Commit Graph

477 Commits

Author SHA256 Message Date
Noel Power
6a8073e897 Accepting request 818624 from home:scabrero:branches:network:samba:STABLE
- Update to samba 4.12.5
  + Fix smbd panic on force-close share during async
    io; (bso#14301).
  + Fix segfault when using SMBC_opendir_ctx() routine for
    share folder that contains incorrect symbols in any
    file name; (bso#14374)
  + Fix DFS links; (bso#14391).
  + Can't use DNS functionality after a Windows DC has been
    in domain; (bso#14310).
  + ldapi search to FreeIPA crashes; (bso#14413).
  + Add net-ads-join dnshostname=fqdn option; (bso#14396)
  + Fix adding msDS-AdditionalDnsHostName to keytab with
    Windows DC; (bso#14406).
  + docs-xml: Update list of posible VFS operations for
    vfs_full_audit; (bso#14386).
  + winbindd: Fix a use-after-free when winbind clients exit;
    (bso#14382).
  + Client tools are not able to read gencache anymore;
    (bso#14370).
- Update to samba 4.12.4
  + CVE-2020-10730: NULL de-reference in AD DC LDAP server when
    ASQ and VLV combined; (bso#14364); (bsc#1173159)
  + CVE-2020-10745: invalid DNS or NBT queries containing dots use
    several seconds of CPU each; (bso#14378); (bsc#1173160).
  + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP
    server with paged_result or VLV; (bso#14402); (bsc#1173161)
  + CVE-2020-14303: Endless loop from empty UDP packet sent to
    AD DC nbt_server; (bso#14417); (bsc#1173359).

OBS-URL: https://build.opensuse.org/request/show/818624
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=633
2020-07-06 08:20:52 +00:00
Noel Power
a7db85abb1 Accepting request 810756 from home:scabrero:branches:network:samba:STABLE
- add libnetapi-devel to baselibs conf, for wine usage (bsc#1172307)

- Add system-user-nobody to samba package requirements

- Update to samba 4.12.3
  + Fix smbd panic on force-close share during async io; (bso#14301);
  + s3: vfs_full_audit: Add missing fcntl entry in vfs_op_names[] array;
    (bso#14343);
  + vfs_io_uring: Fix data corruption with Windows clients; (bso#14361);
  + Fix smbd crashes when MacOS Catalina connects if iconv initialization
    fails; (bso#14372);
  + Exporting from macOS Adobe Illustrator creates multiple copies;
    (bso#14150);
  + smbd does a chdir() twice per request; (bso#14256);
  + smbd mistakenly updates a file's write-time on close; (bso#14320);
  + vfs_shadow_copy2: implement case canonicalisation in
    shadow_copy2_get_real_filename(); (bso#14350);
  + Fix Windows 7 clients problem after upgrading samba file server;
    (bso#14375);
  + s3: Pass DCE RPC handle type to create_policy_hnd; (bso#14359);
  + Fix uxsuccess test with new MIT krb5 library 1.18; (bso#14155);
  + mit-kdc: Explicitly reject S4U requests; (bso#14342);
  + dbwrap_watch: Set rec->value_valid while returning nested
    share_mode_do_locked(); (bso#14352);
  + lib:util: Fix smbclient -l basename dir; (bso#14345);
  + s3:libads: Fix ads_get_upn(); (bso#14336);
  + ctdb: Fix a memleak; (bso#14348);
  + Malicous SMB1 server can crash libsmbclient; (bso#14366);
  + ldb: Bump version to 2.1.3, LMDB databases can grow without bounds;
    (bso#14330);

OBS-URL: https://build.opensuse.org/request/show/810756
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=632
2020-06-03 15:12:28 +00:00
David Disseldorp
7dbf28ebb4 Accepting request 800420 from home:scabrero:branches:network:samba:STABLE
- libsmb: Don't try to find posix stat info in SMBC_getatr();
  (bso#14101); (bsc#1169242);

OBS-URL: https://build.opensuse.org/request/show/800420
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=631
2020-05-06 10:18:05 +00:00
4bbe1d5392 Accepting request 799244 from home:npower:update_samba_4.12.2
- Move libdcerpc-server-core.so to samba-libs package, this was
  initially erroneously located in  samba-ad-dc.

OBS-URL: https://build.opensuse.org/request/show/799244
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=630
2020-04-30 19:18:06 +00:00
David Disseldorp
816dff106e Accepting request 798848 from home:npower:update_samba_4.12.2
- Update to samba 4.12.2
  + CVE-2020-10700: A client combining the 'ASQ' and
    'Paged Results' LDAP controls can cause a use-after-free
    in Samba's AD DC LDAP server;(bso#14331); (bsc#1169850)
  + CVE-2020-10704: A deeply nested filter in an un-authenticated
    LDAP search can exhaust the LDAP server's stack memory causing
    a SIGSEGV; (bso#14334); (bsc#1169851).

- Update to samba 4.12.1
  + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14295);
  + samba-tool group: Handle group names with special chars correctly;
    (bso#14296);
  + Add missing check for DMAPI offline status in async DOS attributes;
    (bso#14293);
  + Starting ctdb node that was powered off hard before results in recovery
    loop; (bso#14295);
  + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs;
    (bso#14307);
  + vfs_recycle: Prevent flooding the log if we're called on non-existant
    paths; (bso#14316);
  + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313);
  + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred;
    (bso#14327);
  + fruit:time machine max size is broken on arm; (bso#13622);
  + CTDB recovery corner cases can cause record resurrection and node
    banning; (bso#14294);
  + s3/utils: Fix double free error with smbtree; (bso#14332);
  + CTDB recovery corner cases can cause record resurrection and node
    banning; (bso#14294);
  + Starting ctdb node that was powered off hard before results in recovery

OBS-URL: https://build.opensuse.org/request/show/798848
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=629
2020-04-29 15:10:45 +00:00
92141f19eb Accepting request 788997 from home:npower:libsmbclient_timestruct
- s3: libsmbclient.h: add missing time.h include to fix
  ffmpeg build and make it compatible with -std=c99.

OBS-URL: https://build.opensuse.org/request/show/788997
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=628
2020-03-27 12:00:21 +00:00
Noel Power
ed5352ccab Accepting request 786416 from home:scabrero:branches:home:npower:update_factory_4.12.0
- ndrdump tests: Make the tests less fragile
- python/samba/gp_parse: Fix test errors with python3.8

- Starting ctdb node that was powered off hard before results
  in recovery loop; (bso#14295); (bsc#1162680).

- Update to samba 4.12.0
  + For details on all items see WHATSNEW.txt in samba-doc
    package.
  + Samba 4.12 raises this minimum version to Python
    3.5.
  + Samba now requires GnuTLS 3.4.7 to be installed.
  + New Spotlight backend for Elasticsearch.
  + Retiring DES encryption types in Kerberos. With this release,
    support for DES encryption types has been removed from
    Samba, and setting DES_ONLY flag for an account will cause
    Kerberos authentication to fail for that account (see
    RFC-6649).
  + Samba-DC: DES keys no longer saved in DB.
  + The netatalk VFS module has been removed.
  + The BIND9_FLATFILE DNS backend is deprecated in this release
    and will be removed in the future.
  + CTDB changes
    + The ctdb_mutex_fcntl_helper periodically re-checks the
      lock file.
+ Bugs
  + Retire DES encryption types in Kerberos; (bso#14202);
    bsc#(1165574).
  + dsdb: Correctly handle memory in objectclass_attrs;
    (bso#14258).

OBS-URL: https://build.opensuse.org/request/show/786416
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=627
2020-03-19 10:55:17 +00:00
David Disseldorp
ac3d2b343c - Remove unused pwdutils buildrequires
- Update to samba 4.11.6
  + pygpo: Use correct method flags; (bso#14209);
  + Avoiding bad call flags with python 3.8, using METH_NOARGS
    instead of zero; (bso#14209);
  + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h;
    (bso#14218);
  + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc;
    (bso#14122);
  + smbd: Fix the build with clang; (bso#14251);
  + upgradedns: Ensure lmdb lock files linked; (bso#14199);
  + s3: VFS: glusterfs: Reset nlinks for symlink entries during
    readdir; (bso#14182);
  + smbc_stat() doesn't return the correct st_mode and also the
    uid/gid is not filled (SMBv1) file; (bso#14101);
  + librpc: Fix string length checking in ndr_pull_charset_to_null();
    (bso#14219);
  + ctdb-scripts: Strip square brackets when gathering connection info;
    (bso#14227);

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=626
2020-02-03 14:55:39 +00:00
David Disseldorp
dc2643d6ee Accepting request 769391 from home:kukuk:branches:network:samba:STABLE
- Remove not used pwdutils buildrequires (pwdutils is gone since
  ages)

OBS-URL: https://build.opensuse.org/request/show/769391
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=625
2020-02-03 12:13:54 +00:00
d5a6815e74 Accepting request 766660 from home:npower:update_factory_4.11.5
- Fix nmbstatus not reporting detailed information about workgroups;
  (bsc#1159464);
- Fix querying all names registered within broadcast area; (bso#8927);

- Update to samab 4.11.5
  + CVE-2019-14902: Replication of ACLs down subtree on
    AD Directory is not automatic; (bso#12497); (bsc#1160850).
  + CVE-2019-19344: Fix  server crash with
    dns zone scavenging = yes; (bso#14050); (bsc#1160852).
  + CVE-2019-14907: server-side crash after charset conversion
    failure (eg during NTLMSSP processing); (bso#14208);
    (bsc#1160888).
- Update to samba 4.11.4
   + Ensure SMB1 cli_qpathinfo2() doesn't return an inode number;
     (bso#14161).
   + Ensure we don't call cli_RNetShareEnum() on an SMB1
     connection; (bso#14174).
   + NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in
     SMBC_opendir_ctx; (bso#14176).
   + SMB2 - Ensure we use the correct session_id if encrypting
     an interim response; (bso#14189).
   + Prevent smbd crash after invalid SMB1 negprot; (bso#14205).
   + printing: Fix %J substition; (bso#13745).
   + Remove now unneeded call to cmdline_messaging_context();
     (bso#13925).
   + Fix incomplete conversion of former parametric options;
     (bso#14069).
   + Fix sync dosmode fallback in async dosmode codepath;
     (bso#14070).
   + vfs_fruit returns capped resource fork length; (bso#14171).

OBS-URL: https://build.opensuse.org/request/show/766660
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=624
2020-01-23 16:09:39 +00:00
b5f09875ba Accepting request 755761 from home:npower:update_samba_4.11.3
- Update to samba 4.11.3
  + CVE-2019-14861: DNSServer RPC server crash, an authenticated user
    can crash the DCE/RPC DNS management server by creating records
    with matching the zone name; (bso#14138); (bsc#1158108).
  + CVE-2019-14870: DelegationNotAllowed not being enforced, the
    DelegationNotAllowed Kerberos feature restriction was not being
    applied when processing protocol transition requests (S4U2Self),
    in the AD DC KDC; (bso#14187); (bsc#1158109).

OBS-URL: https://build.opensuse.org/request/show/755761
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=623
2019-12-11 09:05:28 +00:00
19e9233f4d Accepting request 744290 from home:jmcdough:branches:STABLE-4.11.2
Update to 4.11.2

OBS-URL: https://build.opensuse.org/request/show/744290
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=622
2019-10-31 09:03:06 +00:00
af4f6d39e5 Accepting request 737886 from home:scabrero:branches:network:samba:STABLE
- Update to samba 4.11.0
  + For details on all items see WHATSNEW.txt in samba-doc
    package
  + Python2 runtime support removed; python 3.4 or later required
  + Security improvements:
    - SMB1 disabled by default
    - lanman and plaintext authentication deprecated
    - winbind: PAM_AUTH and NTLM_AUTH events logged
    - GnuTLS 3.2 required; system FIPS mode setting honored
  + CephFS Snapshot integration, exposed as previous file
    versions
  + ctdb changes:
    - onnode -o option removed
    - ctdbd logs when using more than 90% of a CPU thread
    - CTDB_MONITOR_SWAP_USAGE variable removed
  + AD Domain controller improvements:
    - Upgrade AD databse format
    - BIND9_FLATFILE deprecated
    - default process model chagned to prefork
    - bind9 dns operation duration logging
    - Default schema updated to 2012_R2; function level is
      unchanged
    - many performance improvements
  + Configuration webserver support removed

OBS-URL: https://build.opensuse.org/request/show/737886
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=621
2019-10-12 19:47:39 +00:00
David Disseldorp
116e35d954 Accepting request 728061 from home:scabrero:branches:network:samba:STABLE
- Update to samba 4.10.8
  + CVE-2019-10197: user escape from share path definition;
    (bso#14035); (bsc#1141267);

OBS-URL: https://build.opensuse.org/request/show/728061
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=620
2019-09-03 17:06:15 +00:00
65c974b42a Accepting request 727708 from home:npower:samba-update-4.10.7
- Fix build on newer systems by modifying samba.spec to use
  consistent non-relative paths for pammodules in configure line
  and specification of pam_winbind.so library to package.

- Update to samba 4.10.7
  + Unable to create or rename file/directory inside shares
    configured with vfs_glusterfs_fuse module; (bso#14010).
  + build: Allow build when '--disable-gnutls' is set; (bso#13844)
  + samba-tool: Add 'import samba.drs_utils' to fsmo.py;
    (bso#13973).
  + Fix 'Error 32 determining PSOs in system' message on old DB
    with FL upgrade; (bso#14008).
  + s4/libnet: Fix joining a Windows pre-2008R2 DC; (bso#14021)
  + join: Use a specific attribute order for the DsAddEntry
    nTDSDSA object; (bso#14046).
  + vfs_catia: Pass stat info to synthetic_smb_fname();
    (bso#14015).
  + lookup_name: Allow own domain lookup when flags == 0;
    (bso#14091).
  + s4 librpc rpc pyrpc: Ensure tevent_context deleted last;
    (bso#13932).
  + DEBUGC and DEBUGADDC doesn't print into a class specific log
    file; (bso#13915).
  + Request to keep deprecated option "server schannel",
    VMWare Quickprep requires "auto"; (bso#13949).
  + dbcheck: Fallback to the default tombstoneLifetime of 180 days;
    (bso#13967).
  + dnsProperty fails to decode values from older Windows versions;
    (bso#13969).
  + samba-tool: Use only one LDAP modify for dns partition fsmo

OBS-URL: https://build.opensuse.org/request/show/727708
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=619
2019-09-02 10:18:13 +00:00
Noel Power
67e8136281 Accepting request 710941 from home:scabrero:branches:network:samba:STABLE
- Update to samba-4.10.5 (including updates for 4.10.4, 4.10.3)

OBS-URL: https://build.opensuse.org/request/show/710941
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=618
2019-06-19 16:00:23 +00:00
David Disseldorp
9e27d199de Fix changelog chronological order
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=617
2019-05-15 00:09:54 +00:00
David Disseldorp
77e7f5e1ac - Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697).
- Add ceph_snapshots VFS module; (jsc#SES-183).

- Fix vfs_ceph realpath; (bso#13918); (bsc#1134452).

- Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245).

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=616
2019-05-14 23:56:57 +00:00
ab58c6daef Accepting request 696786 from network:samba:TESTING
- Update to samba-4.10.2:
  + CVE-2019-3870 (World writable files in
    Samba AD DC private/ dir); (bso#13834).
  + CVE-2019-3880 (Save registry file outside share as
    unprivileged user); (bso#13851).
  + py/kcc_utils: py2.6 compatibility; (bso#13837).
  + libcli: permit larger values of DataLength in
    SMB2_ENCRYPTION_CAPABILITIES of negotiate response;
    (bso#13869).
  + regfio: Improve handling of malformed registry hive files;
    (bso#13840).
  + ctdb-version: Simplify version string usage; (bso#13789).
  + lib: Make fd_load work for non-regular files; (bso#13859).
  + dbcheck: in the middle of the tombstone garbage collection
    causes replication failures,
      dbcheck: add --selftest-check-expired-tombstones cmdline
      option; (bso#13816).
  + ndr_spoolss_buf: Fix out of scope use of stack variable in
    NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818).
  + s4/messaging: Fix undefined reference in linking
    libMESSAGING-samba4.so; (bso#13854).
  + acl_read: Fix regression for empty lists; (bso#13836).
  + s4:dlz make b9_has_soa check dc=@ node; (bso#13841).
  + s3:client: Fix printing via smbspool backend with kerberos
    auth; (bso#13832).
  + s4:librpc: Fix installation of Samba; (bso#13847).
  + s3:lib: Fix the debug message for adding cache entries;
    (bso#13848).
  + s3:utils: Add 'smbstatus -L --resolve-uids' to show username;
    (bso#13793).
  + s3:lib: Fix the debug message for adding cache entries;
    (bso#13848).
  + s3:waf: Fix the detection of makdev() macro on Linux;
    (bso#13853).
   * ctdb-build: Drop creation of .distversion in tarball;
     (bso#13789).
   * ctdb-packaging: Test package requires tcpdump, ctdb package
     should not own system library directory;  (bso#13838).
- Update to samba-4.10.1:
  + py/kcc_utils: py2.6 compatibility; (bso#13837);
  + libcli: permit larger values of DataLength in
     SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869);
  + regfio: Improve handling of malformed registry hive files; (bso#13840);
  + ctdb-version: Simplify version string usage; (bso#13789);
  + lib: Make fd_load work for non-regular files; (bso#13859);
  + dbcheck in the middle of the tombstone garbage collection causes
     replication failures, dbcheck: add --selftest-check-expired-tombstones
     cmdline option; (bso#13816);
  + ndr_spoolss_buf: Fix out of scope use of stack variable in
     NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818);
  + s4/messaging: Fix undefined reference in linking
     libMESSAGING-samba4.so; (bso#13854);
  + acl_read: Fix regression for empty lists; (bso#13836);
  + s4:dlz make b9_has_soa check dc=@ node; (bso#13841);
  + s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832);
  + s4:librpc: Fix installation of Samba; (bso#13847);
  + s3:lib: Fix the debug message for adding cache entries; (bso#13848);
  + s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793);
  + s3:lib: Fix the debug message for adding cache entries; (bso#13848);
  + s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853);
  + ctdb-build: Drop creation of .distversion in tarball; (bso#13789);
  + ctdb-packaging: Test package requires tcpdump, ctdb package
     should not own system library directory; (bso#13838);
- Update to samba-4.10.0:
  + s4-server: Open and close a transaction on sam.ldb at startup; (bso#13760);
  + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
  + s4/scripting/bin: Open unicode files with utf8 encoding and write
  + unicode string.
  + sambaundoguididx: Use the right escaped oder unescaped sam ldb
    files; (bso#13759);
  + Fix idmap cache pollution with S-1-22- IDs on winbind hickup; (bso#13813);
  + passdb: Update ABI to 0.27.2.
  + lib/winbind_util: Add winbind_xid_to_sid for --without-winbind; (bso#13813);
  + lib:util: Move debug message for mkdir failing to log level 1; (bso#13823);

OBS-URL: https://build.opensuse.org/request/show/696786
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=615
2019-04-22 17:11:02 +00:00
David Disseldorp
3f063e45e1 - Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153).
- Fix update-apparmor-samba-profile script after apparmor switched
  to using named profiles. The change is backwards compatible;
  (bsc#1126377);

- LoadParm().load_default() fails with "Unable to load default file";
  (bsc#1089758);

- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=614
2019-03-05 10:51:42 +00:00
f4a14d4c40 Accepting request 664132 from home:npower:update_samba
- Update to samba-4.9.4
  + libcli/smb: Don't overwrite status code; (bso#9175).
  + wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164).
  + Session setup reauth fails to sign response; (bso#13661).
  + vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677).
  + vfs_shadow_copy2: Nicely deal with attempts to open previous
    version for writing; (bso#13688).
  + Restoring previous version of stream with vfs_shadow_copy2 fails
    with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455).
  + CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571).
  + s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708)
  + PEP8: fix E231: missing whitespace after ','.
  + winbindd: Fix crash when taking profiles;(bso#13629)
  + CVE-2018-14629 dns: Fix CNAME loop prevention using counter
    regression; (bso#13600)
  + 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686).
  + CVE-2018-16853: Do not segfault if client is not set; (bso#13571).
  + lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679)
  + ctdb-daemon: Exit with error if a database directory does not
    exist; (bso#13696).
  + s3:libads: Add net ads leave keep-account option; (bso#13498).

- Drop more %if..%endif guards which are idempotent.
- Drop requires on ldconfig which are already auto-discovered.
- Do not ignore errors from useradd/groupadd.

OBS-URL: https://build.opensuse.org/request/show/664132
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=612
2019-01-11 12:33:52 +00:00
Noel Power
9d38c3cc4b Accepting request 654115 from home:dmulder:branches:network:samba:STABLE
- Remove python2 build dependency from samba-libs; (bsc#1116900);
- Update update-apparmor-samba-profile script to ignore the shares's
  paths containing substitution variables in any place, not only at the
  beginning of the path.

OBS-URL: https://build.opensuse.org/request/show/654115
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=609
2018-12-05 17:34:52 +00:00
3635301ae9 Accepting request 652450 from home:scabrero:branches:network:samba:STABLE
- Update to samba-4.9.3
  + CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD
    Internal DNS server; (bso#13600); (bsc#1116319);
  + CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628);
    (bsc#1116320);
  + CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server;
    (bso#13674); (bsc#1116322);
  + CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers;
    (bso#13669); (bsc#1116321);
  + CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos
    configuration (unsupported); (bso#13678); (bsc#1116324);
  + CVE-2018-16857: Bad password count in AD DC not always effective;
    window; (bso#13683); (bsc#1116323);
- Update to samba-4.9.2
  + dsdb: Add comments explaining the limitations of our current backlink
    behaviour; (bso#13418);
  + Fix problems running domain backups (handling SMBv2, sites); (bso#13621);
  + testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3;
    (bso#13465);
  + Make vfs_fruit able to cleanup AppleDouble files; (bso#13642);
  + File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646);
  + Enabling vfs_fruit looses FinderInfo; (bso#13649);
  + Cancelling of SMB2 aio reads and writes returns wrong error
    NT_STATUS_INTERNAL_ERROR; (bso#13667);
  + Fix CTDB recovery record resurrection from inactive nodes and simplify
    vacuuming; (bso#13641);
  + examples: Fix the smb2mount build; (bso#13465);
  + libtevent: Fix build due to missing open_memstream on Illiumos;
    (bso#13629);
  + winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662);
  + dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path;
    (bso#13653);
  + Extended DN SID component missing for member after switching group
    membership; (bso#13418);
  + Return STATUS_SESSION_EXPIRED error encrypted, if the request was
    encrypted; (bso#13624);
  + python: Allow forced signing via smb.SMB(); (bso#13621);
  + lib:socket: If returning early, set ifaces; (bso#13665);
  + ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8
    encoded unicode; (bso#13616);
  + smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute;
    (bso#13673);
  + waf: Add -fstack-clash-protection; (bso#13601);
  + winbind: Fix segfault if an invalid passdb backend is configured;
    (bso#13668);
  + Fix bugs in CTDB event handling; (bso#13659);
  + Misbehaving nodes are sometimes not banned; (bso#13670);

OBS-URL: https://build.opensuse.org/request/show/652450
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=608
2018-11-28 19:20:32 +00:00
83ce450992 Accepting request 645785 from home:dmulder:4.9.1-get_interfaces-segfault
- lib:socket: If returning early, set ifaces; (bso#13665); (bsc#1111373);
- winbind requires latest version of libtevent-util0 to start

OBS-URL: https://build.opensuse.org/request/show/645785
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=607
2018-11-01 09:50:46 +00:00
5440789625 Accepting request 641729 from home:dmulder:branches:network:samba:STABLE
- Backport latest gpo code from master
  + Read policy from local gpt cache
  + Offline policy application
  + Make group policy extensible via register/unregister gpext
  + gpext's run via a process_group_policy method
- Enable profiling data collection
- Change samba-kdc package name to samba-ad-dc
- Move samba-ad-dc.service to the samba-ad-dc package

OBS-URL: https://build.opensuse.org/request/show/641729
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=604
2018-10-12 17:15:14 +00:00
c76825592d Accepting request 638021 from home:scabrero:branches:network:samba:STABLE
- Update to samba-4.9.1
  + s3: nmbd: Stop nmbd network announce storm; (bso#13620);
  + s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds;
    (bso#13597);
  + CTDB recovery lock has some race conditions; (bso#13617);
  + s3-rpc_client: Advertise Windows 7 client info; (bso#13597);
  + ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page; (bso#13610);

OBS-URL: https://build.opensuse.org/request/show/638021
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=603
2018-09-25 14:58:38 +00:00
445e8eaa57 Accepting request 635794 from home:dmulder:branches:network:samba:STABLE:4.9
- Update to samba-4.9.0
  + samba_dnsupdate: Honor 'dns zone scavenging' option, only update if
    needed; (bso#13605);
  + wafsamba: Fix 'make -j<jobs>'; (bso#13606);
- Update to samba-4.9.0rc5
  + s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only
    returns absolute pathnames; (bso#13565);
  + s3: util: Do not take over stderr when there is no log file; (bso#13578);
  + Durable Reconnect fails because cookie.allow_reconnect is not
    set; (bso#13549);
  + krb5-samba: Interdomain trust uses different salt principal; (bso#13539);
  + vfs_fruit: Don't unlink the main file; (bso#13441);
  + smbd: Fix a memleak in async search ask sharemode; (bso#13602);
  + Fix Samba GPO issue when Trust is enabled; (bso#11517);
  + samba-tool: Add "virtualKerberosSalt" attribute to
    'user getpassword/syncpasswords'; (bso#13539);
  + Fix CTDB configuration issues; (bso#13589);
  + ctdbd logs an error until it can successfully connect to
    eventd; (bso#13592);
- Update to samba-4.9.0rc4
  + s3: smbd: Ensure get_real_filename() copes with empty
    pathnames; (bso#13585);
  + samba domain backup online/rename commands force user to specify
    password on CLI; (bso#13566);
  + wafsamba/samba_abi: Always hide ABI symbols which must be
    local; (bso#13579);
  + Fix a panic if fruit_access_check detects a locking conflict; (bso#13584);
  + Fix memory and resource leaks; (bso#13567);
  + python: Fix print in dns_invalid.py; (bso#13580);
  + Aliasing issue causes incorrect IPv6 checksum; (bso#13588);
  + Fix CTDB configuration issues; (bso#13589);
  + s3: vfs: time_audit: fix handling of token_blob in
    smb_time_audit_offload_read_recv(); (bso#13568);
- Update to samba-4.9.0rc3+git.22.3fff23ae36e
  + CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
    returns from malicious servers; (bso#13453);
  + CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query
    with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374);
  + CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
    not servicePrincipalName is set on a user; (bso#13552);
  + CVE-2018-10919: acl_read: Fix unauthorized attribute access via
    searches; (bso#13434);
  + ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540);
  + CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
    is disabled via "ntlm auth"; (bso#13360);
  + s3-tldap: do not install test_tldap; (bso#13529);
  + ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540);
  + CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
    ltdb_index_dn_attr(); (bso#13374);
  + ctdb-eventd: Fix CID 1438155; (bso#13554);
  + Fix CIDs 1438243, (Unchecked return value) 1438244
    (Unsigned compared against 0), 1438245 (Dereference before null check) and
    1438246 (Unchecked return value); (bso#13553);
  + ctdb: Fix a cut&paste error; (bso#13554);
  + systemd: Only start smb when network interfaces are up; (bso#13559);
  + Fix quotas don't work with SMB2; (bso#13553);
  + s3/smbd: Ensure quota code is only called when quota support
    detected; (bso#13563);
  + s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204);
  + s3:waf: Install eventlogadm to /usr/sbin; (bso#13561);
  + Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);
- Update to samba-4.9.0rc2+git.21.a1069afb007
  + s3: smbd:  Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537);
  + s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check();
    (bso#13535);
  + samba-tool trust: Support discovery via netr_GetDcName; (bso#13538);
  + s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542);
  + Fix portability issues on freebsd; (bso#13520);
  + DNS wildcard search does not handle multiple labels correctly; (bso#13536);
  + samba-tool domain trust: Fix trust compatibility to Windows
    Server 1709 and FreeIPA; (bso#13308);
  + Fix portability issues on freebsd; (bso#13520);
  + ctdb-protocol: Fix CTDB compilation issues; (bso#13545);
  + ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT
    option; (bso#13546);
  + ctdb-doc: Provide an example script for migrating old
    configuration; (bso#13550);
  + ctdb-event: Implement event tool "script list" command; (bso#13551);

OBS-URL: https://build.opensuse.org/request/show/635794
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=602
2018-09-25 07:15:30 +00:00
Aurelien Aptel
95c4496280 Accepting request 631724 from home:vitezslav_cizek:branches:network:samba:STABLE
- Add missing zlib-devel dependency which was previously pulled in
  by libopenssl-devel

OBS-URL: https://build.opensuse.org/request/show/631724
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=601
2018-08-30 15:33:08 +00:00
25e8716475 Accepting request 629523 from home:npower:update_factory
- Update to samba-4.8.4+git.37.a7a861d7982;
  + CVE-2018-1139:  Weak authentication protocol allowed;
    (bsc#1095048); (bsc#13360);
  + CVE-2018-1140:  Denial of Service Attack on DNS and LDAP server;
    (bsc#1095056); (bso#13466); (bso#13374);
  + CVE-2018-10858: Insufficient input validation on client directory
    listing in libsmbclient; (bsc#1103411); (bso#13453);
  + CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server;
    (bsc#1103414); (bso#13552);
  + CVE-2018-10919: Confidential attribute disclosure from the AD
    LDAP server; (bsc#1095057); (bso#13434);
  + s3:winbind: winbind normalize names' doesn't work for users;
    (bso#12851);
  + winbind: Fix UPN handling in canonicalize_username(); (bso#13369);
  + s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428);
  + samdb: Fix building Samba with gcc 8.1; (bso#13437);
  + s3:utils: Do not segfault on error in DoDNSUpdate();  (bso#13440);
  + smbd: Flush dfree memcache on service reload; (bso#13446);
  + ldb: Save a copy of the index result before calling the
  + lib/util: No Backtrace given by Samba's AD DC by default;
    (bso#13454).
  + s3: smbd: printing: Re-implement delete-on-close semantics for
    print files missing since 3.5.x; (bso#13457).
  + python: Fix talloc frame use in make_simple_acl(); (bso#13474).
  + krb5_wrap: Fix keep_old_entries logic for older Kerberos
    libraries;(bso#13478).
  + krb5_plugin: Add winbind localauth plugin for MIT Kerberos;
    (bso#13480).

OBS-URL: https://build.opensuse.org/request/show/629523
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=600
2018-08-16 10:27:26 +00:00
David Disseldorp
8892e4b337 Accepting request 612904 from home:scabrero:branches:network:samba:STABLE
- Add missing package descriptions; (bsc#1093864);
- Fix dependency issue between samba-python and samba-kdc; (bsc#1062876);
- Call update-apparmor-samba-profile when running samba-ad-dc;
  (bsc#1092099);

OBS-URL: https://build.opensuse.org/request/show/612904
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=599
2018-05-29 16:03:39 +00:00
David Disseldorp
ef09da2cf2 Accepting request 611762 from home:jmcdough:factory-f-8-2
Update to 4.8.2

OBS-URL: https://build.opensuse.org/request/show/611762
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=598
2018-05-23 22:11:09 +00:00
David Disseldorp
4831756114 Accepting request 603033 from home:scabrero:branches:network:samba:STABLE
- Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is
  required by some client libs; (bsc#1074135);
- Update to 4.8.1; (bsc#1091179);
  + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error,
    we don't own it here; (bso#13244);
  + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't
    support fdopendir(); (bso#13270);
  + Round-tripping ACL get/set through vfs_fruit will increase the number of
    ACE entries without limit; (bso#13319);
  + s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit
    issues; (bso#13347);
  + s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without
    delete access; (bso#13358);
  + s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372);
  + s3: smbd: Unix extensions attempts to change wrong field in fchown call;
    (bso#13375);
  + ms_schema/samba-tool visualize: Fix python2.6 incompatibility;
    (bso#13337);
  + Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352);
  + Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
  + winbindd: Recover loss of netlogon secure channel in case the peer DC is
    rebooted; (bso#13332);
  + s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363);
  + ctdb-client: Fix bugs in client code; (bso#13356);
  + ctdb-scripts: Drop "net serverid wipe" from 50.samba event script;
    (bso#13359);
  + s3: lib: messages: Don't use the result of sec_init() before calling
    sec_init(); (bso#13368);
  + libads: Fix the build '--without-ads'; (bso#13273);
  + winbind: Keep "force_reauth" in invalidate_cm_connection, add
    'smbcontrol disconnect-dc'; (bso#13332);
  + vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343);
  + dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367);
  + rpc_server: Fix core dump in dfsgetinfo; (bso#13370);
  + smbclient: Fix notify; (bso#13382);
  + Fix smbd panic if the client-supplied channel sequence number wraps;
    (bso#13215);
  + Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
  + lib/util: Remove unused '#include <sys/syscall.h>' from tests/tfork.c;
    (bso#13342);
  + Fix build errors with cc from developerstudio 12.5 on Solaris;
    (bso#13343);
  + Fix the picky-developer build on FreeBSD 11; (bso#13344);
  + s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345);
  + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338);
  + lib:replace: Fix linking when libtirpc-devel overwrites system headers;
    (bso#13341);
  + winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid
    query; (bso#13312);
  + s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376);
  + Allow AESNI to be used on all processor supporting AESNI; (bso#13302);

OBS-URL: https://build.opensuse.org/request/show/603033
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=597
2018-05-02 12:11:26 +00:00
d5d8b11391 Accepting request 595751 from home:aaptel:samba-bsc1088574-fixdameon
- Use new foreground execution flags for systemd samba daemons;
  (bsc#1088574); (bsc#1071090); (bsc#1065551);
  + Add %post scriptlet to clear old sysconfig flags
- Update vendor-files to commit 880b3e7.
  + Set samba sysconfig template variables to ""
  + Add required daemon flags directly to systemd unit

OBS-URL: https://build.opensuse.org/request/show/595751
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=595
2018-04-17 08:41:14 +00:00
Aurelien Aptel
c72ef26ec8 Accepting request 590371 from home:dimstar:Factory
- BuildRequire pkgconfig(systemd) and pkgconfig(libsystemd) in
  place of systemd and systemd-devel: Allow OBS to optimize the
  workload by allowing the usage of the 'build-optimized' systemd
  packages.

The build failure seen in my branch is unrelated to this change!

OBS-URL: https://build.opensuse.org/request/show/590371
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=594
2018-04-03 10:26:56 +00:00
Aurelien Aptel
c968b2c266 Accepting request 592006 from home:jmcdough:branches:network:samba:STABLE
Specfile cleanup

OBS-URL: https://build.opensuse.org/request/show/592006
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=593
2018-03-28 12:48:56 +00:00
Aurelien Aptel
21f8aa12bf Accepting request 591871 from home:jengelh:branches:network:samba:STABLE
- Remove %if..%endif guards which have absolutely no effect on
  the build. Remove redundant %clean section. Replace old $RPM_*
  shell vars by macros.

OBS-URL: https://build.opensuse.org/request/show/591871
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=592
2018-03-28 10:10:05 +00:00
57dbe355e9 Accepting request 590349 from home:dmulder:branches:network:samba:STABLE
Add changelog entry for python3 package change.

OBS-URL: https://build.opensuse.org/request/show/590349
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=590
2018-03-22 15:16:14 +00:00
d020619cba Accepting request 588506 from home:jmcdough:4-8-factory
Update to latest upstream release 4.8.0

OBS-URL: https://build.opensuse.org/request/show/588506
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=587
2018-03-19 11:30:22 +00:00
David Disseldorp
50a178461c Accepting request 586356 from home:jmcdough:branches:network:samba:STABLE
Update to 4.7.6; CVE-2018-1050; CVE-2018-1057

OBS-URL: https://build.opensuse.org/request/show/586356
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=586
2018-03-13 11:06:00 +00:00
9d5a2081cb Accepting request 584106 from home:npower:aaptel-nonpy
bsc#1082139 For SLE15 remove python related libraries and files until python3 support is complete.
  + Remove contents of package samba-python
  + Remove contents of package libsamba-policy0
  + Remove contents of package libsamba-policy-devel
  + Remove smbtorture binary and manpage from samba-test

OBS-URL: https://build.opensuse.org/request/show/584106
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=585
2018-03-08 12:12:09 +00:00
fa60c33bca Accepting request 581020 from home:aaptel:samba-nopython-bsc1082139
- Disable python until full python3 port is done; (bsc#1082139);
  + Remove package samba-python
  + Remove package libsamba-policy0
  + Remove package libsamba-policy-devel
  + Remove library libsamba-python-samba4.so from samba-libs package
  + Remove library libsamba-net-samba4.so from samba-libs package
  + Remove smbtorture binary and manpage

OBS-URL: https://build.opensuse.org/request/show/581020
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=584
2018-02-28 17:20:55 +00:00
d3afc22ba9 Accepting request 579551 from home:dmulder:branches:network:samba:STABLE
- samba fails to build with glibc2.27; (bsc#1081042);

OBS-URL: https://build.opensuse.org/request/show/579551
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=583
2018-02-23 19:40:04 +00:00
4d6e2ed9eb Accepting request 577066 from home:dmulder:branches:network:samba:STABLE
- Re-enable usage of libnsl (did got lost with glibc change)
- Use TI-RPC (sunrpc is deprecated and will be removed soon from
  glibc)

OBS-URL: https://build.opensuse.org/request/show/577066
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=582
2018-02-15 16:50:20 +00:00
David Disseldorp
e51c95ae52 Accepting request 575830 from home:scabrero:branches:network:samba:STABLE
- Update to 4.7.5; (bsc#1080545);
  + smbd tries to release not leased oplock during oplock II downgrade;
    (bso#13193);
  + Fix copying file with empty FinderInfo from Windows client to Samba share
    with fruit; (bso#13181);
  + build: Deal with recent glibc sunrpc header removal; (bso#10976);
  + Make Samba work with tirpc and libnsl2; (bso#13238);
  + vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208);
    (bsc#1075206);
  + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
    (bso#12986);
  + ctdb-recovery-helper: Deregister message handler in error paths;
    (bso#13188);
  + samba: Only use async signal-safe functions in signal handler; (bso#13240);
  + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
    (bso#12986);
  + repl_meta_data: Fix linked attribute corruption on databases
    with unsorted links on expunge. dbcheck: Add functionality to fix the
    corrupt database; (bso#13228);
  + Fix smbd panic when chdir returns error during exit; (bso#13189);
  + Make Samba work with tirpc and libnsl2; (bso#13238);
  + Fix POSIX ACL support on HPUX and possibly other big-endian OSs;
    (bso#13176);
- Update to 4.7.4; (bsc#1080545);
  + s3: smbclient: Implement 'volume' command over SMB2; (bso#13140);
  + s3: libsmb: Fix valgrind read-after-free error in
    cli_smb2_close_fnum_recv(); (bso#13171);
  + s3: libsmb: Fix reversing of oldname/newname paths when creating a
    reparse point symlink on Windows from smbclient; (bso#13172);
  + Build man page for vfs_zfsacl.8 with Samba; (bso#12934);
  + repl_meta_data: Allow delete of an object with dangling backlinks;
    (bso#13095);
  + s4:samba: Fix default to be running samba as a deamon; (bso#13129);
  + Performance regression in DNS server with introduction of DNS wildcard,
    ldb: Release 1.2.3; (bso#13191);
  + vfs_zfsacl: Fix compilation error; (bso#6133);
  + "smb encrypt" setting changes are not fully applied until full smbd
    restart; (bso#13051);
  + winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052);
  + vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155);
  + winbindd: Dependency on trusted-domain list in winbindd in critical auth
    codepath; (bso#13173);
  + repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120);
  + ctdb: sock_daemon leaks memory; (bso#13153);
  + TCP tickles not getting synchronised on CTDB restart; (bso#13154);
  + winbindd: winbind parent and child share a ctdb connection; (bso#13150);
  + pthreadpool: Fix deadlock; (bso#13170);
  + pthreadpool: Fix starvation after fork; (bso#13179);
  + messaging: Always register the unique id; (bso#13180);
  + s4/smbd: set the process group; (bso#13129);
  + Fix broken linked attribute handling; (bso#13095);
  + The KDC on an RWDC doesn't send error replies in some situations;
    (bso#13132);
  + libnet_join: Fix 'net rpc oldjoin'; (bso#13149);
  + g_lock conflict detection broken when processing stale entries;
    (bso#13195);
  + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired
    sessions; (bso#13197);
  + s3:libads: net ads keytab list fails with "Key table name malformed";
    (bso#13166); (bsc#1067700);
  + Fix crash in pthreadpool thread after failure from pthread_create;
    (bso#13170);
  + s4:samba: Allow samba daemon to run in foreground; (bso#13129);
    (bsc#1065551);
  + third_party: Link the aesni-intel library with "-z noexecstack";
    (bso#13174);
  + vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I"
    options; (bso#13125);

OBS-URL: https://build.opensuse.org/request/show/575830
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=581
2018-02-12 16:28:43 +00:00
270fb12295 Accepting request 546497 from home:scabrero:branches:network:samba:STABLE
- smbc_opendir should not return EEXIST with invalid login credentials;
  (bnc#1065868).
- Update to 4.7.3; (bsc#1069666);
  + Non-smbd processes using kernel oplocks can hang smbd;
    (bso#13121);
  + python: use communicate to fix Popen deadlock; (bso#13127);
  + smbd on disk file corruption bug under heavy threaded load;
    (bso#13130);
  + tevent: version 0.9.34; (bso#13130);
  + s3: smbd: Fix delete-on-close after smb2_find; (bso#13118);
  + CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug;
    (bsc#1060427);(bso#13041);
  + CVE-2017-15275: s3: smbd: Chain code can return uninitialized
    memory when talloc buffer is grown; (bsc#1063008); (bso#13077);
- Build with AD DC support only in openSUSE.

OBS-URL: https://build.opensuse.org/request/show/546497
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=579
2017-11-29 17:56:39 +00:00
96e969a95c Accepting request 546037 from home:RBrownSUSE:branches:network:samba:STABLE
Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)

OBS-URL: https://build.opensuse.org/request/show/546037
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=578
2017-11-27 16:09:07 +00:00
c11fa40403 Accepting request 542093 from home:dmulder:branches:network:samba:STABLE
- samba-tool requires samba-python; (bnc#1067771).

OBS-URL: https://build.opensuse.org/request/show/542093
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=577
2017-11-23 17:50:43 +00:00
947f939688 Accepting request 539834 from home:scabrero:branches:network:samba:STABLE
- Run all daemons in the foreground and let systemd handle it; (bsc#1065551).
- Update to 4.7.1;
  + Fix exporting subdirs with shadow_copy2; (bso#13091);
  + Currently if getwd() fails after a chdir(), we panic; (bso#13027);
  + Ensure default SMB_VFS_GETWD() call can't return a partially completed
    struct smb_filename; (bso#13068);
  + sys_getwd() can leak memory or possibly return the wrong errno on older
    systems; (bso#13069);
  + smbclient doesn't correctly canonicalize all local names before use;
    (bso#13093);
  + Fix broken linked attribute handling; (bso#13095);
  + Missing LDAP query escapes in DNS rpc server; (bso#12994);
  + Link to -lbsd when building replace.c by hand; (bso#13087);
  + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem;
    (bso#6133);
  + Map SYNCHRONIZE acl permission statically in zfs_acl vfs module;
    (bso#7909);
  + Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module;
    (bso#7933);
  + Missing assignment in sl_pack_float; (bso#12991);
  + Wrong Samba access checks when changing DOS attributes; (bso#12995);
  + samba_runcmd_send() leaves zombie processes on timeout; (bso#13062);
  + groupmap cleanup should not delete BUILTIN mappings; (bso#13065);
  + Enabling vfs_fruit results in loss of Finder tags and other xattrs;
    (bso#13076);
  + man pages: Properly ident lists; (bso#9613);
  + smb.conf.5: Sort parameters alphabetically; (bso#13081);
  + Fix GUID string format on GetPrinter info; (bso#12993);
  + Remote serverid check doesn't check for the unique id; (bso#13042);
  + CTDB starts consuming memory if there are dead nodes in the cluster;
    (bso#13056);
  + ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070);
  + libgpo doesn't sort the GPOs in the correct order; (bso#13046);
  + Remote serverid check doesn't check for the unique id; (bso#13042);
  + vfs_catia: Fix a potential memleak; (bso#13090);
  + Fix file change notification for renames; (bso#12903);
  + Samba DNS server does not honour wildcards; (bso#12952);
  + Can't change password in samba from a Windows client if Samba runs on
    IPv6 only interface; (bso#13079);
  + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086);
  + Apple client can't cope with SMB2 async replies when creating symlinks;
    (bso#13047);
  + s4:rpc_server:backupkey: Move variable into scope; (bso#12959);
  + Fix ntstatus_gen.h generation on 32bit; (bso#13099);
  + Fix a double free in vfs_gluster_getwd(); (bso#13100);
  + Fix resouce leaks and pointer issues; (bso#13101);
  + vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);

OBS-URL: https://build.opensuse.org/request/show/539834
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=576
2017-11-08 19:20:20 +00:00
0a39f1cd81 Accepting request 536033 from home:dimstar:Factory
This is at least one of the issue of samba in :L - might be more stuff missing

OBS-URL: https://build.opensuse.org/request/show/536033
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=575
2017-10-24 16:59:03 +00:00
Aurelien Aptel
3514726402 Accepting request 532129 from home:scabrero:branches:network:samba:STABLE
- Update to 4.7.0;
  + Whole DB read locks: Improved LDAP and replication consistency;
    (bso#12858).
  + Samba AD with MIT Kerberos
  + Dynamic RPC port range: Default range changed from "1024-1300" to
    "49152-65535".
  + Authentication and Authorization audit support: New auth_audit debug
    class.
  + Multi-process LDAP Server: The LDAP server in the AD DC now honours
    the process model used for the rest of the 'samba' process.
  + Improved Read-Only Domain Controller (RODC) Support; (bso#12977).
  + Additional password hashes stored in supplementalCredentials.
  + Improvements to DNS during Active Directory domain join.
  + Significant AD performance and replication improvements.
  + Query record for open file or directory.
  + Removal of lpcfg_register_defaults_hook().
  + Change of loadable module interface.
  + SHA256 LDAPS Certificates: The self-signed certificate generated for use
    on LDAPS will now be generated with a SHA256 self-signature, not a SHA1
    self-signature.
  + CTDB no longer allows mixed minor versions in a cluster.
  + CTDB now ignores hints from Samba about TDB flags when attaching to
    databases.
  + New configuration variable CTDB_NFS_CHECKS_DIR.
  + The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed.
  + The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed.
  + The example NFS Ganesha call-out has been improved.
  + A new "replicated" database type is available.

OBS-URL: https://build.opensuse.org/request/show/532129
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=573
2017-10-11 16:43:10 +00:00