Please stage together with talloc, tdb and tevent.
- Update to 4.22.0
* SMB3 Directory Leases are supported. By default, SMB3 Directory
Leases are enabled on non-clustered Samba and disabled on
clustered Samba, based on the "clustering" option.
* Netlogon Ping over LDAP and LDAPS
* Experimental Himmelblaud Authentication in Samba
* The "nmbd proxy logon" feature was removed.
* fruit:posix_rename option of the vfs_fruit VFS module that
could be used to enable POSIX directory rename behaviour for
OS X clients has been removed as it could result in severe
problems for Windows clients.
OBS-URL: https://build.opensuse.org/request/show/1254187
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=317
(bsc#1237296);
- Update to 4.21.4
* Increasing slowness of sharesec performance with high number
of registry shares; (bso#15780).
* winbindd shows memleak in kerberos_decode_pac; (bso#15782).
* Creation of GPOs applicable to more than one group is
impossible with Samba 4.20.0 and later; (bso#15738).
* Replace `crypt` module in
python/samba/netcmd/user/readpasswords/common.py;
(bso#15756).
* vfs_gpfs silently garbles timestamps > year 2106;
(bso#15151).
* Spotlight search results don't show file size and creation
date; (bso#15796).
* General improvements for vfs_ceph_new module; (bso#15703).
* net offlinejoin not working correctly; (bso#15777).
* net ads create/join/winbind producing unix dysfunctional
keytabs; (bso#15759).
* Windows Explorer crashes on S-1-22-* Unix-SIDs when accessing
security tab; (bso#14213).
* The values from hresult_errstr_const and hresult_errstr are
reversed in 4.20 and 4.21; (bso#15769).
* Kerberos referral tickets are generated for principals in our
domain if we have a trust to a top level domain; (bso#15778).
* NETLOGON_NTLMV2_ENABLED is missing in the SamLogon*
user_flags field; (bso#15783).
* Regression: stack-use-after-return in crypt_as_best_we_can();
(bso#15784).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=701
* More possible replication loops against Azure AD;
(bso#15701).
* Compound rename from Mac clients can fail with
NT_STATUS_INTERNAL_ERROR if the file has a lease;
(bso#15697).
* vfs crossrename seems not work correctly; (bso#15724).
* After 'machine password timeout' /etc/krb5.keytab is not
updated; (bso#6750).
* Memory leak wbcCtxLookupSid; (bso#15771).
* Fix heap-user-after-free with association groups;
(bso#15765).
* Segfault in vfs_btrfs; (bso#15758).
* Avoid event failure race when disabling an event script;
(bso#15755).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=700
man page;(bsc#1233880).
- Update to 4.21.2
* smbd fails to correctly check sharemode against OVERWRITE
dispositions; (bso#15732).
* Panic in close_directory; (bso#15754).
* winexe no longer works with samba 4.21; (bso#15752).
* protocol error - Unclear debug message "pad length mismatch"
for invalid bind packet; (bso#14356).
* NetrGetLogonCapabilities QueryLevel 2 needs to be
implemented; (bso#15425).
* gss_accept_sec_context() from Heimdal does not imply
GSS_C_MUTUAL_FLAG with GSS_C_DCE_STYLE; (bso#15740).
* winbindd should call process_set_title() for locator child;
(bso#15749).
* Update CTDB to track all TCP connections to public IP
addresses; (bso#15320).
- Update shipped /etc/samba/smb.conf to point to smb.conf
man page;(bsc#1233880).
- Update to 4.21.2
* smbd fails to correctly check sharemode against OVERWRITE
dispositions; (bso#15732).
* Panic in close_directory; (bso#15754).
* winexe no longer works with samba 4.21; (bso#15752).
* protocol error - Unclear debug message "pad length mismatch"
for invalid bind packet; (bso#14356).
* NetrGetLogonCapabilities QueryLevel 2 needs to be
implemented; (bso#15425).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=699
- Adjust spec to split out rpcd_* binaries into a separate
sub package; (bsc#1231414).
- Update to 4.21.1
* DH reconnect error handling can lead to stale sharemode
entries; (bso#15624).
* "inherit permissions = yes" triggers assert() in vfs_default
when creating a stream; (bso#15695).
* Samba 4.21.0 broke FreeIPA domain member integration;
(bso#15715).
* Missing conversion for msDS-UserTGTLifetime, msDS-
ComputerTGTLifetime and msDS-ServiceTGTLifetime on "samba-
tool domain auth policy modify"; (bso#15692).
* irpc_destructor may crash during shutdown; (bso#15280).
* Durable handle is not granted when a previous OPEN exists
with NoOplock; (bso#15649).
* Durable handle is granted but reconnect fails; (bso#15651).
* Disconnected durable handles with RH lease should not be
purged by a new non conflicting open; (bso#15708).
* net ads testjoin and other commands use the wrong secrets.tdb
in a cluster; (bso#15714).
* 4.21 using --with-system-mitkrb5 requires MIT krb5 1.16 as
rfc 8009 etypes are used; (bso#15726).
* VFS_OPEN_HOW_WITH_BACKUP_INTENT breaks shadow_copy2;
(bso#15730).
* Samba 4.20.0 DLZ module crashes BIND on startup; (bso#15643).
* Cannot build libldb lmdb backend on a build without AD DC;
(bso#15721).
* Consistent log level for sighup handler; (bso#15706).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=697
Update samba.spec, baselibs.conf to deliver libldb packages.
- Package ceph_new VFS module.
- Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated;
(bso#15699); (bsc#1229684).
- Bad variable definition for ParseTuple causing test failure for
Smb3UnixTests.test_create_context_reparse; (bso#15702).
- Update to 4.21.0
* Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when
truncated; (bso#15699).
* Bad variable definition for ParseTuple causing test failure
for Smb3UnixTests.test_create_context_reparse; (bso#15702).
* Add new vfs_ceph module (based on low level API);
(bso#15686).
* samba-tool can not load the default configuration file;
(bso#15698).
* Crash when readlinkat fails; (bso#15700).
* Can't add/delete special keys to keytab for nfs, cifs, http
etc; (bso#15689).
* Compound SMB2 requests don't return
NT_STATUS_NETWORK_SESSION_EXPIRED for all requests, confuses
MacOSX clients; (bso#15696).
* --version-* options are still not ergonomic, and they reject
tilde characters; (bso#15673).
* ldb_version.h is missing from ldb public library;
(bso#15690).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=696
keytab; (bsc#1228732).
- Update to 4.20.4
* --version-* options are still not ergonomic, and they reject
tilde characters; (bso#15673).
- Update to 4.20.3
* Running samba-bgqd a a standalone systemd service does not
work; (bso#15683).
* When claims enabled with heimdal kerberos, unable to log on
to a Windows computer when user account need to change their
own password; (bso#15655).
* Invalid client warning about command line passwords;
(bso#15671).
* Version string is truncated in manpages; (bso#15672).
* cmdline_burn does not always burn secrets; (bso#15674).
* Samba does not parse SDDL found in defaultSecurityDescriptor
in AD_DS_Classes_Windows_Server_v1903.ldf; (bso#15685).
* The images don\'t build after the git security release and
CentOS 8 Stream is EOL; (bso#15660).
* Fix clock skew error message and memory cache clock skew
recovery; (bso#15676).
* Heimdal ignores _gsskrb5_decapsulate errors in
init_sec_context/repl_mutual; (bso#15603).
* s4:ldap_server: does not support tls channel bindings for
sasl binds; (bso#15621).
* CTDB socket output queues may suffer unbounded delays under
some special conditions; (bso#15678).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=695
- Update to 4.20.1
* dns update debug message is too noisy; (bso#15630);
* Do not fail PAC validation for RFC8009 checksums types; (bso#15635);
* Improve performance of lookup_groupmem() in idmap_ad; (bso#15605);
* Smbcacls incorrectly propagates inheritance with Inherit-Only flag; (bso#15636);
* http library doesn't support 'chunked transfer encoding'; (bso#15611);
* Provide a systemd service file for the background queue daemon; (bso#15600);
- Update to 4.20.0
New features:
* samba-tool user getpassword / syncpasswords ;rounds= change
* Group Managed service account client-side features
* New Windows Search Protocol Client
* Allow 'smbcacls' to save/restore DACLs to file
* Samba-tool extensions for AD Claims, Authentication Policies and Silos
* AD DC support for Authentication Silos and Authentication Policies
* Conditional ACEs and Resource Attribute ACEs
* Service Witness Protocol [MS-SWN]
Removed features:
* Get locally logged on users from utmp
Fixed bugs:
* Avoid null-dereference with bad claims; (bso#15606);
* ndr_pull_security_ace can leave resource attribute ACE coda
claim struct undefined; (bso#15613);
* fd_handle_destructor() panics within an smbd_smb2_close() if
vfs_stat_fsp() fails in fd_close(); (bso#15527);
* set_nt_acl sometimes fails with NT_STATUS_INVALID_PARAMETER -
openat() EACCES; (bso#15583);
* libgpo: Segfault in python bindings; (bso#15599);
* Samba AD is missing some authentication policy tests;
(bso#15607);
OBS-URL: https://build.opensuse.org/request/show/1177473
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=305
- Update to 4.19.5
* Windows 2016 fails to restore previous version of a file from
a shadow_copy2 snapshot; (bso#13688).
* Symlinks on AIX are broken in 4.19 (and a few version before
that); (bso#15549).
* Fake directory create times has no effect; (bso#12421).
* ctime mixed up with mtime by smbd; (bso#15550).
* samba-gpupdate --rsop fails if machine is not in a site;
(bso#15548).
* gpupdate: The root cert import when NDES is not available is
broken; (bso#15557).
* samba-gpupdate should print a useful message if cepces-submit
can't be found; (bso#15552).
* samba-gpupdate logging doesn't work; (bso#15558).
* smbpasswd reset permissions only if not 0600; (bso#15555).
OBS-URL: https://build.opensuse.org/request/show/1149633
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=689
Fri Jan 10 12:01:49 UTC 2024 - Noel Power <nopower@suse.com>
- Remove -x from bash shebang update-apparmor-samba-profile;
(bsc#1218431).
- Update to 4.19.4
* net changesecretpw cannot set the machine account password if
secrets.tdb is empty; (bso#13577).
* For generating doc, take, if defined, env XML_CATALOG_FILES;
(bso#15540).
* Trivial C typo in nsswitch/winbind_nss_netbsd.c; (bso#15541).
* vfs_linux_xfs is incorrectly named; (bso#15542).
* systemd stumbled over copyright-message at smbd startup;
(bso#15377).
* Following intermediate abolute share-local symlinks is
broken; (bso#15505).
* ctdb RELEASE_IP causes a crash in release_ip if a connection
to a non-public address disconnects first; (bso#15523).
* shadow_copy2 broken when current fileset's directories are
removed; (bso#15544).
* smbd does not detect ctdb public ipv6 addresses for
multichannel exclusion; (bso#15534).
* 'force user = localunixuser' doesn't work if 'allow trusted
domains = no' is set; (bso#15469).
* smbget debug logging doesn't work; (bso#15525).
* smget: username in the smburl and interactive password entry
doesn't work; (bso#15532).
* smbget auth function doesn't set values for password prompt
correctly; (bso#15538).
* Unable to copy and write files from clients to Ceph cluster
via SMB Linux gateway with Ceph VFS module; (bso#15440).
OBS-URL: https://build.opensuse.org/request/show/1138091
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=688
- Update to 4.19.2
* Use-after-free in aio_del_req_from_fsp during smbd shutdown
after failed IPC FSCTL_PIPE_TRANSCEIVE; (bso#15423).
* clidfs.c do_connect() missing a "return" after a
cli_shutdown() call; (bso#15426).
* macOS mdfind returns only 50 results; (bso#15463).
* GETREALFILENAME_CACHE can modify incoming new filename with
previous cache entry value; (bso#15481).
* libnss_winbind causes memory corruption since samba-4.18,
impacts sendmail, zabbix, potentially more; (bso#15464).
* ctdbd: setproctitle not initialized messages flooding logs;
(bso#15479).
* CVE-2023-5568 Heap buffer overflow with freshness tokens in
the Heimdal KDC in Samba 4.19; (bso#15491).
* The heimdal KDC doesn't detect s4u2self correctly when fast
is in use; (bso#15477).
- packaging: Remove /etc/slp.reg.d from samba spec file;
(bsc#1216160)
- use systemd-logind rather than utmp for y2038 safety;
(bsc#1216159).
OBS-URL: https://build.opensuse.org/request/show/1118340
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=686
- CVE-2023-4091: samba: Client can truncate file with read-only
permissions; (bsc#1215904); (bso#15439).
- CVE-2023-42669: samba: rpcecho, enabled and running in AD DC,
allows blocking sleep on request; (bso#1215905); (bso#15474).
- CVE-2023-42670: samba: The procedure number is out of range
when starting Active Directory Users and Computers;
(bsc#1215906); (bso#15473).
- CVE-2023-3961: samba: Unsanitized client pipe name passed to
local_np_connect(); (bsc#1215907); (bso#15422).
- CVE-2023-4154: samba: dirsync allows SYSTEM access with only
"GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES;
(bsc#1215908); (bso#15424).
OBS-URL: https://build.opensuse.org/request/show/1116864
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=685
- Update to 4.19.0
* File doesn't show when user doesn't have permission if
aio_pthread is loaded; (bso#15453).
* ctdb_killtcp fails to work with --enable-pcap and libpcap ≥
1.9.1; (bso#15451).
* Logging to stdout/stderr with DEBUG_SYSLOG_FORMAT_ALWAYS can
log to syslog; (bso#15460).
* ‘samba-tool domain level raise’ fails unless given a URL;
(bso#15458).
* reply_sesssetup_and_X() can dereference uninitialized tmp
pointer; (bso#15420).
* missing return in reply_exit_done(); (bso#15430).
* TREE_CONNECT without SETUP causes smbd to use uninitialized
pointer; (bso#15432).
* Avoid infinite loop in initial user sync with Azure AD
Connect when synchronising a large Samba AD domain;
(bso#15401).
* Samba replication logs show (null) DN; (bso#15407).
* 2-3min delays at reconnect with
smb2_validate_sequence_number: bad message_id 2; (bso#15346).
* DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed;
(bso#15446).
* CID 1539212 causes real issue when output contains only
newlines; (bso#15438).
* KDC encodes INT64 claims incorrectly; (bso#15452).
* mdssvc: Do an early talloc_free() in _mdssvc_open();
(bso#15449).
* Windows client join fails if a second container CN=System
exists somewhere; (bso#9959).
* regression DFS not working with widelinks = true;
OBS-URL: https://build.opensuse.org/request/show/1114416
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=684
- Update to 4.18.6
* reply_sesssetup_and_X() can dereference uninitialized tmp pointer;
(bso#15420);
* Missing return in reply_exit_done(); (bso#15430);
* post-exec password redaction for samba-tool is more reliable for fully
random passwords as it no longer uses regular expressions containing the
password value itself; (bso#15289);
* Windows client join fails if a second container CN=System exists somewhere;
(bso#9959);
* Spotlight sometimes returns no results on latest macOS; (bso#15342);
* Renaming results in NT_STATUS_SHARING_VIOLATION if previously attempted to
remove the destination; (bso#15417);
* Spotlight results return wrong date in result list; (bso#15427);
* "net offlinejoin provision" does not work as non-root user; (bso#15414);
* rpcserver no longer accepts double backslash in dfs pathname; (bso#15400);
* cm_prepare_connection() calls close(fd) for the second time; (bso#15433);
* 2-3min delays at reconnect with smb2_validate_sequence_number: bad
message_id 2; (bso#15346);
* samba-tool ntacl get segfault if aio_pthread appended; (bso#15441);
* DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed; (bso#15446);
* Python tarfile extraction needs change to avoid a warning (CVE-2007-4559
mitigation); (bso#15390);
* Regression DFS not working with widelinks = true; (bso#15435);
* mdssvc: Do an early talloc_free() in _mdssvc_open(); (bso#15449);
OBS-URL: https://build.opensuse.org/request/show/1108160
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=683
- Update to 4.18.3
* Symlinks to files can have random DOS mode information in a
directory listing; (bso#15375).
* vfs_fruit might cause a failing open for delete; (bso#15378).
* winbind recurses into itself via rpcd_lsad; (bso#15361).
* wbinfo -u fails on ad dc with >1000 users; (bso#15366).
* DS ACEs might be inherited to unrelated object classes;
(bso#15338).
* a lot of messages: get_static_share_mode_data:
get_static_share_mode_data_fn failed: NT_STATUS_NOT_FOUND;
(bso#15362).
* aes256 smb3 encryption algorithms are not allowed in
smb3_sid_parse(); (bso#15374).
* Setting veto files = /.*/ break listing directories;
(bso#15360).
* "samba-tool domain provision" does not run interactive mode
if no arguments are given; (bso#15363).
* dsgetdcname: assumes local system uses IPv4; (bso#15325).
- Update to 4.18.2
* Log flood: smbd_calculate_access_mask_fsp: Access denied:
message level should be lower; (bso#15302).
* Floating point exception (FPE) via cli_pull_send at
source3/libsmb/clireadwrite.c; (bso#15306).
* test_tstream_more_tcp_user_timeout_spin fails intermittently
on Rackspace GitLab runners; (bso#15328).
* Reduce flapping of ridalloc test; (bso#15329).
* large_ldap test is unreliable; (bso#15351).
* New filename parser doesn't check veto files smb.conf
parameter; (bso#15143).
* mdssvc may crash when initializing; (bso#15354).
OBS-URL: https://build.opensuse.org/request/show/1091720
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=680
- Update to 4.18.1
* CVE-2023-0225: AD DC "dnsHostname" attribute can be
deleted by unprivileged authenticated users.
(bso#15276);(bsc#1209483).
* CVE-2023-0614: Access controlled AD LDAP attributes can be
discovered (bso#15270); (bsc#1209485).
* CVE-2023-0922: Samba AD DC admin tool samba-tool sends
passwords in cleartext(bso#15315);(bsc#1209481).
* ldb wildcard matching makes excessive allocations;
(bso#15331).
* large_ldap test is inefficient; (bso#15332).
OBS-URL: https://build.opensuse.org/request/show/1075680
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=679
- Update to 4.18.0
* SMB server performance improvements
* More succinct samba-tool error messages
* Color output with samba-tool --color
The NO_COLOR environment variable will disable colour output
* New samba-tool dsacl subcommand for deleting ACEs
* New wbinfo option --change-secret-at
* Net option to change the NT ACL default location
* Azure AD / Office365 synchronization improvements
OBS-URL: https://build.opensuse.org/request/show/1074016
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=294
- Update to 4.17.5
* smbc_getxattr() return value is incorrect; (bso#14808);
* Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled
correctly; (bso#15172);
* synthetic_pathref AFP_AfpInfo failed errors; (bso#15210);
* samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC
when there is only an AAAA record for the DC in DNS; (bso#15226);
* smbd crashes if an FSCTL request is done on a stream handle; (bso#15236);
* DFS links don't work anymore on Mac clients since 4.17; (bso#15277);
* vfs_virusfilter segfault on access, directory edgecase
(accessing NULL value); (bso#15283);
* CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) based
SChannel on NETLOGON (additional changes); (bso#15240);
* %U for include directive doesn't work for share listing
(netshareenum); (bso#15243);
* Shares missing from netshareenum response in samba 4.17.4;
(bso#15266);
* ctdb: use-after-free in run_proc; (bso#15269);
* irpc_destructor may crash during shutdown; (bso#15280);
* auth3_generate_session_info_pac leaks wbcAuthUserInfo; (bso#15286);
* smbclient segfaults with use after free on an optimized build;
(bso#15268);
* smbstatus leaking files in msg.sock and msg.lock; (bso#15282);
* Leak in wbcCtxPingDc2; (bso#15164);
* Access based share enum does not work in Samba 4.16+; (bso#15265);
* Crash during share enumeration; (bso#15267);
* rep_listxattr on FreeBSD does not properly check for reads off
end of returned buffer; (bso#15271);
* Avoid relying on C89 features in a few places; (bso#15281);
- named crashes on DLZ zone update; (bso#14030); (bsc#1206996);
OBS-URL: https://build.opensuse.org/request/show/1066228
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=677
- Update to 4.17.4
* CVE-2022-44640 Upstream Heimdal free of user-controlled
pointer in FAST; (bsc#14929);
* CVE-2021-20251 Bad password count not incremented atomically;
(bsc#14611);
* CVE-2022-42898 krb5_pac_parse() buffer parsing vulnerability;
(bsc#15203);
* CVE-2022-37966 rc4-hmac Kerberos session keys issued to
modern servers; (bso#15237);
* CVE-2022-37967 Kerberos constrained delegation ticket forgery
possible against Samba AD DC; (bso#15231);
* CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
and should be avoided; (bso#15240);
* pam_winbind uses time_t and pointers assuming they are of the
same size; (bso#15224);
* Heimdal session key selection in AS-REQ examines wrong entry;
(bso#15219);
* filter-subunit is inefficient with large numbers of
knownfails; (bso#15258);
* smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories;
(bso#15252);
* The KDC logic arround msDs-supportedEncryptionTypes differs
from Windows; (bso#13135);
* libnet: change_password() doesn't work with
dcerpc_samr_ChangePasswordUser4(); (bso#15206);
* Heimdal session key selection in AS-REQ examines wrong entry;
(bso#15219);
* Memory leak in snprintf replacement functions; (bso#15230);
* RODC doesn't reset badPwdCount reliable via an RWDC
(CVE-2021-20251 regression); (bso#15253);
OBS-URL: https://build.opensuse.org/request/show/1043954
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=674
- Update to 4.17.1
* CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically; (bso#14611).
* smbXsrv_connection_shutdown_send result leaked; (bso#15174).
* Flush on a named stream never completes; (bso#15182).
* Permission denied calling SMBC_getatr when file not exists;
(bso#15195).
* Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC;
(bso#15189).
* pytest: add file removal helpers for TestCaseInTempDir;
(bso#15191).
* CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically; (bso#14611).
* Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC;
(bso#15189).
* Flush on a named stream never completes; (bso#15182).
* vfs_gpfs silently garbles timestamps > year 2106;
(bso#15151).
* CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically; (bso#14611).
* multi-channel socket passing may hit a race if one of the
involved processes already existed; (bso#15200).
* memory leak on temporary of struct imessaging_post_state and
struct tevent_immediate on struct imessaging_context (in
rpcd_spoolss and maybe others); (bso#15201).
* Since popt1.19 various use after free errors using result of
poptGetArg are now exposed; (bso#15205); (boo#1204279).
* Remove special case for O_CREAT in SMB_VFS_OPENAT from
OBS-URL: https://build.opensuse.org/request/show/1030308
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=669
- Disable SMB1 for tumbleweed builds.
- Update to 4.17.0
* acl_xattr VFS module may unintentionally use filesystem
permissions instead of ACL from xattr; (bso#15126).
* Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1;
(bso#15153).
* assert failed: !is_named_stream(smb_fname)") at
../../lib/util/fault.c:197; (bso#15161).
* acl_xattr VFS module may unintentionally use filesystem
permissions instead of ACL from xattr; (bso#15126).
* assert failed: !is_named_stream(smb_fname)") at
../../lib/util/fault.c:197; (bso#15161).
* Cross-node multi-channel reconnects result in SMB2 Negotiate
returning NT_STATUS_NOT_SUPPORTED; (bso#15159).
* winbind at info level debug can coredump when processing
wb_lookupusergroups; (bso#15160).
* Make use of glfs_*at() API calls in vfs_glusterfs;
(bso#15157).
* Possible use after free of connection_struct when iterating
smbd_server_connection->connections; (bso#15128).
* `net usershare add` fails with flag works with --long but
fails with -l; (bso#15145).
* acl_xattr VFS module may unintentionally use filesystem
permissions instead of ACL from xattr; (bso#15126).
* Performance regression on contended path based operations;
(bso#15125).
* Missing READ_LEASE break could cause data corruption;
(bso#15148).
* libsamba-errors uses a wrong version number; (bso#15141).
OBS-URL: https://build.opensuse.org/request/show/1006436
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=667
- Update to 4.16.4
* CVE-2022-2031: Samba AD users can bypass certain restrictions
associated with changing passwords; (bsc#1201495); (bso#15047);
* CVE-2022-32744: Samba AD users can forge password change
requests for any user; (bsc#1201493); (bso#15074);
* CVE-2022-32745: Samba AD users can crash the server process
with an LDAP add or modify request; (bsc#1201492); (bso#15008);
* CVE-2022-32746: Samba AD users can induce a use-after-free in
the server process with an LDAP add or modify request;
(bsc#1201490); (bso#15009);
* CVE-2022-32742: Server memory information leak via SMB1;
(bsc#1201496); (bso#15085);
- Update to 4.16.3
* Using vfs_streams_xattr and deleting a file causes a panic;
(bso#15099);
* Add support for bind 9.18; (bso#14986);
* logging dsdb audit to specific files does not work;
(bso#15076);
* Problem when winbind renews Kerberos; (bso#14979);
(bsc#1196224);
* Samba with new lorikeet-heimdal fails to build on gcc 12.1 in
developer mode; (bso#15095);
* Crash in streams_xattr because fsp->base_fsp->fsp_name is
NULL; (bso#15105);
* Crash in rpcd_classic - NULL pointer deference in
mangle_is_mangled(); (bso#15118);
* smbclient commands del & deltree fail with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
(bsc#1200556);
OBS-URL: https://build.opensuse.org/request/show/992061
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=666
- Update spec file to fix the optional Heimdal DC build
- Fix external trusts with MIT Kerberos 1.20
- Add missing samba-client requirement to samba-winbind package;
(bsc#1198255);
- Move pdb backends from package samba-libs to package
samba-client-libs and remove samba-libs requirement from
samba-winbind; (bsc#1200964); (bsc#1198255);
- Add sysuser-shadow requirement for packages using
systemd-sysusers
- Use the canonical realm name to refresh the Kerberos tickets;
(bsc#1196224); (bso#14979);
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
OBS-URL: https://build.opensuse.org/request/show/988948
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=665
- Update to 4.16.2
* Use pathref fd instead of io fd in vfs_default_durable_cookie;
(bso#15042);
* vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
file had been deleted; (bso#15069);
* Reintroduce netgroups support; (bso#15087);
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted
server; (bso#14674);
* Update from 4.15 to 4.16 breaks discovery of [homes] on
standalone server from Win and IOS; (bso#15062);
* waf produces incorrect names for python extensions with Python
3.11; (bso#15071);
* smbclient -E doesn't work as advertised; (bso#15075);
* The samba background daemon doesn't refresh the printcap cache
on startup; (bso#15081);
* Out-by-4 error in smbd read reply max_send clamp; (bso#14443);
- Fix samba4.blackbox.net_ads_dns_async test with bind9 >= 9.17.7
- Support building with MIT Kerberos 1.20
- Bronze bit and S4U support with MIT Kerberos 1.20 for Samba AD DC;
(CVE-2020-17049);
- Resource Based Constrained Delegation (RBCD) for Samba AD DC
- Support building with gcc 12.1
OBS-URL: https://build.opensuse.org/request/show/983456
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=282
- Update to 4.16.1
* Share and server swapped in smbget password prompt; (bso#14831);
* Durable handles won't reconnect if the leased file is written to;
(bso#15022);
* rmdir silently fails if directory contains unreadable files and
hide unreadable is yes; (bso#15023);
* SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information
on renamed file handle; (bso#15038);
* Need to describe --builtin-libraries= better (compare with
--bundled-libraries); (bso#8731);
* vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback;
(bso#14957);
* shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes;
(bso#15035);
* PAM Kerberos authentication incorrectly fails with a clock skew
error; (bso#15046);
* Username map - samba erroneously applies unix group memberships
to user account entries; (bso#15041);
* KVNO off by 100000; (bso#14951);
* Uninitialized litemask in variable in vfs_gpfs module; (bso#15027);
* vfs_gpfs recalls=no option prevents listing files; (bso#15055);
* smbd doesn't handle UPNs for looking up names; (bso#15054);
- Update update-apparmor-samba-profile script, replace
non-printable delimiter with more human readable separator as
sed can accept separators that can appear in the input data.
OBS-URL: https://build.opensuse.org/request/show/974674
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=662
- Update to 4.16.0
* New samba-dcerpcd binary to provide DCERPC in the member server
setup
* Certificate Auto Enrollment
* Ability to add ports to dns forwarder addresses in internal DNS
backend
* No longer using Linux mandatory locks for sharemodes
* SMB1 protocol has been deprecated, particularly older dialects
* SMB1 protocol SMBCopy command removed
* SMB1 server-side wildcard expansion removed
- Add python3-dnspython to samba-ad-dc recommens; (bsc#1187101);
- Use systemd-sysusers to create system users; (bsc#1182847);
OBS-URL: https://build.opensuse.org/request/show/966947
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=278
- Update to 4.15.5
* CVE-2021-44141: UNIX extensions in SMB1 disclose whether the
outside target of a symlink exists; (bso#14911);
(bsc#1193690).
* CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit
module; (bso#14914); (bsc#1194859).
* CVE-2022-0336: Re-adding an SPN skips subsequent SPN
conflict checks; bso#14950); (bsc#1195048).
- CVE-2021-44141: Information leak via symlinks of existance of
files or directories outside of the exported share; (bso#14911);
(bsc#1193690);
- CVE-2021-44142: Out-of-bounds heap read/write vulnerability
in VFS module vfs_fruit allows code execution; (bso#14914);
(bsc#1194859);
- CVE-2022-0336: Samba AD users with permission to write to an
account can impersonate arbitrary services; (bso#14950);
(bsc#1195048);
OBS-URL: https://build.opensuse.org/request/show/950276
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=659
- Update to 4.15.4
* Duplicate SMB file_ids leading to Windows client cache
poisoning; (bso#14928);
* Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error -
NT_STATUS_BUFFER_TOO_SMALL; (bso#14932);
* kill_tcp_connections does not work; (bso#14934);
* Can't connect to Windows shares not requiring authentication
using KDE/Gnome; (bso#14935);
* smbclient -L doesn't set "client max protocol" to NT1 before
calling the "Reconnecting with SMB1 for workgroup listing"
path; (bso#14939);
* Cross device copy of the crossrename module always fails;
(bso#14940);
* symlinkat function from VFS cap module always fails with an
error; (bso#14941);
* Fix possible fsp pointer deference; (bso#14942);
* Missing pop_sec_ctx() in error path inside close_directory();
(bso#14944);
* "smbd --build-options" no longer works without an smb.conf file;
(bso#14945);
OBS-URL: https://build.opensuse.org/request/show/948069
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=658
- Use pkgconfig(krb5) as dependency for the -devel package: allow
OBS to pick the right flavor of krb5-devel (full vs mini).
- Do not require the 'krb5' symbol by samba-client-libs: this
package has an automatic dependency due to linkage on
libgssapi_krb5.so.2. Automatic deps are always better.
- Do not require the 'krb5' symbol from samba-libs: samba-libs
requires samba-client-libs, which in turn requires krb5
libraries. Samba-libs itself has no need for krb5 (but get it
indirectly anyway).
OBS-URL: https://build.opensuse.org/request/show/947215
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=657
- Reorganize libs packages. Split samba-libs into samba-client-libs,
samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba
public libraries depending on internal samba libraries into these
packages as there were dependency problems everytime one of these
public libraries changed its version (bsc#1192684). The devel
packages are merged into samba-devel.
- Rename package samba-core-devel to samba-devel
- Add python-rpm-macros to build requirements
OBS-URL: https://build.opensuse.org/request/show/945635
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=655
- Update to 4.15.3
* Recursive directory delete with veto files is broken in 4.15.0;
(bso#14878);
* A directory containing dangling symlinks cannot be deleted by
SMB2 alone when they are the only entry in the directory;
(bso#14879);
* SIGSEGV in rmdir_internals/synthetic_pathref - dirfsp is used
uninitialized in rmdir_internals(); (bso#14892);
* MaxQueryDuration not honoured in Samba AD DC LDAP; (bso#14694);
* The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token; (bso#14901); (bsc#1192849);
* User with multiple spaces (eg Fred<space><space>Nurk) become
un-deletable; (bso#14902);
* Avoid storing NTTIME_THAW (-2) as value on disk; (bso#14127);
* smbXsrv_client_global record validation leads to crash if existing
record points at non-existing process; (bso#14882);
* Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call;
(bso#14890);
* Samba process doesn't log to logfile; (bso#14897);
* set_ea_dos_attribute() fallback calling get_file_handle_for_metadata()
triggers locking.tdb assert; (bso#14907);
* Kerberos authentication on standalone server in MIT realm broken;
(bso#14922);
* Segmentation fault when joining the domain; (bso#14923);
* Support for ROLE_IPA_DC is incomplete; (bso#14903);
* rpcclient cannot connect to ncacn_ip_tcp services anymore;
(bso#14767);
* winexe crashes since 4.15.0 after popt parsing; (bso#14893);
* net ads status -P broken in a clustered environment; (bso#14908);
* Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before
OBS-URL: https://build.opensuse.org/request/show/939491
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=654
- Fix regression introduced by CVE-2020-25717 patches, winbindd
does not start when 'allow trusted domains' is off; (bso#14899);
- Update to 4.15.2
* CVE-2016-2124: SMB1 client connections can be downgraded to
plaintext authentication; (bso#12444); (bsc#1014440);
* CVE-2020-25717: A user on the domain can become root on domain
members; (bso#14556); (bsc#1192284);
* CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos
tickets issued by an RODC; (bso#14558); (bsc#1192246);
* CVE-2020-25719: Samba AD DC did not always rely on the SID and
PAC in Kerberos tickets; (bso#14561); (bsc#1192247);
* CVE-2020-25721: Kerberos acceptors need easy access to stable
AD identifiers (eg objectSid); (bso#14557); (bsc#1192505);
* CVE-2020-25722: Samba AD DC did not do suffienct access and
conformance checking of data stored; (bso#14564);
(bsc#1192283);
* CVE-2021-3738: Use after free in Samba AD DC RPC server;
(bso#14468); (bsc#1192215);
* CVE-2021-23192: Subsequent DCE/RPC fragment injection
vulnerability; (bso#14875); (bsc#1192214);
- Update to 4.15.1
* vfs_shadow_copy2: core dump in make_relative_path; (bso#14682);
* Log clutter from filename_convert_internal; (bso#14685);
* MacOSX compilation fixes; (bso#14862);
* rodc_rwdc test flaps; (bso#14868);
* Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
bit' S4U2Proxy Constrained Delegation bypass in Samba with
embedded Heimdal; (bso#14642);
* Python ldb.msg_diff() memory handling failure; (bso#14836);
* "in" operator on ldb.Message is case sensitive; (bso#14845);
OBS-URL: https://build.opensuse.org/request/show/930730
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=651
- Update to 4.14.6
* s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722).
* smbd: Fix pathref unlinking in create_file_unixpath(); (bso#14732).
* s3: VFS: default: Add proc_fd's fallback for vfswrap_fchown(); (bso#14734).
* s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in
change_file_owner_to_parent() error path; (bso#14736).
* NT_STATUS_FILE_IS_A_DIRECTORY error messages when using
glusterfs VFS module; (bso#14730).
* s3/modules: fchmod: Fallback to path based chmod if pathref; (bso#14734).
* Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740).
* gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750).
* smbXsrv_{open,session,tcon}: protect
smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records;
(bso#14752).
* samba-tool domain backup offline doesn't work against bind DLZ
backend; (bso#14027).
* netcmd: Use next_free_rid() function to calculate a SID for
restoring a backup; (bso#14669).
OBS-URL: https://build.opensuse.org/request/show/908919
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=646
- Update to 4.14.5
* s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success;
(bso#14696);
* s3: smbd: Ensure POSIX default ACL is mapped into returned Windows
ACL for directory handles; (bso#14708);
* s3: smbd: Fix uninitialized memory read in process_symlink_open()
when used with vfs_shadow_copy2(); (bso#14721);
* docs: Expand the "log level" docs on audit logging; (bso#14689);
* smbd: Correctly initialize close timestamp fields; (bso#14714);
* Fix gcc11 compiler issues; (bso#14699);
* docs-xml: Update smbcacls manpage; (bso#14718);
* docs: Update list of available commands in rpcclient; (bso#14719);
* ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475);
* s3:winbind: For 'security = ADS' require realm/workgroup to be set;
(bso#14695);
* lib:replace: Do not build strndup test with gcc 11 or newer;
(bso#14699);
OBS-URL: https://build.opensuse.org/request/show/897431
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=645
- Update to 4.14.4
* CVE-2021-20254: Fix buffer overrun in sids_to_unixids();
(bso#14571); (bsc#1184677).
- Update to 4.14.3
* s3:modules:vfs_virusfilter: Recent New_VFS changes break
vfs_virusfilter_openat; (bso#14671).
* build: Notice if flex is missing at configure time; (bso#14586).
* Fix smbd panic when two clients open same file; (bso#14672).
* Fix memory leak in the RPC server; (bso#14675).
* s3: smbd: fix deferred renames; (bso#14679).
* s3-iremotewinspool: Set the per-request memory context;
(bso#14675)
* Fix memory leak in the RPC server; (bso#14675).
* third_party: Update socket_wrapper to version 1.3.2;
(bso#11899).
* third_party: Update socket_wrapper to version 1.3.3;
(bso#14640).
* samba-gpupdate: Test that sysvol paths download in
case-insensitive way; (bso#14665).
* smbd: Ensure errno is preserved across fsp destructor;
(bso#14662).
* idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
conflict; (bso#14663).
* build: Only add -Wl,--as-needed when supported; (bso#14288).
OBS-URL: https://build.opensuse.org/request/show/889509
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=644
- Update to 4.13.4
* Work around special SMB2 IOCTL response behavior of NetApp Ontap
7.3.7; (bso#14607);
* Temporary DFS share setup doesn't set case parameters in the same
way as a regular share definition does; (bso#14612);
* lib: Avoid declaring zero-length VLAs in various messaging functions;
(bso#14605);
* Do not create an empty DB when accessing a sam.ldb; (bso#14579);
* vfs_fruit may close wrong backend fd; (bso#14596);
* Temporary DFS share setup doesn't set case parameters in the same way
as a regular share definition does; (bso#14612);
* vfs_virusfilter: Allocate separate memory for config char*; (bso#14606);
* vfs_fruit may close wrong backend fd; (bso#14596);
* Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7;
(bso#14607);
* The cache directory for the user gencache should be created recursively;
(bso#14601);
* Be more flexible with repository names in CentOS 8 test environments;
(bso#14594);
- Uninstalling samba-client: Failed to disable unit, cifs.service
does not exists; (bsc#1180388);
OBS-URL: https://build.opensuse.org/request/show/872360
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=641
- Update to 4.13.3
+ libcli: smb2: Never print length if smb2_signing_key_valid() fails for
crypto blob; (bsc#14210);
+ s3: modules: gluster. Fix the error I made in preventing talloc leaks
from a function; (bsc#14486);
+ s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL
via TALLOC_FREE(); (bsc#14515);
+ s3: spoolss: Make parameters in call to user_ok_token() match all other
uses; (bsc#14568);
+ s3: smbd: Quiet log messages from usershares for an unknown share;
(bsc#14590);
+ samba process does not honor max log size; (bsc#14248);
+ vfs_zfsacl: Add missing inherited flag on hidden "magic" everyone@ ACE;
(bsc#14587);
+ s3-libads: Pass timeout to open_socket_out in ms; (bsc#13124);
+ s3-vfs_glusterfs: Always disable write-behind translator; (bsc#14486);
+ smbclient: Fix recursive mget; (bsc#14517);
+ clitar: Use do_list()'s recursion in clitar.c; (bsc#14581);
+ manpages/vfs_glusterfs: Mention silent skipping of write-behind
translator; (bsc#14486);
+ vfs_shadow_copy2: Preserve all open flags assuming ROFS; (bsc#14573);
+ interface: Fix if_index is not parsed correctly; (bsc#14514);
OBS-URL: https://build.opensuse.org/request/show/856728
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=639
- Update to 4.13.2
+ s3: modules: vfs_glusterfs: Fix leak of char **lines onto
mem_ctx on return; (bso#14486);
+ RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special;
(bso#14471);
+ smb.conf.5: Add clarification how configuration changes reflected
by Samba; (bso#14538);
+ daemons: Report status to systemd even when running in foreground;
(bso#14552);
+ DNS Resolver: Support both dnspython before and after 2.0.0;
(bso#14553);
+ s3-vfs_glusterfs: Refuse connection when write-behind xlator is
present; (bso#14486);
+ provision: Add support for BIND 9.16.x; (bso#14487);
+ ctdb-common: Avoid aliasing errors during code optimization;
(bso#14537);
+ libndr: Avoid assigning duplicate versions to symbols; (bso#14541);
+ docs: Fix default value of spoolss:architecture; (bso#14522);
+ winbind: Fix a memleak; (bso#14388);
+ s4:dsdb:acl_read: Implement "List Object" mode feature; (bso#14531);
+ docs-xml/manpages: Add warning about write-behind translator for
vfs_glusterfs; (bso#14486);
+ nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h.
+ vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530);
+ third_party: Update resolv_wrapper to version 1.1.7; (bso#14547);
+ examples:auth: Do not install example plugin; (bso#14550);
+ ctdb-recoverd: Drop unnecessary and broken code; (bso#14513);
+ RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special;
(bso#14471);
OBS-URL: https://build.opensuse.org/request/show/849279
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=638
- Update to samba 4.12.7
+ CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect
netr_ServerPasswordSet2 against unencrypted passwords; (bsc#1176579);
(bso#14497);
+ CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support
"server require schannel:WORKSTATION$ = no" about unsecure configurations;
(bsc#1176579); (bso#14497);
+ CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client
challenge; (bsc#1176579); (bso#14497);
+ CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in
netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no";
(bsc#1176579); (bso#14497);
- Update to samba 4.12.6
+ s3: libsmb: Fix SMB2 client rename bug to a Windows server;
(bso#14403).
+ dsdb: Allow "password hash userPassword schemes = CryptSHA256"
to work on RHEL7; (bso#14424).
+ dbcheck: Allow a dangling forward link outside our known NCs;
(bso#14450).
+ lib/debug: Set the correct default backend loglevel to
MAX_DEBUG_LEVEL; (bso#14426).
+ PANIC: Assert failed in get_lease_type(); (bso#14428).
+ util: Fix build on AIX by fixing the order of replace.h include;
(bso#14422).
+ srvsvc_NetFileEnum asserts with open files; (bso#14355).
+ KDC breaks with DES keys still in the database and
msDS-SupportedEncryptionTypes 31 indicating support for it;
(bso#14354).
+ s3:smbd: Make sure vfs_ChDir() always sets
conn->cwd_fsp->fh->fd = AT_FDCWD; (bso#14427).
OBS-URL: https://build.opensuse.org/request/show/835851
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=635
- Update to samba 4.12.5
+ Fix smbd panic on force-close share during async
io; (bso#14301).
+ Fix segfault when using SMBC_opendir_ctx() routine for
share folder that contains incorrect symbols in any
file name; (bso#14374)
+ Fix DFS links; (bso#14391).
+ Can't use DNS functionality after a Windows DC has been
in domain; (bso#14310).
+ ldapi search to FreeIPA crashes; (bso#14413).
+ Add net-ads-join dnshostname=fqdn option; (bso#14396)
+ Fix adding msDS-AdditionalDnsHostName to keytab with
Windows DC; (bso#14406).
+ docs-xml: Update list of posible VFS operations for
vfs_full_audit; (bso#14386).
+ winbindd: Fix a use-after-free when winbind clients exit;
(bso#14382).
+ Client tools are not able to read gencache anymore;
(bso#14370).
- Update to samba 4.12.4
+ CVE-2020-10730: NULL de-reference in AD DC LDAP server when
ASQ and VLV combined; (bso#14364); (bsc#1173159)
+ CVE-2020-10745: invalid DNS or NBT queries containing dots use
several seconds of CPU each; (bso#14378); (bsc#1173160).
+ CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP
server with paged_result or VLV; (bso#14402); (bsc#1173161)
+ CVE-2020-14303: Endless loop from empty UDP packet sent to
AD DC nbt_server; (bso#14417); (bsc#1173359).
OBS-URL: https://build.opensuse.org/request/show/818624
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=633
- Update to samba 4.12.2
+ CVE-2020-10700: A client combining the 'ASQ' and
'Paged Results' LDAP controls can cause a use-after-free
in Samba's AD DC LDAP server;(bso#14331); (bsc#1169850)
+ CVE-2020-10704: A deeply nested filter in an un-authenticated
LDAP search can exhaust the LDAP server's stack memory causing
a SIGSEGV; (bso#14334); (bsc#1169851).
- Update to samba 4.12.1
+ nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14295);
+ samba-tool group: Handle group names with special chars correctly;
(bso#14296);
+ Add missing check for DMAPI offline status in async DOS attributes;
(bso#14293);
+ Starting ctdb node that was powered off hard before results in recovery
loop; (bso#14295);
+ smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs;
(bso#14307);
+ vfs_recycle: Prevent flooding the log if we're called on non-existant
paths; (bso#14316);
+ librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313);
+ nsswitch: Fix use-after-free causing segfault in _pam_delete_cred;
(bso#14327);
+ fruit:time machine max size is broken on arm; (bso#13622);
+ CTDB recovery corner cases can cause record resurrection and node
banning; (bso#14294);
+ s3/utils: Fix double free error with smbtree; (bso#14332);
+ CTDB recovery corner cases can cause record resurrection and node
banning; (bso#14294);
+ Starting ctdb node that was powered off hard before results in recovery
OBS-URL: https://build.opensuse.org/request/show/798848
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=629
- ndrdump tests: Make the tests less fragile
- python/samba/gp_parse: Fix test errors with python3.8
- Starting ctdb node that was powered off hard before results
in recovery loop; (bso#14295); (bsc#1162680).
- Update to samba 4.12.0
+ For details on all items see WHATSNEW.txt in samba-doc
package.
+ Samba 4.12 raises this minimum version to Python
3.5.
+ Samba now requires GnuTLS 3.4.7 to be installed.
+ New Spotlight backend for Elasticsearch.
+ Retiring DES encryption types in Kerberos. With this release,
support for DES encryption types has been removed from
Samba, and setting DES_ONLY flag for an account will cause
Kerberos authentication to fail for that account (see
RFC-6649).
+ Samba-DC: DES keys no longer saved in DB.
+ The netatalk VFS module has been removed.
+ The BIND9_FLATFILE DNS backend is deprecated in this release
and will be removed in the future.
+ CTDB changes
+ The ctdb_mutex_fcntl_helper periodically re-checks the
lock file.
+ Bugs
+ Retire DES encryption types in Kerberos; (bso#14202);
bsc#(1165574).
+ dsdb: Correctly handle memory in objectclass_attrs;
(bso#14258).
OBS-URL: https://build.opensuse.org/request/show/786416
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=627
- Fix nmbstatus not reporting detailed information about workgroups;
(bsc#1159464);
- Fix querying all names registered within broadcast area; (bso#8927);
- Update to samab 4.11.5
+ CVE-2019-14902: Replication of ACLs down subtree on
AD Directory is not automatic; (bso#12497); (bsc#1160850).
+ CVE-2019-19344: Fix server crash with
dns zone scavenging = yes; (bso#14050); (bsc#1160852).
+ CVE-2019-14907: server-side crash after charset conversion
failure (eg during NTLMSSP processing); (bso#14208);
(bsc#1160888).
- Update to samba 4.11.4
+ Ensure SMB1 cli_qpathinfo2() doesn't return an inode number;
(bso#14161).
+ Ensure we don't call cli_RNetShareEnum() on an SMB1
connection; (bso#14174).
+ NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in
SMBC_opendir_ctx; (bso#14176).
+ SMB2 - Ensure we use the correct session_id if encrypting
an interim response; (bso#14189).
+ Prevent smbd crash after invalid SMB1 negprot; (bso#14205).
+ printing: Fix %J substition; (bso#13745).
+ Remove now unneeded call to cmdline_messaging_context();
(bso#13925).
+ Fix incomplete conversion of former parametric options;
(bso#14069).
+ Fix sync dosmode fallback in async dosmode codepath;
(bso#14070).
+ vfs_fruit returns capped resource fork length; (bso#14171).
OBS-URL: https://build.opensuse.org/request/show/766660
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=624
- Update to samba 4.11.3
+ CVE-2019-14861: DNSServer RPC server crash, an authenticated user
can crash the DCE/RPC DNS management server by creating records
with matching the zone name; (bso#14138); (bsc#1158108).
+ CVE-2019-14870: DelegationNotAllowed not being enforced, the
DelegationNotAllowed Kerberos feature restriction was not being
applied when processing protocol transition requests (S4U2Self),
in the AD DC KDC; (bso#14187); (bsc#1158109).
OBS-URL: https://build.opensuse.org/request/show/755761
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=623
- Update to samba 4.11.0
+ For details on all items see WHATSNEW.txt in samba-doc
package
+ Python2 runtime support removed; python 3.4 or later required
+ Security improvements:
- SMB1 disabled by default
- lanman and plaintext authentication deprecated
- winbind: PAM_AUTH and NTLM_AUTH events logged
- GnuTLS 3.2 required; system FIPS mode setting honored
+ CephFS Snapshot integration, exposed as previous file
versions
+ ctdb changes:
- onnode -o option removed
- ctdbd logs when using more than 90% of a CPU thread
- CTDB_MONITOR_SWAP_USAGE variable removed
+ AD Domain controller improvements:
- Upgrade AD databse format
- BIND9_FLATFILE deprecated
- default process model chagned to prefork
- bind9 dns operation duration logging
- Default schema updated to 2012_R2; function level is
unchanged
- many performance improvements
+ Configuration webserver support removed
OBS-URL: https://build.opensuse.org/request/show/737886
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=621
- Fix build on newer systems by modifying samba.spec to use
consistent non-relative paths for pammodules in configure line
and specification of pam_winbind.so library to package.
- Update to samba 4.10.7
+ Unable to create or rename file/directory inside shares
configured with vfs_glusterfs_fuse module; (bso#14010).
+ build: Allow build when '--disable-gnutls' is set; (bso#13844)
+ samba-tool: Add 'import samba.drs_utils' to fsmo.py;
(bso#13973).
+ Fix 'Error 32 determining PSOs in system' message on old DB
with FL upgrade; (bso#14008).
+ s4/libnet: Fix joining a Windows pre-2008R2 DC; (bso#14021)
+ join: Use a specific attribute order for the DsAddEntry
nTDSDSA object; (bso#14046).
+ vfs_catia: Pass stat info to synthetic_smb_fname();
(bso#14015).
+ lookup_name: Allow own domain lookup when flags == 0;
(bso#14091).
+ s4 librpc rpc pyrpc: Ensure tevent_context deleted last;
(bso#13932).
+ DEBUGC and DEBUGADDC doesn't print into a class specific log
file; (bso#13915).
+ Request to keep deprecated option "server schannel",
VMWare Quickprep requires "auto"; (bso#13949).
+ dbcheck: Fallback to the default tombstoneLifetime of 180 days;
(bso#13967).
+ dnsProperty fails to decode values from older Windows versions;
(bso#13969).
+ samba-tool: Use only one LDAP modify for dns partition fsmo
OBS-URL: https://build.opensuse.org/request/show/727708
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=619
- Update to samba-4.10.2:
+ CVE-2019-3870 (World writable files in
Samba AD DC private/ dir); (bso#13834).
+ CVE-2019-3880 (Save registry file outside share as
unprivileged user); (bso#13851).
+ py/kcc_utils: py2.6 compatibility; (bso#13837).
+ libcli: permit larger values of DataLength in
SMB2_ENCRYPTION_CAPABILITIES of negotiate response;
(bso#13869).
+ regfio: Improve handling of malformed registry hive files;
(bso#13840).
+ ctdb-version: Simplify version string usage; (bso#13789).
+ lib: Make fd_load work for non-regular files; (bso#13859).
+ dbcheck: in the middle of the tombstone garbage collection
causes replication failures,
dbcheck: add --selftest-check-expired-tombstones cmdline
option; (bso#13816).
+ ndr_spoolss_buf: Fix out of scope use of stack variable in
NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818).
+ s4/messaging: Fix undefined reference in linking
libMESSAGING-samba4.so; (bso#13854).
+ acl_read: Fix regression for empty lists; (bso#13836).
+ s4:dlz make b9_has_soa check dc=@ node; (bso#13841).
+ s3:client: Fix printing via smbspool backend with kerberos
auth; (bso#13832).
+ s4:librpc: Fix installation of Samba; (bso#13847).
+ s3:lib: Fix the debug message for adding cache entries;
(bso#13848).
+ s3:utils: Add 'smbstatus -L --resolve-uids' to show username;
(bso#13793).
+ s3:lib: Fix the debug message for adding cache entries;
(bso#13848).
+ s3:waf: Fix the detection of makdev() macro on Linux;
(bso#13853).
* ctdb-build: Drop creation of .distversion in tarball;
(bso#13789).
* ctdb-packaging: Test package requires tcpdump, ctdb package
should not own system library directory; (bso#13838).
- Update to samba-4.10.1:
+ py/kcc_utils: py2.6 compatibility; (bso#13837);
+ libcli: permit larger values of DataLength in
SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869);
+ regfio: Improve handling of malformed registry hive files; (bso#13840);
+ ctdb-version: Simplify version string usage; (bso#13789);
+ lib: Make fd_load work for non-regular files; (bso#13859);
+ dbcheck in the middle of the tombstone garbage collection causes
replication failures, dbcheck: add --selftest-check-expired-tombstones
cmdline option; (bso#13816);
+ ndr_spoolss_buf: Fix out of scope use of stack variable in
NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818);
+ s4/messaging: Fix undefined reference in linking
libMESSAGING-samba4.so; (bso#13854);
+ acl_read: Fix regression for empty lists; (bso#13836);
+ s4:dlz make b9_has_soa check dc=@ node; (bso#13841);
+ s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832);
+ s4:librpc: Fix installation of Samba; (bso#13847);
+ s3:lib: Fix the debug message for adding cache entries; (bso#13848);
+ s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793);
+ s3:lib: Fix the debug message for adding cache entries; (bso#13848);
+ s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853);
+ ctdb-build: Drop creation of .distversion in tarball; (bso#13789);
+ ctdb-packaging: Test package requires tcpdump, ctdb package
should not own system library directory; (bso#13838);
- Update to samba-4.10.0:
+ s4-server: Open and close a transaction on sam.ldb at startup; (bso#13760);
+ access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
+ s4/scripting/bin: Open unicode files with utf8 encoding and write
+ unicode string.
+ sambaundoguididx: Use the right escaped oder unescaped sam ldb
files; (bso#13759);
+ Fix idmap cache pollution with S-1-22- IDs on winbind hickup; (bso#13813);
+ passdb: Update ABI to 0.27.2.
+ lib/winbind_util: Add winbind_xid_to_sid for --without-winbind; (bso#13813);
+ lib:util: Move debug message for mkdir failing to log level 1; (bso#13823);
OBS-URL: https://build.opensuse.org/request/show/696786
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=615
- Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153).
- Fix update-apparmor-samba-profile script after apparmor switched
to using named profiles. The change is backwards compatible;
(bsc#1126377);
- LoadParm().load_default() fails with "Unable to load default file";
(bsc#1089758);
- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);
OBS-URL: https://build.opensuse.org/request/show/681723
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=246
- Fix update-apparmor-samba-profile script after apparmor switched
to using named profiles. The change is backwards compatible;
(bsc#1126377);
- LoadParm().load_default() fails with "Unable to load default file";
(bsc#1089758);
- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=614
- Update to samba-4.9.4
+ libcli/smb: Don't overwrite status code; (bso#9175).
+ wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164).
+ Session setup reauth fails to sign response; (bso#13661).
+ vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677).
+ vfs_shadow_copy2: Nicely deal with attempts to open previous
version for writing; (bso#13688).
+ Restoring previous version of stream with vfs_shadow_copy2 fails
with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455).
+ CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571).
+ s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708)
+ PEP8: fix E231: missing whitespace after ','.
+ winbindd: Fix crash when taking profiles;(bso#13629)
+ CVE-2018-14629 dns: Fix CNAME loop prevention using counter
regression; (bso#13600)
+ 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686).
+ CVE-2018-16853: Do not segfault if client is not set; (bso#13571).
+ lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679)
+ ctdb-daemon: Exit with error if a database directory does not
exist; (bso#13696).
+ s3:libads: Add net ads leave keep-account option; (bso#13498).
- Drop more %if..%endif guards which are idempotent.
- Drop requires on ldconfig which are already auto-discovered.
- Do not ignore errors from useradd/groupadd.
OBS-URL: https://build.opensuse.org/request/show/664621
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=245
- Update to samba-4.9.4
+ libcli/smb: Don't overwrite status code; (bso#9175).
+ wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164).
+ Session setup reauth fails to sign response; (bso#13661).
+ vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677).
+ vfs_shadow_copy2: Nicely deal with attempts to open previous
version for writing; (bso#13688).
+ Restoring previous version of stream with vfs_shadow_copy2 fails
with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455).
+ CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571).
+ s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708)
+ PEP8: fix E231: missing whitespace after ','.
+ winbindd: Fix crash when taking profiles;(bso#13629)
+ CVE-2018-14629 dns: Fix CNAME loop prevention using counter
regression; (bso#13600)
+ 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686).
+ CVE-2018-16853: Do not segfault if client is not set; (bso#13571).
+ lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679)
+ ctdb-daemon: Exit with error if a database directory does not
exist; (bso#13696).
+ s3:libads: Add net ads leave keep-account option; (bso#13498).
- Drop more %if..%endif guards which are idempotent.
- Drop requires on ldconfig which are already auto-discovered.
- Do not ignore errors from useradd/groupadd.
OBS-URL: https://build.opensuse.org/request/show/664132
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=612
- Update to samba-4.9.3
+ CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD
Internal DNS server; (bso#13600); (bsc#1116319);
+ CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628);
(bsc#1116320);
+ CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server;
(bso#13674); (bsc#1116322);
+ CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers;
(bso#13669); (bsc#1116321);
+ CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported); (bso#13678); (bsc#1116324);
+ CVE-2018-16857: Bad password count in AD DC not always effective;
window; (bso#13683); (bsc#1116323);
- Update to samba-4.9.2
+ dsdb: Add comments explaining the limitations of our current backlink
behaviour; (bso#13418);
+ Fix problems running domain backups (handling SMBv2, sites); (bso#13621);
+ testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3;
(bso#13465);
+ Make vfs_fruit able to cleanup AppleDouble files; (bso#13642);
+ File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646);
+ Enabling vfs_fruit looses FinderInfo; (bso#13649);
+ Cancelling of SMB2 aio reads and writes returns wrong error
NT_STATUS_INTERNAL_ERROR; (bso#13667);
+ Fix CTDB recovery record resurrection from inactive nodes and simplify
vacuuming; (bso#13641);
+ examples: Fix the smb2mount build; (bso#13465);
+ libtevent: Fix build due to missing open_memstream on Illiumos;
(bso#13629);
+ winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662);
+ dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path;
(bso#13653);
+ Extended DN SID component missing for member after switching group
membership; (bso#13418);
+ Return STATUS_SESSION_EXPIRED error encrypted, if the request was
encrypted; (bso#13624);
+ python: Allow forced signing via smb.SMB(); (bso#13621);
+ lib:socket: If returning early, set ifaces; (bso#13665);
+ ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8
encoded unicode; (bso#13616);
+ smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute;
(bso#13673);
+ waf: Add -fstack-clash-protection; (bso#13601);
+ winbind: Fix segfault if an invalid passdb backend is configured;
(bso#13668);
+ Fix bugs in CTDB event handling; (bso#13659);
+ Misbehaving nodes are sometimes not banned; (bso#13670);
OBS-URL: https://build.opensuse.org/request/show/652450
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=608
- Update to samba-4.9.0
+ samba_dnsupdate: Honor 'dns zone scavenging' option, only update if
needed; (bso#13605);
+ wafsamba: Fix 'make -j<jobs>'; (bso#13606);
- Update to samba-4.9.0rc5
+ s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only
returns absolute pathnames; (bso#13565);
+ s3: util: Do not take over stderr when there is no log file; (bso#13578);
+ Durable Reconnect fails because cookie.allow_reconnect is not
set; (bso#13549);
+ krb5-samba: Interdomain trust uses different salt principal; (bso#13539);
+ vfs_fruit: Don't unlink the main file; (bso#13441);
+ smbd: Fix a memleak in async search ask sharemode; (bso#13602);
+ Fix Samba GPO issue when Trust is enabled; (bso#11517);
+ samba-tool: Add "virtualKerberosSalt" attribute to
'user getpassword/syncpasswords'; (bso#13539);
+ Fix CTDB configuration issues; (bso#13589);
+ ctdbd logs an error until it can successfully connect to
eventd; (bso#13592);
- Update to samba-4.9.0rc4
+ s3: smbd: Ensure get_real_filename() copes with empty
pathnames; (bso#13585);
+ samba domain backup online/rename commands force user to specify
password on CLI; (bso#13566);
+ wafsamba/samba_abi: Always hide ABI symbols which must be
local; (bso#13579);
+ Fix a panic if fruit_access_check detects a locking conflict; (bso#13584);
+ Fix memory and resource leaks; (bso#13567);
+ python: Fix print in dns_invalid.py; (bso#13580);
+ Aliasing issue causes incorrect IPv6 checksum; (bso#13588);
+ Fix CTDB configuration issues; (bso#13589);
+ s3: vfs: time_audit: fix handling of token_blob in
smb_time_audit_offload_read_recv(); (bso#13568);
- Update to samba-4.9.0rc3+git.22.3fff23ae36e
+ CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
returns from malicious servers; (bso#13453);
+ CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query
with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374);
+ CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
not servicePrincipalName is set on a user; (bso#13552);
+ CVE-2018-10919: acl_read: Fix unauthorized attribute access via
searches; (bso#13434);
+ ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540);
+ CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
is disabled via "ntlm auth"; (bso#13360);
+ s3-tldap: do not install test_tldap; (bso#13529);
+ ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540);
+ CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
ltdb_index_dn_attr(); (bso#13374);
+ ctdb-eventd: Fix CID 1438155; (bso#13554);
+ Fix CIDs 1438243, (Unchecked return value) 1438244
(Unsigned compared against 0), 1438245 (Dereference before null check) and
1438246 (Unchecked return value); (bso#13553);
+ ctdb: Fix a cut&paste error; (bso#13554);
+ systemd: Only start smb when network interfaces are up; (bso#13559);
+ Fix quotas don't work with SMB2; (bso#13553);
+ s3/smbd: Ensure quota code is only called when quota support
detected; (bso#13563);
+ s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204);
+ s3:waf: Install eventlogadm to /usr/sbin; (bso#13561);
+ Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);
- Update to samba-4.9.0rc2+git.21.a1069afb007
+ s3: smbd: Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537);
+ s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check();
(bso#13535);
+ samba-tool trust: Support discovery via netr_GetDcName; (bso#13538);
+ s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542);
+ Fix portability issues on freebsd; (bso#13520);
+ DNS wildcard search does not handle multiple labels correctly; (bso#13536);
+ samba-tool domain trust: Fix trust compatibility to Windows
Server 1709 and FreeIPA; (bso#13308);
+ Fix portability issues on freebsd; (bso#13520);
+ ctdb-protocol: Fix CTDB compilation issues; (bso#13545);
+ ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT
option; (bso#13546);
+ ctdb-doc: Provide an example script for migrating old
configuration; (bso#13550);
+ ctdb-event: Implement event tool "script list" command; (bso#13551);
OBS-URL: https://build.opensuse.org/request/show/635794
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=602
- Update to samba-4.8.4+git.37.a7a861d7982;
+ CVE-2018-1139: Weak authentication protocol allowed;
(bsc#1095048); (bsc#13360);
+ CVE-2018-1140: Denial of Service Attack on DNS and LDAP server;
(bsc#1095056); (bso#13466); (bso#13374);
+ CVE-2018-10858: Insufficient input validation on client directory
listing in libsmbclient; (bsc#1103411); (bso#13453);
+ CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server;
(bsc#1103414); (bso#13552);
+ CVE-2018-10919: Confidential attribute disclosure from the AD
LDAP server; (bsc#1095057); (bso#13434);
+ s3:winbind: winbind normalize names' doesn't work for users;
(bso#12851);
+ winbind: Fix UPN handling in canonicalize_username(); (bso#13369);
+ s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428);
+ samdb: Fix building Samba with gcc 8.1; (bso#13437);
+ s3:utils: Do not segfault on error in DoDNSUpdate(); (bso#13440);
+ smbd: Flush dfree memcache on service reload; (bso#13446);
+ ldb: Save a copy of the index result before calling the
+ lib/util: No Backtrace given by Samba's AD DC by default;
(bso#13454).
+ s3: smbd: printing: Re-implement delete-on-close semantics for
print files missing since 3.5.x; (bso#13457).
+ python: Fix talloc frame use in make_simple_acl(); (bso#13474).
+ krb5_wrap: Fix keep_old_entries logic for older Kerberos
libraries;(bso#13478).
+ krb5_plugin: Add winbind localauth plugin for MIT Kerberos;
(bso#13480).
OBS-URL: https://build.opensuse.org/request/show/629523
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=600
- Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is
required by some client libs; (bsc#1074135);
- Update to 4.8.1; (bsc#1091179);
+ s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error,
we don't own it here; (bso#13244);
+ s3: smbd: Fix possible directory fd leak if the underlying OS doesn't
support fdopendir(); (bso#13270);
+ Round-tripping ACL get/set through vfs_fruit will increase the number of
ACE entries without limit; (bso#13319);
+ s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit
issues; (bso#13347);
+ s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without
delete access; (bso#13358);
+ s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372);
+ s3: smbd: Unix extensions attempts to change wrong field in fchown call;
(bso#13375);
+ ms_schema/samba-tool visualize: Fix python2.6 incompatibility;
(bso#13337);
+ Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352);
+ Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
+ winbindd: Recover loss of netlogon secure channel in case the peer DC is
rebooted; (bso#13332);
+ s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363);
+ ctdb-client: Fix bugs in client code; (bso#13356);
+ ctdb-scripts: Drop "net serverid wipe" from 50.samba event script;
(bso#13359);
+ s3: lib: messages: Don't use the result of sec_init() before calling
sec_init(); (bso#13368);
+ libads: Fix the build '--without-ads'; (bso#13273);
+ winbind: Keep "force_reauth" in invalidate_cm_connection, add
'smbcontrol disconnect-dc'; (bso#13332);
+ vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343);
+ dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367);
+ rpc_server: Fix core dump in dfsgetinfo; (bso#13370);
+ smbclient: Fix notify; (bso#13382);
+ Fix smbd panic if the client-supplied channel sequence number wraps;
(bso#13215);
+ Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
+ lib/util: Remove unused '#include <sys/syscall.h>' from tests/tfork.c;
(bso#13342);
+ Fix build errors with cc from developerstudio 12.5 on Solaris;
(bso#13343);
+ Fix the picky-developer build on FreeBSD 11; (bso#13344);
+ s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345);
+ s3:smbd: map nterror on smb2_flush errorpath; (bso#13338);
+ lib:replace: Fix linking when libtirpc-devel overwrites system headers;
(bso#13341);
+ winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid
query; (bso#13312);
+ s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376);
+ Allow AESNI to be used on all processor supporting AESNI; (bso#13302);
OBS-URL: https://build.opensuse.org/request/show/603033
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=597
- Update to 4.7.5; (bsc#1080545);
+ smbd tries to release not leased oplock during oplock II downgrade;
(bso#13193);
+ Fix copying file with empty FinderInfo from Windows client to Samba share
with fruit; (bso#13181);
+ build: Deal with recent glibc sunrpc header removal; (bso#10976);
+ Make Samba work with tirpc and libnsl2; (bso#13238);
+ vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208);
(bsc#1075206);
+ Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
(bso#12986);
+ ctdb-recovery-helper: Deregister message handler in error paths;
(bso#13188);
+ samba: Only use async signal-safe functions in signal handler; (bso#13240);
+ Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
(bso#12986);
+ repl_meta_data: Fix linked attribute corruption on databases
with unsorted links on expunge. dbcheck: Add functionality to fix the
corrupt database; (bso#13228);
+ Fix smbd panic when chdir returns error during exit; (bso#13189);
+ Make Samba work with tirpc and libnsl2; (bso#13238);
+ Fix POSIX ACL support on HPUX and possibly other big-endian OSs;
(bso#13176);
- Update to 4.7.4; (bsc#1080545);
+ s3: smbclient: Implement 'volume' command over SMB2; (bso#13140);
+ s3: libsmb: Fix valgrind read-after-free error in
cli_smb2_close_fnum_recv(); (bso#13171);
+ s3: libsmb: Fix reversing of oldname/newname paths when creating a
reparse point symlink on Windows from smbclient; (bso#13172);
+ Build man page for vfs_zfsacl.8 with Samba; (bso#12934);
+ repl_meta_data: Allow delete of an object with dangling backlinks;
(bso#13095);
+ s4:samba: Fix default to be running samba as a deamon; (bso#13129);
+ Performance regression in DNS server with introduction of DNS wildcard,
ldb: Release 1.2.3; (bso#13191);
+ vfs_zfsacl: Fix compilation error; (bso#6133);
+ "smb encrypt" setting changes are not fully applied until full smbd
restart; (bso#13051);
+ winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052);
+ vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155);
+ winbindd: Dependency on trusted-domain list in winbindd in critical auth
codepath; (bso#13173);
+ repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120);
+ ctdb: sock_daemon leaks memory; (bso#13153);
+ TCP tickles not getting synchronised on CTDB restart; (bso#13154);
+ winbindd: winbind parent and child share a ctdb connection; (bso#13150);
+ pthreadpool: Fix deadlock; (bso#13170);
+ pthreadpool: Fix starvation after fork; (bso#13179);
+ messaging: Always register the unique id; (bso#13180);
+ s4/smbd: set the process group; (bso#13129);
+ Fix broken linked attribute handling; (bso#13095);
+ The KDC on an RWDC doesn't send error replies in some situations;
(bso#13132);
+ libnet_join: Fix 'net rpc oldjoin'; (bso#13149);
+ g_lock conflict detection broken when processing stale entries;
(bso#13195);
+ s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired
sessions; (bso#13197);
+ s3:libads: net ads keytab list fails with "Key table name malformed";
(bso#13166); (bsc#1067700);
+ Fix crash in pthreadpool thread after failure from pthread_create;
(bso#13170);
+ s4:samba: Allow samba daemon to run in foreground; (bso#13129);
(bsc#1065551);
+ third_party: Link the aesni-intel library with "-z noexecstack";
(bso#13174);
+ vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I"
options; (bso#13125);
OBS-URL: https://build.opensuse.org/request/show/575830
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=581
- smbc_opendir should not return EEXIST with invalid login credentials;
(bnc#1065868).
- Update to 4.7.3; (bsc#1069666);
+ Non-smbd processes using kernel oplocks can hang smbd;
(bso#13121);
+ python: use communicate to fix Popen deadlock; (bso#13127);
+ smbd on disk file corruption bug under heavy threaded load;
(bso#13130);
+ tevent: version 0.9.34; (bso#13130);
+ s3: smbd: Fix delete-on-close after smb2_find; (bso#13118);
+ CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug;
(bsc#1060427);(bso#13041);
+ CVE-2017-15275: s3: smbd: Chain code can return uninitialized
memory when talloc buffer is grown; (bsc#1063008); (bso#13077);
- Build with AD DC support only in openSUSE.
OBS-URL: https://build.opensuse.org/request/show/546497
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=579
- Run all daemons in the foreground and let systemd handle it; (bsc#1065551).
- Update to 4.7.1;
+ Fix exporting subdirs with shadow_copy2; (bso#13091);
+ Currently if getwd() fails after a chdir(), we panic; (bso#13027);
+ Ensure default SMB_VFS_GETWD() call can't return a partially completed
struct smb_filename; (bso#13068);
+ sys_getwd() can leak memory or possibly return the wrong errno on older
systems; (bso#13069);
+ smbclient doesn't correctly canonicalize all local names before use;
(bso#13093);
+ Fix broken linked attribute handling; (bso#13095);
+ Missing LDAP query escapes in DNS rpc server; (bso#12994);
+ Link to -lbsd when building replace.c by hand; (bso#13087);
+ Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem;
(bso#6133);
+ Map SYNCHRONIZE acl permission statically in zfs_acl vfs module;
(bso#7909);
+ Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module;
(bso#7933);
+ Missing assignment in sl_pack_float; (bso#12991);
+ Wrong Samba access checks when changing DOS attributes; (bso#12995);
+ samba_runcmd_send() leaves zombie processes on timeout; (bso#13062);
+ groupmap cleanup should not delete BUILTIN mappings; (bso#13065);
+ Enabling vfs_fruit results in loss of Finder tags and other xattrs;
(bso#13076);
+ man pages: Properly ident lists; (bso#9613);
+ smb.conf.5: Sort parameters alphabetically; (bso#13081);
+ Fix GUID string format on GetPrinter info; (bso#12993);
+ Remote serverid check doesn't check for the unique id; (bso#13042);
+ CTDB starts consuming memory if there are dead nodes in the cluster;
(bso#13056);
+ ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070);
+ libgpo doesn't sort the GPOs in the correct order; (bso#13046);
+ Remote serverid check doesn't check for the unique id; (bso#13042);
+ vfs_catia: Fix a potential memleak; (bso#13090);
+ Fix file change notification for renames; (bso#12903);
+ Samba DNS server does not honour wildcards; (bso#12952);
+ Can't change password in samba from a Windows client if Samba runs on
IPv6 only interface; (bso#13079);
+ vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086);
+ Apple client can't cope with SMB2 async replies when creating symlinks;
(bso#13047);
+ s4:rpc_server:backupkey: Move variable into scope; (bso#12959);
+ Fix ntstatus_gen.h generation on 32bit; (bso#13099);
+ Fix a double free in vfs_gluster_getwd(); (bso#13100);
+ Fix resouce leaks and pointer issues; (bso#13101);
+ vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);
OBS-URL: https://build.opensuse.org/request/show/539834
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=576
- Update to 4.7.0;
+ Whole DB read locks: Improved LDAP and replication consistency;
(bso#12858).
+ Samba AD with MIT Kerberos
+ Dynamic RPC port range: Default range changed from "1024-1300" to
"49152-65535".
+ Authentication and Authorization audit support: New auth_audit debug
class.
+ Multi-process LDAP Server: The LDAP server in the AD DC now honours
the process model used for the rest of the 'samba' process.
+ Improved Read-Only Domain Controller (RODC) Support; (bso#12977).
+ Additional password hashes stored in supplementalCredentials.
+ Improvements to DNS during Active Directory domain join.
+ Significant AD performance and replication improvements.
+ Query record for open file or directory.
+ Removal of lpcfg_register_defaults_hook().
+ Change of loadable module interface.
+ SHA256 LDAPS Certificates: The self-signed certificate generated for use
on LDAPS will now be generated with a SHA256 self-signature, not a SHA1
self-signature.
+ CTDB no longer allows mixed minor versions in a cluster.
+ CTDB now ignores hints from Samba about TDB flags when attaching to
databases.
+ New configuration variable CTDB_NFS_CHECKS_DIR.
+ The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed.
+ The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed.
+ The example NFS Ganesha call-out has been improved.
+ A new "replicated" database type is available.
OBS-URL: https://build.opensuse.org/request/show/532129
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=573
- Update to 4.6.5; (bsc#1040157)
+ Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at
startup; (bso#12814).
+ vfs_expand_msdfs tries to open the remote address as a file path;
(bso#12687).
+ PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type);
(bso#12798).
+ With clustering get update_num_read_oplocks failed and PANIC:
num_share_modes == 1 assertion failure; (bso#11844).
+ contend_level2_oplocks_begin_default oplock optimisation doesn't carry
over to leases; (bso#12766).
+ `ctdb nodestatus` incorrectly displays status for all nodes with wrong
exit code; (bso#12802).
+ CTDB can spin hard on revoking readonly delegations if a node becomes
disconnected; (bso#12697).
+ Printing a share mode entry with leases can crash in the ndr code;
(bso#12793).
+ Fix flakey unit tests for eventd; (bso#12792).
+ CTDB daemon crashes if built with clang; (bso#12770).
+ smbcacls fails if no password is specified; (bso#12765).
+ idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757).
+ samba-tool user syncpasswords doesn't trigger the script when a user gets
removed; (bso#12767).
+ systemd: fix detection of libsystemd; (bso#12764).
+ Notify subsystem only maps first inotify mask to Windows notify filter;
(bso#12760).
+ Allow passing trusted domain password as plain-text to PASSDB layer;
(bso#12751).
+ Can't case-rename files with vfs_fruit; (bso#12749).
+ wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702).
OBS-URL: https://build.opensuse.org/request/show/501776
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=215
+ Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at
startup; (bso#12814).
+ vfs_expand_msdfs tries to open the remote address as a file path;
(bso#12687).
+ PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type);
(bso#12798).
+ With clustering get update_num_read_oplocks failed and PANIC:
num_share_modes == 1 assertion failure; (bso#11844).
+ contend_level2_oplocks_begin_default oplock optimisation doesn't carry
over to leases; (bso#12766).
+ `ctdb nodestatus` incorrectly displays status for all nodes with wrong
exit code; (bso#12802).
+ CTDB can spin hard on revoking readonly delegations if a node becomes
disconnected; (bso#12697).
+ Printing a share mode entry with leases can crash in the ndr code;
(bso#12793).
+ Fix flakey unit tests for eventd; (bso#12792).
+ CTDB daemon crashes if built with clang; (bso#12770).
+ smbcacls fails if no password is specified; (bso#12765).
+ idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757).
+ samba-tool user syncpasswords doesn't trigger the script when a user gets
removed; (bso#12767).
+ systemd: fix detection of libsystemd; (bso#12764).
+ Notify subsystem only maps first inotify mask to Windows notify filter;
(bso#12760).
+ Allow passing trusted domain password as plain-text to PASSDB layer;
(bso#12751).
+ Can't case-rename files with vfs_fruit; (bso#12749).
+ wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=563
- Update to 4.6.2
+ remove bso#12721 patches now upstream
- Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622).
+ x86-64 and aarch64
- Enable librados CTDB lock helper for samba-ceph package; (fate#321622).
- Build and install the html man pages (bsc#1021907).
- Fix CVE-2017-2619 regression with "follow symlinks = no";
(bso#12721).
- Update to 4.6.1
+ symlink race permits opening files outside share directory;
CVE-2017-2619; (bso#12496); (bsc#1027147)
+ testparm checks for valid idmap parameters
+ add new krb client encryption types
+ support for printer driver upload from windows 10
+ inherit owner = 'unix only' for improved quota support
+ improved CTDB event support
+ new primary group support for idmap_ad
+ idmap_hash deprecated
+ mvxattr added to recursively rename extended attributes
- Remove chkconfig requirements for systemd systems
- Don't call insserv if systemd is used
- Fix check if we need to require insserv
OBS-URL: https://build.opensuse.org/request/show/487103
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=210
- Revert the SLPP massacre from Feb 17 2016: comply to the shared
library packaging policy for as long as there are public headers
and pkgconfig files being installed. An upstream claim of
'something' being private does not make it private as long as
public headers are installed.
You can evaluate the entire diff created between the openSUSE:Factory (current) package
towards this branch with the revert, using:
osc rdiff openSUSE:Factory samba home:dimstar:Factory samba
Which should make this long diff less scary.
OBS-URL: https://build.opensuse.org/request/show/389457
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=538
Else the directory is missing at install time and the relocating mv
command stacked one dir into the next with the same name. The last
remaining lock file then later got replaced by the dir created by the
samba (main) package.
Adding a ending / to the destination also of lock and private ensures
this will not bit us again.
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=529
- Add quotes around path of update-apparmor-samba-profile; (bnc#962177).
- Remove autoconf build-time requirement.
- Update to 4.3.4.
+ vfs_fruit: Enable POSIX directory rename semantics; (bso#11065).
+ Crash: Bad talloc magic value - access after free; (bso#11394).
+ Copying files with vfs_fruit fails when using vfs_streams_xattr without
stream prefix and type suffix; (bso#11466).
+ samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given;
(bso#11613).
+ Fix a typo in the smb.conf manpage, explanation of idmap config;
(bso#11619).
+ Correctly initialize the list head when keeping a list of primary followed
by DFS connections; (bso#11624).
+ Reduce the memory footprint of empty string options; (bso#11625).
+ lib/async_req: Do not install async_connect_send_test; (bso#11639).
+ Fix typos in man vfs_gpfs; (bso#11641).
+ Make "hide dot files" option work with "store dos attributes = yes";
(bso#11645).
+ Fix a corner case of the symlink verification; (bso#11647); (bnc#960249).
+ Do not disable "store dos attributes" on-the-fly; (bso#11649).
+ Update lastLogon and lastLogonTimestamp; (bso#11659).
- Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249).
OBS-URL: https://build.opensuse.org/request/show/354145
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=196
- Update to 4.3.3.
+ Malicious request can cause Samba LDAP server to hang, spinning using CPU;
CVE-2015-3223; (bso#11325); (bnc#958581).
+ Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599);
(bnc#958586).
+ Insufficient symlink verification (file access outside the share);
CVE-2015-5252; (bso#11395); (bnc#958582).
+ No man in the middle protection when forcing smb encryption on the client
side; CVE-2015-5296; (bso#11536); (bnc#958584).
+ Currently the snapshot browsing is not secure thru windows previous version
(shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583).
+ Fix Microsoft MS15-096 to prevent machine accounts from being changed into
user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).
OBS-URL: https://build.opensuse.org/request/show/349211
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=195
+ Malicious request can cause Samba LDAP server to hang, spinning using CPU;
CVE-2015-3223; (bso#11325); (bnc#958581).
+ Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599);
(bnc#958586).
+ Insufficient symlink verification (file access outside the share);
CVE-2015-5252; (bso#11395); (bnc#958582).
+ No man in the middle protection when forcing smb encryption on the client
side; CVE-2015-5296; (bso#11536); (bnc#958584).
+ Currently the snapshot browsing is not secure thru windows previous version
(shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583).
+ Fix Microsoft MS15-096 to prevent machine accounts from being changed into
user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=514
This commit by intention reverts the
Do not provide and obsolete libpdb0 from libsamba-passdb0
change is the reported issue requires more investigation.
With the first suggested solution we have two issues:
a) a library name conflict as reported to Samba upstream at
https://bugzilla.samba.org/show_bug.cgi?id=10355
As libpdb depends heavily on other versioned shared Samba libraries
libpdb in the old version can't work alone. We'll end up in a
library missmatch.
b) libzypp (YaST/ zypper) pulls in libpdb0 _i586_ from the main openSUSE
13.2 repository for example
The actual package changes are:
- Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051).
- Package /var/lib/samba/msg with 0755 permissions; (bnc#945502).
- Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15
systems; (bnc#945013).
OBS-URL: https://build.opensuse.org/request/show/331893
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=190
- to enhance the previous commit
- do it in the post of the client which is required by winbind and the
main package; a potential race condition is the restart on update
mechanism if the main or winbind packages gets installed before the
client package
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=494
- Update to 4.2.3.
Check WHATSNEW.txt from the main tar ball, the web page, or the samba
package change log for a detailed list of changes.
- Disable rpath usage; (bnc#902421).
- Make the winbind package depend on the matching libwbclient version and
vice versa; (bnc#936909).
- Backport changes to use resource group sids obtained from pac logon_info;
(bso#11328); (bnc#912457)
OBS-URL: https://build.opensuse.org/request/show/316836
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=186
The remaining reference was required in pre-11.0 times. This is an
enhancement to r463 and the new package change log message is:
Remove the independently built libraries ldb, talloc, tdn, and tevent and
the post-10.3 renamed libsmbclient from baselibs.conf.
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=464
This request depends on network:samba:STABLE/talloc version 2.1.2 see
submit request 297171 https://build.opensuse.org/request/show/297171
- Update to 4.2.1.
Check WHATSNEW.txt from the main tar ball, the web page, or the samba
package change log for a detailed list of changes.
- Prevent samba package updates from disabling samba kerberos printing.
- Add sparse file support for samba; (fate#318424).
- Purge printer name cache on spoolss SetPrinter change; (bso#11210);
(bnc#901813).
- Use domain name if search by domain SID fails to send SIDHistory
lookups to correct idmap backend; (bnc#773464).
OBS-URL: https://build.opensuse.org/request/show/297173
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=182
Check WHATSNEW.txt from the main tar ball, the web page, or the samba
package change log for a detailed list of changes.
- Prevent samba package updates from disabling samba kerberos printing.
- Purge printer name cache on spoolss SetPrinter change; (bso#11210);
(bnc#901813).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=461
- Enable avahi support on post-12.2 systems.
- Update to 4.1.15.
+ pam_winbind: Fix warn_pwd_expire implementation; (bso#9056).
+ nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).
+ Fix profiles tool; (bso#9629).
+ s3-lib: Do not require a password with --use-ccache; (bso#10279).
+ s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control;
(bso#10949).
+ s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952).
+ s3:smb2_server: Allow reauthentication without signing; (bso#10958).
+ s3-smbclient: Return success if we listed the shares; (bso#10960).
+ s3-smbstatus: Fix exit code of profile output; (bso#10961).
+ libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows
client does; (bso#10966).
+ s3: smbd/modules: Fix *allocate* calls to follow POSIX error return
convention; (bso#10982).
+ Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute
'supported_extensions'; (bso#11006).
+ idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo;
(bso#11006).
+ winbind: Retry LogonControl RPC in ping-dc after session expiration;
(bso#11034).
- yast2-samba-client should be able to specify osName and osVer on
AD domain join; (bnc#873922).
- Fix spoolss error response marshalling; (bso#10984).
- Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031).
+ Fix handling of bad EnumJobs levels; (bso#10898).
- Prune idle or hung connections older than "winbind request timeout";
(bso#3204); (bnc#872912).
OBS-URL: https://build.opensuse.org/request/show/281307
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=177
+ pam_winbind: Fix warn_pwd_expire implementation; (bso#9056).
+ nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).
+ Fix profiles tool; (bso#9629).
+ s3-lib: Do not require a password with --use-ccache; (bso#10279).
+ s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control;
(bso#10949).
+ s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952).
+ s3:smb2_server: Allow reauthentication without signing; (bso#10958).
+ s3-smbclient: Return success if we listed the shares; (bso#10960).
+ s3-smbstatus: Fix exit code of profile output; (bso#10961).
+ libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows
client does; (bso#10966).
+ s3: smbd/modules: Fix *allocate* calls to follow POSIX error return
convention; (bso#10982).
+ Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute
'supported_extensions'; (bso#11006).
+ idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo;
(bso#11006).
+ winbind: Retry LogonControl RPC in ping-dc after session expiration;
(bso#11034).
- yast2-samba-client should be able to specify osName and osVer on
AD domain join; (bnc#873922).
- Fix spoolss error response marshalling; (bso#10984).
- Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031).
+ Fix handling of bad EnumJobs levels; (bso#10898).
- Prune idle or hung connections older than "winbind request timeout";
(bso#3204); (bnc#872912).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=446
- Exclude unwanted libdnsserver_common and libdfs_server_ad shared libs and
the man page of the unused findsmb script.
- Skip groups that aren't mapped by idmap_ad; (bso#10824); (bnc#897969).
- Update to 4.1.12.
See WHATSNEW.txt from the main tar ball or the samba.changes file for
more details.
- Wait for network-online.target to prevent caching of
pre-network failures; (bnc#889175).
OBS-URL: https://build.opensuse.org/request/show/252315
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=171
- Prevent file truncation on an open that fails with share mode violation;
(bso#10671); (bnc#884056).
- Update to 4.1.9.
+ Fix nmbd denial of service; CVE-2014-0244; (bnc#880962).
+ Fix segmentation fault in smbd_marshall_dir_entry()'s SMB_FIND_FILE_UNIX
handler; CVE-2014-3493; (bnc#883758).
See WHATSNEW.txt from the main tar ball or the samba.changes file for
more details.
OBS-URL: https://build.opensuse.org/request/show/238632
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=163
- Update to 4.1.7.
See WHATSNEW.txt from the main tar ball or the samba.changes file for
more details.
- Create a new DBus connection for every vfs_snapper request, to ensure
correct snapper UID detection; (bnc#866354).
- Fix "Invalid read" in method reply_writeclose; (bnc#873658).
- Fix minor compiler warnings in snapshot code-path; (bnc#873177).
- Remove references to the obsolete samba-krb-printing package and
get_printing_ticket binary.
- Fix malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response; (bnc#872396).
- User error strings instead of hex codes where possible for FSRVP
errors; (bnc#866927).
- Fix remote share shadow copy request UNCs; (bso#10521); (bnc#870957).
OBS-URL: https://build.opensuse.org/request/show/230698
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=158
- Depend only on %version with all manual Provides and Requires; (bnc#844307).
- Update to 4.1.6.
+ Password lockout not enforced for SAMR password changes; CVE-2013-4496;
(bnc#849224).
+ smbcacls can remove a file or directory ACL by mistake; CVE-2013-6442;
(bnc#855866).
- Password lockout not enforced for SAMR password changes;
CVE-2013-4496; (bnc#849224).
- Call update-apparmor-samba-profile via ExecStartPre too; (bnc#867665).
- samba4 smbcalcs --chown | --chgrp dacl regression; CVE-2013-6442;
(bnc#855866).
- Retry named pipe open requests on STATUS_PIPE_NOT_AVAILABLE; (bso#10484);
(bnc#865095).
OBS-URL: https://build.opensuse.org/request/show/225717
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=155
- Propagate snapshot enumeration permissions errors to SMB clients;
(bnc#865641).
- Properly handle empty 'requires_membership_of' entries in
/etc/security/pam_winbind.conf; (bnc#865771).
- Fix problem with server taking too long to respond to a
MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748).
- Fix memory leak in printer_list_get_printer(); (bso#9993); (bnc#865561).
- Fix stream_depot VFS module on Btrfs; (bso#10467); (bnc#865397).
OBS-URL: https://build.opensuse.org/request/show/224138
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=154
(bnc#865641).
- Properly handle empty 'requires_membership_of' entries in
/etc/security/pam_winbind.conf; (bnc#865771).
- Fix problem with server taking too long to respond to a
MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748).
- Fix memory leak in printer_list_get_printer(); (bso#9993); (bnc#865561).
- Fix stream_depot VFS module on Btrfs; (bso#10467); (bnc#865397).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=389
- Use libarchive to provide improved smbclient tarmode functionality;
(bso#9667); (bnc#861135).
- Depend on %version-%release with all manual Provides and Requires;
(bnc#844307).
- Update to 4.1.5.
+ Fix 100% CPU utilization in winbindd when trying to free memory in
winbindd_reinit_after_fork; (bso#10358); (bnc#786677).
+ smbd: Fix memory overwrites; (bso#10415).
+ s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done();
(bso#2191).
+ ntlm_auth sometimes returns the wrong username to mod_ntlm_auth_winbind;
(bso#10087).
+ s3: smbpasswd: Fix crashes on invalid input; (bso#10320).
+ s3: vfs_dirsort module: Allow dirsort to work when multiple simultaneous
directories are open; (bso#10406).
+ Add support for Heimdal's unified krb5 and hdb plugin system, cope with
first element in hdb_method having a different name in different heimdal
versions and fix INTERNAL ERROR: Signal 11 in the kdc pid; (bso#10418).
+ vfs_btrfs: Fix incorrect zero length server-side copy request handling;
(bso#10424).
+ s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we
can't cope with a symlink when lp_posix_pathnames() is true; (bso#10429).
+ smbd: Fix an ancient oplock bug; (bso#10436).
+ Fix crash bug in smb2_notify code; (bso#10442).
- Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293).
- Migrate @GMT token parsing functionality into vfs_snapper; (bnc#863079).
+ Improve vfs_snapper documentation.
- Fix Winbind 100% CPU utilization caused by domain list corruption;
(bso#10358); (bnc#786677).
- Fix memory overwrite in FSCTL_VALIDATE_NEGOTIATE_INFO handler; (bso#10415);
(bnc#862370).
- Streamline the vendor suffix handling and add support for SLE 12.
- Fix zero length server-side copy request handling; (bso#10424);
(bnc#862558).
- Set the PID directory to /run/samba on post-12.2 systems.
- Make use of the tmpfilesdir macro while calling systemd-tmpfiles.
- Make winbindd print the interface version when it gets an INTERFACE_VERSION
request; (bnc#726937).
- Fix vfs_btrfs build on older platforms with duplicate WRITE_FLUSH
definitions; (bnc#860832).
- Check for NULL gensec_security in gensec_security_by_auth_type();
(bnc#860809).
- Ensure ndr table initialization; (bnc#860648).
- Add File Server Remote VSS Protocol (FSRVP) server for SMB share
shadow-copies; (fate#313346).
- s3-dir: Fix the DOS clients against 64-bit smbd's; (bso#2662).
- shadow_copy2: module "Previous Version" not working in Windows 7;
(bso#10259).
- s3-passdb: Fix string duplication to pointers; (bso#10367).
- vfs/glusterfs: in case atime is not passed, set it to the current atime;
(bso#10384)
- s3: winbindd: Move calling setup_domain_child() into add_trusted_domain();
(bso#10358); (bnc#786677).
- Default sysconfig daemon options to -D; (bso#10388); (bnc#857454).
- Allow smbcacls to take a '--propagate-inheritance' flag to indicate that
the add, delete, modify and set operations now support automatic
propagation of inheritable ACE(s); (FATE#316474).
OBS-URL: https://build.opensuse.org/request/show/223503
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=153
- shadow_copy2: module "Previous Version" not working in Windows 7;
(bso#10259).
- s3-passdb: Fix string duplication to pointers; (bso#10367).
- vfs/glusterfs: in case atime is not passed, set it to the current atime;
(bso#10384)
- s3: winbindd: Move calling setup_domain_child() into add_trusted_domain();
(bso#10358); (bnc#786677).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=376
- Call stop_on_removal from preun and restart_on_update and insserv_cleanup
from postun on pre-12.3 systems only; (bnc#857454).
- BuildRequire gamin-devel instead of unmaintained fam-devel package on
post-12.1 systems.
- smbd: allow updates on directory write times on open handles; (bso#9870).
- lib/util: use proper include for struct stat; (bso#10276).
- s3:winbindd fix use of uninitialized variables; (bso#10280).
- s3-winbindd: Fix DEBUG statement in winbind_msg_offline(); (bso#10285).
- s3-lib: Fix %G substitution for domain users in smbd; (bso#10286).
- smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a
path for open; (bso#10297).
- smb2_server processing overhead; (bso#10298).
- ldb: bad if test in ldb_comparison_fold(); (bso#10305).
- Fix AIO with SMB2 and locks; (bso#10310).
- smbd: Fix a panic when a smb2 brlock times out; (bso#10311).
- vfs_glusterfs: Enable per client log file; (bso#10337).
- Add /etc/sysconfig/samba to the main and winbind package; (bnc#857454).
- Create /var/run/samba with systemd-tmpfiles on post-12.2 systems;
(bnc#856759).
- Fix broken rc{nmb,smb,winbind} sym links which should point to the service
binary on post-12.2 systems; (bnc#856759).
- Add Snapper VFS module for snapshot manipulation; (fate#313347).
+ dbus-1-devel required at build time.
- Add File Server Remote VSS Protocol (FSRVP) client for SMB share
shadow-copies; (fate#313345).
OBS-URL: https://build.opensuse.org/request/show/213213
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=150
- lib/util: use proper include for struct stat; (bso#10276).
- s3:winbindd fix use of uninitialized variables; (bso#10280).
- s3-winbindd: Fix DEBUG statement in winbind_msg_offline(); (bso#10285).
- s3-lib: Fix %G substitution for domain users in smbd; (bso#10286).
- smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a
path for open; (bso#10297).
- smb2_server processing overhead; (bso#10298).
- ldb: bad if test in ldb_comparison_fold(); (bso#10305).
- Fix AIO with SMB2 and locks; (bso#10310).
- smbd: Fix a panic when a smb2 brlock times out; (bso#10311).
- vfs_glusterfs: Enable per client log file; (bso#10337).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=362
- Update to 4.1.3.
+ DCE-RPC fragment length field is incorrectly checked; CVE-2013-4408;
(bnc#844720).
+ pam_winbind login without require_membership_of restrictions;
CVE-2012-6150; (bnc#853347).
- Make use of the full gpg pub key file name including the key ID.
- Add transparent file compression support; (fate#316266).
+ Implement FSCTL_GET_COMPRESSION and FSCTL_SET_COMPRESSION handlers.
+ Add FILE_ATTRIBUTE_COMPRESSED and FILE_NO_COMPRESSION support.
+ Extend vfs_btrfs VFS module to utilize get/set compression hooks.
- Add support for FSCTL_SRV_COPYCHUNK_WRITE; (fate#314770).
OBS-URL: https://build.opensuse.org/request/show/210027
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=148
- BuildRequire systemd on post-12.2 systems.
- Update to 4.1.2.
+ s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled; (bso#9091).
+ dfs_server: Use dsdb_search_one to catch 0 results as well as
NO_SUCH_OBJECT errors; (bso#10052).
+ Missing talloc_free can leak stackframe in error path; (bso#10187).
+ Fix memset used with constant zero length parameter; (bso#10190).
+ s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName';
(bso#10193).
+ Make offline logon cache updating for cross child domain group membership;
(bso#10194).
+ nsswitch: Fix short writes in winbind_write_sock; (bso#10195).
+ RW Deny for a specific user is not overriding RW Allow for a group;
(bso#10196).
+ vfs_glusterfs: Fix excessive debug output from vfs_gluster_open();
(bso#10224).
+ vfs_glusterfs: Implement proper mashalling/unmarshalling of ACLs;
(bso#10224).
+ VFS plugin was sending the actual size of the volume instead of the total
number of block units because of which windows was getting the wrong
volume capacity; (bso#10224).
+ libcli/smb: Fix smb2cli_ioctl*() against Windows 2008; (bso#10232).
+ xattr: Fix listing EAs on *BSD for non-root users; (bso#10247).
+ Fix the build of vfs_glusterfs; (bso#10253).
+ s3-winbindd: Fix cache_traverse_validate_fn failure for NDR cache entries;
(bso#10264).
+ util: Remove 32bit macros breaking strict aliasing; (bso#10269).
- Let gpg verify execution condition not fail on non SUSE systems.
- Add systemd support for post-12.2 systems.
OBS-URL: https://build.opensuse.org/request/show/207997
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=146
+ ACLs are not checked on opening an alternate data stream on a file or
directory; CVE-2013-4475; (bso#10229); (bnc#848101).
+ Private key in key.pem world readable; CVE-2013-4476; (bnc#848103).
- Private key in key.pem world readable; CVE-2013-4476; (bnc#848103).
- ACLs are not checked on opening an alternate data stream on a file or
directory; CVE-2013-4475; (bso#10229); (bnc#848101).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=347
The final 4.1.0 is scheduled for Friday, October 11.
The goal is to have native systemd files tested and added too.
- Update to 4.1.0rc4.
+ dsdb: Convert the full string from UTF16 to UTF8, including embedded
NULLs; (bso#8077).
+ python-samba-tool fsmo: Do not give an error on a successful role
transfer; (bso#9461).
+ dbwrap_ctdb: Treat empty records as non-existing; (bso#10008).
+ Raise the level of a debug when unable to open a printer; (bso#10118).
+ Add "acl allow execute always" parameter; (bso#10134).
+ vfs_shadow_copy2: Display previous versions correctly over SMB2;
(bso#10137).
+ smbd: Always clean up share modes after hard crash; (bso#10138).
+ Valid utf8 filenames cause "invalid conversion error" messages;
(bso#10139).
+ libcli/smb: Use SMB1 MID=0 for the initial Negprot; (bso#10144).
+ Samba SMB2 client code reads the wrong short name length in a directory
listing reply; (bso#10145).
+ libcli/smb: Only check the SMB2 session setup signature if required and
valid; (bso#10146).
+ Better document potential implications of a globally used "valid users";
(bso#10147).
+ cli_smb2_get_ea_list_path() failed to close file on exit; (bso#10149).
+ Not all OEM servers support the ALTNAME info level; (bso#10150).
+ Regression causes replication failure with Windows 2008R2 and deletes
Deleted Objects; (bso#10157).
+ Netbios related samba process consumes 100% CPU; (bso#10158).
+ Fix POSIX ACL mapping when setting DENY ACE's from Windows; (bso#10162).
- Add or polish the shared library package summaries and descriptions.
OBS-URL: https://build.opensuse.org/request/show/201529
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=141
+ dsdb: Convert the full string from UTF16 to UTF8, including embedded
NULLs; (bso#8077).
+ python-samba-tool fsmo: Do not give an error on a successful role
transfer; (bso#9461).
+ dbwrap_ctdb: Treat empty records as non-existing; (bso#10008).
+ Raise the level of a debug when unable to open a printer; (bso#10118).
+ Add "acl allow execute always" parameter; (bso#10134).
+ vfs_shadow_copy2: Display previous versions correctly over SMB2;
(bso#10137).
+ smbd: Always clean up share modes after hard crash; (bso#10138).
+ Valid utf8 filenames cause "invalid conversion error" messages;
(bso#10139).
+ libcli/smb: Use SMB1 MID=0 for the initial Negprot; (bso#10144).
+ Samba SMB2 client code reads the wrong short name length in a directory
listing reply; (bso#10145).
+ libcli/smb: Only check the SMB2 session setup signature if required and
valid; (bso#10146).
+ Better document potential implications of a globally used "valid users";
(bso#10147).
+ cli_smb2_get_ea_list_path() failed to close file on exit; (bso#10149).
+ Not all OEM servers support the ALTNAME info level; (bso#10150).
+ Regression causes replication failure with Windows 2008R2 and deletes
Deleted Objects; (bso#10157).
+ Netbios related samba process consumes 100% CPU; (bso#10158).
+ Fix POSIX ACL mapping when setting DENY ACE's from Windows; (bso#10162).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=341
Credits to Jan Engelhard who implemented the the split of the shared
libraies packaging as it is part of this submit request.
Systemd service files for nmb, smb, and winbind will follow soon.
- Require libndr-standard-devel due to gen_ndr/lsa.h from libpdb-devel.
- Add libdcerpc0, libdcerpc-atsvc0, libdcerpc-binding0, libdcerpc-samr0,
libgensec0, libndr0, libndr-krb5pac0, libndr-nbt0, libndr-standard0,
libpdb0, libregistry0, libsamba-credentials0, libsamba-hostconfig0,
libsamba-policy0, libsamba-util0, libsamdb0, libsmbclient-raw0, libsmbconf0,
libsmbldap0, and libtevent-util0 to baselibs.conf.
- Implement shared library packaging guidelines.
OBS-URL: https://build.opensuse.org/request/show/199779
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=140
- Update to 4.1.0rc3.
+ Fix working on site with Read Only Domain Controller; (bso#5917).
+ Add man page for vfs_syncops; (bso#7364).
+ Add man page for vfs_linux_xfs_sgid; (bso#7490).
+ When replicating DNS for bind9_dlz we need to create the server-DNS
account remotely; (bso#9091).
+ Winbind unable to retrieve user information from AD; (bso#9615).
+ winbind_lookup_names() fails because of NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
(bso#9899).
+ Build Samba 4.0.x on AIX with IBM XL C/C++; (bso#9911).
+ Add SMB2 and SMB3 support for smbclient; (bso#9974).
+ Add man pages for ntdb tools; (bso#10000).
+ Add man page for samba-regedit tool; (bso#10001).
+ ::1 added to nameserver on join; (bso#10030).
+ Fix memory leak in source3/lib/util.c:1493; (bso#10063).
+ Fix segmentation fault in 'net ads join'; (bso#10073).
+ Fix variable list in vfs_crossrename man page; (bso#10076).
+ s3-winbind: Fix a segfault passing NULL to a fstring argument; (bso#10082).
+ smbd: Fix async echo handler forking; (bso#10086).
+ MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba;
(bso#10097).
+ Honour output buffer length set by the client for SMB2 GetInfo requests;
(bso#10106).
+ Fix Winbind crashes on DC with trusted AD domains; (bso#10107).
+ Handle Dropbox (write-only-directory) case correctly in pathname lookup;
(bso#10114).
+ Masks incorrectly applied to UNIX extension permission changes;
(bso#10121).
- Correct interpackage dependencies; (bso#10129).
OBS-URL: https://build.opensuse.org/request/show/198926
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=138
+ Fix working on site with Read Only Domain Controller; (bso#5917).
+ Add man page for vfs_syncops; (bso#7364).
+ Add man page for vfs_linux_xfs_sgid; (bso#7490).
+ When replicating DNS for bind9_dlz we need to create the server-DNS
account remotely; (bso#9091).
+ Winbind unable to retrieve user information from AD; (bso#9615).
+ winbind_lookup_names() fails because of NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
(bso#9899).
+ Build Samba 4.0.x on AIX with IBM XL C/C++; (bso#9911).
+ Add SMB2 and SMB3 support for smbclient; (bso#9974).
+ Add man pages for ntdb tools; (bso#10000).
+ Add man page for samba-regedit tool; (bso#10001).
+ ::1 added to nameserver on join; (bso#10030).
+ Fix memory leak in source3/lib/util.c:1493; (bso#10063).
+ Fix segmentation fault in 'net ads join'; (bso#10073).
+ Fix variable list in vfs_crossrename man page; (bso#10076).
+ s3-winbind: Fix a segfault passing NULL to a fstring argument; (bso#10082).
+ smbd: Fix async echo handler forking; (bso#10086).
+ MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba;
(bso#10097).
+ Honour output buffer length set by the client for SMB2 GetInfo requests;
(bso#10106).
+ Fix Winbind crashes on DC with trusted AD domains; (bso#10107).
+ Handle Dropbox (write-only-directory) case correctly in pathname lookup;
(bso#10114).
+ Masks incorrectly applied to UNIX extension permission changes;
(bso#10121).
- Correct interpackage dependencies; (bso#10129).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=338
See http://lists.opensuse.org/opensuse-factory/2013-09/msg00022.html
with references to the upstream release schedule of Samba 4.1.0
4.1.0 RC 3 is scheduled for September 11 and GA for September 27.
- Define the source URL differently in the case of a release candidate.
- Update to 4.1.0rc2.
+ Add vfs_btrfs module.
+ Add support for server-side copy operations via the
SMB2 FSCTL_SRV_COPYCHUNK request.
+ Fix replication with --domain-crictical-only to fill in backlinks;
(bso#9029).
+ Windows 8 Roaming profiles fail; (bso#9678).
+ Fix crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol";
(bso#9820).
+ Windows error 0x800700FE when copying files with xattr names containing
":"; (bso#9992).
+ Do not delete an existing valid credential cache (s3-winbind); (bso#9994).
+ Fix segfault while reading incomplete session info; (bso#10003).
+ Missing integer wrap protection in EA list reading can cause server to
loop with DOS (CVE-2013-4124); (bso#10010).
+ Fix a 100% loop at shutdown time (smbd); (bso#10013).
+ Fix/improve debug options; (bso#10015).
+ Rename regedit to samba-regedit; (bso#10040).
+ Remove obsolete swat manpage and references; (bso#10041).
+ Fix crashes in socket_get_local_addr(); (bso#10042).
+ Allow to change the default location for Kerberos credential caches;
(bso#10043).
+ Remove a redundant inlined substitution of ACLs; (bso#10045).
+ nsswitch: Add OPT_KRB5CCNAME to avoid an error message; (bso#10048).
+ dsdb improvements; (bso#10056).
+ Linux kernel oplock breaks can miss signals; (bso#10064).
OBS-URL: https://build.opensuse.org/request/show/197338
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=137
+ Add vfs_btrfs module.
+ Add support for server-side copy operations via the
SMB2 FSCTL_SRV_COPYCHUNK request.
+ Fix replication with --domain-crictical-only to fill in backlinks;
(bso#9029).
+ Windows 8 Roaming profiles fail; (bso#9678).
+ Fix crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol";
+ Windows error 0x800700FE when copying files with xattr names containing
":"; (bso#9992).
+ Do not delete an existing valid credential cache (s3-winbind); (bso#9994).
+ Fix segfault while reading incomplete session info; (bso#10003).
+ Missing integer wrap protection in EA list reading can cause server to
loop with DOS (CVE-2013-4124); (bso#10010).
+ Fix a 100% loop at shutdown time (smbd); (bso#10013).
+ Rename regedit to samba-regedit; (bso#10040).
+ Remove obsolete swat manpage and references; (bso#10041).
+ Fix crashes in socket_get_local_addr(); (bso#10042).
+ Remove a redundant inlined substitution of ACLs; (bso#10045).
+ nsswitch: Add OPT_KRB5CCNAME to avoid an error message; (bso#10048).
+ dsdb improvements; (bso#10056).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=335
The huge difference in the package change log indeed was caused by the
parallel development of Samba 3 and 4.
- BuildRequire pyldb-devel.
- Add libnetapi0 and samba-libs to baselibs.conf.
- Update to 4.0.9.
+ Fix crash of Winbind after "ls -l /usr/local/samba/var/locks/sysvol";
(bso#9820).
+ s3-lib: Fix segmentation fault while reading incomplete session info;
(bso#10003).
+ smbd: Fix a 100% loop at shutdown time; (bso#10013).
+ Windows 8 Roaming profiles fail; (bso#9678).
+ Add UPN enumeration to passdb internal API; (bso#9779).
+ smbd: Cleanup disonnected durable handles; (bso#9930).
+ vfs_streams_xattr: Do not attempt to write empty attribute twice;
(bso#9970).
+ Fix Windows error 0x800700FE when copying files with xattr names
containing ":"; (bso#9992).
+ s3-winbind: Do not delete an existing valid credential cache; (bso#9994).
+ Fix excessive RID allocation; (bso#10014).
+ Add debugclass for DNS server; (bso#10015).
+ Fix/improve debug options; (bso#10015).
+ Allow to change the default location for Kerberos credential caches;
(bso#10043).
+ Linux kernel oplock breaks can miss signals; (bso#10064).
+ net ads join: Fix segmentation fault in
create_local_private_krb5_conf_for_domain; (bso#10073).
OBS-URL: https://build.opensuse.org/request/show/196786
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=136
- BuildRequire libxslt, libxslt1, or libxslt-tools depending on SUSE version.
- Require perl-base on SUSE systems only.
- Adjust group setting of the test-devel subpackage.
- Require perl-base from the pidl subpackage.
- Remove libdir/samba/ldb after install if we're building Samba without
Active Directory Domain Controller support.
- Remove unused ccache switch from the spec file.
- BuildRequire docbook-xsl-stylesheets and libxslt-tools to build the
man pages and add them to the package again.
- Build from the package from the top level directory; (bnc#794744).
- BuildRequire pytalloc-devel, python-tdb, and python-tevent.
- Also use out of tree builds of talloc, tdb, tevent, and ldb for pre-12.1
SUSE systems.
- Update to 4.0.7.
+ Fix a core dump with invalid lock order while opening/editing
or copying MS files; (bso#9794).
+ Fix crash bug from search of mail=; (bso#9967).
+ s3-rpc_server: Ensure we are root when starting and using gensec;
(bso#9465).
+ Add support for MX queries; (bso#9485).
+ dns: Delete dnsNode objects when they are empty; (bso#9559).
+ dns: Support larger queries when asking forwarder; (bso#9632).
+ s3:lib/server_mutex: Open mutex.tdb with CLEAR_IF_FIRST; (bso#9805).
+ Use of wrong RFC2307 primary group field; (bso#9880).
+ Check for system libtevent; (bso#9881).
+ is_printer_published GUID retrieval; (bso#9900).
+ Doc fixes for 4.0; (bso#9906).
+ Build fixes for 4.0 found during autoconf or debian packaging work;
(bso#9907).
+ build: Add missing new line to replaced python shebang line; (bso#9909).
+ PIE builds not supported; (bso#9910).
+ s4:winbind: Don't leak libnet_context into the main event context;
(bso#9929).
+ Fix a bug of drvupgrade of smbcontrol; (bso#9941).
+ Check for netbios aliases in ad_get_referrals; (bso#9947).
+ Fix tevent_poll on 32-bit machines (Coverity ID 989236); (bso#9953).
+ docs: Avoid mentioning a possibly misleading option; (bso#9964).
+ Fix build with system Heimdal of samba4kgetcred; (bso#9968).
- Update to 4.0.6.
+ Fix crash during Win8 sync; (bso#9822).
+ Fix segfault when loging in with wrong password from w2k8r2; (bso#9834).
+ Fix the username map optimization; (bso#9139).
+ Add support for PFC_FLAG_OBJECT_UUID when parsing packets; (bso#9382).
+ SMB2 server doesn't support recvfile; (bso#9412).
+ Fix the build of vfs_notify_fam; (bso#9545).
+ Fix adding case sensitive spn; (bso#9699).
+ Properly handle oplock breaks in compound requests; (bso#9722).
+ Properly handle oplock breaks in compound requests; (bso#9722).
+ Cache name_to_sid/sid_to_name correctly; (bso#9766).
+ Fix 'net ads join' when called via stdin; (bso#9767).
+ Fix segfault for "artificial" conn_structs in vfs_fake_perms; (bso#9775).
+ vfs_dirsort uses non-stackable calls, dirfd(), malloc instead of talloc and
doesn't cope with directories being modified whilst reading; (bso#9777).
+ Fix panic when running 'smbtorture smb.base'; (bso#9782).
+ Use specified python for runtime installation of Samba; (bso#9785).
+ Change '--with-dmapi' to 'default=auto' to match the autoconf build;
(bso#9803).
+ wafsamba: Display the default value in help for SAMBA3_ADD_OPTION;
(bso#9804).
+ wbinfo: Fix segfault in wbinfo_pam_logon; (bso#9807).
+ Package new dbwrap_tool man page; (bso#9809).
+ Old DOS SMB CTEMP request uses a non-VFS function to access
the filesystem; (bso#9811).
+ Fix 'map untrusted to domain' with NTLMv2; (bso#9817).
+ SMB signing and the async echo responder don't work together; (bso#9824).
+ Fix panic in nt_printer_publish_ads; (bso#9830).
+ talloc use after free in winbind4; (bso#9832).
+ Function called in unix_convert() path can overwrite errno; (bso#9833).
+ Fix NULL pointer dereference in Winbind; (bso#9854).
+ Fix making LIBNDR_PREG_OBJ; (bso#9868).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=325
- Adjust ldapsmb and nmbstatus man page syntax required by a newer pod2man.
- Don't bzip2 the main tar ball, use the upstream gziped one instead.
- Explicitly BuildRequire cyrus-sasl-devel, libattr-devel, and
libopenssl-devel.
- Update to 3.6.16.
+ Fix crash bug during Win8 sync; (bso#9822).
+ Properly handle Oplock breaks in compound requests; (bso#9722).
- Fix crash bug during Win8 sync; (bso#9822).
- Check for system libtevent and link dbwrap_tool and dbwrap_torture against
it; (bso#9881).
- errno gets overwritten in call to check_parent_exists(); (bso#9927).
- Fix a bug of drvupgrade of smbcontrol; (bso#9941).
- Document idmap_ad rfc2307 attribute requirements; (bso#9880); (bnc#820531).
OBS-URL: https://build.opensuse.org/request/show/181065
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=133
+ Fix crash bug during Win8 sync; (bso#9822).
+ Properly handle Oplock breaks in compound requests; (bso#9722).
- Fix crash bug during Win8 sync; (bso#9822).
- Check for system libtevent and link dbwrap_tool and dbwrap_torture against
it; (bso#9881).
- errno gets overwritten in call to check_parent_exists(); (bso#9927).
- Fix a bug of drvupgrade of smbcontrol; (bso#9941).
- Document idmap_ad rfc2307 attribute requirements; (bso#9880); (bnc#820531).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=313
- Don't package the SWAT man page while its build is disabled; (bnc#816647).
- Don't install the tdb utilities man pages on post-12.1 systems; (bnc#823549).
- Fix libreplace license ambiguity; (bso#8997); (bnc#765270).
- s3-docs: Remove "experimental" label on "max protocol=SMB2" parameter;
(bso#9688).
- Remove the compound_related_in_progress state from the smb2 global state;
(bso#9722).
- Makefile: Don't know how to make LIBNDR_PREG_OBJ; (bso#9868).
- Fix is_printer_published GUID retrieval; (bso#9900); (bnc#798856).
- Update to 3.6.15.
+ Fix crash bug in Winbind; (bso#9854).
- Add support for PFC_FLAG_OBJECT_UUID when parsing packets; (bso#9382).
- Fix "guest ok", "force user" and "force group" for guest users; (bso#9746).
- Fix 'map untrusted to domain' with NTLMv2; (bso#9817); (bnc#817919).
- Fix crash bug in Winbind; (bso#9854).
- Fix panic in nt_printer_publish_ads; (bso#9830).
- Update to 3.6.14.
+ Certain xattrs cause Windows error 0x800700FF; (bso#9130).
- Exclude dbwrap_tool man page from the list of packaged files.
- Remove disabled and anyhow obsoleted net-report and net_rpc_migrate patches.
OBS-URL: https://build.opensuse.org/request/show/178946
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=132
- s3-docs: Remove "experimental" label on "max protocol=SMB2" parameter;
(bso#9688).
- Remove the compound_related_in_progress state from the smb2 global state;
(bso#9722).
- Makefile: Don't know how to make LIBNDR_PREG_OBJ; (bso#9868).
- Fix is_printer_published GUID retrieval; (bso#9900); (bnc#798856).
- Don't modify the pidfile name when a custom config file path is used;
(bnc#812929).
- Fix AD printer publishing; (bso#9378); (bnc#798856).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=308
- 'map untrusted to domain' treats WORKSTATION as bogus domain; (bso#9039).
- Add extra attributes for AD printer publishing; (bso#9378).
- Downgrade v4 printer driver requests to v3; (bso#9474).
- Samba returns unexpected error on SMB posix open; (bso#9519).
- Add support for posix_openpt; (bso#9541).
- Add dbwrap_tool.1 manual page; (bso#9568).
- Unlink after open causes smbd to panic; (bso#9571).
- Fix a possible null pointer dereference in spoolss; (bso#9574).
- Samba 3.6.x not correctly signing any but the last response in a compound
request/response; (bso#9585).
- "smbd[pid]: disk_free: sys_popen() failed" message logged in
/var/log/messages many times; (bso#9586).
- Archive flag is always set on directories; (bso#9587).
- ACLs are not inherited to directories for DFS shares; (bso#9588).
- wbcAuthenticateEx gives unix times; (bso#9625).
- Renaming directories as guest user in security share mode doesn't work;
(bso#9637).
- Make SMB2_GETINFO multi-volume aware; (bso#9646).
- Fix initial large PAC sess setup response; (bso#9658).
- Fix two resource leaks in winbindd; (bso#9684).
- Fix a possible buffer overrun in pdb_smbpasswd; (bso#9686).
- Fix vfs_catia module; (bso#9701).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=298
- No longer use the cifs- or smbfstab named configuration file on post-12.2
systems; (bnc#804822).
- Shift the smbfs init script nfs dependency from Required to Should.
- Point LD_LIBRARY_PATH to the just-built libraries while calling testparm to
generate the default share snippets on pre-12.2 systems.
- Fix smbclient recursive mget EPERM handling; (bso#9633); (bnc#786350).
- Do not restart the smbfs service on pre-11.3 systems during dhcp lease
renewal when the IP address remains the same; (bnc#800782).
OBS-URL: https://build.opensuse.org/request/show/156705
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=131
- Update to 3.6.11.
+ defer_open is triggered multiple times on the same request; (bso#9196).
+ Fix SEGV when using second vfs module; (bso#9471).
- defer_open is triggered multiple times on the same request; (bso#9196).
- Fix SEGV when using second vfs module; (bso#9471).
- Correctly detect O_DIRECT; (bso#9548).
- Mask off signals the correct way from the signal handler; (bso#9550).
- ntlm_auth.1: Fix format and make examples visible; (bso#9569).
- Disable SWAT during configure and don't package it any longer.
- Remove dangling references to Heimdal from the spec file.
- s3-printing: Add new printers to registry; (bso#8554); (bso#8612);
OBS-URL: https://build.opensuse.org/request/show/149788
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=128
- defer_open is triggered multiple times on the same request; (bso#9196).
- Fix SEGV when using second vfs module; (bso#9471).
- Correctly detect O_DIRECT; (bso#9548).
- Mask off signals the correct way from the signal handler; (bso#9550).
- ntlm_auth.1: Fix format and make examples visible; (bso#9569).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=288
- Update to 4.0.1.
+ Samba 4.0.0 as an AD DC may provide authenticated users with write access
to LDAP directory objects; CVE-2013-0172; (bnc#798364).
- Remove references to no longer used devel macros.
- Update to 4.0.0.
+ Honor password complexity settings; (bso#9414).
+ Install SWAT *.msg files with waf; (bso#9415).
+ Fix netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon AES;
(bso#9438).
+ developer-build: Fix panic when acl_xattr fails with access denied;
(bso#9456).
+ Fix "map username script" with "security=ads" and Winbind; (bso#9457).
+ Install manpages only if we install the target; (bso#9459).
+ Respond correctly to FILE_STREAM_INFO requests; (bso#9460).
+ Users can not be given write permissions any more by default; (bso#9462).
+ Fix MMC crashes; (bso#9470).
+ Fix SEGV when using second vfs module; (bso#9471).
+ Support FIPS mode when building Samba; (bso#9479).
+ Fix ACL on "cn=partitions,cn=configuration"; (bso#9481).
- Update to 4.0.0rc6.
See WHATSNEW.txt from the samba-doc package.
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=284
The "Execute the run_permissions macro on pre-11.4 systems and else the
set_permission one if available." change set is a reworked/ enhanceent
of the former "Only execute the run_permissions macro on pre-12.3
systems." Therefore both share the same timestamp.
We never pushed the first version into Factory.
The actual changes of this submit request are:
- Add the missing get_printing_ticket binary path while calling the
set_permissions macro; (bnc#783375).
- Use the version macro while definition of the branch macro.
- SEGV when using second vfs module; (bso#9471).
- Update to 3.6.10.
+ Respond correctly to FILE_STREAM_INFO requests; (bso#9460).
+ Fix segfault when "default devmode" is disabled; (bso#9433).
+ Fix segfaults in "log level = 10" on Solaris; (bso#9390).
- Fix MD5 detection in the autoconf build; (bso#9037); (bso#9086); (bso#9094);
(bso#9418).
- Use work around for 'winbind use default domain' only if it is set;
(bso#9367).
- Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend;
(bso#9374).
- large read requests cause server to issue malformed reply; (bso#9422).
- s3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(); (bso#9426).
- Fix ncacn_ip_tcp reconnection code for lsa lookups; (bso#9439).
- Allow to force DNS updates using net; (bso#9451).
- Respond correctly to FILE_STREAM_INFO requests; (bso#9460).
- On uninstall remove winbind from the pam configuration, invalidate the nscd
passwd and group cache and only recommend the install of nscd; (bnc#792340).
- BuildRequire libnscd-devel once.
- Remove obsoleted references to pre-9.4 SUSE systems; (bnc#792294).
OBS-URL: https://build.opensuse.org/request/show/147861
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=127
(bso#9418).
- Use work around for 'winbind use default domain' only if it is set;
(bso#9367).
- Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend;
(bso#9374).
- large read requests cause server to issue malformed reply; (bso#9422).
- s3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(); (bso#9426).
- Fix leaking sockets of SMB connections to a DC; (bso#9436).
- Fix ncacn_ip_tcp reconnection code for lsa lookups; (bso#9439).
- Allow to force DNS updates using net; (bso#9451).
- Respond correctly to FILE_STREAM_INFO requests; (bso#9460).
- Fix spoolss segfault when default devmode is disabled; (bso#9433);
(bnc#791183).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=277
- lib/krb5_wrap: request enc_types in the correct order; (bso#9272).
- Fix net ads join message for the dns domain; (bso#9326).
- docs-xml: fix use of <smbconfoption> tag; (bso#9345).
- s3-aio_pthread: Optimize aio_pthread_handle_completion; (bso#9359).
- s3:winbind: Failover if netlogon pipe is not available; (bso#9386).
- Execute the run_permissions macro on pre-11.4 systems and else the
set_permission one if available.
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=264
+ When setting a non-default ACL, don't forget to apply masks to
SMB_ACL_USER and SMB_ACL_GROUP entries; (bso#9236).
+ Winbind can't fetch user or group info from AD via LDAP; (bso#9147).
+ Fix segfault in smbd if user specified ports out for range; (bso#9218).
- quota: Don't force the block size to 512; (bso#3272).
- Fix poll replacement to become a msleep replacement; (bso#8107).
- Fix wrong test == syntax in configure; (bso#8146).
- Fix --with(out)-sendfile-support option handling in autoconf; (bso#8344).
- Fix builtin forms order to match Windows again; (bso#8632).
- Fix RAW printing for normal users; (bso#8769).
- Initialise ticket to ensure we do not invalid memory; (bso#8788).
- Fix 'net rpc share allowedusers' to work with 2008r2; (bso#8966).
- Fix crash on null pam change pw response; (bso#9013).
- Connection to outbound trusted domain goes offline; (bso#9016).
- Increase debug level for info that the db is empty; (bso#9112).
- 'smbclient' can't connect to a Windows 7 server using NTLMv2; (bso#9117).
- Winbind can't fetch user or group info from AD via LDAP; (bso#9147).
- Open printers with the right access mask; (bso#9154).
- Fix makerpms.sh on RHEL; (bso#9165).
- Remove non-existent option '-Y' from winbindd manpage; (bso#9171).
- Add quota support for gfs2; (bso#9172).
- Make SMB2 compound request create/delete_on_close/close work as Windows;
(bso#9173).
- Empty SPNEGO packet can cause smbd to crash; (bso#9174).
- pam_winbind: Match more return codes when wbcGetPwnam has failed;
(bso#9177).
- Fix crash bug in idmap_hash; (bso#9188).
- SMB2 Create doesn't return correct MAX ACCESS access mask in blob;
(bso#9189).
- Fix service control for non-internal services; (bso#9192).
- Don't take 'state->te' as indication for "was_deferred"; (bso#9196).
- Parse of invalid SMB2 create blob can cause smbd crash; (bso#9209).
- Bad ASN.1 NegTokenInit packet can cause invalid free; (bso#9213).
- Fix segfault in smbd if user specified ports out for range; (bso#9218).
- Signing cannot be disabled for SMB2 by design, so fix the documentation
instead; (bso#9222).
- Fix NT_STATUS_IO_TIMEOUT during slow import of printers into registry;
(bso#9231).
- When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER
and SMB_ACL_GROUP entries; (bso#9236).
- lib-addns: ensure that allocated buffer are pre set to 0; (bso#9259).
- Make tdb robust against shrinking tdbs and improper CLEAR_IF_FIRST restart;
(bso#9268).
- Add support for reloading systemd services; (bso#9280).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=258
- Update to 3.6.8.
+ Fix crash bug in smbd caused by a blocking lock followed by close;
(bso#9084).
+ Fix Winbind panic if we couldn't find the domain; (bso#9135).
- Backport FSCTL codes and fix segfault in smbstatus from master; (bso#9058).
- Fix bad call to memcpy source3/registry/regfio.c; (bso#9065).
- "Domain Users" incorrectly added as additional group on domain members;
(bso#9066).
- Use correct RID for "Domain Guests" primary group; (bso#9067).
- Fix crash bug in smbd caused by a blocking lock followed by close;
(bso#9084).
- Fix smbclient/tarmode panic when connecting to Windows 2000 clients;
(bso#9088).
- Fix refreshing of Kerberos tickets in Winbind; (bso#9098).
- Fix identification of idle clients in Winbind to avoid crashes and NDR
parsing errors; (bso#9104).
- Fix compilation with newer MIT Kerberos which hides internal symbols;
(bso#9111).
- Fix flooding the logs with records we don't find in pcap; (bso#9112).
- Initialize the print backend after we setup winreg; (bso#9122).
- Fix lprng job tracking errors; (bso#9123).
- Fix setting of "inherited" bit on inherited ACE's; (bso#9124).
- Fix Winbind panic if we couldn't find the domain; (bso#9135).
- Make 'smbclient allinfo' show the snapshot list; (bso#9137).
- Fix nfs quota support with Linux nfs4 mounts; (bso#9144).
- Valid open requests can cause smbd assert due to incorrect oplock handling
on delete requests; (bso#9150).
- NMB registration for a duplicate workstation fails with registration
OBS-URL: https://build.opensuse.org/request/show/134806
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=124
+ Fix crash bug in smbd caused by a blocking lock followed by close;
(bso#9084).
+ Fix Winbind panic if we couldn't find the domain; (bso#9135).
- Backport FSCTL codes and fix segfault in smbstatus from master; (bso#9058).
- Fix bad call to memcpy source3/registry/regfio.c; (bso#9065).
- "Domain Users" incorrectly added as additional group on domain members;
(bso#9066).
- Use correct RID for "Domain Guests" primary group; (bso#9067).
- Fix crash bug in smbd caused by a blocking lock followed by close;
(bso#9084).
- Fix smbclient/tarmode panic when connecting to Windows 2000 clients;
(bso#9088).
- Fix refreshing of Kerberos tickets in Winbind; (bso#9098).
- Fix identification of idle clients in Winbind to avoid crashes and NDR
parsing errors; (bso#9104).
- Fix compilation with newer MIT Kerberos which hides internal symbols;
(bso#9111).
- Fix flooding the logs with records we don't find in pcap; (bso#9112).
- Initialize the print backend after we setup winreg; (bso#9122).
- Fix lprng job tracking errors; (bso#9123).
- Fix setting of "inherited" bit on inherited ACE's; (bso#9124).
- Fix Winbind panic if we couldn't find the domain; (bso#9135).
- Make 'smbclient allinfo' show the snapshot list; (bso#9137).
- Fix nfs quota support with Linux nfs4 mounts; (bso#9144).
- Valid open requests can cause smbd assert due to incorrect oplock handling
on delete requests; (bso#9150).
- NMB registration for a duplicate workstation fails with registration
refuse; (bso#9085); (bnc#770056).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=253
- Update to 3.6.7.
+ Fix resolving our own "Domain Local" groups; (bso#9052).
+ Fix migrating printers while upgrading from 3.5.x; (bso#9026).
- Correct documentation of "case sensitive"; (bso#8552).
- Printing fails in function cups_job_submit; (bso#8719).
- Fix kernel oplocks when uid(file) != uid(process); (bso#8974).
- Send correct responses to NT Transact Secondary when no data and no params
for the Trans2 calls are set; (bso#8989).
- Fix build without ads support; (bso#8996).
- Don't turn negative cache entries into valid idmappings; (bso#9002).
- Fix posix acl on gpfs; (bso#9003).
- Make vfs_gpfs less verbose in get/set_xattr functions; (bso#9022).
- Fix migrating printers while upgrading from 3.5.x; (bso#9026).
- Fix typo in set_re_uid() call when USE_SETRESUID selected in configure;
(bso#9034).
- Using asynchronous IO with SMB2 can return NT_STATUS_FILE_CLOSED in error
instead ofNT_STATUS_FILE_LOCK_CONFLICT; (bso#9040).
- Fix resolving our own "Domain Local" groups; (bso#9052).
- Fix build against CUPS 1.6; (bso#9055).
- Fix bugs in SMB2 credit handling code; (bso#9057).
- rpcclient: Fix bad call to data_blob_const; (bso#9062).
- BuildRequire gcc, make, and patch; (bnc#771516).
OBS-URL: https://build.opensuse.org/request/show/130363
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=122
+ Fix resolving our own "Domain Local" groups; (bso#9052).
+ Fix migrating printers while upgrading from 3.5.x; (bso#9026).
- Correct documentation of "case sensitive"; (bso#8552).
- Printing fails in function cups_job_submit; (bso#8719).
- Fix kernel oplocks when uid(file) != uid(process); (bso#8974).
- Send correct responses to NT Transact Secondary when no data and no params for the Trans2 calls are set; (bso#8989).
- Fix build without ads support; (bso#8996).
- Don't turn negative cache entries into valid idmappings; (bso#9002).
- Fix posix acl on gpfs; (bso#9003).
- Make vfs_gpfs less verbose in get/set_xattr functions; (bso#9022).
- Fix migrating printers while upgrading from 3.5.x; (bso#9026).
- Fix typo in set_re_uid() call when USE_SETRESUID selected in configure; (bso#9034).
- Using asynchronous IO with SMB2 can return NT_STATUS_FILE_CLOSED in error instead ofNT_STATUS_FILE_LOCK_CONFLICT; (bso#9040).
- Fix resolving our own "Domain Local" groups; (bso#9052).
- Fix build against CUPS 1.6; (bso#9055).
- Fix bugs in SMB2 credit handling code; (bso#9057).
- rpcclient: Fix bad call to data_blob_const; (bso#9062).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=250
- ndr: fix push/pull DATA_BLOB with NDR_NOALIGN; (bso#9026); (bnc#770262).
- Fix shell syntax in dhcpcd hook script; (bnc#769957).
- Update to 3.6.6.
+ Fix possible memory leaks in the Samba master process; (bso#8970).
+ Fix uninitialized memory read in talloc_free(); (bnc#764577).
+ Fix joining of XP Pro workstations to 3.6 DCs; (bso#8373).
- resolve_ads() code can return zero addresses and miss valid DC IP addresses;
(bso#8910).
- Can't join XP Pro workstations to 3.6.1 DC; (bso#8373).
- winbind can hang as nbt_getdc() has no timeout; (bso#8953).
- Fix crash bug in dns_create_probe when dns_create_update fails; (bso#8627)
- s3-pid: Catch with pid filename's change when config file is not smb.conf;
(bso#8714).
- Possible memory leaks in the main Samba process; (bso#8970).
- s3: Fix uninitialized memory read in talloc_free(); (bnc#764577).
- Treat exit_server_cleanly() as a "clean" shutdown; (bso#8971).
- Avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute(); (bso#8988).
- Winzip occasionally can not read files out of an open winzip dialog;
(bso#8311).
- s3-winbindd: call dump_core_setup after command line option has been parsed;
(bso#8975).
- Directory group write permission bit is set if unix extensions are enabled;
(bso#8972).
- s3: remove dependency on automake for "make everything"; (bso#8978).
- sd_has_inheritable_components segfaults on an SD that se_access_check
accepts; (bso#8811).
- smbclient's tarmode insists on listing excluded directories; (bso#8922).
- Notify code can miss a ChDir; (bso#8998).
- s3:smbd: add a fsp_persistent_id() function; (bso#8995).
- Call autogen.sh even on post-12.1 SUSE systems.
- Include the reviewed french translation for pam_winbind; (bnc#499233).
OBS-URL: https://build.opensuse.org/request/show/127780
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=121
(bso#8910).
- Can't join XP Pro workstations to 3.6.1 DC; (bso#8373).
- winbind can hang as nbt_getdc() has no timeout; (bso#8953).
- Fix crash bug in dns_create_probe when dns_create_update fails; (bso#8627)
- s3-pid: Catch with pid filename's change when config file is not smb.conf;
(bso#8714).
- Possible memory leaks in the main Samba process; (bso#8970).
- s3: Fix uninitialized memory read in talloc_free(); (bnc#764577).
- Treat exit_server_cleanly() as a "clean" shutdown; (bso#8971).
- Avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute(); (bso#8988).
- Winzip occasionally can not read files out of an open winzip dialog;
(bso#8311).
- s3-winbindd: call dump_core_setup after command line option has been parsed;
(bso#8975).
- Directory group write permission bit is set if unix extensions are enabled;
(bso#8972).
- s3: remove dependency on automake for "make everything"; (bso#8978).
- sd_has_inheritable_components segfaults on an SD that se_access_check
accepts; (bso#8811).
- smbclient's tarmode insists on listing excluded directories; (bso#8922).
- Notify code can miss a ChDir; (bso#8998).
- s3:smbd: add a fsp_persistent_id() function; (bso#8995).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=245
- Don't call autogen.sh on post-12.1 SUSE and post-14 Fedora systems.
- Recompile all IDL in any case.
- BuildIgnore libtalloc and libtdb to prevent a package conflict on Fedora
systems.
- Install talloc.pc only on pre-12.2 and non SUSE systems.
- BuildRequire libldb-devel, libtalloc-devel, libtdb-devel, and
libtevent-devel on post-12.1 systems.
- s3: Fix a segfault with debug level 3 on Solaris; (bso#8861).
- s3: wbinfo --lookup-sids "" crashes winbind; (bso#8904).
- smbd crashes when deleting directory and veto files are enabled; (bso#8837).
- winbind_krb5_locator only returns one IP address; (bso#8897).
- Wrong assertion/comparison: Compare value not pointer; (bso#8859).
- Inconsistent (with manpage) command-line switch for "help" in smbtree;
(bso#8831).
- Fix incorrect debug statement.
- Setting traverse rights fails to enable directory traversal when acl_xattr
in use; (bso#8857).
- Syslog broken owing to mistyping of debug_settings.syslog; (bso#8877).
- s3/ldap: remove outdated netscape ds 5 schema file; (bso#8869).
- s3-docs: fixes several typos; (bso#7938).
- s3-VFS: Fix building out-of-tree modules; (bso#8822).
- s3-docs: Add hint that setting "profile acls = yes" on normal shares can
cause trouble; (bso#7930).
- s3-pam_winbind: Fix the build with a newer iniparser library; (bso#8915).
- Avoid null dereference in initialize_password_db(); (bso#8920).
- s3:registry: implement values_need_update and subkeys_need_update in the
smbconf backend.
- s3:registry:reg_api: fix reg_queryvalue to not fail when values are
modified while it runs.
- s4:torture:rpc:spoolss: also initialize driverName before checking it in
test_PrinterData_DsSpooler().
- s3:registry: multiple cleanups, fixes, and optimisations.
- s3:auth/server_info: the primary rid should be in the groups rid array;
(bso#8798).
- s3-printing: Add new printers to registry; (bso#8554); (baso#8612);
(bso#8748).
- Fix the overwriting of errno before use in a DEBUG statement and use the
return value from store_acl_blob_fsp rather than ignoring it; (bso#8945).
- s3-auth: Don't lookup the system user in pdb; (bso#8944).
- s3-passdb: Fix negative SID->uid/gid cache handling; (bso#8952).
- Fix typo in pam_winbindd code; (bso#8957).
- Fix remove_duplicate_addrs2 previously it could leave zero addresses in the
list; (bso#8910).
- Slow but responsive DC can lock up winbindd; (bso#8943).
- Broken processing of %U with vfs_full_audit when force user is set;
(bso#8882).
- Disable included build of ldb, talloc, tdb, and tevent on post-12.1 systems.
- BuildRequire libldb1-devel, libtalloc2-devel, libtdb1-devel, and
libtevent0-devel on post-12.1 systems.
- Add PreReq /etc/init.d/nscd to the winbind package; (bnc#759731).
- s3-smbd: move print_backend_init() behind init_system_info(); (bso#8845);
(bnc#730769).
OBS-URL: https://build.opensuse.org/request/show/123259
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=118
- s3: wbinfo --lookup-sids "" crashes winbind; (bso#8904).
- smbd crashes when deleting directory and veto files are enabled; (bso#8837).
- winbind_krb5_locator only returns one IP address; (bso#8897).
- Wrong assertion/comparison: Compare value not pointer; (bso#8859).
- Inconsistent (with manpage) command-line switch for "help" in smbtree;
(bso#8831).
- Fix incorrect debug statement.
- Setting traverse rights fails to enable directory traversal when acl_xattr
in use; (bso#8857).
- Syslog broken owing to mistyping of debug_settings.syslog; (bso#8877).
- s3/ldap: remove outdated netscape ds 5 schema file; (bso#8869).
- s3-docs: fixes several typos; (bso#7938).
- s3-VFS: Fix building out-of-tree modules; (bso#8822).
- s3-docs: Add hint that setting "profile acls = yes" on normal shares can
cause trouble; (bso#7930).
- s3-pam_winbind: Fix the build with a newer iniparser library; (bso#8915).
- Avoid null dereference in initialize_password_db(); (bso#8920).
- s3:registry: implement values_need_update and subkeys_need_update in the
smbconf backend.
- s3:registry:reg_api: fix reg_queryvalue to not fail when values are
modified while it runs.
- s4:torture:rpc:spoolss: also initialize driverName before checking it in
test_PrinterData_DsSpooler().
- s3:registry: multiple cleanups, fixes, and optimisations.
- s3:auth/server_info: the primary rid should be in the groups rid array;
(bso#8798).
- s3-printing: Add new printers to registry; (bso#8554); (baso#8612);
(bso#8748).
- Fix the overwriting of errno before use in a DEBUG statement and use the
return value from store_acl_blob_fsp rather than ignoring it; (bso#8945).
- s3-auth: Don't lookup the system user in pdb; (bso#8944).
- s3-passdb: Fix negative SID->uid/gid cache handling; (bso#8952).
- Fix typo in pam_winbindd code; (bso#8957).
- Fix remove_duplicate_addrs2 previously it could leave zero addresses in the
list; (bso#8910).
- Slow but responsive DC can lock up winbindd; (bso#8943).
- Broken processing of %U with vfs_full_audit when force user is set;
(bso#8882).
- s3-smbd: move print_backend_init() behind init_system_info(); (bso#8845);
(bnc#730769).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=240
- docs-xml: fix default name resolve order; (bso#7564).
- s3-aio-fork: Fix a segfault in vfs_aio_fork; (bso#8836).
- docs: remove whitespace in example samba.ldif; (bso#8789).
- s3-smbd: move print_backend_init() behind init_system_info(); (bso#8845).
- s3-docs: Prepend '/' to filename argument; (bso#8826).
- Update to 3.6.5.
- Restrict self granting privileges where security=ads for Samba post-3.3.16;
CVE-2012-2111; (bnc#757576).
- Remove all precompiled idl output to ensure any pidl changes take effect;
(bnc#757080).
- Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES;
(bso#8631); (bnc#732572).
OBS-URL: https://build.opensuse.org/request/show/116103
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=117
- s3-aio-fork: Fix a segfault in vfs_aio_fork; (bso#8836).
- docs: remove whitespace in example samba.ldif; (bso#8789).
- s3-smbd: move print_backend_init() behind init_system_info(); (bso#8845).
- s3-docs: Prepend '/' to filename argument; (bso#8826).
- Remove all precompiled idl output to ensure any pidl changes take effect;
(bnc#757080).
- Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES;
(bso#8631); (bnc#732572).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=233
- Update to 3.6.4.
- Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe-
cution as the "root" user; PIDL based autogenerated code allows overwriting
beyond of allocated array; CVE-2012-1182; (bso#8815); (bnc#752797).
- s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys;
(bso#8599).
- Correctly handle DENY ACEs when privileges apply; (bso#8797).
- s3:smb2_server: fix a logic error, we should sign non guest sessions;
(bso8749).
- Allow vfs_aio_pthread to build as a static module; (bso#8723).
- s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for
persistent dbs; (#bso8527).
- s3: segfault in dom_sid_compare(bso#8567).
- Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER;
(bso#8768).
- s3-winbindd: Close netlogon connection if the status returned by the
NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771).
- s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599).
- Fix problem when calculating the share security mask, take priviliges into
account for the connecting user; (bso#8784).
- Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups;
(bso#8807); (bnc#751454).
OBS-URL: https://build.opensuse.org/request/show/113255
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=116
(bso8749)
- Allow vfs_aio_pthread to build as a static module; (bso#8723).
- s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for
persistent dbs; (#bso8527).
- s3: segfault in dom_sid_compare(bso#8567).
- Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER;
(bso#8768).
- s3-winbindd: Close netlogon connection if the status returned by the
NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771).
- s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599).
- Fix problem when calculating the share security mask, take priviliges into
account for the connecting user; (bso#8784).
- Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups;
(bso#8807); (bnc#751454).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=229
- BuildRequire libuuid-devel for post-11.0 and other systems.
- Define missing python macros for non SUSE systems.
- PreReq of fillup_prereq and insserv_prereq on SUSE systems.
- Always use cifstab instead of smbfstab on non SUSE systems.
- Ensure AndX offsets are increasing strictly monotonically in pre-3.4
versions; CVE-2012-0870; (bnc#747934).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=224
- s3:winbindd fix a return code check; (bso#8406).
- s3: Add rmdir operation to streams_depot; (bso#8733).
- s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used();
(bso#8738).
- s3:auth: fill the sids array of the info3 in
wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739).
- s3:client: ignore SMBecho errors (the server may not support it);
(bso#8139).
- Be more strict when using PAM_AUTH API from winbind if Kerberos auth is
enabled and don't unintentionally use a bogus domain name; (bso#8734).
- smbclient fails with posix large reads; (bso#8727).
- Use the smbfs init script on versions pre-11.3, or cifs in later versions;
(bnc#744614).
- s3: Compile IDL files in autogen, some configure tests need this.
- Fixes various deadlocks in if-up.d / if-down.d when running under
systemd; (bnc#732395).
- Fix incorrect types in the full_audit VFS module. Add null terminators to
audit log enums; (bnc#742885).
OBS-URL: https://build.opensuse.org/request/show/103616
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=112
- s3: Add rmdir operation to streams_depot; (bso#8733).
- s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used();
(bso#8738).
- s3:auth: fill the sids array of the info3 in
wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739).
- s3:client: ignore SMBecho errors (the server may not support it);
(bso#8139).
- Be more strict when using PAM_AUTH API from winbind if Kerberos auth is
enabled and don't unintentionally use a bogus domain name; (bso#8734).
- smbclient fails with posix large reads; (bso#8727).
- Fixes various deadlocks in if-up.d / if-down.d when running under
systemd; (bnc#732395).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=221
- Fix memory leak in parent smbd on connection; CVE-2012-0817; (bso#8724);
(bnc#743986).
- Use spdx.org compliant license names for all packages.
- Update to 3.6.2.
See WHATSNEW.txt from the main tar ball or the samba.changes file for more
details.
- s3-spoolss: Pass the right pointer type; (bso#4942); (bnc#742504).
- Use correct license, LGPLv3+ for libwbclient packages.
- When returning an ACL without SECINFO_DACL requested, we still set
SEC_DESC_DACL_PRESENT in the type field; (bso#8636).
- Prefix print$ path on driver file deletion; (bso#8697); (bnc#740810).
- Fix printer_driver_files_in_use() call ordering; (bso#4942); (bnc#742504).
- Buffer overflow issue with AES encryption in samba traffic analyzer;
(bso#8674).
- NT ACL issue; (bso#8673).
- Deleting a symlink fails if the symlink target is outside of the share;
(bso#8663).
- connections.tdb - major leak with SMB2; (bso#8710).
- Renaming a symlink fails if the symlink target is outside of the share;
(bso#8664).
- Intermittent print job failures caused by character conversion errors;
(bso#8606).
- ads_keytab_verify_ticket mixes talloc allocation with malloc free;
(bso#8692).
- libcli/cldap: fix a crash bug in cldap_socket_recv_dgram(); (bso#8593).
- s3:lib/ctdbd_conn: try ctdbd_init_connection() as root; (bso#8684).
- s3-printing: fix migrate printer code; (bso#8618).
- Packet validation checks can be done before length validation causing
uninitialized memory read; (bso#8686).
- net memberships usage info was wrong; (bso#8687).
- s3-libsmb: Don't duplicate kerberos service tickets; (bso#8628).
- Recvfile code path using splice() on Linux leaves data in the pipe on short
write; (bso#8679).
- s3-winbind: Fix segfault if we can't map the last user; (bso#8678).
- vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on
a directory with no stored ACL; (bso#8644).
- s3/doc: document the ignore system acls option of vfs_acl_xattr and
vfs_acl_tdb; (bso#8652).
- Winbind can't receive any user/group information; (bso#8371).
- s3-winbind: Add an update function for winbind cache; (bso#8643).
- s3: Attempt to fix the vfs_commit module.
- POSIX ACE x permission becomes rx following mapping to and from a DACL;
(#bso#8631).
- s3:libsmb: only align unicode pipe_name; (bso#8586).
- s3-winbind: Don't fail on users without a uid; (bso#8608).
- Crash when trying to browse samba printers; (bso#8623).
- talloc: double free error; (bso#8562).
- cldap doesn't work over ipv6; (bso#8600).
- s3:libsmb: fix cli_write_and_x() against OS/2 print shares; (bso#5326).
- SMB2: not granting credits for all requests in a compound request;
(bso#8614).
- smb2_flush sends uninitialized memory; (bso#8579).
- Password change settings not fully observed; (bso#8561).
- s3:smb2_server: grant credits in async interim responses; (bso#8357).
- s3:smbd: don't limit the number of open dptrs for smb2; (bso#8592).
- samr_ChangePasswordUser3 IDL incorrect; (bso#8591).
- idmap_autorid does not have allocation pool; (bso#8444).
- Add systemd service files.
- s3:libsmb: the workgroup in the non-extended-security negprot is not
aligned; (bso#8573).
- s3-build: Fix inotify detection; (bso#8580).
- SMB2 doesn't handle compound request headers in the same way as Windows;
(#bso8560).
- Disconnecting clients swamp the logs; (bso#8585).
- s3-netlogon: Fix setting the machinge account password; (bso#8550).
- winbind_samlogon_retry_loop ignores logon_parameters flags; (#bso8548).
- smbclient posix_open command fails to return correct info on open file;
(bso#8542).
- readlink() on Linux clients fails if the symlink target is outside of the
share; (bso#8541).
- s3-netapi: remove pointless use_memory_krb5_ccache; (bso#7465).
- s3:Makefile: make DSO_EXPORTS_CMD more portable; (bso#8531).
- s3:registry: fix the test for a REG_SZ blob possibly being a zero terminated
ucs2 string; (bso#8528).
- Make VFS op "streaminfo" stackable; (bso#8419).
- Fix incorrect perfcount array length calculations; (bnc#739258).
OBS-URL: https://build.opensuse.org/request/show/101972
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=111
- s3-libsmb: Don't duplicate kerberos service tickets; (bso#8628).
- Recvfile code path using splice() on Linux leaves data in the pipe on short
write; (bso#8679).
- s3-winbind: Fix segfault if we can't map the last user; (bso#8678).
- vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on
a directory with no stored ACL; (bso#8644).
- s3/doc: document the ignore system acls option of vfs_acl_xattr and
vfs_acl_tdb; (bso#8652).
- Winbind can't receive any user/group information; (bso#8371).
- s3-winbind: Add an update function for winbind cache; (bso#8643).
- s3: Attempt to fix the vfs_commit module.
- POSIX ACE x permission becomes rx following mapping to and from a DACL;
(#bso#8631).
- s3:libsmb: only align unicode pipe_name; (bso#8586).
- s3-winbind: Don't fail on users without a uid; (bso#8608).
- Crash when trying to browse samba printers; (bso#8623).
- talloc: double free error; (bso#8562).
- cldap doesn't work over ipv6; (bso#8600).
- s3:libsmb: fix cli_write_and_x() against OS/2 print shares; (bso#5326).
- SMB2: not granting credits for all requests in a compound request;
(bso#8614).
- smb2_flush sends uninitialized memory; (bso#8579).
- Password change settings not fully observed; (bso#8561).
- s3:smb2_server: grant credits in async interim responses; (bso#8357).
- s3:smbd: don't limit the number of open dptrs for smb2; (bso#8592).
- samr_ChangePasswordUser3 IDL incorrect; (bso#8591).
- idmap_autorid does not have allocation pool; (bso#8444).
- Add systemd service files.
- s3:libsmb: the workgroup in the non-extended-security negprot is not
aligned; (bso#8573).
- s3-build: Fix inotify detection; (bso#8580).
- SMB2 doesn't handle compound request headers in the same way as Windows;
(#bso8560).
- Disconnecting clients swamp the logs; (bso#8585).
- s3-netlogon: Fix setting the machinge account password; (bso#8550).
- winbind_samlogon_retry_loop ignores logon_parameters flags; (#bso8548).
- smbclient posix_open command fails to return correct info on open file;
(bso#8542).
- readlink() on Linux clients fails if the symlink target is outside of the
share; (bso#8541).
- s3-netapi: remove pointless use_memory_krb5_ccache; (bso#7465).
- s3:Makefile: make DSO_EXPORTS_CMD more portable; (bso#8531).
- s3:registry: fix the test for a REG_SZ blob possibly being a zero terminated
ucs2 string; (bso#8528).
- Make VFS op "streaminfo" stackable; (bso#8419).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=210
- Use samba.org for the ldapsmb source location.
- Fixing libsmbsharemode dependency on ldap and krb5 libs in Makefile;
(bnc #729516).
- Add ldap to Should-Start and Stop of the smb init script; (bnc#730046).
- Fix smbd srv_spoolss_replycloseprinter() segfault; (bso#8384); (bnc#731571).
- Fix pam_winbind.so segfault in pam_sm_authenticate(); (bso#8564).
- Fix smbclient >8GB tars on big endian machines; (bso#563); (bnc#726145).
- Fix typo in net ads join output; (bnc#713135).
- Add "ldapsam:login cache" parameter to allow explicit disabling
of the login cache; (bnc#723261).
- Fix samba duplicates file content on appending. Move posix case semantics
out from under the VFS; (bso#6898); (bnc#681208).
- Make winbind child reconnect when remote end has closed, fix
failing sudo; (bso#7295); (bnc#569721).
- Fix printing from Windows 7 clients; (bso#7567); (bnc#687535).
- Update pidl and always compile IDL at build time; (bnc#688810).
- Abide by print$ share 'force user' & 'force group' settings when handling
AddprinterDriver and DeletePrinterDriver requests; (bso#7921); (bnc#653353).
OBS-URL: https://build.opensuse.org/request/show/97212
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=109
- Fix smbd srv_spoolss_replycloseprinter() segfault; (bso#8384); (bnc#731571).
- Fix pam_winbind.so segfault in pam_sm_authenticate(); (bso#8564).
- Add "ldapsam:login cache" parameter to allow explicit disabling
of the login cache; (bnc#723261).
- Fix samba duplicates file content on appending. Move posix case semantics
out from under the VFS; (bso#6898); (bnc#681208).
- Make winbind child reconnect when remote end has closed, fix
failing sudo; (bso#7295); (bnc#569721).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=204
This is a cleanup update replacing all patches we formerly had in the Samba
package.
- Update to 3.6.1.
+ Fix smbd crashes triggered by Windows XP clients; (bso#8384).
+ Fix a Winbind race leading to 100% CPU load; (bso#8409).
+ Several SMB2 fixes.
+ The VFS ACL modules are no longer experimental but production-ready.
+ Fix 'net ads join -k' when KRB5CCNAME is not set; (bso#7465).
+ smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509).
+ Return error of cli_push when 'put - /some/file' is used; (bso#7551).
+ Fix usage of cli_errstr(); (bso#7864).
+ Fix 'widelinks' regression; (bso#8229).
+ Empty notify servername; (bso#8236).
+ Add man vfs_aio_fork; (bso#8256).
+ smb2: smbd logs "Invalid SMB packet: first request: 0x0008" and crashes;
(bso#8334).
+ Add a fallback for missing open&x support in MAC OS/X Lion; (bso#8338).
+ While migrating forms, don't fail if the form already exists; (bso#8351).
+ OS/2 sends an unexpected write&x/read&x chain; (bso#8360).
+ Fix build of vfs_prealloc on SLES8; (bso#8363).
+ Fix the build of gpfs.c on RHEL 6.0 with gpfs 3.4.0-4; (bso#8364).
+ Fix the fallback to the deprecated spelling idmap:script; (bso#8368).
+ Fix vfs_chown_fsp; (bso#8370).
+ Fix smbd crashes triggered by Windows XP clients; (bso#8384).
+ Fix smbclient access to NT4 shares; (bso#8385).
+ Optimize serverid_exists() for Solaris; (bso#8395).
+ registry/reg_format.c must include includes.h; (bso#8401).
+ SMB2 server can return requests out-of-order when processing a compound
request; (bso#8407).
+ Fix a Winbind race leading to 100% CPU load; (bso#8409).
+ Fix "saving as" of MS Office 2007 (Word) documents on Samba shares with
SMB2; (bso#8412).
+ Fix 'getent group' if trusted domains are not reachable; (bso#8420).
+ Fix infinite loop in ACL module code; (bso#8422).
+ Fix wrong reply to DHnC (durable handle reconnect); (bso#8428).
+ Compound SMB2 requests on an IPC connection can corrupt the reply stream;
(bso#8429).
+ Fix segfault in iconv.c; (bso#8433).
+ NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames;
(bso#8442).
+ Be smarter about setting default permissions when a ACL_USER_OBJ isn't
given; (bso#8443).
+ Check the wct of the incoming SMBnegprot responses; (bso#8452).
+ Fix smbclient segfaults when dialect option -m is used for legacy
dialects; (bso#8453).
+ Fix uninitialized memory problem in group_sids_to_info3; (bso#8455).
+ Samba PDC is looking up only primary user group; (bso#8455).
+ IE9 on Windows 7 cannot download files to samba 3.5.11 share; (bso#8458).
+ smb2_find uses a hard coded max reply size of 0x10000 instead of
smb2_max_trans; (bso#8473).
+ SMB2 create doesn't cope with an Apple client using NULL blob in create;
(bso#8474).
+ Don't call smbd_terminate_connection in smb2_validate_message_id();
(bso#8476).
+ Samba asserts when SMB2 client breaks the crediting rules; (bso#8476).
+ Map to guest can return uninitialized blob of data; (bso#8477).
+ acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480).
+ DFS breaks zip file extracting unless "follow symlinks = no" set;
(bso#8493).
+ Remove "experimental" label on VFS ACL modules; (bso#8494).
+ SMB2_OP_CANCEL requests don't have to be signed; (bso#8503).
+ smbd doesn't correctly honor the "force create mode" bits from a cifsfs
create; (bso#8507).
+ Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER;
(bso#8509).
+ Disallow "." in can_set_delete_on_close(); (bso#8515).
+ SMB2 create call returns incorrect file allocation size; (bso#8518).
+ Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements;
(bso#8520).
+ Winbind cache timeout expiry test was reversed; (bso#8521).
OBS-URL: https://build.opensuse.org/request/show/88972
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=107
+ Fix smbd crashes triggered by Windows XP clients; (bso#8384).
+ Fix a Winbind race leading to 100% CPU load; (bso#8409).
+ Several SMB2 fixes.
+ The VFS ACL modules are no longer experimental but production-ready.
+ Fix 'net ads join -k' when KRB5CCNAME is not set; (bso#7465).
+ smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509).
+ Return error of cli_push when 'put - /some/file' is used; (bso#7551).
+ Fix usage of cli_errstr(); (bso#7864).
+ Fix 'widelinks' regression; (bso#8229).
+ Empty notify servername; (bso#8236).
+ Add man vfs_aio_fork; (bso#8256).
+ smb2: smbd logs "Invalid SMB packet: first request: 0x0008" and crashes;
(bso#8334).
+ Add a fallback for missing open&x support in MAC OS/X Lion; (bso#8338).
+ While migrating forms, don't fail if the form already exists; (bso#8351).
+ OS/2 sends an unexpected write&x/read&x chain; (bso#8360).
+ Fix build of vfs_prealloc on SLES8; (bso#8363).
+ Fix the build of gpfs.c on RHEL 6.0 with gpfs 3.4.0-4; (bso#8364).
+ Fix the fallback to the deprecated spelling idmap:script; (bso#8368).
+ Fix vfs_chown_fsp; (bso#8370).
+ Fix smbd crashes triggered by Windows XP clients; (bso#8384).
+ Fix smbclient access to NT4 shares; (bso#8385).
+ Optimize serverid_exists() for Solaris; (bso#8395).
+ registry/reg_format.c must include includes.h; (bso#8401).
+ SMB2 server can return requests out-of-order when processing a compound
request; (bso#8407).
+ Fix a Winbind race leading to 100% CPU load; (bso#8409).
+ Fix "saving as" of MS Office 2007 (Word) documents on Samba shares with
SMB2; (bso#8412).
+ Fix 'getent group' if trusted domains are not reachable; (bso#8420).
+ Fix infinite loop in ACL module code; (bso#8422).
+ Fix wrong reply to DHnC (durable handle reconnect); (bso#8428).
+ Compound SMB2 requests on an IPC connection can corrupt the reply stream;
(bso#8429).
+ Fix segfault in iconv.c; (bso#8433).
+ NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames;
(bso#8442).
+ Be smarter about setting default permissions when a ACL_USER_OBJ isn't
given; (bso#8443).
+ Check the wct of the incoming SMBnegprot responses; (bso#8452).
+ Fix smbclient segfaults when dialect option -m is used for legacy
dialects; (bso#8453).
+ Fix uninitialized memory problem in group_sids_to_info3; (bso#8455).
+ Samba PDC is looking up only primary user group; (bso#8455).
+ IE9 on Windows 7 cannot download files to samba 3.5.11 share; (bso#8458).
+ smb2_find uses a hard coded max reply size of 0x10000 instead of
smb2_max_trans; (bso#8473).
+ SMB2 create doesn't cope with an Apple client using NULL blob in create;
(bso#8474).
+ Don't call smbd_terminate_connection in smb2_validate_message_id();
(bso#8476).
+ Samba asserts when SMB2 client breaks the crediting rules; (bso#8476).
+ Map to guest can return uninitialized blob of data; (bso#8477).
+ acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480).
+ DFS breaks zip file extracting unless "follow symlinks = no" set;
(bso#8493).
+ Remove "experimental" label on VFS ACL modules; (bso#8494).
+ SMB2_OP_CANCEL requests don't have to be signed; (bso#8503).
+ smbd doesn't correctly honor the "force create mode" bits from a cifsfs
create; (bso#8507).
+ Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER;
(bso#8509).
+ Disallow "." in can_set_delete_on_close(); (bso#8515).
+ SMB2 create call returns incorrect file allocation size; (bso#8518).
+ Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements;
(bso#8520).
+ Winbind cache timeout expiry test was reversed; (bso#8521).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=199
- s3/doc: add man page for aio_fork vfs module.
- Fix uninitialized memory problem in group_sids_to_info3; (bso#8455).
- s3: Samba PDC is looking up only primary user group; (bso#8455).
- Add script to create or update an AppArmor sniplet with permissions for all
Samba shares; (bnc#688040).
- Retain the smbd startproc return value for correct startup status reporting.
unset was incorrectly being called prior to rc_status; (bnc#723724).
- Prevent deadlock in systemd triggered by if-down.d handler on shutdown;
(bnc#721598).
- smb2_find uses a hard coded max reply size of 0x10000 instead of
smb2_max_trans; changed defaults and documentation (bso8473).
- Empty CIFS share can be blocked for other clients by deleting it via empty
path (DELETE_PENDING until the last client); (bso#8515).
- winbindd cache timeout expiry test was reversed; (bso#8521).
- Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements; (bso#8520).
- s3:smb2_create: fix allocation size return value when opening existing
files; (bso#8518).
- SMB2 create doesn't cope with an Apple client using NULL blob in create;
(bso#8474).
- NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames;
(bso#8442).
- s3-docs: Fix bug (bso#7908) and typo.
- s3-docs: document -k switch in net manpage.
- Fix winbind internal error; (bso#7636); (bnc#659424).
OBS-URL: https://build.opensuse.org/request/show/88635
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=105
- Fix uninitialized memory problem in group_sids_to_info3; (bso#8455).
- s3: Samba PDC is looking up only primary user group; (bso#8455).
- Add script to create or update an AppArmor sniplet with permissions for all
Samba shares; (bnc#688040).
- Fix winbind internal error; (bso#7636); (bnc#659424).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=198
- Return error of cli_push when 'put - /some/file' is used; (bso#7551).
- Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER; (bso#8509).
- smbd doesn't correctly honor the "force create mode" bits from a cifsfs
create; (bso#8507).
- Default user entry is set to minimal permissions on incoming ACL change with
no user specified; (bso#8443).
- smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509).
- Handle the SECINFO_LABEL flag in the same was as Win2k3; enable Microsoft
Internet Explorer 9 on Windows 7 to download files; (bso#8458).
- DFS breaks zip file extracting unless "follow symlinks = no" set;
(bso#8493).
- s3-docs: Fix typos.
- s3:smb2_server: SMB2_OP_CANCEL requests don't have to be signed; (bso#8503).
- Remove "experimental" label on VFS ACL modules; (bso#8494).
- acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480).
- s3-smbd: asserts when SMB2 client breaks the crediting rules; (bso#8476).
- s3-libnet: allow to use default krb5 ccache in libnet_Join/libnet_Unjoin;
(bso#7465).
- smb2_find uses a hard coded max reply size of 0x10000 instead of
smb2_max_trans; (bso#8473).
- s3-netapi: allow to use default krb5 credential cache for libnetapi users.
- s3-docs: document -k switch in net manpage.
- Map to guest can return uninitialized blob of data; (bso#8477).
- s3-registry: registry/reg_format.c must include includes.h; (bso#8401).
- smbclient segfaults when option -m is used for legacy dialects; (bso#8453).
- Fix 'widelinks' regression intro'd in 3.2; (bso#8229).
- Compound SMB2 requests on an IPC connection can corrupt the reply stream;
(bso#8429).
- s3-spoolss: Fix bug forms migration; (bso#8351).
- s3:libsmb: check the wct of the incoming SMBnegprot responses; (bso#8452).
- s3: Do not fork the echo handler for smb2; (bso#8334).
- s3-spoolss: Fix bug empty notify servername; (bso#8236).
- SMB2 server can return requests out-of-order when processing a compound
request; (bso#8407).
- Remove smb child crash fix. The issue had been fixed upstream differently.
- BuildRequire ctdb-devel version greater than 1.0.105 for post-10.0 systems.
OBS-URL: https://build.opensuse.org/request/show/87294
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=104
- Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER; (bso#8509).
- smbd doesn't correctly honor the "force create mode" bits from a cifsfs
create; (bso#8507).
- Default user entry is set to minimal permissions on incoming ACL change with
no user specified; (bso#8443).
- smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509).
- Handle the SECINFO_LABEL flag in the same was as Win2k3; enable Microsoft
Internet Explorer 9 on Windows 7 to download files; (bso#8458).
- DFS breaks zip file extracting unless "follow symlinks = no" set;
(bso#8493).
- s3-docs: Fix typos.
- s3:smb2_server: SMB2_OP_CANCEL requests don't have to be signed; (bso#8503).
- Remove "experimental" label on VFS ACL modules; (bso#8494).
- acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480).
- s3-smbd: asserts when SMB2 client breaks the crediting rules; (bso#8476).
- s3-libnet: allow to use default krb5 ccache in libnet_Join/libnet_Unjoin;
(bso#7465).
- smb2_find uses a hard coded max reply size of 0x10000 instead of
smb2_max_trans; (bso#8473).
- s3-netapi: allow to use default krb5 credential cache for libnetapi users.
- s3-docs: document -k switch in net manpage.
- Map to guest can return uninitialized blob of data; (bso#8477).
- s3-registry: registry/reg_format.c must include includes.h; (bso#8401).
- smbclient segfaults when option -m is used for legacy dialects; (bso#8453).
- Fix 'widelinks' regression intro'd in 3.2; (bso#8229).
- Compound SMB2 requests on an IPC connection can corrupt the reply stream;
(bso#8429).
- s3-spoolss: Fix bug forms migration; (bso#8351).
- s3:libsmb: check the wct of the incoming SMBnegprot responses; (bso#8452).
- s3: Do not fork the echo handler for smb2; (bso#8334).
- s3-spoolss: Fix bug empty notify servername; (bso#8236).
- SMB2 server can return requests out-of-order when processing a compound
request; (bso#8407).
- Remove smb child crash fix. The issue had been fixed upstream differently.
- BuildRequire ctdb-devel version greater than 1.0.105 for post-10.0 systems.
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=190
- Spec file cleanup as suggested by the spec-cleaner tool.
+ Make all BuildRequires, PreReq, and Provides a separate line.
+ Use %{buildroot} instead of ${RPM_BUILD_ROOT}.
+ Use straight commands instead of macros (make, install).
+ Use -p in post and postun if we only call one command.
+ Use %{_localstatedir} instead of %{_var} in the filelist.
+ Remove superfluous AutoReqProv on lines.
- Remove %release from all Provides.
- Fix segfault in iconv.c which caused a null pointer dereference; (bso#8433).
- Use /var/run for the cifs state file in the init script too; (bnc#710304).
- Fix CUPS print job IDs; (bso#7288); (bnc#701257).
OBS-URL: https://build.opensuse.org/request/show/81727
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=102
+ Make all BuildRequires, PreReq, and Provides a separate line.
+ Use %{buildroot} instead of ${RPM_BUILD_ROOT}.
+ Use straight commands instead of macros (make, install).
+ Use -p in post and postun if we only call one command.
+ Use %{_localstatedir} instead of %{_var} in the filelist.
+ Remove superfluous AutoReqProv on lines.
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=188
- Microsoft Word from Microsoft Office 2007 fails to save as on a share with
SMB2; (bso#8412).
- Use sys_write and sys_read in fork_domain_child to fix a winbind race
leading to 100% CPU usage; (bso#8409).
- Fix wrong reply to smb2 durable handle reconnect (DHnC) request; (bso#8428).
- Fix infinite loop in ACL module code; (bso#8422).
- Fix getent group if trusted domains are not reachable; (bso#8420).
- smbclient can't access a NT4 share since 3.6.0; (bso#8385).
- Optimize serverid_exists() for Solaris; (bso#8395).
- talloc:
+ check block count after references test.
+ added test suite for talloc_free_children().
+ license info erratum in the manpage.
+ fix typos and better differentiation between versions 1 and 2.
+ preserve context name on talloc_free_children().
+ ensure the sibling linked list remains valid during a free.
OBS-URL: https://build.opensuse.org/request/show/80338
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=100
- talloc:
- check block count after references test.
- added test suite for talloc_free_children().
- license info erratum in the manpage.
- fix typos and better differentiation between versions 1 and 2.
- preserve context name on talloc_free_children().
- ensure the sibling linked list remains valid during a free.
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=181
- Optimize serverid_exists() for Solaris; (bso#8395).
- talloc: check block count after references test.
- talloc: added test suite for talloc_free_children().
- talloc: license info erratum in the manpage.
- talloc: fix typos and better differentiation between versions 1 and 2.
- talloc: preserve context name on talloc_free_children().
- talloc: ensure the sibling linked list remains valid during a free.
- vfs_chown_fsp returned in the wrong directory; (bso#8370).
- Remove irritating "." targets when recent system libs exist; (bso#8369).
- Correctly initialize "idmap config * : script" with NULL; (bso#8368).
- Add missing include to suppress compiler warnings; (bso#8365).
- Point the chain offset beyond the current request; (bso#8360).
- Fix gpfs vfs module build; (bso#8364).
- Make vfs_prealloc even build on older systems; (bso#8363).
- Do central cli_set_error and return the actual NTSTATUS; (bso#7864).
OBS-URL: https://build.opensuse.org/request/show/79967
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=98
- talloc: check block count after references test.
- talloc: added test suite for talloc_free_children().
- talloc: license info erratum in the manpage.
- talloc: fix typos and better differentiation between versions 1 and 2.
- talloc: preserve context name on talloc_free_children().
- talloc: ensure the sibling linked list remains valid during a free.
- vfs_chown_fsp returned in the wrong directory; (bso#8370).
- Remove irritating "." targets when recent system libs exist; (bso#8369).
- Correctly initialize "idmap config * : script" with NULL; (bso#8368).
- Add missing include to suppress compiler warnings; (bso#8365).
- Point the chain offset beyond the current request; (bso#8360).
- Fix gpfs vfs module build; (bso#8364).
- Make vfs_prealloc even build on older systems; (bso#8363).
- Do central cli_set_error and return the actual NTSTATUS; (bso#7864).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=178
- Update to 3.6.0.
- Remove references to disabled vscan build.
- Add missing define, includes, and initialization to get_printing_ticket.
- Use /var/run for the cifs state file; (bnc#710304).
- Fix #ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION issue; (bso#8303).
- File copy aborts with smb2_validate_message_id: bad message_id; (bso#8335).
- Fix reload of the configuration and also reload activated registry shares;
(bso#8327).
- WinXP cannot join a Samba3 domain with a 'even' hostname; (bso#8326).
- smbclient cannot list directories from a big-endian machine; (bso#8324).
- Update to 3.6.0rc3.
- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are
affected by a cross-site scripting vulnerability; CVE-2011-2694; (bso#8289);
(bnc#708503).
- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are
affected by a cross-site request forgery; CVE-2011-2522; (bso#8290);
(bnc#705241).
- Make use of the actual library version as part of the package name on
post-11.3 systems only.
- Improve ctdb vacuuming performance with use of SCHEDULE_FOR_DELETION;
(bnc#705170).
- Specify nmbdsocketdir at configure time; (bnc#700953).
- Build the tdb, talloc, and tevent libraries ahead of anything else.
- Update to 3.6.0rc2.
- Make cupsaddsmb fill printers location; (bso#8132); (bnc#698209).
- Add "winbind max clients" parameter to remove 200-client
limit; (bnc#697461).
- Disable logon cache for password lockout consistency when
running in a cluster; (bnc#694836).
- Fix logon of AD users with many group memberships; (bso#6911);
(bnc#657026).
- Don't lockout users while offline; (bso#8166); (bnc#692607).
- Update to 3.6.0rc1.
OBS-URL: https://build.opensuse.org/request/show/78381
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/samba?expand=0&rev=96
+ BUG 7462: Make SA_RESETHAND conditional on its existance.
+ BUG 8303: db_ctdb_send_schedule_for_deletion() is not defined.
+ BUG 8324: smbclient cannot list directories from a big-endian machine.
+ BUG 8326: WinXP cannot join a Samba3 domain with a 'even' hostname.
+ BUG 8327: Fix the reload of the configuration, also reload activated
registry shares.
+ BUG 8328: Cleanup of idmap_tdb2 code.
+ BUG 8330: Fix NFSv4 ACL merging logic.
+ BUG 8335: File copy aborts with smb2_validate_message_id: bad message_id.
+ BUG 8341: Fix segfault in libsmbclient.
+ BUG 8343: Fix SMB2 crash reading with aio_fork beyond the end of file.
+ BUG 8347: Fix regression for HP-UX, AIX and OSF.
+ BUG 8357: Make sure we grant credits on async read/write operations.
+ BUG 8358: Fix a bug in run_poll_events().
+ BUG 8362: Fix build issue on old glibc systems.
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=177
affected by a cross-site scripting vulnerability; CVE-2011-2694; (bso#8289);
(bnc#708503).
- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are
affected by a cross-site request forgery; CVE-2011-2522; (bso#8290);
(bnc#705241).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=166
post-11.3 systems only.
- Improve ctdb vacuuming performance with use of SCHEDULE_FOR_DELETION;
(bnc#705170).
- Specify nmbdsocketdir at configure time; (bnc#700953).
- Build the tdb, talloc, and tevent libraries ahead of anything else.
- Update to 3.6.0rc2.
- Make cupsaddsmb fill printers location; (bso#8132); (bnc#698209).
- Add "winbind max clients" parameter to remove 200-client
limit; (bnc#697461).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=165
+ Fix Winbind crash bug when no DC is available; (bso#7730).
+ Fix finding users on domain members; (bso#7743).
+ Fix memory leaks in Winbind; (bso#7879).
+ Fix printing with Windows 7 clients; (bso#7567).
+ Fix 'testparm' return code when EOF in encountered in param name;
(bso#3185).
+ Make "rlimit_max below minimum Windows limit" notification less scary;
(bso#6837).
+ Fix "Your Password expires today" message for users of trusted domains;
(bso#7066).
+ Fix maintaining of users' groups via UsrMgr; (bso#7262).
+ Fix 'net ads dns register' in Windows 2008 R2 domains; (bso#7356).
+ Raise debug level for "reduce_name: couldn't get realpath" messages;
(bso#7409).
+ Fix updating the time on close in vfs_gpfs; (bso#7498).
+ Fix "log=>ndr_pull_error" in 'wbinfo -u' and 'wbinfo -g'; (bso#7594).
+ Handle Windows 9x adddriver calls without config file; (bso#7641).
+ Fix scalability problem with hundreds of printers; (bso#7656).
+ Fix memory leak in the netapi routines; (bso#7665).
+ Store unmodified copies of security descriptors in acl_xattr and acl_tdb
modules; (bso#7716).
+ Fix incorrect unix mode_t caused by invalid client DOS attributes on
create; (bso#7733).
+ Apply appropriate create masks when creating files with "inherit ACLs" set
to true; (bso#7734).
+ Fix "dfree cache time" parameter; (bso#7744).
+ Fix a getgrent crash with many groups; (bso#7774).
+ Fix requesting lookups for BUILTIN sids; (bso#7777).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=161
- Add X-UnitedLinux-Default-Enabled to the cifs init script on pre-11.4
systems.
- Move the cifs init script nfs dependencies from Required to Should.
- Fix error paths in cups_async_callback(), an empty cups printer list should
not be treated as an error; (bnc#661842).
- Abide by printcap cache time, reload parent smbd pcap cache on expiry;
(bso#7836); (bnc#625936).
- Fix race in cups async printer services reload; (bso#7836); (bnc#625936).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=150
systems; (bnc#661845).
- Don't tweak with baselibs.conf during %post if not present; (bnc#652620).
- Don't make use of baselibs.conf on SUSE Linux Enterprise 10; (bnc#652620).
- Don't use --tmpdir as this option isn't known by mktemp of SUSE Linux
Enterprise 10; (bnc#652620).
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=148
- Add Conflicts to the samba-gplv3 main, client, doc, krb-printing, winbind,
client-gplv2, and doc-gplv2 packages; (bnc#652620).
- Add Provides samba-client-gplv2 and samba-doc-gplv2 to pre-3.2 versions;
(bnc#652620).
- Obsolete samba-client-gplv2 and samba-doc-gplv2; (bnc#652620).
- Remove Provides samba-client:/usr/sbin/winbindd from the samba-gplv3-winbind
package to avoide an accidental install trigger; (bnc#652620).
- Add Provides samba-client to the samba-gplv3-client package; (bnc#652620).
- Remove all Obsoletes from the samba-gplv3 packages and only keep the
Provides samba; (bnc#652620).
- Add fitting Conflicts to all samba-gplv3 packages; (bnc#652620).
- Reduce unnecessary ldap round trips and eliminate invalid DN
messages; (bnc#654719).
- Exclude cifs-mount and ldapsmb from the samba-gplv3 build of SUSE Linux
Enterprise 10 SP 3 and 4.
- Change package base name to samba-gplv3 for SUSE Linux Enterprise 10 SP 4.
- Do not package libsmbclient and libsmbsharemodes.
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=146
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
