[Pkg-samba-maint] [samba] annotated tag debian/2%4.5.12+dfsg-2+deb9u1 created (now fa5042f)
Mathieu Parent
sathieu at moszumanska.debian.org
Tue Nov 21 09:44:38 UTC 2017
This is an automated email from the git hooks/post-receive script.
sathieu pushed a change to annotated tag debian/2%4.5.12+dfsg-2+deb9u1
in repository samba.
at fa5042f (tag)
tagging 6b982e98dd4f8fd189ff82fcb21706462810472d (commit)
replaces upstream/4.5.12+dfsg
tagged by Mathieu Parent
on Tue Nov 21 10:43:09 2017 +0100
- Log -----------------------------------------------------------------
samba Debian release 2:4.5.12+dfsg-2+deb9u1
Abhidnya Joshi (2):
idmap_autorid: fix failure in reverse lookup if ID is from domain range index #0
s3: fix missing braces in nfs4_acls.c
Alberto Maria Fiaschi (1):
access based share enum: handle permission set in configuration files
Alexander Bokovoy (10):
lsa.idl: define lsa.ForestTrustCollisionInfo and ForestTrustCollisionRecord as public structs
add systemd integration
smbd: use exit_daemon() to support reporting to systemd from smbd
nmbd: use exit_daemon() to report status to systemd
winbindd: use exit_daemon() to pass startup status to systemd
ad-dc: use exit_daemon() to communicate status of startup to systemd
s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used
s3-parm: clean up defaults when removing global parameters
s3-smbd: Support systemd 230
libnet_join: use sitename if it was set by pre-join detection
Alexander Werth (1):
s3: Remove old mode special substitution.
Alistair Leslie-Hughes (1):
Stop use after free
Amitay Isaacs (88):
s4-rpc: dnsserver: Allow . to be specified for @ record
tests: dnsserver: Add a update test with name set to '.'
s4-rpc: dnsserver: Correctly set rank for glue NS records
s4-rpc: dnsserver: Do not return NS_GLUE records with VIEW_GLUE_DATA filter
s4-rpc: dnsserver: Do not search for deleted DNS entries
build: Remove configure option --enable-old-ctdb
build: Remove checks for ctdb features
build: Remove configure option --with-ctdb-dir
ctdb: Rename ctdb socket variable from CTDB_PATH to CTDB_SOCKET
build: Remove configure checks for ctdb headers
build: Simplify check for building with ctdb
ctdb: Rename CTDB_VERSION to CTDB_PROTOCOL
s4-dns: Update template variables, change BIND98 --> BIND9_8
s4-dns: Check DLZ_DLOPEN_VERSION for different BIND versions
s4-dns: Update dlz_minimal.h based on BIND release 9.10
s4-dns: Add support for BIND 9.10
s4-dns: Update template variables, change BIND98 --> BIND9_8
s4-dns: Check DLZ_DLOPEN_VERSION for different BIND versions
s4-dns: Update dlz_minimal.h based on BIND release 9.10
s4-dns: Add support for BIND 9.10
s4-dns: dlz-bind: Add trailing '.' to all fqdn strings
s4-dns: dlz-bind: Add trailing '.' to all fqdn strings
ctdb-vacuum: Track time for vacuuming in database statistics
ctdb-vacuum: Stagger vacuuming child processes
ctdb-vacuum: Use non-blocking lock when traversing delete queue
ctdb-vacuum: Use non-blocking lock when traversing delete tree
ctdb-vacuum: Do not delete VACUUM MIGRATED records immediately
ctdb-recoverd: Process all the records for vacuum fetch in a loop
ctdb-eventscripts: Specify broadcast optionally to ip addr add
ctdb-daemon: Fix IP address comparisons for IPv6 addresses
ctdb-build: Fix the indentation
ctdb-build: Fix the installation of config files for top-level build
packaging: Include CTDB man pages in the tarball
ctdb-daemon: Use correct tdb flags when enabling robust mutex support
ctdb-io: Do not use sys_write to write to client sockets
ctdb-banning: If node is already banned, do not run ctdb_local_node_got_banned()
ctdb-pmda: Add missing prototype declaration for non-static function
ctdb-tool: Correctly print timed out event scripts output
ctdb-daemon: Correctly process the exit code from failed eventscripts
ctdb-common: Protocol argument must be in host order for socket() call
ctdb-common: Protocol argument must be in host order for socket() call
ctdb-common: Use documented names for protocol family in socket()
ctdb-common: Use documented names for protocol family in socket()
Revert "ctdb-daemon: Check packet generation against database generation"
ctdb-common: For AF_PACKET socket types, protocol is in network order
ctdb-recoverd: Freeze databases whenever the node is INACTIVE
ctdb-recovery: Create recovery databases in state dir
ctdb-recovery: Add a log message when marshalling recovery database fails
ctdb-client: Add async version of set/remove message handler functions
ctdb-doc: Sort the tunable variables in alphabetical order
ctdb-doc: Update tunables documentation
ctdb-doc: Add documentation for missing tunables
ctdb-recovery-helper: Get tunables first, so control timeout can be set
ctdb-client: Add client API for sending message to multiple nodes
ctdb-tunables: Add new tunable RecBufferSizeLimit
ctdb-protocol: Add new data type ctdb_pulldb_ext for new control
ctdb-protocol: Add new controls DB_PULL and DB_PUSH_START/DB_PUSH_CONFIRM
ctdb-daemon: Implement new controls DB_PULL and DB_PUSH_START/DB_PUSH_CONFIRM
ctdb-client: Add client API functions for new controls
ctdb-recovery-helper: Factor out generic recv function
ctdb-recovery-helper: Pass capabilities to database recovery functions
ctdb-recovery-helper: Rename pnn to dmaster in recdb_records()
ctdb-recovery-helper: Create accessors for recdb structure fields
ctdb-protocol: Add file IO functions for ctdb_rec_buffer
ctdb-recovery-helper: Re-factor function to retain records from recdb
ctdb-recovery-helper: Write recovery records to a recovery file
ctdb-protocol: Add srvid for messages during recovery
ctdb-protocol: Add new capability
ctdb-recovery-helper: Introduce pull database abstraction
ctdb-recovery-helper: Introduce push database abstraction
ctdb-tests: Add a test for recovery of large databases
ctdb-recovery-helper: Improve log message
ctdb-recovery-helper: Introduce new #define variable
ctdb-recovery: Update timeout and number of retries during recovery
ctdb-daemon: Reset push_started flag once DB_PUSH_CONFIRM is done
ctdb-protocol: Add srvid for assigning banning credits
ctdb-recoverd: Add message handler to assigning banning credits
ctdb-recovery-helper: Add banning to parallel recovery
lib/util: Avoid splitting tevent-unix-util as public library
ctdb-packaging: Remove tevent-unix-util public library
ctdb-recoverd: Avoid duplicate recoverd event in parallel recovery
ctdb-takeover: Do not kill smbd processes on releasing IP
ctdb-takeover: Inform clients when dropping all IP addresses
ctdb-protocol: Fix marshalling for GET_DB_SEQNUM control request
ctdb-recovery: Terminate if recovery fails without any banning credits
ctdb-recovery-helper: Add missing initialisation of ban_credits
ctdb-common: Add routines to manage PID file
provision: Update root DNS servers list
Anand Avati (1):
vfs_glusterfs: Implement proper mashalling/unmarshalling of ACLs
Andreas Schneider (142):
s3-winbind: Do not delete an existing valid credential cache.
s3-waf: Rename regedit to samba-regedit.
docs-xml: Remove obsolete swat manpage and references.
nsswitch: Add OPT_KRB5CCNAME to avoid an error message.
s3-libads: Print a message if no realm has been specified.
s3-winbind: Fix a segfault passing NULL to a fstring argument.
Followup patch for BUG: https://bugzilla.samba.org/show_bug.cgi?id=10082
s3-winbind: Don't set a default directory for DIR.
s3-winbind: Add support for the kernel krb5 keyring buffer.
doc: Update documentation of pam_winbind krb5 support.
idl: Add a new message for winbind domain states.
s3-winbind: Add functions for domain online/offline handling.
s3-winbind: Register handlers for domain online/offline messages.
s3-winbind: Send online/offline message of the domain to the parent.
vfs: Fix building the glusterfs module.
vfs: Fix some build warnings in glusterfs.
util: Remove 32bit macros breaking strict aliasing.
s3-lib: Add grpname to talloc_sub_specified().
s3-winbind: Pass the group name to fillup_pw_field().
s3-libsmb: Use the right macro to set uint16_t attr.
testsuit: Fix fprintf format.
s3-utils: Fix scanf format in smbacls.
s3-utils: Fix scanf format in sharesec.
s3-libsmb: Fix scanf format in parse_ace().
examples: Fix scanf format in perf_writer_disk.
s3-vfs: Remove unused variable in vfs_glusterfs.
s3-vfs: Make glfs_set_preopened() static.
s3-libnet: Use a const char for realm.
s3-lib: Fix %G substitution for domain users in smbd
lib: Fix strict-aliasing warning in md5 code.
s3-libads: Fix memory leaks in ads_build_path().
wbinfo: Fix a memory leak in wbinfo_ping_dc().
s3-passdb: Fix string duplication to pointers.
s3-vfs: Fix stream_depot vfs module on btrfs.
s3-spoolssd: Don't register spoolssd if epmd is not running.
buildtools: Rename perl vendorarch configure option.
buildtools: Add perl vendorlib configure option.
autobuild: Set perl vendorlib direcotry.
pidl-waf: Remove unused variable pidl_src.
pidl-waf: Install pidl modules to the perl vendorlib directory.
pidl-waf: Do not glob to install pidl modules.
pidl-waf: Add a function to check for a system perl module.
pidl-waf: Check for system perl(Parse::Yapp::Driver).
pidl-waf: Only install Yapp::Driver if it is not available.
s3-rpc_server: Fix handling of fragmented rpc requests.
wafsamba: If perl can't provide defaults, define them.
s4-dsdb: Fix a use after free segfault.
ldb: Add a env variable to disable RTLD_DEEPBIND.
selftest: Fix selftest where pid is used uninitialized.
lib: Add daemon_status() to util library.
nmbd: Send waiting status to systemd.
libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL.
nsswitch: Skip groups we were not able to map.
s3-libads: Improve service principle guessing.
s3-libads: Add a function to retrieve the SPNs of a computer account.
s3-libads: Add function to search for an element in an array.
s3-libnet: Add libnet_join_get_machine_spns().
s3-libads: Add all machine account principals to the keytab.
WHATSNEW: Add samba-regedit.
s3-smbclient: Return success if we listed the shares.
s3-smbstatus: Fix exit code of profile output.
s3-smbclient: Return success if we listed the shares.
s3-smbstatus: Fix exit code of profile output.
s3-lib: Do not require a password with --use-ccache.
s3-libsmb: Set the netbios_name in use_ccache case too.
s3-libsmb: Duplicate the memory before we free it.
s3-lib: Do not require a password with --use-ccache.
s3-libsmb: Set the netbios_name in use_ccache case too.
s3-libsmb: Duplicate the memory before we free it.
swrap: Fix type punning warnings.
swrap: Rename socket_wrapper_pcap_file().
swrap: Rename swrap_packet_init().
swrap: Rename swrap_marshall_packet().
swrap: Rename swrap_pcap_get_fd().
swrap: Rename swrap_pcap_dump_packet().
swrap: Use a sockaddr_un for the unix path in socket_info.
swrap: Use swrap_address in the socket_info struct.
swrap: Remove unused sockaddr_dup() function.
swrap: Use swrap_address in swrap_accept().
swrap: Wrap fopen to detect stale file descriptors.
swrap: Update copyright notice.
swrap: Fix whitespace errors.
swrap: Fix access to struct members in log messages.
swrap: Fix type punning warnings when loading functions.
swrap: Silence alignment warnings.
swrap: Include the function name in the debug output.
swrap: Implement fcntl() to catch F_DUPFD.
swrap: Add a trace message for swrap_socket().
swrap: Add support for eventfd with unsigned count variable.
swrap: Bump version to 1.1.2.
socket_wrapper: Add missing prototype check for eventfd.
nss_wrapper: check for nss.h
s3-util: Fix authentication with long hostnames.
s3-libads: Fix a possible segfault in kerberos_fetch_pac().
s3-util: Fix authentication with long hostnames.
lib/util: Avoid collision which alread defined consumer DEBUG macro.
s3-libads: Fix a possible segfault in kerberos_fetch_pac().
utils: Fix 'net time' segfault.
s3-pam_smbpass: Fix memory leak in pam_sm_authenticate().
utils: Fix 'net time' segfault.
s3-pam_smbpass: Fix memory leak in pam_sm_authenticate().
s3-netlogon: Make sure we do not deference a NULL pointer.
s3-netlogon: Make sure we do not deference a NULL pointer.
s3-netlogon: Make sure we do not deference a NULL pointer.
doc-xml: Add 'sharesec' reference to 'access based share enum'
doc-xml: Add 'sharesec' reference to 'access based share enum'
printing: rework nt_printer_guid_store to return errors
spoolss: retrieve published printer GUID if not in registry
talloc: Add a warning to talloc_reference() documentation.
printing: rework nt_printer_guid_store to return errors
spoolss: retrieve published printer GUID if not in registry
replace: Remove superfluous check for gcrypt header.
s4-process_model: Do not close random fds while forking.
s3-passdb: Fix 'force user' with winbind default domain
s4-process_model: Do not close random fds while forking.
s3-passdb: Fix 'force user' with winbind default domain
s3-smbd: Leave sys_disk_free() if dfree command is used
s3-auth: Fix a possible null pointer dereference
s3-auth: Fix 'map to guest = Bad Uid' support
s3-auth: Pass nt_username to check_account()
s3-auth: Fix a memory leak in make_server_info_info3()
pam_winbind: Fix a segfault if initialization fails
s3-smbd: Fix use after issue in smbd_smb2_request_dispatch()
nss_wins: Use lp_global_no_reinit()
s3-client: Add a KRB5 wrapper for smbspool
waf: Only build smb_krb5_wrapper if we have CUPS
s3-utils/smbget: Fix option parsing and apply samba defaults
docs: Add smbspool_krb5_wrapper manpage
docs: Add smbspool_krb5_wrapper manpage
s3-waf: Install smbspool_krb5_wrapper in LIBEXECDIR
s4-client: Fix cifsdd arg parsing for skip
docs: Add manpage for cifsdd
s3-net: Convert the key_name to UTF8 during migration
s3-smbspool: Log to stderr
libutil: Support systemd 230
s3-winbind: Fix memory leak with each cached credential login
ctdb-waf: Move ctdb tests to libexec directory
s3-util: Fix asking for username and password in smbget.
nsswitch: Add missing arguments to wins gethostbyname*
nsswitch: Also set h_errnop for nss_wins functions
s3-lib: Fix %G substitution in AD member environment
s3-utils: Fix loading smb.conf in smbcquotas
Andrew Bartlett (298):
Rework series file to be in directory order
Remove README.build and config.cache as it is not relevent with the waf build
changelog for AD DC package
Remove unused debian/clean file, not needed with waf build
update copyright file for full AD DC package
update libsmbclient.symbols for waf build
update libwbclient0.symbols for waf build
Update VERSION patch for new top level VERSION file
Remove autoconf.patch, this is not needed with waf
Remove autoconf-specific patch removing VFS examples build
Remove AI_ADDRCONFIG patch, already upstream
Remove autoconf-specific patch
Remove shadow_copy2 backport
Remove autoconf-specific undefined symbols patch
remove waf-as-source patch, as this is now upstream
Remove alternatives which are no longer required in a merged package
Remove Samba docs no longer published by the Samba Team
Remove patch to autoconf build system no longer in use
An smbtorture manpage is now provided
Remove patch for manpage not xml source. TODO: Merge upstream patch and backport to 4.0
Remove patches to html pages we no longer ship
TODO: Ensure upstream or against xml. Drop documentation patches against generated output or html docs no longer shipped
The remainder of the patch to merge with the samba4 package
TODO: Install smbget and findsmb with WAF build
sync .gitignore with samba4 package
Allow a fully empty libreplace by using the system getpass()
TODO: Upgrade script to move passdb.tdb and secrets.tdb from /var/lib/samba to /var/lib/samba/private
fix usershare patch for 4.0.3
Add Depends and Replaces to ease upgrades
clarify which package basis this is
make winbind replace winbind4 to permit upgrade
Update to Samba 4.0.5 release
Remove samba4-common-bin package and rename samba4 to samba-ad-dc
alternatives
make samba-ad-dc depend on samba
Remove socket options from default smb.conf
Remove printing configuration from default smb.conf page
drop message command from example smb.conf. Nobody uses this any more
Remove (really bad) suggestion to turn back on winbind enum groups/users
Remove confusing parameters in favour of the simple server role
server string is not critical enough to setting up a new server
name resolve order should not normally be changed
Explain that the Domain section only works for classic domain controllers
Drop auto-magic share for cdroms, CD-ROM drives are not special enough any more
Remove silly suggestion about optimising the smb.conf
Remove remainder of encrypted password support (smb.conf fragment already gone)
move vfs modules *back* to the libsmbd0 package, as they are needed by the library
put back --without-getpass-replacement to empty libreplace back out
Add back patch to remove testprns (was documentation2.patch)
Drop smbtar-bashism.patch
Restore smbtar to the package. Only findsmb is now missing.
Add Replaces and Breaks per http://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces
more TODOs
Try to ensure samba-docs is upgrade over by the other packages safely
Drop swat from the debian package
Update tevent requirement
update TODOs
Fix up missing new-line on python scripts until 4.0.7
match 3.6 package with recommends of libpam-winbind and libnss-winbind in winbind package
TODO: 3.6 branch changes have now been merged
move TDB files on upgrade
Update changelog with a more verbose description
Remove unused read of /etc/default/samba
Do not start smbd/nmbd/winbind when we are an AD DC
Add suggests of heimdal-clients to get kinit
Remove last TODO now we have startup handling and more in the changelog
move smbpasswd.8 samba.7 back to samba-common-bin to match 3.6
move idmap_*.8 manpages back to winbind package
Fix spelling in last changelog entry
unbreak after binutils update by fixing deps on samba4kgetcred
Update build-deps with autodep.py
s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in in unixdom_get_peer_addr()
dsdb-descriptor: Do not do a subtree search unless we have child entries
dsdb: Rework subtree_rename module to use recursive LDB_SCOPE_ONELEVEL searches
dsdb-ridalloc: Rework ridalloc to return error strings where RID allocation fails
selftest: Ensure the DC has started and and got a RID set before we proceed
dsdb: Add assert in drepl_take_FSMO_role
rpc_server-drsuapi: Improve comments and DEBUG lines
selftest: ensure samba4.rpc.samr.large-dc.two.samr.many is always tested
torture/drs: Expand an error message to aid debugging
dsdb: Prune deleted objects of links and extra attributes of replicated deletes
dsdb: Ensure we always force deleted objects back under the deleted objects DN
dsdb: Improve DRS deleted link source/target handing in repl_meta_data
dsdb tests: Add member/memberOf checking to delete_objects testing
dsdb: Include MS-ADTS doc references on deleted object contstraints
samba-tool dbcheck: Correctly remove deleted DNs in dbcheck
service_stream: Log if the connection termination is deferred or not (bug #9820)
s4-winbindd: Do not terminate a connection that is still pending (bug #9820)
Imported Upstream version 4.0.8
package Samba 4.0.8 security release
depend on libaio-dev to get vfs_linux_aio
scripting/join.py: Handle creating the dns-NAME account during a DC join
scripting/samba_upgradedns: Tighten up exception and attribute list handling
selftest: Test creation of the dns-SERVER account during selftest
selftest: Start internal DNS server on domain provisioned for BIND9_DLZ
selftest: Add a basic test of samba_upgradedns
torture: Ensure that GSSAPI and SPNEGO packets are accepted by dlz_bind9
Add missing dep on python-crypto needed by "samba-tool domain join subdomain"
python-samba-tool fsmo: Do not give an error on a successful role transfer
python/drs: Ensure to pass in the local invocationID during the domain join
dsdb-repl_meta_data: Check for a NULL invocationID and do not proceed
dsdb: Refuse to return an all-zero invocationID
dsdb-repl_meta_data: Do not re-delete the Deleted Objects DN during replication
dsdb-repl_meta_data: Make handling of Deleted Objects DN clearer in delete
dsdb: Use WERR_DS_ATT_NOT_DEF_IN_SCHEMA for failed schema lookups
Remove confusing TODO file
Remove NEWS file containing confusing information
smb.conf: Fill out the ntvfs handler smb.conf page from source4/NEWS
dsdb: Refuse to replicate an all-zero invocationID GUID in replPropertyMetaData
dbcheck: Look for and fix the all-zero invocationID in replPropertyMetaData
selftest: Add script to assist in writing out a tree undump.sh can restore
selftest: Only run referenceprovision and ldapcmp for the 4.0.0 test
selftest: Add release-4-1-0rc3 saved provision
selftst: add tests based on 4.1.0rc3 to check for zero invocationID in replPropertyMetaData
dbcheck: Ensure to always increase the error_count
pydsdb: Give KeyError when we fail a schema lookup in python
pydsdb: Raise a more useful exception when dsdb_wellknown_dn fails.
dbcheck: Add back the elements that were wrongly removed from CN=Deleted Objects
dsdb: Convert the full string from UTF16 to UTF8, including embedded NULLs
dfs_server: Use dsdb_search_one to catch 0 results as well as NO_SUCH_OBJECT errors
kdc: Add belts-and-braces check that we fail if the hdb version changes
CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes
CVE-2013-4496:samr: Remove ChangePasswordUser
CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340
CVE-2013-4496:s3-samr: Block attempts to crack passwords via repeated password changes
CVE-2013-4496:samr: Remove ChangePasswordUser
CVE-2013-4496:Revert remainder of ce895609b04380bfc41e4f8fddc84bd2f9324340
dsdb: Do checks for invalid renames in samldb, before repl_meta_data
winbindd: Ensure we do not look at rid_array before checking if it was returned
pam_smbpass: Wrap calls in talloc_stackframe() to avoid warnings about leaking memory
libsmbclient: Wrap more function calls in talloc_stackframe() to protect against talloc_tos() calls
libsmb: Provide a talloc_stackframe() to external users of libsmb_setget.c
dsdb: Provide a clearer error when we fail to store the sequence number in metadata.tdb
dsdb: Do not give an error is metadata.tdb does not yet exist
dsdb: Return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS rather than OPERATIONS_ERROR on EACCES and EPERM
s4-rpc_server/drsuapi: Print ldb error showing why we failed to perform the access check
passdb: Do not routinely clear the global memory returned by get_global_sam_sid()
ldb: Show the type of failing operation in default error message
ldb: Return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS rather than OPERATIONS_ERROR on EACCES and EPERM
ldb: pass module init errors back to the caller
ldb: make the successful ldb_transaction_start() message clearer
dsdb: Use dsdb_next_callback() rather than a no-op per-module callback
dsdb: Ensure to sort replPropertyMetaData as UNSIGNED, not SIGNED quantities
dsdb: Further assert that we always have an objectClass and an rDN
dsdb: Do not update notify_uSN until the transaction is genuinely committed to the DB
dsdb: Clarify how the DSDB_REPL_FLAG_PRIORITISE_INCOMING flag works
dsdb: Improve errors and checks for missing objectClass values
dsdb: Improve missing objectClass handling
dsdb: Do not store a struct ldb_dn in struct schema_data
dsdb: Do not refresh the schema using the wrong event context
dbcheck: Directly call dn.get_rdn_{val,name}() for clarity and consistency
build: Exclude source4/selftest/provisions/release-4-1-0rc3 from the tarball
dsdb: Make it harder to corrupt the database by requiring DBCHECK or RELAX for final object deletion
selftest: Add tests for dbcheck detection and removal of partial objects
dsdb: Add more tests for DN+String and DN+Binary comparisons
dsdb: Rename private_data to rootdse_private_data in rootdse
dsdb: Do not permit nested event loops when in a transaction, use a nested event context
dsdb: Add DSDB_SEARCH_ONE_ONLY support to dsdb_module_search*()
dsdb: Specify no event context to smb_krb5_init_context() in dsdb
kerberos: Remove un-used event context argument from smb_krb5_init_context()
dbcheck: Ensure dbcheck can operate with --attrs set
dsdb: Set syntax of userParameters to binary string, not unicode string
dsdb: Always store and return the userParameters as a array of LE 16-bit values
dbcheck: Add check and test for various invalid userParameters values
torture-dns: Add test for dlz_bind9 lookups
WHATSNEW: Add more features for Samba 4.2
docs: Always declare rule to build parameters.all.xml and do it first
s3-winbindd: Allow winbindd to connect over SMB2 to servers
credentials: Set secure_channel_type from secrets.tdb in cli_credentials_set_machine_account
credentials: Improve error message on failure to set machine account password
credentials: Allow the secret.tdb handle to be passed in to cli_credentials_set_machine_account()
auth/credentials: Ensure that we set the realm when reading secrets.tdb
passdb: Use common code in cli_credentials_set_machine_account_db_ctx()
CVE-2014-8143:auth: Force talloc type of session_info pointer to match
CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag
CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.c
CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl
CVE-2014-8143:auth: Force talloc type of session_info pointer to match
CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag
CVE-2014-8143:dsdb: Allow use of dsdb_autotransaction_request outside util.c
CVE-2014-8143:dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl
ldb: bump to version 1.1.19
debug: Set close-on-exec for the main log file FD
debug: Set close-on-exec for the main log file FD
torture-backupkey: Add consistent assertions that createRestoreGUIDStruct() suceeds
torture-backupkey: Assert dcerpc_bkrp_BackupKey_r call was successful
backupkey: Move SID comparison to inside get_and_verify_access_check()
backupkey: Improve function names and comments for clarity
backupkey: Implement ServerWrap Encrypt protocol
backupkey: Use the name lsa_secret rather than just secret
backupkey: Improve variable names to make clear this is client-provided data
backupkey: Handle more clearly the case where we find the secret, but it has no value
backupkey: Implement ServerWrap Decrypt
backupkey: Change expected error codes to match Windows 2008R2 and Windows 2012R2
backupkey: Add tests for ServerWrap protocol
backupkey: Better handling for different wrap version headers
torture-backupkey: Add tests that read the secret from the server, and validate
backupkey: Explain more why we use GnuTLS here
token_group: Use samba.tests.subunitrun.
lib/tls: Fix behaviour of --disable-gnutls and remove link to gcrypt
backupkey: Explicitly link to gnutls and gcrypt
backupkey: Use ndr_pull_struct_blob_all()
docs: Change smb encrypt default in docs to match s3 and lib/param
python:samba/upgrade.py Fix format string syntax in error condition
Revert "dsdb: Only parse SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL as a DN"
Revert "ldb-samba: Implement transitive extended matching"
python: Use an unsigned integer for buf_size, not -1
pidl: Change PIDL to correctly use and validate python integer types
python/tests: Add tests for integer overflow handling
pydsdb: Allow the full range of uint32_t values for attributeID
pidl: Assert that python arrays will not overflow the C array
dbcheck: Add explict tests for unknown and unsorted attributeID values
dbcheck: Add additional tests for the attributeID list
dbcheck: Try to avoid duplicate searches
dbcheck: Use set() operations to make dbcheck more efficient
Update release-4-1-0rc3 to include data using schema modifications
selftest: Add in steps to re-create this database
selftest: Add assertion that we actually fix the replPropertyMetaData sort order
pidl/python: Calculate maximum integer values using a lookup table
pidl/python: Provide static inline helper function ndr_PyLong_FromUnsignedLongLong
python/tests: Add tests for 64 bit signed integers
python/tests: Add more assertions that we get back the value we expect
CVE-2015-8467: samdb: Match MS15-096 behaviour for userAccountControl
pyldb: Free correct context when pyldb_Object_AsDn() fails
dsdb/repl: Ensure we use the LOCAL attid value, not the remote one
smbd: Only check dev/inode in open_directory, not the full stat()
pyldb: Add warning about pyldb_MessageElement_AsMessageElement()
pydsdb: Fix returning of ldb.MessageElement.
pyrpc: Add warning about abuse of py_return_ndr_struct()
talloc: Improve testsuite by avoiding path issues
talloc: add _pytalloc_get_ptr/_pytalloc_get_mem_ctx helper functions
pytalloc: Add new BaseObject
talloc: Bump version number
pyrpc: Clarify failure mode after pytalloc_reference_ex() improvements
pidl: Fix our python reference handling
pidl: Use the $mem_ctx helper variable
pidl: Use a tmp_ctx helper variable
repl_meta_data: Correctly use msDS-IntId for custom schema, not the prefixMap value
rpc_server/drsuapi: Block replication of incorrect/duplicate attrid in replPropertMetaData
selftest: Update release-4-1-0rc3 with more test records
dbcheck: Fix incorrect/duplicate attrid in replPropertMetaData
dbcheck: Avoid spurious warnings in dbcheck due to objectclass sorting
pycredentials: Do not use pytalloc_Object directly
pycredentials: Remove PyCredentialCacheContainerObject
pypassdb: Do not use pytalloc_Object directly
pyparam: Do not use pytalloc_Object directly
pytalloc: Add pytalloc_BaseObject_PyType_Ready() wrapper
pycredentials: Use pytalloc_BaseObject_PyType_Ready()
py_passdb: Use pytalloc_BaseObject_PyType_Ready()
pyparam: Use pytalloc_BaseObject_PyType_Ready()
pygensec: Use pytalloc_steal() in gensec_start_{client,server}()
pygensec: Use pytalloc_BaseObject_PyType_Ready()
pyauth: Use pytalloc_BaseObject_PyType_Ready()
pyregistry: Use pytalloc_BaseObject_PyType_Ready()
pysmb: Use pytalloc_get_ptr()
pysmb: Use pytalloc_get_mem_ctx()
pysmb: Rework py_smb_new() to use pytalloc_steal()
pysmb: Do not use pytalloc_Object directly
pysmb: Use pytalloc_BaseObject_PyType_Ready()
selftest: Allow 4 hours for the test to run (ouch!)
dbcheck: Check for and remove duplicate values in attributes
pytalloc: Correct description of pytalloc_Get{Base,}ObjectType behaviour
selftest: Avoid sorting issues on Ubuntu 10.04 vs 14.04
Imported Upstream version 4.4.0
Imported Upstream version 4.3.6
Imported Upstream version 4.3.6
Imported Upstream version 4.3.6+dfsg
Add patches from Samba bug #11789 to work with talloc 2.1.6
Add bug number for samba/talloc breakage and fix
Imported Upstream version 4.3.7+dfsg
Merge tag 'upstream/4.3.7+dfsg'
Imported Upstream version 4.4.0+dfsg
start packaging 4.4 by reverting sure-to-conflict talloc-2.1.6 patch
Change upstream branch to upstream_4.4
Imported Upstream version 4.4.0+dfsg
Updated version 4.4.0+dfsg from 'upstream/4.4.0+dfsg'
Package Samba 4.4.0
Added myself as an uploader
Release to experimental
Imported Upstream version 4.4.1+dfsg
SECURITY: Samba 4.4.1 release
Imported Upstream version 4.4.1+dfsg
Updated version 4.4.1+dfsg from 'upstream/4.4.1+dfsg'
Add regression patch for Joining a 2003 domain as a domain member
NEWS file for big security release
Release 2:4.4.1+dfsg-1 to experimental
SECURITY: Samba 4.3.7 release
NEWS for big security patch
Added myself as an uploader
Add regression patch for Joining a 2003 domain as a domain member
Release 2:4.3.7+dfsg-1 to unstable
selftest: Add a DNS test matching Windows
build: Build less of Samba when building --without-ntvfs-fileserver
build: Always build eventlog6. This is not a duplicate of eventlog
param: Correct the defaults for "dcerpc endpoint services"
ldb-samba: Add "secret" as a value to hide in LDIF files
dsdb: Allow missing a mandatory attribute from a dbcheck fix
dbcheck: Abandon dbcheck if we get an error during a transaction
Anoop C S (5):
lib/socket: Fix improper use of default interface speed
packaging: Remove ulimit usage for setting core file size limit
packaging: Set default limit for core file size in init scripts
packaging: Set default limit for core file size in service files
vfs_glusterfs: Fix a memory leak in connect path
Anubhav Rakshit (2):
s3:libsmb: Fix a bug in conversion of ea list to ea array.
torture:smb2: Add test replay6 to verify Error Codes for DurableHandleReqV2 replay
Arvid Requate (17):
spoolss: accept XPS_PASS datatype used by Windows 8
s4:samdb: respect SEARCH_FLAG_PRESERVEONDELETE
passdb: fix NT_STATUS_NO_SUCH_GROUP
s4-backupkey: Ensure RSA modulus is 2048 bits
s4-backupkey: Cert lifetime of 365 days, not secs
s4-backupkey: check for talloc failure
s4-backupkey: de-duplicate error handling
s4-backupkey: Set defined cert serialnumber
s4-backupkey: Comply with [MS-BKRP] 2.2.1
s4-backupkey: Initialize ndr->switchlist for print
s4-backupkey: fix ndr_pull error on empty input
s4-backupkey: IDL for ServerWrap subprotocol
s4-backupkey: typo fix
s4-backupkey: improve variable name
s4-backupkey: consistent naming of werr variable
s4:torture/rpc/backupkey: Require 2048 bit RSA key
s4:rpc_server/netlogon: Fix for NetApp
Aurelien Aptel (1):
s3/passdb/py_passdb.c: free frame before returning
Benjamin Franzke (10):
s4:torture/cldap: Fix a typo
s4:cldap_server: Move netlogon parsing into utility function
provision: Fix string replacement ordering
s4:dsdb/rootdse: Pass rootdse context to rootdse_add_dynamic
s4:dsdb/rootdse: Support netlogon request
s4:cldap_server: Do not handle netlogon ourself anymore
s4:dsdb: Move cldap netlogon functions into samdb/ldb_modules
libcli/cldap: Add utility to create netlogon filter
s4:torture/ldap: Add test for netlogon over tcp
s4:torture/netlogon: Test netlogon with additional attrs
Berend De Schouwer (1):
docs: Add example for domain logins to smbspool man page.
Björn Baumbach (19):
s3-lib: fix segf while reading incomplete session info (bug #10003)
s3-smbstatus: display [u|g]id of -1 as "-1" in connection list
CVE-2013-4476: lib-util: add file_check_permissions()
CVE-2013-4476: lib-util: split out file_save_mode() from file_save()
CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700
CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600
CVE-2013-4476: s4:libtls: check for safe permissions of tls private key file (key.pem)
s3-nmbd: reset debug settings after reading config file (bug #10239)
s3-lib/util: fix read across end of namelist string
lib-util: rename memdup to smb_memdup and fix all callers (bug #10556)
provision/sambadns: remove redundant site parameter
samba-tool: add --site parameter to provision command (bug #10674)
s3: enforce a positive allocation_file_size for non-empty files (bug #10543)
build: do not install texpect binary anymore.
ctdb-build: fix build without xsltproc
configure: add --with-gpfs option for selecting directory with gpfs headers
build: fix build with gpfs support - add missing dependency to samba-debug
s3:wscript: fix indentation
s3-printing: fix migrate printer code (bug 8618)
Björn Jacke (8):
xattr: fix listing EAs on *BSD for non-root users
net/doc: make clear that net vampire is for NT4 domains only
docs: mention incompatibility between kernel oplocks and streams_xattr
nss_winbind: add getgroupmembership for FreeBSD
nss_winbind: add getgroupmembership for FreeBSD
build: use as-needed linker flag also on OpenBSD
nss_winbind: fix hang on Solaris on big groups
tls: increase Diffie-Hellman group size to 2048 bits
Chris Davis (44):
regedit: silence some warnings
regedit: add white on blue color scheme
regedit: add padding for key labels when there's not a prefix.
regedit: add borders around key and value lists, and change headings
regedit: free value list subwindow
regedit: sort keys
regedit: add a color scheme for path and context help sections
regedit: add search feature.
regedit: add multicolumn list widget
regedit: make value list display data in multiple columns
regedit: restore list cursor when window is resized
regedit: use talloc typesafety features
regedit: handle awkward window sizes better
regedit: notify user if there's a failure loading subkeys
regedit: include error description in popups
regedit: don't fail loading keys if just a few are unavailable
regedit: set cursor to the parent node when ascending
regedit: set cursor after creating a new key
regedit: reopen parent keys when adding or removing subkeys
regedit: reopen key after editing or removing values
regedit: add a refresh command to clear cache and reload current path
regedit: make all hives descend from a root node
regedit: add a panic handler to restore terminal
regedit: simplify cleanup after loading children
regedit: add padding to fit REG_MULTI_SZ to the text field
regedit: improvements for hexedit
regedit: Introduce a new API to build the dialogs.
regedit: move cursor to edited value in list and report edit errors
regedit: use the right function to reopen a hive
regedit: clear value list after creating new key
regedit: use pad as a canvas for dialogs
regedit: don't use subwindows in hexedit
regedit: flesh out search dialog and simplify search opts
regedit: search values and repeat search from cursor positions
regedit: find previous items
regedit: adjust some variable names to make them more distinct
regedit: handle DEL key in text fields
regedit: don't expand single line text field buffer with cursor movement
regedit: add a number input box
regedit: add a button to resize hexedit buffer
regedit: grow hexedit buffer as the user types
regedit: handle del and backspace in hexeditor
regedit: handle pgup/pgdn/home/end keys on lists
regedit: print error msg if opening registry fails
Christian Ambach (58):
s3:lib/system fix build on AIX 7
waf: fix build on AIX7
waf: add --without-gettext option
waf: consolidate libintl related checks
waf: replace dependency to libintl with samba_intl
lib/util: use proper include for struct stat
s3:winbindd fix use of uninitialized variables
waf:lib/replace correct detection of libiconv
waf:lib/replace fix up libintl related checks
waf:lib/replace change detection of gettext
waf:lib/replace fix gettext detection
waf:lib/replace gettext configure checks
waf:lib/replace fix iconv checks on HP/UX
heimdal_build: only enable libintl functions if everything was found
waf: improve iconv checks
s4:dsdb fix compiler warnings
s4:dsdb fix compiler warnings
s4:dsdb fix compiler warnings
lib/ldb fix compiler warnings
lib/ldb fix compiler warnings
s3:registry/regfio read SD from the correct location
s3:registry/regfio fix some valgrind warnings
s3:utils/profiles fix a use after free
s3:registry/regfio read SD from the correct location
s3:registry/regfio fix some valgrind warnings
s3:utils/profiles fix a use after free
s3:param/loadparm fix testparm --show-all-parameters
s3:smbd/oplock obey kernel oplock setting when releasing oplocks
s3:utils/smbget fix recursive download
s3-utils/smbget: Fix reading the rcfile
s3-utils/smbget: Fix user-/name password reading from rcfile
s3-utils/smbget: Update manpages for parameter changes
WHATSNEW: update with latest parameter updates for smbget
s3:utils/smbget add a error message on allocation error
s3:utils/smbget set default blocksize
s3:utils/smbget another int -> bool conversion
s3:utils/smbget abort recursive download on error
s3:utils/smbget improve check of write() result
s3:utils/smbget remove -P option
s3:utils/smbget update manpage with -P option removal
WHATSNEW: document removal of -P in smbget
s3:utils/smbget fix option parsing
selftest: Reduce code duplication
selftest: add a helper for the smbget binary
selftest: Add a blackbox test for smbget
s4:torture/ntlmssp fix a compiler warning
s4:torture/ntlmssp fix a compiler warning
s3:smbd/service disable case-sensitivity for SMB2/3 connections
s3:smbd/service apply some code formatting
s3:smbd/filename remove smelly code
s3:libsmb/clifile use correct value for MaxParameterCount for setting EAs
s3:rpcclient make --pw-nt-hash option work
s3:selftest add a test for rpcclient --pw-nt-hash option
s4:param add log_level function to retrieve log level in Python code
tests/param add a test for LoadParm.log_level
python/drs_utils: do not attempt to parse log level, use parsed value
python/join: do not attempt to parse log level, use parsed value
s4:samba_spnupdate: do not attempt to parse log level, use parsed value
Christian PERRIER (16):
Remove all mention of "Samba 4" and "experimental version of Samba" in packages' description. Samba version 4 is now production-ready.
* Swedish (Martin Bagge / brother). Closes: #727186
Hebrew (Omer Zak).
Japanese (Kenshi Muto). Closes: #727218
Indonesian (Al Qalit). Closes: #727543
Russian (Yuri Kozlov). Closes: #727612
Esperanto (Felipe Castro). Closes: #727619
Polish (Michał Kułach). Closes: #727646
Danish (Joe Hansen). Closes: #727764
Czech (Miroslav Kure). Closes: #728100
Merge branch 'master' of git://git.debian.org/git/pkg-samba/samba
Basque (Iñaki Larrañaga Murgoitio). Closes: #728315
Thai (Theppitak Karoonboonyanan). Closes: #728525
Norwegian Bokmål (Bjørn Steensrud). Closes: #729070
German (Holger Wansing). Closes: #729210
Spanish translation update
Christian Perrier (28):
Fix templates files names in POTFILES.in
Regenerate all PO files
Merge translations from samba 3.x packages
Move libnss_winbind.so.2 and libnss_wins.so.2 to /lib as in 3.6.*
Use appropriate package version number. Next upload is likely to not
Use the same set of configure arguments than 3.6.15 (except those eventually specific to version 4 and above)
Drop --cache-file, unsupported in waf builds
Drop --with-fhs, unsupported in waf builds
Drop --enable-static, unsupported in waf builds
Turn --with-rootsbindir into --sbindir
Reduced set of configure flags, after testing them one by one and removing the unsupported ones
Add libctdb-dev to build dependencies as we're building with cluster support just like 3.6 packages
Drop removal of usr/share/perl5/Parse/Yapp/Driver.pm
Re-add --prefix=/usr which seems to be needed in order to avoid stuff in /usr/local
Drop --sbindir that seems to be a bad idea to replace --with-rootsbindir
Move libsmbclient manpage to the package and out of samba-doc. Also use dh_installman instead of dh_install to install it
Drop trailing slash in Homepage that was triggering a useless diff wrt 3.6 packages
Enforce include directory to /usr/include instead of /usr/include/samba-4.0 that is enforced by --enable-fhs
Revert "Enforce include directory to /usr/include instead of /usr/include/samba-4.0 that is enforced by --enable-fhs"
Move manpages to packages they belong to (manpages should rather be included with the binaries they document)
Add samba-tools to binary packages (similar to the one in 3.x series)
Drop samba-tools
Install multiarchified VFS modules in the samba package
Re-introduce mksmbpasswd for compatibility with 3.* packages
Use right path for VFS module files
Include mksmbpasswd in samba, really
French updated (Christian Perrier).
Mark one debconf string as non-translatable
Christof Schmitt (31):
s3:smb2_find: Return that timestamps do not exist as directories
s3-aio: Use correct locking context for SMB2
s3: Return correct error code from SMB2 AIO read failure
selftest: Introduce share for testing AIO
selftest: Run smb2.lock tests also against AIO share
selftest: Remove samba3.smb2.lock.*.rw-exclusive from flapping file
FSCTL_GET_SHADOW_COPY_DATA: Initialize output array to zero
FSCTL_GET_SHADOW_COPY_DATA: Don't return 4 extra bytes at end
s3-winbindd: Use correct realm for trusted domains in idmap child
idmap_rfc2307: Fix a crash after connection problem to DC
s3: Move init_lsa_ref_domain_list to lib
s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call
idmap_rfc2307: Fix a crash after connection problem to DC
winbind: Retry LogonControl RPC in ping-dc after session expiration
winbind: Retry after SESSION_EXPIRED error in ping-dc
winbind: Retry LogonControl RPC in ping-dc after session expiration
winbind: Retry after SESSION_EXPIRED error in ping-dc
gencache: Convert gencache_notrans to use tdb_wrap
gencache: Convert gencache.tdb to tdb_wrap
gencache: Request mutexes for gencache_notrans.tdb
samba3.py: Correctly initialize cache directory for passdb test
brlock: Use 0 instead of empty initializer list
idmap_rfc2307: Fix wbinfo --gid-to-sid query
nsswitch: Extend idmap_rfc2307 testcase for reverse lookup
winbindd: Reset connection for expired session before reconnecting
winbindd: Add retry also for ADS method calls
winbindd: Remove double retry from some ADS methods
winbindd: Retry on expired session in cm_connect_lsa
winbindd: Retry on expired session in cm_connect_sam
winbindd: Retry on expired session in cm_connect_netlogon
Revert "winbind: Retry after SESSION_EXPIRED error in ping-dc"
Christopher R. Hertel (3):
vfs_glusterfs: Fix excessive debug output from vfs_gluster_open().
vfs_glusterfs: Comment the top of the file.
vfs_glusterfs: smb_stat_ex_from_stat commenting and cleanup.
Daniel A (1):
add gpgme support (Closes: #850908)
Daniel Kobras (1):
sys_poll_intr: fix timeout arithmetic
Daniel Liberman (2):
Fix bug 10162 - POSIX ACL mapping failing when setting DENY ACE's from Windows.
s3: ldap client can return NT_STATUS_OK when an error occurs in a paged search.
David Disseldorp (72):
spoolss: return the spoolss job ID in notifications
printing: always store sytem job-ID in queue state
torture: add zero length FSCTL_SRV_COPYCHUNK test
smbd/smb2_ioctl: fail zero length copy chunk requests
vfs_btrfs: pass-through copy-chunk(len=0) requests
rpc_client: retry open on STATUS_PIPE_NOT_AVAILABLE
doc: add "spoolss: architecture" parameter usage
rpcclient: append a trailing slash to FSRVP request UNCs
rpcclient: abort shadow-copy set on commit failure
byteorder: do not assume PowerPC is big-endian
printing: fix purge of all print jobs
printing: traverse_read the printer list for share updates
printing: only reload printer shares on client enum
printing: reload printer_list.tdb from in memory list
printing: remove pcap_cache_add()
printing: return last change time with pcap_cache_loaded()
smbd: only reprocess printer_list.tdb if it changed
server: remove duplicate snum_is_shared_printer()
smbd: split printer reload processing
printing: reload printer shares on OpenPrinter
dosmode: fix FSCTL_SET_SPARSE request validation
spoolss: fix handling of bad EnumJobs levels
WHATSNEW: Mention smbclient archival improvements
spoolss: fix handling of bad EnumJobs levels
printing: add jobid_to_sysjob helper function
spoolss: fix GetJob jobid lookups
spoolss: fix jobid in level 1 GetJob and EnumJobs responses
spoolss: fix jobid in level 2 GetJob and EnumJobs responses
spoolss: fix jobid in level 3 EnumJobs response
spoolss: remove unused fill_job_info3()
printing: add jobid_to_sysjob helper function
spoolss: fix GetJob jobid lookups
spoolss: fix jobid in level 1 GetJob and EnumJobs responses
spoolss: fix jobid in level 2 GetJob and EnumJobs responses
spoolss: fix jobid in level 3 EnumJobs response
spoolss: remove unused fill_job_info3()
account_pol: don't leak state_path onto talloc tos
pdb_tdb: don't leak state_path onto talloc tos
spoolss: clear JobInfo on GetJob error
spoolss: clear DriverInfo on GetPrinterDriver2 error
spoolss: clear FormInfo on GetForm error
spoolss: clear info on GetPrintProcessorDirectory error
spoolss: clear info on GetPrinterDriverDirectory error
spoolss: clear PrinterInfo on GetPrinter error
spoolss: clear JobInfo on GetJob error
spoolss: clear DriverInfo on GetPrinterDriver2 error
spoolss: clear FormInfo on GetForm error
spoolss: clear info on GetPrintProcessorDirectory error
spoolss: clear info on GetPrinterDriverDirectory error
spoolss: clear PrinterInfo on GetPrinter error
libsmb: reuse connections derived from DFS referrals
libsmb: provide authinfo domain for DFS referral auth
libsmb: provide authinfo domain for encrypted session referrals
vfs_snapper: free dbus req messages in error paths
vfs_snapper: add DBus string encoding and decoding helpers
vfs_snapper: encode and decode Snapper DBus strings
libsmb: reuse connections derived from DFS referrals
libsmb: provide authinfo domain for DFS referral auth
libsmb: provide authinfo domain for encrypted session referrals
printing/cups: pack requested-attributes with IPP_TAG_KEYWORD
printing/cups: pack requested-attributes with IPP_TAG_KEYWORD
tevent: version 0.9.24
printing: split out printer DN and GUID retrieval
printing: add nt_printer_guid_retrieve() helper
docs/idmap_rid: remove deprecated base_rid from example
printing: split out printer DN and GUID retrieval
printing: add nt_printer_guid_retrieve() helper
docs/idmap_rid: remove deprecated base_rid from example
spoolss: purge the printer name cache on name change
WHATSNEW: mention improved sparse file support
smbd/ioctl: match WS2016 ReFS get compression behaviour
torture/ioctl: test compression responses when unsupported
David Holder (3):
Add IPv6 support to ADS client side LDAP connects. Corrected format for IPv6 LDAP URI.
Add IPv6 support for determining FQDN during ADS join.
s3: IPv6 enabled DNS connections for ADS client
Douglas Bagnall (21):
WHATSNEW: add a section about samba_kcc
WHATSNEW: a note about TLS protocol support
CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal()
CVE-2015-5330: ldb_dn_escape_value: use known string length, not strlen()
CVE-2015-5330: Fix handling of unicode near string endings
CVE-2015-5330: strupper_talloc_n_handle(): properly count characters
CVE-2015-5330: next_codepoint_handle_ext: don't short-circuit UTF16 low bytes
CVE-2015-5330: ldb_dn_explode: copy strings by length, not terminators
pycredentials: add get_kerberos_state() method
auth: increase resolution for password grace period calculation
password_lockout tests: add assertLoginFailure()
auth: keep track of lastLogon and lastLogonTimestamp
password_lockout: test creds.get_kerberos_state()
configure: set HAVE___ATTRIBUTE__ for heimdal
util/attr.h: use HAVE___ATTRIBUTE__, not __GNUC__ comparisons
libreplace: use HAVE___ATTRIBUTE__ instead of __GNUC__
tevent.h: use HAVE___ATTRIBUTE__ instead of __GNUC__
s3/modules/getdate: use HAVE___ATTRIBUTE__ instead of __GNUC__
mdssvc/sparql_parser.c: use HAVE___ATTRIBUTE__ instead of __GNUC__
s4/lib/wmi_wrap: use HAVE___ATTRIBUTE__ instead of __GNUC__
third_party/zlib/zlib.h: use HAVE___ATTRIBUTE__ instead of __GNUC__
Evangelos Foutras (1):
s4:lib/tls: fix build with gnutls 3.4
Felix Botner (1):
samba-tool dbcheck: handle missing objectClass
Garming Sam (50):
dfs: always call create_conn_struct with root privileges
provision: Fix failures on re-provision incorrectly blamed on posix acl support.
provision: improve error message when connecting to samdb without the correct permissions
pysmbd: improve the return of error codes in the python smbd bindings
provision: capture slightly less generic exceptions during the test for acls
docs: update XInclude year to conform with current standard
docs: remove the file prefix from included path names
docs: define and include entities for the docs
param: fix testparm to show hidden share defaults
idmap: unify passdb *id_to_sid methods
idmap: return the correct id type to *id_to_sid methods
pdb: Increase version number to fix ABI
pdb: fix build issues with shared modules
dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptable
dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptable
dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptable
backupkey: begin by factoring out the server wrap functions
backupkey: Improve IDL
build: Require GnuTLS if building with Active Directory
backupkey: replace heimdal rsa key generation with GnuTLS
torture-backupkey: Check the dcerpc call return code before calling ndr pull
CVE-2016-0771: tests/dns: Modify dns tests to match new IDL
CVE-2016-0771: tests/dns: prepare script for further testing
CVE-2016-0771: tests/dns: FORMERR can simply timeout against Windows
CVE-2016-0771: tests/dns: Add a comment regarding odd Windows behaviour
CVE-2016-0771: tests/dns: restore formerly segfaulting test
CVE-2016-0771: tests/dns: Correct error code for formerly unrun test
CVE-2016-0771: tests/dns: Add some more test cases for TXT records
CVE-2016-0771: tests/dns: modify tests to check via RPC
CVE-2016-0771: dnsserver: don't force UTF-8 for TXT
CVE-2016-0771: tests/dns: RPC => DNS roundtrip test
CVE-2016-0771: tests: rename test getopt to get_opt
CVE-2016-0771: tests/dns: change samba.tests.dns from being a unittest
CVE-2016-0771: tests/dns: Remove dependencies on env variables
CVE-2016-0771: tests/dns: Modify dns tests to match new IDL
CVE-2016-0771: tests/dns: prepare script for further testing
CVE-2016-0771: tests/dns: FORMERR can simply timeout against Windows
CVE-2016-0771: tests/dns: Add a comment regarding odd Windows behaviour
CVE-2016-0771: tests/dns: restore formerly segfaulting test
CVE-2016-0771: tests/dns: Correct error code for formerly unrun test
CVE-2016-0771: tests/dns: Add some more test cases for TXT records
CVE-2016-0771: tests/dns: modify tests to check via RPC
CVE-2016-0771: dnsserver: don't force UTF-8 for TXT
CVE-2016-0771: tests/dns: RPC => DNS roundtrip test
CVE-2016-0771: tests: rename test getopt to get_opt
CVE-2016-0771: tests/dns: change samba.tests.dns from being a unittest
CVE-2016-0771: tests/dns: Remove dependencies on env variables
build: mark explicit dependencies on pytalloc-util
autobuild: Return the last 50 log lines
autobuild: fix typo in autobuild success subject line
Gregor Beck (15):
security.idl: add new security_secinfo bits
Fix bug 9678 - Windows 8 Roaming profiles fail
s3:winbindd: fix _wbint_LookupSids() on error
s3:winbindd: avoid directly asking a trusted domain in wb_lookupsids*()
s3:rpc_server: minor refactoring of process_request_pdu()
s3:libsmb: pass creation or birth time in cli_qpathinfo_basic()
s3:libsmb: add function cli_qpathinfo_standard()
s3:libsmb: add function cli_qpathinfo3()
s3:libsmb: SMBC_getatr try pathinfo2 only once
s3:libsmb: SMBC_getatr do not let ino undefined on success
s3:libsmb: SMBC_getatr use pathinfo3 for second try
client: remove a write only variable
s3:libsmb: cli_qpathinfo3 use cli_qpathinfo2 for smb2
client: use cli_qpathinfo3 for allinfo
s3:libsmb: SMBC_getatr() if no method worked, try all methods again on next attempt
Guenter Kukkukk (6):
samba-tool: Fix enum values in dns.py
samba-tool: Fix the IP output of "samba-tool dns serverinfo <some_server>"
s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses
samba-tool: Fix enum values in dns.py
samba-tool: Fix the IP output of "samba-tool dns serverinfo <some_server>"
s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses
Gustavo Zacarias (1):
smbreadline: switch to new-style readline typedef
Günther Deschner (176):
wbinfo: allow to define a custom krb5ccname for kerberized pam auth.
s3-winbindd: support the DIR pragma for raw kerberos user pam authentication.
pam_winbind: update documentation for "DIR" krb5ccname pragma.
s3-libads: Fail create_local_private_krb5_conf_for_domain() if parameters missing.
s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat().
s3-winbindd: remove pointless variable assigment, see the strdup below.
s3-winbindd: Fix memory leak in ads_cached_connection().
s3-winbindd: Fix winbind on DC crash with trusted AD domains.
s3-winbindd: use find_domain_from_name() instead of find_domain_from_name_no_init().
s3-winbindd: make sure also the idmap code can deal with trusted domains.
s3-winbindd: use get_trust_pw_clear() wrapper for AD connection code.
s3-winbindd: remove unneded include of secrets.h from idmap_ad.c
docs: point out side-effects of global "valid users" setting.
s3-winbindd: Fix #10264, cache_traverse_validate_fn failure for NDR cache entries.
s3-libnetjoin: Fix Bug #10262: use upper-case realm when composing default upn.
docs: remove duplicate word "the" in idmap_ad manpage.
docs: remove duplicate word "name" in nmblookup manpage.
docs: remove duplicate word "name" in nmblookup4 manpage.
docs: remove duplicate arguments listing in regdiff manpage.
docs: remove duplicate word "the" in winbindd manpage.
docs: remove duplicate mention of "smbtorture" in smbtorture manpage.
docs: remove duplicate mention of "ntdbtool" in ntdbtool manpage.
docs: remove duplicate mention of "smbta-util" in smbta-util manpage.
docs: remove duplicate word "trust" from net manpage.
docs: remove duplicate word "the" from net manpage.
docs: mention more options in winbindd manpage.
docs: mention --no-process-group in winbindd manpage.
docs: mention --dc-info in wbinfo manpage.
docs: mention --krb5ccname option in wbinfo manpage.
docs: mention logoff options in wbinfo manpage.
docs: mention --lookup-sids in wbinfo manpage.
docs: mention --pam-logon in wbinfo manpage.
docs: mention --remove-gid-mapping/--remove-uid-mapping in wbinfo manpage.
docs: mention --set-gid-mapping/--set-uid-mapping in wbinfo manpage.
docs: mention --sequence in wbinfo manpage.
docs: mention --sids-to-unix-ids in wbinfo manpage.
docs: remove unsupported options from nmbd manpage.
docs: mention --daemon in nmbd manpage.
docs: mention --foreground in nmbd manpage.
docs: mention --hosts in nmbd manpage.
docs: mention --interactive in nmbd manpage.
docs: mention --log-stdout in nmbd manpage.
docs: mention --no-process-group in nmbd manpage.
docs: mention --port in nmbd manpage.
docs: remove unsupported options from smbd manpage.
docs: mention many more options in smbd options.
docs: mention --numeric in smbstatus manpage.
docs: mention -R|--profile-rates in smbstatus manpage.
docs: mention -S|--setsddl in sharesec manpage.
docs: mention -V|--viewsddl in sharesec manpage.
docs: mention -p in dbwrap-tool manpage.
docs: bring samba entity popt.common.credentials in line with popt_common_credentials.
docs: remove now duplicate mention for 4 credential options in samba-regedit manpage.
docs: add missing &popt.common.samba entity to smbcontrol manpage.
docs: add missing &popt.common.connection entity to smbcacls manpage.
docs: remove more duplicate options from samba-regedit manpage.
docs: add new popt.autohelp entity.
docs: mention --change-sid|--new-sid in profiles manpage.
docs: use popt.samba.common entity in profiles manpage.
docs: use popt.autohelp in smbtree manpage.
docs: mention --update and --encrypt in smbget manpage.
docs: mention more long option names in smbcquotas manpage.
docs: mention -B|--browse to smbclient manpage.
docs: better document -e|--encrypt option globally.
docs: use popt.autohelp and remove duplicate -e option from smbclient manpage.
docs: remove unsupported -h option from smbcacls manpage.
docs: use popt.autohelp entity in smbcacls manpage.
docs: remove duplicate -e option from smbcacls manpage.
docs: mention --query-security-info|--set-security-info in smbcacls manpage.
docs: mention --sddl and --domain-sid in smbcacls manpage.
docs: remove unsupported -h option and use popt.autohelp entity in rpcclient manpage.
docs: document all long option names in nmblookup manpage.
docs: use popt.autohelp entity in dbwrap-tools manpage.
docs: fix testparm manpage.
docs: use &popt.autohelp entity in pdbedit manpage.
docs: fix smbcontrol manpage.
docs: fix ntlm_auth manpage.
docs: use popt.autohelp entity in nmbd manpage.
docs: use popt.autohelp entity in winbindd manpage.
docs: use popt.autohelp entity in smbd manpage.
docs: use popt.autohelp entity in samba.8 manpage.
docs: mention more options in net manpage.
docs: add net rpc vampire specific options in net manpage.
docs: add net idmap specific options in net manpage.
docs: add net rpc share migrate specific options in net manpage.
docs: add net groupmap set specific options in net manpage.
docs: add net rpc registry check specific options in net manpage.
docs: add net registry import specific options in net manpage.
docs: document remaining undocumented options in net manpage.
docs: remove duplicate "a" from vfs_cacheprime manpage.
docs: remove duplicate "the" from smb.conf manpage.
docs: remove duplicate "to" from smb.conf manpage.
docs: remove duplicate "not" from smb.conf manpage.
docs: remove duplicate "or" from smb.conf manpage.
docs: remove duplicate "on" from smb.conf manpage.
docs: remove duplicate "must" from smb.conf manpage.
docs: remove duplicate "line" from smb.conf manpage.
docs: remove duplicate "used" from smb.conf manpage.
librpc/nbt: increase MAX_COMPONENTS limit for nbt_names.
libcli/auth: also set secure channel type in netlogon_creds_client_init().
s3-libnet: Make sure we do not overwrite precreated SPNs.
s3-proto: remove duplicate proto for add_string_to_array().
lib/util: use size_t for add_string_to_array().
samba: pass down size_t instead of int to add_string_to_array().
s3-proto: remove duplicate proto for add_string_to_array().
lib/util: use size_t for add_string_to_array().
samba: pass down size_t instead of int to add_string_to_array().
pam_winbind: fix warn_pwd_expire implementation.
pam_winbind: fix warn_pwd_expire implementation.
vfs: Add glusterfs manpage.
vfs: Add glusterfs manpage.
s3-vfs: Fix developer build of vfs_ceph module.
vfs: Add a brief vfs_ceph manpage.
s3-smbd: reset protocol in smbXsrv_connection_init_tables failure paths.
s4-torture: don't build the lsa forest trust krb5 tests when building with MIT Kerberos.
vfs: fix build warning in smb traffic analyzer.
kerberos: make sure we only use prompter type when available.
lib/async_req: do not install async_connect_send_test.
ctdb: do not provide a useless pkgconfig file for ctdb.
docs-xml: fix typo in smbspool_krb5_wrapper manpage.
docs-xml: fix typo in smbspool_krb5_wrapper manpage.
s4-torture: let smb2.replay.replay2 test deal with scale out shares.
s4-torture: let smb2.replay.replay3 test deal with scale out shares.
s4-torture: let smb2.replay.replay4 test deal with scale out shares.
Partly revert "s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add"
s3:libnet:libnet_join: prepare to allow connecting with machine creds.
s3:libads:ldap: print LDAP error message with log level 10.
s3:libads:ndr: add ADS_AUTH_USER_CREDS to ndr_print_ads_auth_flags()
s3:libads:ldap: fix ads_check_ou_dn to deal with account_ou not being initialized
s3:libnet:libnet_join: always try to create machineaccount via LDAP first.
s3:librpc:idl:libnet_join: add encryption types to libnet_JoinCtx.
s3:libnet:libnet_join: define list of desired encryption types only once.
s3:libnet:libnet_join: fill in output enctypes and only modify when necessary.
s3:libnet:libnet_join: update msDS-SupportedEncryptionTypes (if required) with machine creds.
libsmb/pysmb: add pytalloc-util dependency to fix the build.
param: add parameter "server multi channel support", defaults to off.
lib/socket/interfaces: Fix some uninitialied bytes.
ntlmssp: add some missing defines from MS-NLMP to our IDL.
ntlmssp: fix copy/paste typo in CHALLENGE_MESSAGE in IDL.
ntlmssp: properly document version defines in IDL (from MS-NLMP).
ntlmssp: when pulling messages it is important to clear memory first.
s4-torture: fill in ntlmssp_NEGOTIATE_MESSAGE_check().
s4-torture: activate testing of CHALLENGE and AUTHENTICATE ntlmssp messages.
s4-torture: flesh out ntlmssp_CHALLENGE_MESSAGE_check().
s4-torture: add ndr pullpush validation for NTLMSSP CHALLENGE and AUTHENTICATE messages.
s4-torture: flesh out ntlmssp_AUTHENTICATE_MESSAGE_check().
auth/ntlmssp: use ndr_push_AV_PAIR_LIST in gensec_ntlmssp_server_negotiate().
s4-smb_server: check for return code of cli_credentials_set_machine_account().
s3-auth: check for return code of cli_credentials_set_machine_account().
CVE-2016-2111: s3:rpc_server/netlogon: always go through netr_creds_server_step_check()
ntlmssp: add some missing defines from MS-NLMP to our IDL.
ntlmssp: fix copy/paste typo in CHALLENGE_MESSAGE in IDL.
ntlmssp: properly document version defines in IDL (from MS-NLMP).
ntlmssp: when pulling messages it is important to clear memory first.
s4-torture: fill in ntlmssp_NEGOTIATE_MESSAGE_check().
s4-torture: activate testing of CHALLENGE and AUTHENTICATE ntlmssp messages.
s4-torture: flesh out ntlmssp_CHALLENGE_MESSAGE_check().
s4-torture: add ndr pullpush validation for NTLMSSP CHALLENGE and AUTHENTICATE messages.
s4-torture: flesh out ntlmssp_AUTHENTICATE_MESSAGE_check().
auth/ntlmssp: use ndr_push_AV_PAIR_LIST in gensec_ntlmssp_server_negotiate().
s4-smb_server: check for return code of cli_credentials_set_machine_account().
s3-auth: check for return code of cli_credentials_set_machine_account().
CVE-2016-2111: s3:rpc_server/netlogon: always go through netr_creds_server_step_check()
s3:winbindd:idmap_hash: skip domains that already have their own idmap configuration.
s3:winbindd:idmap: check loadparm in domain_has_idmap_config() helper as well.
lib:krb5_wrap:krb5_samba: increase debug level for smb_krb5_get_default_realm_from_ccache().
s3:librpc:crypto:gse: increase debug level for gse_init_client().
libcli/smb: fix NULL pointer derreference in smbXcli_session_is_authenticated().
s3:smbXsrv.idl: add 8 byte channel_sequence number and request counters to IDL.
libcli:smb:smbXcli_base: add smb2cli_session_current_channel_sequence() call.
torture:smb2: add test for checking sequence number wrap around.
lib/torture: add torture_assert_u64_not_equal_goto macro
s3-kerberos: avoid entering a password change dialogue also when using MIT.
s3:client:smbspool_krb5_wrapper: fix the non clearenv build.
s3-libnet: Print error string even on successfuly completion of libnetjoin.
s3-spoolss: fix winreg_printer_ver_to_qword
Har Gagan Sahai (2):
Fixed a memory leak in cli_set_mntpoint().
s3: dfs: Fix a crash when the dfs targets are disabled.
Hemanth Thummala (5):
loadparm: Fix memory leak issue.
loadparm: Fix memory leak issue.
Real memeory leak(buildup) issue in loadparm.
Mask general purpose signals for notifyd.
Fix memory leak in share mode locking.
Howard Chu (3):
Cleanup map return codes
Fix SEGV from improperly formed SUBSTRING/PRESENCE filter
Add LDB_MAP_RENDROP option
Ira Cooper (8):
vfs_glusterfs: Replace eventfd with pipes, for AIO use
vfs_glusterfs: Add comments to the pipe(2) code.
vfs_glusterfs: Replace eventfd with pipes, for AIO use
vfs_glusterfs: Add comments to the pipe(2) code.
smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT.
smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT.
vfs_glusterfs: Fix use after free in AIO callback.
source3: Honor the core soft limit of the OS.
Ivo De Decker (251):
Update VCS URL's for new git repo.
Merge branch 'upstream'
Imported Upstream version 3.6.15
Merge tag 'upstream/3.6.15'
New upstream bugfix release. Closes: #707042
Lowering recommends of libnss- and libpam-winbind
release samba 2:3.6.15-1 to unstable
Imported Upstream version 4.0.0+dfsg1
Imported Upstream version 4.0.3+dfsg1
Imported Upstream version 4.0.5+dfsg1
Merge tag 'upstream/3.6.14' into samba_4.0_ivo
Merge tag 'upstream/4.0.5+dfsg1' into samba_4.0_ivo
remove unneeded leftover files
fix permissions on debian/rules
update gbp.conf for samba_4.0 branches
Restore samba.templates from samba 3.6
move templates from samba4 to samba-ad-dc
Don't harcode the branch in gbp.conf
configure with --enable-fhs
add multiarch libdir
remove YAPP
show waf command
remove cleanup of pam modules
multiarch location for with-modulesdir
datadir: /usr/share
get list of installed files in build log
move nss modules from /usr/lib/... to /lib/...
remove symlinks for nss modules
don't create symlinks in /usr/lib for nss modules
install correct upstream changelog for pam modules
remove DM-Upload-allowed
install manpages in .install to avoid build failure
remove vfs modules from libsmbd0
remove useless echo
configure: add sysconfdir and localstatedir
fix private_dir and smbpasswd location
update config for git-import-orig
Imported Upstream version 4.0.6+dfsg
Merge tag 'upstream/4.0.6+dfsg' into samba_4.0
update changelog for upstream 4.0.6
Start list of TODOs for the next upload
build dfs_samba4 and auth_samba4 as shared module
TODO: fix install of samba-ad-dc when samba is installed
don't remove log and state files during samba-ad-dc purge
Imported Upstream version 3.6.16
Merge tag 'upstream/3.6.16'
update changelog for upstream version 3.6.16
add gbp.conf for master branch
refresh patches for upstream version 3.6.16
release 2:3.6.16-1 to unstable
update changelog for upload of 2:3.6.16-1
fix description of GPL-3
update debconf templates
remove debian version from symbols to stop lintian complaints
fix package name in libsmbclient symbols file
release samba 2:4.0.6+dfsg-1 to experimental
upload was rejected
fix samba-common-bin dependencies (and some whitespace)
release samba 2:4.0.6+dfsg-1 to experimental
Imported Upstream version 4.0.7+dfsg
Merge tag 'upstream/4.0.7+dfsg' into samba_4.0
update changelog for new version 2:4.0.7+dfsg-1
refresh patches for new upstream version 4.0.7
update build-deps on tdb and ldb for new version
Make build-dep on libtevent-dev explicit.
Fix waf-as-source.patch
release samba 2:3.6.16-2 to unstable
Imported Upstream version 3.6.17
Merge tag 'upstream/3.6.17'
update changelog for upstream version 3.6.17
release samba 2:3.6.17-1 to unstable
add CVE and bug information about security update
Update documentation for git repo
Imported Upstream version 4.0.8+dfsg
Merge branch 'upstream_4.0' into samba_4.0
Add replaces for python-samba for packages that take over files from it.
remove useless broken symlinks
release samba 2:4.0.8+dfsg-1 to experimental
Imported Upstream version 3.6.18
Merge tag 'upstream/3.6.18'
update changelog for new upstream release 3.6.18
release samba 2:3.6.18-1 to unstable
Imported Upstream version 4.0.9+dfsg
Merge tag 'upstream/4.0.9+dfsg' into samba_4.0
update changelog for upstream version 4.0.9
replace references to removed packages with new ones
update TODO's
integrate samba-ad-dc into samba
remove recommends on tdb-tools, which is in depends
update changelog
sort samba-libs.install
move all libs from samba to samba-libs
move libs from samba-common-bin to samba-libs
move libsamba_python.so.* to samba-libs
add lintian override for outdated-autotools-helper-file
move libwinbind-client.so.* to libwbclient0
Remove systemd support for now, as it is broken.
ship symlinks for nss modules
update version for breaks and replaces to 2:4.0.9
create symbols and shlibs files in separate script
remove hardcoded dependencies
update some TODOs
add lintian override for samba-libs: package-name-doesnt-match-sonames
add missing depends from libsmbsharemodes-dev on libsmbsharemodes0
add missing depends for samba-dev on samba-libs
release samba 2:4.0.9+dfsg-1 to experimental
update vcs urls to point to samba instead of samba4
update README.source for git repo
Imported Upstream version 3.6.19
Merge tag 'upstream/3.6.19'
update changelog for new upstream release 3.6.19
release samba 2:3.6.19-1 to unstable
move TODO's that aren't blockers
Imported Upstream version 4.0.10+dfsg
Merge tag 'upstream/4.0.10+dfsg' into samba_4.0
update changelog for upstream version 4.0.10
Limit build-dep on libaio-dev to linux architectures.
Adapt init script changes from master branch
handle AD samba daemon in samba init script
merge changelog up to 2:3.6.19-1
remove fixed TODO's
update lintian overrides for init script changes
clarify that the init script check if they are needed
document why we have a strict dependency ldb
release samba 2:4.0.10+dfsg-1 to experimental
sssd should be ready for new samba packages
Remove Noël from uploaders
Add myself to uploaders.
add changelog for first upload to unstable
release samba 2:4.0.10+dfsg-2 to unstable
Include /etc/pam.d/samba in samba-common
Remove unused alternatives links on upgrade in samba-common-bin.prerm
Add support for 'status' in samba-ad-dc init script.
Don't fail on errors in samba init script.
Remove Sesse from uploaders
Fix umask in make_shlibs
Enable verbose build log.
Revert commit to ease merge in samba_4.0 branch
Merge branch 'master' into samba_4.0
Run xsltproc under faketime
Restore build-dep on libcups2-dev
Add wrapper for cups-config
Also add other build-deps which were present in samba 2:3.6.19-1
remove more obsolete build-deps
abort if tdb move can't be done on upgrade
avoid moving only some tdb files and not others
Document swat removal. Closes: #726751
release samba 2:4.0.10+dfsg-3 to unstable
Handle move of tdb files to private dir in samba-libs.preinst.
add symlink for old location of tdb files
Also do the tdb move in libpam-smbpass.preinst
release samba 2:4.0.10+dfsg-4 to unstable
Update samba-libs.lintian-overrides for moved libtorture0
update README.source for 4.0 on master
samba 4.0 is now on master branch
Imported Upstream version 4.0.11+dfsg
Merge tag 'upstream/4.0.11+dfsg'
Import upstream security release 4.0.11
Move world-readable private key file on upgrade
Add check in init script for key file permission
release samba 2:4.0.11+dfsg-1 to unstable
Add build-dep on python-ntdb
Add build-dep on libncurses5-dev
Add depends on python-ntdb to samba
Imported Upstream version 4.0.12+dfsg
Merge tag 'upstream/4.0.12+dfsg'
update changelog for upstream version 4.0.12
Merge branch 'master' of git+ssh://git.debian.org/git/pkg-samba/samba
Merge branch 'master' of git+ssh://git.debian.org/git/pkg-samba/samba
release samba 2:4.0.12+dfsg-1 to unstable
Imported Upstream version 4.0.13+dfsg
Merge tag 'upstream/4.0.13+dfsg'
update changelog for upstream security release 4.0.13
Fix invocations of 'update-alternatives --remove-all'
Add empty prerm scripts for samba and samba-common-bin.prerm
Don't fail in postinst when removing old alternatives fails
release samba 2:4.0.13+dfsg-1 to unstable
Imported Upstream version 4.1.3+dfsg
Merge tag 'upstream/4.1.3+dfsg' into samba_4.1
set debian branch to samba_4.1
update changelog for upstream version 2:4.1.3+dfsg-1
Merge tag 'upstream/4.0.13+dfsg' into samba_4.1
Merge branch 'master' into samba_4.1
release samba 2:4.1.3+dfsg-1 to experimental
Add debug symbols for all binaries to samba-dbg
Add lintian overrides for empty prerm scripts.
release samba 2:4.1.3+dfsg-2 to unstable
4.1 is now on master branch
Update talloc build-deps to version 2.0.8.
Imported Upstream version 4.1.4+dfsg
Merge tag 'upstream/4.1.4+dfsg'
update changelog for upstream version 4.1.4
python-samba: add depends on python-ntdb
release samba 2:4.1.4+dfsg-1 to unstable
Imported Upstream version 4.1.5+dfsg
Merge tag 'upstream/4.1.5+dfsg'
update changelog for upstream version 4.1.5
Remove the part of patch 26_heimdal_compat integrated upstream.
release samba 2:4.1.5+dfsg-1 to unstable
Imported Upstream version 4.1.6+dfsg
Merge tag 'upstream/4.1.6+dfsg'
update changelog for upstream version 4.1.6
Backport fix for readline 6.3 from master
release samba 2:4.1.6+dfsg-1 to unstable
Imported Upstream version 4.1.7+dfsg
Merge tag 'upstream/4.1.7+dfsg'
update changelog for upstream release 4.1.7
Remove readline63.patch, integrated upstream
Add build-dep on libkrb5-dev, no longer pulled in by libcups2-dev
Don't try to delete Parse/Yapp/Driver.pm, which is no longer installed
release samba 2:4.1.7+dfsg-1 to unstable
Build-depends on heimdal-dev instead of libkrb5-dev
Add versioned build-dep on libgmp10 for now.
release samba 2:4.1.7+dfsg-2 unstable
Remove workaround for #745233
Imported Upstream version 4.1.8+dfsg
Merge tag 'upstream/4.1.8+dfsg'
update changelog for upstream version 4.1.8
Use the upstream version of the smb.conf.5 manpage
release samba 2:4.1.8+dfsg-1 to unstable
Imported Upstream version 4.1.9+dfsg
Merge tag 'upstream/4.1.9+dfsg'
update changelog for upstream version 4.1.9
release samba 2:4.1.9+dfsg-1 to unstable
filter chm files from upstream tarball
Imported Upstream version 4.1.13+dfsg
Merge tag 'upstream/4.1.13+dfsg'
start changelog for 2:4.1.13+dfsg-1
update my email address
sort samba-libs.install
install libdnsserver_common.so.0
Bump standards version to 3.9.6 (no changes)
release samba 2:4.1.13+dfsg-1 to unstable
Mask /etc/init.d/samba init script for systemd
Disable samba init script on upgrade from wheezy to jessie
use samba.links to create systemd symlink
release samba 2:4.1.13+dfsg-2 to unstable
Imported Upstream version 4.1.16+dfsg
Merge tag 'upstream/4.1.16+dfsg'
start changelog for 2:4.1.16+dfsg-1
Refresh patch add-so-version-to-private-libraries
Fix installation of bind modules.
Imported Upstream version 4.1.17+dfsg
Merge tag 'upstream/4.1.17+dfsg'
update changelog for upstream version 4.1.17
backport torture test for CVE-2015-0240
Add breaks on qtsmbstatus-server (<< 2.2.1-3~).
Build-depend on reverted ldb version (with increased epoch)
release samba 2:4.1.17+dfsg-1 to unstable
Add samba.preinst to temporarily deactivate the old qtsmbstatusd initscript
release samba 2:4.1.17+dfsg-2 to unstable
Jakub Hrozek (2):
SO_PROTOCOL is platform-dependent
Provide a compatible declaration of CMSG_ALIGN
Jan Brummer (1):
s3-winbindd: Fix DEBUG statement in winbind_msg_offline().
Jeffrey Altman (1):
CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
Jeffrey Clark (1):
Support for Heimdal's unified krb5 and hdb plugin system.
Jelmer Vernooij (222):
Update commentrs in autodeps.py conf file.
wrap-and-sort
autodeps.py: Fix parsing of control file.
Integrate samba4 source package changelog.
Break long lines in descriptions of libsmbsharemodes-dev and libsmbsharemodes0.
Bump standards version to 3.9.4 (no changes).
Suggest libwireshark-dev for libparse-pidl-perl, as it is necessary to build wireshark dissectors generated by pidl.
Break long line in libsmbd0 description.
samba-ad-dc: Drop suggests for removed packages swat2 and samba-gtk.
samba: Remove inetd servers from suggests; inetd support was dropped in 3.6.16-1.
Fix database errors during upgrade. Closes: #700768
Fix indentation.
Integrate most of the libraries into the samba-libs package and
Integrate double Replaces lines.
Add breaks.
Fold libnetapi0 into samba-libs.
wrap-and-sort.
Remove duplicate entries in install files, empty libgensec-dev.install.
Fix package names.
Move libtorture0 to samba-testsuite to reduce size of samba-libs and prevent dependency on libsubunit0.
Update lintian-overrides for move of libtorture0.
Switch over to 4.1 branch.
Update instructions to reference upstream VCS tag.
Imported Upstream version 4.1.1+dfsg
Merge tag 'upstream/4.1.1+dfsg' into debian.
New upstream release.
Drop 0002-lib-replace-Allow-OS-vendor-to-assert-that-getpass-i.patch: upstream no longer uses getpass.
Add source dependency on libntdb1, and stop passing --disable-ntdb, which has been removed.
Remove handling for SWAT, which is no longer shipped upstream.
Update files to install.
Stop installation of disappeared source4/NEWS.
Update libsmbclient symbols.
Split VFS modules out from samba-libs into a separate binary package.
Move samba-regedit.8 to right package.
Move service and process_model modules from the samba-libs to the samba package. Prevents dependencies on libkdc2-heimdal and libhdb9-heimdal.
Add 26_heimdal_compat: Fix compatibility with newer versions of Heimdal.
Remove local copy of krb5-types.h to prevent it from interfering.
Cherry-pick interface version fix.
Cherry-pick fix for heim_octet_t.
Fix invocations of 'update-alternatives --remove-all' in samba- common-bin prerm. Closes: #731192
Revert "Fix invocations of 'update-alternatives --remove-all' in samba- common-bin prerm. Closes: #731192"
Merge branch 'master' of git+ssh://git.debian.org/git/pkg-samba/samba into debian_4.1
Imported Upstream version 4.1.2+dfsg
Merge tag 'upstream/4.1.2+dfsg' into debian_4.1
Update changelog for 4.1.2.
Drop duplicate patch 26_heimdal_no_local_krb5_types.
Depend on newer version of ctdb, as Samba won't build against older versions without --enable-old-ctdb.
Remove Samba4-specific instructions on building packages.
Add gitignore file.
Bump standards version to 3.9.5 (no changes).
Move libpac, db_glue and hdb module from samba-libs to samba package to reduce size of libs package.
* Fix compatibility with newer versions of the Heimdal HDB API.
Compare against old package version, rather than the string literal "upgrade".
releasing package samba version 2:4.1.4+dfsg-2
Move samba.dckeytab module to samba package, as it relies on hdb. Closes: #736405, #736430
releasing package samba version 2:4.1.4+dfsg-3
Fix watch file.
Cope with first element in hdb_method having a different name in different heimdal versions.
Remove smbd and nmbd from required-start and required-stop in samba.init. Closes: #739887
Imported Upstream version 4.1.11
Merge tag 'upstream/4.1.11' into debian
New upstream release.
CVE-2014-3560: Remote code execution in nmbd. Closes: #756759
releasing package samba version 2:4.1.11+dfsg-1
Updated Italian translation. Thanks Luca Monducci. Closes: #760743
Use HTTP in watch file, as ftp.samba.org is not working reliably for me.
Use Excluded-Files in debian/copyright for DFSG-nonfree files.
Update Dutch translation. Thanks Frans Spiesschaert. Closes: #763650
Exclude pre-built zlib file.
releasing package samba version 2:4.1.11+dfsg-2
Add bug#.
releasing package samba version 2:4.1.13+dfsg-3
Imported Upstream version 4.2.0~rc2+dfsg
Merge tag 'upstream/4.2.0_rc2+dfsg' into experimental
New upstream release.
Update 26_heimdal_compat.
Remove upstream applied bug_598313_upstream_7499-nss_wins-dont-clobber-daemons-logs.patch.
usershare.patch: refresh
drop do-not-install-smbclient4-and-nmbclient4: applied upstream.
Add build-dependency on libarchive-dev.
Revert previous patch, since ldb has an active module version check. Instead, just depend on ldb 1.1.18.
releasing package samba version 2:4.1.13+dfsg-4
Don't use a nested function when testing for visibility attribute support.
Add a basic guide on pytalloc.
Remove unused imports.
urgent_replication: Use subunit reporting, remove allow_empty_output.
samba3dump: Add subunit-enabled test for samba3dump.
filter-subunit: Drop support for allow_empty_output hack.
dirsync test: Create and run a single testsuite, should easy migration to regulary Python unit tests.
speedtest: Create and run a single testsuite, should easy migration to regulary Python unit tests.
dsdb.tests.ldap: Create and run a single testsuite, should easy migration to regulary Python unit tests.
dsdb.tests.acl: Create and run a single testsuite, should easy migration to regulary Python unit tests.
Fix subunit test suite name.
Support using system ldbmodify.
filter-subunit: Consistently use spaces rather than tabs.
Add bundled copy of 'extras' python module used by newer versions of testtools/subunit.
Add convenience class for old-style Samba subunit python tests.
subunitrun: Use new samba.tests.subunitrun module.
Move option parsing to samba.tests.subunitrun.
Move option handling into samba.tests.subunitrun.
sec_descriptor test: Simplify, use samba.tests.subunitrun module.
credentials test: Use samba.tests.subunitrun.
speedtest: Use samba.tests.subunitrun.
sites: Use samba.tests.subunitrun.
sec_descriptor: Use samba.tests.subunitrun.
passwords: Use samba.tests.subunitrun.
password lockout: Use samba.tests.subunitrun.
ldap_syntaxes: Use samba.tests.subunitrun.
deletetest: use samba.tests.subunitrun.
ldap: Use samba.tests.subunitrun.
Include mimeparse, which is used by subunit/testtools.
Use samba.tests.subunitrun in urgent replication test.
Use samba.tests.subunitrun in dsdb ldap and ldap_schema tests.
sam: Use samba.tests.subunitrun.
selftest: Drop support for TESTSUITE-IDLIST, and remove its last user.
Re-use add_prefix function.
selftest/tests.py: Remove testsuite samba.tests.samdb which does not have any tests.
selftest: Add separate command line for listing tests, allowing us of subunit-filter (which doesn't support subunit v2).
Be consistent about what functions add $LISTOPT and $LOADLIST to the command-line.
Merge 4.1 branch.
Imported Upstream version 4.2.1+dfsg
Merge tag 'upstream/4.2.1+dfsg' into experimental
New upstream release - 4.2.1
Refresh patch add-so-version-to-private-libraries.
Drop samba_bug_11077_torturetest.patch: applied upstream.
Drop dependency on ctdb - now bundled with Samba.
Depend on newer talloc/tdb/tevent/ldb.
Rebuild against new ldb. Closes: #783424
releasing package samba version 2:4.1.17+dfsg-3
Add pidl_reproducible.patch: Make pidl output reproducible.
releasing package samba version 2:4.1.17+dfsg-4
Use bundled Heimdal as the system Heimdal doesn't contain the changes required for Samba.
Add patch heimdal-rfc3454.txt: patch in truncated rfc3454.txt for building bundled heimdal.
Re-add non-rfc txt files.
Re-import txt files.
Use released versions rather than rcs.
Exclude non-rfc files.
Ignore debhelper.log files.
Drop patches 25_heimdal_api_changes and 26_heimdal_compat.
Use bundled comerr, as building against the system one breaks.
Disable cluster support; it breaks the build.
Stop attempting to install hdb_samba4.so.
Ignore some debian output files, stop packaging of files that are no longer installed.
Add patch no_wrapper: avoid dependencies on {nss,uid,socket}_wrapper.
Move some libraries around.
Move ownership of var/lib/samba and var/lib/samba/private to samba-common, remove obsolete samba4.dirs. Closes: #793866
Remove ctdb-tests package as it problems and unclear what it is useful for.
Remove ctdb-tests and ctdb-pcp-pmda packages as they contain problems and unclear what they are useful for, now ctdb now longer provides an external API.
releasing package samba version 2:4.2.1+dfsg-1
Fix watch file.
Fix upstream_4.3 branch.
Imported Upstream version 4.3.0+dfsg
Merge tag 'upstream/4.3.0+dfsg' into experimental
New upstream release.
Drop no_wrapper patch: applied upstream.
Drop patch ctdb_sockpath.patch: applied upstream.
Drop Fix-CTDB-build-with-PMDA patch: applied upstream.
Update dependencies.
Fix files installed.
Update symbols.
Update gitignore.:
releasing package samba version 2:4.3.0+dfsg-1
Rebuild against new ldb. Closes: #799569
releasing package samba version 2:4.1.17+dfsg-5
Imported Upstream version 4.1.20+dfsg
Merge tag 'upstream/4.1.20+dfsg' into unstable
New upstream release (last compatible with current OpenChange).
samba_bug_11077_torturetest.patch: refresh.
Install vfs manpages.
releasing package samba version 2:4.1.20+dfsg-1
Re-enable cluster support.
Build samba-cluster-support as built-in library, since its dependencies are broken.
Disable socketwrapper.
releasing package samba version 2:4.3.0+dfsg-2
Remove libpam-smbpasswd, which is broken and slated for removal upstream. Closes: #799840
Merge tag 'debian/4.1.20+dfsg-1' of git://git.debian.org/pkg-samba/samba into experimental
Remove lib/zlib/contrib/dotzlib/DotZLib.chm from excluded files in copyright; no longer shipped upstream.
Rename git-import-orig -> import-orig.
Imported Upstream version 4.3.1+dfsg
Merge tag 'upstream/4.3.1+dfsg' into experimental
New upstream release.
Drop pidl reproducible patch; applied upstream.
Add short license name for Microsoft Active DIrectory Schema License.
Don't warn about arch-specific dependencies from libnss-* on winbind.
Remove wins2dns.awk example script.
Move VFS examples to samba-dev.
Remove the samba-doc package, and move examples files from it to relevant other packages.
Mark samba-doc removal as closing #769385
Move source lintian overrides.
Drop subunit dependency, no longer used.
Drop ntdb dependencies, no longer used.
Move .gitignore to debian/.
releasing package samba version 2:4.3.1+dfsg-1
Imported Upstream version 4.3.2+dfsg
Merge tag 'upstream/4.3.2+dfsg' into experimental
New upstream release.
Fix epoch for ldb in autodeps.py.
Merge commit 'e582b68ecf66938fd2608a30458b16c190bb4ba5' into experimental
Ignore some more files.
Fix version string.
Don't install async_connect_send_test.
Imported Upstream version 4.3.3+dfsg
Merge tag 'upstream/4.3.3+dfsg' into experimental
New upstream release.
Support SYSTEM_VERSION setting in deps.
Bump ldb dependency up to 1.1.24.
Remove usr/bin/async_connect_send_test.
Add bug #.
Move samba-dsdb-modules back from Depends to Recommends, as using Samba as a standalone server doesn't require the dsdb modules.
Merge branch 'experimental' of git://git.debian.org/pkg-samba/samba into experimental
Try to get rid of circular dependency.
Fix version no.
Move smbd-base lib to samba-libs, as the net tool depends on it.
Add Replaces: samba to samba-libs because of moved libs.
releasing package samba version 2:4.3.3+dfsg-1
Move strict ldb dependency to samba-dsdb-modules package, which actually contains the modules. Closes: #816210
releasing package samba version 2:4.3.5+dfsg-2
Fix dhclient hook if samba is not installed. Thanks, Jan Braun. Closes: #801976
Rebuild against current version of ldb in the archive. Closes: #817036
Ignore debhelper build stamp.
releasing package samba version 2:4.3.5+dfsg-3
Merge in 4.3 history.
Jelmer Vernooij (78):
Depend on libgnutls28-dev rather than libgnutls-dev. Closes: #753146
Remove outdated-autotools-helper-file overrides for config.guess and config.sub; files are no longer present upstream.
Add branch to Vcs-Git header.
samba.smbd.upstart: Remove leftover code for RUN_MODE=inetd, which was already removed elsewhere.
[ Debconf translations ]0
Remove trailing 0.
Move dsdb-module library from samba-dsdb-modules to samba-libs, to prevent circular dependencies between samba-dsdb-modules and samba- libs. This is necessary since dsdb-module is now used by the dcerpc- server library.
releasing package samba version 2:4.1.9+dfsg-2
Update debian/rules to allow support for multiple upstream ldb versions, when verified.
Remove last instances of pep8 error E712 (use 'is' rather than '==' for booleans)
Fix more pep8 issues in code I touched recently.
Add dependency on libtevent-dev in samba-dev.
Imported Upstream version 4.3.5+dfsg
Merge tag 'upstream/4.3.5+dfsg' into unstable
New upstream release.
Wrap and sort.
Loosen dependencies on ldb to ldb >= 1.1.21, per upstream.
Update usershare patch after upstream changes.
Drop patch sockets-with-htons.patch: applied upstream.
Ignore backup files.
Ignore debian build stamp files.
Add smbclient_krb5_wrapper.
Bump standards version to 3.9.7 (no changes).
releasing package samba version 2:4.3.5+dfsg-1
Ignore debhelper-build-stamp.
Imported Upstream version 4.3.6+orig
Merge tag 'upstream/4.3.6+orig' into unstable
New upstream release.
releasing package samba version 2:4.3.6+dfsg-1
Merge branch 'unstable' of https://jelmer.uk/code/samba into unstable
Add no_build_options.patch: make package more reproducible by disabling build options output.
Depend on source version of arch-independent samba-common, fixing binNMU-ability.
releasing package samba version 2:4.3.6+dfsg-2
Add patch no_build_system.patch: drop host-specific define that prevents reproducible builds.
Add patch no_build_system.patch: drop host-specific define that prevents reproducible builds.
Update watch file to retrieve 4.3.X.
Imported Upstream version 4.3.8+dfsg
Merge tag 'upstream/4.3.8+dfsg' into unstable
Bump version in Replaces: samba-libs for samba-vfs-modules to 4.3.2+dfsg-1, to fix jessie->stretch upgrades. Closes: #821070
Re-apply patch.
releasing package samba version 2:4.3.8+dfsg-1
Imported Upstream version 4.4.2+dfsg
Merge tag 'upstream/4.4.2+dfsg' into experimental
New upstream release.
Bump standards version to 3.9.8 (no changes).
Fix NEWS file syntax.
Fix formatting of my last name.
Drop build dependency on perl-modules; depend on perl instead.
Update overrides.
releasing package samba version 2:4.4.2+dfsg-1
Merge branch 'master' of git+ssh://git.debian.org/git/pkg-samba/samba into master.
Merge in 4.3 package changes.
releasing package samba version 2:4.4.2+dfsg-2
Imported Upstream version 4.4.3+dfsg
Imported Upstream version 4.4.3+dfsg
Merge tag 'upstream/4.4.3+dfsg' into unstable
New upstream release.
Reapply rfc3454 patch.
Merge branch 'master' of git+ssh://git.debian.org/git/pkg-samba/samba into unstable
releasing package samba version 2:4.4.3+dfsg-1
Cleanup ctdb READMEs during 'clean' step.
releasing package samba version 2:4.4.3+dfsg-1
Add patch gcc_6.patch, fixing compatibility with gcc 6. Closes: #812264
releasing package samba version 2:4.4.4+dfsg-3
Imported Upstream version 4.4.5+dfsg
Imported Upstream version 4.4.5+dfsg
Merge tag 'upstream/4.4.5+dfsg' into unstable
New upstream release.
releasing package samba version 2:4.4.5+dfsg-1
Revert "Run quicktest during build"
Disable running of 'make quicktest' during build, as it takes very long to run on x32 and enables building non-production NTVFS server. Closes: #830571
releasing package samba version 2:4.4.5+dfsg-2
Add strict dependencies on samba-libs, because of use of private libraries without stable ABI across Samba binary packages.
Add Breaks clauses for older versions of samba-libs and samba to samba-vfs-modules, as some files have moved. Closes: #833614, #832880
Clarify commit message.
Fix typo in bug #.
Clarify commit message.
Fix typo in bug #.
Jeremy Allison (393):
Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS.
Fix bug #10010 - Missing integer wrap protection in EA list reading can cause server to loop with DOS.
Add ea_list_has_invalid_name() function.
Ensure set_ea cannot set invalid Windows EA names.
Ensure we never return an EA name to a Windows client it can't handle.
Ensure we can't create a file using SMB2_CREATE with an invalid EA list.
Add the ability to send an NTSTATUS result back with a trans2 reply so we can return a parameter block with an error code.
Add error map of STATUS_INVALID_EA_NAME -> ERRDOS, ERRbadfile
Ensure we can't create a file using TRANS2_OPEN with an invalid EA list.
Ensure we can't create a file using NTTRANS with an invalid EA list.
Ensure we do pathname processing before SD and EA processing in NTTRANS_CREATE.
Reply with correct trans2 message on a setpathinfo with a bad EA name.
Add torture tests to raw.eas to check sending Windows invalid names in the middle of an EA list.
Wrap setting leases in become_root()/unbecome_root() to ensure correct delivery of signals.
Fix bug #10063 - source3/lib/util.c:1493 leaking memory w/ pam_winbind.so / winbind
Fix the erroneous masking of chmod requests via the UNIX extensions.
Allow UNIX extensions client to act on open fsp instead of pathname if available.
Fix the UNIX extensions CHOWN calls to use FCHOWN if available, else LCHOWN.
s3:param: Correctly set up cli_maxprotocol, cli_minprotocol in our parameter block.
s3:libsmb: Modify cli_start_connection_connected() to use lp_cli_minprotocol()/lp_cli_maxprotocol() instead of hard coding PROTOCOL_CORE, PROTOCOL_NT1.
s3:libsmb: Ensure we ask for DEFAULT_SMB2_MAX_CREDITS on successful negprot.
s3:smbcacls: Add -m<MAX PROTOCOL> option to smbcacls.
libcli/smb: Fix smb2cli_write_recv() and smb2cli_write() to return the bytes written.
libcli/smb: Change smb2cli_create() and smb2cli_create_recv() to return a parameter blob of the newly opened/created file.
s3:lib: Factor read_ea_list_entry() and read_nttrans_ea_list() out so they can be used by the SMB2 client code.
s3:libsmb: Add in the core of the libsmb client SMB2 functions.
s3:libsmb: Plumb cli_smb2_rename() inside cli_rename().
s3:libsmb: Plumb cli_smb2_unlink() inside cli_unlink().
s3:libsmb: Plumb cli_smb2_mkdir() inside cli_mkdir().
s3:libsmb: Plumb cli_smb2_rmdir() inside cli_rmdir().
s3:libsmb: Plumb cli_smb2_create_fnum() inside cli_ntcreate().
s3:libsmb: Plumb cli_smb2_close_fnum() inside cli_close().
s3:libsmb: Plumb cli_smb2_getattrE() inside cli_getattrE().
s3:libsmb: Plumb cli_smb2_setattrE() inside cli_setattrE().
s3:libsmb: Plumb cli_smb2_setatr() inside cli_setatr().
s3:libsmb: Plumb cli_smb2_getatr() inside cli_getatr().
s3:libsmb: Plumb cli_smb2_dskattr() inside cli_dskattr().
s3:libsmb: Fix cli_set_ea_path() to use frame instead of talloc_tos().
s3:libsmb: Plumb cli_smb2_set_ea_path() inside cli_set_ea_path().
s3:libsmb: Plumb cli_smb2_set_ea_fnum() inside cli_set_ea_fnum().
s3:libsmb: Plumb cli_smb2_get_ea_list_path() inside cli_get_ea_list_path().
s3:libsmb: Plumb cli_smb2_list() inside cli_list().
s3:libsmb: Plumb cli_smb2_qpathinfo2() inside cli_qpathinfo2().
s3:libsmb: Plumb cli_smb2_qpathinfo_streams() inside cli_qpathinfo_streams().
s3:libsmb: Plumb cli_smb2_qfileinfo_basic() inside cli_qfileinfo_basic().
s3:libsmb: Plumb cli_smb2_qpathinfo_basic() inside cli_qpathinfo_basic().
s3:libsmb: Plumb cli_smb2_qpathinfo_alt_name() inside cli_qpathinfo_alt_name().
s3:libsmb: Plumb cli_smb2_query_security_descriptor() inside cli_query_security_descriptor().
s3:libsmb: Plumb cli_smb2_set_security_descriptor() inside cli_set_security_descriptor().
Remove restrictions on setting iosize inside smbclient for SMB2 connections.
As SMB3 has transport level encryption, allow smbclient -e to force encryted SMB3 transport.
Add new "timeout" command and -t option to smbclient to set the per-operation timeout.
Add "max protocol" command line documentation for smbcacls.
Add "-e" encrypt transport command line option documentation for smbcacls.
Expand on the documentation of -m max-protocol for SMB2/3 for smbclient.
Fix the documentation for --send-buffersize for the new default value of zero for smbclient.
Fix the documentation of the iosize command to explain the new zero default for smbclient.
Fix the documentation of --encrypt to explain SMB3 encryption for smbclient.
Add documentation for the new -t <timeout> parameter in smbclient.
Add documentation for the new internal command timeout to smbclient.
WHATSNEW: Add paragraph about SMB2/3 support for client tools/library.
dsgetdcname_cache_fetch() doesn't use the site_name parameter so don't pass it.
Refactor dsgetdcname to be called via a wrapper function.
Move the manipulation of site_name into the caller function dsgetdcname().
Move the retry logic when site_name is passed in a NULL or "" to the wrapper function.
Optimization. Don't do the retry logic if sitename_fetch() returned NULL, we already did a NULL query.
s3: libsmb : The short name length is only a one byte field.
Fix is_legal_name() to not emit character conversion error messages.
s3: libsmb SMB2 wrapper layer. cli_smb2_get_ea_list_path() failed to close file on exit.
s3: libsmb : Bug 10150 - Not all OEM servers support the ALTNAME info level.
s3: libsmb - 10150 - Not all OEM servers support the ALTNAME info level.
Fix bug #10187 - Missing talloc_free can leak stackframe in error path.
Fix bug #10229 - No access check verification on stream files.
Add regression test for bug #10229 - No access check verification on stream files.
Fix bug 10196 - RW Deny for a specific user is not overriding RW Allow for a group.
Fix bug 10196 - RW Deny for a specific user is not overriding RW Allow for a group.
s3-smbd: smbclient shows no error if deleting a directory with del failed
s3-lib: smbclient shows no error if deleting a directory with del failed
s3-client: smbclient shows no error if deleting a directory with del failed
CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply.
CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked.
CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.
CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked.
smbd: change flag name from UCF_CREATING_FILE to UCF_PREP_CREATEFILE
smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a path for open.
smbd - allow updates on directory write times on open handles.
smbtorture: New torture test for bug #9870.
ldb: bad if test in ldb_comparison_fold()
s3: winbindd: Move the logic of whether to set 'domain->primary' into add_trusted_domain().
s3: winbindd: Move calling setup_domain_child() into add_trusted_domain().
s3:dir - In the old SMB1 search code, rename offset to wire_offset to distinguish between wire and native offsets.
s3:dir - Introduce a function to map a directory cookie to a 32-bit wire cookie.
s3: dir - Introduce 32-bit wire versions of the 'special' values.
s3:dir - Cope with fixed mapping of 'special' values.
s3:dir - Map wire offsets to native directory cookies.
s3:dir - Add a new memcache type (non-talloc) - SMB1_SEARCH_OFFSET_MAP.
s3:dir - Introduce a 64-bit directory offset <-> 32 bit wire offset map using memcache.
s3:dir - We now pass the previously spinning directory tests on ext4.
s3: smbpasswd - fix crashes on invalid input.
s3: vfs_dirsort module.
s3: vfs_dirsort module.
s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we can't cope with a symlink when lp_posix_pathnames() is true.
s3: printing: Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message.
s3-printing: Fix obvious memory leak in printer_list_get_printer().
s3: smbd: Ensure brl_get_locks_internal() always returns a valid struct byte_range_lock even if there are no locks.
CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner.
CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing ACL when setting owner or group owner.
s3: lib: Back-port tevent_queue_wait_send/recv -> smbd_tevent_queue_wait_send/recv
s3:smb2_sesssetup: split smbd_smb2_logoff into an async *_send/recv pair.
s3:smb2_tcon: split smbd_smb2_tdis into an async *_send/recv pair.
s4: smbtorture: Update the torture_smb2_notify_ulogoff test to demonstrate the problem.
s4: smbtorture: Add a proper change_notify going async followed by tdis test.
s3: smbd: Fileserving share access checks.
s3: smbd: Ensure we always go via getgroups_unix_user() when creating an NT token.
s3: messages: Implement cleanup of dead records.
s3-lib/util: fix logic inside set_namearray loops.
s3 : smbd : Protect all possible code paths from fsp->op == NULL.
s3: smbd : Ensure file_new doesn't call into smbXsrv_open_create() for INTERNAL_OPEN_ONLY.
s3: smbd: change file_set_dosmode() to use get_file_handle_for_metadata() instead of open_file_fchmod().
s3: smbd: Remove open_file_fchmod().
s3: smbd : Fix wildcard unlink to fail if we get an error rather than trying to continue.
s3: smb2: Move from using SBVAL to put NTTIMEs on the wire to put_long_date_timespec.
s3: smb2: Move from using SBVAL to put NTTIMEs on the wire to put_long_date_timespec.
s3: client - rename 'struct smb2_create_returns' to 'struct smb_create_returns' so we can use this in SMB1 create returns as well.
s3: client : Add extra return parameter to all client open calls.
s3: client : correctly fill in the struct smb_create_returns from cli_ntcreate(), cli_ntcreate_recv(), cli_nttrans_create() and cli_nttrans_create_recv().
s3: libsmbclient: Work around bugs in SLES cifsd and Apple smbx SMB1 servers.
s3: nmbd: Fix bug 10633 - nmbd denial of service
s3: smbd - fix processing of packets with invalid DOS charset conversions.
s3/s4: smbd, rpc, ldap, cldap, kdc services.
s3:winbindd - fix bad bugfix for bug #10280 - winbind panic if AD server is down.
s3: smbd: Locking, fix off-by one calculation in brl_pending_overlap().
s3: smbd: Locking - convert to using utility macro used elsewhere.
s3: smbd: Locking - add and use utility function lock_timed_out().
s3: smbd: Locking - treat lock timeout the same as any other error.
s3: smbd: Locking - re-add pending lock records if we fail to acquire a lock (and the lock hasn't timed out).
s4: smbtorture: Add multi-lock test. Regression test for bug #10684.
s3: libwbclient: Don't break out of loop too soon - find all parameters.
s3: smbd - Prevent file truncation on an open that fails with share mode violation.
s3: smb2: Remove unused code from remove_pending_lock().
s3: smb2: Simplify logic in reprocess_blocked_smb2_lock().
s3: SMB2 : Fix leak of blocking lock records in the database.
lib: tevent: make TEVENT_SIG_INCREMENT atomic.
s3: xml-docs. Ensure users of 'net time' know the remote server must be specified with -S.
s3: net time - fix usage and core dump.
s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in incoming security_information flags in posix_get_nt_acl_common().
s3: smbd - SMB[2|3]. Ensure a \ or / can't be found anywhere in a search path, not just at the start.
s3: smbd : SMB2 - fix SMB2_SEARCH when searching non wildcard string with a case-canonicalized share.
lib: strings: Fix the behavior of strcasecmp_m_handle() in the face of bad conversions.
lib: strings: Fix the behavior of strncasecmp_m_handle() in the face of bad conversions.
s4: tests: Added local.charset test for Bug 10716 - smbd constantly crashes when filename contains non-ascii character
s3: winbindd: Add new parameter "winbind request timeout" set to 60 seconds with man page.
s3: winbindd: On new client connect, prune idle or hung connections older than "winbind request timeout"
s3: smbd: vfs_dirsort module.
s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs.
s3: smbd - open logic fix.
s3: smb2cli: query info return length check was reversed.
s3: smb2cli: query info return length check was reversed.
lib: util: Signal handling - change CatchChild() and CatchChildLeaveStatus() to return the previous handler.
s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers.
pthreadpool: Slightly serialize jobs
s3: nmbd: Ensure the main nmbd process doesn't create zombies.
lib: uid_wrapper: Fix setgroups and syscall detection on a system without native uid_wrapper library.
s3-nmbd: Fix netbios name truncation.
s3: libsmbclient - smb2. MacOSX 10 SMB2 server doesn't set STATUS_NO_MORE_FILES when handed a non-wildcard path.
s3: smbd: Preparation for leases code merge. Ensure VFS is ready for 4.2.0.
s3:param: Add new option "strict rename".
selftest:Samba3: use "strict rename = yes"
s3: nmbd: Ensure NetBIOS names are only 15 characters stored.
s3: daemons - ensure nmbd and winbindd are consistent in command line processing by adding POPT_COMMON_DYNCONFIG.
s3-nmbd: Fix netbios name truncation.
s3: libsmbclient - smb2. MacOSX 10 SMB2 server doesn't set STATUS_NO_MORE_FILES when handed a non-wildcard path.
s3: nmbd: Ensure NetBIOS names are only 15 characters stored.
libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does.
s4:torture: Add smb2.oplock test batch9a and raw.oplock test batch9a
libcli/smb: Add smb2_lease_equal() which compares client_guids and keys.
s3:smbd: Don't set fsp->oplock_type before we've granted any oplocks.
s3: leases - torture test for timeout of responding to lease break request.
s4: smb2 : torture: Add new dynamic_share leases test.
s4: torture: leases - Add test for leases and blocking locks.
s4:torture:smb2: Add test that shows the client can respond to a lease break over a different connection.
s4:torture:smb2: Add smb2.lease.v2_breaking3 test.
s3:smbd: Add fsp_client_guid() utility function to return the connected client guid.
s3: leases: libsmbsharemodes no longer works with SMB2 leases inside our locking.tdb.
s3:locking: ensure all share mode removal functions go through a common lease refcount manager.
s3:param: Add "smb2 leases" parameter. Default "false".
s3:smb2_negprot: announce support for SMB2.1 leases.
selftest:Samba3: use "smb2 leases = yes"
libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does.
s3: leases: Add leases_db_rename() to cope with renaming a leased file.
s3: leases : Cope with renaming leased open files.
s3: leases: Make aio_add_req_to_fsp() public.
s3: leases: send_break_message() public.
s3: leases: Make SMB2 setinfo SMB2_FILE_RENAME_INFORMATION_INTERNAL async.
s4: torture: leases. Simple lease_v2 rename test "v2_rename".
s3: smbd: Fix *allocate* calls to follow POSIX error return convention.
s3: smbd: Fix *allocate* calls to follow POSIX error return convention.
s3: smbd: Fix *allocate* calls to follow POSIX error return convention.
s3: smbd: Fix *allocate* calls to follow POSIX error return convention.
s3: modules: Fix *allocate* calls to follow POSIX error return convention.
s3: modules: Fix *allocate* calls to follow POSIX error return convention.
s3:locking: pass servicename_new to leases_db_rename()
s3:locking: prepare the data model for leases_db to cope with dynamic path renames.
s3:locking: Add new utility function leases_db_copy_file_ids()
s3:locking: pass down servicepath to leases_db_add()
s3:locking: Change the data model for leases_db to cope with dynamic path renames.
WHATSNEW: Announce SMB2 leases support.
s3: auth: Add a utility function - SamInfo3_handle_sids() that factors out the code to handle "Unix Users" and "Unix Groups".
s3: auth: Convert samu_to_SamInfo3() to use the new utility function.
s3: auth: Plumb in the SamInfo3_handle_sids() utility function into passwd_to_SamInfo3().
s3: auth: Add previously missing allocation fail check.
s3: auth - tests: Add test for "force user" being a unix-only user, not in passdb.
s3: lib, s3: modules: Fix compilation on Solaris.
s3: smbclient: Allinfo leaves the file handle open.
s3: smbclient: Allinfo leaves the file handle open.
CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer.
s3: smbd: leases - new torture test shows stat opens can get leases.
s3: smbd: leases - losen paranoia check. Stat opens can grant leases.
s4: smbtorture: leases - show stat opens grant leases and can be broken.
s3: smbd: SMB2 close. Add utility function setup_close_full_information()
s3: smbd: SMB2 close. Call utility function setup_close_full_information()
s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting.
CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer.
CVE-2015-0240: s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer.
Add Solaris ports as a tevent backend.
tevent: Ignore unexpected signal events in the same way the epoll backend does.
Start to fix talloc memlimits with talloc pools.
Remove magic TC_HDR_SIZE handling inside talloc_memlimit_check().
Change _talloc_total_mem_internal() to ignore memory allocated from a pool when calculating limit size.
Change __talloc() to only call talloc_memlimit_check()/talloc_memlimit_grow() on actual malloc allocation.
Update memory limits when we call free() on a pool.
Inside _talloc_free_internal(), always call talloc_memlimit_update_on_free() before we free the real memory.
In _talloc_steal_internal(), correctly decrement the memory limit in the source, and increment in the destination.
Fix a conditional check. (size - tc->size > 0) is always true if size and tc->size are unsigned.
Don't call talloc_memlimit_update() inside _talloc_realloc() when we're just manipulating pool members.
Inside _talloc_realloc(), keep track of size changes over malloc/realloc/free.
Remove talloc_memlimit_update(). No longer used.
Add simple limited pool tests to test_memlimit().
Fix valgrind errors with memmove and talloc pools.
lib: talloc: Fix bug when calling a destructor.
lib: talloc: Allow destructors to reparent the object they're called on.
lib: talloc: Test suite for the new destructor reparent logic.
s4: lib: auth: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields.
s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields.
s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case.
s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use.
lib: talloc: Fix bug when calling a destructor.
lib: talloc: Allow destructors to reparent the object they're called on.
lib: talloc: Test suite for the new destructor reparent logic.
s4: lib: auth: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields.
s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields.
s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case.
s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use.
docs: Mark 'client use spnego principal' as deprecated and also a bad idea.
s3: client - "client use spnego principal = yes" code checks wrong name.
s3: libsmbclient: Add missing talloc stackframe.
s3: Refactor smbd_smb2_request_process_negprot
s3: Fix fsctl_validate_neg_info to pass MS compliance suite.
docs: Mark 'client use spnego principal' as deprecated and also a bad idea.
s3: client - "client use spnego principal = yes" code checks wrong name.
lib: tdb: Use sigaction when testing for robust mutexes.
s3: libsmbclient: Add missing talloc stackframe.
s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid.
s4: rpc: Refactor dcesrv_alter() function into setup and send steps.
s3: smbd: Incorrect file size returned in the response of "FILE_SUPERSEDE Create"
s3: nmbd: Ensure we only set work_changed = true if we modify the record.
s3: nmbd: Don't set work_changed = True inside update_server_ttl().
s3: smbd: VFS: Add vfs_stat_smb_basename() - to be called when we *know* stream name parsing has already been done.
s3: smbd: VFS: All the places that are currently calling vfs_stat_smb_fname() and vfs_lstat_smb_fname() should be calling vfs_stat_smb_basename().
s3: smbd: VFS: For all EA and ACL calls use synthetic_smb_fname(), not synthetic_smb_fname_split().
s3: smbd: VFS: fake_acl module called get_full_smb_filename() with a stream path, then used the result to call XATTR functions directly.
s3: smbcacls: Ensure we read a hex number as %x, not %u.
s3: libsmbclient: Re-resolving targetcli on every read/write/lseek/ftruncate/close is both incorrect and slow.
s3: smbd: Use separate flag to track become_root()/unbecome_root() state.
s3: smbd: Codenomicon crash in do_smb_load_module().
s3: auth: Add some const to the struct netr_SamInfo3 * arguments of copy_netr_SamInfo3() and make_server_info_info3()
s3: auth: Change make_server_info_info3() to take a const struct netr_SamInfo3 pointer instead of a struct PAC_LOGON_INFO.
s3: auth: Add create_info3_from_pac_logon_info() to create a new info3 and merge resource group SIDs into it.
s3: auth: Change auth3_generate_session_info_pac() to use a copy of the info3 struct from the struct PAC_LOGON_INFO.
s3: auth: Fix winbindd_pam_auth_pac_send() to create a new info3 and merge in resource groups from a trusted PAC.
winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC.
lib: replace: Add strsep function (missing on Solaris).
lib: replace: Add strsep function (missing on Solaris).
s3: winbindd: Fix TALLOC_FREE of uninitialized groups variable.
s3: smbd: Fix mkdir race condition.
s4: torture: Test mkdir race condition.
s3: smbclient: Move cmd_setmode out of clitar.c and back into client.c
s3: smbd: Remove unused parameter from build_stream_path().
s3: smbd: Fix opening/creating :stream files on the root share directory.
s3: tests: smbclient test to ensure we can create and see a :foobar stream on the top level directory in a share.
s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bug #11522).
smbd: Fix file name buflen and padding in notify repsonse
s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows.
lib: cli: Add accessor function smb2cli_tcon_flags() to get tcon flags.
s4: torture: Add SMB2 access-based enumeration test. Passes against Win2k12R2.
s3: lsa: lookup_name() logic for unqualified (no DOMAIN\ component) names is incorrect.
s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute type of zero
s3-torture: Add WILDDELETE test to smbtorture3 to test old wildcard delete with zero attribute
s3-torture: Remove (incorrect) samba3-specific behavior in samba3.raw.unlink now the server is correct
auth: gensec: Parameters out_mem_ctx and ev are passed in the wrong order to gensec_spnego_server_try_fallback().
lib: util: Make non-critical message a warning.
s3: smbd: If EA's are turned off on a share don't allow an SMB2 create containing them.
s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle.
CVE-2015-3223: lib: ldb: Cope with canonicalise_fn returning string "", length 0.
CVE-2015-3223: lib: ldb: Use memmem binary search, not strstr text search.
CVE-2015-5252: s3: smbd: Fix symlink verification (file access outside the share).
CVE-2015-5299: s3-shadow-copy2: fix missing access check on snapdir
lib/param: add a fixed unified lpcfg_string_{free,set,set_upper}() infrastructure
s3: libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections.
s3: smbd: Fix timestamp rounding inside SMB2 create.
s3: smbd: Fix timestamp rounding inside SMB2 create.
s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support.
s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support.
CVE-2015-7560: s3: smbd: Add refuse_symlink() function that can be used to prevent operations on a symlink.
CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX file handle on a symlink.
CVE-2015-7560: s3: smbd: Refuse to set an ACL from a POSIX file handle on a symlink.
CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a symlink.
CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a symlink.
CVE-2015-7560: s3: smbd: Set return values early, allows removal of code duplication.
CVE-2015-7560: s3: smbd: Silently return no EA's available on a symlink.
CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink.
CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX() functions to cli_posix_getacl() as they operate on pathnames.
CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX cli_posix_setacl() functions. Needed for tests.
CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL test.
CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA test.
lib: tevent: Fix memory leak reported by Pavel Březina <pbrezina at redhat.com> when old signal action restored.
CVE-2015-7560: s3: smbd: Add refuse_symlink() function that can be used to prevent operations on a symlink.
CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX file handle on a symlink.
CVE-2015-7560: s3: smbd: Refuse to set an ACL from a POSIX file handle on a symlink.
CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a symlink.
CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a symlink.
CVE-2015-7560: s3: smbd: Set return values early, allows removal of code duplication.
CVE-2015-7560: s3: smbd: Silently return no EA's available on a symlink.
CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink.
CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX() functions to cli_posix_getacl() as they operate on pathnames.
CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX cli_posix_setacl() functions. Needed for tests.
CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL test.
CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA test.
s3: smbclient: asn1_extract_blob() stops further asn1 processing by setting has_error.
CVE-2015-5370: s3:rpc_server: ensure that the message ordering doesn't violate the spec
CVE-2015-5370: s3:rpc_server: ensure that the message ordering doesn't violate the spec
s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1.
s3: auth: Move the declaration of struct dom_sid tmp_sid to function level scope.
lib: Fix uninitialized read in msghdr_copy
s3: krb5: keytab - The done label can be jumped to with context == NULL.
s3: smbd: Remove unused 'req' argument from setup_readX_header()
s3: smbd: Make setup_readX_header() externally accessible
s3: smbd: Use common function setup_readX_header() in aio read code.
s3: smbd: In reply_read_and_X() SMB1 server is overwriting part of the 'reserved' zero fields with reply data length.
s4: torture: Added raw readX test to ensure 'reserved' fields are zero.
s4: dns: Correctly check for talloc failure.
s3: libsmb: Correctly trim a trailing \\ character in cli_smb2_create_fnum_send() when passing a pathname to SMB2 create.
s4: ldb: Ignore case of "range" in sscanf as we've already checked for its presence.
s3: smbd: Change lp_set_posix_pathnames() to take a newval parameter and return the old one.
s3: smbd: Fix delete operations enumerating streams inside a file. This must always be done as a Windows operation.
s3: libsmb: Protect cli_connect_nb_send() from being passed a NULL hostname and dest_ss.
libgpo: Correctly use the 'server' parameter after parsing it out of the GPO path.
smbd: oplock: Fixup debug messages inside remove_oplock().
smbd: oplock: Factor out internals of remove_oplock() into new remove_oplock_under_lock().
s3: oplock: Fix race condition when closing an oplocked file.
lib/poll_funcs: free contexts in poll_funcs_state_destructor()
lib: poll_funcs : poll_funcs_context_slot_find can select the wrong slot to replace.
s3: winbind: Make WBC_AUTH_USER_LEVEL_PAC prime the name2sid cache.
s3: auth: Use wbcAuthenticateUserEx to prime the caches.
s3: winbind: refresh_sequence_number is only ever called with 'false'.
s3: winbind: Trust name2sid mappings from the PAC.
s3: winbind: Ensure we store name2sid with the correct cache sequence number.
s3: nmbd: Add fd, triggered elements to struct socket_attributes.
s3: nmbd: Ensure attrs array mirrors fd's array for dns.
s3: nmbd: Now attrs array mirrors fd's array use it in preference.
s3: nmbd: Add (currently unused) timeout and fd handlers.
s3: nmbd: Add a talloc_stackframe().
s3: nmbd: Change over to using tevent functions from direct poll.
s3: nmbd: Final changeover to stock tevent for nmbd.
s3: winbind: Remove dump_event_list() calls.
s3: server: s3_tevent_context_init() -> samba_tevent_context_init()
s3: events. Move events.c to util_event.c
s3: cldap: cldap_multi_netlogon_send() fails with one bad IPv6 address.
lib: Fix bug 12291
s3: smbd: Create wrapper function for OpenDir in preparation for making robust.
s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed.
s3: smbd: Create and use open_dir_safely(). Use from OpenDir().
s3: smbd: OpenDir_fsp() use early returns.
s3: smbd: OpenDir_fsp() - Fix memory leak on error.
s3: smbd: Move the reference counting and destructor setup to just before retuning success.
s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system.
s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing.
s3: smbd: Move special handling of symlink errno's into a utility function.
s3: smbd: Add the core functions to prevent symlink open races.
s3: smbd: Use the new non_widelink_open() function.
CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from writing server memory to file.
s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown.
s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746
Jeroen Dekkers (10):
Reorder calls to dh_installinit so nmbd and smbd init scripts are installed before the samba init script
Call dh_installinit reload-smbd with --noscripts
Add so version to the private libraries so dpkg-shlibdeps works
Drop patch 01_no_private_lib_suffix
Merge branch 'samba_4.0' into samba_4.0_integration
Drop 10_messaging_subsystem patch
Remove lintian overrides of binary packages that have been dropped
Remove leftover debian/samba-tools.manpages
Add patch to not install smbclient4 and nmblookup4 and remove
ldb: Do not build libldb-cmdline when using system ldb.
Jorge Schrauwen (1):
configure: Don't check for inotify on illumos
Jose A. Rivera (6):
Minor typo fix in source3/wscript.
Fix an empty if statement.
vfs_glusterfs: Remove "integer fd" code and store the glfs pointers.
s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file.
s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file.
ctdb-scripts: Avoid dividing by zero in memory calculation
Julien Kerihuel (2):
s4:rpc_server: Add multiplex state to dcerpc flags and control over multiplex PFC flag in bind_ack and and dcesrv_alter replies
Add DCERPC flag to call unbind hooks without destroying the connection itself upon termination of a connection with outstanding pending calls.
Justin Maggard (5):
winbind3: Fix pwent variable substitution
s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup.
s3-passdb: Respect LOOKUP_NAME_GROUP flag in sid lookup.
s3:smbd: rework negprot remote arch detection
s3:smbd: add negprot remote arch detection for OSX
Jérémie Courrèges-Anglas (1):
Provide fallback code for non-portable clearenv(3)
Kai Blin (4):
bug #10471: Don't respond with NXDOMAIN to records that exist with another type
dns: Extend tests for records with another type
bug #10609: CVE-2014-0239 Don't reply to replies
provision: Correctly provision the SOA record minimum TTL
Kamen Mazdrashki (9):
lib-pyldb: Avoid SEGFAULT in case we can't convert passed value to py_String
lib-pyldb: Avoid leaking memory in error cases
lib-pyldb: Throw exception when we can't create MessageElement object
lib-ldb: Check for input parameter when searching attributes by name
lib-ldb_ldif: Stop processing if ldb_message element name is NULL
lib-pyldb: Avoid crash when copying MessageElements between Python Message objects
lib-ldb-test: Test copying message element from a message to a new message
lib-pyldb: Fix docstring for msg.add() method - it was "S.append()"
lib-pyldb: Block elements should be surrounded by {} in py_msg.setitem()
Karolin Seeger (193):
VERSION: Set version to 4.1.0rc1-GITSNAPSHOT.
WHATSNEW: Start release notes for Samba 4.1.0rc1.
WHATSNEW: Some updates.
VERSION: Disable git snapshots for the 4.1.0rc1 release.
VERSION: Bump version number up to 4.1.0rc2...
WHATSNEW: Add release notes for Samba 4.1.0rc2.
VERSION: Disable git snapshots for the 4.1.0rc2 release.
VERSION: Bump version number up to 4.1.0rc3...
docs: Add man page for vfs_linux_xfs_sgid.
docs: Add basic man page for vfs_syncops.
docs: Add man vfs_syncops.8 to waf build.
docs: Fix variable list in man vfs_crossrename.
ntdb.3.xml: Bump version up to 4.1.
ntdbbackup.8.xml: Bump version up to 4.1.
ntdbdump.8.xml: Bump version up to 4.1.
ntdbrestore.8.xml: Bump version up to 4.1.
ntdbtool.8.xml: Bump version up to 4.1.
docs: Add man samba-regedit.8.
WHATSNEW: Add release notes for Samba 4.1.0rc3.
WHATSNEW: Update changes since 4.1.0rc2.
VERSION: Disable git snapshots for the 4.1.0rc3 release.
WHATSNEW: Update changes since 4.1.0rc2.
VERSION: Disable git snapshots for the 4.1.0rc3 release.
VERSION: Bump version number up to 4.1.0...
WHATSNEW: Start to add changes since 4.1.0rc3.
docs: Fix typos.
VERSION: Set version to 4.1.0rc4.
WHATSNEW: Add changes since 4.1.0rc3.
WHATSNEW: Update changes since rc3.
VERSION: Disable git snapshots for the 4.1.0rc4 release.
VERSION: Bump version up to 4.1.0rc5...
VERSION: Disable git snapshots for the 4.1.0rc4 release.
WHATSNEW: Add release notes for Samba 4.1.0.
VERSION: Bump version number up to 4.1.0...
VERSION: Bump version number up to 4.1.1...
WHATSNEW: Add release notes for Samba 4.1.1.
VERSION: Disable git snapshots for the 4.1.1 release.
Merge tag 'samba-4.1.1' into v4-1-test
VERSION: Bump version number up to 4.1.2...
WHATSNEW: Add release notes for Samba 4.1.2.
VERSION: Disable git snapshots for the 4.1.2 release.
VERSION: Bump version number up to 4.1.3...
VERSION: Bump version number up to 4.1.3...
WHATSNEW: Add release notes for Samba 4.1.3.
VERSION: Disable git snapshots for the 4.1.3 release.
Merge tag 'samba-4.1.3' into v4-1-test
VERSION: Bump version up to 4.1.4.
WHATSNEW: Add release notes for Samba 4.1.4.
VERSION: Bump version number up to 4.1.5...
VERSION: Disable git snapshots for the 4.1.4 release.
docs: Fix typos in vfs_shadow_copy2.8.xml.
WHATSNEW: Add release notes for Samba 4.1.5.
VERSION: Disable git snapshots for the 4.1.5 release.
VERSION: Bump version number up to 4.1.6...
VERSION: Bump version number up to 4.1.6...
WHATSNEW: Add release notes for Samba 4.1.6.
VERSION: Disable git snapshots for the 4.1.6 release.
WHATSNEW: Add release notes for Samba 4.1.6.
VERSION: Disable git snapshots for the 4.1.6 release.
VERSION: Bump version number up to 4.1.7.
WHATSNEW: Add release notes for Samba 4.1.7.
VERSION: Bump version number up to 4.1.8...
WHATSNEW: Add release notes for Samba 4.1.8.
VERSION: Disable git snapshots for the 4.1.8 release.
VERSION: Bump version number up to 4.1.9...
VERSION: Bump version number up to 4.1.9...
WHATSNEW: Add release notes for Samba 4.1.9.
VERSION: Disable git snapshot for the 4.1.8 release.
VERSION: Disable git snapshot for the 4.1.9 release.
Merge tag 'samba-4.1.9' into v4-1-test
VERSION: Bump version up to 4.1.10.
WHATSNEW: Add release notes for Samba 4.1.10.
VERSION: Disable git snapshots for the 4.1.10 release.
VERSION: Bump version number up to 4.1.11...
Merge tag 'samba-4.1.9' into v4-1-stable
Merge commit 'origin/v4-1-test^' into v4-1-stable
VERSION: Bump version number up to 4.1.11...
WHATSNEW: Add release notes for Samba 4.1.11.
VERSION: Disable git snapshots for the 4.1.11 release.
WHATSNEW: Add release notes for Samba 4.1.11.
VERSION: Disable git snapshots for the 4.1.11 release.
VERSION: Bump version up to 4.1.12.
WHATSNEW: Add release notes for Samba 4.1.12.
VERSION: Bump version up to 4.1.13...
Merge tag 'samba-4.1.11' into v4-1-test
WHATSNEW: Fix typo.
WHATSNEW: Fix typos.
WHATSNEW: Fix typo.
WHATSNEW: Add release notes for Samba 4.2.0rc2.
VERSION: Set version to 4.2.0rc2...
VERSION: Set version to 4.2.0rc3...
WHATSNEW: Remove double entry.
WHATSNEW: Remove double entry.
WHATSNEW: Add release notes for Samba 4.1.13.
VERSION: Disable git snapshots for the 4.1.13 release.
VERSION: Bump version up to 4.1.14...
WHATSNEW: Add release notes for Samba 4.1.14.
VERSION: Disable git snapshots for the 4.1.14 release.
VERSION: Bump version up to 4.1.15...
WHATSNEW: Add release notes for Samba 4.2.0rc3.
VERSION: Disable git snapshots for the 4.2.0rc3 release.
VERSION: Bump version up to 4.2.0rc4 and...
WHATSNEW: Add release notes for Samba 4.1.15.
VERSION: Disable git snapshots for the 4.1.15 release.
VERSION: Bump version up to 4.1.16...
VERSION: Bump version up to 4.1.16...
WHATSNEW: Add release notes for Samba 4.1.16.
VERSION: Disable git snapshots for the 4.1.16 release.
Merge tag 'samba-4.1.16' into v4-1-test
VERSION: Bump version up to 4.1.17.
WHATSNEW: Add release notes for Samba 4.2.0rc4.
VERSION: Disable git snapshots for the 4.2.0rc4 release.
VERSION: Re-enable git snapshots...
Revert "dsdb: Add tokenGroupsGlobalAndUniversal, tokenGroups, tokenGroupsNoGCAcceptable"
VERSION: Bump version up to 4.1.17.
VERSION: Re-enable git snapshots.
WHATSNEW: Add release notes for Samba 4.1.17.
VERSION: Disable git snapshots for the 4.1.17 release.
WHATSNEW: Add release notes for Samba 4.1.17.
VERSION: Disable git snapshots for the 4.1.17 release.
VERSION: Bump version up to 4.1.18.
WHATSNEW: Add release notes for Samba 4.2.0rc5.
VERSION: Disable git snapshots for the 4.2.0rc5 release.
VERSION: Bump version up to 4.2.0...
WHATSNEW: Add release notes for Samba 4.2.0.
VERSION: Disable git snapshot for the 4.2.0 release.
VERSION: Bump version up to 4.2.1...
WHATSNEW: Add release notes for Samba 4.2.1.
VERSION: Disable git snapshot for the 4.2.1 release.
WHATSNEW: Add release notes for Samba 4.1.18.
VERSION: Bump version up to 4.1.19...
WHATSNEW: Add release notes for Samba 4.1.19.
VERSION: Disable git snapshots for the 4.1.19 release.
VERSION: Bump version up to 4.1.20...
WHATSNEW: Add release notes for Samba 4.1.20.
VERSION: Disable git snapshots for the 4.1.20 release.
WHATSNEW: Add release notes for Samba 4.3.1.
VERSION: Disable git snapshot for the 4.3.1 release.
VERSION: Bump version up to 4.3.2...
WHATSNEW: Add release notes for Samba 4.3.2.
VERSION: Disable git snapshot for the 4.3.2 release.
VERSION: Bump version up to 4.3.3...
docs: Fix some typos in the idmap backend section.
WHATSNEW: Add release notes for Samba 4.3.3.
VERSION: Disable git snapshots for the 4.3.3 release.
Fix bug #11394 - Crash: Bad talloc magic value - access after free
Merge tag 'samba-4.3.3' into v4-3-test
VERSION: Bump version up to 4.3.4...
docs: Fix typos in man vfs_gpfs.
Revert "Fix bug #11394 - Crash: Bad talloc magic value - access after free"
WHATSNEW: Add release notes for Samba 4.3.4.
VERSION: Disable git snapshots for the 4.3.4 release.
VERSION: Bump version up to 4.3.5...
WHATSNEW: Add release notes for Samba 4.4.0rc2.
VERSION: Disable git snapshots for the Samba 4.4.0rc2 release.
VERSION: Bump version up to 4.4.0rc3...
WHATSNEW: Add release notes for Samba 4.3.5.
VERSION: Disable git snapshots for the 4.3.5 release.
script/release.sh: improve error messages if the tag verification fails
script/release.sh: generate announce.${tagname}.patch.txt in announcement_samba_rc()
WHATSNEW: Add release notes for Samba 4.4.0rc3.
VERSION: Disable git snapshots for the Samba 4.4.0rc3 release.
VERSION: Bump version up to 4.4.0rc4...
VERSION: Bump version up to 4.3.6...
WHATSNEW: Add release notes for Samba 4.3.6.
VERSION: Disable git snapshots for the 4.3.6 release.
WHATSNEW: Add release notes for Samba 4.4.0rc4.
VERSION: Disable git snapshots for the Samba 4.4.0rc4 release.
VERSION: Bump version up to 4.4.0rc5...
WHATSNEW: Add release notes for Samba 4.4.0rc5.
VERSION: Disable git snapshots for the Samba 4.4.0rc5 release.
VERSION: Bump version up to 4.4.0rc6...
WHATSNEW: Add release notes for Samba 4.4.0.
VERSION: Bump version up to 4.0.1...
VERSION: Set version to 4.4.0...
WHATSNEW: Start release notes for Samba 4.4.3.
WHATSNEW: Udpate release notes.
WHATSNEW: Add date.
VERSION: Disable git snapshots for the 4.4.3 release.
VERSION: Bump version up to 4.4.4...
WHATSNEW: Add release notes for Samba 4.4.4.
VERSION: Disable git snapshots for the 4.4.4 release.
VERSION: Bump version up to 4.4.5...
VERSION: Bump version up to 4.4.5...
WHATSNEW: Add release notes for Samba 4.4.5.
VERSION: Disable git snapshots for the 4.4.5 release.
Merge tag 'samba-4.4.5' into v4-4-test
WHATSNEW: Add release notes for Samba 4.4.6.
VERSION: Disable git snapshots for the 4.4.6 release.
VERSION: VERSION: Bump version up to 4.4.7...
Revert "script/release.sh: use 8 byte gpg key ids"
WHATSNEW: Add release notes for Samba 4.4.7.
VERSION: Disable git snapshots for the 4.4.7 release.
Korobkin (1):
Raise the level of a debug.
Lorinczy Zsigmond (1):
lib: replace: snprintf - Fix length calculation for hex/octal 64-bit values.
Luca Olivetti (1):
pdb: Fix segfault in pdb_ldap for missing gecos
Luk Claes (3):
s3/libsmb: Use smbXcli_conn_use_unicode instead of smb1 specific test
libcli/smb: Introduce smbXcli_conn_dfs_supported
s3/libsmb: Use smbXcli_conn_dfs_supported instead of test on CAP_DFS
Lukas Slebodnik (1):
talloc: Update flags in pytalloc-util pkgconfig file
Marc Muehlfeld (8):
docs: Fix typos in smb.conf (inherit acls)
WHATSNEW: Added information about the VFS WORM module that is
samba-tool group add: Add option --nis-domain and --gid
Added note about the support end of Samba 3 to WHATSNEW.TXT
samba-tool: Create NIS enabled users and unixHomeDirectory attribute
Add link to the Samba User Survey 2015 to WHATSNEW.txt
Changing log level of two entries to DBG_NOTICE
man: Wrong option for parameter ldap ssl in smb.conf man page
Martin Schwenke (88):
lib/util: Clean up includes for blocking.c
lib/util: Clean up includes for xfile.[ch]
lib/util: Clean up includes for data_blob.[ch]
lib/util: Clean up includes for time.[ch]
lib/util: Clean up includes for signal.c
lib/util: Replace an SMB_ASSERT()
lib/util: Clean up includes for substitute.c
lib/util: Clean up includes for fault.c
lib/util: Clean up includes for util.c
lib/util: Factor out subsystem samba-util-core from samba-util
lib/util: Use charset_compat.h if SAMBA_UTIL_CORE_ONLY
ctdb-logging: Remove log ringbuffer
ctdb-tests: Make the fake log timestamp string easy to modify
ctdb-logging: Change LogLevel to DEBUGLEVEL
ctdb-logging: Update to use Samba style debug.h/debug.c
ctdb-build: Move generation of ctdb_version.h earlier
ctdb-build: Add generation of Samba-style version.h
ctdb-build: Change from ctdb-util to samba-util
ctdb-build: Fix handling of public headers
ctdb-build: Rename define BINDIR to CTDB_HELPER_BINDIR
ctdb-build: Make some steps conditional on standalone build
build: Hook CTDB into top level build using --with-cluster-support
ctdb-logging: Add missing newline when logging to file
WHATSNEW: CTDB integrated build
ctdb-tools: Produce machine readable output with new function printm()
ctdb-tools: Add -x option to specify delimiter for machine readable output
ctdb-tools: Add -X option for machine parsable output with separator '|'
ctdb-scripts: Update eventscripts to use ctdb -X instead of ctdb -Y
ctdb-tools: Update onnode and ctdb-diagnostics to use ctdb -X
ctdb-tests: Update integration tests to use ctdb -X
ctdb-tool: Fix "ctdb -Y ifaces" output to have trailing delimiters
ctdb-doc: Update examples to use ctdb -X
ctdb-utils: Update Nagios code to use ctdb -X
ctdb-scripts: Add IPv6 addresses support in ip_maskbits_iface()
ctdb-scripts: New functions ip6tables() and iptables_wrapper()
ctdb-scripts: Make 10.interface IPv6-safe
ctdb-daemon: Trust vnn->interface for an IP when releasing it
ctdb-scripts: Wait until IPv6 addresses are not "tentative"
ctdb-tools: Bracket IP addresses in onnode (for IPv6)
ctdb-tests: Extend regexp to match IPv6 addresses
ctdb-tests: Try to handle IPv6 addresses for local daemons
ctdb-tests: Bracket IP addresses in NFS mounts and scp command (for IPv6)
ctdb-tests: Extend regexps to handle IPv6 address matching
ctdb-tests: Use ping_wrapper to do relevant ping or ping6
ctdb-tests: Match IPv6 connections in netstat output
ctdb-tests: Generalise the gratarp and tickle sniffing code for IPv6
ctdb-tests: Use ip neigh command instead of arp
ctdb-tests: Make tcpdump output more verbose
ctdb-tests: More debug on SSH failure
ctdb-daemon: Gratuitous ARP equivalent for IPv6 is neighbor advertisement
ctdb-tests: Need to drop public IPs in kill-failover tests
tdb: Fix broken build with --disable-python
WHATSNEW: Document CTDB logging and NFS changes
ctdb-daemon: Check if updates are in flight when releasing all IPs
ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."
ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."
ctdb: Install helpers under libexecdir
ctdb-packaging: Move ctdb tests to libexec directory
ctdb-daemon: Fix CID 1364527/8/9: Null pointer dereferences (NULL_RETURNS)
ctdb-common: Fix CID 1125553 Buffer not null terminated (BUFFER_SIZE_WARNING)
ctdb-common: Consistently use strlcpy() on interface names
ctdb-utils: Fix CID 1297451 Explicit null dereferenced (FORWARD_NULL)
ctdb-daemon: Fix CID 1363233 Resource leak (RESOURCE_LEAK)
ctdb-daemon: Fix CID 1363067 Resource leak (RESOURCE_LEAK)
ctdb-common: Fix CID 1125581 Dereference after null check (FORWARD_NULL)
ctdb-common: Fix CID 1125583 Dereference after null check (FORWARD_NULL)
ctdb-common: Fix CID 1125585 Dereference after null check (FORWARD_NULL)
ctdb-daemon: Fix CID 1125627 Resource leak (RESOURCE_LEAK)
ctdb-daemon: Try to release IP address even if interface is unknown
ctdb-daemon: Do not update the VNN state on RELEASE_IP failure
ctdb-daemon: Do not copy address for RELEASE_IP message
ctdb-daemon: Factor out new function release_ip_post()
ctdb-daemon: Use release_ip_post() when releasing all IP addresses
ctdb-daemon: Rename takeover_callback_state -> release_ip_callback_state
ctdb-daemon: When releasing an IP, update PNN in callback
ctdb-daemon: Schedule running of callback if there are no event scripts
ctdb-daemon: Handle failure immediately, do housekeeping later
ctdb-daemon: Don't steal control structure before synchronous reply
ctdb-packaging: Fix systemd network dependency
ctdb-ipalloc: Use a cumulative timeout for takeover run stages
ctdb-ipalloc: Fix cumulative takeover timeout
ctdb-daemon: Use PID file abstraction
ctdb-daemon: Bind to Unix domain socket after PID file creation
ctdb-daemon: Don't try to reopen TDB files
ctdb-daemon: Drop attempt to connect to Unix domain socket
ctdb-daemon: Log when removing stale Unix domain socket
ctdb-scripts: ctdbd_wrapper should never remove the PID file
ctdb-scripts: Fix incorrect variable reference
Mathieu Parent (195):
Fix socketpath parsing
Fix CTDB build with PMDA
Merge ctdb source package
ctdb-dbg needs python
libctdb-dev has been dropped
Renamed ctdb-dbg to ctdb-tests
Changelog for previous commits
Fix privacy breach on google.com from documentation
Fix CTDB behavior since CVE-2015-8543 (Closes: #813406)
Release 2:4.3.3+dfsg-2
Fix FTBFS when built with dpkg-buildpackage -A (Closes: #818146)
Changelog for previous commit
Drop samba from winbind depends and use samba-common* instead (Closes: #732604)
Changelog for previous commit
Add an override to script-not-executable etc/ctdb/events.d/10.external
Add ufw integration
Changelog for previous commits
Don't build ctdb twice
Changelog for previous commit
Patch waf_smbpasswd_location submitted
usershare.patch: Fix "usershare max shares" default in XML doc and in s4
Run quicktest during build
Drop no_build_options.patch as it breaks "make test"
Remove unreproducible build environment
Changelog for previous commits and release 2:4.4.3+dfsg-2
Enable LFS via LFS_LDFLAGS and LFS_CFLAGS
Changelog for previous commits and release 2:4.4.3+dfsg-2
Use DPKG_EXPORT_BUILDFLAGS
Revert "Use DPKG_EXPORT_BUILDFLAGS"
Revert "Changelog for previous commits and release 2:4.4.3+dfsg-2"
Revert "Enable LFS via LFS_LDFLAGS and LFS_CFLAGS"
Skip raw.write tests for now as they fail on 32-bit
Changelog for previous commits and release 2:4.4.3+dfsg-3
Fix build with DEB_BUILD_OPTIONS=nocheck
Still run "make quicktest" but ignore failures
Changelog for previous commits and release 2:4.4.3+dfsg-4
d/control: Drop XS-Testsuite field
Drop "Priority: optional" fields, this is redundant
Drop "Section: net" fields, this is redundant
Use secure Vcs-* URLs
Fix copyright file
Ensure that dpkg-buildflags are passed, and enable all hardening
Enable systemd (sd_notify) on Linux, and install systemd files
samba: command-with-path-in-maintainer-script postinst:37 /usr/sbin/update-inetd
samba-common-bin: package-contains-empty-directory usr/lib/samba/
winbind: package-contains-empty-directory usr/lib/samba/nss_info/
Describe non-standard-dir-perm var/spool/samba/
Fix systemd unit files
Changelog for previous commits
Ensure systemd dependencies are correct
Add Description to init files
systemd: syslog.target is obsolete
Add documentation to systemd Unit files
Add patches related to systemd
Drop fix-cluster-build.diff: no more needed
Changelog for previous commits
Describe no_build_system.patch
Improve .init descriptions
Remove README.build-upstream, as packaging/Debian/ is now empty
Update README.source and remove build-orig.sh
Verify upstream tarball from uscan
Changelog for previous commits
Merge tag 'samba-4.4.4' into upstream_4.4
Update README.source to keep upstream history
Imported Upstream version 4.4.4+dfsg
Merge tag 'upstream/4.4.4+dfsg'
README.source fixup
Update d/changelog
Release 2:4.4.4+dfsg-1
Improve debian/README.source
Mask samba-ad-dc.service unless needed (Closes: #828137)
Fix kill path (Closes: #828730)
Changelog for previous commits and release 2:4.4.4+dfsg-2
Remove /etc/systemd/system/samba-ad-dc.service (from postinst) on purge (Closes: #832352)
Fix PIDFile in systemd service files. Closes: #830909
ctdb: Remove script-not-executable overrides
Remove unused lintian overrides
Use automatic debug packages (-dbgsym) (Closes: #819776)
Changelog for previous commits
Remove Christian Perrier from uploaders (Closes: #836715)
Changelog for previous commit
Update Turkish translation. Thanks Atila KOÇ. Closes: #791903
Don't use strict dependency for libwbclient0 to samba-libs to avoid circular dependency
Release 2:4.4.5+dfsg-3 and changelog for previous commit
Update d/watch and d/gbp.conf to track 4.5.x
Updated version 4.5.0+dfsg from 'upstream/4.5.0+dfsg'
Clean up and reapply patches
Changelog for previous commits
Refresh patches with quilt
Bump lib{ldb,talloc,tdb,tevent}-dev and python-talloc-dev to bundled versions
Changelog for bumped deps
Use epoch in samba-vfs-modules Breaks and Replaces (Closes: #833164)
Only fix PIDFile in {nmbd,samba-ad-dc,smbd,winbind}.service (i.e. not ctdb.service) Closes: #838000
logrotate: Only reload smbd when needed. Thanks Roland Hieber. Closes: #838796
Changelog for previous commits
New upstream version 4.4.6+dfsg
Updated version 4.4.6+dfsg from 'upstream/4.4.6+dfsg'
Re-apply patches, gcc_6.patch applied upstream
Move ctdb tests (upstream ef3697f)
Remove tevent-unix-util public library (Upstream 4f28e53 and f41a550)
Remove libntvfs.so.* (Upstream 84f54ce)
Release 2:4.4.6+dfsg-1
Remove uses of tevent internals. This fixes segfault (Closes: #840382, #840298)
Release 2:4.4.6+dfsg-2
Use epoch in samba-vfs-modules Breaks and Replaces (Closes: #833164)
Only fix PIDFile in {nmbd,samba-ad-dc,smbd,winbind}.service (i.e. not ctdb.service) Closes: #838000
logrotate: Only reload smbd when needed. Thanks Roland Hieber. Closes: #838796
Move ctdb tests (upstream ef3697f)
Remove tevent-unix-util public library (Upstream 4f28e53 and f41a550)
Remove libntvfs.so.* (Upstream 84f54ce)
Merge sid changelog
Remove uses of tevent internals. This fixes segfault (Closes: #840382, #840298)
patch for https://bugzilla.samba.org/show_bug.cgi?id=12045
ctdb/wscript: Call CHECK_XSLTPROC_MANPAGES() before checking XSLTPROC_MANPAGES
Add new files
Update debian/ctdb.docs
/etc/default/ctdb is now /etc/ctdb/ctdbd.conf
/etc/default/ctdb is now /etc/ctdb/ctdbd.conf (fix)
Update to libwbclient0.symbols
Update samba-libs.lintian-overrides (libtevent-unix-util0 removed)
Depends: lsb-base (>= 3.0-6), for ctdb and winbind as they source /lib/lsb/init-functions
Release 2:4.5.0+dfsg-1
New upstream version 4.4.7+dfsg
Merge tag 'upstream/4.4.7+dfsg'
New upstream release
Remove bug_12283_segfault_tevent_internals.patch: included
gbp.conf: We are on experimental
Updated version 4.5.1+dfsg from 'upstream/4.5.1+dfsg'
Refresh patches
Changelog for previous commits
CTDB: Fix samba eventscript
nmbd requires a working network (Closes: #698056, #842056, #840608, LP: #1635491)
Release 2:4.4.7+dfsg-1
Be more verbose about masking samba-ad-dc.service (Closes: #841147)
Re-release 2:4.4.7+dfsg-1
CTDB: Fix samba eventscript
nmbd requires a working network (Closes: #698056, #842056, #840608, LP: #1635491)
Be more verbose about masking samba-ad-dc.service (Closes: #841147)
Remove Fix_parallel_build.patch, not working
Changelog for previous commits and release 2:4.5.1+dfsg-1
Really remove Fix_parallel_build.patch
Really remove bug_12283_segfault_tevent_internals.patch
Re-release
Adding libdsdb-garbage-collect-tombstones.so.0 to samba-libs.install
Re-release 2:4.5.1+dfsg-1
Fix d/changelog line too long
Merge branch experimental into master, with resulting tree equal to experimental
Upload 2:4.5.1+dfsg-2 to unstable
Update gbp.conf with debian-branch = master
Merge tag 'upstream/4.5.2+dfsg'
Changelog for previous commits
CTDB-Fix-samba-eventscript.patch: merged
/usr/share/ctdb-tests is now /usr/share/ctdb/tests
Release 2:4.5.2+dfsg-1
Add security-2016-12-19.patch
Release 2:4.5.2+dfsg-2
Merge tag 'upstream/4.5.4+dfsg'
Update patches and initial changelog
missing-build-dependency-for-dh_-command dh_python2 => dh-python
Release 2:4.5.4+dfsg-1
Fix 'winbindd privileged socket directory' (Closes: #754339)
Changelog for previous commit
logrotate: Use delaycompress on all logs (Closes: #702201)
Changelog for previous commit
Merge tag 'upstream/4.5.5+dfsg'
Release 2:4.5.5+dfsg-1
Fix typo in smbd.service and winbind.service (s/nmb.service/nmbd.service) (Closes: #857232)
Merge tag 'upstream/4.5.6+dfsg'
Release 2:4.5.6+dfsg-1
Patch for CVE-2017-2619
Release 2:4.5.6+dfsg-2
Add additional changes required for the CVE-2017-2619 fix
Re-release 2:4.5.6+dfsg-2
Merge tag 'upstream/4.5.8+dfsg'
Release 2:4.5.8+dfsg-1
CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside ; and release 2:4.5.8+dfsg-2
Patch for "CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation" (Closes: #868209)
Release 2:4.5.8+dfsg-2+deb9u1
gbp.conf: change debian-branch to stretch, and merge-mode to merge
Merge tag 'upstream/4.5.12+dfsg' into stretch
Remove CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch and CVE-2017-7494.patch, merged
Properly quote subshell invocation in samba-common.preinst (Closes: #771689)
Fix typo s/DESTIDR/DESTDIR/ in d/rules
sysv: Use --pidfile in addition to --exec to avoid matching daemons in containers (Closes: #810794)
Fix libpam-winbind.prerm to be multiarch-safe (Closes: #647430)
Add missing logrotate for /var/log/samba/log.samba (Closes: #803924)
Fix outdated DNS Root servers (Closes: #865406)
Fix logrotate for /var/log/samba/log.samba to send SIGHUP to all processes of the service (systemd only)
Release 2:4.5.12+dfsg-1
Fix samba.logrotate (Thanks Thomas A. Reim)
Re-release 2:4.5.12+dfsg-1
Patches for CVE-2017-12150, CVE-2017-12151 and CVE-2017-12163
Release 2:4.5.12+dfsg-2
Patches for CVE-2017-15275 and CVE-2017-14746
Release 2:4.5.12+dfsg-2+deb9u1
Matt Rogers (2):
s3-keytab: fix keytab array NULL termination.
s3-keytab: fix keytab array NULL termination.
Matthew Newton (8):
Make winbind client library thread-safe by adding context
Use global context for winbindd_request_response
Add wbcContext struct, create and free functions
Add wbcContext to wbcRequestResponse
Add context versions of wbclient functions
Move wbc global variables into global context instead
Update libwbclient version to 0.12
Ensure we always initialise the winbind context
Matthieu Patou (10):
libcli: continue to read from the socket even if the size is 0
drs-crackname: Fix cracknames for the format UNKNOWN when the data is actually a GUID
drs-cracknames: When cracking NT4 names we should just look at netbios for the match
drs-crackname: Fix error code so that we have the same as windows
drs-cracksname: fix problems that prevented to pass our torture tests
pyldb: decrement ref counters on py_results and quiet warnings
librpc-idl: replace int32 by the enumeration as it's the type that we use in union's switch drsuapi_DsGetDCInfoCtrLevels
librpc-idl: change the drsuapi_DsBindInfoCtr so that it match what is on the wire both in NDR32 and NDR64.
librpc/ndr_drsuapi: Allow ndrdump to dump dsinfo52 blobs
ldb: create a cache of known wellknown objects instead of continously searching in the db
Michael Adam (182):
s3:winbind: fail ads_cached_connection_connect() if realm == NULL
client: add missing newlines to error messages for invalid iosize parameter.
loadparm: add new parameter "acl allow execute always"
s3:smbd: ease file server upgrades from 3.6 and earlier with "acl allow execute aways"
docs: document "acl allow execute always"
shadow_copy2: break overly long lines in shadow_copy2_snapshot_to_gmt()
shadow_copy2: add comment header describing shadow_copy2_strip_snapshot()
shadow_copy2: add header comment explaining have_snapdir()
shadow_copy2: add comment block explaining shadow_copy2_find_snapdir()
shadow_copy2: add comment block explaining shadow_copy2_insert_string()
shadow_copy2: add comment block explaining shadow_copy2_convert()
shadow_copy2: add comment explaining the SMB level GMT format pattern
shadow_copy2: introduce config struct and function shadow_copy2_connect()
shadow_copy2: introduce the bool "snapdir_absolute" in the config.
shadow_copy2: disable "snapdir:crossmountpoints" if the snapdir is absolute.
shadow_copy2: re-add the basedir option.
shadow_copy2: introduce "shadow:mountpoint" option
shadow_copy2: add rel_connectpath to config.
shadow_copy2: add snapshot_basepath to the config.
shadow_copy2: log resulting config at the end of shadow_copy2_connect()
shadow_copy2: implement disk_free
shadow_copy2: in the classical case, use configured path in shadow_copy2_find_snapdir()
shadow_copy2: make shadow_copy2_find_snapdir() return const char *
shadow_copy2: shadow_copy2_insert_string(): do not prepend a "/" in absolute mode
shadow_copy2: factor shadow_copy2_posix_gmt_string() out of shadow_copy2_insert_string()
shadow_copy2: introduce shadow_copy2_snapshot_path()
shadow_copy2: add comments explaining decisions in shadow_copy2_strip_snapshot()
shadow_copy2: add some debug to shadow_copy2_strip_snapshot()
shadow_copy2: fix shadow_copy2_strip_snapshot() in the classical case
shadow_copy2: initialize "converted" string to null in shadow_copy2_convert()
shadow_copy2: add some blank lines for visual separation to shadow_copy2_convert()
shadow_copy2: fix shadow_copy2_convert() in the classical case.
shadow_copy2: improve debug in shadow_copy2_convert() in snapdirseverywhere mode
shadow_copy2: use stored mount_point instead of recalculating.
s3:module:shadow_copy2: add my (C)
s3:modules:shadow_copy2: improve headline comment
s3:modules:shadow_copy2: remove redundant documentation comment block
docs: update the manpage of vfs_shadow_copy2
shadow_copy2: revert expensive and unnecessary zero-initialization
shadow_copy2: add a comment explaining why we don't talloc_zero_array().
build: fix ordering problems with lib-provided and internal RPATHs
ldb:build: improve detection of srcdir
s3:idmap: don't log missing range config if range checking not requested
s3:vfs:gpfs: store the winAttrs in the struct_ex when we got them in vfs_gpfs_fstat()
s3:vfs:gpfs: fix flapping offline: always get winAttrs from gpfs for is_offline
s3:vfs:gpfs: Remove all reading uses of stat_ex.vfs_private from vfs_gfs.
s3:vfs:gpfs: remove all writing uses of stat_ex.vfs_private from vfs_gpfs.
s3:vfs:gpfs: remove a block and reduce indentation in gpfs_is_offline()
s3: remove stat_ex.vfs_private completely
build: fix configure to honour --without-dmapi
s3:smbd: fix a race in open code
s3:smbd:open_file: use a more natural check.
regedit: remove an old comment
autobuild: adapt samba-ctdb target does not need a separate ctdb build any more
build: further simplify --with-cluster-support case in configure
build: adapt comments for the clustering choice
autobuild: check whether ctdbd has been installed in the samba-ctdb target
wafsamba: remove unused variable from copy_and_fix_python_path
wafsamba: improve wording in a comment
dynconfig: implement PERL_LIB_INSTALL_DIR.
dynconfig: implement PERL_ARCH_INSTALL_DIR
wafsamba: add samba_perl.py with SAMBA_CHECK_PERL() higher level check.
build: do full SAMBA_CHECK_PERL() check in configure
pidl/wscript: don't check for perl again.
s3:build: don't detect perl in source3/wscript again.
wafsamba: add perl_fixup parameter to INSTALL_FILES
pidl: fix the perl module search path (use lib ...) when installing pidl.
pidl: remove superfluous "use lib ...".
Revert "wafsamba: Fail with error message if perl doesn't provide valid dirs."
Revert "wafsamba: If perl can't provide defaults, define them."
Revert "buildtools: Add perl vendorlib configure option."
Revert "buildtools: Rename perl vendorarch configure option."
swrap: fix build when neither HAVE_STRUCT_IN_PKTINFO nor IP_RECVDSTADDR is defined
swrap: fix discard const warning in swrap_remove_stale()
swrap: fix discard const warning in swrap_bind()
swrap: fix another discard const warning in swrap_bind()
s3:gencache: fix logic in stabilization when deleting a record from stable cache
s3:gencache: simply stabilize() a bit more: remove error from state
s3:gencache: don't use transaction non non-persistent gencache_notrans.tdb
vfs:glusterfs: whitespace fix.
cli_connect_nb_send: don't segfault on host == NULL.
vfs:glusterfs: whitespace fix.
cli_connect_nb_send: don't segfault on host == NULL.
wafsamba: fix ordering problems with lib-provided and internal RPATHs
wafsamba: filter out standard library paths from RPATH and LIBPATH
Revert "waf: added suncc_wrap"
wafsamba: remove commented out code.
doc:man:vfs_glusterfs: remove extra % signs.
doc:man:vfs_glusterfs: improve and update description.
doc:man:vfs_glusterfs: improve the configuration section.
doc:man:vfs_glusterfs: remove extra % signs.
doc:man:vfs_glusterfs: improve and update description.
doc:man:vfs_glusterfs: improve the configuration section.
tevent: version 0.9.23
build:wafadmin: fix use of spaces instead of tabs.
s3-winbind: Fix chached user group lookup of trusted domains.
talloc:build: improve detection of srcdir
s3-winbind: Fix chached user group lookup of trusted domains.
s3:winbind:grent: don't stop group enumeration when a group has no gid
s3:winbind:grent: don't stop group enumeration when a group has no gid
smbd:smb2: fix error code when the header says the request is signed but we don't have a sesseion
docs: overhaul the description of "smb encrypt" to include SMB3 encryption.
Introduce setting "desired" for 'smb encrypt' and 'client/server signing'
smbXsrv: add bools encryption_desired to session and tcon
smbd:smb2: separate between encryption required and enc desired
smbd:smb2: only enable encryption in session if desired
smbd:smb2: only enable encryption in tcon if desired
smbd:smb2: use encryption_desired in send_break
docs:smb.conf: explain effect of new setting 'desired' of smb encrypt
smbd:trans2: treat new SMB_SIGNING_DESIRED in case
ctdb: open the RO tracking db with perms 0600 instead of 0000
doc: fix a typo in the smb.conf manpage, explanation of idmap config
s3:smbd: fix a corner case of the symlink verification
s3:vfs:glusterfs: fix build after quota changes.
lib:socket: fix CID 1350010 - integer OVERFLOW_BEFORE_WIDEN
lib:socket: fix CID 1350009 - illegal memory accesses (BUFFER_SIZE_WARNING)
dlist: remove unneeded type argument from DLIST_ADD_END()
tevent: remove unneeded type argument from DLIST_ADD_END
ldb: remove unneeded type arg from DLIST_ADD_END
dlist: remove unneeded argument from DLIST_DEMOTE()
ldb: remove uneeded type argument from DLIST_DEMOTE()
tevent: remove uneeded type argument from DLIST_DEMOTE()
ldb: remove unneeded argument type from DLIST_CONCATENATE()
tevent: remove unneeded type argument from DLIST_CONCATENATE()
dlist: remove unneeded type argument from DLIST_CONCATENATE()
dlist: remove outdated comment about type argument
tevent: remove outdated comment about type argument in dlist
ldb: remove outdated comment about type argument in dlist
pyldb: eliminate warnings from python api test
torture:smb2: rewrite connect test to use torture_asserts
torture:smb2: rewrite connect test to use torture_asserts for create errors
torture:smb2: fix memory leak in connect test.
torture:smb2: improve torture_comments in connect test
smbXsrv_open: factor fetch-locking of global record into function
smbXsrv_open: factor fetch-locking of local record into function
smbXsrv_tcon: factor fetch-locking of global record into function
smbXsrv_tcon: factor fetch-locking of local record into function
smbXsrv_session: factor fetch-locking of global record into function
smbXsrv_session: factor fetch-locking of local record into function
smbXsrv_client: factor fetch-locking of global record into function
smbd:smb2_creat: remove outdated TODO comments
torture:smb2: skip replay3 if server does not support Multi-Channel
torture:smb2: skip replay5 test if server does not support persistent handles
torture:smb2: fix skip message if share is not CA
dbwrap_util: improve a debug message in dbwrap_delete_action()
dbwrap: add dbwrap_purge[_bystring]
s3:registry: use dbwrap_purge_bystring instead of dbwrap_delete_bystring
netlogon_creds_cli: use dbwrap_purge instead of dbwrap_delete where appropriate
smbd: fix crash in smbXsrv_client_global_remove()
torture:smb2: skip replay4 if server does not support multi-channel
torture:smb2: rename replay1 -> replay-commands
torture:smb2: split rename2 into multiple tests and extend these
torture:smb2:replay: extend CHECK_CREATE_OUT() to know leases
torture:smb2: add smb2.replay.replay-dhv2-lease1
torture:smb2: add smb2.replay.replay-dhv2-lease2
torture:smb2: add smb2.replay.replay-dhv2-lease-oplock
torture:smb2: add smb2.replay.replay-oplock-lease
torture:smb2: add smb2.replay.replay-dhv2-lease3
smbd:smb2: allow the REPLAY_OPERATION flag for SMB3+ requests
librpc:smbXsrv.idl: add flags to smbXsrv_open
smbXsrv:open: maintain a replay cache
smb2:create: create replay cache when request has a create_guid
smbXsrv:open: add smb2srv_open_lookup_replay_cache()
smbXsrv.idl: add create_action to smbXsrv_open
smbd:smb2: implement create replay
smbd:smb2: move op variable into scope of use in smb2_create_send
smbd: enable multi-channel if 'server multi channel support = yes' in the config
WHATSNEW: document the experimental smb3-multi-channel feature
s3:winbindd:idmap: add domain_has_idmap_config() helper function.
idmap_hash: rename be_init() --> idmap_hash_initialize()
idmap_hash: only allow the hash module for default idmap config.
smbd:smb2: add a modify flag to dispatch table
smbd:smb2: add request_counters_updated to the smbd_smb2_request struct
smbd:smb2: implement channel sequence checks and request counters in dispatch
smbd:smb2: update outstanding request counters before sending a reply
smbd:smb2: add some asserts before decrementing the counters
s3:vfs: add 'kernel_share_modes_taken' to files_struct
smbd:close: only remove kernel share modes if they had been taken at open
notifyd: prevent NULL deref segfault in notifyd_peer_destructor
libnet: ignore realm setting for domain security joins to AD domains if 'winbind rpc only = true'
idmap: don't generally forbid id==0 from idmap_unix_id_is_in_range()
idmap: centrally check that unix IDs returned by the idmap backends are in range
Michele Baldessari (1):
Fix typos in man-pages
Nadezhda Ivanova (4):
s4-dsacl: Fixed incorrect handling of privileges in sec_access_check_ds
s4-openldap: Remove use of talloc_reference in ldb_map_outbound.c
s4-dsdb: instanceType NC_HEAD is only allowed combined with WRITE for an originating add operation
s4-samldb: Do not allow deletion of objects with RID < 1000
Nathan Huff (1):
Fix ETIME handling for Solaris event ports.
Niels de Vos (1):
vfs/glusterfs: in case atime is not passed, set it to the current atime
Noel Power (14):
CVE-2012-6150: Fail authentication for single group name which cannot be converted to sid
s3: smbd - smb1 - fix read of deleted memory in reply_writeclose().
btrfs: don't leak opened directory handle
kerberos auth info3 should contain resource group ids available from pac_logon
s3: rpcclient: Prevent null ptr access by returning error if no creds available
s3: winbind: Prevent null ptr access by returning error if no creds available
remove many valgrind errors for base.lock test
fix uninitialised read in process_host_announce
fix writev(vector[...]) points to uninitialised bytes in call_trans2findnext
fix 'Invalid read of size 1' in reply_search
fix writev(vector[...]) points to uninitialised bytes in call_trans2findfirst
libcli: Fix debug message, print sid string for new_ace trustee.
Add a blackbox tests for id & getent to test domain at realm type credentials
s3/winbindd: using default domain with user at domain.com format fails
Partha Sarathi (1):
Fix the smb2_setinfo to handle FS info types and FSQUOTA infolevel
Pavel Reichl (1):
ldb: use of NULL pointer bugfix
Petr Viktorin (1):
Remove use of the "staticforward" macro
Poornima G (6):
vfs_glusterfs: In vfs_gluster_sys_acl_get_file/fd, reduce the number of getxattr calls.
vfs_glusterfs: Change sys_get_acl_file/fd to return ACLs corresponding to mode bits when there are no ACLs set.
vfs_glusterfs: Implement AIO support
vfs_glusterfs: In vfs_gluster_sys_acl_get_file/fd, reduce the number of getxattr calls.
vfs_glusterfs: Change sys_get_acl_file/fd to return ACLs corresponding to mode bits when there are no ACLs set.
vfs_glusterfs: Implement AIO support
Poornima Gurusiddaiah (1):
vfs_glusterfs: Enable per client log file
Raghavendra Talur (1):
init: set core file size to unlimited by default
Ralph Boehme (167):
WHATSNEW: vfs_fruit
vfs_streams_xattr: fix check with samba_private_attr_name()
vfs_streams_xattr: initialize pointer
vfs_streams_xattr: check stream type
vfs_snapper: check for <linux/ioctl.h>
s3:vfs: add SMB_VFS_READDIR_ATTR()
s3:smbd: allocate out_context_blobs with talloc
s3:vfs: add create tags to SMB_VFS_CREATEFILE
s3:smbd: add SMB2 AAPL create context defines
libcli/security: add NFS SID mappings
libcli/security: add a function that checks for MS NFS ACEs
s3:smbd: ignore dacls with MS NFS ACEs
vfs_fruit: AAPL support
s3:smbd: add SMB_VFS_READDIR_ATTR() to marshall direntry
s4:libcli/raw: make short_name available in buffer
s4:torture:vfs_fruit: smb2/create context AAPL test
vfs_fruit: add AAPL options
WHATSNEW: Apple's SMB2 extension AAPL
vfs_streams_xattr: add missing call to SMB_VFS_NEXT_CONNECT
wafsamba: check for rpath compiler/linker flags
wafsamba: flags from enviroment are put before our own internal versions
lib/texpect: portability fix, include signal.h
vfs_fruit: enhance handling of malformed AppleDouble files
s3:smbd: missing tevent_req_nterror
s3:smbd: update comment to correctly reflect MS-SMB2
vfs: kernel_flock and named streams
vfp_gpfs: ensure END_PROFILE is always called
vfs_gpfs: move failure label before END_PROFILE
s3:smb2: add padding to last command in compound requests
s4:torture:smb2:compound: compound read and padding
vfs_streams_xattr: stream names may contain colons
vfs_catia: run translation on stream names
s4:torture:vfs_fruit: pass xattr name as arg to torture_setup_local_xattr()
s4:torture:vfs_fruit: add a test for stream names
s3-net: use talloc array in share allowedusers
s3-net: use talloc array in share allowedusers
notify: check for valid notify_ctx in notify_remove
selftest: add change notify = no to simpleserver env
selftest: add a check for disabled change notify
vfs_fruit: handling of empty resource fork
vfs_fruit: split and simplify fruit_ftruncate
vfs_fruit: delete ._ file when deleting the basefile
s4:torture:vfs_fruit: add a resource fork truncation test
s4:torture:vfs_fruit: created empty resourceforks
s3: smbd: fix a crash in unix_convert()
vfs_fruit: return value of ad_pack in vfs_fruit.c
s3:locking: initialize lease pointer in share_mode_traverse_fn()
s3:lib: validate domain name in lookup_wellknown_name()
s3:smbstatus: add stream name to share_entry_forall()
s4:lib/messaging: use correct path for names.tdb
selftest: add a test for async_connect_send()
async_req: fix non-blocking connect()
ldb: bump version of the required system ldb to 1.1.24
s3:smbd: convert file_struct.posix_open to a bitmap with flags
s3:smbd: file_struct: seperate POSIX directory rename cap from POSIX open
vfs_fruit: add a flag that tracks whether use of AAPL was negotiated
vfs_fruit: enable POSIX directory rename semantics
s4:torture:vfs_fruit: add a test for POSIX rename
smbd: make "hide dot files" option work with "store dos attributes = yes"
s4:torture:vfs_fruit: remove unused tree2
s4:torture:vfs_fruit: rename tree1 -> tree
s4:torture:vfs_fruit: tweak check_stream_list()
s4:torture:vfs_fruit: use AFPINFO_STREAM_NAME
s4:torture:vfs_fruit: enhance check_stream
s4:torture:vfs_fruit: add --option=torture:osx for enable_aapl()
s4:torture:vfs_fruit: add explicit cleanup of testfiles
s4:torture:vfs_fruit: skip test test_read_atalk_metadata() without "localdir" and rename it
s4:torture:vfs_fruit: skip test_adouble_conversion() without "localdir"
s4:torture:vfs_fruit: skip test_stream_names() without "localdir"
s4:torture:vfs_fruit: fix test_aapl() to work with OS X
s4:torture:vfs_fruit: fix test_rename_dir_openfile() to work with OS X
s4:torture:vfs_fruit: fix flakey test_write_atalk_rfork_io with OS X
s3:lib/errmap_unix: map EOVERFLOW to NT_STATUS_ALLOTTED_SPACE_EXCEEDED
vfs_fruit: fix some debug messages
vfs_fruit: stat AFP_AfpInfo must fail when it doesn't exist
s4:torture:vfs_fruit: file without AFP_AfpInfo
vfs_fruit: handling of ftruncate() on AFP_AfpInfo stream
s4:torture:vfs_fruit: add tests for AFP_AfpInfo delete-on-close and eof
vfs_fruit: writing all 0 to AFP_AfpInfo stream
s4:torture:vfs_fruit: test nulling out AFP_AfpInfo stream
vfs_fruit: fix offset and len handling for AFP_AfpInfo stream
s4:torture:vfs_fruit: update AFP_AfpInfo IO tests
vfs_fruit: ignore delete on the AFP_Resource stream
s4:torture:vfs_fruit: add tests for AFP_Resource delete-on-close and eof
s4:torture:vfs_fruit: add test test_read_afpinfo
vfs_fruit: add and use define for the Netatalk metadata xattr
vfs_fruit: hide the Netatalk metadata xattr in streaminfo
vfs_streams_xattr: fix and simplify streams_xattr_get_name()
s3:smbd: Ignore initial allocation size for directory creation
s4:torture: add SMB2 test for directory creation initial allocation size
lib/tsocket: workaround sockets not supporting FIONREAD
lib/tsocket: workaround sockets not supporting FIONREAD
CVE-2016-2112(<=4.3): docs-xml: add "ldap server require strong auth" option
CVE-2016-2113(<=4.3): docs-xml: add "tls verify peer" option defaulting to "no_check"
CVE-2016-2114: libcli/smb: let mandatory signing imply allowed signing
CVE-2016-2114: s3:smbd: enforce "server signing = mandatory"
CVE-2016-2115(<=4.3): docs-xml: add "client ipc min protocol" and "client ipc max protocol" options
CVE-2016-2115(<=4.3): docs-xml: add "client ipc signing" option
CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: net: use SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: s3:lib/netapi: use SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: s3:auth_domain: use SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: s3:libnet: use SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: s3:libsmb: use SMB_SIGNING_IPC_DEFAULT and lp_client_ipc_{min,max}_protocol()
CVE-2016-2118(<=4.3) docs-xml: add "allow dcerpc auth level connect" defaulting to "yes"
CVE-2016-2114: libcli/smb: let mandatory signing imply allowed signing
CVE-2016-2114: s3:smbd: enforce "server signing = mandatory"
CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: net: use SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: s3:lib/netapi: use SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: s3:auth_domain: use SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: s3:libnet: use SMB_SIGNING_IPC_DEFAULT
CVE-2016-2115: s3:libsmb: use SMB_SIGNING_IPC_DEFAULT and lp_client_ipc_{min,max}_protocol()
cleanupd: restart as needed
vfs_fruit: add an option that allows disabling POSIX rename behaviour
s3:libnet:libnet_join: add netbios aliases as SPNs
librpc/ndr: add flag LIBNDR_FLAG_NO_COMPRESSION
librpc/dns: don't compress strings in TKEY and TSIG responses
librpc/dns: remove original_id from dns_fake_tsig_rec
s4/dns_server: include request MAC in TSIG response MAC calculation
s4/dns_server: split out function that does the MAC computation
s4/dns_server: not finding the key here is a fatal error
s4/dns_server: ensure we store the key name in error code paths
s4/dns_server: error codes for failing MAC verification in TSIG requests
s4/dns_server: don't compute TSIG MAC in TSIG error records
s4/dns_server: prepare sending correct error responses for dns_verify_tsig() errors
s4/dns_server: enable sending of TSIG error records
selftest: add test for DNS updates with TKEY/TSIG
s3/smbd: add helper func dos_mode_from_name()
s3/smbd: call dos_mode_from_name after get_ea_dos_attribute()
s3/smbd: move check for "hide files" to dos_mode_from_name()
s3/smbd: make get_ea_dos_attribute() public
s3/smbd: only use stored dos attributes for open_match_attributes() check
s4/torture: add a test for dosmode and hidden files
s3:mdssvc: older glib2 versions require g_type_init()
winbindd/idmap_rfc2307: fix a crash
winbindd: in wb_lookupsids return domain name if we have it
selftest: make autorid the default idmap backend in admember_rfc2307
selftest: test idmap backend id allocation for unknown SIDS
smbd/cleanupd: use smbd_reinit_after_fork()
smbd/notifyd: use smbd_reinit_after_fork()
s3-rpc_server/mdssd: use smbd_reinit_after_fork()
s3/smbd: move make_default_filesystem_acl() to vfs_acl_common.c
vfs_acl_xattr: objects without NT ACL xattr
async_req: make async_connect_send() "reentrant"
smbd: ignore ctdb tombstone records in fetch_share_mode_unlocked_parser()
s4/torture: add a test for ctdb-tombstrone-record deadlock
dbwrap_ctdb: treat empty records in ltdb as non-existing
s3/smbd: in call_trans2qfilepathinfo call lstat when dealing with posix pathnames
Revert "vfs_acl_xattr: objects without NT ACL xattr"
vfs_acl_common: rename psd to psd_blob in get_nt_acl_internal()
vfs_acl_common: rename pdesc_next to psd_fs
vfs_acl_common: remove redundant NULL assignment
vfs_acl_common: simplify ACL logic, cleanup and talloc hierarchy
vfs_acl_common: move the ACL blob validation to a helper function
vfs_acl_tdb|xattr: use a config handle
vfs_acl_common: move stat stuff to a helper function
vfs_acl_common: check for ignore_system_acls before fetching filesystem ACL
vfs_acl_xattr|tdb: add option to control default ACL style
vfs_acl_common: Windows style default ACL
s4/torture: tests for vfs_acl_xattr default ACL styles
vfs_acl_common: use DBG_LEVEL and remove function prefixes in DEBUG statements
docs: document vfs_acl_xattr|tdb enforced settings
vfs_acl_xattr|tdb: enforced settings when ignore system acls=yes
s3/smbd: set FILE_ATTRIBUTE_DIRECTORY as necessary
CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir()
CVE-2017-2619: s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag
Ralph Wuerthner (6):
Ensure gpfs kernel leases are wrapped in a become_root()/unbecome_root() pair.
s3:smbd: return NT_STATUS_INFO_LENGTH_MISMATCH for GetInfo in case output_buffer_length is too small
s3:smbd: allow GetInfo responses with STATUS_BUFFER_OVERFLOW to return partial, but valid data
s3:smbd: allow status code in smbd_do_qfsinfo() to be set by information class handler
s3:smbd: allow info class SMB_QUERY_FS_VOLUME_INFO to return partial data
s3:smbd: allow info class SMB_QUERY_FS_ATTRIBUTE_INFO to return partial data
Richard Sharpe (5):
Fix bug #10097 - MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba.
There are tests all over the SMB1 code to check that srv_send_smb fails, but it never returns false.
Update the tevent_data.dox tutrial stuff to fix some errors, including white space problems.
Make sure we initialize conn to NULL, because a routine we call may give an error and not touch conn, and then we get an error when trying to TALLOC_FREE it.
Prevent a crash in Python modules that try to authenticate by ensuring we reject cases where credendials fields are not intialized.
Robin Hack (2):
samba3.blackbox.smbclient.forceuser_validusers: Add new test for force user option.
ldb-samba/ldb_matching_rules: Fix CID 1349424 - Uninitialized pointer read
Robin McCorkell (1):
Correctly set cli->raw_status for libsmbclient in SMB2 code
Roel van Meer (3):
Don't discard result of checking grouptype
s3-util: Compare the maximum allowed length of a NetBIOS name
s3-util: Compare the maximum allowed length of a NetBIOS name
Ross Lagerwall (1):
s3:libsmb: Set a max charge for SMB2 connections
Rowland Penny (3):
WHATSNEW: add a section about samba-tool fsmo
samba-tool: fsmo.py throws an uncaught exception if no
samba-too: Allow 'samba-tool fsmo' to cope with empty or missing fsmo roles
Rusty Russell (1):
Man pages for ntdb tools missing
Samuel Cabrero (4):
s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled
idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo
ldb: Allow to register extended match rules
Initialize dwFlags field of DNS_RPC_NODE structure
Shirish Pargaonkar (1):
samba: Retain case sensitivity of cifs client
Stefan Metzmacher (1128):
s3-lib: hide incomplete smbXsrv_tcon_global records
lib/util: add 'ldb' debug class
lib/ldb-samba: make use of DBGC_LDB
lib/ldb-samba: only debug LDB_DEBUG_TRACE at level 10
lib/param: sync debug related options with source3/param
s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in in unixdom_get_my_addr()
dsdb/samdb: use RECYCLED it implies DELETED...
dsdb/repl_meta_data: split out replmd_deletion_state()
s4:rpc_server: make sure we don't terminate a connection with pending requests (bug #9820)
s4:server: avoid calling into nss_winbind from within 'samba'
s3:client: avoid interpret_protocol()
s3:torture: avoid interpret_protocol()
s3:lib: remove unused interpret_protocol()
s3:lib/netapi: make use of lp_cli_maxprotocol()
s3:winbindd: make use of lp_cli_{min,max}protocol()
s3:libsmb: use lp_cli_minprotocol() in do_connect()
s3:libsmb: make use of lp_cli_{min,max}protocol() in SMBC_server_internal()
libcli/smb: fix the credit handling on a SMB1 => SMB2 negotiate
libcli/smb: calculate the credit charge on the input and output dyn_len
libcli/smb: pass max_dyn_len to smb2cli_req_create()
libcli/smb: pass max_dyn_len to smb2cli_req_send()
libcli/smb: add smb1cli_conn_req_possible()
libcli/smb: add smb2cli_conn_req_possible()
s3:libsmb: rewrite cli_push* to use smb1cli_conn_req_possible()
s3:libsmb: rewrite cli_pull* to use smb1cli_conn_req_possible()
s3:libsmb: remove unused cli_readall*
s3:client: use the default io size
s3:client: fix compiler warning
s3:libsmb: add SMB2 support to cli_push*
s3:libsmb: add SMB2 support to cli_pull*
s3:libsmb: add support for SMB2 in cli_writeall()
s3:libsmb: make cli_tdis_send/recv static
s3:libsmb: only set tcon to invalid in smb2cli_tdis*
s3:libsmb: call smb2cli_tdis() from cli_tdis()
s3:libsmb: make cli_ulogoff_send/recv static
s3:libsmb: call smb2cli_logoff() from cli_ulogoff()
python/pyglue: filter out loopback and linklocal addresses unless all_interfaces is given
s4:samba_upgradedns: don't pass linklocal=False to interface_ips_v6()
python/provision: remove unused linklocal=False argument from interface_ips_v6()
libcli/smb: use SMB1 MID=0 for the initial Negprot
libcli/smb: fix non mendatory signing against some vendor SMB2 servers.
libcli/smb: only check the SMB2 session setup signature if required and valid
Merge tag 'samba-4.1.0rc4' into v4-1-test
Revert "Support UPN_DNS_INFO in the PAC"
dsdb/tests/ldap: fix test_ldapServiceName against w2k8r2
s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'
libcli/smb: fix smb2cli_ioctl*() against Windows 2008.
CVE-2013-4476: selftest/Samba4: use umask 0077 within mk_keyblobs()
CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_done()
CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_next_vector()
CVE-2013-4408:s3:rpc_client: check for invalid frag_len in dcerpc_pull_ncacn_packet()
CVE-2013-4408:s3:rpc_client: verify frag_len at least contains the header size
CVE-2013-4408:s4:dcerpc: check for invalid frag_len in ncacn_pull()
CVE-2013-4408:s4:dcerpc_smb: check for invalid frag_len in send_read_request_continue()
CVE-2013-4408:s4:dcerpc_smb2: check for invalid frag_len in send_read_request_continue()
CVE-2013-4408:s4:dcerpc_sock: check for invalid frag_len within sock_complete_packet()
CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler()
CVE-2013-4408:s3:util_tsock: add some overflow detection to tstream_read_packet_done()
CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done()
CVE-2013-4408:s3:ctdb_conn: add some length verification to ctdb_packet_more()
s3:smb2_server: fix drain_socket error handling
s3:smb2_server: for performance reasons we use tevent_fd and readv/writev directly
s3:smb2_server: use tevent_req_notify_callback() in smbd_smb2_request_pending_queue()
s3:smb2_server: allocate smbd_smb2_request on talloc_tos()
s3:smb2_server: generate a header blob for the sendfile path
s3:smb2_server: avoid calling set_current_user_info() for each request
s3:smb2_notify: fix use after free on long living notify requests
s3:libsmb: make use of smb1cli_tcon_set_values()
libcli/smb: add smbXcli_tcon_is_dfs_share()
libcli/smb: add smbXcli_tcon_{set,get}_fs_attributes()
libcli/smb: add FLAGS2_DFS_PATHNAMES for SMB1 operations against dfs shares
libcli/smb: move Filesystem Attributes defines to smb_constants.h
libcli/smb: add FLAG_CASELESS_PATHNAMES based on FILE_CASE_SENSITIVE_SEARCH to smb1 requests
libcli/smb: add SMB2_HDR_FLAG_DFS for SMB2 Create operations on dfs shares
s3:libsmb: call smbXcli_tcon_{get,set}_fs_attributes() from cli_set_case_sensitive()
s3:libsmb: don't pass down FLAG_CASELESS_PATHNAMES and FLAGS2_DFS_PATHNAMES anymore
s3/libsmb: make use of smbXcli_tcon_is_dfs_share()
s3:libsmb: add SMB2/3 support to cli_dfs_get_referral()
s3:libsmb: remove unused cli_state->dfsroot
s3:libsmb: remove unused cli_state->case_sensitive
s3:libsmb: call smbXcli_tcon_set_fs_attributes() directly
s3:smbd: simplify exit_server_common()
s3:smbd: maintain smbd_server_connection->status
s3:lib/ctdbd_conn: let release_ip_handler return bool
s3:smbd: avoid invalid lock_order panic triggered by "CTDB_SRVID_RELEASE_IP"
pidl:NDR/Client: fix dcerpc_function() with [out,ref] pointers
CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case.
CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case.
Merge tag 'samba-4.1.6' into v4-1-test
tevent: fix crash bug in tevent_queue_immediate_trigger()
s4:torture/smb2: accept NT_STATUS_RANGE_NOT_LOCKED after smb2_logoff/tdis
s3:smb2_lock: fix whitespaces/tabs in smbd_smb2_lock_cancel()
s3:smb2_lock: return RANGE_NOT_LOCKED instead of CANCELLED for logoff and tdis
s3:smb2_sesssetup: cancel and wait for pending requests on logoff
s3:smb2_tcon: cancel and wait for pending requests on tdis
s3:utils/smbfilter: use a local variable for the packet buffer
s3:torture: use CLI_BUFFER_SIZE instead of BUFFER_SIZE
s3:client: only limit the buffer by the given length 'n'
s3:param: avoid using BUFFER_SIZE to limit the lp_min_receive_file_size()
libcli/smb: add SMB_BUFFER_SIZE_MIN/MAX defines
s3:include: let CLI_BUFFER_SIZE be an alias of SMB_BUFFER_SIZE_MAX
s3:smbd: use SMB_BUFFER_SIZE_MIN/MAX to limit lp_max_xmit()
s3:smbd: use sconn->smb1.sessions.max_send = SMB_BUFFER_SIZE_MAX
s3:smbd: reject a MaxBufferSize < SMB_BUFFER_SIZE_MIN (500) in a session setup request
s3:smbd: take less than SMB_BUFFER_SIZE_MIN ('500') as header overhead in ipc.c
s3:smbd: fix lockread numtoread calculation to match reply_outbuf() arguments.
s3:smbd: pass the final numtoread reply_outbuf() for the lockread reply.
s3:smbd: fix the lockread numtoread calculation depending on the max_send.
s3:smbd: fix the read numtoread calculation depending on the max_send.
s3:smbd: simplify maxentries calculation in reply_search()
s3:smbd: fix the maxentries calculation depending on the max_send.
s3:smbd: s/BUFFER_SIZE/LARGE_WRITEX_BUFFER_SIZE
s4:lib/socket: use the same logic in iface_list_wildcard() as in smbd
s4:lib/socket: simplify iface_list_wildcard() and its callers
wafsamba: Fail with error message if perl doesn't provide valid dirs.
script/autobuild: make use of --with-perl-{arch,lib}-install-dir
pidl/lib/wscript_build: make use of PERL_LIB_INSTALL_DIR
s4:repl_meta_data: fix array assignment in replmd_process_linked_attribute()
script/autobuild: use --force-rebase option
selftest/subunithelper.py: correctly handle unexpected success in FilterOps
selftest/subunithelper.py: correctly handle fail_immediately in end_testsuite of FilterOps
selftest/subunithelper.py: correctly pass testsuite-uxsuccess to end_testsuite()
s4:dsdb/ldb_modules: avoid declaration after code warnings
s4:dsdb/ldb_modules: avoid invalid pointer type warnings
dsdb/tests/ldap: fix test_distinguished_name against w2k8r2
ldb:rdn_name: reject 'distinguishedName' depending of the MOD flags
ldb:pyldb: add some const to PyObject_FromLdbValue()
ldb:pyldb: fix doc string for set_extended_component()
ldb:pyldb: add some more helper functions for LdbDn
ldb: change version to 1.1.17
s3:smb2_read: let smb2_sendfile_send_data() behave like send_file_readX()
s4:dsdb/repl: make use of dcerpc_binding_handle_is_connected()
dbchecker: make the deleted objects container detection more generic
dbchecker: verify and fix broken dn values
s4:dsdb/schema_load: make error message more verbose
s4:dsdb/kcc: use SHOW_RECYCLED instead of SHOW_DELETED in when deleting tombstone/deleted objects
s4:dsdb/extended_dn_in: don't force DSDB_SEARCH_SHOW_RECYCLED
s4:dsdb/samldb: don't allow 'userParameters' to be modified over LDAP for now
libwbclient: allow only one initial_blob/challenge_blob in wbcCredentialCache()
selftest: teardown the environments also on getting SIGPIPE
s4:dsdb/repl_meta_data: make sure objectGUID can't be deleted
selftest/knownfail: ignore samba3.smb2.oplock.exclusive5 failures in v4-1-*
ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory()
Merge tag 'samba-4.1.10' into v4-1-test
selftest/knownfail: add ^samba4.rpc.netlogon.*.invalidAuthenticate2 for v4-1-*
s4:torture/rpc: add invalidAuthenticate2
s3:lib/memcache: use uint8_t instead of uint8
s3:lib/memcache: make use of talloc for memcache_elements
s3:lib/memcache: only include the required header files
lib/util: move memcache.[ch] to the toplevel 'samba-util' library
s4:rpc_server/netlogon: keep a global challenge table
s4:torture/rpc: add rpc.netlogon.ServerReqChallengeGlobal
security.idl: add SMB_SUPPORTED_SECINFO_FLAGS
s3:smbd: mask security_information input values with SMB_SUPPORTED_SECINFO_FLAGS
libcli/security: add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info()
libcli/dns: add AAAA support to dns_hosts_file.c
libcli/dns: ignore NS entries in dns_hosts_file.c at a higher log level for now
selftest: export _IPV6 environment variables
selftest/Samba4: also bind to ipv6
selftest/Samba3: also bind to ipv6
python/join: use lowercase for the dnshostname.
s4:samba_dnsupdate: don't lower case the registered names
s4:samba_dnsupdate: fix dnsobj.__str__()
s4:samba_dnsupdate: cache the already registered records
s4:samba_dnsupdate: don't try to be smart when verifying NS records
s4:samba_dnsupdate: provide more substitution variables e.g. IF_RODC
s4:setup/dns_update_list: make use of the new substitution variables
s4-rpc: dnsserver: return DNS_RANK_NS_GLUE recors when explicitly asked for
s4:dns_server: handle WERR_DNS_ERROR_NAME_DOES_NOT_EXIST in werr_to_dns_err()
s4:dns_server: map LDB_ERR_NO_SUCH_OBJECT to WERR_DNS_ERROR_NAME_DOES_NOT_EXIST
s4:dns_server: split out a private 'dnsserver_common' library
s4:dns_server: split out dns_common_extract() and dns_common_lookup()
s4:dns_server: remove const from dns_replace_records()
s4:dns_server: split out dns_common_replace()
s4:dns_server: use .wType = DNS_TYPE_TOMBSTONE instead of ZERO_STRUCT()
s4:dns_server: make sure dns_common_lookup() doesn't return tombstones
s4:dns_server: add DNS_TYPE_TOMBSTONE support to dns_common_replace()
s4:dns_server: handle tombstones in handle_one_update()
s4:dlz_bind9: avoid some compiler warnings
s4:dlz_bind9: do an early talloc_free(el_ctx) in dlz_allnodes()
s4:torture:dlz_bind9: fix spnego tests
torture-dns: Add test for dlz_bind9 zonedumps
torture-dns: Add test for dlz_bind9 updates
s4:dlz_bind9: let dlz_bind9 use dns_common_lookup() for name lookup
s4:dlz_bind9: let dlz_bind9 use dns_common_extract()
s4:dlz_bind9: let dlz_bind9 use dns_common_replace()
s4:dlz_bind9: let dlz_bind9 use dns_common_lookup() before removing records
s4:dlz_bind9: let dlz_bind9 use dns_common_lookup() before add/modify
s4-rpc: dnsserver: handle updates of tombstoned dnsNode objects
Merge tag 'samba-4.1.12' into v4-1-test
libcli/smb: fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02
Merge remote-tracking branch 'origin/v4-2-stable' into v4-2-test
s3:locking: remove dead code from brl_get_locks_readonly()
s3:smbd: fix file corruption using "write cache size != 0"
s3:smbd: fix file corruption using "write cache size != 0"
s3:smbstatus: fix return value in print_share_mode()
wafsamba: fix dependency calculation for SAMBA_GENERATOR()
wafsamba: fix dependency for SAMBA_GENERATOR() when passing vars!=None
wafsamba: allow an optional dep_vars list to be passed to SAMBA_GENERATOR()
wafsamba: fix dependencies on environment variables for python_fixup
wafsamba: let SAMBA_BLDOPTIONS() use dep_vars=['defines'] instead of always=True
dynconfig/wscript: add dynconfig_varnames()
docs-xml/wscript_build: pass dep_vars=bld.dynconfig_varnames() to SAMBA_GENERATOR()
lib/ldb/wscript: pass dep_vars=['LDB_VERSION'] to SAMBA_GENERATOR()
Revert "script/autobuild: make use of --with-perl-{arch,lib}-install-dir"
Revert "autobuild: Set perl vendorlib direcotry."
pidl/wscript: remove --with-perl-* options
tdb: allow tdb_open_ex() with O_RDONLY of TDB_FEATURE_FLAG_MUTEX tdbs.
tdb: version 1.3.2
tdb/test: TDB_CLEAR_IF_FIRST | TDB_MUTEX_LOCKING, O_RDONLY is a valid combination
tdb: version 1.3.3
lib/ldb: fix compiler warnings in ldb_modules_list_from_string()
lib/ldb: fix compiler warnings in ldb_tdb.c
lib/ldb: remove unused 'allow_warnings=True'
ldb: version 1.1.18
Revert "libcli/smb: mask off SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET for version 1"
s3:smb2_create: send interim responses after 0.5 milliseconds
s4:libcli/smb_composite: use the options on the transport
s4:libcli/raw: fix up the max_protocol value for the current transport connection
s4:libcli/smb2: allow the caller to specify a specific value for max_protocol.
s4:param: don't expand PROTOCOL_DEFAULT in lpcfg_smbcli_options()
s4:libcli/smb2: add new_epoch to struct smb2_lease_break
s4:libcli/smb2: initialize ls->lease_version
s4:torture/smb2: skip lease tests if the server doesn't support them
s4:torture/smb2: make lease tests more reliable by calling torture_wait_for_lease_break()
s4:torture/smb2: lease per test fnames
s4:torture/smb2: verify lease_flags in CHECK_LEASE_BREAK()
s4:torture/smb2: always verify the v2 lease epoch.
s4:torture/smb2: don't check the lease break connection against samba3
s4:torture/smb2: pass the expected flags to CHECK_LEASE()
s4:torture/smb2: add smb2.lease.[v2_]complex1 tests
s4:torture/smb2: add smb2.lease.v2_epoch[2|3] tests
s4:torture/smb2: make it possible to skip the automatic ack of lease breaks.
s4:torture/smb2: smb2.lease.breaking1 test
s4:torture/smb2: smb2.lease.breaking2 test
s4:torture/smb2: smb2.lease.breaking3 test
s4:torture/smb2: smb2.lease.breaking4 test
s4:torture/smb2: smb2.lease.breaking5 test
s4:torture/smb2: smb2.lease.breaking6 test
s4:torture:smb2: let smb2.lease.[v2_]complex1 check the R->NONE breaks
s3:smb2_server: allow smbd_smb2_send_break() with session == NULL and tcon == NULL
s3:open_files.idl: add data structures for SMB2.1 and SMB3.0 leases.
s3:locking: cleanup leases_db from share_mode_cleanup_disconnected()
s3:vfs.h: add more elements to struct fsp_lease
s3:smbd: document the interaction between "smb2 leases" and "write cache size"
docs-xml: document the interaction between "write cache size" and "aio read/write size"
s4:dsdb/rootdse: expand extended dn values with the AS_SYSTEM control
testprogs/test_ldb: check rootdse search with extended-dn control
s3:smb2_server: allow reauthentication without signing
libcli/smb: only force signing of smb2 session setups when binding a new session
s3:locking: fix uninitialiazed variable in brl_get_locks_readonly_parser()
s3:passdb: always copy the history in pdb_set_plaintext_passwd()
s3:passdb: avoid invalid pointer type warnings in pdb_wbc_sam.c
s3:idmap_cache: remove unused idmap_cache_set_sid2[u|g]id()
s3:passdb: add optional get_trusteddom_creds() hooks
s3:passdb: let pdb_get_trust_credentials() try pdb_get_trusteddom_creds() first
s4:dsdb/rootdse: expand extended dn values with the AS_SYSTEM control
testprogs/test_ldb: check rootdse search with extended-dn control
s3:smb2_server: use the global signing key to check if signing is required
s3:smb2_server: allow reauthentication without signing
libcli/smb: only force signing of smb2 session setups when binding a new session
tdb: allow transactions on on tdb's with TDB_MUTEX_LOCKING
tdb/test: add tdb1-run-mutex-transaction1 test
tdb/toos: allow transactions with TDB_MUTEX_LOCKING
tdb: version 1.3.4
drsuapi.idl: change the range for attribute values to 26214400 bytes.
librpc-idl: replace int32 by uint32 as the values are always > 0
wafsamba: add optional keep_underscore=True to SAMBA_LIBRARY()
selftest: use shared/libnss_wrapper_winbind.so.2
nsswitch: fix soname of linux nss_*.so.2 modules
s3:passdb: fix logic in pdb_set_pw_history()
wafsamba: add optional keep_underscore=True to SAMBA_LIBRARY()
selftest: use shared/libnss_wrapper_winbind.so.2
nsswitch: fix soname of linux nss_*.so.2 modules
lib/ldb: fix logic in ldb_val_to_time()
ldb: version 1.1.20
s4:dsdb/tests: add test_timevalues1() to verify timestamp values
wafsamba: add -Werror=return-type for developer builds
wafsamba: fill PRIVATE_NAME() logic again
wafsamba: let TO_LIST(mylist) return a copy of mylist
wafsamba: move compiler / cflags related stuff from lib/replace to wafsamba
wafsamba: move WERROR_CFLAGS checks from lib/replace to wafsamba
wafsamba: move '-fstack-protector' checks from lib/replace to wafsamba
wafsamba: move -fvisibility=hidden checks from lib/replace to wafsamba
wafsamba: let CURRENT_CFLAGS() use bld.env.VISIBILITY_CFLAGS
wafsamba: improve -fvisibility=hidden, we should check it together this WERROR_CFLAGS
wafsamba: make it possible to specify ADDITIONAL_{CFLAGS,LDFLAGS} as env var to ./configure
wafsamba: generate an empty.c file if a SAMBA_{LIBRARY,SUBSYSTEM} doesn't have any source files
wafsamba: make it possible to pass bundled_name to SAMBA_LIBRARY()
wafsamba: passing 'subsystem' to SAMBA_MODULE() is not optional
wafsamba: remove unused variable in SAMBA_MODULE()
wafsamba: create unique names when building shared modules
s3:smb2_server: always try to grant the credits the client just consumed
s3:smb2_server: protect against integer wrap with "smb2 max credits = 65535"
s3:smb2_server: always try to grant the credits the client just consumed
s3:smb2_server: protect against integer wrap with "smb2 max credits = 65535"
Merge tag 'samba-4.1.17' into v4-1-test
lib/texpect: make the code more portable by using "replace.h" and "system/wait.h"
lib/texpect: fix compiler warnings
lib/texpect: prefer bsd/libutil.h if available
talloc: inline more static functions
talloc: inline talloc_get_name()
talloc: avoid a function call in TALLOC_FREE() if possible.
talloc: check for TALLOC_GET_TYPE_ABORT_NOOP
talloc: fix compiler warning
talloc/tests: avoid some unused variable warnings
talloc: version 2.1.1
talloc: fix _talloc_total_limit_size prototype
talloc: version 2.1.2
talloc: fix _talloc_total_limit_size prototype
talloc: version 2.1.2
s4:auth/gensec_gssapi: let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors
s4:auth/gensec_gssapi: let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors
s3:smb2_server: don't rely on the SMB2_HDR_FLAG_SIGNED if signing is required
s3:smbd: add a smbd_notify_cancel_by_map() helper function
s3:smbd: use STATUS_NOTIFY_CLEANUP when closing a smb2 directory handle
s3:smbd: use STATUS_NOTIFY_CLEANUP on smb2 logoff (explicit and implicit) and tdis
s4:torture/smb2: verify STATUS_NOTIFY_CLEANUP return value
s4:torture/smb2: add smb2.notify.close test
s4:torture/smb2: add smb2.notify.invalid-reauth test
s4:torture/smb2: add smb2.notify.session-reconnect test
s3:smbXsrv_session: clear smb2req->session of pending requests in smbXsrv_session_destructor()
s3:smbXsrv_session: clear smb2req->session of pending requests in smbXsrv_session_logoff_all_callback()
s3:smbXsrv_session: add smb2srv_session_shutdown_send/recv helper functions
s3:smbXsrv_session: cancel pending requests when we logoff a previous session
s3:smb2_sesssetup: let smbd_smb2_logoff_* use smbXsrv_session_shutdown_*
s3:smb2_sesssetup: always assign smb2req->session when a session was created.
s3:smb2_sesssetup: add smbd_smb2_session_setup_wrap_send/recv()
s3:smb2_sesssetup: remove unused smbd_smb2_session_setup_* destructors
s3:selftest: run smb2.notify with --signing=required
s3:winbindd: make sure we remove pending io requests before closing client sockets
s3:winbindd: make sure we pass a valid server to rpccli_netlogon_sam_network_logon*()
auth/gensec: gensec_[un]seal_packet() should only work with GENSEC_FEATURE_DCE_STYLE
auth/gensec: make sure gensec_start_mech_by_authtype() resets SIGN/SEAL before starting
dcerpc.idl: add DCERPC_AUTH_PAD_ALIGNMENT (=16)
librpc/rpc: add DCERPC_AUTH_PAD_LENGTH(stub_length) helper macro
s3:librpc/rpc: allow up to DCERPC_AUTH_PAD_ALIGNMENT padding bytes in dcerpc_add_auth_footer()
s3:librpc/rpc: fix padding calculation in dcerpc_guess_sizes()
s3:rpc_server: remove pad handling from api_pipe_alter_context()
s4:librpc/rpc: let dcerpc_ship_next_request() use DCERPC_AUTH_PAD_ALIGNMENT define
s4:librpc/rpc: let dcerpc_ship_next_request() use a sig_size for a padded payload
s4:librpc/rpc: let ncacn_push_request_sign() handle sig_size == 0 with auth_info as internal error
s4:librpc/rpc: fix padding caclucation in ncacn_push_request_sign()
s4:rpc_server: let dcesrv_reply() use DCERPC_AUTH_PAD_ALIGNMENT define
s4:rpc_server: let dcesrv_reply() use a sig_size for a padded payload
s4:rpc_server: let dcesrv_auth_response() handle sig_size == 0 with auth_info as error
s4:rpc_server: fix padding caclucation in dcesrv_auth_response()
s4:selftest: run rpc.echo tests also with krb5 krb5,sign krb5,seal
s4:selftest: also run rpc.winreg with kerberos and all possible auth options
VERSION: Bump version up to 4.3.0rc2...
WHATSNEW: Prepare release notes for Samba 4.3.0rc2
VERSION: Release Samba 4.3.0rc2
VERSION: Bump version up to 4.3.0rc3...
WHATSNEW: Prepare release notes for Samba 4.3.0rc3
WHATSNEW: fix version numbers
script/release.sh: This is a new script to do releases
script/librelease.sh: this is replaced by script/release.sh now
release-scripts/build-manpages-nogit: run make realdistclean at the end
libcli/smb: prefer AES128_CCM
s3:smb2_negprot: prefer AES128_CCM if the client supports it
s3:lib: fix some corner cases of open_socket_out_cleanup()
WHATSNEW: Update release notes for Samba 4.3.0rc3
VERSION: Release Samba 4.3.0rc3
VERSION: Bump version up to 4.3.0rc4...
WHATSNEW: Prepare release notes for Samba 4.3.0rc4
s3:vfs_smb_traffic_analyzer: remove samba_ prefix from AES_* function calls
lib/crypto: add aes_cmac_128 chunked tests
lib/crypto: run all aes_gcm_128 testcases
lib/crypto: verify 0 updates in aes_gcm_128 tests
lib/crypto: add aes_ccm_128 tests
lib/crypto: add optimized helper functions aes_block_{xor,lshift,rshift}()
lib/crypto: optimize aes_cmac_128
lib/crypto: optimize aes_ccm_128
lib/crypto: optimize aes_gcm_128
lib/crypto: make use of aes_test.h in aes_gcm_128_test.c
lib/crypto: sync AES_cfb8_encrypt() from heimdal
lib/crypto: make it possible to use only parts of aes.[ch]
ldb:wscript: make it possible to build samba with a system ldb again
WHATSNEW: Update release notes for Samba 4.3.0rc3
VERSION: Release Samba 4.3.0rc4
VERSION: Bump version up to 4.3.0rc5...
WHATSNEW: Prepare release notes for Samba 4.3.0rc5
pidl/python: also add a ndr_PyLong_FromLongLong() for symnetric reasons
WHATSNEW: Add release notes for Samba 4.3.0.
VERSION: Release Samba 4.3.0
VERSION: Bump version up to 4.3.1...
s3:lib/messages: add missing allocation check for priv_path
s3:lib/messages: use 'msg.lock' and 'msg.sock' for messaging related subdirs
s4:lib/messaging: use 'msg.lock' and 'msg.sock' for messaging related subdirs
lib/param: fix hiding of FLAG_SYNONYM values
s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket
dcerpc.idl: accept invalid dcerpc_bind_nak pdus
script/release.sh: make it possible to create stable .0 releases
script/release.sh: make it possible to create stable .x releases (x >= 1)
s3:smb2_server: make the logic of SMB2_CANCEL DLIST_REMOVE() clearer
CVE-2015-5296: s3:libsmb: force signing when requiring encryption in do_connect()
CVE-2015-5296: s3:libsmb: force signing when requiring encryption in SMBC_server_internal()
CVE-2015-5296: libcli/smb: make sure we require signing when we demand encryption on a session
dbwrap_rbt: use talloc_zero_size() instead of a partial ZERO_STRUCT()
dbwrap_rbt: add nested traverse protection
dbwrap_rbt: fix modifying the db during traverse
s3:torture: add traverse testing to LOCAL-RBTREE
VERSION: Bump version up to 4.4.0rc2...
python:samba: add a generic string_to_byte_array() helper function
python:samba: add a generic arcfour_encrypt() helper function
python:samba/join.py: make use of the generic arcfour_encrypt() and string_to_byte_array() functions
python:samba/netcmd/domain: make use of the generic arcfour_encrypt() and string_to_byte_array() functions
s4:scripting/devel: make use of the generic arcfour_encrypt() and string_to_byte_array() functions
python:samba: add a generic string_to_byte_array() helper function
python:samba: add a generic arcfour_encrypt() helper function
python:samba/join.py: make use of the generic arcfour_encrypt() and string_to_byte_array() functions
python:samba/netcmd/domain: make use of the generic arcfour_encrypt() and string_to_byte_array() functions
s4:scripting/devel: make use of the generic arcfour_encrypt() and string_to_byte_array() functions
python:tests/core: add tests for arcfour_encrypt() and string_to_byte_array()
python:tests/core: add tests for arcfour_encrypt() and string_to_byte_array()
CVE-2016-0771: s4:librpc: python_dns and python_dcerpc_dnsp doesn't require client bindings
CVE-2016-0771: librpc: add RPC_NDR_DNSSERVER to dcerpc-samba library
CVE-2016-0771: librpc: add ndr_dnsp_string_list_copy() helper function
CVE-2016-0771: s4:dns_server: fix idl for dns_txt_record
CVE-2016-0771: dns.idl: make use of dnsp_hinfo
s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add
s3:clispnego: fix confusing warning in spnego_gen_krb5_wrap()
tevent: version 0.9.27
tevent: version 0.9.28
CVE-2016-0771: s4:librpc: python_dns and python_dcerpc_dnsp doesn't require client bindings
CVE-2016-0771: librpc: add RPC_NDR_DNSSERVER to dcerpc-samba library
CVE-2016-0771: librpc: add ndr_dnsp_string_list_copy() helper function
CVE-2016-0771: s4:dns_server: fix idl for dns_txt_record
CVE-2016-0771: dns.idl: make use of dnsp_hinfo
ldb:ABI: add missing pyldb-util.py3-1.1.25.sigs
s4:libcli/ldap: send AbandonRequests for cancelled requests
ldb-samba: fix the timeout setup in ildb_request_send()
ldb: allow a timeout of -1 result in no timeout timer at all.
pyldb: fix memory leak in py_ldb_search()
pyldb: fix help message for ldb.search()
pyldb: add ldb.search_iterator()
pyldb: add api tests for search_iterator()
ldb: add LDB_ATTR_FLAG_FORCE_BASE64_LDIF support
ldb: add support for LDB_CONTROL_DIRSYNC_EX
ldb: version 1.1.26
s4:libcli/ldap: add support for LDB_CONTROL_DIRSYNC_EX_OID
s3:winbindd: don't unclude two '\0' at the end of the domain list
selftest: mark samba4.winbind.struct.domain_info.ad_member as flapping
selftest: specify a maximum runtime for 'make testenv' of 1 year
pytalloc: add a _pytalloc_get_type() helper function and generate PyExc_TypeError on mismatch
lib/util_net: move ipv6 linklocal handling into interpret_string_addr_internal()
lib/util_net: add support for .ipv6-literal.net
s3:test_smbclient_auth.sh: test using the ip address in the unc path (incl. ipv6-literal.net)
s3:selftest: run samba3.blackbox.smbclient_auth.plain also with $SERVER_IPV6
epmapper.idl: make epm_twr_t available in python bindings
dcerpc.idl: make WERROR RPC faults available in ndr_print output
librpc/rpc: add error mappings for NO_CALL_ACTIVE, OUT_OF_RESOURCES and BAD_STUB_DATA
s4:librpc/rpc: map alter context SEC_PKG_ERROR to NT_STATUS_LOGON_FAILURE
s3:libads: remove unused ads_connect_gc()
wscript_configure_system_mitkrb5: add configure checks for GSS_KRB5_CRED_NO_CI_FLAGS_X
s3:librpc/gse: make use of GSS_C_EMPTY_BUFFER in gse_init_client
s3:librpc/gse: fix debug message in gse_init_client()
s3:librpc/gse: set GSS_KRB5_CRED_NO_CI_FLAGS_X in gse_init_client() if available
s3:librpc/gse: correctly support GENSEC_FEATURE_SESSION_KEY
s3:librpc/gse: don't log gss_acquire_creds failed at level 0
s3:librpc/gse: implement gensec_gse_max_{input,wrapped}_size()
s4:pygensec: make sig_size() and sign/check_packet() available
auth/gensec: keep a pointer to a possible child/sub gensec_security context
auth/gensec: handle gensec_security_by_sasl_name(NULL, ...)
auth/gensec: make gensec_security_by_name() public
s3:auth_generic: add auth_generic_client_start_by_name()
s3:auth_generic: add auth_generic_client_start_by_sasl()
auth/ntlmssp: keep ntlmssp_state->server.netbios_domain on the correct talloc context
auth/ntlmssp: add gensec_ntlmssp_server_domain()
s3:ntlm_auth: fix --use-cached-creds with ntlmssp-client-1
s3:torture/test_ntlm_auth.py: replace tabs with whitespaces
s3:torture/test_ntlm_auth.py: add --client-use-cached-creds option
s3:tests/test_ntlm_auth_s3: test ntlmssp-client-1 with cached credentials
winbindd: pass an memory context to do_ntlm_auth_with_stored_pw()
s3:auth_generic: make use of the top level NTLMSSP client code
s3:ntlmssp: remove unused libsmb/ntlmssp_wrap.c
auth/ntlmssp: provide a "ntlmssp_resume_ccache" backend
auth/gensec: add GENSEC_FEATURE_NTLM_CCACHE define
auth/ntlmssp: implement GENSEC_FEATURE_NTLM_CCACHE
s3:auth_generic: add "ntlmssp_resume_ccache" backend in auth_generic_client_prepare()
winbindd: make use of ntlmssp_resume_ccache backend for WINBINDD_CCACHE_NTLMAUTH
s3:ntlm_auth: also use gensec for "ntlmssp-client-1" and "gss-spnego-client"
auth/ntlmssp: split out a debug_ntlmssp_flags_raw() that's more complete
auth/ntlmssp: NTLMSSP_NEGOTIATE_VERSION is not a negotiated option
auth/ntlmssp: define all client neg_flags in gensec_ntlmssp_client_start()
auth/ntlmssp: set NTLMSSP_ANONYMOUS for anonymous authentication
auth/ntlmssp: don't send domain and workstation in the NEGOTIATE_MESSAGE
auth/ntlmssp: add ntlmssp_version_blob()
auth/ntlmssp: let the client always include NTLMSSP_NEGOTIATE_VERSION
auth/ntlmssp: use ntlmssp_version_blob() in the server
security.idl: add LSAP_TOKEN_INFO_INTEGRITY
ntlmssp.idl: MsAvRestrictions is MsvAvSingleHost now
ntlmssp.idl: make AV_PAIR_LIST public
librpc/ndr: add ndr_ntlmssp_find_av() helper function
auth/gensec: add GENSEC_FEATURE_LDAP_STYLE define
auth/ntlmssp: implement GENSEC_FEATURE_LDAP_STYLE
auth/ntlmssp: add more compat for GENSEC_FEATURE_LDAP_STYLE
auth/ntlmssp: remove ntlmssp_unwrap() fallback for LDAP
s4:libcli/ldap: make use of GENSEC_FEATURE_LDAP_STYLE
s4:libcli/ldap: fix retry authentication after a bad password
s4:selftest: we don't need to run ldap test with --option=socket:testnonblock=true
s4:selftest: simplify the loops over samba4.ldb.ldap
s4:ldap_server: make use of GENSEC_FEATURE_LDAP_STYLE
s3:libads: add missing TALLOC_FREE(frame) in error path
s3:libads: make use of GENSEC_FEATURE_LDAP_STYLE
s3:libads: make use of GENSEC_OID_SPNEGO in ads_sasl_spnego_ntlmssp_bind()
s3:libads: provide a generic ads_sasl_spnego_gensec_bind() function
s3:libads: don't pass given_principal to ads_generate_service_principal() anymore.
s3:libads: keep service and hostname separately in ads_service_principal
s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos
s3:libsmb: make use gensec based SPNEGO/NTLMSSP
s3:libsmb: unused ntlmssp.c
s3:libsmb: let cli_session_setup_ntlmssp*() use gensec_update_send/recv()
s3:libsmb: provide generic cli_session_setup_gensec_send/recv() pair
s3:libsmb: call cli_state_remote_realm() within cli_session_setup_spnego_send()
s3:libsmb: make use of cli_session_setup_gensec*() for Kerberos
s3:libsmb: remove unused cli_session_setup_kerberos*() functions
s3:libsmb: remove unused functions in clispnego.c
s4:torture/rpc: do testjoin only via ncalrpc or ncacn_np
s4:torture: the backupkey tests need to use ncacn_np: for LSA calls
s4:selftest: run rpc.samr over ncacn_np instead of ncacn_ip_tcp
s4:torture:samba3rpc: use an authenticated SMB connection and an anonymous DCERPC connection on top
s4:librpc/rpc: dcerpc_generic_session_key() should only be available on local transports
s4:rpc_server/samr: hide a possible NO_USER_SESSION_KEY error
s4:rpc_server: dcesrv_generic_session_key should only work on local transports
selftest: s!addc.samba.example.com!addom.samba.example.com!
selftest: add some helper scripts to mange a CA
selftest: add config and script to create a samba.example.com CA
selftest: add CA-samba.example.com (non-binary) files
selftest: mark commands in manage-CA-samba.example.com.sh as DONE
selftest: add Samba::prepare_keyblobs() helper function
selftest: use Samba::prepare_keyblobs() and use the certs from the new CA
selftest: set tls crlfile if it exist
selftest: setup information of new samba.example.com CA in the client environment
s3:selftest: rpc.samr.passwords.validate should run with [seal] in order to be realistic
s3:test_rpcclient_samlogon.sh: test samlogon with schannel
s4:torture/netlogon: add/use test_SetupCredentialsPipe() helper function
s4:torture/rpc/samr: use DCERPC_SEAL in setup_schannel_netlogon_pipe()
s4:torture/rpc/samlogon: use DCERPC_SEAL for netr_LogonSamLogonEx and validation level 6
s4:torture/rpc: correctly use torture_skip() for test_ManyGetDCName() without NCACN_NP
s4:torture/rpc/schannel: don't use validation level 6 without privacy
auth/gensec: make sure gensec_security_by_auth_type() returns NULL for AUTH_TYPE_NONE
auth/gensec: split out a gensec_verify_dcerpc_auth_level() function
s4:rpc_server: require access to the machine account credentials
s4:selftest: run rpc.netlogon.admin also over ncalrpc and ncacn_ip_tcp
s3:rpc_server/samr: correctly handle session_extract_session_key() failures
s3:ntlm_auth: pass manage_squid_request() needs a valid struct ntlm_auth_state from within get_password()
CVE-2016-2110: auth/ntlmssp: let ntlmssp_handle_neg_flags() return NTSTATUS
CVE-2016-2110: auth/ntlmssp: maintain conf_flags and required_flags variables
CVE-2016-2110: auth/ntlmssp: split allow_lm_response from allow_lm_key
CVE-2016-2110: auth/ntlmssp: don't allow a downgrade from NTLMv2 to LM_AUTH
CVE-2016-2110: auth/ntlmssp: don't let ntlmssp_handle_neg_flags() change ntlmssp_state->use_ntlmv2
CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require flags depending on the requested features
CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require NTLM2 (EXTENDED_SESSIONSECURITY) when using ntlmv2
CVE-2016-2110: winbindd: add new_spnego to the WINBINDD_CCACHE_NTLMAUTH response
CVE-2016-2110: libcli/auth: use enum spnego_negResult instead of uint8_t
CVE-2016-2110: libcli/auth: add SPNEGO_REQUEST_MIC to enum spnego_negResult
CVE-2016-2110: auth/gensec: fix the client side of a new_spnego exchange
CVE-2016-2110: auth/gensec: fix the client side of a spnego downgrade
CVE-2016-2110: auth/gensec: require spnego mechListMIC exchange for new_spnego backends
CVE-2016-2110: auth/gensec: add gensec_may_reset_crypto() infrastructure
CVE-2016-2110: auth/ntlmssp: call ntlmssp_sign_init if we provide GENSEC_FEATURE_SIGN
CVE-2016-2110: auth/ntlmssp: implement gensec_ntlmssp_may_reset_crypto()
CVE-2016-2110: auth/credentials: clear the LMv2 key for NTLMv2 in cli_credentials_get_ntlm_response()
CVE-2016-2110: auth/credentials: pass server_timestamp to cli_credentials_get_ntlm_response()
CVE-2016-2110: libcli/auth: pass server_timestamp to SMBNTLMv2encrypt_hash()
CVE-2016-2110: ntlmssp.idl: add NTLMSSP_MIC_{OFFSET,SIZE}
CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC checking (as server)
CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC generation (as client)
CVE-2016-2111: auth/gensec: require DCERPC_AUTH_LEVEL_INTEGRITY or higher in schannel_update()
CVE-2016-2111: auth/gensec: correctly report GENSEC_FEATURE_{SIGN,SEAL} in schannel_have_feature()
CVE-2016-2111: s4:rpc_server: implement 'server schannel = yes' restriction
CVE-2016-2111: s4:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
CVE-2016-2111: s3:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
CVE-2016-2111: s4:torture/rpc: fix rpc.samba3.netlogon ntlmv2 test
CVE-2016-2111: s4:torture/rpc: fix rpc.pac ntlmv2 test
CVE-2016-2111: libcli/auth: add NTLMv2_RESPONSE_verify_netlogon_creds() helper function
CVE-2016-2111: s4:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
CVE-2016-2111: s3:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
CVE-2016-2111: s4:torture/raw: don't use ntlmv2 for dos connection in raw.samba3badpath
CVE-2016-2111: s4:torture/base: don't use ntlmv2 for dos connection in base.samba3error
CVE-2016-2111: s4:libcli: don't allow the LANMAN2 session setup without "client lanman auth = yes"
CVE-2016-2111: s4:param: use "client use spnego" to initialize options->use_spnego
CVE-2016-2111: s4:libcli: don't send a raw NTLMv2 response when we want to use spnego
CVE-2016-2111: s3:libsmb: don't send a raw NTLMv2 response when we want to use spnego
CVE-2016-2111: docs-xml: document the new "client NTLMv2 auth" and "client use spnego" interaction
CVE-2016-2111: docs-xml: add "raw NTLMv2 auth" defaulting to "yes"
CVE-2016-2111: s3:auth: implement "raw NTLMv2 auth" checks
CVE-2016-2111: s4:smb_server: implement "raw NTLMv2 auth" checks
CVE-2016-2111: selftest:Samba3: use "raw NTLMv2 auth = yes" for nt4_dc
CVE-2016-2111: docs-xml/smbdotconf: default "raw NTLMv2 auth" to "no"
CVE-2016-2112: s3:libads: make sure we detect downgrade attacks
CVE-2016-2112: s4:libcli/ldap: honour "client ldap sasl wrapping" option
CVE-2016-2112: s4:libcli/ldap: make sure we detect downgrade attacks
CVE-2016-2112: s4:libcli/ldap: auto upgrade to SIGN after STRONG_AUTH_REQUIRED
CVE-2016-2112: s4:selftest: use --option=clientldapsaslwrapping=plain for plain connections
CVE-2016-2112: s4:ldap_server: reduce scope of old_session_info variable
CVE-2016-2112: docs-xml: add "ldap server require strong auth" option
CVE-2016-2112: s4:ldap_server: implement "ldap server require strong auth" option
CVE-2016-2112: s4:selftest: run samba4.ldap.bind against fl2008r2dc
CVE-2016-2112: selftest: servers with explicit "ldap server require strong auth" options
CVE-2016-2112: s4:selftest: run some ldap test against ad_dc_ntvfs, fl2008r2dc and fl2003dc
CVE-2016-2112: docs-xml: change the default of "ldap server require strong auth" to "yes"
CVE-2016-2113: s4:lib/tls: create better certificates and sign the host cert with the ca cert
CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verification
VERSION: Bump version up to 4.3.7...
s3:clispnego: fix confusing warning in spnego_gen_krb5_wrap()
s3:pam_smbpass: remove unused dependency to LIBNTLMSSP
lib/util_net: move ipv6 linklocal handling into interpret_string_addr_internal()
lib/util_net: add support for .ipv6-literal.net
s3:test_smbclient_auth.sh: test using the ip address in the unc path (incl. ipv6-literal.net)
s3:selftest: run samba3.blackbox.smbclient_auth.plain also with $SERVER_IPV6
epmapper.idl: make epm_twr_t available in python bindings
dcerpc.idl: make WERROR RPC faults available in ndr_print output
librpc/rpc: add error mappings for NO_CALL_ACTIVE, OUT_OF_RESOURCES and BAD_STUB_DATA
s4:librpc/rpc: map alter context SEC_PKG_ERROR to NT_STATUS_LOGON_FAILURE
s3:libads: remove unused ads_connect_gc()
wscript_configure_system_mitkrb5: add configure checks for GSS_KRB5_CRED_NO_CI_FLAGS_X
s3:librpc/gse: make use of GSS_C_EMPTY_BUFFER in gse_init_client
s3:librpc/gse: fix debug message in gse_init_client()
s3:librpc/gse: set GSS_KRB5_CRED_NO_CI_FLAGS_X in gse_init_client() if available
s3:librpc/gse: correctly support GENSEC_FEATURE_SESSION_KEY
s3:librpc/gse: don't log gss_acquire_creds failed at level 0
s3:librpc/gse: implement gensec_gse_max_{input,wrapped}_size()
s4:pygensec: make sig_size() and sign/check_packet() available
auth/gensec: keep a pointer to a possible child/sub gensec_security context
auth/gensec: handle gensec_security_by_sasl_name(NULL, ...)
auth/gensec: make gensec_security_by_name() public
s3:auth_generic: add auth_generic_client_start_by_name()
s3:auth_generic: add auth_generic_client_start_by_sasl()
auth/ntlmssp: keep ntlmssp_state->server.netbios_domain on the correct talloc context
auth/ntlmssp: add gensec_ntlmssp_server_domain()
s3:ntlm_auth: fix --use-cached-creds with ntlmssp-client-1
s3:torture/test_ntlm_auth.py: replace tabs with whitespaces
s3:torture/test_ntlm_auth.py: add --client-use-cached-creds option
s3:tests/test_ntlm_auth_s3: test ntlmssp-client-1 with cached credentials
winbindd: pass an memory context to do_ntlm_auth_with_stored_pw()
s3:auth_generic: make use of the top level NTLMSSP client code
s3:ntlmssp: remove unused libsmb/ntlmssp_wrap.c
auth/ntlmssp: provide a "ntlmssp_resume_ccache" backend
auth/gensec: add GENSEC_FEATURE_NTLM_CCACHE define
auth/ntlmssp: implement GENSEC_FEATURE_NTLM_CCACHE
s3:auth_generic: add "ntlmssp_resume_ccache" backend in auth_generic_client_prepare()
winbindd: make use of ntlmssp_resume_ccache backend for WINBINDD_CCACHE_NTLMAUTH
s3:ntlm_auth: also use gensec for "ntlmssp-client-1" and "gss-spnego-client"
auth/ntlmssp: split out a debug_ntlmssp_flags_raw() that's more complete
auth/ntlmssp: NTLMSSP_NEGOTIATE_VERSION is not a negotiated option
auth/ntlmssp: define all client neg_flags in gensec_ntlmssp_client_start()
auth/ntlmssp: set NTLMSSP_ANONYMOUS for anonymous authentication
auth/ntlmssp: don't send domain and workstation in the NEGOTIATE_MESSAGE
auth/ntlmssp: add ntlmssp_version_blob()
auth/ntlmssp: let the client always include NTLMSSP_NEGOTIATE_VERSION
auth/ntlmssp: use ntlmssp_version_blob() in the server
security.idl: add LSAP_TOKEN_INFO_INTEGRITY
ntlmssp.idl: MsAvRestrictions is MsvAvSingleHost now
ntlmssp.idl: make AV_PAIR_LIST public
librpc/ndr: add ndr_ntlmssp_find_av() helper function
auth/gensec: add GENSEC_FEATURE_LDAP_STYLE define
auth/ntlmssp: implement GENSEC_FEATURE_LDAP_STYLE
auth/ntlmssp: add more compat for GENSEC_FEATURE_LDAP_STYLE
auth/ntlmssp: remove ntlmssp_unwrap() fallback for LDAP
s4:libcli/ldap: make use of GENSEC_FEATURE_LDAP_STYLE
s4:libcli/ldap: fix retry authentication after a bad password
s4:selftest: we don't need to run ldap test with --option=socket:testnonblock=true
s4:selftest: simplify the loops over samba4.ldb.ldap
s4:ldap_server: make use of GENSEC_FEATURE_LDAP_STYLE
s3:libads: add missing TALLOC_FREE(frame) in error path
s3:libads: make use of GENSEC_FEATURE_LDAP_STYLE
s3:libads: make use of GENSEC_OID_SPNEGO in ads_sasl_spnego_ntlmssp_bind()
s3:libads: provide a generic ads_sasl_spnego_gensec_bind() function
s3:libads: don't pass given_principal to ads_generate_service_principal() anymore.
s3:libads: keep service and hostname separately in ads_service_principal
s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos
s3:libsmb: make use gensec based SPNEGO/NTLMSSP
s3:libsmb: unused ntlmssp.c
s3:libsmb: let cli_session_setup_ntlmssp*() use gensec_update_send/recv()
s3:libsmb: provide generic cli_session_setup_gensec_send/recv() pair
s3:libsmb: call cli_state_remote_realm() within cli_session_setup_spnego_send()
s3:libsmb: make use of cli_session_setup_gensec*() for Kerberos
s3:libsmb: remove unused cli_session_setup_kerberos*() functions
s3:libsmb: remove unused functions in clispnego.c
s4:torture/rpc: do testjoin only via ncalrpc or ncacn_np
s4:torture: the backupkey tests need to use ncacn_np: for LSA calls
s4:selftest: run rpc.samr over ncacn_np instead of ncacn_ip_tcp
s4:torture:samba3rpc: use an authenticated SMB connection and an anonymous DCERPC connection on top
s4:librpc/rpc: dcerpc_generic_session_key() should only be available on local transports
s4:rpc_server/samr: hide a possible NO_USER_SESSION_KEY error
s4:rpc_server: dcesrv_generic_session_key should only work on local transports
selftest: s!addc.samba.example.com!addom.samba.example.com!
selftest: add some helper scripts to mange a CA
selftest: add config and script to create a samba.example.com CA
selftest: add CA-samba.example.com (non-binary) files
selftest: mark commands in manage-CA-samba.example.com.sh as DONE
selftest: add Samba::prepare_keyblobs() helper function
selftest: use Samba::prepare_keyblobs() and use the certs from the new CA
selftest: set tls crlfile if it exist
selftest: setup information of new samba.example.com CA in the client environment
s3:selftest: rpc.samr.passwords.validate should run with [seal] in order to be realistic
s3:test_rpcclient_samlogon.sh: test samlogon with schannel
s4:torture/netlogon: add/use test_SetupCredentialsPipe() helper function
s4:torture/rpc/samr: use DCERPC_SEAL in setup_schannel_netlogon_pipe()
s4:torture/rpc/samlogon: use DCERPC_SEAL for netr_LogonSamLogonEx and validation level 6
s4:torture/rpc: correctly use torture_skip() for test_ManyGetDCName() without NCACN_NP
s4:torture/rpc/schannel: don't use validation level 6 without privacy
auth/gensec: make sure gensec_security_by_auth_type() returns NULL for AUTH_TYPE_NONE
auth/gensec: split out a gensec_verify_dcerpc_auth_level() function
s4:rpc_server: require access to the machine account credentials
s4:selftest: run rpc.netlogon.admin also over ncalrpc and ncacn_ip_tcp
s3:rpc_server/samr: correctly handle session_extract_session_key() failures
s3:ntlm_auth: pass manage_squid_request() needs a valid struct ntlm_auth_state from within get_password()
CVE-2016-2110: auth/ntlmssp: let ntlmssp_handle_neg_flags() return NTSTATUS
CVE-2016-2110: auth/ntlmssp: maintain conf_flags and required_flags variables
CVE-2016-2110: auth/ntlmssp: split allow_lm_response from allow_lm_key
CVE-2016-2110: auth/ntlmssp: don't allow a downgrade from NTLMv2 to LM_AUTH
CVE-2016-2110: auth/ntlmssp: don't let ntlmssp_handle_neg_flags() change ntlmssp_state->use_ntlmv2
CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require flags depending on the requested features
CVE-2016-2110: auth/ntlmssp: let gensec_ntlmssp_client_start require NTLM2 (EXTENDED_SESSIONSECURITY) when using ntlmv2
CVE-2016-2110: winbindd: add new_spnego to the WINBINDD_CCACHE_NTLMAUTH response
CVE-2016-2110: libcli/auth: use enum spnego_negResult instead of uint8_t
CVE-2016-2110: libcli/auth: add SPNEGO_REQUEST_MIC to enum spnego_negResult
CVE-2016-2110: auth/gensec: fix the client side of a new_spnego exchange
CVE-2016-2110: auth/gensec: fix the client side of a spnego downgrade
CVE-2016-2110: auth/gensec: require spnego mechListMIC exchange for new_spnego backends
CVE-2016-2110: auth/gensec: add gensec_may_reset_crypto() infrastructure
CVE-2016-2110: auth/ntlmssp: call ntlmssp_sign_init if we provide GENSEC_FEATURE_SIGN
CVE-2016-2110: auth/ntlmssp: implement gensec_ntlmssp_may_reset_crypto()
CVE-2016-2110: auth/credentials: clear the LMv2 key for NTLMv2 in cli_credentials_get_ntlm_response()
CVE-2016-2110: auth/credentials: pass server_timestamp to cli_credentials_get_ntlm_response()
CVE-2016-2110: libcli/auth: pass server_timestamp to SMBNTLMv2encrypt_hash()
CVE-2016-2110: ntlmssp.idl: add NTLMSSP_MIC_{OFFSET,SIZE}
CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC checking (as server)
CVE-2016-2110: auth/ntlmssp: implement new_spnego support including MIC generation (as client)
CVE-2016-2111: auth/gensec: require DCERPC_AUTH_LEVEL_INTEGRITY or higher in schannel_update()
CVE-2016-2111: auth/gensec: correctly report GENSEC_FEATURE_{SIGN,SEAL} in schannel_have_feature()
CVE-2016-2111: s4:rpc_server: implement 'server schannel = yes' restriction
CVE-2016-2111: s4:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
CVE-2016-2111: s3:rpc_server/netlogon: require DCERPC_AUTH_LEVEL_PRIVACY for validation level 6
CVE-2016-2111: s4:torture/rpc: fix rpc.samba3.netlogon ntlmv2 test
CVE-2016-2111: s4:torture/rpc: fix rpc.pac ntlmv2 test
CVE-2016-2111: libcli/auth: add NTLMv2_RESPONSE_verify_netlogon_creds() helper function
CVE-2016-2111: s4:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
CVE-2016-2111: s3:rpc_server/netlogon: check NTLMv2_RESPONSE values for SEC_CHAN_WKSTA
CVE-2016-2111: s4:torture/raw: don't use ntlmv2 for dos connection in raw.samba3badpath
CVE-2016-2111: s4:torture/base: don't use ntlmv2 for dos connection in base.samba3error
CVE-2016-2111: s4:libcli: don't allow the LANMAN2 session setup without "client lanman auth = yes"
CVE-2016-2111: s4:param: use "client use spnego" to initialize options->use_spnego
CVE-2016-2111: s4:libcli: don't send a raw NTLMv2 response when we want to use spnego
CVE-2016-2111: s3:libsmb: don't send a raw NTLMv2 response when we want to use spnego
CVE-2016-2111: docs-xml: document the new "client NTLMv2 auth" and "client use spnego" interaction
CVE-2016-2111: docs-xml: add "raw NTLMv2 auth" defaulting to "yes"
CVE-2016-2111(<=4.3): docs-xml: add "raw NTLMv2 auth" defaulting to "yes"
CVE-2016-2111: s3:auth: implement "raw NTLMv2 auth" checks
CVE-2016-2111: s4:smb_server: implement "raw NTLMv2 auth" checks
CVE-2016-2111: selftest:Samba3: use "raw NTLMv2 auth = yes" for nt4_dc
CVE-2016-2111: docs-xml/smbdotconf: default "raw NTLMv2 auth" to "no"
CVE-2016-2112: s3:libads: make sure we detect downgrade attacks
CVE-2016-2112: s4:libcli/ldap: honour "client ldap sasl wrapping" option
CVE-2016-2112: s4:libcli/ldap: make sure we detect downgrade attacks
CVE-2016-2112: s4:libcli/ldap: auto upgrade to SIGN after STRONG_AUTH_REQUIRED
CVE-2016-2112: s4:selftest: use --option=clientldapsaslwrapping=plain for plain connections
CVE-2016-2112: s4:ldap_server: reduce scope of old_session_info variable
CVE-2016-2112: docs-xml: add "ldap server require strong auth" option
CVE-2016-2112: s4:ldap_server: implement "ldap server require strong auth" option
CVE-2016-2112: s4:selftest: run samba4.ldap.bind against fl2008r2dc
CVE-2016-2112: selftest: servers with explicit "ldap server require strong auth" options
CVE-2016-2112: s4:selftest: run some ldap test against ad_dc_ntvfs, fl2008r2dc and fl2003dc
CVE-2016-2112: docs-xml: change the default of "ldap server require strong auth" to "yes"
CVE-2016-2113: s4:lib/tls: create better certificates and sign the host cert with the ca cert
CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verification
CVE-2016-2113: docs-xml: add "tls verify peer" option defaulting to "no_check"
CVE-2016-2113: s4:selftest: explicitly use '--option="tlsverifypeer=no_check" for some ldaps tests
CVE-2016-2113: s4:libcli/ldap: verify the server certificate and hostname if configured
CVE-2016-2113: s4:librpc/rpc: verify the rpc_proxy certificate and hostname if configured
CVE-2016-2113: selftest: test all "tls verify peer" combinations with ldaps
CVE-2016-2113: selftest: use "tls verify peer = no_check"
CVE-2016-2113: docs-xml: let "tls verify peer" default to "as_strict_as_possible"
CVE-2016-2114: s4:smb2_server: fix session setup with required signing
CVE-2016-2114: s3:smbd: use the correct default values for "smb signing"
CVE-2016-2114: docs-xml: let the "smb signing" documentation reflect the reality
CVE-2016-2115: docs-xml: add "client ipc min protocol" and "client ipc max protocol" options
CVE-2016-2115: docs-xml: add "client ipc signing" option
CVE-2016-2115: s4:libcli/raw: add smbcli_options.min_protocol
CVE-2016-2115: s4:libcli/smb2: use the configured min_protocol
CVE-2016-2115: s4:libcli/raw: limit maxprotocol to NT1 in smb_raw_negotiate*()
CVE-2016-2115: s4:libcli/raw: pass the minprotocol to smb_raw_negotiate*()
CVE-2016-2115: s4:librpc/rpc: make use of "client ipc *" options for ncacn_np
CVE-2016-2115: s3:winbindd: use lp_client_ipc_{min,max}_protocol()
CVE-2016-2115: s3:winbindd: use lp_client_ipc_signing()
CVE-2016-2115: s3:libsmb: let SMB_SIGNING_IPC_DEFAULT use "client ipc min/max protocol"
CVE-2016-2115: docs-xml: always default "client ipc signing" to "mandatory"
CVE-2016-2118: s4:rpc_server: make it possible to define a min_auth_level on a presentation context
CVE-2016-2118: s4:rpc_server/drsuapi: require DCERPC_AUTH_LEVEL_PRIVACY
CVE-2016-2118: s4:rpc_server/backupkey: require DCERPC_AUTH_LEVEL_PRIVACY
CVE-2016-2118: python:tests/dcerpc: use [sign] for dnsserver tests
CVE-2016-2118: s4:rpc_server/dnsserver: require at least DCERPC_AUTH_LEVEL_INTEGRITY
CVE-2016-2118: s3: rpcclient: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
CVE-2016-2118: librpc: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
CVE-2016-2118: s4:librpc: use integrity by default for authenticated binds
CVE-2016-2118: docs-xml: add "allow dcerpc auth level connect" defaulting to "yes"
CVE-2016-2118: s4:rpc_server: make use of "allow dcerpc auth level connect"
CVE-2016-2118: s4:rpc_server/lsa: reject DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/samr: reject DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/netlogon: reject DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/epmapper: allow DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/mgmt: allow DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/rpcecho: allow DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s3:rpc_server: make use of "allow dcerpc auth level connect"
CVE-2016-2118: s3:rpc_server/{samr,lsa,netlogon}: reject DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s3:rpc_server/{epmapper,echo}: allow DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: docs-xml: default "allow dcerpc auth level connect" to "no"
CVE-2016-2118: s4:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
CVE-2016-2118: s3:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
CVE-2015-5370: dcerpc.idl: add DCERPC_{NCACN_PAYLOAD,FRAG}_MAX_SIZE defines
CVE-2015-5370: librpc/rpc: simplify and harden dcerpc_pull_auth_trailer()
CVE-2015-5370: s3:librpc/rpc: don't call dcerpc_pull_auth_trailer() if auth_length is 0
CVE-2015-5370: s4:librpc/rpc: send a dcerpc_sec_verification_trailer if needed
CVE-2015-5370: s4:librpc/rpc: maintain dcecli_security->auth_{type,level,context_id}
CVE-2015-5370: s4:librpc/rpc: use auth_context_id = 1
CVE-2015-5370: s4:librpc/rpc: use a local auth_info variable in ncacn_push_request_sign()
CVE-2015-5370: s4:librpc/rpc: avoid using hs->p->conn->security_state.auth_info in dcerpc_bh_auth_info()
CVE-2015-5370: s4:librpc/rpc: avoid using c->security_state.auth_info in ncacn_pull_request_auth()
CVE-2015-5370: s4:librpc/rpc: always use ncacn_pull_request_auth() for DCERPC_PKT_RESPONSE pdus
CVE-2015-5370: s4:librpc/rpc: avoid dereferencing sec->auth_info in dcerpc_request_prepare_vt()
CVE-2015-5370: s4:librpc/rpc: simplify checks if gensec is used in dcerpc_ship_next_request()
CVE-2015-5370: s4:librpc/rpc: avoid using dcecli_security->auth_info and use per request values
CVE-2015-5370: s4:librpc/rpc: finally verify the server uses the expected auth_{type,level,context_id} values
CVE-2015-5370: librpc/rpc: add a dcerpc_verify_ncacn_packet_header() helper function
CVE-2015-5370: s3:rpc_client: move AS/U hack to the top of cli_pipe_validate_current_pdu()
CVE-2015-5370: s3:rpc_client: remove useless frag_length check in rpc_api_pipe_got_pdu()
CVE-2015-5370: s4:librpc/rpc: make use of dcerpc_map_ack_reason() in dcerpc_bind_recv_handler()
CVE-2015-5370: s4:librpc/rpc: handle DCERPC_PKT_FAULT before anything else in dcerpc_alter_context_recv_handler()
CVE-2015-5370: s4:librpc/rpc: use dcerpc_verify_ncacn_packet_header() to verify BIND_ACK,ALTER_RESP,RESPONSE pdus
CVE-2015-5370: s4:librpc/rpc: protect dcerpc_request_recv_data() against too large payloads
CVE-2015-5370: s4:rpc_server: make use of talloc_zero()
CVE-2015-5370: s4:rpc_server: no authentication is indicated by pkt->auth_length == 0
CVE-2015-5370: s4:rpc_server: check the result of dcerpc_pull_auth_trailer() in dcesrv_auth_bind()
CVE-2015-5370: s4:rpc_server: maintain dcesrv_auth->auth_{type,level,context_id}
CVE-2015-5370: s4:rpc_server: make use of dce_call->conn->auth_state.auth_* in dcesrv_request()
CVE-2015-5370: s4:rpc_server/lsa: make use of dce_call->conn->auth_state.auth_{level,type}
CVE-2015-5370: s4:rpc_server/samr: make use of dce_call->conn->auth_state.auth_level
CVE-2015-5370: s4:rpc_server/netlogon: make use of dce_call->conn->auth_state.auth_{level,type}
CVE-2015-5370: s4:rpc_server: correctly maintain dcesrv_connection->max_{recv,xmit}_frag
CVE-2015-5370: s4:rpc_server: avoid ZERO_STRUCT() in dcesrv_fault()
CVE-2015-5370: s4:rpc_server: set alloc_hint = 24 in dcesrv_fault()
CVE-2015-5370: s4:rpc_server: fill context_id in dcesrv_fault()
CVE-2015-5370: s4:rpc_server: split out a dcesrv_fault_with_flags() helper function
CVE-2015-5370: s4:rpc_server: add some padding to dcesrv_bind_nak() responses
CVE-2015-5370: s4:rpc_server: return the correct secondary_address in dcesrv_bind()
CVE-2015-5370: s4:rpc_server: make dcesrv_process_ncacn_packet() static
CVE-2015-5370: s4:rpc_server: add infrastructure to terminate a connection after a response
CVE-2015-5370: s4:rpc_server: verify the protocol headers before processing pdus
CVE-2015-5370: s4:rpc_server: ensure that the message ordering doesn't violate the spec
CVE-2015-5370: s4:rpc_server: maintain in and out struct dcerpc_auth per dcesrv_call_state
CVE-2015-5370: s4:rpc_server: make sure alter_context and auth3 can't change auth_{type,level,context_id}
CVE-2015-5370: s4:rpc_server: let invalid request fragments disconnect the connection with a protocol error
CVE-2015-5370: s4:rpc_server: remove pointless dcesrv_find_context() from dcesrv_bind()
CVE-2015-5370: s4:rpc_server: don't derefence an empty ctx_list array in dcesrv_alter()
CVE-2015-5370: s4:rpc_server: changing an existing presentation context via alter_context is a protocol error
CVE-2015-5370: s4:rpc_server: fix the order of error checking in dcesrv_alter()
CVE-2015-5370: s4:rpc_server: failing authentication should generate a SEC_PKG_ERROR
CVE-2015-5370: s4:rpc_server: let a failing auth3 mark the authentication as invalid
CVE-2015-5370: s4:rpc_server: disconnect after a failing dcesrv_auth_request()
CVE-2015-5370: s4:rpc_server: give the correct reject reasons for invalid auth_level values
CVE-2015-5370: s4:rpc_server: check frag_length for requests
CVE-2015-5370: s4:rpc_server: limit allocation and alloc_hint to 4 MByte
CVE-2015-5370: s4:rpc_server: only allow one fragmented call_id at a time
CVE-2015-5370: s4:rpc_server: the assoc_group is relative to the connection (association)
CVE-2015-5370: s4:rpc_server: reject DCERPC_PFC_FLAG_PENDING_CANCEL with DCERPC_FAULT_NO_CALL_ACTIVE
CVE-2015-5370: librpc/rpc: don't allow pkt->auth_length == 0 in dcerpc_pull_auth_trailer()
CVE-2015-5370: s3:librpc/rpc: remove auth trailer and possible padding within dcerpc_check_auth()
CVE-2015-5370: s3:librpc/rpc: let dcerpc_check_auth() auth_{type,level} against the expected values.
CVE-2015-5370: s3:rpc_client: make use of dcerpc_pull_auth_trailer()
CVE-2015-5370: s3:rpc_client: make use of dcerpc_verify_ncacn_packet_header() in cli_pipe_validate_current_pdu()
CVE-2015-5370: s3:rpc_client: protect rpc_api_pipe_got_pdu() against too large payloads
CVE-2015-5370: s3:rpc_client: verify auth_{type,level} in rpc_pipe_bind_step_one_done()
CVE-2015-5370: s3:rpc_server: make use of dcerpc_pull_auth_trailer() in api_pipe_{bind_req,alter_context,bind_auth3}()
CVE-2015-5370: s3:rpc_server: let a failing sec_verification_trailer mark the connection as broken
CVE-2015-5370: s3:rpc_server: just call pipe_auth_generic_bind() in api_pipe_bind_req()
CVE-2015-5370: s3:rpc_server: don't ignore failures of dcerpc_push_ncacn_packet()
CVE-2015-5370: s3:rpc_server: don't allow auth3 if the authentication was already finished
CVE-2015-5370: s3:rpc_server: let a failing auth3 mark the authentication as invalid
CVE-2015-5370: s3:rpc_server: make sure auth_level isn't changed by alter_context or auth3
CVE-2015-5370: s3:rpc_server: use 'alter' instead of 'bind' for variables in api_pipe_alter_context()
CVE-2015-5370: s3:rpc_server: verify presentation context arrays
CVE-2015-5370: s3:rpc_server: make use of dcerpc_verify_ncacn_packet_header() to verify incoming pdus
CVE-2015-5370: s3:rpc_server: disconnect the connection after a fatal FAULT pdu
CVE-2015-5370: s3:rpc_server: let a failing BIND mark the connection as broken
CVE-2015-5370: s3:rpc_server: use DCERPC_NCA_S_PROTO_ERROR FAULTs for protocol errors
CVE-2015-5370: s3:librpc/rpc: remove unused dcerpc_pull_dcerpc_auth()
CVE-2015-5370: s3:rpc_server: check the transfer syntax in check_bind_req() first
CVE-2015-5370: s3:rpc_server: don't allow an existing context to be changed in check_bind_req()
CVE-2015-5370: s3:rpc_client: pass struct pipe_auth_data to create_rpc_{bind_auth3,alter_context}()
CVE-2015-5370: s3:librpc/rpc: add auth_context_id to struct pipe_auth_data
CVE-2015-5370: s3:rpc_client: make use of pipe_auth_data->auth_context_id
CVE-2015-5370: s3:rpc_server: make use of pipe_auth_data->auth_context_id
CVE-2015-5370: s3:librpc/rpc: make use of auth->auth_context_id in dcerpc_add_auth_footer()
CVE-2015-5370: s3:librpc/rpc: verify auth_context_id in dcerpc_check_auth()
CVE-2015-5370: s3:rpc_client: verify auth_context_id in rpc_pipe_bind_step_one_done()
CVE-2015-5370: s3:rpc_server: verify auth_context_id in api_pipe_{bind_auth3,alter_context}
CVE-2015-5370: libcli/smb: use a max timeout of 1 second in tstream_smbXcli_np_destructor()
CVE-2015-5370: s3:rpc_client: disconnect connection on protocol errors
CVE-2015-5370: s4:librpc/rpc: call dcerpc_connection_dead() on protocol errors
CVE-2015-5370: python/samba/tests: add infrastructure to do raw protocol tests for DCERPC
CVE-2015-5370: python/samba/tests: add some dcerpc raw_protocol tests
CVE-2015-5370: s4:selftest: run samba.tests.dcerpc.raw_protocol against ad_dc
CVE-2016-2113: docs-xml: add "tls verify peer" option defaulting to "no_check"
CVE-2016-2113: s4:selftest: explicitly use '--option="tlsverifypeer=no_check" for some ldaps tests
CVE-2016-2113: s4:libcli/ldap: verify the server certificate and hostname if configured
CVE-2016-2113: s4:librpc/rpc: verify the rpc_proxy certificate and hostname if configured
CVE-2016-2113: selftest: test all "tls verify peer" combinations with ldaps
CVE-2016-2113: selftest: use "tls verify peer = no_check"
CVE-2016-2113: docs-xml: let "tls verify peer" default to "as_strict_as_possible"
CVE-2016-2114: s4:smb2_server: fix session setup with required signing
CVE-2016-2114: s3:smbd: use the correct default values for "smb signing"
CVE-2016-2114: docs-xml: let the "smb signing" documentation reflect the reality
CVE-2016-2115: docs-xml: add "client ipc min protocol" and "client ipc max protocol" options
CVE-2016-2115: docs-xml: add "client ipc signing" option
CVE-2016-2115: s4:libcli/raw: add smbcli_options.min_protocol
CVE-2016-2115: s4:libcli/smb2: use the configured min_protocol
CVE-2016-2115: s4:libcli/raw: limit maxprotocol to NT1 in smb_raw_negotiate*()
CVE-2016-2115: s4:libcli/raw: pass the minprotocol to smb_raw_negotiate*()
CVE-2016-2115: s4:librpc/rpc: make use of "client ipc *" options for ncacn_np
CVE-2016-2115: s3:winbindd: use lp_client_ipc_{min,max}_protocol()
CVE-2016-2115: s3:winbindd: use lp_client_ipc_signing()
CVE-2016-2115: s3:libsmb: let SMB_SIGNING_IPC_DEFAULT use "client ipc min/max protocol"
CVE-2016-2115: docs-xml: always default "client ipc signing" to "mandatory"
CVE-2016-2118: s4:rpc_server: make it possible to define a min_auth_level on a presentation context
CVE-2016-2118: s4:rpc_server/drsuapi: require DCERPC_AUTH_LEVEL_PRIVACY
CVE-2016-2118: s4:rpc_server/backupkey: require DCERPC_AUTH_LEVEL_PRIVACY
CVE-2016-2118: python:tests/dcerpc: use [sign] for dnsserver tests
CVE-2016-2118: s4:rpc_server/dnsserver: require at least DCERPC_AUTH_LEVEL_INTEGRITY
CVE-2016-2118: s3: rpcclient: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
CVE-2016-2118: librpc: change the default auth level from DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY
CVE-2016-2118: s4:librpc: use integrity by default for authenticated binds
CVE-2016-2118: docs-xml: add "allow dcerpc auth level connect" defaulting to "yes"
CVE-2016-2118: s4:rpc_server: make use of "allow dcerpc auth level connect"
CVE-2016-2118: s4:rpc_server/lsa: reject DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/samr: reject DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/netlogon: reject DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/epmapper: allow DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/mgmt: allow DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s4:rpc_server/rpcecho: allow DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s3:rpc_server: make use of "allow dcerpc auth level connect"
CVE-2016-2118: s3:rpc_server/{samr,lsa,netlogon}: reject DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: s3:rpc_server/{epmapper,echo}: allow DCERPC_AUTH_LEVEL_CONNECT by default
CVE-2016-2118: docs-xml: default "allow dcerpc auth level connect" to "no"
CVE-2016-2118: s4:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
CVE-2016-2118: s3:rpc_server/samr: allow _samr_ValidatePassword only with PRIVACY...
CVE-2015-5370: dcerpc.idl: add DCERPC_{NCACN_PAYLOAD,FRAG}_MAX_SIZE defines
CVE-2015-5370: librpc/rpc: simplify and harden dcerpc_pull_auth_trailer()
CVE-2015-5370: s3:librpc/rpc: don't call dcerpc_pull_auth_trailer() if auth_length is 0
CVE-2015-5370: s4:librpc/rpc: send a dcerpc_sec_verification_trailer if needed
CVE-2015-5370: s4:librpc/rpc: maintain dcecli_security->auth_{type,level,context_id}
CVE-2015-5370: s4:librpc/rpc: use auth_context_id = 1
CVE-2015-5370: s4:librpc/rpc: use a local auth_info variable in ncacn_push_request_sign()
CVE-2015-5370: s4:librpc/rpc: avoid using hs->p->conn->security_state.auth_info in dcerpc_bh_auth_info()
CVE-2015-5370: s4:librpc/rpc: avoid using c->security_state.auth_info in ncacn_pull_request_auth()
CVE-2015-5370: s4:librpc/rpc: always use ncacn_pull_request_auth() for DCERPC_PKT_RESPONSE pdus
CVE-2015-5370: s4:librpc/rpc: avoid dereferencing sec->auth_info in dcerpc_request_prepare_vt()
CVE-2015-5370: s4:librpc/rpc: simplify checks if gensec is used in dcerpc_ship_next_request()
CVE-2015-5370: s4:librpc/rpc: avoid using dcecli_security->auth_info and use per request values
CVE-2015-5370: s4:librpc/rpc: finally verify the server uses the expected auth_{type,level,context_id} values
CVE-2015-5370: librpc/rpc: add a dcerpc_verify_ncacn_packet_header() helper function
CVE-2015-5370: s3:rpc_client: move AS/U hack to the top of cli_pipe_validate_current_pdu()
CVE-2015-5370: s3:rpc_client: remove useless frag_length check in rpc_api_pipe_got_pdu()
CVE-2015-5370: s4:librpc/rpc: make use of dcerpc_map_ack_reason() in dcerpc_bind_recv_handler()
CVE-2015-5370: s4:librpc/rpc: handle DCERPC_PKT_FAULT before anything else in dcerpc_alter_context_recv_handler()
CVE-2015-5370: s4:librpc/rpc: use dcerpc_verify_ncacn_packet_header() to verify BIND_ACK,ALTER_RESP,RESPONSE pdus
CVE-2015-5370: s4:librpc/rpc: protect dcerpc_request_recv_data() against too large payloads
CVE-2015-5370: s4:rpc_server: make use of talloc_zero()
CVE-2015-5370: s4:rpc_server: no authentication is indicated by pkt->auth_length == 0
CVE-2015-5370: s4:rpc_server: check the result of dcerpc_pull_auth_trailer() in dcesrv_auth_bind()
CVE-2015-5370: s4:rpc_server: maintain dcesrv_auth->auth_{type,level,context_id}
CVE-2015-5370: s4:rpc_server: make use of dce_call->conn->auth_state.auth_* in dcesrv_request()
CVE-2015-5370: s4:rpc_server/lsa: make use of dce_call->conn->auth_state.auth_{level,type}
CVE-2015-5370: s4:rpc_server/samr: make use of dce_call->conn->auth_state.auth_level
CVE-2015-5370: s4:rpc_server/netlogon: make use of dce_call->conn->auth_state.auth_{level,type}
CVE-2015-5370: s4:rpc_server: correctly maintain dcesrv_connection->max_{recv,xmit}_frag
CVE-2015-5370: s4:rpc_server: avoid ZERO_STRUCT() in dcesrv_fault()
CVE-2015-5370: s4:rpc_server: set alloc_hint = 24 in dcesrv_fault()
CVE-2015-5370: s4:rpc_server: fill context_id in dcesrv_fault()
CVE-2015-5370: s4:rpc_server: split out a dcesrv_fault_with_flags() helper function
CVE-2015-5370: s4:rpc_server: add some padding to dcesrv_bind_nak() responses
CVE-2015-5370: s4:rpc_server: return the correct secondary_address in dcesrv_bind()
CVE-2015-5370: s4:rpc_server: make dcesrv_process_ncacn_packet() static
CVE-2015-5370: s4:rpc_server: add infrastructure to terminate a connection after a response
CVE-2015-5370: s4:rpc_server: verify the protocol headers before processing pdus
CVE-2015-5370: s4:rpc_server: ensure that the message ordering doesn't violate the spec
CVE-2015-5370: s4:rpc_server: maintain in and out struct dcerpc_auth per dcesrv_call_state
CVE-2015-5370: s4:rpc_server: make sure alter_context and auth3 can't change auth_{type,level,context_id}
CVE-2015-5370: s4:rpc_server: let invalid request fragments disconnect the connection with a protocol error
CVE-2015-5370: s4:rpc_server: remove pointless dcesrv_find_context() from dcesrv_bind()
CVE-2015-5370: s4:rpc_server: don't derefence an empty ctx_list array in dcesrv_alter()
CVE-2015-5370: s4:rpc_server: changing an existing presentation context via alter_context is a protocol error
CVE-2015-5370: s4:rpc_server: fix the order of error checking in dcesrv_alter()
CVE-2015-5370: s4:rpc_server: failing authentication should generate a SEC_PKG_ERROR
CVE-2015-5370: s4:rpc_server: let a failing auth3 mark the authentication as invalid
CVE-2015-5370: s4:rpc_server: disconnect after a failing dcesrv_auth_request()
CVE-2015-5370: s4:rpc_server: give the correct reject reasons for invalid auth_level values
CVE-2015-5370: s4:rpc_server: check frag_length for requests
CVE-2015-5370: s4:rpc_server: limit allocation and alloc_hint to 4 MByte
CVE-2015-5370: s4:rpc_server: only allow one fragmented call_id at a time
CVE-2015-5370: s4:rpc_server: the assoc_group is relative to the connection (association)
CVE-2015-5370: s4:rpc_server: reject DCERPC_PFC_FLAG_PENDING_CANCEL with DCERPC_FAULT_NO_CALL_ACTIVE
CVE-2015-5370: librpc/rpc: don't allow pkt->auth_length == 0 in dcerpc_pull_auth_trailer()
CVE-2015-5370: s3:librpc/rpc: remove auth trailer and possible padding within dcerpc_check_auth()
CVE-2015-5370: s3:librpc/rpc: let dcerpc_check_auth() auth_{type,level} against the expected values.
CVE-2015-5370: s3:rpc_client: make use of dcerpc_pull_auth_trailer()
CVE-2015-5370: s3:rpc_client: make use of dcerpc_verify_ncacn_packet_header() in cli_pipe_validate_current_pdu()
CVE-2015-5370: s3:rpc_client: protect rpc_api_pipe_got_pdu() against too large payloads
CVE-2015-5370: s3:rpc_client: verify auth_{type,level} in rpc_pipe_bind_step_one_done()
CVE-2015-5370: s3:rpc_server: make use of dcerpc_pull_auth_trailer() in api_pipe_{bind_req,alter_context,bind_auth3}()
CVE-2015-5370: s3:rpc_server: let a failing sec_verification_trailer mark the connection as broken
CVE-2015-5370: s3:rpc_server: just call pipe_auth_generic_bind() in api_pipe_bind_req()
CVE-2015-5370: s3:rpc_server: don't ignore failures of dcerpc_push_ncacn_packet()
CVE-2015-5370: s3:rpc_server: don't allow auth3 if the authentication was already finished
CVE-2015-5370: s3:rpc_server: let a failing auth3 mark the authentication as invalid
CVE-2015-5370: s3:rpc_server: make sure auth_level isn't changed by alter_context or auth3
CVE-2015-5370: s3:rpc_server: use 'alter' instead of 'bind' for variables in api_pipe_alter_context()
CVE-2015-5370: s3:rpc_server: verify presentation context arrays
CVE-2015-5370: s3:rpc_server: make use of dcerpc_verify_ncacn_packet_header() to verify incoming pdus
CVE-2015-5370: s3:rpc_server: disconnect the connection after a fatal FAULT pdu
CVE-2015-5370: s3:rpc_server: let a failing BIND mark the connection as broken
CVE-2015-5370: s3:rpc_server: use DCERPC_NCA_S_PROTO_ERROR FAULTs for protocol errors
CVE-2015-5370: s3:librpc/rpc: remove unused dcerpc_pull_dcerpc_auth()
CVE-2015-5370: s3:rpc_server: check the transfer syntax in check_bind_req() first
CVE-2015-5370: s3:rpc_server: don't allow an existing context to be changed in check_bind_req()
CVE-2015-5370: s3:rpc_client: pass struct pipe_auth_data to create_rpc_{bind_auth3,alter_context}()
CVE-2015-5370: s3:librpc/rpc: add auth_context_id to struct pipe_auth_data
CVE-2015-5370: s3:rpc_client: make use of pipe_auth_data->auth_context_id
CVE-2015-5370: s3:rpc_server: make use of pipe_auth_data->auth_context_id
CVE-2015-5370: s3:librpc/rpc: make use of auth->auth_context_id in dcerpc_add_auth_footer()
CVE-2015-5370: s3:librpc/rpc: verify auth_context_id in dcerpc_check_auth()
CVE-2015-5370: s3:rpc_client: verify auth_context_id in rpc_pipe_bind_step_one_done()
CVE-2015-5370: s3:rpc_server: verify auth_context_id in api_pipe_{bind_auth3,alter_context}
CVE-2015-5370: libcli/smb: use a max timeout of 1 second in tstream_smbXcli_np_destructor()
CVE-2015-5370: s3:rpc_client: disconnect connection on protocol errors
CVE-2015-5370: s4:librpc/rpc: call dcerpc_connection_dead() on protocol errors
CVE-2015-5370: python/samba/tests: add infrastructure to do raw protocol tests for DCERPC
CVE-2015-5370: python/samba/tests: add some dcerpc raw_protocol tests
CVE-2015-5370: s4:selftest: run samba.tests.dcerpc.raw_protocol against ad_dc
WHATSNEW: Add release notes for Samba 4.4.1.
VERSION: Disable git snapshots for the 4.4.1 release.
WHATSNEW: Add release notes for Samba 4.3.7.
VERSION: Disable git snapshots for the 4.3.7 release.
VERSION: Bump version up to 4.4.2...
s3:libads: sasl wrapped LDAP connections against with kerberos and arcfour-hmac-md5
VERSION: Bump version up to 4.3.8...
s3:libads: sasl wrapped LDAP connections against with kerberos and arcfour-hmac-md5
WHATSNEW: Add release notes for Samba 4.4.2.
WHATSNEW: Add release notes for Samba 4.3.8.
VERSION: Disable git snapshots for the 4.4.2 release.
VERSION: Disable git snapshots for the 4.3.8 release.
VERSION: Bump version up to 4.4.3...
s4:gensec_tstream: allow wrapped messages up to a size of 0xfffffff
s3:libads/sasl: allow wrapped messages up to a size of 0xfffffff
auth/spnego: change log level for 'Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR'
auth/spnego: handle broken mechListMIC response from Windows 2000
auth/ntlmssp: don't require any flags in the ccache_resume code
auth/ntlmssp: don't require NTLMSSP_SIGN for smb connections
s3:libsmb: use password = NULL for anonymous connections
libcli/smb: add smb1cli_session_set_action() helper function
libcli/smb: add SMB1 session setup action flags
libcli/smb: add smbXcli_session_is_guest() helper function
s3:libsmb: record the session setup action flags
s3:libsmb: don't finish the gensec handshake for guest logins
s3:libsmb: use anonymous authentication via spnego if possible
auth/spnego: only try to verify the mechListMic if signing was negotiated.
s4:auth_anonymous: anonymous authentication doesn't allow a password
s3:auth_builtin: anonymous authentication doesn't allow a password
libcli/security: implement SECURITY_GUEST
s3:smbd: make use SMB_SETUP_GUEST constant
s3:smbd: only mark real guest sessions with the GUEST flag
auth/ntlmssp: do map to guest checking after the authentication
auth/spnego: add spnego:simulate_w2k option for testing
auth/ntlmssp: add ntlmssp_{client,server}:force_old_spnego option for testing
selftest:Samba4: provide DC_* variables for fl2000dc and fl2008r2dc
s3:test_smbclient_auth.sh: this script reqiures 5 arguments
selftest:Samba4: let fl2000dc use Windows2000 supported_enctypes
selftest:Samba4: let fl2000dc use Windows2000 style SPNEGO/NTLMSSP
s3:selftest: add smbclient_ntlm tests
libcli/auth: let msrpc_parse() return talloc'ed empty strings
s3:smbd: fix anonymous authentication if signing is mandatory
s3:ntlm_auth: make ntlm_auth_generate_session_info() more complete
s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT
s4:rpc_server: parse auth data only for BIND,ALTER_REQ,AUTH3
s4:librpc/rpc: don't ask for auth_length if we ask for auth data only
librpc/rpc: let dcerpc_pull_auth_trailer() only accept auth_length!=NULL or auth_data_only=true
librpc/rpc: let dcerpc_pull_auth_trailer() check that auth_pad_length fits within the whole pdu.
librpc/rpc: ignore invalid auth_pad_length values in BIND, ALTER and AUTH3 pdus
s4:rpc_server: generate the correct error when we got an invalid auth_pad_length on BIND,ALTER,AUTH3
python/tests: add auth_pad test for the dcerpc raw_protocol test
dcerpc.idl: add DCERPC_NCACN_{REQUEST,RESPONSE}_DEFAULT_MAX_SIZE
s4:librpc/rpc: allow a total reassembled response payload of 240 MBytes
s4:rpc_server: use a variable for the max total reassembled request payload
dcerpc.idl: remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE
dcerpc.idl: add DCERPC_NCACN_{REQUEST,RESPONSE}_DEFAULT_MAX_SIZE
s4:librpc/rpc: allow a total reassembled response payload of 240 MBytes
s4:rpc_server: use a variable for the max total reassembled request payload
dcerpc.idl: remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE
CVE-2016-2019: libcli/smb: don't allow guest sessions if we require signing
CVE-2016-2019: s3:libsmb: add comment regarding smbXcli_session_is_guest() with mandatory signing
CVE-2016-2019: s3:selftest: add regression tests for guest logins and mandatory signing
VERSION: Bump version up to 4.4.6...
libads: ensure the right ccache is used during gssapi bind
libads: ensure the right ccache is used during spnego bind
python/remove_dc: handle dnsNode objects without dnsRecord attribute
script/autobuild.py: include the branch name in the output
samba-tool/ldapcmp: ignore differences of whenChanged
script/release.sh: use 8 byte gpg key ids
gensec/spnego: work around missing server mechListMIC in SMB servers
Merge tag 'samba-4.4.6' into v4-4-test
s3:nmbd: fix talloc_zero_array() check in nmbd_packets.c
HEIMDAL:lib/krb5: destroy a memory ccache on reinit
s3:libads: don't use MEMORY:ads_sasl_gssapi_do_bind nor set "KRB5CCNAME"
s3:libads: don't use MEMORY:ads_sasl_spnego_bind nor set "KRB5CCNAME"
CVE-2016-2125: s4:scripting: don't use GSS_C_DELEG_FLAG in nsupdate-gss
CVE-2016-2125: s3:gse: avoid using GSS_C_DELEG_FLAG
CVE-2016-2125: s4:gensec_gssapi: don't use GSS_C_DELEG_FLAG by default
CVE-2016-2126: auth/kerberos: only allow known checksum types in check_pac_checksum()
CVE-2017-12150: s3:lib: get_cmdline_auth_info_signing_state smb_encrypt SMB_SIGNING_REQUIRED
CVE-2017-12150: s3:pylibsmb: make use of SMB_SIGNING_DEFAULT for 'samba.samba3.libsmb_samba_internal'
CVE-2017-12150: libgpo: make use of SMB_SIGNING_REQUIRED in gpo_connect_server()
CVE-2017-12150: auth/credentials: cli_credentials_authentication_requested() should check for NTLM_CCACHE/SIGN/SEAL
CVE-2017-12150: libcli/smb: add smbXcli_conn_signing_mandatory()
CVE-2017-12150: s3:libsmb: only fallback to anonymous if authentication was not requested
CVE-2017-12151: s3:libsmb: add cli_state_is_encryption_on() helper function
CVE-2017-12151: s3:libsmb: make use of cli_state_is_encryption_on()
Steve Howells (1):
s4.2/fsmo.py: fixed fsmo transfer exception
Steve Langasek (34):
Drop support for running smbd from inetd; this is not well-supported upstream, and can't correctly handle all of the long-running services that are needed as part of modern samba. Closes: #707622.
Split the samba init script into nmbd and smbd init scripts, for better alignment with how init systems other than sysvinit work. This also drops the override of the arguments to update-rc.d in debian/rules, no longer needed in the post-insserv world.
Remove the old samba init script on upgrade
Remove the links to the obsolete samba init script.
Add upstart jobs from Ubuntu for smbd, nmbd, and winbind.
Update logrotate scripts for the new split init script
Update the DHCP hook for the new split init script
Include the reload-smbd upstart job in the package
Finish removing smbtar bashism
Make samba-common Conflicts: swat, which is now obsolete and no longer built from samba 4.0; the old versions of swat in the archive are incompatible with smb.conf from samba 4.0, so force them off the system to avoid configuration corruption.
Drop support for running smbd from inetd; this is not well-supported upstream, and can't correctly handle all of the long-running services that are needed as part of modern samba. Closes: #707622.
Merge support for upstart jobs
Don't drop the samba init script after all, we want this as a wrapper for
Merge branch 'init-script-split-and-upstart-jobs'
The samba-ad-dc upstart job should be installed unconditionally, not just in Ubuntu.
Don't exclude our private libraries from the shlibs generation.
Disable the init script when on upstart
Don't pass --noscripts for reload-smbd: we need the old /etc/init.d/reload-smbd
call dh_installinit with --noscripts for samba, since it's just a wrapper
By default, don't start/stop /etc/init.d/samba in any runlevel
Bah, spell the option name right (--noscripts)
Port debian/autodeps.py to python3 and build-depend on python3 so we can invoke it correctly from debian/rules.
Add lintian overrides for another set of wrong lintian errors for the NSS modules.
Pass --parallel to dh rather than to dh_auto_build, which is slightly more correct.
Check testparm explicitly instead of ignoring all errors
Drop wrong build-dep on libkrb5-dev, samba4 uses heimdal instead.
debian/patches/bug_221618_precise-64bit-prototype.patch: adjust the LFS handling to work independently of header include order. Closes: #727065.
Move update-alternatives upgrade removal handling to the postinst, where it belongs. Closes: 730090.
Really remove all references to encrypted passwords: the samba-common.config script still included references, which could cause upgrade failures in some cases. Closes: #729167.
Check for alternative's presence before calling update-alternatives --remove-all, instead of silently ignoring all errors from update-alternatives.
dhcp3-client is superseded by dhcp-client; update the references in the package. Closes: #736070.
Move the dhcp client hook from /etc/dhcp3 to /etc/dhcp. Closes: #649100.
debian/bin/xsltproc: don't use $FAKETIME as the variable name in our wrapper script, this seems to make faketime unhappy.
Further cleanup of the dhcp hook: remove /etc/dhcp3 directory once it's empty.
Steven Chamberlain (1):
ctdb: Fix detection of gnukfreebsd (Closes: #802621)
Susant Kumar Palai (1):
VFS plugin was sending the actual size of the volume instead of the total number of block units because of which windows was getting the wrong volume capacity.
Thomas Nagy (2):
Reduce the no-op build times by 30%
wafadmin: backported the openbsd fixes from waf 1.7
Thomas Schulz (1):
libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation
Tom Mortensen (2):
nss_wins: ip_pton expects the raw IP address
nss_wins: Fix the hostent setup
Tom Schulz (4):
lib: texpect. Fix the build on Solaris.
s4: tests: Fix nss_tests build on Solaris.
s4: fix linking smbtorture on Solaris.
texpect: undefined symbol rep_fprintf
Uri Simchoni (58):
libads: record service ticket endtime for sealed ldap connections
WHATSNEW: Add description of improved cross-compilation support
net: fix a crash with net ads keytab create
vfs_commit: set the fd on open before calling SMB_VFS_FSTAT
selftest: Avoid system krb5.conf in testenv provisioning
selftest: Avoid system krb5.conf in some test envs that don't use kerberos
selftest: Avoid system krb5.conf in "none" test env
auth: remove a line that has no effect
auth: consistent handling of well-known alias as primary gid
selftest: add test for force user and well-known primary group
smbd: do not disable "store dos attributes" on-the-fly
smbclient: query disk usage relative to current directory
selftest: more dfree command and smbclient disk usage tests
vfs_shadow_copy2: add shadow_copy2_do_convert()
vfs_shadow_copy2: fix case where snapshots are outside the share
vfs_shadow_copy2: add a blackbox test suite
smbcacls: fix uninitialized variable
smbd: show correct disk size for different quota and dfree block sizes
smbd: show correct disk size for different quota and dfree block sizes
selftest: fix test_dfree_quota.sh
winbindd: introduce add_trusted_domain_from_tdc()
winbindd: initialize foreign domain as AD based on trust
winbindd: return trust parameters when listing trusts
smbd: ignore SVHDX create context
passdb: add linefeed to debug message
dsgetdcname: return an IP address on rediscovery
dsgetdcname: fix flag check
libnet: make Kerberos domain join site-aware
build: fix disk-free quota support on Solaris 10
build: fix build when --without-quota specified
vfs_acl_common: avoid setting POSIX ACLs if "ignore system acls" is set
smbcquotas: print "NO LIMIT" only if returned quota value is 0.
libads: record session expiry for spnego sasl binds
heimdal: encode/decode kvno as signed integer
s3-quotas: fix sysquotas_4B quota fetching for BSD
vfs_fake_dfq: add more mocking options
selftest: add disk-free quota tests
smbd: dfree - ignore quota if not enforced
s3-libads: fix a memory leak in ads_sasl_spnego_bind()
auth: fix a memory leak in gssapi_get_session_key()
quotas: small cleanup
smbd: get a valid file stat to disk_quotas
smbd: use owner uid for free disk calculation if owner is inherited
selftest: refactor test_dfree_quota.sh - add share parameter
selftest: add definition of smbcacls to selftesthelpers.py
selftest: add tests for dfree with inherit owner enabled
s4-smbtorture: use standard macros in smb2.read test
s4-selftest: add functions which create with desired access
s4-selftest: add test for read access check
seltest: implicit FILE_READ_DATA non-reporting
seltest: allow opening files with arbitrary rights in smb2.ioctl tests
s4-smbtorture: pin copychunk exec right behavior
smbd: look only at handle readability for COPYCHUNK dest
smbd: allow reading files based on FILE_EXECUTE access right
selftest: add content to files created during shadow_copy2 test
selftest: check file readability in shadow_copy2 test
selftest: test listing directories inside snapshots
vfs_shadow_copy: handle non-existant files and wildcards
Vincent Blut (1):
d/control: Suggest chrony as an alternative to ntp (Closes: #851727)
Volker Lendecke (181):
smbd: Fix a 100% loop at shutdown time
smbd: Fix async echo handler forking (Bug 10086)
smbd: Fix a profile problem
smbd: Simplify dropbox special case in unix_convert
libsmb: Fix a bunch of Coverity IDs
smbd: Use #defines in smb2_getinfo_send
smbd: qfilepathinfo has fixed/variable buffers
smbd: qfsinfo has fixed/variable buffers
smbd: Correctly return INFO_LENGTH_MISMATCH in smb2_getinfo
smbd: Correctly return BUFFER_OVERFLOW in smb2_getinfo
smbd: Revert a93f9c3
smbd: Fix error return for STREAM_INFO
smbd: Correctly return INFO_LENGTH_MISMATCH for smb1
dbwrap_ctdb: Treat empty records as non-existing
smbd: Simplify find_oplock_types
smbd: Don't store in-memory only flags in locking.tdb
smbd: Rename parameter "i" to "idx"
smbd: Fix flawed share_mode_stale_pid API
torture3: Trigger a nasty cleanup bug in smbd
ccan: Fix calling memset with zero length parameter
nsswitch: Fix short writes in winbind_write_sock
smbd: Fix a talloc hierarchy problem in msg_channel
smbd: Fix bug 10284
smbd: Fix regression for the dropbox case.
smbd: Fix a panic when a smb2 brlock times out
s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done().
smbd: Fix memory overwrites
smbd: Fix an ancient oplock bug
smbd: Fix bug 10593
msg_channel: Fix a 100% CPU loop
smbstatus: Fix an uninitialized variable
smbd: Avoid double-free in get_print_db_byname
torture3: Fix bug 10687
samdb: Fix CID 1034910 Dereference before null check
samdb: Fix CID 1034910 Dereference before null check
samdb: Fix CID 1034910 Dereference before null check
ldb: Fix a const warning
ldb: Fix CID 1034793 Dereference null return value
pyldb: Fix CID 1034792 Dereference null return value
ldb_map: Fix CID 1034791 Dereference null return value
ldb: Fix CID 240798 Uninitialized pointer read
ldb: Fix CID 241329 Array compared against 0
ldb: Fix 1138330 Dereference null return value
torture4: Adapt comment to code
torture4: Make raw.lock.multilock fail after 20 seconds
smbd: Remove 2 indentation levels
fix unstrcpy
fix unstrcpy
lib: Remove unused nstrcpy
lib: strings: Simplify strcasecmp
smbd: Properly initialize mangle_hash
media_harmony: Fix a crash bug
s3: smbd: streams - Ensure share mode validation ignores internal opens (op_mid == 0).
smbd: We now survive smb2.oplock.stream1
registry: Don't leave dangling transactions
registry: Don't leave dangling transactions
s3:locking: Rename share_mode_forall->share_entry_forall
s3:locking: Introduce share_mode_forall
s3:locking: allow early return for share_entry_forall()
s3:smbd: Don't rename a dir with files open underneath
s4:torture/smb2: test rename dir deny with open files
s3:locking: Change from ndr_pull_struct_blob() to ndr_pull_struct_blob_all() so we fail if not all bytes are consumed.
pdb_tdb: Fix a TALLOC/SAFE_FREE mixup
pdb_tdb: Fix a TALLOC/SAFE_FREE mixup
dbwrap_ctdb: Pass on mutex flags to tdb_open
tdb: Fix tdb_runtime_check_for_robust_mutexes()
libcli/smb: remember the lease_version in struct smb2_lease
libcli/smb: mask off SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET for version 1
libcli/smb: add smb2_lease_key_equal() helper function
s3:smbd: break oplocks to none with FILE_OVERWRITE
s3:smbd: move all oplock granting code to grant_fsp_oplock_type()
s3:locking: convert brl_have_read field to brl_num_read.
s3:smb2_break: First test for NT_STATUS_INVALID_OPLOCK_PROTOCOL, then for in_oplock_level being reasonable
profiling: Make "struct profile_header" static
profiling: Fix a typo
profiling: Move some #defines to profile.c
profiling: Fix a typo
profiling: Only compile utils/status_profile.c if profiling is enabled
profiling: Only compile profile/profile.c if profiling is enabled
profiling: Remove some #ifdefs
profiling: Remove a big DEBUG statement
profiling: Make WITH_PROFILE span more in smbprofile.h
s3:smbd: factor out a send_break_to_none() helper function
s3:smb2_server: add smbd_smb2_send_lease_break() helper function
s3:locking: add leases_db infrastructure
s3:locking: add downgrade_share_lease() helper function
s3:smbd: add fsp_lease_type() and get_lease_type() helper functions
s3:smb2_create: allow durable handles with SMB2_LEASE_HANDLE
s3:smb2_create: validate durable reconnects with leases
s3:smbd: add file_find_one_fsp_from_lease_key() helper function
s3:smbd: add lease related helper functions to open.c
s3:smbd: add lease key validation functions to open.c
s3:smbd: add lease related helper functions to oplock.c
s3:smbd: Implementation of SMB2.1 and SMB3.0 leases.
s3:smb2_create: support leases and pass them down to the VFS layer.
pdb_tdb: Avoid a nasty error message with ctdb
tdb_wrap: Make mutexes easier to use
net: Fix sam addgroupmem
smbd: Fix CID 1063259 Uninitialized scalar variable
net: Fix sam addgroupmem
vfs_fruit: fix base_fsp name conversion
vfs_fruit: mmap under FreeBSD needs PROT_READ
lib: Use tdb_parse_record in gencache_set
vfs: Fix a typo
vfs: Fix a typo
snprintf: Try to support %j
waf: Fix the build on openbsd
talloc: Decouple the dual use of chunk->pool
talloc: Introduce __talloc_with_prefix
talloc: Put pool-specific data before the chunk
talloc: Add a separate pool size
talloc: Allow nested pools.
talloc: Add talloc_pooled_object
talloc: Test the pooled object
talloc: Tune talloc_vasprintf
smbd: Make SMB3 clients use encryption with "smb encrypt = auto"
replace: Fix bug 11455
ctdb: Fix the build on FreeBSD 10.1
loadparm3: Add lp_wi_scan_global_parametrics()
idmap: Move idmap_init() under the static vars
idmap: Initialize all idmap domains at startup
idmap: Use a range search in idmap_backends_unixid_to_sid
idmap: Remove "domname" from idmap_backends_unixid_to_sid
idmap: Remove "domname" from idmap_uid_to_sid
idmap: Remove "domname" from idmap_gid_to_sid
idmap: Remove dom_name from wbint_Uid2Sid
idmap: Remove dom_name from wbint_Gid2Sid
winbind: Do not look for the domain in wb_uid2sid
winbind: Do not look for the domain in wb_gid2sid
winbind: Remove "have_idmap_config" from winbindd_domain
samr4: Use <SID=%s> in GetGroupsForUser
winbind: Fix 100% loop
lib: We only need the fd-passing check once
lib: Move some routines around in msghdr.c
lib: Support fd passing using the 4.3BSD way
lib: We can do ACCRIGHTS style fdpassing
smbd: Send SMB2 oplock breaks unencrypted
vfs_gpfs: Re-enable share modes
winbind: Don't crash on invalid idmap configs
param: Fix str_list_v3 to accept ; again
smbd: Fix CID 1351215 Improper use of negative value
smbd: Fix CID 1351216 Dereference null return value
param: Fix str_list_v3 to accept ; again
ldb: Fix some whitespace
ldb: Avoid a "talloc_steal"
spnego: Correctly check asn1_tag_remaining retval
libsmb: Fix CID 1356312 Explicit null dereferenced
libads: Fix CID 1356316 Uninitialized pointer read
asn1: Remove an unused asn1 function
asn1: Make asn1_peek_full_tag return 0/errno
asn1: Add overflow check to asn1_write
asn1: Add some early returns
asn1: Make "struct nesting" private
asn1: Add asn1_has_error()
lib: Use asn1_has_error()
asn1: Add asn1_set_error()
lib: Use asn1_set_error()
asn1: Add asn1_extract_blob()
lib: Use asn1_extract_blob()
asn1: Add asn1_has_nesting
lib: Use asn1_has_nesting
asn1: Add asn1_current_ofs()
lib: Use asn1_current_ofs()
libcli: Remove a reference to asn1->ofs
asn1: Remove a reference to asn1_data internals
asn1: Make 'struct asn1_data' private
spnego: Correctly check asn1_tag_remaining retval
libsmb: Fix CID 1356312 Explicit null dereferenced
libads: Fix CID 1356316 Uninitialized pointer read
winbind: Fix CID 1357100 Unchecked return value
vfs_catia: Fix bug 11827, memleak
smbd: Avoid large reads beyond EOF
nwrap: Fix the build on Solaris
dbwrap_ctdb: Fix ENOENT->NT_STATUS_NOT_FOUND
smbd: Fix an assert
smbd: Reset O_NONBLOCK on open files
gencache: Bail out of stabilize if we can not get the allrecord lock
glusterfs: Avoid tevent_internal.h
spoolss: Fix caching of printername->sharename
CVE-2016-2123: Fix DNS vuln ZDI-CAN-3995
CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
YvanM (1):
manpage: corrected small typo error
bubulle (589):
Added Malayalam translation
Tamil translation added
releasing version 3.0.23d-3
Add Slovenian translation. Yes, one more update to come and, this time,
3.0.23b-4 released (/me hides)
Fix pointers to the documentation in the default smb.conf file
Prepare for 3.0.24-1
Adapt the patch for 3.0.24
Corret typo
Separate the list of security advisories in two parts: those affecting
Do not expose the Samba verison anymore (merge Ubuntu change)
Default workgroup set to WORKGROUP
Fix FTBFS for GNU/kFreeBSD
Add "winbind enum*" settings to smb.conf as a kind of answer to #368251
Remove changes from the trunk
French translation update
While I'm at it, convert to UTF-8
Slovenian translation (sent directly to me)
Malayalam translation update
Traditional Chinese translation update
Turkish translation update
Stupid mistake by stupid translator
Italian translation update
Finnish translation update
Dutch translation update
Nepali translation update
Portuguese, Arabic, Russian updates
Greek translation update
Norwegian Nynorsk added
Marathi translation added
Remove conflict markers. Thanks, Julien.
Modify for 3.0.25rc1
Update for 3.0.25. There have been file organization changes upstream, so a
No longer useful after upstream changes
Modified for 3.0.25rc1
Refresh and modified for 3.0.25rc1 (one change was merged upstream)
Modified for 3.0.25rc1
Upstream no longer has unbreakable spaces in manpages
Refresh all patches for 3.0.25rc1
Changelog for the new upstream version
Upstream bug #3634 is fixed in 3.0.25. These bugs seem related to it
Just for the sake of it (359155 and 366800 are merged anyway)
Convert to UTF-8 (the file will be better handled in Pootle)
This will be fixed in 3.0.25
Typo in closed bug
Yet another documentaiton bug that'll be fixed in 3.0.25
Some more issues fixed in 3.0.25
Refresh patches for 3.0.25rc2
#388282 is fixed in 3.0.25
/etc/dhcp3/dhclient-enter-hooks.d/samba tests for /etc/init.d/samba
Add a header for comments...and put comments in
Comment all patches
Wolof debconf translation updated
Changelog for the released version
Enforce building with ADS support
Merged a small Ubuntu change: use PIDDIR instead of hardcoding /var/run/samba
Change the default file permission in [HOMES] from 0700 to 0600
Recreate winbindd_cache.tdb in the cache directory and not the lock
Adapt to 3.0.25a
Next version will be 3.0.25a
Refresh for 3.0.25a
Refresh all patches for 3.0.25a (cosmetic refresh)
Back to 0700 as Steve has more points than me..:-)
Wrap too long line in packages' descriptions
Fix an old badly formatted Closes: statement
swat and samba depend on openbsd-inetd | inet-superserver and no longer
type-handling has been fixed for the new ostable format so we can use it again
Document the revival of type-handling
Wrap description lines also in control.in (sigh)
Avoid installing extra GPL license files in the documentation directory
Release 3.0.25a
Comment the patch
Give credit where it's due
Note that the patch has been forwarded and unmess Steve's first name
Split out samba.patch which seems made of two different fixes
Document that we forwarded this really nice piece of "what is this meant
Give credit
Remove unused patch top avoid extra cruft in built packages
Give credit and mention the bug that this patch probably fixes
Give credit and record forwarded bugs
Split out samba.patch again. One chunk is more or less identified while the
More comment about this patch
Danish translation updated
Add comments from investigations by Sherlock Langasek
Remove the splitted part. By chance several pair of eyes are watching over
Clean out some remaining files that are still there after "make clean".
Drop smbmount-unix-caps.patch and add the missing userspace patches
Refresh patch after dropping smbmount-unix-caps.patch
Note that we reminded upstream about this patch
Add winbind and samba-common to samba-dbg
This patch has bene applied upstream
Replace all occurrences of ${Source-Version} by ${binary:Version}
don't forget control.in....:-)
Release 3.0.25a-2
Refresh for 3.0.25b
Open new changelog entry for 3.025b
Dropped patch (applied upstream)
Refresh all patches for 3.0.25b
Add bug closure lines for bugs fixed upstream
Prepare for the new release
Prepare the release of 3.0.25b-1
bail out if there's no "mail" command
Remove Extra Capitalization As We Are Not Speaking German
Gujarati translation updated
Use Ubuntu wording for the comment (except that "valid users" is
Correct syntax in example
Really correct syntax
Ignore the declaration of the function as well
Prepare the new future release
Refresh patches for 3.0.25c
Fix the build of Python bindings
Turn the dependency of swat on samba-doc to a Recommends
Drop the python-samba package
Prepare for release
Prepare 3.0.26
Remove the samba-common/unsupported-passdb debconf template dealing with
Remove the useless samba/tdbsam debconf template
Run debconf-updatepo before the release
Hebrew translation updated
The Hebrew translation is added, not updated
Split out fhs.patch
Better comment for that patch. The bug it fixes has now been identified.
Lost changes when I splitted fhs.patch out
Doh, again....
Bug numbers were inverted in the patch rationale
Compile with DNS update support
Update the "built by" part of README.debian
Remove very outdated parts of README.debian
Release 3.0.28-1
Mark two patches as being applied upstream
Mark patch as applied upstream
Release 3.0.28-2
Indonesian debconf translation added
Prepare the 3.0.28a release
make-distclean.patch was applied upstream
linux-cifs-user-perms.patch was applied upstream
Yet another patch that was applied upstream
Refresh for 3.0.28a following the usual method
Adapted for 3.0.28a. The patch wasn't applying cleanly.
Cleaner patch
This patch was applied upstream as well
Patch applied upstream
Refresh patches wrt 3.0.28a
Split last entry to have a linear changelog
Fix doc-base section
Fix copyright
Fix section in doc-base documents
Upgrade Standards
Don't use -1 revision in Build-Depends (thanks lintian)
Document build-depends change
Release 1:3.0.28a-2
Drop "invalid users = root" from default smb.conf
Remove versioned Build-Depends as they're all satisfied in etch
Remove Conflicts with non-existing packages
Drop dpkg-dev as it is Build-Essential
"New" policy for commented settings in smb.conf:
No longer gratuitously use /usr/lib/libsmbclient.so.0.1
Add idmap_*(8) man pages
Create the entire set of directories needed by clients for Point-and-Click printing (including old clients)
Update copyright and README.debian information wrt current and past maintainers
I forgot to correct that file
Add doc-base files for samba-doc-pdf
There was a bug report about "invalid ursers = root".
Remove "socket options" which is the default value anyway
Kurdish translation added
Keep the "socket options" setting
Load samba-3.0.29 into branches/samba/upstream.
Load samba-3.0.29 into branches/samba/upstream.
Merge upstream 3.0.29 in trunk
Adapt patches for 3.0.29
Two more lines to change
Release 3.0.29-1
Load samba-3.2.0rc1 into branches/samba/upstream-3.2.
Load samba-3.0.30 into branches/samba/upstream.
3.0.30-1 released
(brown paper bag) release
Add soft dependency on slapd in init script
Load samba-3.2.0rc2 into branches/samba/upstream.
Release version
Follow new naming scheme of cups package
Localize SWAT in German
Fix upstream bug 5517. Thanks to Jamie Strandboge
Load samba-3.0.31 into branches/samba/upstream.
I apparently forgot updating the trunk with 3.0.30-4
merge upstream 3.0.31
Changes for 3.0.31-1
Update this patch for 3.2.1
Update this patch for 3.2.1
Update this patch for 3.2.1
Next release will be 3.2.1-1: The RMs said yes...
Load samba-3.2.2 into branches/samba/upstream.
merge upstream 3.2.2
cifs.spnego is replaced by cifs.upcall
No more need to renamed libsmbclient.so
Adapt for 3.2.2
Adapt for 3.2.2
Adapt for 3.2.2
Fix FTBFS on GNU/kFreeBSD
Georgian translation added
Polish translation added
Release 3.2.3-3
Correct changelog entry
Create /var/lib/samba in samba-common
The typo in cifs.upcall.8 is fixed in 3.2.4
Release 3.2.4-1
Better document cases where using a master file for smb.conf is not a good
Add (commented) example add machine and group scripts in the default smb.conf file
Load samba-3.3.0pre2 into branches/samba/upstream.
Revert the merge of 3.3.0~pre2 in upstream branch
Move Homepage to Homepage: field
Load samba-3.2.5 into branches/samba/upstream.
merge upstream 3.2.5
Released 2:3.2.5-1
Fix typo in bug number in a comment
Add missing /usr/lib/samba/nss_info/*.so files and relevant links
Fix for bug #459243
Released 2:3.2.5-2
Fix links in HTML documentation index file
We'll drop the spurious file in next release
Release 2:3.2.5-3
Patches for bugs #509101 and #500129 are reported to be OK. Commit them
Correct bug closure
Traditional Chinese translation update
Load samba-3.3.1 into branches/samba/upstream.
merge upstream 3.3.1
Update for 3.3.1
Update for 3.3.1
Next release is 3.3.1
Bugs closures for bugs fixed upstream
Use an alternative also for smbstatus.1
Re-fix slave links for manual pages in samba-common. Closes: #517204.
Load samba-3.3.2 into branches/samba/upstream.
merge upstream 3.3.2
Next upload will be 3.3.2
Refresh for 3.3.2
Release 2:3.3.2-1
Move samba-dbg to Section: debug
Update copyright for year 2009
Dropping Adam from Uploaders:
Drop Eloy from Uploaders after his agreement
Release 2:3.3.2-2 (and minor formatting change to changelog)
Load samba-3.3.3 into branches/samba/upstream.
merge upstream 3.3.3
Refresh for 3.3.3
Adapt for 3.3.3
Drop patch that was applied upstream
Next release will be 3.3.3-1
Two bugs fixed upstream
Prepare 2:3.3.3-1 release
Bengali translation added
Add idmap_tdb2 module
Document change
No longer apply shrink-dead-code as it breaks VFS modules
BEtter comments after digging into patches with Michael Adam
Load samba-3.3.4 into branches/samba/upstream.
Next release will be 3.3.4, new upstream
Comment that this patch is applied upstream in 3.4
No longer shrink dead code from smbd as suggested by Michael Adam on IRC
Bug fixed by 3.3.4
merge upstream 3.3.4
winbindd and vfstest also shouldn't be trimmed
No longer compiler with clustering support on non-Linux platforms
Basque translation update
Release 2:3.3.4-2
Italian translation update
Update comment for that patch
Drop patch. The issue that was worked around by this patch had been fixed by
Load samba-3.3.5 into branches/samba/upstream.
merge upstream 3.3.5
Revert the 3.3.5 merge which I did in an unclean copy of the trunk..:-(
Really merge 3.3.5
Adapt for 3.3.5 (file renamed)
New upstream version
File was renamed upstream
File was renamed upstream
Revert accidental commit. 3.3.5 is not yet released
Really copy the right file
Use a versioned dependency on debhelper to fit what we have in debian/compat
Don't use an absolute path when calling mksmbpasswd
Update Standards to 3.8.2
Upgrade debhelper compatibility level to 6
Release 2:3.3.5-1
Load samba-3.3.6 into branches/samba/upstream.
merge upstream 3.3.6
New upstream release
Prepare release
Updated Czech translation
Updated Russian translation
Load samba-3.4.0 into branches/samba/upstream.
merge upstream 3.4.0
Merge experimental branch and prepare the release of 3.4.0 in unstable
Back to 3.8.2 for Standards
Release 3:3.4.0-1
German translation update
File rename forgotten in r2977
Release 2:3.4.0-2
Fix "invalid argument" when trying to copy a file from smb share
Release 2:3.4.0-3
Use DEP-3 for patch's meta-information
Use DEP-3 for all patches
Load samba-3.4.1 into branches/samba/upstream.
merge upstream 3.4.1
Patch is applied upstream
New upstream release
More fixed upstream bugs
Change build dependency on libreadline*-dev
Load samba-3.4.2 into branches/samba/upstream.
merge upstream 3.4.2
Release 2:3.4.2-1
Load samba-3.4.3 into branches/samba/upstream.
merge upstream 3.4.3
Open changelog entry for new upstream release
Patch was applied upstream
Adapt to 3.4.3
Bump Standard-Version to 3.8.3 (checked)
One bug fixed by new upstream version
Refresh all patches to avoid fuzzy applies (from the source 3.0 wiki
Switch to source 3.0 (quilt) format
Better example for "add machine script"
releasing version 2:3.4.3-2
Allow building on sparc64
The list of arches is updated by the update-archs target, I forgot
Load samba-3.4.4 into branches/samba/upstream.
merge upstream 3.4.4~dfsg
Drop now useless patch
Adapt to the slightly new format of manpages in 3.4.4
Update for 3.4.4
New upstream version
Mark upstream bugs as fixed
Adapt watch file to the upse of "~dfsg"
No longer include /var/run/samba in samba-common. The directory is
No longer prepend a patch before mksmbpasswd call
Load samba-3.4.5 into branches/samba/upstream.
merge upstream 3.4.5~dfsg
New upstream release
Load samba-3.4.5 into branches/samba/upstream.
Merge with new version of DFSG-free upstream tarball
Declare a versioned dependency of winbind on libwbclient0
Versioned dependency for samba too
Bugs fixed upstream
Release 2:3.4.5~dfsg-1
No longer maker (u)mount.cifs setuid root
Use dh_lintian instead of manual install of lintian overrides
Use dh_makeshlibs for winbind too, removing a (useless?) lintian
pdate Standards to 3.8.4
Release 2:3.4.5~dfsg-2
Load samba-3.4.6 into branches/samba/upstream.
merge upstream 3.4.6
New upstream release
Adapt patches for 3.4.6
Release 2:3.4.6~dfsg-1
Add correct build dependency on libtalloc-dev
Add bug closure for #572603
Add avr32 to arches with a build dependency on ctdb
Load samba-3.4.7 into branches/samba/upstream.
Merge upstream 3.4.7
New upstream release
Release 2:3.4.7~dfsg-1
No longer build the smbfs package
Portuguese debcofn translation
Merge 3.5.1 from experimental
Revert to 3.4.7...for now?
add an if-up.d script for samba to try to start nmbd, if it's not
allow "NetworkManager" as a recognized address family... it's
Release 2:3.4.7~dfsg-2
Spanish (Omar Campagne). Closes: #579011
Drop deprecated 'share modes' parameter from default smb.conf
Fix typos
Enable PIE during configure. Closes: #509135
* Avoid winbind's logrotate script to fail when there is no
Add explanations about "passdb backend" default setting change
Load samba-3.4.8 into branches/samba/upstream.
merge upstream 3.4.8
New upstream release
Bug closures for bugs fixed upstream
Release 2:3.4.8~dfsg-1
Don't copy system accounts from /etc/passwd to
Update Standards to 3.9.0
Backport patch for upstream bug #7139 to fix "owner of file not
Galician (Jorge Barreiro). Closes: #592809
Galician (Jorge Barreiro). Closes: #592789
Revert extra changelog entry
Revert to original file
Merge upstream 3.5.4~dfsg
Diff between 3.4.7~dfsg-2 and 3.5.2~dfsg-2
Sync with changes between 3.5.2~dfsg-2 and 3.5.4~dfsg-1
Merge 3.5.4 in upstream branch
Drop irrelevant patch for 3.5.*
Clean out changelog from cruft coming from various merges
Drop 0-byte patches. They were not in the experimental branch
Release 2:3.5.4~dfsg-2
Arabic (Ossama Khayat). Closes: #596164
Fix comment in swat's postinst. It is not turned off by default
Drop transition code from (pre-etch) 3.0.20b-3 version in swat postinst
Load samba-3.5.5 into branches/samba/upstream.
Merge upstream 3.5.5
New upstream release
Release version 2:3.5.5~dfsg-1
Load samba-3.5.6 into branches/samba/upstream.
merge upstream 3.5.6
New changelog entry
Adapt autoconf.patch for 3.5.6
Add mention of Debian bug fixed upstream
Release 2:3.5.6~dfsg-1
*
* Catalan (Jordi Mallach). Closes: #601101
Kurdish (Erdal Ronahî). Closes: #601719
* Japanese (Kenshi Muto). Closes: #601364
Dutch (Remco Rijnders). Closes: #602220
Commit Turkish translation that I previously forgot
Support armh port. Closes: #604523
Greek (Konstantinos Margaritis).
Revert armh port support changes
Include upstream's patch for "gvfsd-smb (Gnome vfs) fails to copy
Release 2:3.5.6~dfsg-2$
Bump libwbclient0 shlibs to match the newest version in the symbols file.
Mark libwbclient0 as breaking other samba packages with versions older
Release 2:3.5.6~dfsg-3
Brazilian Portuguese (Adriano Rafael Gomes). Closes: #607402
Fix pam_winbind file descriptor leak with a patch
Release 2:3.5.6~dfsg-4
Fix FTBFS on Hurd. Closes: #610678
Only try parsing dhcpd.conf is it's not empty,
Release 2:3.5.6~dfsg-5
Use architecture wildcard "linux-any" in build dependencies
Really so the following:
Load samba-3.5.7 into branches/samba/upstream.
merge upstream 3.5.7
New upstream release
Fix syntax
Load samba-3.5.8 into branches/samba/upstream.
Release 2:3.5.7~dfsg-1
merge upstream 3.5.8
New upstream release
* New upstream release. This fixes the following bugs:
printing from Windows 7 fails with 0x000003e6
Adapt patches for 3.5.8
Use db_settitle in debconf questions and make these
Update PO(T) files
French (Christian Perrier)
Test the presence of testparm before trying to use it in init script
Document the newly introduced "map untrusted to domain" parameter
Add Closes
* French (Christian Perrier)
* Esperanto (Felipe Castro). Closes: #626558
Update translations
Unfuzzy Hebrew translation with translator's agreement
Revert the new NEWS.Debian entry. It only belongs to the squeeze branch
Italian (Luca Monducci). Closes: #626674
Add cups to Should-{Start,Stop} in LSB headers of
Translation updates
Drop libsmbclient-dev useless dependency on samba-common
Czech (Miroslav Kure). Closes: #627442
* Italian (Luca Monducci). Closes: #626674
Release 2:3.5.8~dfsg-3
Spanish debconf translation
Swedish (Martin Bagge / brother). Closes: #627849
Brazilian Portuguese (Adriano Rafael Gomes). Closes: #627866
Simplify changelog
bug_601406_fix-perl-path-in-example.patch: fix path to perl
Release 2:3.5.8~dfsg-4
Fix "tdb2.so undefined symbol: dyn_get_STATEDIR" by fixing a typo
Add bug closure
Release 2:3.5.8~dfsg-5
Load samba-3.6.0rc2 into branches/samba/upstream.
Revert upstream branch to 3.5.8....oops
Add "--quiet" to start-stop-daemon call in reload target in init script. Closes: #572483
Add examples/LDAP in examples for the samba package. With this, samba.schema will be provided in some way in the package. Closes: #190162
patches/bug_221618_precise-64bit-prototype.patch: precise
Don't close #190162
Load samba-3.5.9~dfsg into branches/samba/upstream.
Merge release 3.5.9
Next release is a new upstream release
Restore a really correct version of this patch, which apaprently got
Adapt patch to 3.5.9
Adapt patch to 3.5.9
patches/no-unnecessary-cups.patch: dropped after upstream
Oops
Update Standards to 3.9.2 (checked, no change)
Add build-arch and build-indep targets in debian/rules
Release 2:3.5.9~dfsg-1
Load samba-3.5.10 into branches/samba/upstream.
Merge upstream 3.5.10
New upstream version
Correct version
Load samba-3.5.11 into branches/samba/upstream.
Merge upstream 3.5.11
New upstream release
Release 2:3.5.11~dfsg-1
Merge upstream 3.6.1 source
Merge from experimental branch
Release 3.6.1-2
Increase libkrb5-dev dependency to avoid depending on
Release 2:3.6.1-3
Load samba-3.6.2 into branches/samba/upstream.
Merge upstream 3.6.2
* New upstream release
Release 2:3.6.2-1
Polish (Michał Kułach). Closes: #657770
Load samba-3.6.3 into branches/samba/upstream.
merge upstream 3.6.3
* New upstream release
Release 2:3.6.3-1
Set minimal version of tdb ot 1.2.6 in Build-Depends
(thanks, backports!)
slo slk sk Slovak (Ivan Masár). Closes: #661125
Fix example samba.ldif syntax. Closes: #659963
* Removed references to the testprns command from documentation
Lower priority of debconf question to medium after some pondering.
* Merge some Ubuntu patches:
samba.postinst: Add more informative error message for the case
Release 2:3.6.3-2
Correct changelog to reflect files that were really changed
After some thoughts, find another way to document the changes that were really made in 3.6.3-2
Load samba-3.6.4 into branches/samba/upstream.
Merge upstream 3.6.4
Released 2:3.6.4-1
Load samba-3.6.5 into branches/samba/upstream.
Merge upstream 3.6.5
Prepare new upstream release
Build-Depend on debhelper >= 9~ (which is in unstable for a few
Use "set -e" in winbind postrm instead of passing -e in the
Update Standards to 3.9.3 (checked, no change)
Use "set -e" in all maintainer scripts
Release 2:3.6.5-1
Make samba-common "Multi-Arch: foreign"
Adapt patch in upstream #7499 and stop nss_wins clobbering other
Add some mention about some use for the user information in Kerberos
The yearly "SambaXP bug cleaning party" release. 11 years
Drop link to no longer provided "Using Samba" documentation in
Provide WHATSNEW.txt in samba-doc too as it is linked from the
Fix typo in changelog
Fix link to WHATSNEW.txt in HTML documentation summary file. This
Use lp_state_dir() instead of get_dyn_STATEDIR() in
Disable smbtorture4 build
Add upstream commit that adds waf source to the buildtools/
Record that this patch has been forwarded
Properly use "Forwarded:" and "Bug:" to record whether patches have
Move update-inetd calls from postrm scripts to prerm.
Revert r4076
Build-Conflict with python-ldb and python-ldb-dev to avoid build
Rename fix-samba.ldip-syntax.patch to fix-samba.ldif-syntax.patch
Put correct forwarded information in patch
* Split NSS modules into a new libnss-winbind binary package.
Typo fix
Drop code that was moving files around in samba.postinst for
Drop code that was modifying a deprecated "passdb backend" setting
Drop code that was moving files around in samba.postinst and
Add Should-Start dependency to winbind init script to guarantee
Provide a (basic) manpage to smbtorture(1). Closes: #528735
Turkish debconf translation update (Atila KOÇ). Closes: #672447
Drop the code that generates an smbpasswd file from the system's
Add lintian overrides for new libnss-winbind package
Drop libnss lintian overrides from libpam-winbind package
Run debconf-updatepo to update translation afterremoval of a template
* Merged from Ubuntu:
Add debian/libnss-winbind.lintian-overrides
Release 2:3.6.5-2
Add Breaks and Replaces on libpam-winbind for newly created
Release 2:3.6.5-3
Make libpam-winbind depend on libnss-winbind.
Add libutil_drop_AI_ADDRCONFIG.patch that allows running nmbd when
No longer install if-up script
Release 2:3.6.5-5
Not yet released
Release 2:3.6.5-6
Load samba-3.6.6 into branches/samba/upstream.
merge upstream 3.6.6
Drop patches that have been applied in 3.6.6
Refresh for 3.6.6
Refresh for 3.6.6
Next release will be a new upstream
Adapt for 3.6.6
Release 2:3.6.6-1
Use xz compression for binary packages. Release 2:3.6.6-2
Load samba-3.6.7 into branches/samba/upstream.
Merge upstream 3.6.7
New upstream release, meant for experimental
Release 2:3.6.7-1 in experimental
Load samba-3.6.8 into branches/samba/upstream.
merge upstream 3.6.8
New upstream release
Released 2:3.6.8-1
Load samba-3.6.9 into branches/samba/upstream.
Merge upstream 3.6.9
Release 2:3.6.9-1
Load samba-3.6.10 into branches/samba/upstream.
merge upstream 3.6.10
releasing version 2:3.6.10-1
ctrlsoft-guest (5):
Note that some patches have been forwarded upstream and will be part of 3.0.26.
Fix bashism in smbtar.
Add missing newline.
Really fix missing newline.
Add ldb-tools to suggests of Samba.
idd-guest (36):
* Update symbols file for libsmbclient and libwbclient0
fix typo in Colin Watson's name
git-svn-id: svn://svn.debian.org/svn/pkg-samba/trunk/samba@4105 fc4039ab-9d04-0410-8cac-899223bdd6b0
* Backport vfs_shadow_copy2 from master, to allow shadow copy to work
* libnss-winbind: Suggests libpam-winbind
Enable ctdb for non-linux archs.
* Update symbols file for linux-only symbols in libsmbclient. This should
* Remove old if-up script during upgrade.
2:3.6.5-7 is released
Only enable swat in inetd.conf on first install. Closes: #658245
minor lintian fix: debian-news-entry-uses-asterisk
Minor lintian fix:
minor lintian fix:
Lintian fix: add patch description
Minor lintian fixes.
Remove DHCP hook. Closes: #652942, #629406, #649100
Don't reload smbd when running from inetd. Closes: #678741
Don't start smbd when guest account doesn't exist. Closes: #653382
Only export public symbols in libsmbclient and libwbclient.
Load samba-3.6.12 into branches/samba/upstream.
merge upstream 3.6.12
upstream version 3.6.12
Install pkgconfig file in libsmbclient-dev. Closes: #700643
release 2:3.6.12-1 to experimental
Load samba-3.6.13 into branches/samba/upstream.
merge upstream 3.6.13
upstream version 3.6.13
refresh patches for new upstream
samba: Suggests winbind. Closes: #689857
releasing 2:3.6.13-1 to experimental
* Move binary files out of /etc/samba to /var/lib/samba,
release 2:3.6.13-2 to experimental
Load samba-3.6.14 into branches/samba/upstream.
merge upstream 3.6.14
import upstream release 3.6.14
release 2:3.6.14-1 to unstable
jelmer (8):
Fix slave links for manual pages in samba-common. Closes: #517204.
Properly rename smbstatus.1 for alternatives. Closes: #534772
Add libwbclient-dev package.
Build against external libtdb.
Bump standards version to 3.9.1 (no changes).
debian/samba.if-up: Use invoke-rc.d.
revert use of invoke-rc.d
Allow installing smbclient package together with newer versions of
luk (2):
* Ship wbclient.pc so cifs-utils can be built again (Closes: #672733).
Ship wbclient.pc file in multiarch safe directory (Closes: #674215).
mparent-guest (3):
enable clustering by default (CTDB). Closes: #514050
* ensure clustering is enabled with --with-cluster-support=yes
samba suggests ctdb
noel (8):
starting 3.0.25a-3 entry
3 bugs fix this release from the bts
added samba-tools, smbfs is removed in smbfs package, make the listing a bit more readable
3.2.1 fixes #493752, Fix trusted domain handling in Winbindd.
starting coming 3.2.2
fixing lintian warning build-depends-on-1-revision
Document the samba-common-bin split in NEWS.Debian. Closes: #534717
reverted last commit after discussion that the bug #534717 is already fixed with the Recommends:
obnox-guest (1):
samba:shrink-dead-code.patch: add a comment why this patch is bad
petere (2):
Don't ignore errors from make distclean, as per lintian check
* Removed myself from Uploaders
raghavendra talur (6):
vfs_glusterfs: Remember the connect path too for reopening.
vfs_glusterfs: Set connectpath as snapdir-entry-path.
vfs/glusterfs: Change xattr key to match gluster key.
vfs_glusterfs: Remember the connect path too for reopening.
vfs_glusterfs: Set connectpath as snapdir-entry-path.
vfs/glusterfs: Change xattr key to match gluster key.
sathieu (3):
Corrected Vcs-Browser
Builddep on ctdb-dev or ctdb < 1.10
ctdb-deb -> libctdb-dev
vorlon (324):
directory for samba packages under the new heirarchy
finish shuffling directories, giving us a samba tree in a
Bump the version for a proper non-native upload
restore changes to the trunk -- changes should always be committed to the
support creating /etc/samba/dhcp.conf the first time the script is
mark the release for upload to unstable, to see what the release team says
Documentation fix for a problem affecting upgrades from sarge: if passdb
Galician translation updated
Updated Swedish translation; closes: #414610.
Updated Brazilian Portuguese translation; closes: #414603.
Updated German translation; closes: #414630.
Updated Norwegian Bokmål translation; closes: #414619.
Updated Bulgarian translation; closes: #414624.
Updated Romanian translation; closes: #414629.
Updated Tagalog translation; closes: #414637.
Updated Spanish translation
Updated Khmer translation
Updated Thai translation; closes: #414664.
Updated Slovak translation; closes: #414665.
normalize the .po file so we can have sane diffs :)
Updated Simplified Chinese translation; closes: #414671.
Updated Japanese translation; closes: #414673.
Updated Hungarian translation; closes: #414677.
Updated Dzongkha translation; closes: #414680.
Updated Estonian translation; closes: #414679
Updated Catalan translation
normalize again
Updated Albanian translation; closes: #414778.
Updated Czech translation; closes: #414793.
minor revision
change the upload target
Updated Korean translation; closes: #414883.
normalizing po's
normalize po's
Fixed the regexp used for matching broken passdb backend settings, since
Arrrgh, cut'n'paste error in the regexp in the last upload, so the bug is
New Esperanto translation; thanks to Serge Leblanc. Closes #417795.
Updated Basque translation; thanks to Piarres Beobide. Closes: #418196.
bump the version number to the latest RC, use ~ in the version string so
refresh patches with conflicts for 3.0.25rc3
document the refresh process /within/ the patch :)
fix the python bindings so that they build in 3.0.25rc3; patch should be
Fix up for 3.0.25.
Further fix-ups for 3.0.25
Bump version for the 3.0.25 release
Comment out use of type-handling in the clean target, because type-handling
mark for release
samba and swat should both depend directly on update-inetd, because
Update samba.config to not override user preference on passdb.tdb creation
restore wrongly-dropped no_smbmount_symlink patch
Drop the last vestiges of the unified samba.patch; this reverts the change
Vietnamese debconf translation updated; closes: #426979.
Don't start nmbd if 'disable netbios' is set in the config. Closes: #429429.
Always use opt_gid and opt_uid, set to those of the invoking user, when
Fix up fhs.patch for some new FHS regressions:
support setting a default uid and gid value when mount.cifs is called as
canonicalize mount point names when umount.cifs is called, to avoid
The CIFS_IOC_CHECKMOUNT ioctl check in umount.cifs assumed that errors would
refresh from control.in with the current list of known Linux archs
quilt refresh with --no-timestamps, so that future refreshes for new upstream
Fix pam_smbpass to no longer call openlog() and closelog(), since this will
swat should depend only on inet-superserver, not update-inetd, per Marco
fix the patch to apply cleanly against pristine upstream sources
Update patch to use pam_vsyslog if available; consistent with the behavior of
Revert svn revision 1480; as discussed with Christian privately, the previous
mark for release
revert "syntax" changes; the leading double-quote is part of the search
* fhs.patch: net usershares should also be stored under /var/lib, not under
move {data,state,cache}_path() functions into fhs-newpaths.patch, which is
tag with the mergeWithUpstream option for svn-buildpackage
merge locally committed changes (yay, bzr-svn?)
On Ubuntu, support autopopulating the sambashare group using the existing
Using addgroup in the postinst requires a dependency on non-essential adduser
patch submitted upstream
Update Samba to explicitly use the C locale when doing password changes, to
Enforce creation of the pid directory (/var/run/samba) in the samba init
drop the patch to force bsd as the default printing system, as CUPS is now
new upstream release, fixes CVE-2007-5398 and CVE-2007-4572
mark for release
Drop the deprecated "printer admin" example from the default smb.conf.
Creating directory for import
Load samba-3.0.27a into branches/upstream.
whoops, put the branch under the package name
merge upstream 3.0.27a into svn
new upstream version, closes: #451839
no longer use the "mergeWithUpstream" property
Patch newly-merged upstream
refresh patches to apply cleanly against current upstream
Add a *new* debian/patches/cups.patch to *enable* cups as the default
Updated list of linux architectures, per type-handling
Set the default value for the workgroup question to "WORKGROUP" in
Drop some code from samba.postinst that only applies to upgrades from
mark for upload
disable plaintext authentication on the client, and lanman authentication on
merge revisions 1599-1613 from the no-more-smbfs branch
* Don't build the userspace tools for the deprecated smbfs kernel driver
and we don't need lintian overrides for the removed binaries any more, either
close another (Ubuntu) bug with the smbfs change
* debian/panic-action: detect when we're on an Ubuntu system and direct bug
* debian/samba.init: call log_progress_msg separately for each daemon on
* Drop smbldap-tools to Suggests:, consistent with the textbook meaning of
* Get rid of the build-dependency on type-handling:
releasing version 3.0.27a-2
Load samba-3.0.28 into branches/samba/upstream.
merge upstream 3.0.28
switch to using sed -i, cleanup to facilitate switching to ucf
add documentation on merging new upstream versions
move the config file name into a variable for brevity
* Drop some further code in samba-common.postinst that's specific to
* Make the mount.smbfs wrapper a bash script instead of a POSIX sh script,
ownership of /var/log/samba has moved, so move the lintian override too
... but get the package name right in the override file
* debian/patches/gcc42-arm-workaround.patch: work around an arm compiler
* mount.smbfs: map the smbfs "guest" option to "guest,sec=none", which is
* Apply the arm workaround to the armel architecture as well.
* Add missing eventlogadm(8) manpage.
* Refresh the list of Linux architectures from type-handling, to pick up
* Convert handling of smb.conf to use ucf, so that we can sanely manage
the ucf code slipped a version, update the version check to match
* Drop the arm optimization workaround, as the compiler is now reported
To use ucf --three-way, the option has to be used for each invocation of ucf.
add back the 'db_go' that went missing somewhere along the line
fix up the regular expression for dhcp include handling, so that removing
mark for release
Load samba-3.0.28a into branches/samba/upstream.
merge upstream 3.0.28a
- cups.patch
* Drop debian/patches/gcc42-arm-workaround.patch, which should have been
revert inconsistent whitespace changes to patch
* Merge smb.conf changes from Ubuntu:
* Add an additional sed command to samba-common.postinst to cleverly
apply the same sed command from the previous commit to upgrades from pre-ucf
* debian/patches/manpage-encoding.patch: fix up the manpage synopses to
Creating directory for import
Load samba-3.2.0pre2 into branches/samba/upstream-3.2.
Drop dpkg-dev and binutils from Build-Depends, since the versioned
nitpick a typo :)
minor language tweaks to preceding change; and our setting for
debian/patches/no-unnecessary-cups.patch: don't try to connect to a cups
Load samba-3.2.0rc2 into branches/samba/upstream-3.2.
take 3.2.0rc2 back off of the upstream branch; everything should now be in order
merge 3.0.30 into the debian branch... three releases late(!)
Romanian debconf translation updated
Load samba-3.2.0 into branches/samba/upstream-3.2.
upstream-3.2 branch is now the upstream branch
merge samba 3.2 experimental branch to unstable
drop libwbclient.so symlink, which we aren't using anywhere
Re-add docs/registry to samba-doc, restored upstream
roll back a bzr property that was copied from the experimental branch; this may
Move schannel_store.tdb out of /etc/samba to /var/lib/samba, where it
Upload to unstable.
Add a patch that somehow went missing in the 3.2 merge
document the tagsUrl directory for svn-buildpackage, so we don't have to look
document that mutex.tdb is ok for /var/run
* Brown paper bag bug: add a change to debian/patches/fhs-filespaths.patch
mark for upload
Build-depend on keyutils only on the linux archs. Closes: #493401.
Load samba-3.2.1 into branches/samba/upstream.
merge upstream 3.2.1
use 'UNRELEASED' until we're ready to upload, for extra dch goodness.
patch update for 3.2.1
* New patch debian/patches/shrink-dead-code.patch: throw all .o files into
* Build-depend on libcups2-dev | libcupsys2-dev, to facilitate backports.
document another upstream bugfix
mark for upload
no need to prime the list of contributors in the blank changelog, dch will do
cifs.upcall should only be enabled on Linux archs; and should be installed in
really move cifs.upcall to /usr/sbin
don't leave dead code commented out
no renames for libwbclient, either
this patch had to be adjusted for 3.2.2 anyway, so make sure it applies cleanly
New patch debian/patches/CVE-2008-3789-ldb-permissions.patch, fixing the
take care of fixing up the group_mapping.ldb perms on upgrade
High-urgency upload for security fix
mark for upload
Load samba-3.2.3 into branches/samba/upstream.
merge upstream 3.2.3
use the upstream fix for CVE-2008-3789, since 3.2.3 is a targeted security fix
mark for upload
Add missing manpage for cifs.upcall; thanks to Per Olofsson for pointing
Load samba-3.2.4 into branches/samba/upstream.
merge upstream 3.2.4
new upstrem version.
we don't need to move cifs.upcall around, it's now installed to the right
refresh patches for new upstream version
Merge samba-3.3.0 into branches/samba/upstream.
merge upstream 3.3.0
merge revisions 2197:2203 from experimental
merge revisions 2217:2223 from experimental
merge revisions 2238:2521 from experimental
merge revisions 2525:2532 from experimental
remove patches that aren't needed for 3.3.0
add a missing header file that should have been here since 3.2 on, but missed
import 3.3.0-2 upload
* Re-add smb.conf fixes that were dropped in the 3.3.0 merge to unstable.
Vietnamese updated. Closes: #515235.
Slovak updated. Closes: #515240.
Make samba conflict with samba4, not with itself.
releasing version 2:3.3.0-3
Build-Depend on libcap2-dev. Closes: #51851.
Belarusian added. Closes: #516052.
updated Swedish debconf translation
debian/patches/fhs-filespaths-debatable.patch: Add a missing prototype
releasing version 2:3.3.0-4
also fix up cache_path to treat its argument as const
Add Vcs-{Browser,Svn} fields to debian/control.
When populating the sambashare group, it's not an error if the user
* debian/libpam-smbpass.pam-config, debian/libpam-smbpass.postinst,
debian/patches/fix_wrong_gnu_ld_version_check.patch: new patch to fix
refresh debian/libsmbclient.symbols for 3.3.1.
bump the versioned dependency for libpam-runtime to match the version that
releasing version 2:3.3.1-1
Add missing debhelper token to libpam-smbpass.prerm.
document bugs closed upstream
document an Ubuntu bug closed upstream
libcap2-dev is only available on Linux, so make this build-dependency
updated Esperanto translation from Felipe Castro
this is a VCS; don't comment things out, remove them properly (and fully) if
Recommend logrotate instead of depending on it. Closes: #504219.
debian/patches/undefined-symbols.patch: fix up patch so that it's
debian/patches/proper-static-lib-linking.patch: apply the rules to
revert 2830; setting a one-minute timeout is an inferior solution when we can
Enable the ldap idmap module; thanks to Aaron J. Zirbes. Closes: #536786.
debian/control: samba-common-bin has no reason to depend on
* debian/samba.pamd: include common-session-noninteractive instead of
rename debian/samba.pamd to debian/samba.pam and call dh_installpam
don't call pyversions from debian/rules, this throws a useless error
fix up the list of files that need to be removed by hand in the clean
remove a few more files in clean target
debian/rules: fix the update-arch target for the case of unversioned
Pull avr32 into the list of supported Linux archs. Closes: #543543.
Fix LSB header in winbind.init; thanks to Petter Reinholdtsen for the
Change swat update-inetd call to use --remove only on purge,
Add missing build-dependency on pkg-config, needed to fix libtdb
debian/patches/external-tdb-support.patch: fix the Makefile so it works
Add a patch header; and oops, this is about libtalloc, not libtdb.
and set the variable in the right spot
resurrect autoconf.patch, needed for external-talloc-support
debian/rules: build with --without-libtalloc
really fix the libtalloc dep - don't built static libtalloc either here.
one final tweak to the patch
releasing version 2:3.4.0-4
Make samba Replace: samba-common, since /etc/pam.d/samba accidentally
revert previous change - this needs to live in samba-common for samba4
Move /etc/pam.d/samba back to samba-common, because it's shared with
also have to pass an option to dh_installpam to DTRT :(
releasing version 2:3.4.0-5
adjust patches for new upstream version, which partially fixes the
Don't build talloctort when using --enable-external-talloc; and don't
releasing version 2:3.4.1-1
and remove talloctort references from debian/rules
./configure --disable-avahi, to avoid accidentally picking up an avahi
releasing version 2:3.4.1-2
* The "I hate non-declarative alternatives" upload:
Revert the "bashisms" fix from version 2:3.3.0~rc2-4; "local foo=bar"
no, winbind.lintian-overrides was added for a reason - do not create shlibs
Add a PAM profile for pam_winbind. Closes: #566890, LP: #282751.
winbind.prerm: don't forget to remove the PAM profile on package
Fix winbind.pam-config to not interfere with password changes for
revert changes to the samba logrotate script, which are irrelevant since this
Drop the per-release smb.conf templates, only needed for upgrade paths
Call /etc/init.d/samba directly from the logrotate script instead of
Fix a bashism in the samba postinst that can cause the package
Add symlink from /etc/dhcp/dhclient-enter-hooks.d to
releasing version 2:3.4.8~dfsg-2
Danish (Joe Dalton). Closes: #592789.
restore accidentally dropped patch
debian/patches/fhs-filespaths.patch, debian/samba.postinst,
and make sure adapt_machine_creation_script.patch gets added back to the series
revert wrong changes to update-alternatives handling, which don't seem to
revert more wrong changes to update-alternatives handling, which don't seem
debian/control: winbind needs libpam-runtime (>= 1.0.1-6) for
minor translation fix
normalize the po file formats
fix broken spacing in debian/control, which breaks the update-archs rule...
Fix debian/rules update-archs target to not add extra spaces on every
mark this as fixing bug #594088, not partially-fixing it
move this change to a new changelog entry where it belongs, so I don't lie to
use the correct title template for samba
Don't export DEB_HOST_ARCH_OS in debian/rules, this is only used locally.
Use dh_links instead of manually creating directories and symlinks from
skip creation of other directories that can be autocreated for us
--without-cifsmount is now used on all platforms, move it to the common args
drop stale files for the long-gone smbwrapper package
Switch from dh_movefiles to dh_install and adjust for debhelper compat
Where possible, use dh_installman and dh_install's support for target
We don't need to mess with perms on usr/include/libsmbclient.h anymore
group our directory creation together with file installation
Use debian/clean instead of removing left-behind files by hand in the
Convert debian/rules to dh(1).
Don't run debconf-updatepo on clean; not worth the divergence in
Don't install debian/README.build in the package; this is really only
Bump to debhelper compat level 9 and build libraries for multiarch.
Drop Makefile.internal from libsmbclient-dev examples so that we can mark
don't forget to actually add the Multi-Arch header
don't use dh_makkeshlibs on winbind since that will actually *create* a shlibs
Exclude .c files from dh_compress, so our .c examples can build out of
libwbclient-dev also checks out as multiarch clean
Bump build-depends on debhelper to 8.9.4, so we ensure we have
fix a typo in the winbind lintian file
Use DH_ALWAYS_EXCLUDE instead of passing override options to
move more options into DH_ALWAYS_EXCLUDE instead of -X options
don't exclude .c files from dh_compress after all, because we have no sane way
be a bit more brief
* Pass --sourcedirectory=source3 to dh instead of having to pass it to each
panic-action needs to be installed executable
ironically, adding Makefile.internal to DH_ALWAYS_EXCLUDE means dh_clean won't
Drop a few configure options from debian/rules that shadow the built-in
debian/libsmbclient.lintian-overrides: yes, we know the package name
releasing version 2:3.5.11~dfsg-2
Split winbind into separate packages, winbind and libpam-winbind,
get the current version comparison in Breaks/Replaces
releasing version 2:3.5.11~dfsg-3
Lintian override for libpam-winbind; it's not a shared library so doesn't
export DEB_BUILD_MAINT_OPTIONS := hardening=+bindnow, taken from Ubuntu.
releasing version 2:3.5.11~dfsg-4
debian/patches/initialize_password_db-null-deref: Avoid null
Mark samba-common Multi-Arch: foreign.
Fix the libpam-winbind description to more accurately identify the
Use Debian copyright-format 1.0 in debian/copyright.
changelog cleanup
never use Debian revision numbers in .symbols files
Restore the DHCP hook.
releasing version 2:3.6.6-2
-----------------------------------------------------------------------
This annotated tag includes the following new commits:
new 78bf4a5 s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown.
new 35c796c s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746
new 0ebec89 Patches for CVE-2017-15275 and CVE-2017-14746
new 6b982e9 Release 2:4.5.12+dfsg-2+deb9u1
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git
More information about the Pkg-samba-maint
mailing list