Commit Graph

800 Commits

Author SHA256 Message Date
Dominique Leuenberger
2c368aba24 Accepting request 1031263 from network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/1031263
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=287
2022-10-27 11:52:20 +00:00
6b07c44613 Accepting request 1031207 from home:npower:branches:network:samba:STABLE
- Update to 4.17.2
  * CVE-2022-3592 [SECURITY] samba: Wide links protection broken;
    (bso#15207); (bsc#1204499).
  * CVE-2022-3437 [SECURITY] samba: Buffer overflow in Heimdal
    unwrap_des3();(bso#15134); (bsc#1204254).

OBS-URL: https://build.opensuse.org/request/show/1031207
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=670
2022-10-26 06:54:53 +00:00
Dominique Leuenberger
d27978c45b Accepting request 1030329 from network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/1030329
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=286
2022-10-22 12:12:23 +00:00
Noel Power
ec3e5cb374 Accepting request 1030308 from home:scabrero:branches:network:samba:STABLE
- Update to 4.17.1
  * CVE-2021-20251 [SECURITY] Bad password count not incremented
    atomically; (bso#14611).
  * smbXsrv_connection_shutdown_send result leaked; (bso#15174).
  * Flush on a named stream never completes; (bso#15182).
  * Permission denied calling SMBC_getatr when file not exists;
    (bso#15195).
  * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
    over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC;
    (bso#15189).
  * pytest: add file removal helpers for TestCaseInTempDir;
    (bso#15191).
  * CVE-2021-20251 [SECURITY] Bad password count not incremented
    atomically; (bso#14611).
  * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
    over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC;
    (bso#15189).
  * Flush on a named stream never completes; (bso#15182).
  * vfs_gpfs silently garbles timestamps > year 2106;
    (bso#15151).
  * CVE-2021-20251 [SECURITY] Bad password count not incremented
    atomically; (bso#14611).
  * multi-channel socket passing may hit a race if one of the
    involved processes already existed; (bso#15200).
  * memory leak on temporary of struct imessaging_post_state and
    struct tevent_immediate on struct imessaging_context (in
    rpcd_spoolss and maybe others); (bso#15201).
  * Since popt1.19 various use after free errors using result of
    poptGetArg are now exposed; (bso#15205); (boo#1204279).
  * Remove special case for O_CREAT in SMB_VFS_OPENAT from

OBS-URL: https://build.opensuse.org/request/show/1030308
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=669
2022-10-21 08:51:39 +00:00
Fabian Vogt
1a4628de80 Accepting request 1008206 from network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/1008206
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=285
2022-10-10 16:44:45 +00:00
bb682b8015 Accepting request 1007934 from home:npower:update_samba
remove stale archive (was causing error because archive wasn't mentioned)

OBS-URL: https://build.opensuse.org/request/show/1007934
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=668
2022-10-05 13:02:39 +00:00
e8347df805 Accepting request 1006436 from home:npower:update_samba
- Disable SMB1 for tumbleweed builds.

- Update to 4.17.0
  * acl_xattr VFS module may unintentionally use filesystem
    permissions instead of ACL from xattr; (bso#15126).
  * Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1;
    (bso#15153).
  * assert failed: !is_named_stream(smb_fname)") at
    ../../lib/util/fault.c:197; (bso#15161).
  * acl_xattr VFS module may unintentionally use filesystem
    permissions instead of ACL from xattr; (bso#15126).
  * assert failed: !is_named_stream(smb_fname)") at
    ../../lib/util/fault.c:197; (bso#15161).
  * Cross-node multi-channel reconnects result in SMB2 Negotiate
    returning NT_STATUS_NOT_SUPPORTED; (bso#15159).
  * winbind at info level debug can coredump when processing
    wb_lookupusergroups; (bso#15160).
  * Make use of glfs_*at() API calls in vfs_glusterfs;
    (bso#15157).
  * Possible use after free of connection_struct when iterating
    smbd_server_connection->connections; (bso#15128).
  * `net usershare add` fails with flag works with --long but
    fails with -l; (bso#15145).
  * acl_xattr VFS module may unintentionally use filesystem
    permissions instead of ACL from xattr; (bso#15126).
  * Performance regression on contended path based operations;
    (bso#15125).
  * Missing READ_LEASE break could cause data corruption;
    (bso#15148).
  * libsamba-errors uses a wrong version number; (bso#15141).

OBS-URL: https://build.opensuse.org/request/show/1006436
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=667
2022-09-29 14:50:35 +00:00
Dominique Leuenberger
d728626845 Accepting request 993097 from network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/993097
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=284
2022-08-05 17:50:23 +00:00
8e8c7e7ee5 Accepting request 992061 from home:scabrero:branches:network:samba:STABLE
- Update to 4.16.4
  * CVE-2022-2031: Samba AD users can bypass certain restrictions
    associated with changing passwords; (bsc#1201495); (bso#15047);
  * CVE-2022-32744: Samba AD users can forge password change
    requests for any user; (bsc#1201493); (bso#15074);
  * CVE-2022-32745: Samba AD users can crash the server process
    with an LDAP add or modify request; (bsc#1201492); (bso#15008);
  * CVE-2022-32746: Samba AD users can induce a use-after-free in
    the server process with an LDAP add or modify request;
    (bsc#1201490); (bso#15009);
  * CVE-2022-32742: Server memory information leak via SMB1;
    (bsc#1201496); (bso#15085);

- Update to 4.16.3
  * Using vfs_streams_xattr and deleting a file causes a panic;
    (bso#15099);
  * Add support for bind 9.18; (bso#14986);
  * logging dsdb audit to specific files does not work;
    (bso#15076);
  * Problem when winbind renews Kerberos; (bso#14979);
    (bsc#1196224);
  * Samba with new lorikeet-heimdal fails to build on gcc 12.1 in
    developer mode; (bso#15095);
  * Crash in streams_xattr because fsp->base_fsp->fsp_name is
    NULL; (bso#15105);
  * Crash in rpcd_classic - NULL pointer deference in
    mangle_is_mangled(); (bso#15118);
  * smbclient commands del & deltree fail with
    NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
    (bsc#1200556);

OBS-URL: https://build.opensuse.org/request/show/992061
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=666
2022-08-04 14:57:01 +00:00
Richard Brown
e61234ddb3 Accepting request 990442 from network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/990442
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=283
2022-07-22 17:20:25 +00:00
226cf1c745 Accepting request 988948 from home:scabrero:branches:network:samba:STABLE
- Update spec file to fix the optional Heimdal DC build
- Fix external trusts with MIT Kerberos 1.20
- Add missing samba-client requirement to samba-winbind package;
  (bsc#1198255);
- Move pdb backends from package samba-libs to package
  samba-client-libs and remove samba-libs requirement from
  samba-winbind; (bsc#1200964); (bsc#1198255);
- Add sysuser-shadow requirement for packages using
  systemd-sysusers
- Use the canonical realm name to refresh the Kerberos tickets;
  (bsc#1196224); (bso#14979);

- Moved logrotate files from user specific directory /etc/logrotate.d
  to vendor specific directory /usr/etc/logrotate.d.

OBS-URL: https://build.opensuse.org/request/show/988948
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=665
2022-07-20 17:27:53 +00:00
Dominique Leuenberger
4c76be7fc8 Accepting request 983456 from network:samba:STABLE
- Update to 4.16.2
  * Use pathref fd instead of io fd in vfs_default_durable_cookie;
    (bso#15042);
  * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
    file had been deleted; (bso#15069);
  * Reintroduce netgroups support; (bso#15087);
  * net ads info shows LDAP Server: 0.0.0.0 depending on contacted
    server; (bso#14674);
  * Update from 4.15  to 4.16 breaks discovery of [homes] on
    standalone server from Win and IOS; (bso#15062);
  * waf produces incorrect names for python extensions with Python
    3.11; (bso#15071);
  * smbclient -E doesn't work as advertised; (bso#15075);
  * The samba background daemon doesn't refresh the printcap cache
    on startup; (bso#15081);
  * Out-by-4 error in smbd read reply max_send clamp; (bso#14443);
- Fix samba4.blackbox.net_ads_dns_async test with bind9 >= 9.17.7
- Support building with MIT Kerberos 1.20
- Bronze bit and S4U support with MIT Kerberos 1.20 for Samba AD DC;
  (CVE-2020-17049);
- Resource Based Constrained Delegation (RBCD) for Samba AD DC
- Support building with gcc 12.1

OBS-URL: https://build.opensuse.org/request/show/983456
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=282
2022-06-18 20:05:53 +00:00
Noel Power
dc890f8a8d OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=664 2022-06-17 14:49:20 +00:00
Dominique Leuenberger
89c04139ae Accepting request 976588 from network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/976588
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=281
2022-05-14 20:52:11 +00:00
Noel Power
2549a1b85c Accepting request 976581 from home:scabrero:branches:network:samba:STABLE
- Use requires_eq macro to require the libldb2 version available at
  samba-dsdb-modules build time; (bsc#1199362);

OBS-URL: https://build.opensuse.org/request/show/976581
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=663
2022-05-12 10:39:25 +00:00
Dominique Leuenberger
3c6fbf1116 Accepting request 974677 from network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/974677
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=280
2022-05-05 21:04:33 +00:00
Noel Power
bfa78b7811 Accepting request 974674 from home:scabrero:branches:network:samba:STABLE
- Update to 4.16.1
  * Share and server swapped in smbget password prompt; (bso#14831);
  * Durable handles won't reconnect if the leased file is written to;
    (bso#15022);
  * rmdir silently fails if directory contains unreadable files and
    hide unreadable is yes; (bso#15023);
  * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information
    on renamed file handle; (bso#15038);
  * Need to describe --builtin-libraries= better (compare with
    --bundled-libraries); (bso#8731);
  * vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback;
    (bso#14957);
  * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes;
    (bso#15035);
  * PAM Kerberos authentication incorrectly fails with a clock skew
    error; (bso#15046);
  * Username map - samba erroneously applies unix group memberships
    to user account entries; (bso#15041);
  * KVNO off by 100000; (bso#14951);
  * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027);
  * vfs_gpfs recalls=no option prevents listing files; (bso#15055);
  * smbd doesn't handle UPNs for looking up names; (bso#15054);

- Update update-apparmor-samba-profile script, replace
  non-printable delimiter with more human readable separator as
  sed can accept separators that can appear in the input data.

OBS-URL: https://build.opensuse.org/request/show/974674
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=662
2022-05-03 15:12:47 +00:00
Dominique Leuenberger
e2d467bcd1 Accepting request 970232 from network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/970232
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=279
2022-04-15 22:14:05 +00:00
83caf194c9 Accepting request 970195 from home:npower:update_samba
- Fix update-apparmor-samba-profile script, sed doesn't like
  multibyte separators; (bsc#1198309).

OBS-URL: https://build.opensuse.org/request/show/970195
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=661
2022-04-14 16:42:51 +00:00
Dominique Leuenberger
5251b927bc Accepting request 966947 from network:samba:STABLE
- Update to 4.16.0
  * New samba-dcerpcd binary to provide DCERPC in the member server
    setup
  * Certificate Auto Enrollment
  * Ability to add ports to dns forwarder addresses in internal DNS
    backend
  * No longer using Linux mandatory locks for sharemodes
  * SMB1 protocol has been deprecated, particularly older dialects
  * SMB1 protocol SMBCopy command removed
  * SMB1 server-side wildcard expansion removed
- Add python3-dnspython to samba-ad-dc recommens; (bsc#1187101);
- Use systemd-sysusers to create system users; (bsc#1182847);

OBS-URL: https://build.opensuse.org/request/show/966947
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=278
2022-04-07 22:26:35 +00:00
Noel Power
772ad07247 OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=660 2022-04-04 08:30:41 +00:00
Dominique Leuenberger
b0b43c3bf5 Accepting request 950370 from network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/950370
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=277
2022-02-03 23:45:43 +00:00
ea40c395c9 Accepting request 950276 from home:npower:update_samba
- Update to 4.15.5
  * CVE-2021-44141: UNIX extensions in SMB1 disclose whether the
    outside target of a symlink exists; (bso#14911);
    (bsc#1193690).
  * CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit
    module; (bso#14914); (bsc#1194859).
  * CVE-2022-0336:  Re-adding an SPN skips subsequent SPN
    conflict checks; bso#14950); (bsc#1195048).

- CVE-2021-44141: Information leak via symlinks of existance of
  files or directories outside of the exported share; (bso#14911);
  (bsc#1193690);
- CVE-2021-44142: Out-of-bounds heap read/write vulnerability
  in VFS module vfs_fruit allows code execution; (bso#14914);
  (bsc#1194859);
- CVE-2022-0336: Samba AD users with permission to write to an
  account can impersonate arbitrary services; (bso#14950);
  (bsc#1195048);

OBS-URL: https://build.opensuse.org/request/show/950276
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=659
2022-02-01 09:16:29 +00:00
Dominique Leuenberger
b5f4fe7133 Accepting request 948369 from network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/948369
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=276
2022-01-26 20:26:37 +00:00
Noel Power
3fa268d923 Accepting request 948069 from home:scabrero:branches:network:samba:STABLE
- Update to 4.15.4
  * Duplicate SMB file_ids leading to Windows client cache
    poisoning; (bso#14928);
  * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error -
    NT_STATUS_BUFFER_TOO_SMALL; (bso#14932);
  * kill_tcp_connections does not work; (bso#14934);
  * Can't connect to Windows shares not requiring authentication
    using KDE/Gnome; (bso#14935);
  * smbclient -L doesn't set "client max protocol" to NT1 before
    calling the "Reconnecting with SMB1 for workgroup listing"
    path; (bso#14939);
  * Cross device copy of the crossrename module always fails;
    (bso#14940);
  * symlinkat function from VFS cap module always fails with an
    error; (bso#14941);
  * Fix possible fsp pointer deference; (bso#14942);
  * Missing pop_sec_ctx() in error path inside close_directory();
    (bso#14944);
  * "smbd --build-options" no longer works without an smb.conf file;
    (bso#14945);

OBS-URL: https://build.opensuse.org/request/show/948069
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=658
2022-01-24 10:37:27 +00:00
Dominique Leuenberger
b6df884563 Accepting request 947217 from network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/947217
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=275
2022-01-22 07:17:50 +00:00
f2db233692 Accepting request 947215 from home:scabrero:branches:network:samba:STABLE
- Use pkgconfig(krb5) as dependency for the -devel package: allow
  OBS to pick the right flavor of krb5-devel (full vs mini).
- Do not require the 'krb5' symbol by samba-client-libs: this
  package has an automatic dependency due to linkage on
  libgssapi_krb5.so.2. Automatic deps are always better.
- Do not require the 'krb5' symbol from samba-libs: samba-libs
  requires samba-client-libs, which in turn requires krb5
  libraries. Samba-libs itself has no need for krb5 (but get it
  indirectly anyway).

OBS-URL: https://build.opensuse.org/request/show/947215
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=657
2022-01-18 12:53:25 +00:00
da1b1cf876 Accepting request 946238 from home:scabrero:branches:network:samba:STABLE
- Update the symlink create by samba-dsdb-modules to private samba
  ldb modules following libldb2 changes from /usr/lib64/ldb/samba to
  /usr/lib64/ldb2/modules/ldb/samba

OBS-URL: https://build.opensuse.org/request/show/946238
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=656
2022-01-13 22:57:16 +00:00
afdbfb9c5b Accepting request 945635 from home:scabrero:branches:network:samba:STABLE
- Reorganize libs packages. Split samba-libs into samba-client-libs,
  samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba
  public libraries depending on internal samba libraries into these
  packages as there were dependency problems everytime one of these
  public libraries changed its version (bsc#1192684). The devel
  packages are merged into samba-devel.
- Rename package samba-core-devel to samba-devel
- Add python-rpm-macros to build requirements

OBS-URL: https://build.opensuse.org/request/show/945635
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=655
2022-01-11 18:29:37 +00:00
9f8605fecb Accepting request 939491 from home:scabrero:branches:network:samba:STABLE
- Update to 4.15.3
  * Recursive directory delete with veto files is broken in 4.15.0;
    (bso#14878);
  * A directory containing dangling symlinks cannot be deleted by
    SMB2 alone when they are the only entry in the directory;
    (bso#14879);
  * SIGSEGV in rmdir_internals/synthetic_pathref - dirfsp is used
    uninitialized in rmdir_internals(); (bso#14892);
  * MaxQueryDuration not honoured in Samba AD DC LDAP; (bso#14694);
  * The CVE-2020-25717 username map [script] advice has undesired
    side effects for the local nt token; (bso#14901); (bsc#1192849);
  * User with multiple spaces (eg Fred<space><space>Nurk) become
    un-deletable; (bso#14902);
  * Avoid storing NTTIME_THAW (-2) as value on disk; (bso#14127);
  * smbXsrv_client_global record validation leads to crash if existing
    record points at non-existing process; (bso#14882);
  * Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call;
    (bso#14890);
  * Samba process doesn't log to logfile; (bso#14897);
  * set_ea_dos_attribute() fallback calling get_file_handle_for_metadata()
    triggers locking.tdb assert; (bso#14907);
  * Kerberos authentication on standalone server in MIT realm broken;
    (bso#14922);
  * Segmentation fault when joining the domain; (bso#14923);
  * Support for ROLE_IPA_DC is incomplete; (bso#14903);
  * rpcclient cannot connect to ncacn_ip_tcp services anymore;
    (bso#14767);
  * winexe crashes since 4.15.0 after popt parsing; (bso#14893);
  * net ads status -P broken in a clustered environment; (bso#14908);
  * Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before

OBS-URL: https://build.opensuse.org/request/show/939491
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=654
2021-12-11 07:11:04 +00:00
27902b68ad Accepting request 936336 from home:scabrero:branches:network:samba:STABLE
Drop invalid Provides

OBS-URL: https://build.opensuse.org/request/show/936336
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=653
2021-12-08 08:04:49 +00:00
Noel Power
28fcf45326 Accepting request 934097 from home:scabrero:branches:network:samba:STABLE
- Fix dependency problem upgrading from libndr0 to libndr2 and
  from libsamba-credentials0 to libsamba-credentials1;
  (bsc#1192684);

OBS-URL: https://build.opensuse.org/request/show/934097
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=652
2021-11-26 15:58:37 +00:00
Dominique Leuenberger
47a162b634 Accepting request 930760 from network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/930760
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=274
2021-11-12 14:59:16 +00:00
Noel Power
7c5ce0071c Accepting request 930730 from home:scabrero:branches:network:samba:STABLE
- Fix regression introduced by CVE-2020-25717 patches, winbindd
  does not start when 'allow trusted domains' is off; (bso#14899);
- Update to 4.15.2
  * CVE-2016-2124:  SMB1 client connections can be downgraded to
    plaintext authentication; (bso#12444); (bsc#1014440);
  * CVE-2020-25717: A user on the domain can become root on domain
    members; (bso#14556); (bsc#1192284);
  * CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos
    tickets issued by an RODC; (bso#14558); (bsc#1192246);
  * CVE-2020-25719: Samba AD DC did not always rely on the SID and
    PAC in Kerberos tickets; (bso#14561); (bsc#1192247);
  * CVE-2020-25721: Kerberos acceptors need easy access to stable
    AD identifiers (eg objectSid); (bso#14557); (bsc#1192505);
  * CVE-2020-25722: Samba AD DC did not do suffienct access and
    conformance checking of data stored; (bso#14564);
    (bsc#1192283);
  * CVE-2021-3738: Use after free in Samba AD DC RPC server;
    (bso#14468); (bsc#1192215);
  * CVE-2021-23192: Subsequent DCE/RPC fragment injection
    vulnerability; (bso#14875); (bsc#1192214);
- Update to 4.15.1
 * vfs_shadow_copy2: core dump in make_relative_path; (bso#14682);
 * Log clutter from filename_convert_internal; (bso#14685);
 * MacOSX compilation fixes; (bso#14862);
 * rodc_rwdc test flaps; (bso#14868);
 * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
   bit' S4U2Proxy Constrained Delegation bypass in Samba with
   embedded Heimdal; (bso#14642);
 * Python ldb.msg_diff() memory handling failure; (bso#14836);
 * "in" operator on ldb.Message is case sensitive; (bso#14845);

OBS-URL: https://build.opensuse.org/request/show/930730
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=651
2021-11-10 21:17:55 +00:00
Richard Brown
b3ea56f4ce Accepting request 923243 from network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/923243
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=273
2021-10-08 20:04:53 +00:00
Noel Power
a0f09594eb Accepting request 923005 from home:scabrero:branches:network:samba:STABLE
-  Adjust spec to use pam macros; (bsc#1191046).
- Adjust spec for size
  * allow some Recommends instead Requires to be configured
    for cifs-utils, samba-libs-python3 & samba-gpupdate;
    (bsc#1182847).
  * remove fam, undocumented and unneeded.

OBS-URL: https://build.opensuse.org/request/show/923005
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=650
2021-10-05 13:41:00 +00:00
66c0b2b677 Accepting request 921168 from home:scabrero:branches:network:samba:STABLE
- Add missing build dependency on bison when building with the
  embedded Heimdal Kerberos

OBS-URL: https://build.opensuse.org/request/show/921168
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=649
2021-09-24 09:37:46 +00:00
Noel Power
5191ffffd9 OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=648 2021-09-23 10:24:07 +00:00
Dominique Leuenberger
9b009bdc02 Accepting request 919671 from network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/919671
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=272
2021-09-21 19:12:25 +00:00
42f8e11b64 Accepting request 913220 from home:dmulder:branches:network:samba:STABLE
- Add Certificate Auto Enrollment Policy; (jsc#SLE-18457).

OBS-URL: https://build.opensuse.org/request/show/913220
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=647
2021-09-17 07:45:50 +00:00
Dominique Leuenberger
7b00a8fb83 Accepting request 910101 from network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/910101
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=271
2021-08-05 18:47:55 +00:00
Noel Power
c988bfbf5e Accepting request 908919 from home:scabrero:branches:network:samba:STABLE
- Update to 4.14.6
   * s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722).
   * smbd: Fix pathref unlinking in create_file_unixpath(); (bso#14732).
   * s3: VFS: default: Add proc_fd's fallback for vfswrap_fchown(); (bso#14734).
   * s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in
     change_file_owner_to_parent() error path; (bso#14736).
   * NT_STATUS_FILE_IS_A_DIRECTORY error messages when using
     glusterfs VFS module; (bso#14730).
   * s3/modules: fchmod: Fallback to path based chmod if pathref; (bso#14734).
   * Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740).
   * gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750).
   * smbXsrv_{open,session,tcon}: protect
     smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records;
     (bso#14752).
   * samba-tool domain backup offline doesn't work against bind DLZ
     backend; (bso#14027).
   * netcmd: Use next_free_rid() function to calculate a SID for
     restoring a backup; (bso#14669).

OBS-URL: https://build.opensuse.org/request/show/908919
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=646
2021-08-04 09:37:16 +00:00
Dominique Leuenberger
a1cedab32b Accepting request 898328 from network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/898328
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=270
2021-06-13 21:05:30 +00:00
Noel Power
82749b63ed Accepting request 897431 from home:scabrero:branches:network:samba:STABLE
- Update to 4.14.5
  * s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success;
    (bso#14696);
  * s3: smbd: Ensure POSIX default ACL is mapped into returned Windows
    ACL for directory handles; (bso#14708);
  * s3: smbd: Fix uninitialized memory read in process_symlink_open()
    when used with vfs_shadow_copy2(); (bso#14721);
  * docs: Expand the "log level" docs on audit logging; (bso#14689);
  * smbd: Correctly initialize close timestamp fields; (bso#14714);
  * Fix gcc11 compiler issues; (bso#14699);
  * docs-xml: Update smbcacls manpage; (bso#14718);
  * docs: Update list of available commands in rpcclient; (bso#14719);
  * ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475);
  * s3:winbind: For 'security = ADS' require realm/workgroup to be set;
    (bso#14695);
  * lib:replace: Do not build strndup test with gcc 11 or newer;
    (bso#14699);

OBS-URL: https://build.opensuse.org/request/show/897431
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=645
2021-06-08 10:24:08 +00:00
Dominique Leuenberger
223fd22916 Accepting request 889576 from network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/889576
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=269
2021-05-02 16:35:17 +00:00
44072657fd Accepting request 889509 from home:npower:samba-update
- Update to 4.14.4
  * CVE-2021-20254: Fix buffer overrun in sids_to_unixids();
    (bso#14571); (bsc#1184677).
- Update to 4.14.3
  * s3:modules:vfs_virusfilter: Recent New_VFS changes break
    vfs_virusfilter_openat; (bso#14671).
  * build: Notice if flex is missing at configure time; (bso#14586).
  * Fix smbd panic when two clients open same file; (bso#14672).
  * Fix memory leak in the RPC server; (bso#14675).
  * s3: smbd: fix deferred renames; (bso#14679).
  * s3-iremotewinspool: Set the per-request memory context;
    (bso#14675)
  * Fix memory leak in the RPC server; (bso#14675).
  * third_party: Update socket_wrapper to version 1.3.2;
    (bso#11899).
  * third_party: Update socket_wrapper to version 1.3.3;
    (bso#14640).
  * samba-gpupdate: Test that sysvol paths download in
    case-insensitive way; (bso#14665).
  * smbd: Ensure errno is preserved across fsp destructor;
    (bso#14662).
  * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
    conflict; (bso#14663).
  * build: Only add -Wl,--as-needed when supported; (bso#14288).

OBS-URL: https://build.opensuse.org/request/show/889509
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=644
2021-04-30 16:19:30 +00:00
Dominique Leuenberger
6576182b4d Accepting request 885268 from network:samba:STABLE
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/885268
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=268
2021-04-22 16:03:13 +00:00
Noel Power
04ed273b6d OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=643 2021-04-07 10:02:53 +00:00
Dominique Leuenberger
dacb152fcf Accepting request 876695 from network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/876695
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=267
2021-03-08 14:15:11 +00:00
Noel Power
eb9272c94c Accepting request 876691 from home:scabrero:branches:network:samba:STABLE
- Spec file fixes around systemd and requires; (bsc#1182830);
- Align systemd service unit files with upstream provided ones.

OBS-URL: https://build.opensuse.org/request/show/876691
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=642
2021-03-04 09:25:41 +00:00