Accepting request 1044036 from network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/1044036 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=290
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
1e13294617
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:fb1c21abf0553f6cad87f38e1fb63a1d2f55ae41641358806d7714d74d9adfd5
|
||||
size 34240839
|
||||
3
samba-4.17.4+git.300.305b22bfce.tar.bz2
Normal file
3
samba-4.17.4+git.300.305b22bfce.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:651d971d759a6d7f82e05d82d4aa5797ef3aac49f70b3e697bfe23c6301f12a5
|
||||
size 34349253
|
||||
@ -1,3 +1,57 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 15 16:45:28 UTC 2022 - Samuel Cabrero <scabrero@suse.de>
|
||||
|
||||
- Update to 4.17.4
|
||||
* CVE-2022-44640 Upstream Heimdal free of user-controlled
|
||||
pointer in FAST; (bsc#14929);
|
||||
* CVE-2021-20251 Bad password count not incremented atomically;
|
||||
(bsc#14611);
|
||||
* CVE-2022-42898 krb5_pac_parse() buffer parsing vulnerability;
|
||||
(bsc#15203);
|
||||
* CVE-2022-37966 rc4-hmac Kerberos session keys issued to
|
||||
modern servers; (bso#15237);
|
||||
* CVE-2022-37967 Kerberos constrained delegation ticket forgery
|
||||
possible against Samba AD DC; (bso#15231);
|
||||
* CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
|
||||
and should be avoided; (bso#15240);
|
||||
* pam_winbind uses time_t and pointers assuming they are of the
|
||||
same size; (bso#15224);
|
||||
* Heimdal session key selection in AS-REQ examines wrong entry;
|
||||
(bso#15219);
|
||||
* filter-subunit is inefficient with large numbers of
|
||||
knownfails; (bso#15258);
|
||||
* smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories;
|
||||
(bso#15252);
|
||||
* The KDC logic arround msDs-supportedEncryptionTypes differs
|
||||
from Windows; (bso#13135);
|
||||
* libnet: change_password() doesn't work with
|
||||
dcerpc_samr_ChangePasswordUser4(); (bso#15206);
|
||||
* Heimdal session key selection in AS-REQ examines wrong entry;
|
||||
(bso#15219);
|
||||
* Memory leak in snprintf replacement functions; (bso#15230);
|
||||
* RODC doesn't reset badPwdCount reliable via an RWDC
|
||||
(CVE-2021-20251 regression); (bso#15253);
|
||||
* Prevent EBADF errors with vfs_glusterfs; (bso#15198);
|
||||
* %U for include directive doesn't work for share listing
|
||||
(netshareenum); (bso#15243);
|
||||
* Stack smashing in net offlinejoin requestodj; (bso#15257);
|
||||
* Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue;
|
||||
(bso#15197);
|
||||
* Heimdal session key selection in AS-REQ examines wrong entry;
|
||||
(bso#15219);
|
||||
- Remove deprecated if-{down,up} scripts; (bsc#1206444);
|
||||
- Adjust the systemd drop-in file for named service; (bsc#1201689);
|
||||
* Paths are additive so do not repeat paths from named.service
|
||||
* Prefix the samba DLZ directory with "-" to ignore this path
|
||||
if it does not exists
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 12 08:56:12 UTC 2022 - Stefan Schubert <schubi@suse.com>
|
||||
|
||||
- Migration PAM settings to /usr/etc: Saving user changed
|
||||
configuration files in /etc and restoring them while an RPM
|
||||
update.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 1 16:43:05 UTC 2022 - David Mulder <dmulder@suse.com>
|
||||
|
||||
@ -6,8 +60,9 @@ Thu Dec 1 16:43:05 UTC 2022 - David Mulder <dmulder@suse.com>
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 15 17:14:58 UTC 2022 - Samuel Cabrero <scabrero@suse.de>
|
||||
|
||||
- CVE-2022-42898: Samba buffer overflow vulnerabilities on 32-bit
|
||||
systems; (bsc#1205126); (bso#15203);
|
||||
- Update to 4.17.3
|
||||
* CVE-2022-42898: Samba buffer overflow vulnerabilities on 32-bit
|
||||
systems; (bsc#1205126); (bso#15203);
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 8 17:20:21 UTC 2022 - Ben Greiner <code@bnavigator.de>
|
||||
|
||||
38
samba.spec
38
samba.spec
@ -22,7 +22,11 @@
|
||||
%{!?_fillupdir:%global _fillupdir /var/adm/fillup-templates}
|
||||
%{!?_tmpfilesdir:%global _tmpfilesdir /usr/lib/tmpfiles.d}
|
||||
%{!?_pam_moduledir:%global _pam_moduledir /%{_lib}/security}
|
||||
%if 0%{?suse_version} > 1500
|
||||
%global _pam_confdir %{_distconfdir}/pam.d
|
||||
%else
|
||||
%{!?_pam_confdir:%global _pam_confdir %{_sysconfdir}/pam.d}
|
||||
%endif
|
||||
%{!?_pam_secconfdir:%global _pam_secconfdir %{_sysconfdir}/security}
|
||||
|
||||
%define with_mscat 1
|
||||
@ -148,7 +152,7 @@ BuildRequires: liburing-devel
|
||||
%endif
|
||||
BuildRequires: sysuser-tools
|
||||
|
||||
Version: 4.17.3+git.283.2157972742b
|
||||
Version: 4.17.4+git.300.305b22bfce
|
||||
Release: 0
|
||||
URL: https://www.samba.org/
|
||||
Obsoletes: samba-32bit < %{version}
|
||||
@ -181,7 +185,6 @@ Provides: group(ntadmin)
|
||||
%define CONFIGDIR %{_sysconfdir}/samba
|
||||
%define INITDIR %{_sysconfdir}/init.d
|
||||
%define PIDDIR /run/samba
|
||||
%define NET_CFGDIR network
|
||||
%define auth_modules auth_unix,auth_wbc,auth_server,auth_netlogond,auth_script,auth_samba4
|
||||
%define idmap_modules idmap_ad,idmap_adex,idmap_hash,idmap_ldap,idmap_rfc2307,idmap_rid,idmap_tdb2
|
||||
%define pdb_modules pdb_tdbsam,pdb_ldapsam,pdb_smbpasswd,pdb_samba_dsdb
|
||||
@ -711,7 +714,6 @@ install -d -m 0755 -p \
|
||||
%{buildroot}/%_pam_confdir \
|
||||
%{buildroot}/%{_sysconfdir}/{xinetd.d,logrotate.d} \
|
||||
%{buildroot}/%{_sysconfdir}/openldap/schema \
|
||||
%{buildroot}/%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/{if-{down,up}.d,scripts} \
|
||||
%{buildroot}/%{_sysconfdir}/security \
|
||||
%{buildroot}/%{_sysconfdir}/slp.reg.d \
|
||||
%{buildroot}/%{CONFIGDIR} \
|
||||
@ -826,18 +828,6 @@ install -m 0644 config/samba.pamd-common %{buildroot}/%_pam_confdir/samba
|
||||
install -m 0644 config/dhcp.conf %{buildroot}/%{_fillupdir}/samba-client-dhcp.conf
|
||||
install -m 0644 config/sysconfig.dhcp-samba-client %{buildroot}/%{_fillupdir}/sysconfig.dhcp-samba-client
|
||||
|
||||
# Network scripts
|
||||
NETWORK_SCRIPTS="samba-winbindd"
|
||||
for script in ${NETWORK_SCRIPTS}; do
|
||||
install -m 0755 "tools/${script}" "%{buildroot}/%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/scripts/${script}"
|
||||
done
|
||||
|
||||
# Create ghosts for the symlinks
|
||||
NETWORK_LINKS="55-samba-winbindd"
|
||||
for script in ${NETWORK_LINKS}; do
|
||||
touch %{buildroot}/%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-{down,up}.d/${script}
|
||||
done
|
||||
|
||||
# Add logrotate settings for nmbd and smbd only on systems newer than 8.1.
|
||||
%if 0%{?suse_version} > 1500
|
||||
mkdir -p %{buildroot}%{_distconfdir}/logrotate.d
|
||||
@ -937,7 +927,7 @@ install -m 0644 examples/LDAP/samba-nds.schema %{buildroot}/%{_datadir}/samba/LD
|
||||
%service_add_pre nmb.service smb.service
|
||||
%if 0%{?suse_version} > 1500
|
||||
# Prepare for migration to /usr/etc; save any old .rpmsave
|
||||
for i in logrotate.d/samba ; do
|
||||
for i in logrotate.d/samba pam.d/samba; do
|
||||
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
|
||||
done
|
||||
%endif
|
||||
@ -945,7 +935,7 @@ done
|
||||
%if 0%{?suse_version} > 1500
|
||||
%posttrans
|
||||
# Migration to /usr/etc, restore just created .rpmsave
|
||||
for i in logrotate.d/samba ; do
|
||||
for i in logrotate.d/samba pam.d/samba; do
|
||||
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
|
||||
done
|
||||
%endif
|
||||
@ -1058,17 +1048,6 @@ done
|
||||
|
||||
%post winbind
|
||||
/sbin/ldconfig
|
||||
if test ${1:-0} -eq 1; then
|
||||
ln -fs %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/scripts/samba-winbindd %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-down.d/55-samba-winbindd
|
||||
ln -fs %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/scripts/samba-winbindd %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-up.d/55-samba-winbindd
|
||||
else
|
||||
for if_case in if-down.d if-up.d; do
|
||||
test -h %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/${if_case}/samba-winbindd || \
|
||||
continue
|
||||
rm -f %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/${if_case}/samba-winbindd
|
||||
ln -fs %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/scripts/samba-winbindd %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/${if_case}/55-samba-winbindd
|
||||
done
|
||||
fi
|
||||
%service_add_post winbind.service
|
||||
%tmpfiles_create samba.conf
|
||||
%{fillup_only -ans samba winbind}
|
||||
@ -1618,9 +1597,6 @@ exit 0
|
||||
%defattr(-,root,root)
|
||||
%config(noreplace) %_pam_secconfdir/pam_winbind.conf
|
||||
%{_unitdir}/winbind.service
|
||||
%ghost %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-down.d/55-samba-winbindd
|
||||
%ghost %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-up.d/55-samba-winbindd
|
||||
%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/scripts/samba-winbindd
|
||||
%{_sysusersdir}/samba-winbind.conf
|
||||
%{_bindir}/ntlm_auth
|
||||
%{_bindir}/wbinfo
|
||||
|
||||
Loading…
Reference in New Issue
Block a user