Accepting request 710952 from network:samba:STABLE

OBS-URL: https://build.opensuse.org/request/show/710952
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=249
This commit is contained in:
Dominique Leuenberger 2019-06-27 13:52:59 +00:00 committed by Git OBS Bridge
commit e4b0441621
4 changed files with 286 additions and 4 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2c1a39f2dc3c7ccb1030d2a246077b2569b607f9babf6de05c4e5eb8c22975f0
size 24797292

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:381473531074f9c49f0f5726aa01ae29aa94c09ca36e574694ee800ea498147e
size 24835880

View File

@ -1,3 +1,73 @@
-------------------------------------------------------------------
Wed Jun 19 09:20:12 UTC 2019 - Noel Power <nopower@suse.com>
- Update to samba-4.10.5 (including updates for 4.10.4, 4.10.3)
+ CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found
in DnssrvOperation2; (bso#13922); (bsc#1137815).
+ CVE-2019-12436 dsdb/paged_results: Ignore successful results
without messages; (bso#13951); (bsc#1137816).
- Update to samba-4.10.4
+ s3: SMB1: Don't allow recvfile on stream fsp's; (bso#13938).
+ py/provision: Fix for Python 2.6; (bso#13882).
+ netcmd: Fix 'passwordsettings --max-pwd-age' command;
(bso#13873).
+ s3-libnet_join: 'net ads join' to child domain fails when
using "-U admin@forestroot"; (bso#13861).
+ vfs_ceph: Explicitly enable libcephfs POSIX ACL support;
(bso#13896); (bsc#1130245).
+ vfs_ceph: Fix cephwrap_flistxattr() debug message;
(bso#13940); (bsc#1134697).
+ ctdb-common: Avoid race between fd and signal events;
(bso#13895).
+ ctdb-common: Fix memory leak in run_proc; (bso#13943).
+ lib: Initialize getline() arguments; (bso#13892).
+ winbind: Fix overlapping id ranges; (bco#13903).
+ lib util debug: Increase format buffer to 4KiB; (bso#13902).
+ nsswitch pam_winbind: Fix Asan use after free; (bso#13927).
+ s4 lib socket: Ensure address string owned by parent struct;
(bso#13929).
+ s3 rpc_client: Fix Asan stack use after scope; (bso#13936).
+ s3:smbd: Handle IO_REPARSE_TAG_DFS in
SMB_FIND_FILE_FULL_DIRECTORY_INFO; (bso#10097).
+ smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#10344).
+ smb2_sesssetup: avoid STATUS_PENDING responses for session setup;
(bso#12845).
+ smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#13698).
+ smb2_sesssetup: avoid STATUS_PENDING responses for session
setup; (bso#13796).
+ dbcheck: Fix the err_empty_attribute() check; (bso#13843).
+ vfs_snapper: Drop unneeded fstat handler; (bso#13858).
+ vfs_default: Fix vfswrap_offload_write_send()
NT_STATUS_INVALID_VIEW_SIZE check; (bso#13862).
+ smb2_server: Grant all 8192 credits to clients; (bso#13863).
+ smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling;
(bso#13919).
+ s3/vfs_glusterfs: Dynamically determine NAME_MAX; (bso#13872).
+ s3: modules: ceph: Use current working directory instead of
share path; (bso#13918); (bsc#1134452).
+ winbind: Use domain name from lsa query for sid_to_name cache
entry; (bso#13831).
+ memcache: Increase size of default memcache to 512k;
(bso#13865).
+ docs: Update smbclient manpage for "--max-protocol";
(bso#13857).
+ s3:utils: If share is NULL in smbcacls, don't print it;
(bso#13937).
+ s3:smbspool: Fix regression printing with Kerberos credentials;
(bso#13939).
+ ctdb-scripts: CTDB restarts failed NFS RPC services by hand,
which is incompatible with systemd; (bso#13860).
+ ctdb-daemon: Revert "We can not assume that just because we
could complete a TCP handshake"; (bso#13888).
+ ctdb-daemon: Never use 0 as a client ID; (bso#13930).
+ ctdb-common: Fix memory leak; (bso#13943).
+ s3:debug: Enable logging for early startup failures;
(bso#13904)
- Update to samba-4.10.3
+ CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed
checksum; (bso#13685); (bsc#1134024).
------------------------------------------------------------------- -------------------------------------------------------------------
Tue May 14 14:22:11 UTC 2019 - David Disseldorp <ddiss@suse.com> Tue May 14 14:22:11 UTC 2019 - David Disseldorp <ddiss@suse.com>
@ -92,6 +162,12 @@ Sun Apr 14 22:31:32 UTC 2019 - David Disseldorp <ddiss@suse.com>
- Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245). - Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245).
-------------------------------------------------------------------
Tue Apr 2 08:38:28 UTC 2019 - npower <nopower@suse.com>
- CVE-2019-3880: Save registry file outside share as unprivileged
user; (bso#13851); (bsc#1131060 ).
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Mar 27 18:47:07 UTC 2019 - David Mulder <dmulder@suse.com> Wed Mar 27 18:47:07 UTC 2019 - David Mulder <dmulder@suse.com>
@ -182,6 +258,14 @@ Thu Feb 7 00:27:42 UTC 2019 - ddiss@suse.com
- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223); - Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);
-------------------------------------------------------------------
Mon Feb 4 12:38:55 UTC 2019 - Samuel Cabrero <scabrero@suse.de>
- s3:winbindd: let normalize_name_map() call find_domain_from_name_noinit();
(bso#13173); (bsc#1123755);
- s3:winbind: Fix regression introduced with bso #12851;
(bso#12851); (bsc#1123755);
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 8 11:38:40 UTC 2019 - nopower@suse.com Tue Jan 8 11:38:40 UTC 2019 - nopower@suse.com
@ -207,6 +291,12 @@ Tue Jan 8 11:38:40 UTC 2019 - nopower@suse.com
exist; (bso#13696). exist; (bso#13696).
+ s3:libads: Add net ads leave keep-account option; (bso#13498). + s3:libads: Add net ads leave keep-account option; (bso#13498).
-------------------------------------------------------------------
Thu Dec 20 15:15:54 UTC 2018 - David Mulder <dmulder@suse.com>
- s3:passdb: Do not return OK if we don't have pinfo set up;
(bsc#1099590); (bso#13376);
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Dec 6 20:55:23 UTC 2018 - Jan Engelhardt <jengelh@inai.de> Thu Dec 6 20:55:23 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
@ -243,6 +333,12 @@ Mon Nov 19 12:28:56 UTC 2018 - Samuel Cabrero <scabrero@suse.de>
+ CVE-2018-16857: Bad password count in AD DC not always effective; + CVE-2018-16857: Bad password count in AD DC not always effective;
window; (bso#13683); (bsc#1116323); window; (bso#13683); (bsc#1116323);
-------------------------------------------------------------------
Thu Nov 8 17:53:14 UTC 2018 - Samuel Cabrero <scabrero@suse.de>
- s3: winbind: Remove fstring from wb_acct_info struct; (bsc#1114459);
- Use foreground execution mode for systemd samba daemons; (bsc#1112223);
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Nov 8 15:06:37 UTC 2018 - Samuel Cabrero <scabrero@suse.de> Thu Nov 8 15:06:37 UTC 2018 - Samuel Cabrero <scabrero@suse.de>
@ -300,6 +396,13 @@ Fri Oct 12 14:58:08 UTC 2018 - dmulder@suse.com
+ Make group policy extensible via register/unregister gpext + Make group policy extensible via register/unregister gpext
+ gpext's run via a process_group_policy method + gpext's run via a process_group_policy method
-------------------------------------------------------------------
Mon Oct 8 08:36:43 UTC 2018 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.6.16; (bsc#1110943);
+ CVE-2018-10919: Fix unauthorized attribute access via searches;
(bso#13434);
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Sep 26 22:45:40 UTC 2018 - jmcdonough@suse.com Wed Sep 26 22:45:40 UTC 2018 - jmcdonough@suse.com
@ -412,6 +515,14 @@ Tue Aug 21 13:39:49 UTC 2018 - dmulder@suse.com
+ s3:waf: Install eventlogadm to /usr/sbin; (bso#13561); + s3:waf: Install eventlogadm to /usr/sbin; (bso#13561);
+ Shorten description in vfs_linux_xfs_sgid manual; (bso#13562); + Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);
-------------------------------------------------------------------
Mon Aug 20 21:25:27 UTC 2018 - ddiss@suse.com
- Update to 4.6.15
+ Fix ctdb_mutex_ceph_rados_helper deadlock; (bso#13540); (bsc#1102230);
+ Allow idmap_rid to have primary group other than "Domain Users";
(bsc#1087931).
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Aug 20 15:03:01 MDT 2018 - dmulder@suse.com Mon Aug 20 15:03:01 MDT 2018 - dmulder@suse.com
@ -465,6 +576,20 @@ Tue Aug 14 13:06:03 UTC 2018 - nopower@suse.com
+ krb5_plugin: Add winbind localauth plugin for MIT Kerberos; + krb5_plugin: Add winbind localauth plugin for MIT Kerberos;
(bso#13480). (bso#13480).
-------------------------------------------------------------------
Wed Aug 1 14:57:51 UTC 2018 - scabrero@suse.de
- CVE-2018-10858: Insufficient input validation on client directory
listing in libsmbclient; (bso#13453); (bsc#1103411);
- s3: winbind: Fix 'winbind normalize names' in wb_getpwsid();
(bso#12851);
- winbind: avoid using fstrcpy in _dual_init_connection;
(bso#13294); (bsc#1087303);
- Fix ntlm authentications with "winbind use default domain = yes";
(bso#13126); (bsc#1068059);
- net: fix net ads keytab handling; (bso#13166); (bsc#1067700);
- fix vfs_ceph flock stub; (bso#13506).
------------------------------------------------------------------- -------------------------------------------------------------------
Tue May 29 12:08:15 UTC 2018 - scabrero@suse.de Tue May 29 12:08:15 UTC 2018 - scabrero@suse.de
@ -473,6 +598,45 @@ Tue May 29 12:08:15 UTC 2018 - scabrero@suse.de
- Call update-apparmor-samba-profile when running samba-ad-dc; - Call update-apparmor-samba-profile when running samba-ad-dc;
(bsc#1092099); (bsc#1092099);
-------------------------------------------------------------------
Wed May 23 14:01:16 UTC 2018 - ddiss@suse.com
- Fix vfs_ceph with "aio read size" or "aio write size" > 0;
(bsc#1093664).
+ vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425).
+ Fix memory leak in vfs_ceph; (bso#13424).
- Update to 4.6.14
+ winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection;
(bso#13294).
+ s3:smb2_server: correctly maintain request counters for compound
requests; (bso#13215).
+ s3: smbd: Unix extensions attempts to change wrong field in fchown
call; (bso#13375).
+ s3:smbd: map nterror on smb2_flush errorpath; (bso#13338).
+ vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async;
(bso#13297).
+ s3: smbd: Fix possible directory fd leak if the underlying OS doesn't
support fdopendir(); (bso#13270).
+ s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we
don't own it here; (bso#13244).
+ s3:libsmb: allow -U"\\administrator" to work; (bso#13206).
+ CVE-2018-1057: s4:dsdb: fix unprivileged password changes;
(bso#13272); (bsc#1081024).
+ s3:smbd: Do not crash if we fail to init the session table;
(bso#13315).
+ libsmb: Use smb2 tcon if conn_protocol >= SMB2_02; (bso#13310).
+ smbXcli: Add "force_channel_sequence"; (bso#13215).
+ smbd: Fix channel sequence number checks for long-running requests;
(bso#13215).
+ s3:smb2_server: allow logoff, close, unlock, cancel and echo on
expired sessions; (bso#13197).
+ s3:smbd: return the correct error for cancelled SMB2 notifies on
expired sessions; (bso#13197).
+ samba: Only use async signal-safe functions in signal handler;
(bso#13240).
+ subnet: Avoid a segfault when renaming subnet objects; (bso#13031).
------------------------------------------------------------------- -------------------------------------------------------------------
Wed May 23 09:52:28 UTC 2018 - jmcdonough@suse.com Wed May 23 09:52:28 UTC 2018 - jmcdonough@suse.com
@ -621,6 +785,36 @@ Tue Mar 13 09:49:44 UTC 2018 - jmcdonough@suse.com
+ CVE-2018-1057: Authenticated users can change other users' password; + CVE-2018-1057: Authenticated users can change other users' password;
(bso#13272); (bsc#1081024). (bso#13272); (bsc#1081024).
-------------------------------------------------------------------
Wed Mar 7 11:54:50 UTC 2018 - jmcdonough@suse.com
- CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally;
(bso#11343); (bsc#1081741);
-------------------------------------------------------------------
Tue Mar 6 23:36:51 UTC 2018 - ddiss@suse.com
- Update to 4.6.13; (bsc#1084191)
+ ceph_statx configure time check doesn't work with a non-default
--with-libcephfs path; (bso#13250).
- follow up fix for libceph-common detection; (bso#13277).
+ Fail to copy file with empty FinderInfo from Windows client to Samba
share with fruit; (bso#13181).
+ vfs_ceph uses a local statvfs() call to determine FS capabilities;
(bso#13208).
+ smbd tries to release not leased oplock during oplock II downgrade;
(bso#13193).
+ smbd panic when chdir returns error during exit; (bso#13189).
+ ctdb_recovery_helper crashes if recovery process times out; (bso#13188).
+ POSIX ACL support is broken on hpux and possibly other big-endian OSs;
(bso#13176).
+ Kerberos: PKINIT: Can't decode algorithm parameters in
clientPublicValue; (bso#12986).
+ g_lock conflict detection broken when processing stale entries.;
(bso#13195).
+ The KDC on an RWDC doesn't send error replies in some situations;
(bso#13132).
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Feb 26 22:09:49 UTC 2018 - aaptel@suse.com Mon Feb 26 22:09:49 UTC 2018 - aaptel@suse.com
@ -720,6 +914,23 @@ Wed Dec 6 17:52:41 UTC 2017 - kukuk@suse.de
- Use TI-RPC (sunrpc is deprecated and will be removed soon from - Use TI-RPC (sunrpc is deprecated and will be removed soon from
glibc) glibc)
-------------------------------------------------------------------
Thu Nov 30 09:31:53 UTC 2017 - scabrero@suse.com
- Update to 4.6.11; (bsc#1084191)
+ vfs_glusterfs: Fix exporting subdirs with shadow_copy2; (bso#13091);
+ s3: smbclient: Ensure we call client_clean_name() before all
operations on remote pathnames; (bso#13093);
+ Non-smbd processes using kernel oplocks can hang smbd; (bso#13121);
+ python: use communicate to fix Popen deadlock; (bso#13127);
+ smbd on disk file corruption bug under heavy threaded load; (bso#13130);
+ tevent: version 0.9.34; (bso#13130);
+ vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086);
+ smbd: Move check for SMB2 compound request to new function; (bso#13047);
+ s3:vfs_glusterfs: Fix a double free in vfs_gluster_getwd(); (bso#13100);
+ s4:pyparam: Fix resource leaks on error; (bso#13101);
+ s3:smbd: Fix delete-on-close after smb2_find; (bso#13118);
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Nov 29 16:59:07 UTC 2017 - david.mulder@suse.com Wed Nov 29 16:59:07 UTC 2017 - david.mulder@suse.com
@ -754,6 +965,14 @@ Wed Nov 15 17:00:50 UTC 2017 - dmulder@suse.com
- samba-tool requires samba-python; (bnc#1067771). - samba-tool requires samba-python; (bnc#1067771).
-------------------------------------------------------------------
Wed Nov 8 17:21:41 UTC 2017 - scabrero@suse.de
- CVE-2017-14746: Use-after-free vulnerability; (bso#13041);
(bsc#1060427);
- CVE-2017-15275: Server heap memory information leak;
(bso#13077); (bsc#1063008);
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Nov 7 07:43:54 UTC 2017 - scabrero@suse.com Tue Nov 7 07:43:54 UTC 2017 - scabrero@suse.com
@ -805,6 +1024,63 @@ Tue Nov 7 07:43:54 UTC 2017 - scabrero@suse.com
+ Fix resouce leaks and pointer issues; (bso#13101); + Fix resouce leaks and pointer issues; (bso#13101);
+ vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049); + vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);
-------------------------------------------------------------------
Fri Oct 27 07:48:17 UTC 2017 - scabrero@suse.de
- Update to 4.6.9; (bsc#1065066);
+ Reverse sense of 'clear all attributes', ignore attribute change in SMB2
to match SMB1; (bso#12899);
+ SMBC_setatr() initially uses an SMB1 call before falling back;
(bso#12913);
+ Fix segfault on MacOS 10.12.3 clients caused by SMB_VFS_GET_COMPRESSION;
(bso#13003);
+ sys_getwd() can leak memory or possibly return the wrong errno on older
systems; (bso#13069);
+ Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem;
(bso#6133);
+ Map SYNCHRONIZE acl permission statically; (bso#7909);
+ Honor SEC_STD_WRITE_OWNER bit; (bso#7933);
+ Kernel oplocks still have issues with named streams; (bso#12791);
+ Handle EACCES when fetching DOS attributes; (bso#12944);
+ Missing assignment in sl_pack_float; (bso#12991);
+ Fix wrong Samba access checks when changing DOS attributes; (bso#12995);
+ Groupmap cleanup should not delete BUILTIN mappings; (bso#13065);
+ Enabling vfs_fruit results in loss of Finder tags and other xattrs;
(bso#13076);
+ Fix GUID string format on GetPrinter info; (bso#12993);
+ Match WS2016 ReFS set compression behaviour; (bso#12144);
+ Fix implementation of process_exists control; (bso#13012);
+ GET_DB_SEQNUM control can cause ctdb to deadlock when databases are
frozen; (bso#13021);
+ Free up record data if a call request is deferred; (bso#13029);
+ Initialize ctdb_ltdb_header completely for empty record; (bso#13036);
+ CTDB starts consuming memory if there are dead nodes in the cluster;
(bso#13056);
+ Ignore event scripts with multiple '.'s; (bso#13070);
+ Sort the GPOs in the correct order; (bso#13046);
+ 'smbd' uses a lot of CPU on startup of a connection; (bso#12973);
+ Fix str[n]casecmp_m() by comparing lower case values; (bso#13018);
+ Can't change password in Samba from a windows client if Samba runs on
IPv6 only interface; (bso#13079);
+ Fix file change notification for renames; (bso#12903);
+ Avoid a socket leak after fork; (bso#13006);
+ Fix a potential memleak; (bso#13090);
+ Fix passing of errno from async calls; (bso#12983);
+ Fix segfault when running with log level 10; (bso#13032);
+ Do not report an invalid range for AD DC role; (bso#12629);
+ Print the kinit failed message with DBGLVL_NOTICE; (bso#12704);
+ Fix changing passwords with Kerberos; (bso#12956);
+ Fix changing the password with 'smbpasswd' as a local user on a domain
member; (bso#12975);
+ Fix a read after free if a chained SMB1 call goes async; (bso#12836);
+ CVE-2017-12163: Prevent client short SMB1 write from writing server memory
to file; (bso#13020);
+ Let non_widelink_open() chdir() to directories directly; (bso#12885);
+ CVE-2017-12151: Keep required encryption across SMB3 dfs redirects;
(bso#12996);
+ CVE-2017-12150: Some code path don't enforce smb signing when they should;
(bso#12997);
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Oct 23 15:10:32 UTC 2017 - dimstar@opensuse.org Mon Oct 23 15:10:32 UTC 2017 - dimstar@opensuse.org
@ -846,6 +1122,12 @@ Thu Sep 28 11:25:54 UTC 2017 - scabrero@suse.com
+ The example NFS Ganesha call-out has been improved. + The example NFS Ganesha call-out has been improved.
+ A new "replicated" database type is available. + A new "replicated" database type is available.
-------------------------------------------------------------------
Fri Sep 22 13:51:41 UTC 2017 - scabrero@suse.de
- Fix GUID string format on GetPrinter info request; (bso#12993);
(bsc#1050707).
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Sep 14 20:41:11 UTC 2017 - aaptel@suse.com Thu Sep 14 20:41:11 UTC 2017 - aaptel@suse.com

View File

@ -170,7 +170,7 @@ BuildRequires: libtasn1-devel >= 3.8
%else %else
%define build_make_smp_mflags %{?jobs:-j%jobs} %define build_make_smp_mflags %{?jobs:-j%jobs}
%endif %endif
Version: 4.10.2+git.94.31fb5e37171 Version: 4.10.5+git.105.2bd98587873
Release: 0 Release: 0
Url: https://www.samba.org/ Url: https://www.samba.org/
Obsoletes: samba-32bit < %{version} Obsoletes: samba-32bit < %{version}