Commit Graph

605 Commits

Author SHA256 Message Date
b068eafe34 Accepting request 1075680 from home:npower:branches:network:samba:STABLE
- Update to 4.18.1
  * CVE-2023-0225: AD DC "dnsHostname" attribute can be
    deleted by unprivileged authenticated users.
    (bso#15276);(bsc#1209483).
  * CVE-2023-0614: Access controlled AD LDAP attributes can be
    discovered  (bso#15270); (bsc#1209485).
  * CVE-2023-0922: Samba AD DC admin tool samba-tool sends
    passwords in cleartext(bso#15315);(bsc#1209481).
  * ldb wildcard matching makes excessive allocations;
    (bso#15331).
  * large_ldap test is inefficient; (bso#15332).

OBS-URL: https://build.opensuse.org/request/show/1075680
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=679
2023-03-31 10:19:08 +00:00
Noel Power
d4d26d5657 OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=678 2023-03-20 10:00:12 +00:00
Noel Power
c04317621f Accepting request 1066228 from home:scabrero:branches:network:samba:STABLE
- Update to 4.17.5
  * smbc_getxattr() return value is incorrect; (bso#14808);
  * Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled
    correctly; (bso#15172);
  * synthetic_pathref AFP_AfpInfo failed errors; (bso#15210);
  * samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC
    when there is only an AAAA record for the DC in DNS; (bso#15226);
  * smbd crashes if an FSCTL request is done on a stream handle; (bso#15236);
  * DFS links don't work anymore on Mac clients since 4.17; (bso#15277);
  * vfs_virusfilter segfault on access, directory edgecase
    (accessing NULL value); (bso#15283);
  * CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) based
    SChannel on NETLOGON (additional changes); (bso#15240);
  * %U for include directive doesn't work for share listing
    (netshareenum); (bso#15243);
  * Shares missing from netshareenum response in samba 4.17.4;
    (bso#15266);
  * ctdb: use-after-free in run_proc; (bso#15269);
  * irpc_destructor may crash during shutdown; (bso#15280);
  * auth3_generate_session_info_pac leaks wbcAuthUserInfo; (bso#15286);
  * smbclient segfaults with use after free on an optimized build;
    (bso#15268);
  * smbstatus leaking files in msg.sock and msg.lock; (bso#15282);
  * Leak in wbcCtxPingDc2; (bso#15164);
  * Access based share enum does not work in Samba 4.16+; (bso#15265);
  * Crash during share enumeration; (bso#15267);
  * rep_listxattr on FreeBSD does not properly check for reads off
    end of returned buffer; (bso#15271);
  * Avoid relying on C89 features in a few places; (bso#15281);
- named crashes on DLZ zone update; (bso#14030); (bsc#1206996);

OBS-URL: https://build.opensuse.org/request/show/1066228
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=677
2023-02-16 17:15:01 +00:00
Paulo Alcantara
48abfeb6df Accepting request 1060504 from home:npower:branches:network:samba:STABLE
- libdsdb-module-samba4 should be packaged as part of samba-libs and
  not samba-ad-dc-libs. Additionally no need for it to be
  removed conditionally.

- Clean up logic for PAM migration settings in spec file.

OBS-URL: https://build.opensuse.org/request/show/1060504
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=676
2023-01-23 18:37:29 +00:00
8f416c0e61 Accepting request 1057016 from home:npower:branches:network:samba:STABLE
- Migration of PAM settings to /usr/lib/pam.d.

- Change with_dc default to 0 (for non TW builds).

OBS-URL: https://build.opensuse.org/request/show/1057016
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=675
2023-01-10 11:03:13 +00:00
Noel Power
15e4a66aab Accepting request 1043954 from home:scabrero:branches:network:samba:STABLE
- Update to 4.17.4
   * CVE-2022-44640 Upstream Heimdal free of user-controlled
     pointer in FAST; (bsc#14929);
   * CVE-2021-20251 Bad password count not incremented atomically;
     (bsc#14611);
   * CVE-2022-42898 krb5_pac_parse() buffer parsing vulnerability;
     (bsc#15203);
   * CVE-2022-37966 rc4-hmac Kerberos session keys issued to
     modern servers; (bso#15237);
   * CVE-2022-37967 Kerberos constrained delegation ticket forgery
     possible against Samba AD DC; (bso#15231);
   * CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
     and should be avoided; (bso#15240);
   * pam_winbind uses time_t and pointers assuming they are of the
     same size; (bso#15224);
   * Heimdal session key selection in AS-REQ examines wrong entry;
     (bso#15219);
   * filter-subunit is inefficient with large numbers of
     knownfails; (bso#15258);
   * smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories;
     (bso#15252);
   * The KDC logic arround msDs-supportedEncryptionTypes differs
     from Windows; (bso#13135);
   * libnet: change_password() doesn't work with
     dcerpc_samr_ChangePasswordUser4(); (bso#15206);
   * Heimdal session key selection in AS-REQ examines wrong entry;
     (bso#15219);
   * Memory leak in snprintf replacement functions; (bso#15230);
   * RODC doesn't reset badPwdCount reliable via an RWDC
     (CVE-2021-20251 regression); (bso#15253);

OBS-URL: https://build.opensuse.org/request/show/1043954
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=674
2022-12-21 09:46:36 +00:00
4ebecf5ac8 Accepting request 1039372 from home:dmulder:branches:network:samba:STABLE
- Introduce without-smb1-server spec flag; (bsc#1205104);

OBS-URL: https://build.opensuse.org/request/show/1039372
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=673
2022-12-01 17:32:32 +00:00
Noel Power
0564bf00be Accepting request 1036479 from home:scabrero:branches:network:samba:STABLE
OBS-URL: https://build.opensuse.org/request/show/1036479
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=672
2022-11-17 16:59:41 +00:00
Noel Power
d66fb3618d Accepting request 1036404 from home:scabrero:branches:network:samba:STABLE
- CVE-2022-42898: Samba buffer overflow vulnerabilities on 32-bit
  systems; (bsc#1205126); (bso#15203);

ue Nov  8 17:20:21 UTC 2022 - Ben Greiner <code@bnavigator.de>
- Replace obsolete python-gpgme with python-gpg
  * Upstream replaced it in v4.9.5 -- bso#13728

OBS-URL: https://build.opensuse.org/request/show/1036404
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=671
2022-11-17 13:48:58 +00:00
6b07c44613 Accepting request 1031207 from home:npower:branches:network:samba:STABLE
- Update to 4.17.2
  * CVE-2022-3592 [SECURITY] samba: Wide links protection broken;
    (bso#15207); (bsc#1204499).
  * CVE-2022-3437 [SECURITY] samba: Buffer overflow in Heimdal
    unwrap_des3();(bso#15134); (bsc#1204254).

OBS-URL: https://build.opensuse.org/request/show/1031207
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=670
2022-10-26 06:54:53 +00:00
Noel Power
ec3e5cb374 Accepting request 1030308 from home:scabrero:branches:network:samba:STABLE
- Update to 4.17.1
  * CVE-2021-20251 [SECURITY] Bad password count not incremented
    atomically; (bso#14611).
  * smbXsrv_connection_shutdown_send result leaked; (bso#15174).
  * Flush on a named stream never completes; (bso#15182).
  * Permission denied calling SMBC_getatr when file not exists;
    (bso#15195).
  * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
    over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC;
    (bso#15189).
  * pytest: add file removal helpers for TestCaseInTempDir;
    (bso#15191).
  * CVE-2021-20251 [SECURITY] Bad password count not incremented
    atomically; (bso#14611).
  * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
    over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC;
    (bso#15189).
  * Flush on a named stream never completes; (bso#15182).
  * vfs_gpfs silently garbles timestamps > year 2106;
    (bso#15151).
  * CVE-2021-20251 [SECURITY] Bad password count not incremented
    atomically; (bso#14611).
  * multi-channel socket passing may hit a race if one of the
    involved processes already existed; (bso#15200).
  * memory leak on temporary of struct imessaging_post_state and
    struct tevent_immediate on struct imessaging_context (in
    rpcd_spoolss and maybe others); (bso#15201).
  * Since popt1.19 various use after free errors using result of
    poptGetArg are now exposed; (bso#15205); (boo#1204279).
  * Remove special case for O_CREAT in SMB_VFS_OPENAT from

OBS-URL: https://build.opensuse.org/request/show/1030308
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=669
2022-10-21 08:51:39 +00:00
bb682b8015 Accepting request 1007934 from home:npower:update_samba
remove stale archive (was causing error because archive wasn't mentioned)

OBS-URL: https://build.opensuse.org/request/show/1007934
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=668
2022-10-05 13:02:39 +00:00
e8347df805 Accepting request 1006436 from home:npower:update_samba
- Disable SMB1 for tumbleweed builds.

- Update to 4.17.0
  * acl_xattr VFS module may unintentionally use filesystem
    permissions instead of ACL from xattr; (bso#15126).
  * Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1;
    (bso#15153).
  * assert failed: !is_named_stream(smb_fname)") at
    ../../lib/util/fault.c:197; (bso#15161).
  * acl_xattr VFS module may unintentionally use filesystem
    permissions instead of ACL from xattr; (bso#15126).
  * assert failed: !is_named_stream(smb_fname)") at
    ../../lib/util/fault.c:197; (bso#15161).
  * Cross-node multi-channel reconnects result in SMB2 Negotiate
    returning NT_STATUS_NOT_SUPPORTED; (bso#15159).
  * winbind at info level debug can coredump when processing
    wb_lookupusergroups; (bso#15160).
  * Make use of glfs_*at() API calls in vfs_glusterfs;
    (bso#15157).
  * Possible use after free of connection_struct when iterating
    smbd_server_connection->connections; (bso#15128).
  * `net usershare add` fails with flag works with --long but
    fails with -l; (bso#15145).
  * acl_xattr VFS module may unintentionally use filesystem
    permissions instead of ACL from xattr; (bso#15126).
  * Performance regression on contended path based operations;
    (bso#15125).
  * Missing READ_LEASE break could cause data corruption;
    (bso#15148).
  * libsamba-errors uses a wrong version number; (bso#15141).

OBS-URL: https://build.opensuse.org/request/show/1006436
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=667
2022-09-29 14:50:35 +00:00
8e8c7e7ee5 Accepting request 992061 from home:scabrero:branches:network:samba:STABLE
- Update to 4.16.4
  * CVE-2022-2031: Samba AD users can bypass certain restrictions
    associated with changing passwords; (bsc#1201495); (bso#15047);
  * CVE-2022-32744: Samba AD users can forge password change
    requests for any user; (bsc#1201493); (bso#15074);
  * CVE-2022-32745: Samba AD users can crash the server process
    with an LDAP add or modify request; (bsc#1201492); (bso#15008);
  * CVE-2022-32746: Samba AD users can induce a use-after-free in
    the server process with an LDAP add or modify request;
    (bsc#1201490); (bso#15009);
  * CVE-2022-32742: Server memory information leak via SMB1;
    (bsc#1201496); (bso#15085);

- Update to 4.16.3
  * Using vfs_streams_xattr and deleting a file causes a panic;
    (bso#15099);
  * Add support for bind 9.18; (bso#14986);
  * logging dsdb audit to specific files does not work;
    (bso#15076);
  * Problem when winbind renews Kerberos; (bso#14979);
    (bsc#1196224);
  * Samba with new lorikeet-heimdal fails to build on gcc 12.1 in
    developer mode; (bso#15095);
  * Crash in streams_xattr because fsp->base_fsp->fsp_name is
    NULL; (bso#15105);
  * Crash in rpcd_classic - NULL pointer deference in
    mangle_is_mangled(); (bso#15118);
  * smbclient commands del & deltree fail with
    NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
    (bsc#1200556);

OBS-URL: https://build.opensuse.org/request/show/992061
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=666
2022-08-04 14:57:01 +00:00
226cf1c745 Accepting request 988948 from home:scabrero:branches:network:samba:STABLE
- Update spec file to fix the optional Heimdal DC build
- Fix external trusts with MIT Kerberos 1.20
- Add missing samba-client requirement to samba-winbind package;
  (bsc#1198255);
- Move pdb backends from package samba-libs to package
  samba-client-libs and remove samba-libs requirement from
  samba-winbind; (bsc#1200964); (bsc#1198255);
- Add sysuser-shadow requirement for packages using
  systemd-sysusers
- Use the canonical realm name to refresh the Kerberos tickets;
  (bsc#1196224); (bso#14979);

- Moved logrotate files from user specific directory /etc/logrotate.d
  to vendor specific directory /usr/etc/logrotate.d.

OBS-URL: https://build.opensuse.org/request/show/988948
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=665
2022-07-20 17:27:53 +00:00
Noel Power
dc890f8a8d OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=664 2022-06-17 14:49:20 +00:00
Noel Power
2549a1b85c Accepting request 976581 from home:scabrero:branches:network:samba:STABLE
- Use requires_eq macro to require the libldb2 version available at
  samba-dsdb-modules build time; (bsc#1199362);

OBS-URL: https://build.opensuse.org/request/show/976581
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=663
2022-05-12 10:39:25 +00:00
Noel Power
bfa78b7811 Accepting request 974674 from home:scabrero:branches:network:samba:STABLE
- Update to 4.16.1
  * Share and server swapped in smbget password prompt; (bso#14831);
  * Durable handles won't reconnect if the leased file is written to;
    (bso#15022);
  * rmdir silently fails if directory contains unreadable files and
    hide unreadable is yes; (bso#15023);
  * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information
    on renamed file handle; (bso#15038);
  * Need to describe --builtin-libraries= better (compare with
    --bundled-libraries); (bso#8731);
  * vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback;
    (bso#14957);
  * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes;
    (bso#15035);
  * PAM Kerberos authentication incorrectly fails with a clock skew
    error; (bso#15046);
  * Username map - samba erroneously applies unix group memberships
    to user account entries; (bso#15041);
  * KVNO off by 100000; (bso#14951);
  * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027);
  * vfs_gpfs recalls=no option prevents listing files; (bso#15055);
  * smbd doesn't handle UPNs for looking up names; (bso#15054);

- Update update-apparmor-samba-profile script, replace
  non-printable delimiter with more human readable separator as
  sed can accept separators that can appear in the input data.

OBS-URL: https://build.opensuse.org/request/show/974674
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=662
2022-05-03 15:12:47 +00:00
83caf194c9 Accepting request 970195 from home:npower:update_samba
- Fix update-apparmor-samba-profile script, sed doesn't like
  multibyte separators; (bsc#1198309).

OBS-URL: https://build.opensuse.org/request/show/970195
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=661
2022-04-14 16:42:51 +00:00
Noel Power
772ad07247 OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=660 2022-04-04 08:30:41 +00:00
ea40c395c9 Accepting request 950276 from home:npower:update_samba
- Update to 4.15.5
  * CVE-2021-44141: UNIX extensions in SMB1 disclose whether the
    outside target of a symlink exists; (bso#14911);
    (bsc#1193690).
  * CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit
    module; (bso#14914); (bsc#1194859).
  * CVE-2022-0336:  Re-adding an SPN skips subsequent SPN
    conflict checks; bso#14950); (bsc#1195048).

- CVE-2021-44141: Information leak via symlinks of existance of
  files or directories outside of the exported share; (bso#14911);
  (bsc#1193690);
- CVE-2021-44142: Out-of-bounds heap read/write vulnerability
  in VFS module vfs_fruit allows code execution; (bso#14914);
  (bsc#1194859);
- CVE-2022-0336: Samba AD users with permission to write to an
  account can impersonate arbitrary services; (bso#14950);
  (bsc#1195048);

OBS-URL: https://build.opensuse.org/request/show/950276
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=659
2022-02-01 09:16:29 +00:00
Noel Power
3fa268d923 Accepting request 948069 from home:scabrero:branches:network:samba:STABLE
- Update to 4.15.4
  * Duplicate SMB file_ids leading to Windows client cache
    poisoning; (bso#14928);
  * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error -
    NT_STATUS_BUFFER_TOO_SMALL; (bso#14932);
  * kill_tcp_connections does not work; (bso#14934);
  * Can't connect to Windows shares not requiring authentication
    using KDE/Gnome; (bso#14935);
  * smbclient -L doesn't set "client max protocol" to NT1 before
    calling the "Reconnecting with SMB1 for workgroup listing"
    path; (bso#14939);
  * Cross device copy of the crossrename module always fails;
    (bso#14940);
  * symlinkat function from VFS cap module always fails with an
    error; (bso#14941);
  * Fix possible fsp pointer deference; (bso#14942);
  * Missing pop_sec_ctx() in error path inside close_directory();
    (bso#14944);
  * "smbd --build-options" no longer works without an smb.conf file;
    (bso#14945);

OBS-URL: https://build.opensuse.org/request/show/948069
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=658
2022-01-24 10:37:27 +00:00
f2db233692 Accepting request 947215 from home:scabrero:branches:network:samba:STABLE
- Use pkgconfig(krb5) as dependency for the -devel package: allow
  OBS to pick the right flavor of krb5-devel (full vs mini).
- Do not require the 'krb5' symbol by samba-client-libs: this
  package has an automatic dependency due to linkage on
  libgssapi_krb5.so.2. Automatic deps are always better.
- Do not require the 'krb5' symbol from samba-libs: samba-libs
  requires samba-client-libs, which in turn requires krb5
  libraries. Samba-libs itself has no need for krb5 (but get it
  indirectly anyway).

OBS-URL: https://build.opensuse.org/request/show/947215
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=657
2022-01-18 12:53:25 +00:00
da1b1cf876 Accepting request 946238 from home:scabrero:branches:network:samba:STABLE
- Update the symlink create by samba-dsdb-modules to private samba
  ldb modules following libldb2 changes from /usr/lib64/ldb/samba to
  /usr/lib64/ldb2/modules/ldb/samba

OBS-URL: https://build.opensuse.org/request/show/946238
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=656
2022-01-13 22:57:16 +00:00
afdbfb9c5b Accepting request 945635 from home:scabrero:branches:network:samba:STABLE
- Reorganize libs packages. Split samba-libs into samba-client-libs,
  samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba
  public libraries depending on internal samba libraries into these
  packages as there were dependency problems everytime one of these
  public libraries changed its version (bsc#1192684). The devel
  packages are merged into samba-devel.
- Rename package samba-core-devel to samba-devel
- Add python-rpm-macros to build requirements

OBS-URL: https://build.opensuse.org/request/show/945635
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=655
2022-01-11 18:29:37 +00:00
9f8605fecb Accepting request 939491 from home:scabrero:branches:network:samba:STABLE
- Update to 4.15.3
  * Recursive directory delete with veto files is broken in 4.15.0;
    (bso#14878);
  * A directory containing dangling symlinks cannot be deleted by
    SMB2 alone when they are the only entry in the directory;
    (bso#14879);
  * SIGSEGV in rmdir_internals/synthetic_pathref - dirfsp is used
    uninitialized in rmdir_internals(); (bso#14892);
  * MaxQueryDuration not honoured in Samba AD DC LDAP; (bso#14694);
  * The CVE-2020-25717 username map [script] advice has undesired
    side effects for the local nt token; (bso#14901); (bsc#1192849);
  * User with multiple spaces (eg Fred<space><space>Nurk) become
    un-deletable; (bso#14902);
  * Avoid storing NTTIME_THAW (-2) as value on disk; (bso#14127);
  * smbXsrv_client_global record validation leads to crash if existing
    record points at non-existing process; (bso#14882);
  * Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call;
    (bso#14890);
  * Samba process doesn't log to logfile; (bso#14897);
  * set_ea_dos_attribute() fallback calling get_file_handle_for_metadata()
    triggers locking.tdb assert; (bso#14907);
  * Kerberos authentication on standalone server in MIT realm broken;
    (bso#14922);
  * Segmentation fault when joining the domain; (bso#14923);
  * Support for ROLE_IPA_DC is incomplete; (bso#14903);
  * rpcclient cannot connect to ncacn_ip_tcp services anymore;
    (bso#14767);
  * winexe crashes since 4.15.0 after popt parsing; (bso#14893);
  * net ads status -P broken in a clustered environment; (bso#14908);
  * Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before

OBS-URL: https://build.opensuse.org/request/show/939491
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=654
2021-12-11 07:11:04 +00:00
27902b68ad Accepting request 936336 from home:scabrero:branches:network:samba:STABLE
Drop invalid Provides

OBS-URL: https://build.opensuse.org/request/show/936336
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=653
2021-12-08 08:04:49 +00:00
Noel Power
28fcf45326 Accepting request 934097 from home:scabrero:branches:network:samba:STABLE
- Fix dependency problem upgrading from libndr0 to libndr2 and
  from libsamba-credentials0 to libsamba-credentials1;
  (bsc#1192684);

OBS-URL: https://build.opensuse.org/request/show/934097
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=652
2021-11-26 15:58:37 +00:00
Noel Power
7c5ce0071c Accepting request 930730 from home:scabrero:branches:network:samba:STABLE
- Fix regression introduced by CVE-2020-25717 patches, winbindd
  does not start when 'allow trusted domains' is off; (bso#14899);
- Update to 4.15.2
  * CVE-2016-2124:  SMB1 client connections can be downgraded to
    plaintext authentication; (bso#12444); (bsc#1014440);
  * CVE-2020-25717: A user on the domain can become root on domain
    members; (bso#14556); (bsc#1192284);
  * CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos
    tickets issued by an RODC; (bso#14558); (bsc#1192246);
  * CVE-2020-25719: Samba AD DC did not always rely on the SID and
    PAC in Kerberos tickets; (bso#14561); (bsc#1192247);
  * CVE-2020-25721: Kerberos acceptors need easy access to stable
    AD identifiers (eg objectSid); (bso#14557); (bsc#1192505);
  * CVE-2020-25722: Samba AD DC did not do suffienct access and
    conformance checking of data stored; (bso#14564);
    (bsc#1192283);
  * CVE-2021-3738: Use after free in Samba AD DC RPC server;
    (bso#14468); (bsc#1192215);
  * CVE-2021-23192: Subsequent DCE/RPC fragment injection
    vulnerability; (bso#14875); (bsc#1192214);
- Update to 4.15.1
 * vfs_shadow_copy2: core dump in make_relative_path; (bso#14682);
 * Log clutter from filename_convert_internal; (bso#14685);
 * MacOSX compilation fixes; (bso#14862);
 * rodc_rwdc test flaps; (bso#14868);
 * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
   bit' S4U2Proxy Constrained Delegation bypass in Samba with
   embedded Heimdal; (bso#14642);
 * Python ldb.msg_diff() memory handling failure; (bso#14836);
 * "in" operator on ldb.Message is case sensitive; (bso#14845);

OBS-URL: https://build.opensuse.org/request/show/930730
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=651
2021-11-10 21:17:55 +00:00
Noel Power
a0f09594eb Accepting request 923005 from home:scabrero:branches:network:samba:STABLE
-  Adjust spec to use pam macros; (bsc#1191046).
- Adjust spec for size
  * allow some Recommends instead Requires to be configured
    for cifs-utils, samba-libs-python3 & samba-gpupdate;
    (bsc#1182847).
  * remove fam, undocumented and unneeded.

OBS-URL: https://build.opensuse.org/request/show/923005
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=650
2021-10-05 13:41:00 +00:00
66c0b2b677 Accepting request 921168 from home:scabrero:branches:network:samba:STABLE
- Add missing build dependency on bison when building with the
  embedded Heimdal Kerberos

OBS-URL: https://build.opensuse.org/request/show/921168
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=649
2021-09-24 09:37:46 +00:00
Noel Power
5191ffffd9 OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=648 2021-09-23 10:24:07 +00:00
42f8e11b64 Accepting request 913220 from home:dmulder:branches:network:samba:STABLE
- Add Certificate Auto Enrollment Policy; (jsc#SLE-18457).

OBS-URL: https://build.opensuse.org/request/show/913220
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=647
2021-09-17 07:45:50 +00:00
Noel Power
c988bfbf5e Accepting request 908919 from home:scabrero:branches:network:samba:STABLE
- Update to 4.14.6
   * s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722).
   * smbd: Fix pathref unlinking in create_file_unixpath(); (bso#14732).
   * s3: VFS: default: Add proc_fd's fallback for vfswrap_fchown(); (bso#14734).
   * s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in
     change_file_owner_to_parent() error path; (bso#14736).
   * NT_STATUS_FILE_IS_A_DIRECTORY error messages when using
     glusterfs VFS module; (bso#14730).
   * s3/modules: fchmod: Fallback to path based chmod if pathref; (bso#14734).
   * Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740).
   * gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750).
   * smbXsrv_{open,session,tcon}: protect
     smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records;
     (bso#14752).
   * samba-tool domain backup offline doesn't work against bind DLZ
     backend; (bso#14027).
   * netcmd: Use next_free_rid() function to calculate a SID for
     restoring a backup; (bso#14669).

OBS-URL: https://build.opensuse.org/request/show/908919
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=646
2021-08-04 09:37:16 +00:00
Noel Power
82749b63ed Accepting request 897431 from home:scabrero:branches:network:samba:STABLE
- Update to 4.14.5
  * s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success;
    (bso#14696);
  * s3: smbd: Ensure POSIX default ACL is mapped into returned Windows
    ACL for directory handles; (bso#14708);
  * s3: smbd: Fix uninitialized memory read in process_symlink_open()
    when used with vfs_shadow_copy2(); (bso#14721);
  * docs: Expand the "log level" docs on audit logging; (bso#14689);
  * smbd: Correctly initialize close timestamp fields; (bso#14714);
  * Fix gcc11 compiler issues; (bso#14699);
  * docs-xml: Update smbcacls manpage; (bso#14718);
  * docs: Update list of available commands in rpcclient; (bso#14719);
  * ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475);
  * s3:winbind: For 'security = ADS' require realm/workgroup to be set;
    (bso#14695);
  * lib:replace: Do not build strndup test with gcc 11 or newer;
    (bso#14699);

OBS-URL: https://build.opensuse.org/request/show/897431
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=645
2021-06-08 10:24:08 +00:00
44072657fd Accepting request 889509 from home:npower:samba-update
- Update to 4.14.4
  * CVE-2021-20254: Fix buffer overrun in sids_to_unixids();
    (bso#14571); (bsc#1184677).
- Update to 4.14.3
  * s3:modules:vfs_virusfilter: Recent New_VFS changes break
    vfs_virusfilter_openat; (bso#14671).
  * build: Notice if flex is missing at configure time; (bso#14586).
  * Fix smbd panic when two clients open same file; (bso#14672).
  * Fix memory leak in the RPC server; (bso#14675).
  * s3: smbd: fix deferred renames; (bso#14679).
  * s3-iremotewinspool: Set the per-request memory context;
    (bso#14675)
  * Fix memory leak in the RPC server; (bso#14675).
  * third_party: Update socket_wrapper to version 1.3.2;
    (bso#11899).
  * third_party: Update socket_wrapper to version 1.3.3;
    (bso#14640).
  * samba-gpupdate: Test that sysvol paths download in
    case-insensitive way; (bso#14665).
  * smbd: Ensure errno is preserved across fsp destructor;
    (bso#14662).
  * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
    conflict; (bso#14663).
  * build: Only add -Wl,--as-needed when supported; (bso#14288).

OBS-URL: https://build.opensuse.org/request/show/889509
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=644
2021-04-30 16:19:30 +00:00
Noel Power
04ed273b6d OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=643 2021-04-07 10:02:53 +00:00
Noel Power
eb9272c94c Accepting request 876691 from home:scabrero:branches:network:samba:STABLE
- Spec file fixes around systemd and requires; (bsc#1182830);
- Align systemd service unit files with upstream provided ones.

OBS-URL: https://build.opensuse.org/request/show/876691
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=642
2021-03-04 09:25:41 +00:00
Noel Power
ff3019cd90 Accepting request 872360 from home:scabrero:branches:network:samba:STABLE
- Update to 4.13.4
  * Work around special SMB2 IOCTL response behavior of NetApp Ontap
    7.3.7; (bso#14607);
  * Temporary DFS share setup doesn't set case parameters in the same
    way as a regular share definition does; (bso#14612);
  * lib: Avoid declaring zero-length VLAs in various messaging functions;
    (bso#14605);
  * Do not create an empty DB when accessing a sam.ldb; (bso#14579);
  * vfs_fruit may close wrong backend fd; (bso#14596);
  * Temporary DFS share setup doesn't set case parameters in the same way
    as a regular share definition does; (bso#14612);
  * vfs_virusfilter: Allocate separate memory for config char*; (bso#14606);
  * vfs_fruit may close wrong backend fd; (bso#14596);
  * Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7;
    (bso#14607);
  * The cache directory for the user gencache should be created recursively;
    (bso#14601);
  * Be more flexible with repository names in CentOS 8 test environments;
    (bso#14594);

- Uninstalling samba-client: Failed to disable unit, cifs.service
  does not exists; (bsc#1180388);

OBS-URL: https://build.opensuse.org/request/show/872360
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=641
2021-02-15 11:22:33 +00:00
Noel Power
b42ede7068 Accepting request 857821 from home:scabrero:branches:network:samba:STABLE
Amend wrong bsc# instead of bso# references in change log.

OBS-URL: https://build.opensuse.org/request/show/857821
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=640
2020-12-21 10:26:33 +00:00
096716e54b Accepting request 856728 from home:scabrero:branches:network:samba:STABLE
- Update to 4.13.3
  + libcli: smb2: Never print length if smb2_signing_key_valid() fails for
    crypto blob; (bsc#14210);
  + s3: modules: gluster. Fix the error I made in preventing talloc leaks
    from a function; (bsc#14486);
  + s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL
    via TALLOC_FREE(); (bsc#14515);
  + s3: spoolss: Make parameters in call to user_ok_token() match all other
    uses; (bsc#14568);
  + s3: smbd: Quiet log messages from usershares for an unknown share;
    (bsc#14590);
  + samba process does not honor max log size; (bsc#14248);
  + vfs_zfsacl: Add missing inherited flag on hidden "magic" everyone@ ACE;
    (bsc#14587);
  + s3-libads: Pass timeout to open_socket_out in ms; (bsc#13124);
  + s3-vfs_glusterfs: Always disable write-behind translator; (bsc#14486);
  + smbclient: Fix recursive mget; (bsc#14517);
  + clitar: Use do_list()'s recursion in clitar.c; (bsc#14581);
  + manpages/vfs_glusterfs: Mention silent skipping of write-behind
    translator; (bsc#14486);
  + vfs_shadow_copy2: Preserve all open flags assuming ROFS; (bsc#14573);
  + interface: Fix if_index is not parsed correctly; (bsc#14514);

OBS-URL: https://build.opensuse.org/request/show/856728
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=639
2020-12-17 17:08:40 +00:00
Noel Power
d33094c8f9 Accepting request 849279 from home:scabrero:branches:network:samba:STABLE
- Update to 4.13.2
  + s3: modules: vfs_glusterfs: Fix leak of char **lines onto
    mem_ctx on return; (bso#14486);
  + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special;
    (bso#14471);
  + smb.conf.5: Add clarification how configuration changes reflected
    by Samba; (bso#14538);
  + daemons: Report status to systemd even when running in foreground;
    (bso#14552);
  + DNS Resolver: Support both dnspython before and after 2.0.0;
    (bso#14553);
  + s3-vfs_glusterfs: Refuse connection when write-behind xlator is
    present; (bso#14486);
  + provision: Add support for BIND 9.16.x; (bso#14487);
  + ctdb-common: Avoid aliasing errors during code optimization;
    (bso#14537);
  + libndr: Avoid assigning duplicate versions to symbols; (bso#14541);
  + docs: Fix default value of spoolss:architecture; (bso#14522);
  + winbind: Fix a memleak; (bso#14388);
  + s4:dsdb:acl_read: Implement "List Object" mode feature; (bso#14531);
  + docs-xml/manpages: Add warning about write-behind translator for
    vfs_glusterfs; (bso#14486);
  + nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h.
  + vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530);
  + third_party: Update resolv_wrapper to version 1.1.7; (bso#14547);
  + examples:auth: Do not install example plugin; (bso#14550);
  + ctdb-recoverd: Drop unnecessary and broken code; (bso#14513);
  + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special;
    (bso#14471);

OBS-URL: https://build.opensuse.org/request/show/849279
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=638
2020-11-18 11:49:09 +00:00
7da53eecb7 Accepting request 836313 from home:dmdiss:samba-4.13.0
rework changelogs to carry 4.12.6 and 4.12.7 entries.
SLE15-SP3 changelog is provided as a separate file.

OBS-URL: https://build.opensuse.org/request/show/836313
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=637
2020-09-23 12:49:18 +00:00
Noel Power
0f40c9894f OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=636 2020-09-23 07:57:00 +00:00
Noel Power
98ef31b304 Accepting request 835851 from home:scabrero:branches:network:samba:STABLE
- Update to samba 4.12.7
  + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect
    netr_ServerPasswordSet2 against unencrypted passwords; (bsc#1176579);
    (bso#14497);
  + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support
    "server require schannel:WORKSTATION$ = no" about unsecure configurations;
    (bsc#1176579); (bso#14497);
  + CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client
    challenge; (bsc#1176579); (bso#14497);
  + CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in
    netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no";
    (bsc#1176579); (bso#14497);
- Update to samba 4.12.6
  + s3: libsmb: Fix SMB2 client rename bug to a Windows server;
    (bso#14403).
  + dsdb: Allow "password hash userPassword schemes = CryptSHA256"
    to work on RHEL7; (bso#14424).
  + dbcheck: Allow a dangling forward link outside our known NCs;
    (bso#14450).
  + lib/debug: Set the correct default backend loglevel to
    MAX_DEBUG_LEVEL; (bso#14426).
  + PANIC: Assert failed in get_lease_type(); (bso#14428).
  + util: Fix build on AIX by fixing the order of replace.h include;
    (bso#14422).
  + srvsvc_NetFileEnum asserts with open files; (bso#14355).
  + KDC breaks with DES keys still in the database and
    msDS-SupportedEncryptionTypes 31 indicating support for it;
    (bso#14354).
  + s3:smbd: Make sure vfs_ChDir() always sets
    conn->cwd_fsp->fh->fd = AT_FDCWD; (bso#14427).

OBS-URL: https://build.opensuse.org/request/show/835851
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=635
2020-09-21 15:10:48 +00:00
David Disseldorp
0baf2f4a2e Accepting request 823154 from home:kukuk:etc
- Don't install SuSEfirewall2 services, we don't have that package
  anymore

OBS-URL: https://build.opensuse.org/request/show/823154
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=634
2020-08-06 09:11:04 +00:00
Noel Power
6a8073e897 Accepting request 818624 from home:scabrero:branches:network:samba:STABLE
- Update to samba 4.12.5
  + Fix smbd panic on force-close share during async
    io; (bso#14301).
  + Fix segfault when using SMBC_opendir_ctx() routine for
    share folder that contains incorrect symbols in any
    file name; (bso#14374)
  + Fix DFS links; (bso#14391).
  + Can't use DNS functionality after a Windows DC has been
    in domain; (bso#14310).
  + ldapi search to FreeIPA crashes; (bso#14413).
  + Add net-ads-join dnshostname=fqdn option; (bso#14396)
  + Fix adding msDS-AdditionalDnsHostName to keytab with
    Windows DC; (bso#14406).
  + docs-xml: Update list of posible VFS operations for
    vfs_full_audit; (bso#14386).
  + winbindd: Fix a use-after-free when winbind clients exit;
    (bso#14382).
  + Client tools are not able to read gencache anymore;
    (bso#14370).
- Update to samba 4.12.4
  + CVE-2020-10730: NULL de-reference in AD DC LDAP server when
    ASQ and VLV combined; (bso#14364); (bsc#1173159)
  + CVE-2020-10745: invalid DNS or NBT queries containing dots use
    several seconds of CPU each; (bso#14378); (bsc#1173160).
  + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP
    server with paged_result or VLV; (bso#14402); (bsc#1173161)
  + CVE-2020-14303: Endless loop from empty UDP packet sent to
    AD DC nbt_server; (bso#14417); (bsc#1173359).

OBS-URL: https://build.opensuse.org/request/show/818624
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=633
2020-07-06 08:20:52 +00:00
Noel Power
a7db85abb1 Accepting request 810756 from home:scabrero:branches:network:samba:STABLE
- add libnetapi-devel to baselibs conf, for wine usage (bsc#1172307)

- Add system-user-nobody to samba package requirements

- Update to samba 4.12.3
  + Fix smbd panic on force-close share during async io; (bso#14301);
  + s3: vfs_full_audit: Add missing fcntl entry in vfs_op_names[] array;
    (bso#14343);
  + vfs_io_uring: Fix data corruption with Windows clients; (bso#14361);
  + Fix smbd crashes when MacOS Catalina connects if iconv initialization
    fails; (bso#14372);
  + Exporting from macOS Adobe Illustrator creates multiple copies;
    (bso#14150);
  + smbd does a chdir() twice per request; (bso#14256);
  + smbd mistakenly updates a file's write-time on close; (bso#14320);
  + vfs_shadow_copy2: implement case canonicalisation in
    shadow_copy2_get_real_filename(); (bso#14350);
  + Fix Windows 7 clients problem after upgrading samba file server;
    (bso#14375);
  + s3: Pass DCE RPC handle type to create_policy_hnd; (bso#14359);
  + Fix uxsuccess test with new MIT krb5 library 1.18; (bso#14155);
  + mit-kdc: Explicitly reject S4U requests; (bso#14342);
  + dbwrap_watch: Set rec->value_valid while returning nested
    share_mode_do_locked(); (bso#14352);
  + lib:util: Fix smbclient -l basename dir; (bso#14345);
  + s3:libads: Fix ads_get_upn(); (bso#14336);
  + ctdb: Fix a memleak; (bso#14348);
  + Malicous SMB1 server can crash libsmbclient; (bso#14366);
  + ldb: Bump version to 2.1.3, LMDB databases can grow without bounds;
    (bso#14330);

OBS-URL: https://build.opensuse.org/request/show/810756
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=632
2020-06-03 15:12:28 +00:00
David Disseldorp
7dbf28ebb4 Accepting request 800420 from home:scabrero:branches:network:samba:STABLE
- libsmb: Don't try to find posix stat info in SMBC_getatr();
  (bso#14101); (bsc#1169242);

OBS-URL: https://build.opensuse.org/request/show/800420
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=631
2020-05-06 10:18:05 +00:00
4bbe1d5392 Accepting request 799244 from home:npower:update_samba_4.12.2
- Move libdcerpc-server-core.so to samba-libs package, this was
  initially erroneously located in  samba-ad-dc.

OBS-URL: https://build.opensuse.org/request/show/799244
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=630
2020-04-30 19:18:06 +00:00