Commit Graph

529 Commits

Author SHA256 Message Date
Noel Power
98ef31b304 Accepting request 835851 from home:scabrero:branches:network:samba:STABLE
- Update to samba 4.12.7
  + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect
    netr_ServerPasswordSet2 against unencrypted passwords; (bsc#1176579);
    (bso#14497);
  + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support
    "server require schannel:WORKSTATION$ = no" about unsecure configurations;
    (bsc#1176579); (bso#14497);
  + CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client
    challenge; (bsc#1176579); (bso#14497);
  + CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in
    netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no";
    (bsc#1176579); (bso#14497);
- Update to samba 4.12.6
  + s3: libsmb: Fix SMB2 client rename bug to a Windows server;
    (bso#14403).
  + dsdb: Allow "password hash userPassword schemes = CryptSHA256"
    to work on RHEL7; (bso#14424).
  + dbcheck: Allow a dangling forward link outside our known NCs;
    (bso#14450).
  + lib/debug: Set the correct default backend loglevel to
    MAX_DEBUG_LEVEL; (bso#14426).
  + PANIC: Assert failed in get_lease_type(); (bso#14428).
  + util: Fix build on AIX by fixing the order of replace.h include;
    (bso#14422).
  + srvsvc_NetFileEnum asserts with open files; (bso#14355).
  + KDC breaks with DES keys still in the database and
    msDS-SupportedEncryptionTypes 31 indicating support for it;
    (bso#14354).
  + s3:smbd: Make sure vfs_ChDir() always sets
    conn->cwd_fsp->fh->fd = AT_FDCWD; (bso#14427).

OBS-URL: https://build.opensuse.org/request/show/835851
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=635
2020-09-21 15:10:48 +00:00
David Disseldorp
0baf2f4a2e Accepting request 823154 from home:kukuk:etc
- Don't install SuSEfirewall2 services, we don't have that package
  anymore

OBS-URL: https://build.opensuse.org/request/show/823154
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=634
2020-08-06 09:11:04 +00:00
Noel Power
6a8073e897 Accepting request 818624 from home:scabrero:branches:network:samba:STABLE
- Update to samba 4.12.5
  + Fix smbd panic on force-close share during async
    io; (bso#14301).
  + Fix segfault when using SMBC_opendir_ctx() routine for
    share folder that contains incorrect symbols in any
    file name; (bso#14374)
  + Fix DFS links; (bso#14391).
  + Can't use DNS functionality after a Windows DC has been
    in domain; (bso#14310).
  + ldapi search to FreeIPA crashes; (bso#14413).
  + Add net-ads-join dnshostname=fqdn option; (bso#14396)
  + Fix adding msDS-AdditionalDnsHostName to keytab with
    Windows DC; (bso#14406).
  + docs-xml: Update list of posible VFS operations for
    vfs_full_audit; (bso#14386).
  + winbindd: Fix a use-after-free when winbind clients exit;
    (bso#14382).
  + Client tools are not able to read gencache anymore;
    (bso#14370).
- Update to samba 4.12.4
  + CVE-2020-10730: NULL de-reference in AD DC LDAP server when
    ASQ and VLV combined; (bso#14364); (bsc#1173159)
  + CVE-2020-10745: invalid DNS or NBT queries containing dots use
    several seconds of CPU each; (bso#14378); (bsc#1173160).
  + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP
    server with paged_result or VLV; (bso#14402); (bsc#1173161)
  + CVE-2020-14303: Endless loop from empty UDP packet sent to
    AD DC nbt_server; (bso#14417); (bsc#1173359).

OBS-URL: https://build.opensuse.org/request/show/818624
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=633
2020-07-06 08:20:52 +00:00
Noel Power
a7db85abb1 Accepting request 810756 from home:scabrero:branches:network:samba:STABLE
- add libnetapi-devel to baselibs conf, for wine usage (bsc#1172307)

- Add system-user-nobody to samba package requirements

- Update to samba 4.12.3
  + Fix smbd panic on force-close share during async io; (bso#14301);
  + s3: vfs_full_audit: Add missing fcntl entry in vfs_op_names[] array;
    (bso#14343);
  + vfs_io_uring: Fix data corruption with Windows clients; (bso#14361);
  + Fix smbd crashes when MacOS Catalina connects if iconv initialization
    fails; (bso#14372);
  + Exporting from macOS Adobe Illustrator creates multiple copies;
    (bso#14150);
  + smbd does a chdir() twice per request; (bso#14256);
  + smbd mistakenly updates a file's write-time on close; (bso#14320);
  + vfs_shadow_copy2: implement case canonicalisation in
    shadow_copy2_get_real_filename(); (bso#14350);
  + Fix Windows 7 clients problem after upgrading samba file server;
    (bso#14375);
  + s3: Pass DCE RPC handle type to create_policy_hnd; (bso#14359);
  + Fix uxsuccess test with new MIT krb5 library 1.18; (bso#14155);
  + mit-kdc: Explicitly reject S4U requests; (bso#14342);
  + dbwrap_watch: Set rec->value_valid while returning nested
    share_mode_do_locked(); (bso#14352);
  + lib:util: Fix smbclient -l basename dir; (bso#14345);
  + s3:libads: Fix ads_get_upn(); (bso#14336);
  + ctdb: Fix a memleak; (bso#14348);
  + Malicous SMB1 server can crash libsmbclient; (bso#14366);
  + ldb: Bump version to 2.1.3, LMDB databases can grow without bounds;
    (bso#14330);

OBS-URL: https://build.opensuse.org/request/show/810756
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=632
2020-06-03 15:12:28 +00:00
David Disseldorp
7dbf28ebb4 Accepting request 800420 from home:scabrero:branches:network:samba:STABLE
- libsmb: Don't try to find posix stat info in SMBC_getatr();
  (bso#14101); (bsc#1169242);

OBS-URL: https://build.opensuse.org/request/show/800420
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=631
2020-05-06 10:18:05 +00:00
4bbe1d5392 Accepting request 799244 from home:npower:update_samba_4.12.2
- Move libdcerpc-server-core.so to samba-libs package, this was
  initially erroneously located in  samba-ad-dc.

OBS-URL: https://build.opensuse.org/request/show/799244
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=630
2020-04-30 19:18:06 +00:00
David Disseldorp
816dff106e Accepting request 798848 from home:npower:update_samba_4.12.2
- Update to samba 4.12.2
  + CVE-2020-10700: A client combining the 'ASQ' and
    'Paged Results' LDAP controls can cause a use-after-free
    in Samba's AD DC LDAP server;(bso#14331); (bsc#1169850)
  + CVE-2020-10704: A deeply nested filter in an un-authenticated
    LDAP search can exhaust the LDAP server's stack memory causing
    a SIGSEGV; (bso#14334); (bsc#1169851).

- Update to samba 4.12.1
  + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14295);
  + samba-tool group: Handle group names with special chars correctly;
    (bso#14296);
  + Add missing check for DMAPI offline status in async DOS attributes;
    (bso#14293);
  + Starting ctdb node that was powered off hard before results in recovery
    loop; (bso#14295);
  + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs;
    (bso#14307);
  + vfs_recycle: Prevent flooding the log if we're called on non-existant
    paths; (bso#14316);
  + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313);
  + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred;
    (bso#14327);
  + fruit:time machine max size is broken on arm; (bso#13622);
  + CTDB recovery corner cases can cause record resurrection and node
    banning; (bso#14294);
  + s3/utils: Fix double free error with smbtree; (bso#14332);
  + CTDB recovery corner cases can cause record resurrection and node
    banning; (bso#14294);
  + Starting ctdb node that was powered off hard before results in recovery

OBS-URL: https://build.opensuse.org/request/show/798848
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=629
2020-04-29 15:10:45 +00:00
92141f19eb Accepting request 788997 from home:npower:libsmbclient_timestruct
- s3: libsmbclient.h: add missing time.h include to fix
  ffmpeg build and make it compatible with -std=c99.

OBS-URL: https://build.opensuse.org/request/show/788997
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=628
2020-03-27 12:00:21 +00:00
Noel Power
ed5352ccab Accepting request 786416 from home:scabrero:branches:home:npower:update_factory_4.12.0
- ndrdump tests: Make the tests less fragile
- python/samba/gp_parse: Fix test errors with python3.8

- Starting ctdb node that was powered off hard before results
  in recovery loop; (bso#14295); (bsc#1162680).

- Update to samba 4.12.0
  + For details on all items see WHATSNEW.txt in samba-doc
    package.
  + Samba 4.12 raises this minimum version to Python
    3.5.
  + Samba now requires GnuTLS 3.4.7 to be installed.
  + New Spotlight backend for Elasticsearch.
  + Retiring DES encryption types in Kerberos. With this release,
    support for DES encryption types has been removed from
    Samba, and setting DES_ONLY flag for an account will cause
    Kerberos authentication to fail for that account (see
    RFC-6649).
  + Samba-DC: DES keys no longer saved in DB.
  + The netatalk VFS module has been removed.
  + The BIND9_FLATFILE DNS backend is deprecated in this release
    and will be removed in the future.
  + CTDB changes
    + The ctdb_mutex_fcntl_helper periodically re-checks the
      lock file.
+ Bugs
  + Retire DES encryption types in Kerberos; (bso#14202);
    bsc#(1165574).
  + dsdb: Correctly handle memory in objectclass_attrs;
    (bso#14258).

OBS-URL: https://build.opensuse.org/request/show/786416
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=627
2020-03-19 10:55:17 +00:00
David Disseldorp
ac3d2b343c - Remove unused pwdutils buildrequires
- Update to samba 4.11.6
  + pygpo: Use correct method flags; (bso#14209);
  + Avoiding bad call flags with python 3.8, using METH_NOARGS
    instead of zero; (bso#14209);
  + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h;
    (bso#14218);
  + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc;
    (bso#14122);
  + smbd: Fix the build with clang; (bso#14251);
  + upgradedns: Ensure lmdb lock files linked; (bso#14199);
  + s3: VFS: glusterfs: Reset nlinks for symlink entries during
    readdir; (bso#14182);
  + smbc_stat() doesn't return the correct st_mode and also the
    uid/gid is not filled (SMBv1) file; (bso#14101);
  + librpc: Fix string length checking in ndr_pull_charset_to_null();
    (bso#14219);
  + ctdb-scripts: Strip square brackets when gathering connection info;
    (bso#14227);

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=626
2020-02-03 14:55:39 +00:00
David Disseldorp
dc2643d6ee Accepting request 769391 from home:kukuk:branches:network:samba:STABLE
- Remove not used pwdutils buildrequires (pwdutils is gone since
  ages)

OBS-URL: https://build.opensuse.org/request/show/769391
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=625
2020-02-03 12:13:54 +00:00
d5a6815e74 Accepting request 766660 from home:npower:update_factory_4.11.5
- Fix nmbstatus not reporting detailed information about workgroups;
  (bsc#1159464);
- Fix querying all names registered within broadcast area; (bso#8927);

- Update to samab 4.11.5
  + CVE-2019-14902: Replication of ACLs down subtree on
    AD Directory is not automatic; (bso#12497); (bsc#1160850).
  + CVE-2019-19344: Fix  server crash with
    dns zone scavenging = yes; (bso#14050); (bsc#1160852).
  + CVE-2019-14907: server-side crash after charset conversion
    failure (eg during NTLMSSP processing); (bso#14208);
    (bsc#1160888).
- Update to samba 4.11.4
   + Ensure SMB1 cli_qpathinfo2() doesn't return an inode number;
     (bso#14161).
   + Ensure we don't call cli_RNetShareEnum() on an SMB1
     connection; (bso#14174).
   + NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in
     SMBC_opendir_ctx; (bso#14176).
   + SMB2 - Ensure we use the correct session_id if encrypting
     an interim response; (bso#14189).
   + Prevent smbd crash after invalid SMB1 negprot; (bso#14205).
   + printing: Fix %J substition; (bso#13745).
   + Remove now unneeded call to cmdline_messaging_context();
     (bso#13925).
   + Fix incomplete conversion of former parametric options;
     (bso#14069).
   + Fix sync dosmode fallback in async dosmode codepath;
     (bso#14070).
   + vfs_fruit returns capped resource fork length; (bso#14171).

OBS-URL: https://build.opensuse.org/request/show/766660
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=624
2020-01-23 16:09:39 +00:00
b5f09875ba Accepting request 755761 from home:npower:update_samba_4.11.3
- Update to samba 4.11.3
  + CVE-2019-14861: DNSServer RPC server crash, an authenticated user
    can crash the DCE/RPC DNS management server by creating records
    with matching the zone name; (bso#14138); (bsc#1158108).
  + CVE-2019-14870: DelegationNotAllowed not being enforced, the
    DelegationNotAllowed Kerberos feature restriction was not being
    applied when processing protocol transition requests (S4U2Self),
    in the AD DC KDC; (bso#14187); (bsc#1158109).

OBS-URL: https://build.opensuse.org/request/show/755761
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=623
2019-12-11 09:05:28 +00:00
19e9233f4d Accepting request 744290 from home:jmcdough:branches:STABLE-4.11.2
Update to 4.11.2

OBS-URL: https://build.opensuse.org/request/show/744290
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=622
2019-10-31 09:03:06 +00:00
af4f6d39e5 Accepting request 737886 from home:scabrero:branches:network:samba:STABLE
- Update to samba 4.11.0
  + For details on all items see WHATSNEW.txt in samba-doc
    package
  + Python2 runtime support removed; python 3.4 or later required
  + Security improvements:
    - SMB1 disabled by default
    - lanman and plaintext authentication deprecated
    - winbind: PAM_AUTH and NTLM_AUTH events logged
    - GnuTLS 3.2 required; system FIPS mode setting honored
  + CephFS Snapshot integration, exposed as previous file
    versions
  + ctdb changes:
    - onnode -o option removed
    - ctdbd logs when using more than 90% of a CPU thread
    - CTDB_MONITOR_SWAP_USAGE variable removed
  + AD Domain controller improvements:
    - Upgrade AD databse format
    - BIND9_FLATFILE deprecated
    - default process model chagned to prefork
    - bind9 dns operation duration logging
    - Default schema updated to 2012_R2; function level is
      unchanged
    - many performance improvements
  + Configuration webserver support removed

OBS-URL: https://build.opensuse.org/request/show/737886
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=621
2019-10-12 19:47:39 +00:00
David Disseldorp
116e35d954 Accepting request 728061 from home:scabrero:branches:network:samba:STABLE
- Update to samba 4.10.8
  + CVE-2019-10197: user escape from share path definition;
    (bso#14035); (bsc#1141267);

OBS-URL: https://build.opensuse.org/request/show/728061
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=620
2019-09-03 17:06:15 +00:00
65c974b42a Accepting request 727708 from home:npower:samba-update-4.10.7
- Fix build on newer systems by modifying samba.spec to use
  consistent non-relative paths for pammodules in configure line
  and specification of pam_winbind.so library to package.

- Update to samba 4.10.7
  + Unable to create or rename file/directory inside shares
    configured with vfs_glusterfs_fuse module; (bso#14010).
  + build: Allow build when '--disable-gnutls' is set; (bso#13844)
  + samba-tool: Add 'import samba.drs_utils' to fsmo.py;
    (bso#13973).
  + Fix 'Error 32 determining PSOs in system' message on old DB
    with FL upgrade; (bso#14008).
  + s4/libnet: Fix joining a Windows pre-2008R2 DC; (bso#14021)
  + join: Use a specific attribute order for the DsAddEntry
    nTDSDSA object; (bso#14046).
  + vfs_catia: Pass stat info to synthetic_smb_fname();
    (bso#14015).
  + lookup_name: Allow own domain lookup when flags == 0;
    (bso#14091).
  + s4 librpc rpc pyrpc: Ensure tevent_context deleted last;
    (bso#13932).
  + DEBUGC and DEBUGADDC doesn't print into a class specific log
    file; (bso#13915).
  + Request to keep deprecated option "server schannel",
    VMWare Quickprep requires "auto"; (bso#13949).
  + dbcheck: Fallback to the default tombstoneLifetime of 180 days;
    (bso#13967).
  + dnsProperty fails to decode values from older Windows versions;
    (bso#13969).
  + samba-tool: Use only one LDAP modify for dns partition fsmo

OBS-URL: https://build.opensuse.org/request/show/727708
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=619
2019-09-02 10:18:13 +00:00
Noel Power
67e8136281 Accepting request 710941 from home:scabrero:branches:network:samba:STABLE
- Update to samba-4.10.5 (including updates for 4.10.4, 4.10.3)

OBS-URL: https://build.opensuse.org/request/show/710941
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=618
2019-06-19 16:00:23 +00:00
David Disseldorp
9e27d199de Fix changelog chronological order
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=617
2019-05-15 00:09:54 +00:00
David Disseldorp
77e7f5e1ac - Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697).
- Add ceph_snapshots VFS module; (jsc#SES-183).

- Fix vfs_ceph realpath; (bso#13918); (bsc#1134452).

- Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245).

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=616
2019-05-14 23:56:57 +00:00
ab58c6daef Accepting request 696786 from network:samba:TESTING
- Update to samba-4.10.2:
  + CVE-2019-3870 (World writable files in
    Samba AD DC private/ dir); (bso#13834).
  + CVE-2019-3880 (Save registry file outside share as
    unprivileged user); (bso#13851).
  + py/kcc_utils: py2.6 compatibility; (bso#13837).
  + libcli: permit larger values of DataLength in
    SMB2_ENCRYPTION_CAPABILITIES of negotiate response;
    (bso#13869).
  + regfio: Improve handling of malformed registry hive files;
    (bso#13840).
  + ctdb-version: Simplify version string usage; (bso#13789).
  + lib: Make fd_load work for non-regular files; (bso#13859).
  + dbcheck: in the middle of the tombstone garbage collection
    causes replication failures,
      dbcheck: add --selftest-check-expired-tombstones cmdline
      option; (bso#13816).
  + ndr_spoolss_buf: Fix out of scope use of stack variable in
    NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818).
  + s4/messaging: Fix undefined reference in linking
    libMESSAGING-samba4.so; (bso#13854).
  + acl_read: Fix regression for empty lists; (bso#13836).
  + s4:dlz make b9_has_soa check dc=@ node; (bso#13841).
  + s3:client: Fix printing via smbspool backend with kerberos
    auth; (bso#13832).
  + s4:librpc: Fix installation of Samba; (bso#13847).
  + s3:lib: Fix the debug message for adding cache entries;
    (bso#13848).
  + s3:utils: Add 'smbstatus -L --resolve-uids' to show username;
    (bso#13793).
  + s3:lib: Fix the debug message for adding cache entries;
    (bso#13848).
  + s3:waf: Fix the detection of makdev() macro on Linux;
    (bso#13853).
   * ctdb-build: Drop creation of .distversion in tarball;
     (bso#13789).
   * ctdb-packaging: Test package requires tcpdump, ctdb package
     should not own system library directory;  (bso#13838).
- Update to samba-4.10.1:
  + py/kcc_utils: py2.6 compatibility; (bso#13837);
  + libcli: permit larger values of DataLength in
     SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869);
  + regfio: Improve handling of malformed registry hive files; (bso#13840);
  + ctdb-version: Simplify version string usage; (bso#13789);
  + lib: Make fd_load work for non-regular files; (bso#13859);
  + dbcheck in the middle of the tombstone garbage collection causes
     replication failures, dbcheck: add --selftest-check-expired-tombstones
     cmdline option; (bso#13816);
  + ndr_spoolss_buf: Fix out of scope use of stack variable in
     NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818);
  + s4/messaging: Fix undefined reference in linking
     libMESSAGING-samba4.so; (bso#13854);
  + acl_read: Fix regression for empty lists; (bso#13836);
  + s4:dlz make b9_has_soa check dc=@ node; (bso#13841);
  + s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832);
  + s4:librpc: Fix installation of Samba; (bso#13847);
  + s3:lib: Fix the debug message for adding cache entries; (bso#13848);
  + s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793);
  + s3:lib: Fix the debug message for adding cache entries; (bso#13848);
  + s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853);
  + ctdb-build: Drop creation of .distversion in tarball; (bso#13789);
  + ctdb-packaging: Test package requires tcpdump, ctdb package
     should not own system library directory; (bso#13838);
- Update to samba-4.10.0:
  + s4-server: Open and close a transaction on sam.ldb at startup; (bso#13760);
  + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
  + s4/scripting/bin: Open unicode files with utf8 encoding and write
  + unicode string.
  + sambaundoguididx: Use the right escaped oder unescaped sam ldb
    files; (bso#13759);
  + Fix idmap cache pollution with S-1-22- IDs on winbind hickup; (bso#13813);
  + passdb: Update ABI to 0.27.2.
  + lib/winbind_util: Add winbind_xid_to_sid for --without-winbind; (bso#13813);
  + lib:util: Move debug message for mkdir failing to log level 1; (bso#13823);

OBS-URL: https://build.opensuse.org/request/show/696786
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=615
2019-04-22 17:11:02 +00:00
David Disseldorp
3f063e45e1 - Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153).
- Fix update-apparmor-samba-profile script after apparmor switched
  to using named profiles. The change is backwards compatible;
  (bsc#1126377);

- LoadParm().load_default() fails with "Unable to load default file";
  (bsc#1089758);

- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=614
2019-03-05 10:51:42 +00:00
f4a14d4c40 Accepting request 664132 from home:npower:update_samba
- Update to samba-4.9.4
  + libcli/smb: Don't overwrite status code; (bso#9175).
  + wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164).
  + Session setup reauth fails to sign response; (bso#13661).
  + vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677).
  + vfs_shadow_copy2: Nicely deal with attempts to open previous
    version for writing; (bso#13688).
  + Restoring previous version of stream with vfs_shadow_copy2 fails
    with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455).
  + CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571).
  + s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708)
  + PEP8: fix E231: missing whitespace after ','.
  + winbindd: Fix crash when taking profiles;(bso#13629)
  + CVE-2018-14629 dns: Fix CNAME loop prevention using counter
    regression; (bso#13600)
  + 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686).
  + CVE-2018-16853: Do not segfault if client is not set; (bso#13571).
  + lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679)
  + ctdb-daemon: Exit with error if a database directory does not
    exist; (bso#13696).
  + s3:libads: Add net ads leave keep-account option; (bso#13498).

- Drop more %if..%endif guards which are idempotent.
- Drop requires on ldconfig which are already auto-discovered.
- Do not ignore errors from useradd/groupadd.

OBS-URL: https://build.opensuse.org/request/show/664132
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=612
2019-01-11 12:33:52 +00:00
Noel Power
9d38c3cc4b Accepting request 654115 from home:dmulder:branches:network:samba:STABLE
- Remove python2 build dependency from samba-libs; (bsc#1116900);
- Update update-apparmor-samba-profile script to ignore the shares's
  paths containing substitution variables in any place, not only at the
  beginning of the path.

OBS-URL: https://build.opensuse.org/request/show/654115
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=609
2018-12-05 17:34:52 +00:00
3635301ae9 Accepting request 652450 from home:scabrero:branches:network:samba:STABLE
- Update to samba-4.9.3
  + CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD
    Internal DNS server; (bso#13600); (bsc#1116319);
  + CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628);
    (bsc#1116320);
  + CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server;
    (bso#13674); (bsc#1116322);
  + CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers;
    (bso#13669); (bsc#1116321);
  + CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos
    configuration (unsupported); (bso#13678); (bsc#1116324);
  + CVE-2018-16857: Bad password count in AD DC not always effective;
    window; (bso#13683); (bsc#1116323);
- Update to samba-4.9.2
  + dsdb: Add comments explaining the limitations of our current backlink
    behaviour; (bso#13418);
  + Fix problems running domain backups (handling SMBv2, sites); (bso#13621);
  + testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3;
    (bso#13465);
  + Make vfs_fruit able to cleanup AppleDouble files; (bso#13642);
  + File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646);
  + Enabling vfs_fruit looses FinderInfo; (bso#13649);
  + Cancelling of SMB2 aio reads and writes returns wrong error
    NT_STATUS_INTERNAL_ERROR; (bso#13667);
  + Fix CTDB recovery record resurrection from inactive nodes and simplify
    vacuuming; (bso#13641);
  + examples: Fix the smb2mount build; (bso#13465);
  + libtevent: Fix build due to missing open_memstream on Illiumos;
    (bso#13629);
  + winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662);
  + dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path;
    (bso#13653);
  + Extended DN SID component missing for member after switching group
    membership; (bso#13418);
  + Return STATUS_SESSION_EXPIRED error encrypted, if the request was
    encrypted; (bso#13624);
  + python: Allow forced signing via smb.SMB(); (bso#13621);
  + lib:socket: If returning early, set ifaces; (bso#13665);
  + ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8
    encoded unicode; (bso#13616);
  + smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute;
    (bso#13673);
  + waf: Add -fstack-clash-protection; (bso#13601);
  + winbind: Fix segfault if an invalid passdb backend is configured;
    (bso#13668);
  + Fix bugs in CTDB event handling; (bso#13659);
  + Misbehaving nodes are sometimes not banned; (bso#13670);

OBS-URL: https://build.opensuse.org/request/show/652450
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=608
2018-11-28 19:20:32 +00:00
83ce450992 Accepting request 645785 from home:dmulder:4.9.1-get_interfaces-segfault
- lib:socket: If returning early, set ifaces; (bso#13665); (bsc#1111373);
- winbind requires latest version of libtevent-util0 to start

OBS-URL: https://build.opensuse.org/request/show/645785
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=607
2018-11-01 09:50:46 +00:00
5440789625 Accepting request 641729 from home:dmulder:branches:network:samba:STABLE
- Backport latest gpo code from master
  + Read policy from local gpt cache
  + Offline policy application
  + Make group policy extensible via register/unregister gpext
  + gpext's run via a process_group_policy method
- Enable profiling data collection
- Change samba-kdc package name to samba-ad-dc
- Move samba-ad-dc.service to the samba-ad-dc package

OBS-URL: https://build.opensuse.org/request/show/641729
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=604
2018-10-12 17:15:14 +00:00
c76825592d Accepting request 638021 from home:scabrero:branches:network:samba:STABLE
- Update to samba-4.9.1
  + s3: nmbd: Stop nmbd network announce storm; (bso#13620);
  + s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds;
    (bso#13597);
  + CTDB recovery lock has some race conditions; (bso#13617);
  + s3-rpc_client: Advertise Windows 7 client info; (bso#13597);
  + ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page; (bso#13610);

OBS-URL: https://build.opensuse.org/request/show/638021
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=603
2018-09-25 14:58:38 +00:00
445e8eaa57 Accepting request 635794 from home:dmulder:branches:network:samba:STABLE:4.9
- Update to samba-4.9.0
  + samba_dnsupdate: Honor 'dns zone scavenging' option, only update if
    needed; (bso#13605);
  + wafsamba: Fix 'make -j<jobs>'; (bso#13606);
- Update to samba-4.9.0rc5
  + s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only
    returns absolute pathnames; (bso#13565);
  + s3: util: Do not take over stderr when there is no log file; (bso#13578);
  + Durable Reconnect fails because cookie.allow_reconnect is not
    set; (bso#13549);
  + krb5-samba: Interdomain trust uses different salt principal; (bso#13539);
  + vfs_fruit: Don't unlink the main file; (bso#13441);
  + smbd: Fix a memleak in async search ask sharemode; (bso#13602);
  + Fix Samba GPO issue when Trust is enabled; (bso#11517);
  + samba-tool: Add "virtualKerberosSalt" attribute to
    'user getpassword/syncpasswords'; (bso#13539);
  + Fix CTDB configuration issues; (bso#13589);
  + ctdbd logs an error until it can successfully connect to
    eventd; (bso#13592);
- Update to samba-4.9.0rc4
  + s3: smbd: Ensure get_real_filename() copes with empty
    pathnames; (bso#13585);
  + samba domain backup online/rename commands force user to specify
    password on CLI; (bso#13566);
  + wafsamba/samba_abi: Always hide ABI symbols which must be
    local; (bso#13579);
  + Fix a panic if fruit_access_check detects a locking conflict; (bso#13584);
  + Fix memory and resource leaks; (bso#13567);
  + python: Fix print in dns_invalid.py; (bso#13580);
  + Aliasing issue causes incorrect IPv6 checksum; (bso#13588);
  + Fix CTDB configuration issues; (bso#13589);
  + s3: vfs: time_audit: fix handling of token_blob in
    smb_time_audit_offload_read_recv(); (bso#13568);
- Update to samba-4.9.0rc3+git.22.3fff23ae36e
  + CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
    returns from malicious servers; (bso#13453);
  + CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query
    with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374);
  + CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
    not servicePrincipalName is set on a user; (bso#13552);
  + CVE-2018-10919: acl_read: Fix unauthorized attribute access via
    searches; (bso#13434);
  + ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540);
  + CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
    is disabled via "ntlm auth"; (bso#13360);
  + s3-tldap: do not install test_tldap; (bso#13529);
  + ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540);
  + CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
    ltdb_index_dn_attr(); (bso#13374);
  + ctdb-eventd: Fix CID 1438155; (bso#13554);
  + Fix CIDs 1438243, (Unchecked return value) 1438244
    (Unsigned compared against 0), 1438245 (Dereference before null check) and
    1438246 (Unchecked return value); (bso#13553);
  + ctdb: Fix a cut&paste error; (bso#13554);
  + systemd: Only start smb when network interfaces are up; (bso#13559);
  + Fix quotas don't work with SMB2; (bso#13553);
  + s3/smbd: Ensure quota code is only called when quota support
    detected; (bso#13563);
  + s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204);
  + s3:waf: Install eventlogadm to /usr/sbin; (bso#13561);
  + Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);
- Update to samba-4.9.0rc2+git.21.a1069afb007
  + s3: smbd:  Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537);
  + s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check();
    (bso#13535);
  + samba-tool trust: Support discovery via netr_GetDcName; (bso#13538);
  + s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542);
  + Fix portability issues on freebsd; (bso#13520);
  + DNS wildcard search does not handle multiple labels correctly; (bso#13536);
  + samba-tool domain trust: Fix trust compatibility to Windows
    Server 1709 and FreeIPA; (bso#13308);
  + Fix portability issues on freebsd; (bso#13520);
  + ctdb-protocol: Fix CTDB compilation issues; (bso#13545);
  + ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT
    option; (bso#13546);
  + ctdb-doc: Provide an example script for migrating old
    configuration; (bso#13550);
  + ctdb-event: Implement event tool "script list" command; (bso#13551);

OBS-URL: https://build.opensuse.org/request/show/635794
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=602
2018-09-25 07:15:30 +00:00
Aurelien Aptel
95c4496280 Accepting request 631724 from home:vitezslav_cizek:branches:network:samba:STABLE
- Add missing zlib-devel dependency which was previously pulled in
  by libopenssl-devel

OBS-URL: https://build.opensuse.org/request/show/631724
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=601
2018-08-30 15:33:08 +00:00
25e8716475 Accepting request 629523 from home:npower:update_factory
- Update to samba-4.8.4+git.37.a7a861d7982;
  + CVE-2018-1139:  Weak authentication protocol allowed;
    (bsc#1095048); (bsc#13360);
  + CVE-2018-1140:  Denial of Service Attack on DNS and LDAP server;
    (bsc#1095056); (bso#13466); (bso#13374);
  + CVE-2018-10858: Insufficient input validation on client directory
    listing in libsmbclient; (bsc#1103411); (bso#13453);
  + CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server;
    (bsc#1103414); (bso#13552);
  + CVE-2018-10919: Confidential attribute disclosure from the AD
    LDAP server; (bsc#1095057); (bso#13434);
  + s3:winbind: winbind normalize names' doesn't work for users;
    (bso#12851);
  + winbind: Fix UPN handling in canonicalize_username(); (bso#13369);
  + s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428);
  + samdb: Fix building Samba with gcc 8.1; (bso#13437);
  + s3:utils: Do not segfault on error in DoDNSUpdate();  (bso#13440);
  + smbd: Flush dfree memcache on service reload; (bso#13446);
  + ldb: Save a copy of the index result before calling the
  + lib/util: No Backtrace given by Samba's AD DC by default;
    (bso#13454).
  + s3: smbd: printing: Re-implement delete-on-close semantics for
    print files missing since 3.5.x; (bso#13457).
  + python: Fix talloc frame use in make_simple_acl(); (bso#13474).
  + krb5_wrap: Fix keep_old_entries logic for older Kerberos
    libraries;(bso#13478).
  + krb5_plugin: Add winbind localauth plugin for MIT Kerberos;
    (bso#13480).

OBS-URL: https://build.opensuse.org/request/show/629523
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=600
2018-08-16 10:27:26 +00:00
David Disseldorp
8892e4b337 Accepting request 612904 from home:scabrero:branches:network:samba:STABLE
- Add missing package descriptions; (bsc#1093864);
- Fix dependency issue between samba-python and samba-kdc; (bsc#1062876);
- Call update-apparmor-samba-profile when running samba-ad-dc;
  (bsc#1092099);

OBS-URL: https://build.opensuse.org/request/show/612904
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=599
2018-05-29 16:03:39 +00:00
David Disseldorp
ef09da2cf2 Accepting request 611762 from home:jmcdough:factory-f-8-2
Update to 4.8.2

OBS-URL: https://build.opensuse.org/request/show/611762
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=598
2018-05-23 22:11:09 +00:00
David Disseldorp
4831756114 Accepting request 603033 from home:scabrero:branches:network:samba:STABLE
- Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is
  required by some client libs; (bsc#1074135);
- Update to 4.8.1; (bsc#1091179);
  + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error,
    we don't own it here; (bso#13244);
  + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't
    support fdopendir(); (bso#13270);
  + Round-tripping ACL get/set through vfs_fruit will increase the number of
    ACE entries without limit; (bso#13319);
  + s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit
    issues; (bso#13347);
  + s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without
    delete access; (bso#13358);
  + s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372);
  + s3: smbd: Unix extensions attempts to change wrong field in fchown call;
    (bso#13375);
  + ms_schema/samba-tool visualize: Fix python2.6 incompatibility;
    (bso#13337);
  + Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352);
  + Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
  + winbindd: Recover loss of netlogon secure channel in case the peer DC is
    rebooted; (bso#13332);
  + s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363);
  + ctdb-client: Fix bugs in client code; (bso#13356);
  + ctdb-scripts: Drop "net serverid wipe" from 50.samba event script;
    (bso#13359);
  + s3: lib: messages: Don't use the result of sec_init() before calling
    sec_init(); (bso#13368);
  + libads: Fix the build '--without-ads'; (bso#13273);
  + winbind: Keep "force_reauth" in invalidate_cm_connection, add
    'smbcontrol disconnect-dc'; (bso#13332);
  + vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343);
  + dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367);
  + rpc_server: Fix core dump in dfsgetinfo; (bso#13370);
  + smbclient: Fix notify; (bso#13382);
  + Fix smbd panic if the client-supplied channel sequence number wraps;
    (bso#13215);
  + Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
  + lib/util: Remove unused '#include <sys/syscall.h>' from tests/tfork.c;
    (bso#13342);
  + Fix build errors with cc from developerstudio 12.5 on Solaris;
    (bso#13343);
  + Fix the picky-developer build on FreeBSD 11; (bso#13344);
  + s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345);
  + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338);
  + lib:replace: Fix linking when libtirpc-devel overwrites system headers;
    (bso#13341);
  + winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid
    query; (bso#13312);
  + s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376);
  + Allow AESNI to be used on all processor supporting AESNI; (bso#13302);

OBS-URL: https://build.opensuse.org/request/show/603033
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=597
2018-05-02 12:11:26 +00:00
d5d8b11391 Accepting request 595751 from home:aaptel:samba-bsc1088574-fixdameon
- Use new foreground execution flags for systemd samba daemons;
  (bsc#1088574); (bsc#1071090); (bsc#1065551);
  + Add %post scriptlet to clear old sysconfig flags
- Update vendor-files to commit 880b3e7.
  + Set samba sysconfig template variables to ""
  + Add required daemon flags directly to systemd unit

OBS-URL: https://build.opensuse.org/request/show/595751
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=595
2018-04-17 08:41:14 +00:00
Aurelien Aptel
c72ef26ec8 Accepting request 590371 from home:dimstar:Factory
- BuildRequire pkgconfig(systemd) and pkgconfig(libsystemd) in
  place of systemd and systemd-devel: Allow OBS to optimize the
  workload by allowing the usage of the 'build-optimized' systemd
  packages.

The build failure seen in my branch is unrelated to this change!

OBS-URL: https://build.opensuse.org/request/show/590371
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=594
2018-04-03 10:26:56 +00:00
Aurelien Aptel
c968b2c266 Accepting request 592006 from home:jmcdough:branches:network:samba:STABLE
Specfile cleanup

OBS-URL: https://build.opensuse.org/request/show/592006
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=593
2018-03-28 12:48:56 +00:00
Aurelien Aptel
21f8aa12bf Accepting request 591871 from home:jengelh:branches:network:samba:STABLE
- Remove %if..%endif guards which have absolutely no effect on
  the build. Remove redundant %clean section. Replace old $RPM_*
  shell vars by macros.

OBS-URL: https://build.opensuse.org/request/show/591871
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=592
2018-03-28 10:10:05 +00:00
57dbe355e9 Accepting request 590349 from home:dmulder:branches:network:samba:STABLE
Add changelog entry for python3 package change.

OBS-URL: https://build.opensuse.org/request/show/590349
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=590
2018-03-22 15:16:14 +00:00
d020619cba Accepting request 588506 from home:jmcdough:4-8-factory
Update to latest upstream release 4.8.0

OBS-URL: https://build.opensuse.org/request/show/588506
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=587
2018-03-19 11:30:22 +00:00
David Disseldorp
50a178461c Accepting request 586356 from home:jmcdough:branches:network:samba:STABLE
Update to 4.7.6; CVE-2018-1050; CVE-2018-1057

OBS-URL: https://build.opensuse.org/request/show/586356
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=586
2018-03-13 11:06:00 +00:00
9d5a2081cb Accepting request 584106 from home:npower:aaptel-nonpy
bsc#1082139 For SLE15 remove python related libraries and files until python3 support is complete.
  + Remove contents of package samba-python
  + Remove contents of package libsamba-policy0
  + Remove contents of package libsamba-policy-devel
  + Remove smbtorture binary and manpage from samba-test

OBS-URL: https://build.opensuse.org/request/show/584106
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=585
2018-03-08 12:12:09 +00:00
fa60c33bca Accepting request 581020 from home:aaptel:samba-nopython-bsc1082139
- Disable python until full python3 port is done; (bsc#1082139);
  + Remove package samba-python
  + Remove package libsamba-policy0
  + Remove package libsamba-policy-devel
  + Remove library libsamba-python-samba4.so from samba-libs package
  + Remove library libsamba-net-samba4.so from samba-libs package
  + Remove smbtorture binary and manpage

OBS-URL: https://build.opensuse.org/request/show/581020
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=584
2018-02-28 17:20:55 +00:00
d3afc22ba9 Accepting request 579551 from home:dmulder:branches:network:samba:STABLE
- samba fails to build with glibc2.27; (bsc#1081042);

OBS-URL: https://build.opensuse.org/request/show/579551
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=583
2018-02-23 19:40:04 +00:00
4d6e2ed9eb Accepting request 577066 from home:dmulder:branches:network:samba:STABLE
- Re-enable usage of libnsl (did got lost with glibc change)
- Use TI-RPC (sunrpc is deprecated and will be removed soon from
  glibc)

OBS-URL: https://build.opensuse.org/request/show/577066
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=582
2018-02-15 16:50:20 +00:00
David Disseldorp
e51c95ae52 Accepting request 575830 from home:scabrero:branches:network:samba:STABLE
- Update to 4.7.5; (bsc#1080545);
  + smbd tries to release not leased oplock during oplock II downgrade;
    (bso#13193);
  + Fix copying file with empty FinderInfo from Windows client to Samba share
    with fruit; (bso#13181);
  + build: Deal with recent glibc sunrpc header removal; (bso#10976);
  + Make Samba work with tirpc and libnsl2; (bso#13238);
  + vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208);
    (bsc#1075206);
  + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
    (bso#12986);
  + ctdb-recovery-helper: Deregister message handler in error paths;
    (bso#13188);
  + samba: Only use async signal-safe functions in signal handler; (bso#13240);
  + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
    (bso#12986);
  + repl_meta_data: Fix linked attribute corruption on databases
    with unsorted links on expunge. dbcheck: Add functionality to fix the
    corrupt database; (bso#13228);
  + Fix smbd panic when chdir returns error during exit; (bso#13189);
  + Make Samba work with tirpc and libnsl2; (bso#13238);
  + Fix POSIX ACL support on HPUX and possibly other big-endian OSs;
    (bso#13176);
- Update to 4.7.4; (bsc#1080545);
  + s3: smbclient: Implement 'volume' command over SMB2; (bso#13140);
  + s3: libsmb: Fix valgrind read-after-free error in
    cli_smb2_close_fnum_recv(); (bso#13171);
  + s3: libsmb: Fix reversing of oldname/newname paths when creating a
    reparse point symlink on Windows from smbclient; (bso#13172);
  + Build man page for vfs_zfsacl.8 with Samba; (bso#12934);
  + repl_meta_data: Allow delete of an object with dangling backlinks;
    (bso#13095);
  + s4:samba: Fix default to be running samba as a deamon; (bso#13129);
  + Performance regression in DNS server with introduction of DNS wildcard,
    ldb: Release 1.2.3; (bso#13191);
  + vfs_zfsacl: Fix compilation error; (bso#6133);
  + "smb encrypt" setting changes are not fully applied until full smbd
    restart; (bso#13051);
  + winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052);
  + vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155);
  + winbindd: Dependency on trusted-domain list in winbindd in critical auth
    codepath; (bso#13173);
  + repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120);
  + ctdb: sock_daemon leaks memory; (bso#13153);
  + TCP tickles not getting synchronised on CTDB restart; (bso#13154);
  + winbindd: winbind parent and child share a ctdb connection; (bso#13150);
  + pthreadpool: Fix deadlock; (bso#13170);
  + pthreadpool: Fix starvation after fork; (bso#13179);
  + messaging: Always register the unique id; (bso#13180);
  + s4/smbd: set the process group; (bso#13129);
  + Fix broken linked attribute handling; (bso#13095);
  + The KDC on an RWDC doesn't send error replies in some situations;
    (bso#13132);
  + libnet_join: Fix 'net rpc oldjoin'; (bso#13149);
  + g_lock conflict detection broken when processing stale entries;
    (bso#13195);
  + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired
    sessions; (bso#13197);
  + s3:libads: net ads keytab list fails with "Key table name malformed";
    (bso#13166); (bsc#1067700);
  + Fix crash in pthreadpool thread after failure from pthread_create;
    (bso#13170);
  + s4:samba: Allow samba daemon to run in foreground; (bso#13129);
    (bsc#1065551);
  + third_party: Link the aesni-intel library with "-z noexecstack";
    (bso#13174);
  + vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I"
    options; (bso#13125);

OBS-URL: https://build.opensuse.org/request/show/575830
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=581
2018-02-12 16:28:43 +00:00
270fb12295 Accepting request 546497 from home:scabrero:branches:network:samba:STABLE
- smbc_opendir should not return EEXIST with invalid login credentials;
  (bnc#1065868).
- Update to 4.7.3; (bsc#1069666);
  + Non-smbd processes using kernel oplocks can hang smbd;
    (bso#13121);
  + python: use communicate to fix Popen deadlock; (bso#13127);
  + smbd on disk file corruption bug under heavy threaded load;
    (bso#13130);
  + tevent: version 0.9.34; (bso#13130);
  + s3: smbd: Fix delete-on-close after smb2_find; (bso#13118);
  + CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug;
    (bsc#1060427);(bso#13041);
  + CVE-2017-15275: s3: smbd: Chain code can return uninitialized
    memory when talloc buffer is grown; (bsc#1063008); (bso#13077);
- Build with AD DC support only in openSUSE.

OBS-URL: https://build.opensuse.org/request/show/546497
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=579
2017-11-29 17:56:39 +00:00
96e969a95c Accepting request 546037 from home:RBrownSUSE:branches:network:samba:STABLE
Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)

OBS-URL: https://build.opensuse.org/request/show/546037
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=578
2017-11-27 16:09:07 +00:00
c11fa40403 Accepting request 542093 from home:dmulder:branches:network:samba:STABLE
- samba-tool requires samba-python; (bnc#1067771).

OBS-URL: https://build.opensuse.org/request/show/542093
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=577
2017-11-23 17:50:43 +00:00
947f939688 Accepting request 539834 from home:scabrero:branches:network:samba:STABLE
- Run all daemons in the foreground and let systemd handle it; (bsc#1065551).
- Update to 4.7.1;
  + Fix exporting subdirs with shadow_copy2; (bso#13091);
  + Currently if getwd() fails after a chdir(), we panic; (bso#13027);
  + Ensure default SMB_VFS_GETWD() call can't return a partially completed
    struct smb_filename; (bso#13068);
  + sys_getwd() can leak memory or possibly return the wrong errno on older
    systems; (bso#13069);
  + smbclient doesn't correctly canonicalize all local names before use;
    (bso#13093);
  + Fix broken linked attribute handling; (bso#13095);
  + Missing LDAP query escapes in DNS rpc server; (bso#12994);
  + Link to -lbsd when building replace.c by hand; (bso#13087);
  + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem;
    (bso#6133);
  + Map SYNCHRONIZE acl permission statically in zfs_acl vfs module;
    (bso#7909);
  + Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module;
    (bso#7933);
  + Missing assignment in sl_pack_float; (bso#12991);
  + Wrong Samba access checks when changing DOS attributes; (bso#12995);
  + samba_runcmd_send() leaves zombie processes on timeout; (bso#13062);
  + groupmap cleanup should not delete BUILTIN mappings; (bso#13065);
  + Enabling vfs_fruit results in loss of Finder tags and other xattrs;
    (bso#13076);
  + man pages: Properly ident lists; (bso#9613);
  + smb.conf.5: Sort parameters alphabetically; (bso#13081);
  + Fix GUID string format on GetPrinter info; (bso#12993);
  + Remote serverid check doesn't check for the unique id; (bso#13042);
  + CTDB starts consuming memory if there are dead nodes in the cluster;
    (bso#13056);
  + ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070);
  + libgpo doesn't sort the GPOs in the correct order; (bso#13046);
  + Remote serverid check doesn't check for the unique id; (bso#13042);
  + vfs_catia: Fix a potential memleak; (bso#13090);
  + Fix file change notification for renames; (bso#12903);
  + Samba DNS server does not honour wildcards; (bso#12952);
  + Can't change password in samba from a Windows client if Samba runs on
    IPv6 only interface; (bso#13079);
  + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086);
  + Apple client can't cope with SMB2 async replies when creating symlinks;
    (bso#13047);
  + s4:rpc_server:backupkey: Move variable into scope; (bso#12959);
  + Fix ntstatus_gen.h generation on 32bit; (bso#13099);
  + Fix a double free in vfs_gluster_getwd(); (bso#13100);
  + Fix resouce leaks and pointer issues; (bso#13101);
  + vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);

OBS-URL: https://build.opensuse.org/request/show/539834
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=576
2017-11-08 19:20:20 +00:00
0a39f1cd81 Accepting request 536033 from home:dimstar:Factory
This is at least one of the issue of samba in :L - might be more stuff missing

OBS-URL: https://build.opensuse.org/request/show/536033
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=575
2017-10-24 16:59:03 +00:00
Aurelien Aptel
3514726402 Accepting request 532129 from home:scabrero:branches:network:samba:STABLE
- Update to 4.7.0;
  + Whole DB read locks: Improved LDAP and replication consistency;
    (bso#12858).
  + Samba AD with MIT Kerberos
  + Dynamic RPC port range: Default range changed from "1024-1300" to
    "49152-65535".
  + Authentication and Authorization audit support: New auth_audit debug
    class.
  + Multi-process LDAP Server: The LDAP server in the AD DC now honours
    the process model used for the rest of the 'samba' process.
  + Improved Read-Only Domain Controller (RODC) Support; (bso#12977).
  + Additional password hashes stored in supplementalCredentials.
  + Improvements to DNS during Active Directory domain join.
  + Significant AD performance and replication improvements.
  + Query record for open file or directory.
  + Removal of lpcfg_register_defaults_hook().
  + Change of loadable module interface.
  + SHA256 LDAPS Certificates: The self-signed certificate generated for use
    on LDAPS will now be generated with a SHA256 self-signature, not a SHA1
    self-signature.
  + CTDB no longer allows mixed minor versions in a cluster.
  + CTDB now ignores hints from Samba about TDB flags when attaching to
    databases.
  + New configuration variable CTDB_NFS_CHECKS_DIR.
  + The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed.
  + The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed.
  + The example NFS Ganesha call-out has been improved.
  + A new "replicated" database type is available.

OBS-URL: https://build.opensuse.org/request/show/532129
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=573
2017-10-11 16:43:10 +00:00
aa792ab3bb Accepting request 527518 from home:npower:sept-update-factory
- CVE-2017-12163: Prevent client short SMB1 write from
  writing server memory to file; (bso#13020); (bsc#1058624).

- CVE-2017-12150: Some code path don't enforce smb signing,
  when they should; (bso#12997); (bsc#1058622).

- CVE-2017-12151: Keep required encryption across SMB3 dfs
  redirects; (bso#12996); (bsc#1058565).

OBS-URL: https://build.opensuse.org/request/show/527518
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=572
2017-09-20 12:13:02 +00:00
Aurelien Aptel
ae1ea30911 Accepting request 519876 from home:aaptel:samba-speclean
- Clean specfile assuming SUSE-only system and product >=SLE11
  + %{ul_version}, %{rhel_version}, %{mandriva_version}, %{centos_version}
    are always undefined
  + %{_vendor} is "suse" and %{suse_version} is at least 1100

OBS-URL: https://build.opensuse.org/request/show/519876
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=571
2017-09-01 14:59:11 +00:00
David Disseldorp
8fb1f6bb14 - Update to 4.6.7; (bsc#1054017)
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=570
2017-08-16 11:38:57 +00:00
af6fd2963a - Fix duplicate CTDB_LOGGING params when downgraded and upgraded again;
(bsc#1048339).

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=569
2017-08-08 13:01:02 +00:00
David Disseldorp
9bb5fae037 - fix cephwrap_chdir(); (bsc#1048790).
- Update to 4.6.6
  + CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation;
    (bsc#1048278).

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=567
2017-07-24 13:52:30 +00:00
David Disseldorp
f5aff418ad Accepting request 510312 from home:dmulder:branches:network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/510312
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=566
2017-07-14 13:54:02 +00:00
Aurelien Aptel
88ef9fdf19 Accepting request 510060 from home:dmdiss:ceph-sambagw
- Fix inconsistent ctdb socket path; (bsc#1048352).
- Fix non-admin cephx authentication; (bsc#1048387).

OBS-URL: https://build.opensuse.org/request/show/510060
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=565
2017-07-13 13:42:20 +00:00
7466787b91 Accepting request 503634 from home:npower:1042419
- s3: libsmb: Fix error where short name length was read as 2
  bytes, should be 1; (bso#11822); (bsc#1042419).

OBS-URL: https://build.opensuse.org/request/show/503634
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=564
2017-06-14 10:01:54 +00:00
David Disseldorp
88564acfda - Update to 4.6.5; (bsc#1040157)
+ Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at
    startup; (bso#12814).
  + vfs_expand_msdfs tries to open the remote address as a file path;
    (bso#12687).
  + PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type);
    (bso#12798).
  + With clustering get update_num_read_oplocks failed and PANIC:
    num_share_modes == 1 assertion failure; (bso#11844).
  + contend_level2_oplocks_begin_default oplock optimisation doesn't carry
    over to leases; (bso#12766).
  + `ctdb nodestatus` incorrectly displays status for all nodes with wrong
    exit code; (bso#12802).
  + CTDB can spin hard on revoking readonly delegations if a node becomes
    disconnected; (bso#12697).
  + Printing a share mode entry with leases can crash in the ndr code;
    (bso#12793).
  + Fix flakey unit tests for eventd; (bso#12792).
  + CTDB daemon crashes if built with clang; (bso#12770).
  + smbcacls fails if no password is specified; (bso#12765).
  + idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757).
  + samba-tool user syncpasswords doesn't trigger the script when a user gets
    removed; (bso#12767).
  + systemd: fix detection of libsystemd; (bso#12764).
  + Notify subsystem only maps first inotify mask to Windows notify filter;
    (bso#12760).
  + Allow passing trusted domain password as plain-text to PASSDB layer;
    (bso#12751).
  + Can't case-rename files with vfs_fruit; (bso#12749).
  + wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702).

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=563
2017-06-07 14:37:38 +00:00
David Disseldorp
cbef29480c - Revert explicit winbind %{version}-%{release} dependency.
+ The ABI has stabilized since (bsc#936909), so remove to fix cross-media
    dependencies; (bsc#1037899).

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=562
2017-05-29 16:08:25 +00:00
David Disseldorp
6d266c100d - Fix CVE-2017-7494 remote code execution from a writable share;
(bso#12780); (bsc#1038231).

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=561
2017-05-24 08:02:17 +00:00
Noel Power
3bd36433a1 Accepting request 491060 from home:dmdiss:samba_stable_git_migration_v2
- Update to 4.6.3; (bsc#1036011)

- Generate and update vendor-files tarball from Git
  + SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416).

OBS-URL: https://build.opensuse.org/request/show/491060
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=560
2017-04-26 09:40:57 +00:00
Aurelien Aptel
3c207d7687 Accepting request 489392 from home:dmdiss:samba_stable_git_migration_v2
- Generate source tarball directly from Git using OBS tar_scm
  + use version string derived from parent Git tag and commit hash
    - remove obsolete vendor-files/tools/package-data version ID
  + explicitly generate ctdb manpages, needed without "make dist"

OBS-URL: https://build.opensuse.org/request/show/489392
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=559
2017-04-20 12:26:04 +00:00
David Disseldorp
9bcb70be0d Sync changelog entries from SLE Samba 4.4.
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=558
2017-04-12 14:47:32 +00:00
David Disseldorp
6539ffb439 - Update to 4.6.2
+ remove bso#12721 patches now upstream

- Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622).
  + x86-64 and aarch64

- Fix CVE-2017-2619 regression with "follow symlinks = no";
  (bso#12721).

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=557
2017-04-10 13:56:46 +00:00
David Disseldorp
1382a46a1c - Enable librados CTDB lock helper for samba-ceph package; (fate#321622).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=556
2017-04-03 14:59:54 +00:00
6a14d0bdd9 Accepting request 483890 from home:dmulder:branches:network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/483890
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=555
2017-03-31 11:23:32 +00:00
Aurelien Aptel
b71b411b66 Accepting request 482455 from home:jmcdough:updateto46
Update to 4.6.1 for CVE-2017-2619

OBS-URL: https://build.opensuse.org/request/show/482455
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=553
2017-03-24 11:11:14 +00:00
Noel Power
68f2e352c5 Accepting request 478019 from home:dmulder:branches:network:samba:STABLE
- add missing patch for libnss_wins segfault; (bsc#995730).

OBS-URL: https://build.opensuse.org/request/show/478019
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=552
2017-03-09 19:06:50 +00:00
David Disseldorp
4102b25c8b Accepting request 460727 from home:dimstar:Factory
Fix build with util-linux change as prepared in Staging:C

OBS-URL: https://build.opensuse.org/request/show/460727
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=551
2017-02-27 16:33:47 +00:00
Aurelien Aptel
a71b3f3d30 Accepting request 452480 from home:dmdiss:bsc1021933_samba_vfs_ceph_statx
- Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933).
- Add base Samba dependency to samba-ceph package.

OBS-URL: https://build.opensuse.org/request/show/452480
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=550
2017-01-26 13:37:29 +00:00
ee3db2b8d2 Accepting request 447039 from home:jmcdough:next
Update to 4.5.3 for CVE-2016-2123 (bsc#1014437) CVE-2016-2125 (bsc#1014441) CVE-2016-2126 (bsc#1014442)

OBS-URL: https://build.opensuse.org/request/show/447039
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=549
2016-12-19 15:42:31 +00:00
a0add68146 Accepting request 433664 from home:jmcdough:rhbuildfix
Fix RH builds by replacing Prereq with Requires

OBS-URL: https://build.opensuse.org/request/show/433664
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=548
2016-10-06 23:42:10 +00:00
f243773fee Accepting request 429185 from home:jmcdough:STABLE-next
Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730).

OBS-URL: https://build.opensuse.org/request/show/429185
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=547
2016-09-20 19:41:13 +00:00
41a9a61feb Accepting request 427927 from home:jmcdough:samba450
Update to 4.5.0

OBS-URL: https://build.opensuse.org/request/show/427927
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=546
2016-09-15 12:21:11 +00:00
David Disseldorp
851005e5e2 Accepting request 419509 from home:dmdiss:samba_vfs_ceph
- Don't package man pages for VFS modules that aren't built;
  (boo#993707).
- Fix population of ctdb sysconfig after source merge; (bsc#981566).
- Enable vfs_ceph builds for Factory (x86-64)
  + Package as samba-ceph to avoid Ceph dependency in base package.

OBS-URL: https://build.opensuse.org/request/show/419509
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=545
2016-08-15 19:38:49 +00:00
5144ab054e Update to 4.4.5: Prevent client-side SMB2 signing downgrade; CVE-2016-2119; (bso#11860); (bsc#986869).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=544
2016-07-07 16:01:50 +00:00
e4ff39e71f - Remove obsolete syslog.target; (bsc#983938).
- Honor smb.conf socket options in winbind; (bsc#975131).

- Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522).

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=543
2016-06-22 15:39:58 +00:00
2e857dbcf9 Update to 4.4.4
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=541
2016-06-09 12:10:19 +00:00
ec4955f623 Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849); (bsc#975962).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=540
2016-05-03 13:24:33 +00:00
1191fc82a3 Fix changelog wording
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=539
2016-04-13 14:15:20 +00:00
65c24e1689 Accepting request 389457 from home:dimstar:Factory
- Revert the SLPP massacre from Feb 17 2016: comply to the shared
  library packaging policy for as long as there are public headers
  and pkgconfig files being installed. An upstream claim of
  'something' being private does not make it private as long as
  public headers are installed.

You can evaluate the entire diff created between the openSUSE:Factory (current) package
towards this branch with the revert, using:

osc rdiff openSUSE:Factory samba home:dimstar:Factory samba

Which should make this long diff less scary.

OBS-URL: https://build.opensuse.org/request/show/389457
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=538
2016-04-13 14:11:30 +00:00
8e67baa938 Accepting request 389361 from home:jmcdough:branches:network:samba:STABLE
Update to 4.4.2 for badlock

OBS-URL: https://build.opensuse.org/request/show/389361
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=536
2016-04-13 11:59:31 +00:00
Lars Müller
47844ba399 Obsolete libsmbclient from libsmbclient0 while not providing it;
(bsc#972197).

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=535
2016-03-22 19:19:46 +00:00
Lars Müller
9eab0c6b6f Update to 4.4.0.
See also WHATSNEW.txt from the samba-doc package.

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=534
2016-03-22 14:14:33 +00:00
Lars Müller
10fc14d966 - Update to 4.3.6.
+ Getting and setting Windows ACLs on symlinks can change permissions on link
    target; CVE-2015-7560; (bso#11648); (bsc#968222).
  + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771;
    (bso#11128); (bso#11686); (bsc#968223).

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=532
2016-03-08 13:16:59 +00:00
Lars Müller
e8d66ad90c Only obsolete but do not provide gplv2/3 package names; (bsc#968973).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=528
2016-03-01 18:18:14 +00:00
Lars Müller
8a2bceb7d6 Relocate existing lock files to /var/lib/samba/lock; (bsc#968963).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=527
2016-03-01 17:45:52 +00:00
Lars Müller
122cd26916 Update to 4.3.5.
Check WHATSNEW.txt from the main tar ball, the web page, or the samba
package change log for a detailed list of changes.

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=526
2016-02-23 10:10:26 +00:00
Lars Müller
5284b3d2af Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=525
2016-02-22 17:29:53 +00:00
Lars Müller
c9d0da8944 Enable clustering (CTDB) support; (bsc#966271).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=522
2016-02-14 23:57:19 +00:00
Lars Müller
1d15f76c69 s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703);
(bsc#964023).

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=521
2016-02-12 18:17:28 +00:00
Lars Müller
fae32e1506 Add quotes around path of update-apparmor-samba-profile; (bnc#962177).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=520
2016-01-16 21:37:47 +00:00
Lars Müller
37c9f2ecdf Remove autoconf build-time requirement.
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=519
2016-01-13 21:38:03 +00:00
Lars Müller
346d625ac5 - Update to 4.3.4.
Check WHATSNEW.txt from the main tar ball, the web page, or the samba
  package change log for a detailed list of changes.

- Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249).

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=517
2016-01-13 10:34:39 +00:00
Lars Müller
e84d12d387 - Update to 4.3.3.
+ Malicious request can cause Samba LDAP server to hang, spinning using CPU;
    CVE-2015-3223; (bso#11325); (bnc#958581).
  + Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599);
    (bnc#958586).
  + Insufficient symlink verification (file access outside the share);
    CVE-2015-5252; (bso#11395); (bnc#958582).
  + No man in the middle protection when forcing smb encryption on the client
    side; CVE-2015-5296; (bso#11536); (bnc#958584).
  + Currently the snapshot browsing is not secure thru windows previous version
    (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583).
  + Fix Microsoft MS15-096 to prevent machine accounts from being changed into
    user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=514
2015-12-16 15:14:26 +00:00
Lars Müller
6e9432f919 Update to 4.3.2.
Check WHATSNEW.txt from the main tar ball or the web page for a detailed
list of changes.

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=512
2015-12-01 19:17:25 +00:00
Lars Müller
f9ec733ab4 - Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0.
- Always use the default optimization even on pre-9.2 systems.

- Remove redundant configure options while adding with-relro.

- Relocate the lockdir to the /var/lib/samba/lock directory.

- Cleanup and enhance the pidl sub package.

OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=510
2015-11-17 13:29:26 +00:00