Commit Graph

19 Commits

Author SHA256 Message Date
Noel Power
201da9bbd6 OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=690 2024-05-20 09:09:01 +00:00
39c3d44183 Accepting request 1114416 from home:npower:branches:network:samba:STABLE
- Update to 4.19.0
  * File doesn't show when user doesn't have permission if
    aio_pthread is loaded; (bso#15453).
  * ctdb_killtcp fails to work with --enable-pcap and libpcap ≥
    1.9.1; (bso#15451).
  * Logging to stdout/stderr with DEBUG_SYSLOG_FORMAT_ALWAYS can
    log to syslog; (bso#15460).
  * ‘samba-tool domain level raise’ fails unless given a URL;
    (bso#15458).
  * reply_sesssetup_and_X() can dereference uninitialized tmp
    pointer; (bso#15420).
  * missing return in reply_exit_done(); (bso#15430).
  * TREE_CONNECT without SETUP causes smbd to use uninitialized
    pointer; (bso#15432).
  * Avoid infinite loop in initial user sync with Azure AD
    Connect when synchronising a large Samba AD domain;
    (bso#15401).
  * Samba replication logs show (null) DN; (bso#15407).
  * 2-3min delays at reconnect with
    smb2_validate_sequence_number: bad message_id 2; (bso#15346).
  * DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed;
    (bso#15446).
  * CID 1539212 causes real issue when output contains only
    newlines; (bso#15438).
  * KDC encodes INT64 claims incorrectly; (bso#15452).
  * mdssvc: Do an early talloc_free() in _mdssvc_open();
    (bso#15449).
  * Windows client join fails if a second container CN=System
    exists somewhere; (bso#9959).
  * regression DFS not working with widelinks = true;

OBS-URL: https://build.opensuse.org/request/show/1114416
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=684
2023-10-04 15:10:51 +00:00
Noel Power
d4d26d5657 OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=678 2023-03-20 10:00:12 +00:00
e8347df805 Accepting request 1006436 from home:npower:update_samba
- Disable SMB1 for tumbleweed builds.

- Update to 4.17.0
  * acl_xattr VFS module may unintentionally use filesystem
    permissions instead of ACL from xattr; (bso#15126).
  * Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1;
    (bso#15153).
  * assert failed: !is_named_stream(smb_fname)") at
    ../../lib/util/fault.c:197; (bso#15161).
  * acl_xattr VFS module may unintentionally use filesystem
    permissions instead of ACL from xattr; (bso#15126).
  * assert failed: !is_named_stream(smb_fname)") at
    ../../lib/util/fault.c:197; (bso#15161).
  * Cross-node multi-channel reconnects result in SMB2 Negotiate
    returning NT_STATUS_NOT_SUPPORTED; (bso#15159).
  * winbind at info level debug can coredump when processing
    wb_lookupusergroups; (bso#15160).
  * Make use of glfs_*at() API calls in vfs_glusterfs;
    (bso#15157).
  * Possible use after free of connection_struct when iterating
    smbd_server_connection->connections; (bso#15128).
  * `net usershare add` fails with flag works with --long but
    fails with -l; (bso#15145).
  * acl_xattr VFS module may unintentionally use filesystem
    permissions instead of ACL from xattr; (bso#15126).
  * Performance regression on contended path based operations;
    (bso#15125).
  * Missing READ_LEASE break could cause data corruption;
    (bso#15148).
  * libsamba-errors uses a wrong version number; (bso#15141).

OBS-URL: https://build.opensuse.org/request/show/1006436
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=667
2022-09-29 14:50:35 +00:00
Noel Power
772ad07247 OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=660 2022-04-04 08:30:41 +00:00
Noel Power
5191ffffd9 OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=648 2021-09-23 10:24:07 +00:00
Noel Power
82749b63ed Accepting request 897431 from home:scabrero:branches:network:samba:STABLE
- Update to 4.14.5
  * s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success;
    (bso#14696);
  * s3: smbd: Ensure POSIX default ACL is mapped into returned Windows
    ACL for directory handles; (bso#14708);
  * s3: smbd: Fix uninitialized memory read in process_symlink_open()
    when used with vfs_shadow_copy2(); (bso#14721);
  * docs: Expand the "log level" docs on audit logging; (bso#14689);
  * smbd: Correctly initialize close timestamp fields; (bso#14714);
  * Fix gcc11 compiler issues; (bso#14699);
  * docs-xml: Update smbcacls manpage; (bso#14718);
  * docs: Update list of available commands in rpcclient; (bso#14719);
  * ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475);
  * s3:winbind: For 'security = ADS' require realm/workgroup to be set;
    (bso#14695);
  * lib:replace: Do not build strndup test with gcc 11 or newer;
    (bso#14699);

OBS-URL: https://build.opensuse.org/request/show/897431
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=645
2021-06-08 10:24:08 +00:00
44072657fd Accepting request 889509 from home:npower:samba-update
- Update to 4.14.4
  * CVE-2021-20254: Fix buffer overrun in sids_to_unixids();
    (bso#14571); (bsc#1184677).
- Update to 4.14.3
  * s3:modules:vfs_virusfilter: Recent New_VFS changes break
    vfs_virusfilter_openat; (bso#14671).
  * build: Notice if flex is missing at configure time; (bso#14586).
  * Fix smbd panic when two clients open same file; (bso#14672).
  * Fix memory leak in the RPC server; (bso#14675).
  * s3: smbd: fix deferred renames; (bso#14679).
  * s3-iremotewinspool: Set the per-request memory context;
    (bso#14675)
  * Fix memory leak in the RPC server; (bso#14675).
  * third_party: Update socket_wrapper to version 1.3.2;
    (bso#11899).
  * third_party: Update socket_wrapper to version 1.3.3;
    (bso#14640).
  * samba-gpupdate: Test that sysvol paths download in
    case-insensitive way; (bso#14665).
  * smbd: Ensure errno is preserved across fsp destructor;
    (bso#14662).
  * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
    conflict; (bso#14663).
  * build: Only add -Wl,--as-needed when supported; (bso#14288).

OBS-URL: https://build.opensuse.org/request/show/889509
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=644
2021-04-30 16:19:30 +00:00
Noel Power
04ed273b6d OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=643 2021-04-07 10:02:53 +00:00
Noel Power
eb9272c94c Accepting request 876691 from home:scabrero:branches:network:samba:STABLE
- Spec file fixes around systemd and requires; (bsc#1182830);
- Align systemd service unit files with upstream provided ones.

OBS-URL: https://build.opensuse.org/request/show/876691
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=642
2021-03-04 09:25:41 +00:00
Noel Power
0f40c9894f OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=636 2020-09-23 07:57:00 +00:00
Noel Power
ed5352ccab Accepting request 786416 from home:scabrero:branches:home:npower:update_factory_4.12.0
- ndrdump tests: Make the tests less fragile
- python/samba/gp_parse: Fix test errors with python3.8

- Starting ctdb node that was powered off hard before results
  in recovery loop; (bso#14295); (bsc#1162680).

- Update to samba 4.12.0
  + For details on all items see WHATSNEW.txt in samba-doc
    package.
  + Samba 4.12 raises this minimum version to Python
    3.5.
  + Samba now requires GnuTLS 3.4.7 to be installed.
  + New Spotlight backend for Elasticsearch.
  + Retiring DES encryption types in Kerberos. With this release,
    support for DES encryption types has been removed from
    Samba, and setting DES_ONLY flag for an account will cause
    Kerberos authentication to fail for that account (see
    RFC-6649).
  + Samba-DC: DES keys no longer saved in DB.
  + The netatalk VFS module has been removed.
  + The BIND9_FLATFILE DNS backend is deprecated in this release
    and will be removed in the future.
  + CTDB changes
    + The ctdb_mutex_fcntl_helper periodically re-checks the
      lock file.
+ Bugs
  + Retire DES encryption types in Kerberos; (bso#14202);
    bsc#(1165574).
  + dsdb: Correctly handle memory in objectclass_attrs;
    (bso#14258).

OBS-URL: https://build.opensuse.org/request/show/786416
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=627
2020-03-19 10:55:17 +00:00
af4f6d39e5 Accepting request 737886 from home:scabrero:branches:network:samba:STABLE
- Update to samba 4.11.0
  + For details on all items see WHATSNEW.txt in samba-doc
    package
  + Python2 runtime support removed; python 3.4 or later required
  + Security improvements:
    - SMB1 disabled by default
    - lanman and plaintext authentication deprecated
    - winbind: PAM_AUTH and NTLM_AUTH events logged
    - GnuTLS 3.2 required; system FIPS mode setting honored
  + CephFS Snapshot integration, exposed as previous file
    versions
  + ctdb changes:
    - onnode -o option removed
    - ctdbd logs when using more than 90% of a CPU thread
    - CTDB_MONITOR_SWAP_USAGE variable removed
  + AD Domain controller improvements:
    - Upgrade AD databse format
    - BIND9_FLATFILE deprecated
    - default process model chagned to prefork
    - bind9 dns operation duration logging
    - Default schema updated to 2012_R2; function level is
      unchanged
    - many performance improvements
  + Configuration webserver support removed

OBS-URL: https://build.opensuse.org/request/show/737886
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=621
2019-10-12 19:47:39 +00:00
ab58c6daef Accepting request 696786 from network:samba:TESTING
- Update to samba-4.10.2:
  + CVE-2019-3870 (World writable files in
    Samba AD DC private/ dir); (bso#13834).
  + CVE-2019-3880 (Save registry file outside share as
    unprivileged user); (bso#13851).
  + py/kcc_utils: py2.6 compatibility; (bso#13837).
  + libcli: permit larger values of DataLength in
    SMB2_ENCRYPTION_CAPABILITIES of negotiate response;
    (bso#13869).
  + regfio: Improve handling of malformed registry hive files;
    (bso#13840).
  + ctdb-version: Simplify version string usage; (bso#13789).
  + lib: Make fd_load work for non-regular files; (bso#13859).
  + dbcheck: in the middle of the tombstone garbage collection
    causes replication failures,
      dbcheck: add --selftest-check-expired-tombstones cmdline
      option; (bso#13816).
  + ndr_spoolss_buf: Fix out of scope use of stack variable in
    NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818).
  + s4/messaging: Fix undefined reference in linking
    libMESSAGING-samba4.so; (bso#13854).
  + acl_read: Fix regression for empty lists; (bso#13836).
  + s4:dlz make b9_has_soa check dc=@ node; (bso#13841).
  + s3:client: Fix printing via smbspool backend with kerberos
    auth; (bso#13832).
  + s4:librpc: Fix installation of Samba; (bso#13847).
  + s3:lib: Fix the debug message for adding cache entries;
    (bso#13848).
  + s3:utils: Add 'smbstatus -L --resolve-uids' to show username;
    (bso#13793).
  + s3:lib: Fix the debug message for adding cache entries;
    (bso#13848).
  + s3:waf: Fix the detection of makdev() macro on Linux;
    (bso#13853).
   * ctdb-build: Drop creation of .distversion in tarball;
     (bso#13789).
   * ctdb-packaging: Test package requires tcpdump, ctdb package
     should not own system library directory;  (bso#13838).
- Update to samba-4.10.1:
  + py/kcc_utils: py2.6 compatibility; (bso#13837);
  + libcli: permit larger values of DataLength in
     SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869);
  + regfio: Improve handling of malformed registry hive files; (bso#13840);
  + ctdb-version: Simplify version string usage; (bso#13789);
  + lib: Make fd_load work for non-regular files; (bso#13859);
  + dbcheck in the middle of the tombstone garbage collection causes
     replication failures, dbcheck: add --selftest-check-expired-tombstones
     cmdline option; (bso#13816);
  + ndr_spoolss_buf: Fix out of scope use of stack variable in
     NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818);
  + s4/messaging: Fix undefined reference in linking
     libMESSAGING-samba4.so; (bso#13854);
  + acl_read: Fix regression for empty lists; (bso#13836);
  + s4:dlz make b9_has_soa check dc=@ node; (bso#13841);
  + s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832);
  + s4:librpc: Fix installation of Samba; (bso#13847);
  + s3:lib: Fix the debug message for adding cache entries; (bso#13848);
  + s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793);
  + s3:lib: Fix the debug message for adding cache entries; (bso#13848);
  + s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853);
  + ctdb-build: Drop creation of .distversion in tarball; (bso#13789);
  + ctdb-packaging: Test package requires tcpdump, ctdb package
     should not own system library directory; (bso#13838);
- Update to samba-4.10.0:
  + s4-server: Open and close a transaction on sam.ldb at startup; (bso#13760);
  + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
  + s4/scripting/bin: Open unicode files with utf8 encoding and write
  + unicode string.
  + sambaundoguididx: Use the right escaped oder unescaped sam ldb
    files; (bso#13759);
  + Fix idmap cache pollution with S-1-22- IDs on winbind hickup; (bso#13813);
  + passdb: Update ABI to 0.27.2.
  + lib/winbind_util: Add winbind_xid_to_sid for --without-winbind; (bso#13813);
  + lib:util: Move debug message for mkdir failing to log level 1; (bso#13823);

OBS-URL: https://build.opensuse.org/request/show/696786
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=615
2019-04-22 17:11:02 +00:00
445e8eaa57 Accepting request 635794 from home:dmulder:branches:network:samba:STABLE:4.9
- Update to samba-4.9.0
  + samba_dnsupdate: Honor 'dns zone scavenging' option, only update if
    needed; (bso#13605);
  + wafsamba: Fix 'make -j<jobs>'; (bso#13606);
- Update to samba-4.9.0rc5
  + s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only
    returns absolute pathnames; (bso#13565);
  + s3: util: Do not take over stderr when there is no log file; (bso#13578);
  + Durable Reconnect fails because cookie.allow_reconnect is not
    set; (bso#13549);
  + krb5-samba: Interdomain trust uses different salt principal; (bso#13539);
  + vfs_fruit: Don't unlink the main file; (bso#13441);
  + smbd: Fix a memleak in async search ask sharemode; (bso#13602);
  + Fix Samba GPO issue when Trust is enabled; (bso#11517);
  + samba-tool: Add "virtualKerberosSalt" attribute to
    'user getpassword/syncpasswords'; (bso#13539);
  + Fix CTDB configuration issues; (bso#13589);
  + ctdbd logs an error until it can successfully connect to
    eventd; (bso#13592);
- Update to samba-4.9.0rc4
  + s3: smbd: Ensure get_real_filename() copes with empty
    pathnames; (bso#13585);
  + samba domain backup online/rename commands force user to specify
    password on CLI; (bso#13566);
  + wafsamba/samba_abi: Always hide ABI symbols which must be
    local; (bso#13579);
  + Fix a panic if fruit_access_check detects a locking conflict; (bso#13584);
  + Fix memory and resource leaks; (bso#13567);
  + python: Fix print in dns_invalid.py; (bso#13580);
  + Aliasing issue causes incorrect IPv6 checksum; (bso#13588);
  + Fix CTDB configuration issues; (bso#13589);
  + s3: vfs: time_audit: fix handling of token_blob in
    smb_time_audit_offload_read_recv(); (bso#13568);
- Update to samba-4.9.0rc3+git.22.3fff23ae36e
  + CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
    returns from malicious servers; (bso#13453);
  + CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query
    with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374);
  + CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
    not servicePrincipalName is set on a user; (bso#13552);
  + CVE-2018-10919: acl_read: Fix unauthorized attribute access via
    searches; (bso#13434);
  + ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540);
  + CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
    is disabled via "ntlm auth"; (bso#13360);
  + s3-tldap: do not install test_tldap; (bso#13529);
  + ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540);
  + CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
    ltdb_index_dn_attr(); (bso#13374);
  + ctdb-eventd: Fix CID 1438155; (bso#13554);
  + Fix CIDs 1438243, (Unchecked return value) 1438244
    (Unsigned compared against 0), 1438245 (Dereference before null check) and
    1438246 (Unchecked return value); (bso#13553);
  + ctdb: Fix a cut&paste error; (bso#13554);
  + systemd: Only start smb when network interfaces are up; (bso#13559);
  + Fix quotas don't work with SMB2; (bso#13553);
  + s3/smbd: Ensure quota code is only called when quota support
    detected; (bso#13563);
  + s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204);
  + s3:waf: Install eventlogadm to /usr/sbin; (bso#13561);
  + Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);
- Update to samba-4.9.0rc2+git.21.a1069afb007
  + s3: smbd:  Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537);
  + s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check();
    (bso#13535);
  + samba-tool trust: Support discovery via netr_GetDcName; (bso#13538);
  + s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542);
  + Fix portability issues on freebsd; (bso#13520);
  + DNS wildcard search does not handle multiple labels correctly; (bso#13536);
  + samba-tool domain trust: Fix trust compatibility to Windows
    Server 1709 and FreeIPA; (bso#13308);
  + Fix portability issues on freebsd; (bso#13520);
  + ctdb-protocol: Fix CTDB compilation issues; (bso#13545);
  + ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT
    option; (bso#13546);
  + ctdb-doc: Provide an example script for migrating old
    configuration; (bso#13550);
  + ctdb-event: Implement event tool "script list" command; (bso#13551);

OBS-URL: https://build.opensuse.org/request/show/635794
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=602
2018-09-25 07:15:30 +00:00
d020619cba Accepting request 588506 from home:jmcdough:4-8-factory
Update to latest upstream release 4.8.0

OBS-URL: https://build.opensuse.org/request/show/588506
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=587
2018-03-19 11:30:22 +00:00
Aurelien Aptel
3514726402 Accepting request 532129 from home:scabrero:branches:network:samba:STABLE
- Update to 4.7.0;
  + Whole DB read locks: Improved LDAP and replication consistency;
    (bso#12858).
  + Samba AD with MIT Kerberos
  + Dynamic RPC port range: Default range changed from "1024-1300" to
    "49152-65535".
  + Authentication and Authorization audit support: New auth_audit debug
    class.
  + Multi-process LDAP Server: The LDAP server in the AD DC now honours
    the process model used for the rest of the 'samba' process.
  + Improved Read-Only Domain Controller (RODC) Support; (bso#12977).
  + Additional password hashes stored in supplementalCredentials.
  + Improvements to DNS during Active Directory domain join.
  + Significant AD performance and replication improvements.
  + Query record for open file or directory.
  + Removal of lpcfg_register_defaults_hook().
  + Change of loadable module interface.
  + SHA256 LDAPS Certificates: The self-signed certificate generated for use
    on LDAPS will now be generated with a SHA256 self-signature, not a SHA1
    self-signature.
  + CTDB no longer allows mixed minor versions in a cluster.
  + CTDB now ignores hints from Samba about TDB flags when attaching to
    databases.
  + New configuration variable CTDB_NFS_CHECKS_DIR.
  + The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed.
  + The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed.
  + The example NFS Ganesha call-out has been improved.
  + A new "replicated" database type is available.

OBS-URL: https://build.opensuse.org/request/show/532129
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=573
2017-10-11 16:43:10 +00:00
Noel Power
3bd36433a1 Accepting request 491060 from home:dmdiss:samba_stable_git_migration_v2
- Update to 4.6.3; (bsc#1036011)

- Generate and update vendor-files tarball from Git
  + SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416).

OBS-URL: https://build.opensuse.org/request/show/491060
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=560
2017-04-26 09:40:57 +00:00
Aurelien Aptel
3c207d7687 Accepting request 489392 from home:dmdiss:samba_stable_git_migration_v2
- Generate source tarball directly from Git using OBS tar_scm
  + use version string derived from parent Git tag and commit hash
    - remove obsolete vendor-files/tools/package-data version ID
  + explicitly generate ctdb manpages, needed without "make dist"

OBS-URL: https://build.opensuse.org/request/show/489392
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=559
2017-04-20 12:26:04 +00:00