- Add quotes around path of update-apparmor-samba-profile; (bnc#962177).
- Remove autoconf build-time requirement.
- Update to 4.3.4.
+ vfs_fruit: Enable POSIX directory rename semantics; (bso#11065).
+ Crash: Bad talloc magic value - access after free; (bso#11394).
+ Copying files with vfs_fruit fails when using vfs_streams_xattr without
stream prefix and type suffix; (bso#11466).
+ samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given;
(bso#11613).
+ Fix a typo in the smb.conf manpage, explanation of idmap config;
(bso#11619).
+ Correctly initialize the list head when keeping a list of primary followed
by DFS connections; (bso#11624).
+ Reduce the memory footprint of empty string options; (bso#11625).
+ lib/async_req: Do not install async_connect_send_test; (bso#11639).
+ Fix typos in man vfs_gpfs; (bso#11641).
+ Make "hide dot files" option work with "store dos attributes = yes";
(bso#11645).
+ Fix a corner case of the symlink verification; (bso#11647); (bnc#960249).
+ Do not disable "store dos attributes" on-the-fly; (bso#11649).
+ Update lastLogon and lastLogonTimestamp; (bso#11659).
- Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249).
OBS-URL: https://build.opensuse.org/request/show/354145
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=196
- Update to 4.3.3.
+ Malicious request can cause Samba LDAP server to hang, spinning using CPU;
CVE-2015-3223; (bso#11325); (bnc#958581).
+ Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599);
(bnc#958586).
+ Insufficient symlink verification (file access outside the share);
CVE-2015-5252; (bso#11395); (bnc#958582).
+ No man in the middle protection when forcing smb encryption on the client
side; CVE-2015-5296; (bso#11536); (bnc#958584).
+ Currently the snapshot browsing is not secure thru windows previous version
(shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583).
+ Fix Microsoft MS15-096 to prevent machine accounts from being changed into
user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).
OBS-URL: https://build.opensuse.org/request/show/349211
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=195
+ Malicious request can cause Samba LDAP server to hang, spinning using CPU;
CVE-2015-3223; (bso#11325); (bnc#958581).
+ Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599);
(bnc#958586).
+ Insufficient symlink verification (file access outside the share);
CVE-2015-5252; (bso#11395); (bnc#958582).
+ No man in the middle protection when forcing smb encryption on the client
side; CVE-2015-5296; (bso#11536); (bnc#958584).
+ Currently the snapshot browsing is not secure thru windows previous version
(shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583).
+ Fix Microsoft MS15-096 to prevent machine accounts from being changed into
user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=514
This commit by intention reverts the
Do not provide and obsolete libpdb0 from libsamba-passdb0
change is the reported issue requires more investigation.
With the first suggested solution we have two issues:
a) a library name conflict as reported to Samba upstream at
https://bugzilla.samba.org/show_bug.cgi?id=10355
As libpdb depends heavily on other versioned shared Samba libraries
libpdb in the old version can't work alone. We'll end up in a
library missmatch.
b) libzypp (YaST/ zypper) pulls in libpdb0 _i586_ from the main openSUSE
13.2 repository for example
The actual package changes are:
- Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051).
- Package /var/lib/samba/msg with 0755 permissions; (bnc#945502).
- Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15
systems; (bnc#945013).
OBS-URL: https://build.opensuse.org/request/show/331893
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=190
- to enhance the previous commit
- do it in the post of the client which is required by winbind and the
main package; a potential race condition is the restart on update
mechanism if the main or winbind packages gets installed before the
client package
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=494
