- Fix build on newer systems by modifying samba.spec to use
consistent non-relative paths for pammodules in configure line
and specification of pam_winbind.so library to package.
- Update to samba 4.10.7
+ Unable to create or rename file/directory inside shares
configured with vfs_glusterfs_fuse module; (bso#14010).
+ build: Allow build when '--disable-gnutls' is set; (bso#13844)
+ samba-tool: Add 'import samba.drs_utils' to fsmo.py;
(bso#13973).
+ Fix 'Error 32 determining PSOs in system' message on old DB
with FL upgrade; (bso#14008).
+ s4/libnet: Fix joining a Windows pre-2008R2 DC; (bso#14021)
+ join: Use a specific attribute order for the DsAddEntry
nTDSDSA object; (bso#14046).
+ vfs_catia: Pass stat info to synthetic_smb_fname();
(bso#14015).
+ lookup_name: Allow own domain lookup when flags == 0;
(bso#14091).
+ s4 librpc rpc pyrpc: Ensure tevent_context deleted last;
(bso#13932).
+ DEBUGC and DEBUGADDC doesn't print into a class specific log
file; (bso#13915).
+ Request to keep deprecated option "server schannel",
VMWare Quickprep requires "auto"; (bso#13949).
+ dbcheck: Fallback to the default tombstoneLifetime of 180 days;
(bso#13967).
+ dnsProperty fails to decode values from older Windows versions;
(bso#13969).
+ samba-tool: Use only one LDAP modify for dns partition fsmo
OBS-URL: https://build.opensuse.org/request/show/727708
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=619
- Update to samba-4.10.2:
+ CVE-2019-3870 (World writable files in
Samba AD DC private/ dir); (bso#13834).
+ CVE-2019-3880 (Save registry file outside share as
unprivileged user); (bso#13851).
+ py/kcc_utils: py2.6 compatibility; (bso#13837).
+ libcli: permit larger values of DataLength in
SMB2_ENCRYPTION_CAPABILITIES of negotiate response;
(bso#13869).
+ regfio: Improve handling of malformed registry hive files;
(bso#13840).
+ ctdb-version: Simplify version string usage; (bso#13789).
+ lib: Make fd_load work for non-regular files; (bso#13859).
+ dbcheck: in the middle of the tombstone garbage collection
causes replication failures,
dbcheck: add --selftest-check-expired-tombstones cmdline
option; (bso#13816).
+ ndr_spoolss_buf: Fix out of scope use of stack variable in
NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818).
+ s4/messaging: Fix undefined reference in linking
libMESSAGING-samba4.so; (bso#13854).
+ acl_read: Fix regression for empty lists; (bso#13836).
+ s4:dlz make b9_has_soa check dc=@ node; (bso#13841).
+ s3:client: Fix printing via smbspool backend with kerberos
auth; (bso#13832).
+ s4:librpc: Fix installation of Samba; (bso#13847).
+ s3:lib: Fix the debug message for adding cache entries;
(bso#13848).
+ s3:utils: Add 'smbstatus -L --resolve-uids' to show username;
(bso#13793).
+ s3:lib: Fix the debug message for adding cache entries;
(bso#13848).
+ s3:waf: Fix the detection of makdev() macro on Linux;
(bso#13853).
* ctdb-build: Drop creation of .distversion in tarball;
(bso#13789).
* ctdb-packaging: Test package requires tcpdump, ctdb package
should not own system library directory; (bso#13838).
- Update to samba-4.10.1:
+ py/kcc_utils: py2.6 compatibility; (bso#13837);
+ libcli: permit larger values of DataLength in
SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869);
+ regfio: Improve handling of malformed registry hive files; (bso#13840);
+ ctdb-version: Simplify version string usage; (bso#13789);
+ lib: Make fd_load work for non-regular files; (bso#13859);
+ dbcheck in the middle of the tombstone garbage collection causes
replication failures, dbcheck: add --selftest-check-expired-tombstones
cmdline option; (bso#13816);
+ ndr_spoolss_buf: Fix out of scope use of stack variable in
NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818);
+ s4/messaging: Fix undefined reference in linking
libMESSAGING-samba4.so; (bso#13854);
+ acl_read: Fix regression for empty lists; (bso#13836);
+ s4:dlz make b9_has_soa check dc=@ node; (bso#13841);
+ s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832);
+ s4:librpc: Fix installation of Samba; (bso#13847);
+ s3:lib: Fix the debug message for adding cache entries; (bso#13848);
+ s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793);
+ s3:lib: Fix the debug message for adding cache entries; (bso#13848);
+ s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853);
+ ctdb-build: Drop creation of .distversion in tarball; (bso#13789);
+ ctdb-packaging: Test package requires tcpdump, ctdb package
should not own system library directory; (bso#13838);
- Update to samba-4.10.0:
+ s4-server: Open and close a transaction on sam.ldb at startup; (bso#13760);
+ access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
+ s4/scripting/bin: Open unicode files with utf8 encoding and write
+ unicode string.
+ sambaundoguididx: Use the right escaped oder unescaped sam ldb
files; (bso#13759);
+ Fix idmap cache pollution with S-1-22- IDs on winbind hickup; (bso#13813);
+ passdb: Update ABI to 0.27.2.
+ lib/winbind_util: Add winbind_xid_to_sid for --without-winbind; (bso#13813);
+ lib:util: Move debug message for mkdir failing to log level 1; (bso#13823);
OBS-URL: https://build.opensuse.org/request/show/696786
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=615
- Fix update-apparmor-samba-profile script after apparmor switched
to using named profiles. The change is backwards compatible;
(bsc#1126377);
- LoadParm().load_default() fails with "Unable to load default file";
(bsc#1089758);
- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=614
- Update to samba-4.9.4
+ libcli/smb: Don't overwrite status code; (bso#9175).
+ wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164).
+ Session setup reauth fails to sign response; (bso#13661).
+ vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677).
+ vfs_shadow_copy2: Nicely deal with attempts to open previous
version for writing; (bso#13688).
+ Restoring previous version of stream with vfs_shadow_copy2 fails
with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455).
+ CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571).
+ s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708)
+ PEP8: fix E231: missing whitespace after ','.
+ winbindd: Fix crash when taking profiles;(bso#13629)
+ CVE-2018-14629 dns: Fix CNAME loop prevention using counter
regression; (bso#13600)
+ 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686).
+ CVE-2018-16853: Do not segfault if client is not set; (bso#13571).
+ lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679)
+ ctdb-daemon: Exit with error if a database directory does not
exist; (bso#13696).
+ s3:libads: Add net ads leave keep-account option; (bso#13498).
- Drop more %if..%endif guards which are idempotent.
- Drop requires on ldconfig which are already auto-discovered.
- Do not ignore errors from useradd/groupadd.
OBS-URL: https://build.opensuse.org/request/show/664132
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=612
- Update to samba-4.9.3
+ CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD
Internal DNS server; (bso#13600); (bsc#1116319);
+ CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628);
(bsc#1116320);
+ CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server;
(bso#13674); (bsc#1116322);
+ CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers;
(bso#13669); (bsc#1116321);
+ CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported); (bso#13678); (bsc#1116324);
+ CVE-2018-16857: Bad password count in AD DC not always effective;
window; (bso#13683); (bsc#1116323);
- Update to samba-4.9.2
+ dsdb: Add comments explaining the limitations of our current backlink
behaviour; (bso#13418);
+ Fix problems running domain backups (handling SMBv2, sites); (bso#13621);
+ testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3;
(bso#13465);
+ Make vfs_fruit able to cleanup AppleDouble files; (bso#13642);
+ File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646);
+ Enabling vfs_fruit looses FinderInfo; (bso#13649);
+ Cancelling of SMB2 aio reads and writes returns wrong error
NT_STATUS_INTERNAL_ERROR; (bso#13667);
+ Fix CTDB recovery record resurrection from inactive nodes and simplify
vacuuming; (bso#13641);
+ examples: Fix the smb2mount build; (bso#13465);
+ libtevent: Fix build due to missing open_memstream on Illiumos;
(bso#13629);
+ winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662);
+ dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path;
(bso#13653);
+ Extended DN SID component missing for member after switching group
membership; (bso#13418);
+ Return STATUS_SESSION_EXPIRED error encrypted, if the request was
encrypted; (bso#13624);
+ python: Allow forced signing via smb.SMB(); (bso#13621);
+ lib:socket: If returning early, set ifaces; (bso#13665);
+ ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8
encoded unicode; (bso#13616);
+ smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute;
(bso#13673);
+ waf: Add -fstack-clash-protection; (bso#13601);
+ winbind: Fix segfault if an invalid passdb backend is configured;
(bso#13668);
+ Fix bugs in CTDB event handling; (bso#13659);
+ Misbehaving nodes are sometimes not banned; (bso#13670);
OBS-URL: https://build.opensuse.org/request/show/652450
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=608
- Update to samba-4.9.0
+ samba_dnsupdate: Honor 'dns zone scavenging' option, only update if
needed; (bso#13605);
+ wafsamba: Fix 'make -j<jobs>'; (bso#13606);
- Update to samba-4.9.0rc5
+ s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only
returns absolute pathnames; (bso#13565);
+ s3: util: Do not take over stderr when there is no log file; (bso#13578);
+ Durable Reconnect fails because cookie.allow_reconnect is not
set; (bso#13549);
+ krb5-samba: Interdomain trust uses different salt principal; (bso#13539);
+ vfs_fruit: Don't unlink the main file; (bso#13441);
+ smbd: Fix a memleak in async search ask sharemode; (bso#13602);
+ Fix Samba GPO issue when Trust is enabled; (bso#11517);
+ samba-tool: Add "virtualKerberosSalt" attribute to
'user getpassword/syncpasswords'; (bso#13539);
+ Fix CTDB configuration issues; (bso#13589);
+ ctdbd logs an error until it can successfully connect to
eventd; (bso#13592);
- Update to samba-4.9.0rc4
+ s3: smbd: Ensure get_real_filename() copes with empty
pathnames; (bso#13585);
+ samba domain backup online/rename commands force user to specify
password on CLI; (bso#13566);
+ wafsamba/samba_abi: Always hide ABI symbols which must be
local; (bso#13579);
+ Fix a panic if fruit_access_check detects a locking conflict; (bso#13584);
+ Fix memory and resource leaks; (bso#13567);
+ python: Fix print in dns_invalid.py; (bso#13580);
+ Aliasing issue causes incorrect IPv6 checksum; (bso#13588);
+ Fix CTDB configuration issues; (bso#13589);
+ s3: vfs: time_audit: fix handling of token_blob in
smb_time_audit_offload_read_recv(); (bso#13568);
- Update to samba-4.9.0rc3+git.22.3fff23ae36e
+ CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
returns from malicious servers; (bso#13453);
+ CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query
with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374);
+ CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
not servicePrincipalName is set on a user; (bso#13552);
+ CVE-2018-10919: acl_read: Fix unauthorized attribute access via
searches; (bso#13434);
+ ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540);
+ CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
is disabled via "ntlm auth"; (bso#13360);
+ s3-tldap: do not install test_tldap; (bso#13529);
+ ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540);
+ CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
ltdb_index_dn_attr(); (bso#13374);
+ ctdb-eventd: Fix CID 1438155; (bso#13554);
+ Fix CIDs 1438243, (Unchecked return value) 1438244
(Unsigned compared against 0), 1438245 (Dereference before null check) and
1438246 (Unchecked return value); (bso#13553);
+ ctdb: Fix a cut&paste error; (bso#13554);
+ systemd: Only start smb when network interfaces are up; (bso#13559);
+ Fix quotas don't work with SMB2; (bso#13553);
+ s3/smbd: Ensure quota code is only called when quota support
detected; (bso#13563);
+ s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204);
+ s3:waf: Install eventlogadm to /usr/sbin; (bso#13561);
+ Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);
- Update to samba-4.9.0rc2+git.21.a1069afb007
+ s3: smbd: Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537);
+ s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check();
(bso#13535);
+ samba-tool trust: Support discovery via netr_GetDcName; (bso#13538);
+ s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542);
+ Fix portability issues on freebsd; (bso#13520);
+ DNS wildcard search does not handle multiple labels correctly; (bso#13536);
+ samba-tool domain trust: Fix trust compatibility to Windows
Server 1709 and FreeIPA; (bso#13308);
+ Fix portability issues on freebsd; (bso#13520);
+ ctdb-protocol: Fix CTDB compilation issues; (bso#13545);
+ ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT
option; (bso#13546);
+ ctdb-doc: Provide an example script for migrating old
configuration; (bso#13550);
+ ctdb-event: Implement event tool "script list" command; (bso#13551);
OBS-URL: https://build.opensuse.org/request/show/635794
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=602
- Update to samba-4.8.4+git.37.a7a861d7982;
+ CVE-2018-1139: Weak authentication protocol allowed;
(bsc#1095048); (bsc#13360);
+ CVE-2018-1140: Denial of Service Attack on DNS and LDAP server;
(bsc#1095056); (bso#13466); (bso#13374);
+ CVE-2018-10858: Insufficient input validation on client directory
listing in libsmbclient; (bsc#1103411); (bso#13453);
+ CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server;
(bsc#1103414); (bso#13552);
+ CVE-2018-10919: Confidential attribute disclosure from the AD
LDAP server; (bsc#1095057); (bso#13434);
+ s3:winbind: winbind normalize names' doesn't work for users;
(bso#12851);
+ winbind: Fix UPN handling in canonicalize_username(); (bso#13369);
+ s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428);
+ samdb: Fix building Samba with gcc 8.1; (bso#13437);
+ s3:utils: Do not segfault on error in DoDNSUpdate(); (bso#13440);
+ smbd: Flush dfree memcache on service reload; (bso#13446);
+ ldb: Save a copy of the index result before calling the
+ lib/util: No Backtrace given by Samba's AD DC by default;
(bso#13454).
+ s3: smbd: printing: Re-implement delete-on-close semantics for
print files missing since 3.5.x; (bso#13457).
+ python: Fix talloc frame use in make_simple_acl(); (bso#13474).
+ krb5_wrap: Fix keep_old_entries logic for older Kerberos
libraries;(bso#13478).
+ krb5_plugin: Add winbind localauth plugin for MIT Kerberos;
(bso#13480).
OBS-URL: https://build.opensuse.org/request/show/629523
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=600
- Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is
required by some client libs; (bsc#1074135);
- Update to 4.8.1; (bsc#1091179);
+ s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error,
we don't own it here; (bso#13244);
+ s3: smbd: Fix possible directory fd leak if the underlying OS doesn't
support fdopendir(); (bso#13270);
+ Round-tripping ACL get/set through vfs_fruit will increase the number of
ACE entries without limit; (bso#13319);
+ s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit
issues; (bso#13347);
+ s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without
delete access; (bso#13358);
+ s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372);
+ s3: smbd: Unix extensions attempts to change wrong field in fchown call;
(bso#13375);
+ ms_schema/samba-tool visualize: Fix python2.6 incompatibility;
(bso#13337);
+ Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352);
+ Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
+ winbindd: Recover loss of netlogon secure channel in case the peer DC is
rebooted; (bso#13332);
+ s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363);
+ ctdb-client: Fix bugs in client code; (bso#13356);
+ ctdb-scripts: Drop "net serverid wipe" from 50.samba event script;
(bso#13359);
+ s3: lib: messages: Don't use the result of sec_init() before calling
sec_init(); (bso#13368);
+ libads: Fix the build '--without-ads'; (bso#13273);
+ winbind: Keep "force_reauth" in invalidate_cm_connection, add
'smbcontrol disconnect-dc'; (bso#13332);
+ vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343);
+ dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367);
+ rpc_server: Fix core dump in dfsgetinfo; (bso#13370);
+ smbclient: Fix notify; (bso#13382);
+ Fix smbd panic if the client-supplied channel sequence number wraps;
(bso#13215);
+ Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
+ lib/util: Remove unused '#include <sys/syscall.h>' from tests/tfork.c;
(bso#13342);
+ Fix build errors with cc from developerstudio 12.5 on Solaris;
(bso#13343);
+ Fix the picky-developer build on FreeBSD 11; (bso#13344);
+ s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345);
+ s3:smbd: map nterror on smb2_flush errorpath; (bso#13338);
+ lib:replace: Fix linking when libtirpc-devel overwrites system headers;
(bso#13341);
+ winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid
query; (bso#13312);
+ s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376);
+ Allow AESNI to be used on all processor supporting AESNI; (bso#13302);
OBS-URL: https://build.opensuse.org/request/show/603033
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=597
- Update to 4.7.5; (bsc#1080545);
+ smbd tries to release not leased oplock during oplock II downgrade;
(bso#13193);
+ Fix copying file with empty FinderInfo from Windows client to Samba share
with fruit; (bso#13181);
+ build: Deal with recent glibc sunrpc header removal; (bso#10976);
+ Make Samba work with tirpc and libnsl2; (bso#13238);
+ vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208);
(bsc#1075206);
+ Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
(bso#12986);
+ ctdb-recovery-helper: Deregister message handler in error paths;
(bso#13188);
+ samba: Only use async signal-safe functions in signal handler; (bso#13240);
+ Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
(bso#12986);
+ repl_meta_data: Fix linked attribute corruption on databases
with unsorted links on expunge. dbcheck: Add functionality to fix the
corrupt database; (bso#13228);
+ Fix smbd panic when chdir returns error during exit; (bso#13189);
+ Make Samba work with tirpc and libnsl2; (bso#13238);
+ Fix POSIX ACL support on HPUX and possibly other big-endian OSs;
(bso#13176);
- Update to 4.7.4; (bsc#1080545);
+ s3: smbclient: Implement 'volume' command over SMB2; (bso#13140);
+ s3: libsmb: Fix valgrind read-after-free error in
cli_smb2_close_fnum_recv(); (bso#13171);
+ s3: libsmb: Fix reversing of oldname/newname paths when creating a
reparse point symlink on Windows from smbclient; (bso#13172);
+ Build man page for vfs_zfsacl.8 with Samba; (bso#12934);
+ repl_meta_data: Allow delete of an object with dangling backlinks;
(bso#13095);
+ s4:samba: Fix default to be running samba as a deamon; (bso#13129);
+ Performance regression in DNS server with introduction of DNS wildcard,
ldb: Release 1.2.3; (bso#13191);
+ vfs_zfsacl: Fix compilation error; (bso#6133);
+ "smb encrypt" setting changes are not fully applied until full smbd
restart; (bso#13051);
+ winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052);
+ vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155);
+ winbindd: Dependency on trusted-domain list in winbindd in critical auth
codepath; (bso#13173);
+ repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120);
+ ctdb: sock_daemon leaks memory; (bso#13153);
+ TCP tickles not getting synchronised on CTDB restart; (bso#13154);
+ winbindd: winbind parent and child share a ctdb connection; (bso#13150);
+ pthreadpool: Fix deadlock; (bso#13170);
+ pthreadpool: Fix starvation after fork; (bso#13179);
+ messaging: Always register the unique id; (bso#13180);
+ s4/smbd: set the process group; (bso#13129);
+ Fix broken linked attribute handling; (bso#13095);
+ The KDC on an RWDC doesn't send error replies in some situations;
(bso#13132);
+ libnet_join: Fix 'net rpc oldjoin'; (bso#13149);
+ g_lock conflict detection broken when processing stale entries;
(bso#13195);
+ s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired
sessions; (bso#13197);
+ s3:libads: net ads keytab list fails with "Key table name malformed";
(bso#13166); (bsc#1067700);
+ Fix crash in pthreadpool thread after failure from pthread_create;
(bso#13170);
+ s4:samba: Allow samba daemon to run in foreground; (bso#13129);
(bsc#1065551);
+ third_party: Link the aesni-intel library with "-z noexecstack";
(bso#13174);
+ vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I"
options; (bso#13125);
OBS-URL: https://build.opensuse.org/request/show/575830
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=581
- smbc_opendir should not return EEXIST with invalid login credentials;
(bnc#1065868).
- Update to 4.7.3; (bsc#1069666);
+ Non-smbd processes using kernel oplocks can hang smbd;
(bso#13121);
+ python: use communicate to fix Popen deadlock; (bso#13127);
+ smbd on disk file corruption bug under heavy threaded load;
(bso#13130);
+ tevent: version 0.9.34; (bso#13130);
+ s3: smbd: Fix delete-on-close after smb2_find; (bso#13118);
+ CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug;
(bsc#1060427);(bso#13041);
+ CVE-2017-15275: s3: smbd: Chain code can return uninitialized
memory when talloc buffer is grown; (bsc#1063008); (bso#13077);
- Build with AD DC support only in openSUSE.
OBS-URL: https://build.opensuse.org/request/show/546497
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=579
- Run all daemons in the foreground and let systemd handle it; (bsc#1065551).
- Update to 4.7.1;
+ Fix exporting subdirs with shadow_copy2; (bso#13091);
+ Currently if getwd() fails after a chdir(), we panic; (bso#13027);
+ Ensure default SMB_VFS_GETWD() call can't return a partially completed
struct smb_filename; (bso#13068);
+ sys_getwd() can leak memory or possibly return the wrong errno on older
systems; (bso#13069);
+ smbclient doesn't correctly canonicalize all local names before use;
(bso#13093);
+ Fix broken linked attribute handling; (bso#13095);
+ Missing LDAP query escapes in DNS rpc server; (bso#12994);
+ Link to -lbsd when building replace.c by hand; (bso#13087);
+ Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem;
(bso#6133);
+ Map SYNCHRONIZE acl permission statically in zfs_acl vfs module;
(bso#7909);
+ Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module;
(bso#7933);
+ Missing assignment in sl_pack_float; (bso#12991);
+ Wrong Samba access checks when changing DOS attributes; (bso#12995);
+ samba_runcmd_send() leaves zombie processes on timeout; (bso#13062);
+ groupmap cleanup should not delete BUILTIN mappings; (bso#13065);
+ Enabling vfs_fruit results in loss of Finder tags and other xattrs;
(bso#13076);
+ man pages: Properly ident lists; (bso#9613);
+ smb.conf.5: Sort parameters alphabetically; (bso#13081);
+ Fix GUID string format on GetPrinter info; (bso#12993);
+ Remote serverid check doesn't check for the unique id; (bso#13042);
+ CTDB starts consuming memory if there are dead nodes in the cluster;
(bso#13056);
+ ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070);
+ libgpo doesn't sort the GPOs in the correct order; (bso#13046);
+ Remote serverid check doesn't check for the unique id; (bso#13042);
+ vfs_catia: Fix a potential memleak; (bso#13090);
+ Fix file change notification for renames; (bso#12903);
+ Samba DNS server does not honour wildcards; (bso#12952);
+ Can't change password in samba from a Windows client if Samba runs on
IPv6 only interface; (bso#13079);
+ vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086);
+ Apple client can't cope with SMB2 async replies when creating symlinks;
(bso#13047);
+ s4:rpc_server:backupkey: Move variable into scope; (bso#12959);
+ Fix ntstatus_gen.h generation on 32bit; (bso#13099);
+ Fix a double free in vfs_gluster_getwd(); (bso#13100);
+ Fix resouce leaks and pointer issues; (bso#13101);
+ vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);
OBS-URL: https://build.opensuse.org/request/show/539834
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=576
- Update to 4.7.0;
+ Whole DB read locks: Improved LDAP and replication consistency;
(bso#12858).
+ Samba AD with MIT Kerberos
+ Dynamic RPC port range: Default range changed from "1024-1300" to
"49152-65535".
+ Authentication and Authorization audit support: New auth_audit debug
class.
+ Multi-process LDAP Server: The LDAP server in the AD DC now honours
the process model used for the rest of the 'samba' process.
+ Improved Read-Only Domain Controller (RODC) Support; (bso#12977).
+ Additional password hashes stored in supplementalCredentials.
+ Improvements to DNS during Active Directory domain join.
+ Significant AD performance and replication improvements.
+ Query record for open file or directory.
+ Removal of lpcfg_register_defaults_hook().
+ Change of loadable module interface.
+ SHA256 LDAPS Certificates: The self-signed certificate generated for use
on LDAPS will now be generated with a SHA256 self-signature, not a SHA1
self-signature.
+ CTDB no longer allows mixed minor versions in a cluster.
+ CTDB now ignores hints from Samba about TDB flags when attaching to
databases.
+ New configuration variable CTDB_NFS_CHECKS_DIR.
+ The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed.
+ The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed.
+ The example NFS Ganesha call-out has been improved.
+ A new "replicated" database type is available.
OBS-URL: https://build.opensuse.org/request/show/532129
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=573
+ Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at
startup; (bso#12814).
+ vfs_expand_msdfs tries to open the remote address as a file path;
(bso#12687).
+ PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type);
(bso#12798).
+ With clustering get update_num_read_oplocks failed and PANIC:
num_share_modes == 1 assertion failure; (bso#11844).
+ contend_level2_oplocks_begin_default oplock optimisation doesn't carry
over to leases; (bso#12766).
+ `ctdb nodestatus` incorrectly displays status for all nodes with wrong
exit code; (bso#12802).
+ CTDB can spin hard on revoking readonly delegations if a node becomes
disconnected; (bso#12697).
+ Printing a share mode entry with leases can crash in the ndr code;
(bso#12793).
+ Fix flakey unit tests for eventd; (bso#12792).
+ CTDB daemon crashes if built with clang; (bso#12770).
+ smbcacls fails if no password is specified; (bso#12765).
+ idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757).
+ samba-tool user syncpasswords doesn't trigger the script when a user gets
removed; (bso#12767).
+ systemd: fix detection of libsystemd; (bso#12764).
+ Notify subsystem only maps first inotify mask to Windows notify filter;
(bso#12760).
+ Allow passing trusted domain password as plain-text to PASSDB layer;
(bso#12751).
+ Can't case-rename files with vfs_fruit; (bso#12749).
+ wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=563