendecke</span>
<i>at 2018-11-16T07:41:06Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">winbindd: Fix crash when taking profiles
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13629
Signed-off-by: Volker Lendecke <vl@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/b6585b6fa67e273104be0401fd23075dac458b93">b6585b6f</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-11-16T07:41:06Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">s4:torture/vfs/fruit: torture writing AFP_AfpInfo stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 221133b0e9ed28274f7513d9416f13a81b7b458b)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/4672656d9e1daadcf32ed95f05cf6bd4478d1f93">4672656d</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-11-16T07:41:06Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">vfs_fruit: move a comment to the right place
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 4901d71c3de754a106662d01481b960ed7c2c4dd)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/5420863dd11161e50163eb20b022994c229ff836">5420863d</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-11-16T10:31:10Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">vfs_fruit: validation of writes on AFP_AfpInfo stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit a7c877847f855be5ee6673e541a181b818013abf)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Fri Nov 16 11:31:10 CET 2018 on sn-devel-144
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/299e6edd0e6f6f7f2f9712f686f4bbbc70718894">299e6edd</a></strong>
<div>
<span>by Volker Lendecke</span>
<i>at 2018-11-19T12:49:34Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">torture: Fix the 32-bit build
Unfortunately there's no off_t printf specifier as there's one for
size_t. So we have to use intmax_t.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 15 19:45:24 CET 2018 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13677
(cherry picked from commit 0872f140c4a354511b25bb5ed937b9e9409ade3a)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Mon Nov 19 13:49:34 CET 2018 on sn-devel-144
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/e71252ecb2b755dec4aa0d4d41181120026d9183">e71252ec</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-11-20T11:30:25Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">s3:selftest: split "raw.session" and "smb2.session"
The next commit is going to add a testsuite to "smb2.session".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit d0a8899ed57c2b368c3870b3899a3422251222aa)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/052df0f679d1135f93fabcdbfdca00ae020ce6c7">052df0f6</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-11-20T11:30:26Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">s3:selftest: also run smb2.session torture testsuite against ad_member
The next commit adds a subtest to the smb2.session testsuite that
requires Kerberos (ad_dc would work), but where neither SMB2 server or
client must require signing (ad_dc, being an AD DC, requires signing).
The ad_member environment supports Kerberos with the SMB2 server not
mandating signing, that'll do.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b86c94f0b929f2d9e521d41396c4e1611f5a4c5b)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/4f5af7ba7292fea93fb4607b7e6a18c8082247c2">4f5af7ba</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-11-20T11:30:26Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">libcli/smb: add smb2cli_session_require_signed_response()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit d407201d9bd4ee5ae5609dd107e3ab9ee7afbeb0)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/cd8ea322a32bf83ef0555815d99ab8c740665540">cd8ea322</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-11-20T11:30:26Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">libcli/smb: maintain require_signed_response in smbXcli_req_state
Not used for now, that comes next.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 67cfb01611869b7590ccd836dd13a80e53545714)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/6ca7a8a2ffb1c87f633dc0890b285dab73337bc2">6ca7a8a2</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-11-20T11:30:26Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">libcli/smb: defer singing check a little bit
This allows adding an additional condition to the if check where the
condition state may be modified in the "if (opcode ==
SMB2_OP_SESSSETUP)" case directly above.
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 7abf3900218e3d27c075b405735b2c38ec0fc4ca)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/6c3577a588599f638fdd70ddea28301a6940f220">6c3577a5</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-11-20T11:30:27Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming()
This can be used by the upper layers to force checking a response is
signed. It will be used to implement verification of session setup
reauth responses in a torture test. That comes next.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 53fe148476a5566b7a8204d7e44b6e75ce7d45bc)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/ff0db7ec9c2f7bae0b90b92dabbb611520f8d310">ff0db7ec</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-11-20T11:30:27Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">s4:torture/smb2/session: invalidate credential cache
Invalidate credential cache before connecting to the server, otherwise
we will reuse the credentials from the credential cache populated by the
preceeding tests.
Also invalidate it at the end, otherwise subsequent tests might run into
problems if the credentials expire while authenticating.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 368e1860654e737aa2fa9516cdd3668fa644009a)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/2b164eca30453381d666b9ed190880272ba7a165">2b164eca</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-11-20T11:30:27Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">s4:torture/smb2/session: require a signed session setup reauth response
All existing tests using this function require signing, so currently
this passes. A subsequent commit adds a test where neither client nor
server require signing and that's where this trap will explode.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit ffc424ee6bedc3c208acb4c0c83da836a12d6123)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/f2c456aa1b7d0a90d73265085d53275d868b56ac">f2c456aa</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-11-20T11:30:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">s4:torture/smb2/session: add force_signing to test_session_expire1i
Existing callers pass true, so no change in behaviour. The next commit
adds an additional test that passes force_signing=false.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 5fdea4095ac82536192c8d91c411b22e2683a5c1)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/77cf7167374b65258ff9da9aaf6118ba0e63f1aa">77cf7167</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-11-20T11:30:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">s4:torture/smb2/session: session reauth response must be signed
This test checks that a session setup reauth is signed even when neither
client nor server require signing.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 181f18c4bf70754a6f3132375d06250baab2871b)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/041e0945cb559c492a3f741cdaab48c85c0dde04">041e0945</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-11-20T11:30:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd
We talloc_move() session_info to session->global->auth_session_info
which sets session_info to NULL.
This means security_session_user_level(NULL, NULL) will always return
SECURITY_ANONYMOUS so we never sign the session setup response.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 13 14:22:46 CET 2018 on sn-devel-144
(cherry picked from commit bb93e691ca9b1922bf552363a1e7d70792749d67)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/7cd5db7a63db2746c600e740e33e426a975bd901">7cd5db7a</a></strong>
<div>
<span>by Martin Schwenke</span>
<i>at 2018-11-20T14:50:33Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ctdb-tests: Make the debug hung script test cope with unreadable stacks
Ideally this would just involve using "test -r". However, operating
system security features may mean that kernel stacks are not readable
even though they appear to be.
Instead, try reading that stack of a process on the test node. If
that succeeds then so should reading the stack of the "stuck" sleep
process in the test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13684
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Thu Nov 15 08:15:32 CET 2018 on sn-devel-144
(cherry picked from commit c1dd6382e3211792e313f7d559b943f55c9cb0e1)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Tue Nov 20 15:50:33 CET 2018 on sn-devel-144
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/a96d403ff304b917195c9536a8a109779daf7d2e">a96d403f</a></strong>
<div>
<span>by Karolin Seeger</span>
<i>at 2018-11-25T13:46:28Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">VERSION: Bump version up to 4.9.3...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit 424d4d2b4084e8778d82684d29514b5b45cdfd36)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/bf596c14c2462b9a15ea738ef4f32b3abb8b63d1">bf596c14</a></strong>
<div>
<span>by Aaron Haslett</span>
<i>at 2018-11-25T13:46:43Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-14629 dns: CNAME loop prevention using counter
Count number of answers generated by internal DNS query routine and stop at
20 to match Microsoft's loop prevention mechanism.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/6e84215d4aa7ef51096db3b187adbe22cacdd921">6e84215d</a></strong>
<div>
<span>by Andrew Bartlett</span>
<i>at 2018-11-25T13:46:49Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal
In Heimdal KRB5_KDC_ERR_CLIENT_NAME_MISMATCH is an enum, so we tried to double-free
mem_ctx.
This was introduced in 9a0263a7c316112caf0265237bfb2cfb3a3d370d for the
MIT KDC effort.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/4783b9d6a43287a938b18e15f146e6895b689956">4783b9d6</a></strong>
<div>
<span>by Andrew Bartlett</span>
<i>at 2018-11-25T13:46:49Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/f40e1b3b42ce23b574a4c530545ff8170ddc7330">f40e1b3b</a></strong>
<div>
<span>by Gary Lockyer</span>
<i>at 2018-11-25T13:46:54Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16852 dcerpc dnsserver: Verification tests
Tests to verify
Bug 13669 - (CVE-2018-16852) NULL
pointer de-reference in Samba AD DC DNS management
The presence of the ZONE_MASTER_SERVERS property or the
ZONE_SCAVENGING_SERVERS property in a zone record causes the server to
follow a null pointer and terminate.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/05f867db81f118215445f2c49eda4b9c3451d14a">05f867db</a></strong>
<div>
<span>by Gary Lockyer</span>
<i>at 2018-11-25T13:46:54Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16852 dcerpc dnsserver: Ensure properties are handled correctly
Fixes for
Bug 13669 - (CVE-2018-16852) NULL
pointer de-reference in Samba AD DC DNS management
The presence of the ZONE_MASTER_SERVERS property or the
ZONE_SCAVENGING_SERVERS property in a zone record causes the server to
follow a null pointer and terminate.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/c78ca8b9b48a19e71f4d6ddd2e300f282fb0b247">c78ca8b9</a></strong>
<div>
<span>by Gary Lockyer</span>
<i>at 2018-11-25T13:46:54Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16852 dcerpc dnsserver: refactor common properties handling
dnsserver_common.c and dnsutils.c both share similar code to process
zone properties. This patch extracts the common code and moves it to
dnsserver_common.c.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/f33f52c366f7cf140f470de44579dcb7eb832629">f33f52c3</a></strong>
<div>
<span>by Garming Sam</span>
<i>at 2018-11-25T13:46:58Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16851 ldap_server: Check ret before manipulating blob
In the case of hitting the talloc ~256MB limit, this causes a crash in
the server.
Note that you would actually need to load >256MB of data into the LDAP.
Although there is some generated/hidden data which would help you reach that
limit (descriptors and RMD blobs).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13674
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/4aabfecd290cd2769376abf7f170e832becc4112">4aabfecd</a></strong>
<div>
<span>by Andrew Bartlett</span>
<i>at 2018-11-25T13:47:02Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental
This matches https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13678
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/862d4909eccd18942e3de8e8b0dc6e1594ec27f1">862d4909</a></strong>
<div>
<span>by Andrew Bartlett</span>
<i>at 2018-11-25T13:47:06Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16857 selftest: Prepare to allow override of lockout duration in password_lockout tests
This will make it easier to avoid flapping tests.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
(cherry picked from commit a740a6131c967f9640b19a6964fd5d6f85ce853a)
Backported as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/31198d39a76474d55c3d391e04d76758ee115d8e">31198d39</a></strong>
<div>
<span>by Joe Guo</span>
<i>at 2018-11-25T13:47:06Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16857 PEP8: fix E305: expected 2 blank lines after class or function definition, found 1
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Partial backport of commit 115f2a71b88 (only password_lockout.py
change) as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/4d0fd1a421ad4a3ca19ed954ee91fcc36413b017">4d0fd1a4</a></strong>
<div>
<span>by Andrew Bartlett</span>
<i>at 2018-11-25T13:47:06Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16857 selftest: Split up password_lockout into tests with and without a call to sleep()
This means we can have a long observation window for many of the tests and
so make them much more reliable. Many of these cause frustrating flapping
failures in our CI systems.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Sep 3 06:14:55 CEST 2018 on sn-devel-144
(cherry picked from commit 74357bf347348d3a8b7483c58e5250e98f7e8810)
Backported as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/fe8e05a9ea8185325ff87ac73ef0106a85cd662a">fe8e05a9</a></strong>
<div>
<span>by Joe Guo</span>
<i>at 2018-11-25T13:47:06Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16857 PEP8: fix E127: continuation line over-indented for visual indent
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Partial backport of commit bbb9f57603d (only password_lockout_base.py
change) as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/9cb6b4e9131afac71a39a2f6a3c142723cb6ca19">9cb6b4e9</a></strong>
<div>
<span>by Joe Guo</span>
<i>at 2018-11-25T13:47:06Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16857 PEP8: fix E251: unexpected spaces around keyword / parameter equals
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Partial backport of commit 1ccc36b4010cd63 (only password_lockout_base.py
change) as a dependency for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/ec9cc4ed5a05490297cde3fcaac50eeeaaca8469">ec9cc4ed</a></strong>
<div>
<span>by Tim Beale</span>
<i>at 2018-11-25T13:47:06Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16857 tests: Sanity-check password lockout works with default values
Sanity-check that when we use the default lockOutObservationWindow that
user lockout actually works.
The easiest way to do this is to reuse the _test_login_lockout()
test-case, but stop at the point where we wait for the lockout duration
to expire (because we don't want the test to wait 30 mins).
This highlights a problem currently where the default values don't work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/4f86beeaf3408383385ee99a74520a805dd63c0f">4f86beea</a></strong>
<div>
<span>by Tim Beale</span>
<i>at 2018-11-25T13:47:06Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16857 dsdb/util: Correctly treat lockOutObservationWindow as 64-bit int
Commit 442a38c918ae1666b35 refactored some code into a new
get_lockout_observation_window() function. However, in moving the code,
an ldb_msg_find_attr_as_int64() inadvertently got converted to a
ldb_msg_find_attr_as_int().
ldb_msg_find_attr_as_int() will only work for values up to -2147483648
(about 3.5 minutes in MS timestamp form). Unfortunately, the automated
tests used a low enough timeout that they still worked, however,
password lockout would not work with the Samba default settings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/d12b02c78842786969557b9be7c953e9594d90dd">d12b02c7</a></strong>
<div>
<span>by Tim Beale</span>
<i>at 2018-11-25T13:47:06Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16857 dsdb/util: Fix lockOutObservationWindow for PSOs
Fix a remaining place where we were trying to read the
msDS-LockoutObservationWindow as an int instead of an int64.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/60b2cd50f4d0554cc5ca8c53b2d1fa89e56a6d06">60b2cd50</a></strong>
<div>
<span>by Tim Beale</span>
<i>at 2018-11-25T13:47:06Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16857 dsdb/util: Add better default lockOutObservationWindow
Clearly the lockOutObservationWindow value is important, and using a
default value of zero doesn't work very well.
This patch adds a better default value (the domain default setting of 30
minutes).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/bec29625127fc62ae2f023ea43d918638dd4156e">bec29625</a></strong>
<div>
<span>by Karolin Seeger</span>
<i>at 2018-11-25T14:23:23Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">WHATSNEW: Add release notes for Samba 4.9.3.
o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
Internal DNS server)
o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers)
o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported))
o CVE-2018-16857 (Bad password count in AD DC not always effective)
Signed-off-by: Karolin Seeger <kseeger@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/40c057c900a9367e8020c943d29547ea8942212f">40c057c9</a></strong>
<div>
<span>by Karolin Seeger</span>
<i>at 2018-11-25T14:24:31Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">VERSION: Disable GIT_SNAPSHOT for the 4.9.3 release.
o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
Internal DNS server)
o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers)
o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported))
o CVE-2018-16857 (Bad password count in AD DC not always effective)
Signed-off-by: Karolin Seeger <kseeger@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/9e05ff6b9bffe3bba5439453ba65589f9518b57e">9e05ff6b</a></strong>
<div>
<span>by Karolin Seeger</span>
<i>at 2018-11-27T10:05:18Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge tag 'samba-4.9.3' into v4-9-test
samba: tag release samba-4.9.3
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/b3d376b7d4d81cf4e955c3d2794c8d6f005ba6b5">b3d376b7</a></strong>
<div>
<span>by Karolin Seeger</span>
<i>at 2018-11-27T10:05:40Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">VERSION: Bump version up to 4.9.4.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/a816ca4004a784a423ef5e4cf195361554f24412">a816ca40</a></strong>
<div>
<span>by Joe Guo</span>
<i>at 2018-12-04T12:55:09Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">PEP8: fix E231: missing whitespace after ','
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(part of commit 12d3fbe15cb58b57c60499103101e3a845378859 from master
cherry-picked to v4-9-test)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/517df6d3da3ee988d1da96cbba20cbf401ead04e">517df6d3</a></strong>
<div>
<span>by Garming Sam</span>
<i>at 2018-12-04T12:55:09Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">dirsync: Allow arbitrary length cookies
The length of the cookie is proportional to the number of DCs ever in
the domain (as it stores the uptodateness vector which has stale
invocationID).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit b7a0d3b110697923a31e353905d3b1bd9385ea9b)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/f4105adc285f8414aaaacd3bfd80973737327608">f4105adc</a></strong>
<div>
<span>by Garming Sam</span>
<i>at 2018-12-04T12:55:09Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">sync_passwords: Remove dirsync cookie logging for continuous operation
Under normal operation, users shouldn't see giant cookies in their logs.
We still log the initial cookie retrieved from the cache database, which
should still be helpful for identifying corrupt cookies.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit ac90c9faa783fc133229e7c163471d96440ff30e)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/f678c6f06f03b81cec1ea38ee1a4f4c67c38dcfe">f678c6f0</a></strong>
<div>
<span>by Garming Sam</span>
<i>at 2018-12-04T12:55:09Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ldb_controls: Add some talloc error checking for controls
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit ad8bb6fcd08be28c40f2522d640333e9e69b7852)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/739ce2c733521fe53a74927f9c801ba503cc1586">739ce2c7</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-12-04T12:55:09Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works
This adds a simple test that verifies that after having set
smbXcli_session_set_disconnect_expired() a session gets disconnected
when it expires.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit a5d1bb5c5b5a57a2d7710dc5ab962683fe5c8e68)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/2332c99cba77bea1113014011d840b2005a4a75f">2332c99c</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-12-04T12:55:09Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">libcli/smb: don't overwrite status code
The original commit c5cd22b5bbce724dcd68fe94320382b3f772cabf from bug
9175 never worked, as the preceeding signing check overwrote the status
variable.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 13 17:28:45 CET 2018 on sn-devel-144
(cherry picked from commit 5a8583ed701be97c33a20b2a20f6bbb8ac2f8e99)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/d2a6e3e1bb4609224fc9316abaaa156b3f71cb34">d2a6e3e1</a></strong>
<div>
<span>by Isaac Boukris</span>
<i>at 2018-12-04T12:55:09Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16853: Fix kinit test on system lacking ldbsearch
By fixing bindir variable name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/09f9bb2837180ca27085b27aa636bfbae975f294">09f9bb28</a></strong>
<div>
<span>by Isaac Boukris</span>
<i>at 2018-12-04T12:55:09Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16853: The ticket in check_policy_as can actually be a TGS
This happens when we are called from S4U2Self flow, and in that case
kdcreq->client is NULL. Use the name from client entry instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/a2f4d49c1c545d9a64d34d0413f3e840d8f109f6">a2f4d49c</a></strong>
<div>
<span>by Isaac Boukris</span>
<i>at 2018-12-04T12:55:09Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16853: Add a test to verify s4u2self doesn't crash
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/a26e6160b3361f02d9d91f04114b8a03adf11780">a26e6160</a></strong>
<div>
<span>by Andreas Schneider</span>
<i>at 2018-12-04T12:55:09Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16853: Do not segfault if client is not set
This can be triggered with FAST but we don't support this yet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/b2ef0e08a9beda7231629dce6875a8c37360acf8">b2ef0e08</a></strong>
<div>
<span>by Isaac Boukris</span>
<i>at 2018-12-04T16:27:18Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-16853: fix crash in expired passowrd case
When calling encode_krb5_padata_sequence() make sure to
pass a null terminated array as required.
Fixes expired passowrd case in samba4.blackbox.kinit test.
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Tue Dec 4 17:27:18 CET 2018 on sn-devel-144
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/6a549df2419199e2364e6206fc3ab3cc2b4b0eaf">6a549df2</a></strong>
<div>
<span>by Martin Schwenke</span>
<i>at 2018-12-05T12:01:52Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">ctdb-daemon: Exit with error if a database directory does not exist
Since 4.9.0, the log messages can be confusing if a required database
directory does not exist. Explicitly check for database directories,
logging a clear error and exiting if one is missing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13696
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Dec 3 06:56:41 CET 2018 on sn-devel-144
(cherry picked from commit dd7574afd1b2fb6a88defa154bc3d15e94f9ce0d)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Wed Dec 5 13:01:52 CET 2018 on sn-devel-144
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/850a5521a3bfcbacd6fe029200eb9ea0f908a80c">850a5521</a></strong>
<div>
<span>by Aaron Haslett</span>
<i>at 2018-12-10T09:12:21Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-14629: Tests to expose regression from dns cname loop fix
These tests expose the regression described by Stefan Metzmacher in
discussion on the bugzilla paged linked below.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 14399fd818b130a6347eec860460929c292d5996)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/53b2e9aff3a292e0383168aa0e1c3d8fc417f17a">53b2e9af</a></strong>
<div>
<span>by Stefan Metzmacher</span>
<i>at 2018-12-10T09:12:21Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2018-14629 dns: fix CNAME loop prevention using counter regression
The loop prevention should only be done for CNAME records!
Otherwise we truncate the answer records for A, AAAA or
SRV queries, which is a bad idea if you have more than 20 DCs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec 4 08:52:29 CET 2018 on sn-devel-144
(cherry picked from commit 34f4491d79b47b2fe2457b8882f11644cf773bc4)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/7cc1a8d9caacb8dfe29fe6c0c533f016db707a42">7cc1a8d9</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-12-10T09:12:21Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">selftest: test wbinfo -n and --gid-info with "NT Authority"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit c46b6b111e8adcd7cf029e5c3293cbdc471793db)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/cf7e9d3d90f99d2fc726c8230b3b6129474b602b">cf7e9d3d</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-12-10T09:12:22Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">libcli/security: add dom_sid_lookup_is_predefined_domain()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 2de5f06d399109009c343b0acfef822db38502a1)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/fd91429b5290a0e76e522fe743841514053576db">fd91429b</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-12-10T09:12:22Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">winbindd: add some braces
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit e0f784baeaa73096534d9a1ed941028d99f84ece)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/ac2c24cc42429516150e511ed13dd84c2cb948f8">ac2c24cc</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-12-10T09:12:22Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">winbindd: fix predefined domains routing in find_lookup_domain_from_sid()
Route predefined domains through the BUILTIN domain child, not passdb.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b512a58bbd7361cbbcf68f6713943377338fc2a1)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/1d0e4511ce1e2e79d2b8633de769639b5db856a0">1d0e4511</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-12-10T12:43:15Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">winbindd: Route predefined domains through the BUILTIN domain child
Without this eg "NT Authority" didn't work:
$ bin/wbinfo -n "NT Authority/Authenticated Users"
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name NT Authority/Authenticated Users
$ bin/wbinfo --group-info="NT Authority/Authenticated Users"
failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for group NT Authority/Authenticated Users
With the patch:
$ bin/wbinfo -n "NT Authority/Authenticated Users"
S-1-5-11 SID_WKN_GROUP (5)
$ bin/wbinfo --group-info="NT Authority/Authenticated Users"
NT AUTHORITY\authenticated users:x:10002:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Dec 5 11:27:22 CET 2018 on sn-devel-144
(cherry picked from commit 8b8d9fdad4a4e2c479141b3d40e9a7320a49c0dd)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Mon Dec 10 13:43:15 CET 2018 on sn-devel-144
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/f53459c923232d85489844634289638f26000c9c">f53459c9</a></strong>
<div>
<span>by Justin Stephenson</span>
<i>at 2018-12-13T12:48:21Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">s3:libads: Add net ads leave keep-account option
Add the ability to leave the domain with --keep-account argument to avoid
removal of the host machine account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13498
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit d881f0c8a0ce2fc7cabf1966c5724e72c70d6694)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/8eaf7922410657c9e87b4cf1f04a9eae6cf77990">8eaf7922</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-12-13T12:48:21Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">vfs_error_inject: add pwrite
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 55a82f907f6410ff478e82b0cf7f1caeacaf5ddd)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/1cf55de5cebbe4b043b0538595a0c57ed2da1806">1cf55de5</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-12-13T12:48:21Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">vfs_error_inject: add EBADF error
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 523a9b312c9f09178a5afefb48343e684e41d817)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/6f8ea0a08eaced713bb358dc4f1b74cc84028f9f">6f8ea0a0</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-12-13T12:48:21Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">s4:torture: add a test-suite for VSS
This test will not be run from the main torture test runner in selftest,
as there we don't pass the required arguments 'twrp_file' and
'twrp_snapshot'.
The test needs a carefully prepared environment with provisioned
snapshot data, so the test will be started from a blackbox test
script. That comes next.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 48ddb87a32ca44c2fcc5aac0cc28c5527dc7eade)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/0244de24cfe2df7c85bb8e28fa228ccebb9cacb2">0244de24</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-12-13T12:48:21Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">s3:script/tests: add a test for VSS write behaviour
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 12778f015988f7e8755016c72c26939998758dae)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/0e355e3826fc0fa251a068ed5d620269168a308f">0e355e38</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-12-13T12:48:22Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">vfs_shadow_copy2: add _already_converted arg to shadow_copy2_strip_snapshot_internal()
Not used for now, all existing callers pass NULL.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 87bf06ed790dad8a4f650c0cd1b6781864666cbf)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/256d488b593278482d2d9bb2e75b6304d8562d0a">256d488b</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-12-13T12:48:22Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">vfs_shadow_copy2: add shadow_copy2_strip_snapshot_converted
Can be used by callers to determine if a path is in fact pointing at a
file in a snapshot. Will be used in the next commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 14d6488d355e960ab02e72c414cbbc316f1db718)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/e60c9431c6e5619f84374851b90cbbf59e4fbb61">e60c9431</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-12-13T12:48:22Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">vfs_shadow_copy2: nicely deal with attempts to open previous version for writing
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit cf95756235f718478e556ce1fbf7c032f9c9acfb)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/1f897e6c1d2b29e92b9ddbc62a07ce66dbec4d93">1f897e6c</a></strong>
<div>
<span>by Günther Deschner</span>
<i>at 2018-12-13T12:48:22Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13708
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Dec 11 17:26:31 CET 2018 on sn-devel-144
(cherry picked from commit 75d15484f3b71b1a2684c4a73e53aaa467f9932b)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/3295cc8b4a51c09009785026b541c5ce1fc2fd2a">3295cc8b</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-12-13T12:48:22Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">s3:selftest: add a VSS test reading a stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit cfffa2e2428b42db65a4ece00602e0cef8ceb5a3)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/88863119323fd758b922e2cfe05b13462f72bde9">88863119</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-12-13T12:48:22Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">s3:smbd: prepare filename_convert_internal() for twrp
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit bffc540bc8459cbb1bd1a98528fb1d3b2b54d1d2)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/f8c144fa191b1c30f7a16fa527ddd540266f7927">f8c144fa</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-12-13T12:48:22Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">s3:smbd: add twrp processing to filename_convert_internal()
Not used for now, existing callers pass NULL.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c69bd336a17ca04dbfb4f5d04a963d25b9925118)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/baf1e0f30fe052156ba10f956a870e0e4937f1d5">baf1e0f3</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-12-13T12:48:23Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">s3:smbd: add twrp args to filename_convert()
All existing callers pass NULL, no change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 14b6e6842b76d7c3e53249ba026a3ff51615ebd7)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/fa2a9c3be08c42c8b2f800e384c0d428a232bacb">fa2a9c3b</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-12-13T12:48:23Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">s3:smbd: pass down twrp from SMB2_CREATE to filename_convert()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9c462e1b324ebad60c51bd6e8e659b39a31ec02e)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/d18c5775771d8c3bb9661335c0af2415a2c4b0e8">d18c5775</a></strong>
<div>
<span>by Ralph Boehme</span>
<i>at 2018-12-13T15:47:40Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">vfs_shadow_copy2: in fstat also convert fsp->fsp_name and fsp->base_fsp->fsp_name
Stacked VFS modules might use the file name, not the file
handle. Looking at you, vfs_fruit...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit aa1fac696956f96e89e54ddd4535a6e2844161b0)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Thu Dec 13 16:47:40 CET 2018 on sn-devel-144
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/9da8cd023f263e61ca8e91fa1d656cfe643730b0">9da8cd02</a></strong>
<div>
<span>by Karolin Seeger</span>
<i>at 2018-12-20T08:23:09Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">WHATSNEW: Add release notes for Samba 4.9.4.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/f1a0c8355e60c0fbaf6333132803d8fea0b290a8">f1a0c835</a></strong>
<div>
<span>by Karolin Seeger</span>
<i>at 2018-12-20T08:23:46Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">VERSION: Disable GIT_SNAPSHOT for the 4.9.4 release.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/commit/844dc32d630203e1665e78ce6d4e0e346552cb5f">844dc32d</a></strong>
<div>
<span>by Mathieu Parent</span>
<i>at 2018-12-22T08:48:57Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">New upstream version 4.9.4+dfsg</pre>
</li>
</ul>
<h4>30 changed files:</h4>
<ul>
<li class="file-stats">
<a href="#b33892fbddeffc3368077b4904ad0b3d562a7312">
VERSION
</a>
</li>
<li class="file-stats">
<a href="#3277e12b5a9f9ff632d229e2629d34ad21dd93fc">
WHATSNEW.txt
</a>
</li>
<li class="file-stats">
<a href="#7621aa1ce515b0afdaffdf0eca777ff6f439e31a">
ctdb/doc/ctdb-etcd.7
</a>
</li>
<li class="file-stats">
<a href="#5cbe2af7f9551bd8ba760b3978da68f98bcca8d1">
ctdb/doc/ctdb-script.options.5
</a>
</li>
<li class="file-stats">
<a href="#6f372b1da785e9b62534d3ddc2b1cc994e1edea1">
ctdb/doc/ctdb-statistics.7
</a>
</li>
<li class="file-stats">
<a href="#bff45f5b0a1ff6f2cac0546191f2199bad760297">
ctdb/doc/ctdb-tunables.7
</a>
</li>
<li class="file-stats">
<a href="#cf03e1c00a6ff50094bf342fee6dbac15b3a4e0f">
ctdb/doc/ctdb.1
</a>
</li>
<li class="file-stats">
<a href="#ab0737fb37c5f24c1a655306d7f3cf9b28970fa1">
ctdb/doc/ctdb.7
</a>
</li>
<li class="file-stats">
<a href="#355570170158b89f755ad8c2655ff1b55be32cfb">
ctdb/doc/ctdb.conf.5
</a>
</li>
<li class="file-stats">
<a href="#f3298e106280fd2e988e57b01b9f5697370b66b1">
ctdb/doc/ctdb.sysconfig.5
</a>
</li>
<li class="file-stats">
<a href="#027f7ec3db27f736464febdb40a2f5784278e923">
ctdb/doc/ctdb_diagnostics.1
</a>
</li>
<li class="file-stats">
<a href="#944489b6fed794d85434d7748c57ff12c56034db">
ctdb/doc/ctdb_mutex_ceph_rados_helper.7
</a>
</li>
<li class="file-stats">
<a href="#b3f02388c7b39adb49f0f55dbc87a0b75e7f21c3">
ctdb/doc/ctdbd.1
</a>
</li>
<li class="file-stats">
<a href="#2097dbfda6f5cb780a636fd916929b31054ddd8c">
ctdb/doc/ctdbd_wrapper.1
</a>
</li>
<li class="file-stats">
<a href="#1abbc4563e217dafc807f4824b2e10419a31fcf7">
ctdb/doc/ltdbtool.1
</a>
</li>
<li class="file-stats">
<a href="#0a2e2417e72340b1b7bea2f903aa804c91c6386b">
ctdb/doc/onnode.1
</a>
</li>
<li class="file-stats">
<a href="#cfbec512f592346951273f1f00fd0300153259f8">
ctdb/doc/ping_pong.1
</a>
</li>
<li class="file-stats">
<a href="#a86a039d3c7dd28efa181fa21076227856dff3a0">
ctdb/server/ctdbd.c
</a>
</li>
<li class="file-stats">
<a href="#5dd4e8fb0684f34434ab778375f9fc430ac0c9ae">
ctdb/tests/simple/90_debug_hung_script.sh
</a>
</li>
<li class="file-stats">
<a href="#ff24328aaf3ffa605e87eeecbcf2383fcbd513c2">
docs-xml/manpages/net.8.xml
</a>
</li>
<li class="file-stats">
<a href="#3ffe9922012afbdd8d172aea0e4a744017a46c3e">
docs/manpages/cifsdd.8
</a>
</li>
<li class="file-stats">
<a href="#fb65349fa2f09806b79d9f359349e05a1a43aab9">
docs/manpages/dbwrap_tool.1
</a>
</li>
<li class="file-stats">
<a href="#eae12bb44b3ee724b1c740f12730f4c389df0b72">
docs/manpages/eventlogadm.8
</a>
</li>
<li class="file-stats">
<a href="#8b9d6931b4023500ead3431562d618ffd52466ff">
docs/manpages/findsmb.1
</a>
</li>
<li class="file-stats">
<a href="#28926762f13c3ce5a1de6e2d2e8068ffb67c6740">
docs/manpages/idmap_ad.8
</a>
</li>
<li class="file-stats">
<a href="#e777d8f0d1e98d8eb6b36fe3cecbf128683c39d6">
docs/manpages/idmap_autorid.8
</a>
</li>
<li class="file-stats">
<a href="#25cc1933670f40b62ff9a036acd111a74cd79767">
docs/manpages/idmap_hash.8
</a>
</li>
<li class="file-stats">
<a href="#5e94741d6f83b11f5f44b9534cb80852b6663b3b">
docs/manpages/idmap_ldap.8
</a>
</li>
<li class="file-stats">
<a href="#9866bbd092d8ac30b5d4d0b2c769014f00968de0">
docs/manpages/idmap_nss.8
</a>
</li>
<li class="file-stats">
<a href="#a656ad172d8f1be792355bac9e7b4c3bbd953e10">
docs/manpages/idmap_rfc2307.8
</a>
</li>
</ul>
<h5>The diff was not included because it is too large.</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777777;">
—
<br>
<a href="https://salsa.debian.org/samba-team/samba/compare/daedac997f73d5e647e10d3247032571bb8a0c30...844dc32d630203e1665e78ce6d4e0e346552cb5f">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.
</p>
</div>
</body>
</html>