From ec3e5cb374d05ff72e0ba0dc3a703a026d1e95376c33f39601459c27cdc1279e Mon Sep 17 00:00:00 2001
From: Noel Power <nopower@suse.com>
Date: Fri, 21 Oct 2022 08:51:39 +0000
Subject: [PATCH] Accepting request 1030308 from
 home:scabrero:branches:network:samba:STABLE

- Update to 4.17.1
  * CVE-2021-20251 [SECURITY] Bad password count not incremented
    atomically; (bso#14611).
  * smbXsrv_connection_shutdown_send result leaked; (bso#15174).
  * Flush on a named stream never completes; (bso#15182).
  * Permission denied calling SMBC_getatr when file not exists;
    (bso#15195).
  * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
    over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC;
    (bso#15189).
  * pytest: add file removal helpers for TestCaseInTempDir;
    (bso#15191).
  * CVE-2021-20251 [SECURITY] Bad password count not incremented
    atomically; (bso#14611).
  * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
    over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC;
    (bso#15189).
  * Flush on a named stream never completes; (bso#15182).
  * vfs_gpfs silently garbles timestamps > year 2106;
    (bso#15151).
  * CVE-2021-20251 [SECURITY] Bad password count not incremented
    atomically; (bso#14611).
  * multi-channel socket passing may hit a race if one of the
    involved processes already existed; (bso#15200).
  * memory leak on temporary of struct imessaging_post_state and
    struct tevent_immediate on struct imessaging_context (in
    rpcd_spoolss and maybe others); (bso#15201).
  * Since popt1.19 various use after free errors using result of
    poptGetArg are now exposed; (bso#15205); (boo#1204279).
  * Remove special case for O_CREAT in SMB_VFS_OPENAT from

OBS-URL: https://build.opensuse.org/request/show/1030308
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=669
---
 samba-4.17.0+git.257.5f0ed03584a.tar.bz2 |  3 --
 samba-4.17.1+git.270.17afe7cb6b.tar.bz2  |  3 ++
 samba.changes                            | 53 ++++++++++++++++++++++++
 samba.spec                               |  7 +++-
 4 files changed, 62 insertions(+), 4 deletions(-)
 delete mode 100644 samba-4.17.0+git.257.5f0ed03584a.tar.bz2
 create mode 100644 samba-4.17.1+git.270.17afe7cb6b.tar.bz2

diff --git a/samba-4.17.0+git.257.5f0ed03584a.tar.bz2 b/samba-4.17.0+git.257.5f0ed03584a.tar.bz2
deleted file mode 100644
index 5d88efb..0000000
--- a/samba-4.17.0+git.257.5f0ed03584a.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fb8a6b3b72951b53c43fb4d6a62b9a27254ec615c83132b08bcdd926aa1271a2
-size 34219401
diff --git a/samba-4.17.1+git.270.17afe7cb6b.tar.bz2 b/samba-4.17.1+git.270.17afe7cb6b.tar.bz2
new file mode 100644
index 0000000..35afcf7
--- /dev/null
+++ b/samba-4.17.1+git.270.17afe7cb6b.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6e64c1eb782b2c679dd0c3abb7d43588f3ae7995d68287879156fbd9c2de8f9b
+size 34244224
diff --git a/samba.changes b/samba.changes
index 12f619d..71efc51 100644
--- a/samba.changes
+++ b/samba.changes
@@ -1,3 +1,56 @@
+-------------------------------------------------------------------
+Wed Oct 19 12:48:21 UTC 2022 - Noel Power <nopower@suse.com>
+
+- Update to 4.17.1
+  * CVE-2021-20251 [SECURITY] Bad password count not incremented
+    atomically; (bso#14611).
+  * smbXsrv_connection_shutdown_send result leaked; (bso#15174).
+  * Flush on a named stream never completes; (bso#15182).
+  * Permission denied calling SMBC_getatr when file not exists;
+    (bso#15195).
+  * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
+    over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC;
+    (bso#15189).
+  * pytest: add file removal helpers for TestCaseInTempDir;
+    (bso#15191).
+  * CVE-2021-20251 [SECURITY] Bad password count not incremented
+    atomically; (bso#14611).
+  * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
+    over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC;
+    (bso#15189).
+  * Flush on a named stream never completes; (bso#15182).
+  * vfs_gpfs silently garbles timestamps > year 2106;
+    (bso#15151).
+  * CVE-2021-20251 [SECURITY] Bad password count not incremented
+    atomically; (bso#14611).
+  * multi-channel socket passing may hit a race if one of the
+    involved processes already existed; (bso#15200).
+  * memory leak on temporary of struct imessaging_post_state and
+    struct tevent_immediate on struct imessaging_context (in
+    rpcd_spoolss and maybe others); (bso#15201).
+  * Since popt1.19 various use after free errors using result of
+    poptGetArg are now exposed; (bso#15205); (boo#1204279).
+  * Remove special case for O_CREAT in SMB_VFS_OPENAT from
+    vfs_glusterfs; (bso#15192).
+  * GETPWSID in memory cache grows indefinetly with each NTLM
+    auth; (bso#15169).
+  * CVE-2021-20251 [SECURITY] Bad password count not incremented
+    atomically; (bso#14611).
+- Install a systemd drop-in file for named service to allow
+  read/write access to the DLZ directory; (bsc#1201689);
+
+-------------------------------------------------------------------
+Fri Oct 14 14:20:51 UTC 2022 - Noel Power <nopower@suse.com>
+
+- Fix use after free errors resulting from using return of
+  poptGetArg exposed since popt-1.19; (boo#1204279); (bso#15205).
+
+-------------------------------------------------------------------
+Mon Sep 26 10:40:18 UTC 2022 - Noel Power <nopower@suse.com>
+
+- s3: smbd: Fix memory leak in
+  smbd_server_connection_terminate_done(); (bso#15174).
+
 -------------------------------------------------------------------
 Mon Sep 26 09:38:59 UTC 2022 - Noel Power <nopower@suse.com>
 
diff --git a/samba.spec b/samba.spec
index 9927694..6488a03 100644
--- a/samba.spec
+++ b/samba.spec
@@ -145,7 +145,7 @@ BuildRequires:  liburing-devel
 %endif
 BuildRequires:  sysuser-tools
 
-Version:        4.17.0+git.257.5f0ed03584a
+Version:        4.17.1+git.270.17afe7cb6b
 Release:        0
 URL:            https://www.samba.org/
 Obsoletes:      samba-32bit < %{version}
@@ -791,6 +791,9 @@ done
 %if %{with_dc}
 	ln -s service %{buildroot}/%{_sbindir}/rcsamba-ad-dc
 	install -m 0644 systemd/sysconfig.samba-ad-dc %{buildroot}%{_fillupdir}
+	# Drop-in file for named to allow r/w access to dlz dir (bsc#1201689)
+	install -d -m 0755 -p %{buildroot}%{_unitdir}/named.service.d
+	install -m 0644 systemd/named-override.conf %{buildroot}%{_unitdir}/named.service.d/26-samba-dlz.conf
 %endif
 rm %{buildroot}/%{_sysconfdir}/sysconfig/samba
 install -m 0644 systemd/sysconfig.samba %{buildroot}%{_fillupdir}
@@ -1751,6 +1754,8 @@ exit 0
 %files ad-dc
 %{_fillupdir}/sysconfig.samba-ad-dc
 %{_unitdir}/samba-ad-dc.service
+%dir %{_unitdir}/named.service.d
+%{_unitdir}/named.service.d/26-samba-dlz.conf
 %{_sbindir}/samba
 %{_sbindir}/samba_dnsupdate
 %{_sbindir}/samba_kcc