- Update to samba 4.12.5
+ Fix smbd panic on force-close share during async
io; (bso#14301).
+ Fix segfault when using SMBC_opendir_ctx() routine for
share folder that contains incorrect symbols in any
file name; (bso#14374)
+ Fix DFS links; (bso#14391).
+ Can't use DNS functionality after a Windows DC has been
in domain; (bso#14310).
+ ldapi search to FreeIPA crashes; (bso#14413).
+ Add net-ads-join dnshostname=fqdn option; (bso#14396)
+ Fix adding msDS-AdditionalDnsHostName to keytab with
Windows DC; (bso#14406).
+ docs-xml: Update list of posible VFS operations for
vfs_full_audit; (bso#14386).
+ winbindd: Fix a use-after-free when winbind clients exit;
(bso#14382).
+ Client tools are not able to read gencache anymore;
(bso#14370).
- Update to samba 4.12.4
+ CVE-2020-10730: NULL de-reference in AD DC LDAP server when
ASQ and VLV combined; (bso#14364); (bsc#1173159)
+ CVE-2020-10745: invalid DNS or NBT queries containing dots use
several seconds of CPU each; (bso#14378); (bsc#1173160).
+ CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP
server with paged_result or VLV; (bso#14402); (bsc#1173161)
+ CVE-2020-14303: Endless loop from empty UDP packet sent to
AD DC nbt_server; (bso#14417); (bsc#1173359).
OBS-URL: https://build.opensuse.org/request/show/818624
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=633
- Update to samba 4.12.2
+ CVE-2020-10700: A client combining the 'ASQ' and
'Paged Results' LDAP controls can cause a use-after-free
in Samba's AD DC LDAP server;(bso#14331); (bsc#1169850)
+ CVE-2020-10704: A deeply nested filter in an un-authenticated
LDAP search can exhaust the LDAP server's stack memory causing
a SIGSEGV; (bso#14334); (bsc#1169851).
- Update to samba 4.12.1
+ nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14295);
+ samba-tool group: Handle group names with special chars correctly;
(bso#14296);
+ Add missing check for DMAPI offline status in async DOS attributes;
(bso#14293);
+ Starting ctdb node that was powered off hard before results in recovery
loop; (bso#14295);
+ smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs;
(bso#14307);
+ vfs_recycle: Prevent flooding the log if we're called on non-existant
paths; (bso#14316);
+ librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313);
+ nsswitch: Fix use-after-free causing segfault in _pam_delete_cred;
(bso#14327);
+ fruit:time machine max size is broken on arm; (bso#13622);
+ CTDB recovery corner cases can cause record resurrection and node
banning; (bso#14294);
+ s3/utils: Fix double free error with smbtree; (bso#14332);
+ CTDB recovery corner cases can cause record resurrection and node
banning; (bso#14294);
+ Starting ctdb node that was powered off hard before results in recovery
OBS-URL: https://build.opensuse.org/request/show/798848
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=629
- ndrdump tests: Make the tests less fragile
- python/samba/gp_parse: Fix test errors with python3.8
- Starting ctdb node that was powered off hard before results
in recovery loop; (bso#14295); (bsc#1162680).
- Update to samba 4.12.0
+ For details on all items see WHATSNEW.txt in samba-doc
package.
+ Samba 4.12 raises this minimum version to Python
3.5.
+ Samba now requires GnuTLS 3.4.7 to be installed.
+ New Spotlight backend for Elasticsearch.
+ Retiring DES encryption types in Kerberos. With this release,
support for DES encryption types has been removed from
Samba, and setting DES_ONLY flag for an account will cause
Kerberos authentication to fail for that account (see
RFC-6649).
+ Samba-DC: DES keys no longer saved in DB.
+ The netatalk VFS module has been removed.
+ The BIND9_FLATFILE DNS backend is deprecated in this release
and will be removed in the future.
+ CTDB changes
+ The ctdb_mutex_fcntl_helper periodically re-checks the
lock file.
+ Bugs
+ Retire DES encryption types in Kerberos; (bso#14202);
bsc#(1165574).
+ dsdb: Correctly handle memory in objectclass_attrs;
(bso#14258).
OBS-URL: https://build.opensuse.org/request/show/786416
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=627
- Fix nmbstatus not reporting detailed information about workgroups;
(bsc#1159464);
- Fix querying all names registered within broadcast area; (bso#8927);
- Update to samab 4.11.5
+ CVE-2019-14902: Replication of ACLs down subtree on
AD Directory is not automatic; (bso#12497); (bsc#1160850).
+ CVE-2019-19344: Fix server crash with
dns zone scavenging = yes; (bso#14050); (bsc#1160852).
+ CVE-2019-14907: server-side crash after charset conversion
failure (eg during NTLMSSP processing); (bso#14208);
(bsc#1160888).
- Update to samba 4.11.4
+ Ensure SMB1 cli_qpathinfo2() doesn't return an inode number;
(bso#14161).
+ Ensure we don't call cli_RNetShareEnum() on an SMB1
connection; (bso#14174).
+ NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in
SMBC_opendir_ctx; (bso#14176).
+ SMB2 - Ensure we use the correct session_id if encrypting
an interim response; (bso#14189).
+ Prevent smbd crash after invalid SMB1 negprot; (bso#14205).
+ printing: Fix %J substition; (bso#13745).
+ Remove now unneeded call to cmdline_messaging_context();
(bso#13925).
+ Fix incomplete conversion of former parametric options;
(bso#14069).
+ Fix sync dosmode fallback in async dosmode codepath;
(bso#14070).
+ vfs_fruit returns capped resource fork length; (bso#14171).
OBS-URL: https://build.opensuse.org/request/show/766660
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=624
- Update to samba 4.11.3
+ CVE-2019-14861: DNSServer RPC server crash, an authenticated user
can crash the DCE/RPC DNS management server by creating records
with matching the zone name; (bso#14138); (bsc#1158108).
+ CVE-2019-14870: DelegationNotAllowed not being enforced, the
DelegationNotAllowed Kerberos feature restriction was not being
applied when processing protocol transition requests (S4U2Self),
in the AD DC KDC; (bso#14187); (bsc#1158109).
OBS-URL: https://build.opensuse.org/request/show/755761
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=623
- Update to samba 4.11.0
+ For details on all items see WHATSNEW.txt in samba-doc
package
+ Python2 runtime support removed; python 3.4 or later required
+ Security improvements:
- SMB1 disabled by default
- lanman and plaintext authentication deprecated
- winbind: PAM_AUTH and NTLM_AUTH events logged
- GnuTLS 3.2 required; system FIPS mode setting honored
+ CephFS Snapshot integration, exposed as previous file
versions
+ ctdb changes:
- onnode -o option removed
- ctdbd logs when using more than 90% of a CPU thread
- CTDB_MONITOR_SWAP_USAGE variable removed
+ AD Domain controller improvements:
- Upgrade AD databse format
- BIND9_FLATFILE deprecated
- default process model chagned to prefork
- bind9 dns operation duration logging
- Default schema updated to 2012_R2; function level is
unchanged
- many performance improvements
+ Configuration webserver support removed
OBS-URL: https://build.opensuse.org/request/show/737886
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=621
- Fix build on newer systems by modifying samba.spec to use
consistent non-relative paths for pammodules in configure line
and specification of pam_winbind.so library to package.
- Update to samba 4.10.7
+ Unable to create or rename file/directory inside shares
configured with vfs_glusterfs_fuse module; (bso#14010).
+ build: Allow build when '--disable-gnutls' is set; (bso#13844)
+ samba-tool: Add 'import samba.drs_utils' to fsmo.py;
(bso#13973).
+ Fix 'Error 32 determining PSOs in system' message on old DB
with FL upgrade; (bso#14008).
+ s4/libnet: Fix joining a Windows pre-2008R2 DC; (bso#14021)
+ join: Use a specific attribute order for the DsAddEntry
nTDSDSA object; (bso#14046).
+ vfs_catia: Pass stat info to synthetic_smb_fname();
(bso#14015).
+ lookup_name: Allow own domain lookup when flags == 0;
(bso#14091).
+ s4 librpc rpc pyrpc: Ensure tevent_context deleted last;
(bso#13932).
+ DEBUGC and DEBUGADDC doesn't print into a class specific log
file; (bso#13915).
+ Request to keep deprecated option "server schannel",
VMWare Quickprep requires "auto"; (bso#13949).
+ dbcheck: Fallback to the default tombstoneLifetime of 180 days;
(bso#13967).
+ dnsProperty fails to decode values from older Windows versions;
(bso#13969).
+ samba-tool: Use only one LDAP modify for dns partition fsmo
OBS-URL: https://build.opensuse.org/request/show/727708
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=619
- Update to samba-4.10.2:
+ CVE-2019-3870 (World writable files in
Samba AD DC private/ dir); (bso#13834).
+ CVE-2019-3880 (Save registry file outside share as
unprivileged user); (bso#13851).
+ py/kcc_utils: py2.6 compatibility; (bso#13837).
+ libcli: permit larger values of DataLength in
SMB2_ENCRYPTION_CAPABILITIES of negotiate response;
(bso#13869).
+ regfio: Improve handling of malformed registry hive files;
(bso#13840).
+ ctdb-version: Simplify version string usage; (bso#13789).
+ lib: Make fd_load work for non-regular files; (bso#13859).
+ dbcheck: in the middle of the tombstone garbage collection
causes replication failures,
dbcheck: add --selftest-check-expired-tombstones cmdline
option; (bso#13816).
+ ndr_spoolss_buf: Fix out of scope use of stack variable in
NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818).
+ s4/messaging: Fix undefined reference in linking
libMESSAGING-samba4.so; (bso#13854).
+ acl_read: Fix regression for empty lists; (bso#13836).
+ s4:dlz make b9_has_soa check dc=@ node; (bso#13841).
+ s3:client: Fix printing via smbspool backend with kerberos
auth; (bso#13832).
+ s4:librpc: Fix installation of Samba; (bso#13847).
+ s3:lib: Fix the debug message for adding cache entries;
(bso#13848).
+ s3:utils: Add 'smbstatus -L --resolve-uids' to show username;
(bso#13793).
+ s3:lib: Fix the debug message for adding cache entries;
(bso#13848).
+ s3:waf: Fix the detection of makdev() macro on Linux;
(bso#13853).
* ctdb-build: Drop creation of .distversion in tarball;
(bso#13789).
* ctdb-packaging: Test package requires tcpdump, ctdb package
should not own system library directory; (bso#13838).
- Update to samba-4.10.1:
+ py/kcc_utils: py2.6 compatibility; (bso#13837);
+ libcli: permit larger values of DataLength in
SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869);
+ regfio: Improve handling of malformed registry hive files; (bso#13840);
+ ctdb-version: Simplify version string usage; (bso#13789);
+ lib: Make fd_load work for non-regular files; (bso#13859);
+ dbcheck in the middle of the tombstone garbage collection causes
replication failures, dbcheck: add --selftest-check-expired-tombstones
cmdline option; (bso#13816);
+ ndr_spoolss_buf: Fix out of scope use of stack variable in
NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818);
+ s4/messaging: Fix undefined reference in linking
libMESSAGING-samba4.so; (bso#13854);
+ acl_read: Fix regression for empty lists; (bso#13836);
+ s4:dlz make b9_has_soa check dc=@ node; (bso#13841);
+ s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832);
+ s4:librpc: Fix installation of Samba; (bso#13847);
+ s3:lib: Fix the debug message for adding cache entries; (bso#13848);
+ s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793);
+ s3:lib: Fix the debug message for adding cache entries; (bso#13848);
+ s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853);
+ ctdb-build: Drop creation of .distversion in tarball; (bso#13789);
+ ctdb-packaging: Test package requires tcpdump, ctdb package
should not own system library directory; (bso#13838);
- Update to samba-4.10.0:
+ s4-server: Open and close a transaction on sam.ldb at startup; (bso#13760);
+ access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
+ s4/scripting/bin: Open unicode files with utf8 encoding and write
+ unicode string.
+ sambaundoguididx: Use the right escaped oder unescaped sam ldb
files; (bso#13759);
+ Fix idmap cache pollution with S-1-22- IDs on winbind hickup; (bso#13813);
+ passdb: Update ABI to 0.27.2.
+ lib/winbind_util: Add winbind_xid_to_sid for --without-winbind; (bso#13813);
+ lib:util: Move debug message for mkdir failing to log level 1; (bso#13823);
OBS-URL: https://build.opensuse.org/request/show/696786
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=615
- Fix update-apparmor-samba-profile script after apparmor switched
to using named profiles. The change is backwards compatible;
(bsc#1126377);
- LoadParm().load_default() fails with "Unable to load default file";
(bsc#1089758);
- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=614
- Update to samba-4.9.4
+ libcli/smb: Don't overwrite status code; (bso#9175).
+ wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164).
+ Session setup reauth fails to sign response; (bso#13661).
+ vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677).
+ vfs_shadow_copy2: Nicely deal with attempts to open previous
version for writing; (bso#13688).
+ Restoring previous version of stream with vfs_shadow_copy2 fails
with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455).
+ CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571).
+ s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708)
+ PEP8: fix E231: missing whitespace after ','.
+ winbindd: Fix crash when taking profiles;(bso#13629)
+ CVE-2018-14629 dns: Fix CNAME loop prevention using counter
regression; (bso#13600)
+ 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686).
+ CVE-2018-16853: Do not segfault if client is not set; (bso#13571).
+ lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679)
+ ctdb-daemon: Exit with error if a database directory does not
exist; (bso#13696).
+ s3:libads: Add net ads leave keep-account option; (bso#13498).
- Drop more %if..%endif guards which are idempotent.
- Drop requires on ldconfig which are already auto-discovered.
- Do not ignore errors from useradd/groupadd.
OBS-URL: https://build.opensuse.org/request/show/664132
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=612
- Update to samba-4.9.3
+ CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD
Internal DNS server; (bso#13600); (bsc#1116319);
+ CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628);
(bsc#1116320);
+ CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server;
(bso#13674); (bsc#1116322);
+ CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers;
(bso#13669); (bsc#1116321);
+ CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported); (bso#13678); (bsc#1116324);
+ CVE-2018-16857: Bad password count in AD DC not always effective;
window; (bso#13683); (bsc#1116323);
- Update to samba-4.9.2
+ dsdb: Add comments explaining the limitations of our current backlink
behaviour; (bso#13418);
+ Fix problems running domain backups (handling SMBv2, sites); (bso#13621);
+ testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3;
(bso#13465);
+ Make vfs_fruit able to cleanup AppleDouble files; (bso#13642);
+ File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646);
+ Enabling vfs_fruit looses FinderInfo; (bso#13649);
+ Cancelling of SMB2 aio reads and writes returns wrong error
NT_STATUS_INTERNAL_ERROR; (bso#13667);
+ Fix CTDB recovery record resurrection from inactive nodes and simplify
vacuuming; (bso#13641);
+ examples: Fix the smb2mount build; (bso#13465);
+ libtevent: Fix build due to missing open_memstream on Illiumos;
(bso#13629);
+ winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662);
+ dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path;
(bso#13653);
+ Extended DN SID component missing for member after switching group
membership; (bso#13418);
+ Return STATUS_SESSION_EXPIRED error encrypted, if the request was
encrypted; (bso#13624);
+ python: Allow forced signing via smb.SMB(); (bso#13621);
+ lib:socket: If returning early, set ifaces; (bso#13665);
+ ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8
encoded unicode; (bso#13616);
+ smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute;
(bso#13673);
+ waf: Add -fstack-clash-protection; (bso#13601);
+ winbind: Fix segfault if an invalid passdb backend is configured;
(bso#13668);
+ Fix bugs in CTDB event handling; (bso#13659);
+ Misbehaving nodes are sometimes not banned; (bso#13670);
OBS-URL: https://build.opensuse.org/request/show/652450
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=608
- Update to samba-4.9.0
+ samba_dnsupdate: Honor 'dns zone scavenging' option, only update if
needed; (bso#13605);
+ wafsamba: Fix 'make -j<jobs>'; (bso#13606);
- Update to samba-4.9.0rc5
+ s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only
returns absolute pathnames; (bso#13565);
+ s3: util: Do not take over stderr when there is no log file; (bso#13578);
+ Durable Reconnect fails because cookie.allow_reconnect is not
set; (bso#13549);
+ krb5-samba: Interdomain trust uses different salt principal; (bso#13539);
+ vfs_fruit: Don't unlink the main file; (bso#13441);
+ smbd: Fix a memleak in async search ask sharemode; (bso#13602);
+ Fix Samba GPO issue when Trust is enabled; (bso#11517);
+ samba-tool: Add "virtualKerberosSalt" attribute to
'user getpassword/syncpasswords'; (bso#13539);
+ Fix CTDB configuration issues; (bso#13589);
+ ctdbd logs an error until it can successfully connect to
eventd; (bso#13592);
- Update to samba-4.9.0rc4
+ s3: smbd: Ensure get_real_filename() copes with empty
pathnames; (bso#13585);
+ samba domain backup online/rename commands force user to specify
password on CLI; (bso#13566);
+ wafsamba/samba_abi: Always hide ABI symbols which must be
local; (bso#13579);
+ Fix a panic if fruit_access_check detects a locking conflict; (bso#13584);
+ Fix memory and resource leaks; (bso#13567);
+ python: Fix print in dns_invalid.py; (bso#13580);
+ Aliasing issue causes incorrect IPv6 checksum; (bso#13588);
+ Fix CTDB configuration issues; (bso#13589);
+ s3: vfs: time_audit: fix handling of token_blob in
smb_time_audit_offload_read_recv(); (bso#13568);
- Update to samba-4.9.0rc3+git.22.3fff23ae36e
+ CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
returns from malicious servers; (bso#13453);
+ CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query
with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374);
+ CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
not servicePrincipalName is set on a user; (bso#13552);
+ CVE-2018-10919: acl_read: Fix unauthorized attribute access via
searches; (bso#13434);
+ ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540);
+ CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
is disabled via "ntlm auth"; (bso#13360);
+ s3-tldap: do not install test_tldap; (bso#13529);
+ ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540);
+ CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
ltdb_index_dn_attr(); (bso#13374);
+ ctdb-eventd: Fix CID 1438155; (bso#13554);
+ Fix CIDs 1438243, (Unchecked return value) 1438244
(Unsigned compared against 0), 1438245 (Dereference before null check) and
1438246 (Unchecked return value); (bso#13553);
+ ctdb: Fix a cut&paste error; (bso#13554);
+ systemd: Only start smb when network interfaces are up; (bso#13559);
+ Fix quotas don't work with SMB2; (bso#13553);
+ s3/smbd: Ensure quota code is only called when quota support
detected; (bso#13563);
+ s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204);
+ s3:waf: Install eventlogadm to /usr/sbin; (bso#13561);
+ Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);
- Update to samba-4.9.0rc2+git.21.a1069afb007
+ s3: smbd: Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537);
+ s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check();
(bso#13535);
+ samba-tool trust: Support discovery via netr_GetDcName; (bso#13538);
+ s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542);
+ Fix portability issues on freebsd; (bso#13520);
+ DNS wildcard search does not handle multiple labels correctly; (bso#13536);
+ samba-tool domain trust: Fix trust compatibility to Windows
Server 1709 and FreeIPA; (bso#13308);
+ Fix portability issues on freebsd; (bso#13520);
+ ctdb-protocol: Fix CTDB compilation issues; (bso#13545);
+ ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT
option; (bso#13546);
+ ctdb-doc: Provide an example script for migrating old
configuration; (bso#13550);
+ ctdb-event: Implement event tool "script list" command; (bso#13551);
OBS-URL: https://build.opensuse.org/request/show/635794
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=602
- Update to samba-4.8.4+git.37.a7a861d7982;
+ CVE-2018-1139: Weak authentication protocol allowed;
(bsc#1095048); (bsc#13360);
+ CVE-2018-1140: Denial of Service Attack on DNS and LDAP server;
(bsc#1095056); (bso#13466); (bso#13374);
+ CVE-2018-10858: Insufficient input validation on client directory
listing in libsmbclient; (bsc#1103411); (bso#13453);
+ CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server;
(bsc#1103414); (bso#13552);
+ CVE-2018-10919: Confidential attribute disclosure from the AD
LDAP server; (bsc#1095057); (bso#13434);
+ s3:winbind: winbind normalize names' doesn't work for users;
(bso#12851);
+ winbind: Fix UPN handling in canonicalize_username(); (bso#13369);
+ s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428);
+ samdb: Fix building Samba with gcc 8.1; (bso#13437);
+ s3:utils: Do not segfault on error in DoDNSUpdate(); (bso#13440);
+ smbd: Flush dfree memcache on service reload; (bso#13446);
+ ldb: Save a copy of the index result before calling the
+ lib/util: No Backtrace given by Samba's AD DC by default;
(bso#13454).
+ s3: smbd: printing: Re-implement delete-on-close semantics for
print files missing since 3.5.x; (bso#13457).
+ python: Fix talloc frame use in make_simple_acl(); (bso#13474).
+ krb5_wrap: Fix keep_old_entries logic for older Kerberos
libraries;(bso#13478).
+ krb5_plugin: Add winbind localauth plugin for MIT Kerberos;
(bso#13480).
OBS-URL: https://build.opensuse.org/request/show/629523
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=600
- Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is
required by some client libs; (bsc#1074135);
- Update to 4.8.1; (bsc#1091179);
+ s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error,
we don't own it here; (bso#13244);
+ s3: smbd: Fix possible directory fd leak if the underlying OS doesn't
support fdopendir(); (bso#13270);
+ Round-tripping ACL get/set through vfs_fruit will increase the number of
ACE entries without limit; (bso#13319);
+ s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit
issues; (bso#13347);
+ s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without
delete access; (bso#13358);
+ s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372);
+ s3: smbd: Unix extensions attempts to change wrong field in fchown call;
(bso#13375);
+ ms_schema/samba-tool visualize: Fix python2.6 incompatibility;
(bso#13337);
+ Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352);
+ Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
+ winbindd: Recover loss of netlogon secure channel in case the peer DC is
rebooted; (bso#13332);
+ s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363);
+ ctdb-client: Fix bugs in client code; (bso#13356);
+ ctdb-scripts: Drop "net serverid wipe" from 50.samba event script;
(bso#13359);
+ s3: lib: messages: Don't use the result of sec_init() before calling
sec_init(); (bso#13368);
+ libads: Fix the build '--without-ads'; (bso#13273);
+ winbind: Keep "force_reauth" in invalidate_cm_connection, add
'smbcontrol disconnect-dc'; (bso#13332);
+ vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343);
+ dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367);
+ rpc_server: Fix core dump in dfsgetinfo; (bso#13370);
+ smbclient: Fix notify; (bso#13382);
+ Fix smbd panic if the client-supplied channel sequence number wraps;
(bso#13215);
+ Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
+ lib/util: Remove unused '#include <sys/syscall.h>' from tests/tfork.c;
(bso#13342);
+ Fix build errors with cc from developerstudio 12.5 on Solaris;
(bso#13343);
+ Fix the picky-developer build on FreeBSD 11; (bso#13344);
+ s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345);
+ s3:smbd: map nterror on smb2_flush errorpath; (bso#13338);
+ lib:replace: Fix linking when libtirpc-devel overwrites system headers;
(bso#13341);
+ winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid
query; (bso#13312);
+ s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376);
+ Allow AESNI to be used on all processor supporting AESNI; (bso#13302);
OBS-URL: https://build.opensuse.org/request/show/603033
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=597
- Update to 4.7.5; (bsc#1080545);
+ smbd tries to release not leased oplock during oplock II downgrade;
(bso#13193);
+ Fix copying file with empty FinderInfo from Windows client to Samba share
with fruit; (bso#13181);
+ build: Deal with recent glibc sunrpc header removal; (bso#10976);
+ Make Samba work with tirpc and libnsl2; (bso#13238);
+ vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208);
(bsc#1075206);
+ Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
(bso#12986);
+ ctdb-recovery-helper: Deregister message handler in error paths;
(bso#13188);
+ samba: Only use async signal-safe functions in signal handler; (bso#13240);
+ Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
(bso#12986);
+ repl_meta_data: Fix linked attribute corruption on databases
with unsorted links on expunge. dbcheck: Add functionality to fix the
corrupt database; (bso#13228);
+ Fix smbd panic when chdir returns error during exit; (bso#13189);
+ Make Samba work with tirpc and libnsl2; (bso#13238);
+ Fix POSIX ACL support on HPUX and possibly other big-endian OSs;
(bso#13176);
- Update to 4.7.4; (bsc#1080545);
+ s3: smbclient: Implement 'volume' command over SMB2; (bso#13140);
+ s3: libsmb: Fix valgrind read-after-free error in
cli_smb2_close_fnum_recv(); (bso#13171);
+ s3: libsmb: Fix reversing of oldname/newname paths when creating a
reparse point symlink on Windows from smbclient; (bso#13172);
+ Build man page for vfs_zfsacl.8 with Samba; (bso#12934);
+ repl_meta_data: Allow delete of an object with dangling backlinks;
(bso#13095);
+ s4:samba: Fix default to be running samba as a deamon; (bso#13129);
+ Performance regression in DNS server with introduction of DNS wildcard,
ldb: Release 1.2.3; (bso#13191);
+ vfs_zfsacl: Fix compilation error; (bso#6133);
+ "smb encrypt" setting changes are not fully applied until full smbd
restart; (bso#13051);
+ winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052);
+ vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155);
+ winbindd: Dependency on trusted-domain list in winbindd in critical auth
codepath; (bso#13173);
+ repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120);
+ ctdb: sock_daemon leaks memory; (bso#13153);
+ TCP tickles not getting synchronised on CTDB restart; (bso#13154);
+ winbindd: winbind parent and child share a ctdb connection; (bso#13150);
+ pthreadpool: Fix deadlock; (bso#13170);
+ pthreadpool: Fix starvation after fork; (bso#13179);
+ messaging: Always register the unique id; (bso#13180);
+ s4/smbd: set the process group; (bso#13129);
+ Fix broken linked attribute handling; (bso#13095);
+ The KDC on an RWDC doesn't send error replies in some situations;
(bso#13132);
+ libnet_join: Fix 'net rpc oldjoin'; (bso#13149);
+ g_lock conflict detection broken when processing stale entries;
(bso#13195);
+ s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired
sessions; (bso#13197);
+ s3:libads: net ads keytab list fails with "Key table name malformed";
(bso#13166); (bsc#1067700);
+ Fix crash in pthreadpool thread after failure from pthread_create;
(bso#13170);
+ s4:samba: Allow samba daemon to run in foreground; (bso#13129);
(bsc#1065551);
+ third_party: Link the aesni-intel library with "-z noexecstack";
(bso#13174);
+ vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I"
options; (bso#13125);
OBS-URL: https://build.opensuse.org/request/show/575830
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=581
- smbc_opendir should not return EEXIST with invalid login credentials;
(bnc#1065868).
- Update to 4.7.3; (bsc#1069666);
+ Non-smbd processes using kernel oplocks can hang smbd;
(bso#13121);
+ python: use communicate to fix Popen deadlock; (bso#13127);
+ smbd on disk file corruption bug under heavy threaded load;
(bso#13130);
+ tevent: version 0.9.34; (bso#13130);
+ s3: smbd: Fix delete-on-close after smb2_find; (bso#13118);
+ CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug;
(bsc#1060427);(bso#13041);
+ CVE-2017-15275: s3: smbd: Chain code can return uninitialized
memory when talloc buffer is grown; (bsc#1063008); (bso#13077);
- Build with AD DC support only in openSUSE.
OBS-URL: https://build.opensuse.org/request/show/546497
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=579
- Run all daemons in the foreground and let systemd handle it; (bsc#1065551).
- Update to 4.7.1;
+ Fix exporting subdirs with shadow_copy2; (bso#13091);
+ Currently if getwd() fails after a chdir(), we panic; (bso#13027);
+ Ensure default SMB_VFS_GETWD() call can't return a partially completed
struct smb_filename; (bso#13068);
+ sys_getwd() can leak memory or possibly return the wrong errno on older
systems; (bso#13069);
+ smbclient doesn't correctly canonicalize all local names before use;
(bso#13093);
+ Fix broken linked attribute handling; (bso#13095);
+ Missing LDAP query escapes in DNS rpc server; (bso#12994);
+ Link to -lbsd when building replace.c by hand; (bso#13087);
+ Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem;
(bso#6133);
+ Map SYNCHRONIZE acl permission statically in zfs_acl vfs module;
(bso#7909);
+ Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module;
(bso#7933);
+ Missing assignment in sl_pack_float; (bso#12991);
+ Wrong Samba access checks when changing DOS attributes; (bso#12995);
+ samba_runcmd_send() leaves zombie processes on timeout; (bso#13062);
+ groupmap cleanup should not delete BUILTIN mappings; (bso#13065);
+ Enabling vfs_fruit results in loss of Finder tags and other xattrs;
(bso#13076);
+ man pages: Properly ident lists; (bso#9613);
+ smb.conf.5: Sort parameters alphabetically; (bso#13081);
+ Fix GUID string format on GetPrinter info; (bso#12993);
+ Remote serverid check doesn't check for the unique id; (bso#13042);
+ CTDB starts consuming memory if there are dead nodes in the cluster;
(bso#13056);
+ ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070);
+ libgpo doesn't sort the GPOs in the correct order; (bso#13046);
+ Remote serverid check doesn't check for the unique id; (bso#13042);
+ vfs_catia: Fix a potential memleak; (bso#13090);
+ Fix file change notification for renames; (bso#12903);
+ Samba DNS server does not honour wildcards; (bso#12952);
+ Can't change password in samba from a Windows client if Samba runs on
IPv6 only interface; (bso#13079);
+ vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086);
+ Apple client can't cope with SMB2 async replies when creating symlinks;
(bso#13047);
+ s4:rpc_server:backupkey: Move variable into scope; (bso#12959);
+ Fix ntstatus_gen.h generation on 32bit; (bso#13099);
+ Fix a double free in vfs_gluster_getwd(); (bso#13100);
+ Fix resouce leaks and pointer issues; (bso#13101);
+ vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);
OBS-URL: https://build.opensuse.org/request/show/539834
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=576
- Update to 4.7.0;
+ Whole DB read locks: Improved LDAP and replication consistency;
(bso#12858).
+ Samba AD with MIT Kerberos
+ Dynamic RPC port range: Default range changed from "1024-1300" to
"49152-65535".
+ Authentication and Authorization audit support: New auth_audit debug
class.
+ Multi-process LDAP Server: The LDAP server in the AD DC now honours
the process model used for the rest of the 'samba' process.
+ Improved Read-Only Domain Controller (RODC) Support; (bso#12977).
+ Additional password hashes stored in supplementalCredentials.
+ Improvements to DNS during Active Directory domain join.
+ Significant AD performance and replication improvements.
+ Query record for open file or directory.
+ Removal of lpcfg_register_defaults_hook().
+ Change of loadable module interface.
+ SHA256 LDAPS Certificates: The self-signed certificate generated for use
on LDAPS will now be generated with a SHA256 self-signature, not a SHA1
self-signature.
+ CTDB no longer allows mixed minor versions in a cluster.
+ CTDB now ignores hints from Samba about TDB flags when attaching to
databases.
+ New configuration variable CTDB_NFS_CHECKS_DIR.
+ The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed.
+ The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed.
+ The example NFS Ganesha call-out has been improved.
+ A new "replicated" database type is available.
OBS-URL: https://build.opensuse.org/request/show/532129
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=573