samba/samba.changes

14365 lines
603 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

-------------------------------------------------------------------
Thu Oct 31 13:20:25 UTC 2024 - Noel Power <nopower@suse.com>
- Add placeholder changelog for sle15-sp7; (jsc#PED-11210).
-------------------------------------------------------------------
Wed Oct 16 13:52:25 UTC 2024 - Noel Power <nopower@suse.com>
- Adjust spec to split out rpcd_* binaries into a separate
sub package; (bsc#1231414).
-------------------------------------------------------------------
Tue Oct 15 13:23:26 UTC 2024 - Noel Power <nopower@suse.com>
- Update to 4.21.1
* DH reconnect error handling can lead to stale sharemode
entries; (bso#15624).
* "inherit permissions = yes" triggers assert() in vfs_default
when creating a stream; (bso#15695).
* Samba 4.21.0 broke FreeIPA domain member integration;
(bso#15715).
* Missing conversion for msDS-UserTGTLifetime, msDS-
ComputerTGTLifetime and msDS-ServiceTGTLifetime on "samba-
tool domain auth policy modify"; (bso#15692).
* irpc_destructor may crash during shutdown; (bso#15280).
* Durable handle is not granted when a previous OPEN exists
with NoOplock; (bso#15649).
* Durable handle is granted but reconnect fails; (bso#15651).
* Disconnected durable handles with RH lease should not be
purged by a new non conflicting open; (bso#15708).
* net ads testjoin and other commands use the wrong secrets.tdb
in a cluster; (bso#15714).
* 4.21 using --with-system-mitkrb5 requires MIT krb5 1.16 as
rfc 8009 etypes are used; (bso#15726).
* VFS_OPEN_HOW_WITH_BACKUP_INTENT breaks shadow_copy2;
(bso#15730).
* Samba 4.20.0 DLZ module crashes BIND on startup; (bso#15643).
* Cannot build libldb lmdb backend on a build without AD DC;
(bso#15721).
* Consistent log level for sighup handler; (bso#15706).
-------------------------------------------------------------------
Wed Sep 25 14:52:10 UTC 2024 - Noel Power <nopower@suse.com>
- Support needed packaging changes required update to samba-4.21.0
Update samba.spec, baselibs.conf to deliver libldb packages.
-------------------------------------------------------------------
Thu Sep 5 07:29:17 UTC 2024 - David Disseldorp <ddiss@suse.com>
- Package ceph_new VFS module.
-------------------------------------------------------------------
Thu Sep 5 07:13:01 UTC 2024 - David Disseldorp <ddiss@suse.com>
- Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated;
(bso#15699); (bsc#1229684).
-------------------------------------------------------------------
Wed Aug 28 17:31:35 UTC 2024 - Noel Power <nopower@suse.com>
- Bad variable definition for ParseTuple causing test failure for
Smb3UnixTests.test_create_context_reparse; (bso#15702).
-------------------------------------------------------------------
Wed Aug 28 09:01:29 UTC 2024 - Noel Power <nopower@suse.com>
- Update to 4.21.0
* Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when
truncated; (bso#15699).
* Bad variable definition for ParseTuple causing test failure
for Smb3UnixTests.test_create_context_reparse; (bso#15702).
* Add new vfs_ceph module (based on low level API);
(bso#15686).
* samba-tool can not load the default configuration file;
(bso#15698).
* Crash when readlinkat fails; (bso#15700).
* Can't add/delete special keys to keytab for nfs, cifs, http
etc; (bso#15689).
* Compound SMB2 requests don't return
NT_STATUS_NETWORK_SESSION_EXPIRED for all requests, confuses
MacOSX clients; (bso#15696).
* --version-* options are still not ergonomic, and they reject
tilde characters; (bso#15673).
* ldb_version.h is missing from ldb public library;
(bso#15690).
* Can not add/delete special keys to keytab for nfs, cifs, http
etc; (bso#15689).
* undefined reference to winbind_lookup_name_ex; (bso#15687).
* per user veto and hide file syntax is to complex;
(bso#15688).
-------------------------------------------------------------------
Wed Aug 7 09:47:14 UTC 2024 - Noel Power <nopower@suse.com>
- Fix a crash when joining offline and 'kerberos method' includes
keytab; (bsc#1228732).
-------------------------------------------------------------------
Tue Aug 6 10:51:13 UTC 2024 - Noel Power <noel.power@suse.com>
- Update to 4.20.4
* --version-* options are still not ergonomic, and they reject
tilde characters; (bso#15673).
- Update to 4.20.3
* Running samba-bgqd a a standalone systemd service does not
work; (bso#15683).
* When claims enabled with heimdal kerberos, unable to log on
to a Windows computer when user account need to change their
own password; (bso#15655).
* Invalid client warning about command line passwords;
(bso#15671).
* Version string is truncated in manpages; (bso#15672).
* cmdline_burn does not always burn secrets; (bso#15674).
* Samba does not parse SDDL found in defaultSecurityDescriptor
in AD_DS_Classes_Windows_Server_v1903.ldf; (bso#15685).
* The images don\'t build after the git security release and
CentOS 8 Stream is EOL; (bso#15660).
* Fix clock skew error message and memory cache clock skew
recovery; (bso#15676).
* Heimdal ignores _gsskrb5_decapsulate errors in
init_sec_context/repl_mutual; (bso#15603).
* s4:ldap_server: does not support tls channel bindings for
sasl binds; (bso#15621).
* CTDB socket output queues may suffer unbounded delays under
some special conditions; (bso#15678).
-------------------------------------------------------------------
Wed Jul 17 11:18:52 UTC 2024 - Samuel Cabrero <scabrero@suse.de>
- Update samba-tool package to require python3-Markdown also in
the Heimdal ADDC build.
-------------------------------------------------------------------
Thu Jul 4 10:34:20 UTC 2024 - Samuel Cabrero <scabrero@suse.de>
- Fix named crash when using samba's DLZ plugin; (bsc#1224003);
(bso#15643);
-------------------------------------------------------------------
Thu Jul 4 10:30:10 UTC 2024 - pgajdos@suse.com
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang macro, [bsc#1212476]
-------------------------------------------------------------------
Wed Jun 19 15:02:44 UTC 2024 - Noel Power <nopower@suse.com>
- Update to 4.20.2
* vfs_widelinks with DFS shares breaks case insensitivity;
(bso#15662); (bsc#1213607).
* Samba build is not reproducible; (bso#13213).
* ldb qsort might r/w out of bounds with an intransitive
compare function; (bso#15569).
* Many qsort() comparison functions are non-transitive, which
can lead to out-of-bounds access in some circumstances;
(bso#15625).
* Need to change gitlab-ci.yml tags in all branches to avoid CI
bill; (bso#15638).
* We have added new options --vendor-name and --vendor-patch-
revision arguments to ./configure to allow distributions and
packagers to put their name in the Samba version string so
that when debugging Samba the source of the binary is
obvious; (bso#15654).
* CTDB RADOS mutex helper misses namespace support;
(bso#15665).
* Dynamic DNS updates with the internal DNS are not working;
(bso#13019).
* netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with
SysvolReady=0; (bso#14981).
* Anonymous smb3 signing/encryption should be allowed (similar
to Windows Server 2022); (bso#15412).
* Panic in dreplsrv_op_pull_source_apply_changes_trigger;
(bso#15573).
* s4:nbt_server: does not provide unexpected handling, so
winbindd can't use nmb requests instead cldap; (bso#15620).
* winbindd, net ads join and other things don't work on an ipv6
only host; (bso#15642).
* Segmentation fault when deleting files in vfs_recycle;
(bso#15659).
* Panic in vfs_offload_token_db_fetch_fsp(); (bso#15664).
* "client use kerberos" and --use-kerberos is ignored for the
machine account; (bso#15666).
* Regression DFS not working with widelinks = true;
(bso#15435).
* samba-gpupdate - Invalid NtVer in netlogon_samlogon_response;
(bso#15633).
* idmap_ad creates an incorrect local krb5.conf in case of
trusted domain lookups; (bso#15653).
* The images don't build after the git security release and
CentOS 8 Stream is EOL; (bso#15660).
-------------------------------------------------------------------
Mon Jun 3 07:09:54 UTC 2024 - Samuel Cabrero <scabrero@suse.de>
- Fix non deterministic builds; (bsc#1225754); (bso#13213);
-------------------------------------------------------------------
Thu May 16 10:47:57 UTC 2024 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.20.1
* dns update debug message is too noisy; (bso#15630);
* Do not fail PAC validation for RFC8009 checksums types; (bso#15635);
* Improve performance of lookup_groupmem() in idmap_ad; (bso#15605);
* Smbcacls incorrectly propagates inheritance with Inherit-Only flag; (bso#15636);
* http library doesn't support 'chunked transfer encoding'; (bso#15611);
* Provide a systemd service file for the background queue daemon; (bso#15600);
- Update to 4.20.0
New features:
* samba-tool user getpassword / syncpasswords ;rounds= change
* Group Managed service account client-side features
* New Windows Search Protocol Client
* Allow 'smbcacls' to save/restore DACLs to file
* Samba-tool extensions for AD Claims, Authentication Policies and Silos
* AD DC support for Authentication Silos and Authentication Policies
* Conditional ACEs and Resource Attribute ACEs
* Service Witness Protocol [MS-SWN]
Removed features:
* Get locally logged on users from utmp
Fixed bugs:
* Avoid null-dereference with bad claims; (bso#15606);
* ndr_pull_security_ace can leave resource attribute ACE coda
claim struct undefined; (bso#15613);
* fd_handle_destructor() panics within an smbd_smb2_close() if
vfs_stat_fsp() fails in fd_close(); (bso#15527);
* set_nt_acl sometimes fails with NT_STATUS_INVALID_PARAMETER -
openat() EACCES; (bso#15583);
* libgpo: Segfault in python bindings; (bso#15599);
* Samba AD is missing some authentication policy tests;
(bso#15607);
* samba-gpupdate: Correctly implement site support; (bso#15588);
* Remove unsupported "Final" keyword missing from Python 3.6;
(bso#15575);
* Additional witness backports for 4.20.0; (bso#15577);
* Error output with wspsearch; (bso#15579);
* Packet marshalling push support missing for
CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and
CTDB_CONTROL_TCP_CLIENT_PASSED; (bso#15580);
* Performance regression for NDR parsing of security
descriptors; (bso#15574);
* Build and install man page for wspsearch client utility;
(bso#15565);
-------------------------------------------------------------------
Tue Feb 20 09:58:03 UTC 2024 - Noel Power <nopower@suse.com>
- Update to 4.19.5
* Windows 2016 fails to restore previous version of a file from
a shadow_copy2 snapshot; (bso#13688).
* Symlinks on AIX are broken in 4.19 (and a few version before
that); (bso#15549).
* Fake directory create times has no effect; (bso#12421).
* ctime mixed up with mtime by smbd; (bso#15550).
* samba-gpupdate --rsop fails if machine is not in a site;
(bso#15548).
* gpupdate: The root cert import when NDES is not available is
broken; (bso#15557).
* samba-gpupdate should print a useful message if cepces-submit
can't be found; (bso#15552).
* samba-gpupdate logging doesn't work; (bso#15558).
* smbpasswd reset permissions only if not 0600; (bso#15555).
-------------------------------------------------------------------
Fri Jan 10 12:01:49 UTC 2024 - Noel Power <nopower@suse.com>
- Remove -x from bash shebang update-apparmor-samba-profile;
(bsc#1218431).
-------------------------------------------------------------------
Tue Jan 9 09:42:53 UTC 2024 - Noel Power <nopower@suse.com>
- Update to 4.19.4
* net changesecretpw cannot set the machine account password if
secrets.tdb is empty; (bso#13577).
* For generating doc, take, if defined, env XML_CATALOG_FILES;
(bso#15540).
* Trivial C typo in nsswitch/winbind_nss_netbsd.c; (bso#15541).
* vfs_linux_xfs is incorrectly named; (bso#15542).
* systemd stumbled over copyright-message at smbd startup;
(bso#15377).
* Following intermediate abolute share-local symlinks is
broken; (bso#15505).
* ctdb RELEASE_IP causes a crash in release_ip if a connection
to a non-public address disconnects first; (bso#15523).
* shadow_copy2 broken when current fileset's directories are
removed; (bso#15544).
* smbd does not detect ctdb public ipv6 addresses for
multichannel exclusion; (bso#15534).
* 'force user = localunixuser' doesn't work if 'allow trusted
domains = no' is set; (bso#15469).
* smbget debug logging doesn't work; (bso#15525).
* smget: username in the smburl and interactive password entry
doesn't work; (bso#15532).
* smbget auth function doesn't set values for password prompt
correctly; (bso#15538).
* Unable to copy and write files from clients to Ceph cluster
via SMB Linux gateway with Ceph VFS module; (bso#15440).
* Multichannel refresh network information; (bso#15547).
-------------------------------------------------------------------
Mon Nov 27 12:43:02 UTC 2023 - Noel Power <nopower@suse.com>
- Update to 4.19.3
* sid_strings test broken by unix epoch > 1700000000;
(bso#15520).
* smbd crashes if asked to return full information on close of
a stream handle with delete on close disposition set;
(bso#15487).
* smbd: fix close order of base_fsp and stream_fsp in
smb_fname_fsp_destructor(); (bso#15521).
* Improve logging for failover scenarios; (bso#15499).
* Files without "read attributes" NFS4 ACL permission are not
listed in directories; (bso#15093).
* CVE-2018-14628 [SECURITY] Deleted Object tombstones visible
in AD LDAP to normal users; (bso#13595).
* Kerberos TGS-REQ with User2User does not work for normal
accounts; (bso#15492).
* vfs_gpfs stat calls fail due to file system permissions;
(bso#15507).
* Samba doesn't build with Python 3.12; (bso#15513).
-------------------------------------------------------------------
Mon Oct 23 18:59:15 UTC 2023 - David Mulder <dmulder@suse.com>
- packaging: samba-tool domain provision requires python3-Markdown;
(bsc#1216519).
-------------------------------------------------------------------
Mon Oct 16 16:04:22 UTC 2023 - Noel Power <nopower@suse.com>
- Update to 4.19.2
* Use-after-free in aio_del_req_from_fsp during smbd shutdown
after failed IPC FSCTL_PIPE_TRANSCEIVE; (bso#15423).
* clidfs.c do_connect() missing a "return" after a
cli_shutdown() call; (bso#15426).
* macOS mdfind returns only 50 results; (bso#15463).
* GETREALFILENAME_CACHE can modify incoming new filename with
previous cache entry value; (bso#15481).
* libnss_winbind causes memory corruption since samba-4.18,
impacts sendmail, zabbix, potentially more; (bso#15464).
* ctdbd: setproctitle not initialized messages flooding logs;
(bso#15479).
* CVE-2023-5568 Heap buffer overflow with freshness tokens in
the Heimdal KDC in Samba 4.19; (bso#15491).
* The heimdal KDC doesn't detect s4u2self correctly when fast
is in use; (bso#15477).
-------------------------------------------------------------------
Thu Oct 12 11:33:44 UTC 2023 - Noel Power <nopower@suse.com>
- packaging: Remove /etc/slp.reg.d from samba spec file;
(bsc#1216160)
-------------------------------------------------------------------
Thu Oct 12 11:04:26 UTC 2023 - Noel Power <nopower@suse.com>
- use systemd-logind rather than utmp for y2038 safety;
(bsc#1216159).
-------------------------------------------------------------------
Tue Oct 10 15:12:38 UTC 2023 - Noel Power <nopower@suse.com>
- CVE-2023-4091: samba: Client can truncate file with read-only
permissions; (bsc#1215904); (bso#15439).
- CVE-2023-42669: samba: rpcecho, enabled and running in AD DC,
allows blocking sleep on request; (bso#1215905); (bso#15474).
- CVE-2023-42670: samba: The procedure number is out of range
when starting Active Directory Users and Computers;
(bsc#1215906); (bso#15473).
- CVE-2023-3961: samba: Unsanitized client pipe name passed to
local_np_connect(); (bsc#1215907); (bso#15422).
- CVE-2023-4154: samba: dirsync allows SYSTEM access with only
"GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES;
(bsc#1215908); (bso#15424).
-------------------------------------------------------------------
Tue Sep 26 08:36:43 UTC 2023 - Noel Power <nopower@suse.com>
- Update to 4.19.0
* File doesn't show when user doesn't have permission if
aio_pthread is loaded; (bso#15453).
* ctdb_killtcp fails to work with --enable-pcap and libpcap ≥
1.9.1; (bso#15451).
* Logging to stdout/stderr with DEBUG_SYSLOG_FORMAT_ALWAYS can
log to syslog; (bso#15460).
* samba-tool domain level raise fails unless given a URL;
(bso#15458).
* reply_sesssetup_and_X() can dereference uninitialized tmp
pointer; (bso#15420).
* missing return in reply_exit_done(); (bso#15430).
* TREE_CONNECT without SETUP causes smbd to use uninitialized
pointer; (bso#15432).
* Avoid infinite loop in initial user sync with Azure AD
Connect when synchronising a large Samba AD domain;
(bso#15401).
* Samba replication logs show (null) DN; (bso#15407).
* 2-3min delays at reconnect with
smb2_validate_sequence_number: bad message_id 2; (bso#15346).
* DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed;
(bso#15446).
* CID 1539212 causes real issue when output contains only
newlines; (bso#15438).
* KDC encodes INT64 claims incorrectly; (bso#15452).
* mdssvc: Do an early talloc_free() in _mdssvc_open();
(bso#15449).
* Windows client join fails if a second container CN=System
exists somewhere; (bso#9959).
* regression DFS not working with widelinks = true;
(bso#15435).
* Heimdal fails to build on 32-bit FreeBSD; (bso#15443).
* samba-tool ntacl get segfault if aio_pthread appended;
(bso#15441).
-------------------------------------------------------------------
Mon Aug 21 15:16:35 UTC 2023 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.18.6
* reply_sesssetup_and_X() can dereference uninitialized tmp pointer;
(bso#15420);
* Missing return in reply_exit_done(); (bso#15430);
* post-exec password redaction for samba-tool is more reliable for fully
random passwords as it no longer uses regular expressions containing the
password value itself; (bso#15289);
* Windows client join fails if a second container CN=System exists somewhere;
(bso#9959);
* Spotlight sometimes returns no results on latest macOS; (bso#15342);
* Renaming results in NT_STATUS_SHARING_VIOLATION if previously attempted to
remove the destination; (bso#15417);
* Spotlight results return wrong date in result list; (bso#15427);
* "net offlinejoin provision" does not work as non-root user; (bso#15414);
* rpcserver no longer accepts double backslash in dfs pathname; (bso#15400);
* cm_prepare_connection() calls close(fd) for the second time; (bso#15433);
* 2-3min delays at reconnect with smb2_validate_sequence_number: bad
message_id 2; (bso#15346);
* samba-tool ntacl get segfault if aio_pthread appended; (bso#15441);
* DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed; (bso#15446);
* Python tarfile extraction needs change to avoid a warning (CVE-2007-4559
mitigation); (bso#15390);
* Regression DFS not working with widelinks = true; (bso#15435);
* mdssvc: Do an early talloc_free() in _mdssvc_open(); (bso#15449);
-------------------------------------------------------------------
Tue Aug 8 15:40:54 UTC 2023 - Samuel Cabrero <scabrero@suse.de>
- Move libcluster-samba4.so from samba-libs to samba-client-libs;
(bsc#1213940);
-------------------------------------------------------------------
Wed Jul 19 14:35:34 UTC 2023 - Noel Power <nopower@suse.com>
- Update to 4.18.5
* CVE-2022-2127: lm_resp_len not checked properly in
winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174).
* CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite
Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173).
* CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type
Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172).
* CVE-2023-34968: Spotlight server-side Share Path Disclosure;
(bso#15388); (bsc#1213171).
* CVE-2023-3347: Samba doesn't require SMB2+ signing if
`server signing = mandatory` is set; (bso#15397); (bsc#1213170).
* secure channel faulty since Windows 10/11 update 07/2023;
(bso#15418); (bsc#1213384).
-------------------------------------------------------------------
Thu Jul 6 15:30:58 UTC 2023 - Noel Power <nopower@suse.com>
- Update to 4.18.4
* Backport --pidl-developer fixes; (bso#15404).
* Named crashes on DLZ zone update; (bso#14030).
* smbcacls and smbcquotas do not check // before the server;
(bso#2312).
* cli_list loops 100% CPU against pre-lanman2 servers;
(bso#15382).
* smbclient leaks fds with showacls; (bso#15391).
* smbd returns NOT_FOUND when creating files on a r/o
filesystem; (bso#15402).
* NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry
and causes test timeouts; (bso#15355).
* net ads lookup (with unspecified realm) fails; (bso#15384).
* Register Samba processes with GPFS; (bso#15381).
* Python tarfile extraction needs change to avoid a warning
(CVE-2007-4559 mitigation); (bso#15390).
* The winbind child segfaults when listing users with `winbind
scan trusted domains = yes`; (bso#15398).
* Remove comments about deprecated 'write cache size';
(bso#15383).
* smbget memory leak if failed to download files recursively;
(bso#15403).
-------------------------------------------------------------------
Thu Jun 1 08:48:25 UTC 2023 - Noel Power <nopower@suse.com>
- Update to 4.18.3
* Symlinks to files can have random DOS mode information in a
directory listing; (bso#15375).
* vfs_fruit might cause a failing open for delete; (bso#15378).
* winbind recurses into itself via rpcd_lsad; (bso#15361).
* wbinfo -u fails on ad dc with >1000 users; (bso#15366).
* DS ACEs might be inherited to unrelated object classes;
(bso#15338).
* a lot of messages: get_static_share_mode_data:
get_static_share_mode_data_fn failed: NT_STATUS_NOT_FOUND;
(bso#15362).
* aes256 smb3 encryption algorithms are not allowed in
smb3_sid_parse(); (bso#15374).
* Setting veto files = /.*/ break listing directories;
(bso#15360).
* "samba-tool domain provision" does not run interactive mode
if no arguments are given; (bso#15363).
* dsgetdcname: assumes local system uses IPv4; (bso#15325).
- Update to 4.18.2
* Log flood: smbd_calculate_access_mask_fsp: Access denied:
message level should be lower; (bso#15302).
* Floating point exception (FPE) via cli_pull_send at
source3/libsmb/clireadwrite.c; (bso#15306).
* test_tstream_more_tcp_user_timeout_spin fails intermittently
on Rackspace GitLab runners; (bso#15328).
* Reduce flapping of ridalloc test; (bso#15329).
* large_ldap test is unreliable; (bso#15351).
* New filename parser doesn't check veto files smb.conf
parameter; (bso#15143).
* mdssvc may crash when initializing; (bso#15354).
* large directory optimization broken for non-lcomp path
elements; (bso#15313).
* streams_depot fails to create streams; (bso#15357).
* shadow_copy2 and streams_depot don't play well together;
(bso#15358).
* Flapping tests in samba_tool_drs_show_repl.py; (bso#15316).
* winbindd idmap child contacts the domain controller without a
need; (bso#15317).
* idmap_autorid may fail to map sids of trusted domains for the
first time; (bso#15318).
* idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings;
(bso#15319).
* net ads search -P doesn't work against servers in other
domains; (bso#15323).
* Temporary smbXsrv_tcon_global.tdb can't be parsed;
(bso#15353).
* Tests use depricated and removed methods like
assertRegexpMatches; (bso#15343).
-------------------------------------------------------------------
Wed Mar 29 15:10:50 UTC 2023 - Noel Power <nopower@suse.com>
- Update to 4.18.1
* CVE-2023-0225: AD DC "dnsHostname" attribute can be
deleted by unprivileged authenticated users.
(bso#15276);(bsc#1209483).
* CVE-2023-0614: Access controlled AD LDAP attributes can be
discovered (bso#15270); (bsc#1209485).
* CVE-2023-0922: Samba AD DC admin tool samba-tool sends
passwords in cleartext(bso#15315);(bsc#1209481).
* ldb wildcard matching makes excessive allocations;
(bso#15331).
* large_ldap test is inefficient; (bso#15332).
-------------------------------------------------------------------
Fri Mar 17 08:09:32 UTC 2023 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.18.0
* SMB server performance improvements
* More succinct samba-tool error messages
* Color output with samba-tool --color
The NO_COLOR environment variable will disable colour output
* New samba-tool dsacl subcommand for deleting ACEs
* New wbinfo option --change-secret-at
* Net option to change the NT ACL default location
* Azure AD / Office365 synchronization improvements
-------------------------------------------------------------------
Tue Feb 14 08:21:13 UTC 2023 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.17.5
* smbc_getxattr() return value is incorrect; (bso#14808);
* Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled
correctly; (bso#15172);
* synthetic_pathref AFP_AfpInfo failed errors; (bso#15210);
* samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC
when there is only an AAAA record for the DC in DNS; (bso#15226);
* smbd crashes if an FSCTL request is done on a stream handle; (bso#15236);
* DFS links don't work anymore on Mac clients since 4.17; (bso#15277);
* vfs_virusfilter segfault on access, directory edgecase
(accessing NULL value); (bso#15283);
* CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) based
SChannel on NETLOGON (additional changes); (bso#15240);
* %U for include directive doesn't work for share listing
(netshareenum); (bso#15243);
* Shares missing from netshareenum response in samba 4.17.4;
(bso#15266);
* ctdb: use-after-free in run_proc; (bso#15269);
* irpc_destructor may crash during shutdown; (bso#15280);
* auth3_generate_session_info_pac leaks wbcAuthUserInfo; (bso#15286);
* smbclient segfaults with use after free on an optimized build;
(bso#15268);
* smbstatus leaking files in msg.sock and msg.lock; (bso#15282);
* Leak in wbcCtxPingDc2; (bso#15164);
* Access based share enum does not work in Samba 4.16+; (bso#15265);
* Crash during share enumeration; (bso#15267);
* rep_listxattr on FreeBSD does not properly check for reads off
end of returned buffer; (bso#15271);
* Avoid relying on C89 features in a few places; (bso#15281);
- named crashes on DLZ zone update; (bso#14030); (bsc#1206996);
- Drop libnsl build requirement; (bsc#1208220);
-------------------------------------------------------------------
Mon Jan 23 09:24:07 UTC 2023 - Noel Power <nopower@suse.com>
- libdsdb-module-samba4 should be packaged as part of samba-libs and
not samba-ad-dc-libs. Additionally no need for it to be
removed conditionally.
-------------------------------------------------------------------
Thu Jan 12 15:24:55 UTC 2023 - Noel Power <nopower@suse.com>
- Clean up logic for PAM migration settings in spec file.
-------------------------------------------------------------------
Wed Jan 4 14:05:15 UTC 2023 - Stefan Schubert <schubi@suse.com>
- Migration of PAM settings to /usr/lib/pam.d.
-------------------------------------------------------------------
Wed Dec 21 12:17:58 UTC 2022 - Noel Power <nopower@suse.com>
- Change with_dc default to 0 (for non TW builds).
-------------------------------------------------------------------
Thu Dec 15 16:45:28 UTC 2022 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.17.4
* CVE-2022-44640 Upstream Heimdal free of user-controlled
pointer in FAST; (bsc#14929);
* CVE-2021-20251 Bad password count not incremented atomically;
(bsc#14611);
* CVE-2022-42898 krb5_pac_parse() buffer parsing vulnerability;
(bsc#15203);
* CVE-2022-37966 rc4-hmac Kerberos session keys issued to
modern servers; (bso#15237);
* CVE-2022-37967 Kerberos constrained delegation ticket forgery
possible against Samba AD DC; (bso#15231);
* CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
and should be avoided; (bso#15240);
* pam_winbind uses time_t and pointers assuming they are of the
same size; (bso#15224);
* Heimdal session key selection in AS-REQ examines wrong entry;
(bso#15219);
* filter-subunit is inefficient with large numbers of
knownfails; (bso#15258);
* smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories;
(bso#15252);
* The KDC logic arround msDs-supportedEncryptionTypes differs
from Windows; (bso#13135);
* libnet: change_password() doesn't work with
dcerpc_samr_ChangePasswordUser4(); (bso#15206);
* Heimdal session key selection in AS-REQ examines wrong entry;
(bso#15219);
* Memory leak in snprintf replacement functions; (bso#15230);
* RODC doesn't reset badPwdCount reliable via an RWDC
(CVE-2021-20251 regression); (bso#15253);
* Prevent EBADF errors with vfs_glusterfs; (bso#15198);
* %U for include directive doesn't work for share listing
(netshareenum); (bso#15243);
* Stack smashing in net offlinejoin requestodj; (bso#15257);
* Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue;
(bso#15197);
* Heimdal session key selection in AS-REQ examines wrong entry;
(bso#15219);
- Remove deprecated if-{down,up} scripts; (bsc#1206444);
- Adjust the systemd drop-in file for named service; (bsc#1201689);
* Paths are additive so do not repeat paths from named.service
* Prefix the samba DLZ directory with "-" to ignore this path
if it does not exists
-------------------------------------------------------------------
Mon Dec 12 08:56:12 UTC 2022 - Stefan Schubert <schubi@suse.com>
- Migration PAM settings to /usr/etc: Saving user changed
configuration files in /etc and restoring them while an RPM
update.
-------------------------------------------------------------------
Thu Dec 1 16:43:05 UTC 2022 - David Mulder <dmulder@suse.com>
- Introduce without-smb1-server spec flag; (bsc#1205104);
-------------------------------------------------------------------
Tue Nov 15 17:14:58 UTC 2022 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.17.3
* CVE-2022-42898: Samba buffer overflow vulnerabilities on 32-bit
systems; (bsc#1205126); (bso#15203);
-------------------------------------------------------------------
Tue Nov 8 17:20:21 UTC 2022 - Ben Greiner <code@bnavigator.de>
- Replace obsolete python-gpgme with python-gpg
* Upstream replaced it in v4.9.5 -- bso#13728
-------------------------------------------------------------------
Tue Oct 25 09:26:59 UTC 2022 - Noel Power <nopower@suse.com>
- Update to 4.17.2
* CVE-2022-3592 [SECURITY] samba: Wide links protection broken;
(bso#15207); (bsc#1204499).
* CVE-2022-3437 [SECURITY] samba: Buffer overflow in Heimdal
unwrap_des3();(bso#15134); (bsc#1204254).
-------------------------------------------------------------------
Wed Oct 19 12:48:21 UTC 2022 - Noel Power <nopower@suse.com>
- Update to 4.17.1
* CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically; (bso#14611).
* smbXsrv_connection_shutdown_send result leaked; (bso#15174).
* Flush on a named stream never completes; (bso#15182).
* Permission denied calling SMBC_getatr when file not exists;
(bso#15195).
* Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC;
(bso#15189).
* pytest: add file removal helpers for TestCaseInTempDir;
(bso#15191).
* CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically; (bso#14611).
* Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC;
(bso#15189).
* Flush on a named stream never completes; (bso#15182).
* vfs_gpfs silently garbles timestamps > year 2106;
(bso#15151).
* CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically; (bso#14611).
* multi-channel socket passing may hit a race if one of the
involved processes already existed; (bso#15200).
* memory leak on temporary of struct imessaging_post_state and
struct tevent_immediate on struct imessaging_context (in
rpcd_spoolss and maybe others); (bso#15201).
* Since popt1.19 various use after free errors using result of
poptGetArg are now exposed; (bso#15205); (boo#1204279).
* Remove special case for O_CREAT in SMB_VFS_OPENAT from
vfs_glusterfs; (bso#15192).
* GETPWSID in memory cache grows indefinetly with each NTLM
auth; (bso#15169).
* CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically; (bso#14611).
- Install a systemd drop-in file for named service to allow
read/write access to the DLZ directory; (bsc#1201689);
-------------------------------------------------------------------
Fri Oct 14 14:20:51 UTC 2022 - Noel Power <nopower@suse.com>
- Fix use after free errors resulting from using return of
poptGetArg exposed since popt-1.19; (boo#1204279); (bso#15205).
-------------------------------------------------------------------
Mon Sep 26 10:40:18 UTC 2022 - Noel Power <nopower@suse.com>
- s3: smbd: Fix memory leak in
smbd_server_connection_terminate_done(); (bso#15174).
-------------------------------------------------------------------
Mon Sep 26 09:38:59 UTC 2022 - Noel Power <nopower@suse.com>
- Disable SMB1 for tumbleweed builds.
-------------------------------------------------------------------
Fri Sep 23 16:22:12 UTC 2022 - Noel Power <nopower@suse.com>
- Update to 4.17.0
* acl_xattr VFS module may unintentionally use filesystem
permissions instead of ACL from xattr; (bso#15126).
* Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1;
(bso#15153).
* assert failed: !is_named_stream(smb_fname)") at
../../lib/util/fault.c:197; (bso#15161).
* acl_xattr VFS module may unintentionally use filesystem
permissions instead of ACL from xattr; (bso#15126).
* assert failed: !is_named_stream(smb_fname)") at
../../lib/util/fault.c:197; (bso#15161).
* Cross-node multi-channel reconnects result in SMB2 Negotiate
returning NT_STATUS_NOT_SUPPORTED; (bso#15159).
* winbind at info level debug can coredump when processing
wb_lookupusergroups; (bso#15160).
* Make use of glfs_*at() API calls in vfs_glusterfs;
(bso#15157).
* Possible use after free of connection_struct when iterating
smbd_server_connection->connections; (bso#15128).
* `net usershare add` fails with flag works with --long but
fails with -l; (bso#15145).
* acl_xattr VFS module may unintentionally use filesystem
permissions instead of ACL from xattr; (bso#15126).
* Performance regression on contended path based operations;
(bso#15125).
* Missing READ_LEASE break could cause data corruption;
(bso#15148).
* libsamba-errors uses a wrong version number; (bso#15141).
* SMB1 negotiation can fail to handle connection errors;
(bso#15152).
* New filename parser doesn't check veto files smb.conf
parameter; (bso#15143).
* 4.17.rc1 still uses symlink-race prone unix_convert();
(bso#15144).
* Backport fileserver related changed to 4.17.0rc2;
(bso#15146).
* Manpage for smbstatus json is missing; (bso#15147).
* Backport fileserver related changed to 4.17.0rc2;
(bso#15146).
* Performance regression on contended path based operations;
(bso#15125).
* Backport fileserver related changed to 4.17.0rc2;
(bso#15146).
* Fix issues found by coverity in smbstatus json code;
(bso#15140).
* Backport fileserver related changed to 4.17.0rc2;
(bso#15146).
-------------------------------------------------------------------
Thu Sep 1 06:07:15 UTC 2022 - Stefan Schubert <schubi@suse.com>
- Migration to /usr/etc: Saving user changed configuration files
in /etc and restoring them while an RPM update.
-------------------------------------------------------------------
Thu Jul 28 11:56:31 UTC 2022 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.16.4
* CVE-2022-2031: Samba AD users can bypass certain restrictions
associated with changing passwords; (bsc#1201495); (bso#15047);
* CVE-2022-32744: Samba AD users can forge password change
requests for any user; (bsc#1201493); (bso#15074);
* CVE-2022-32745: Samba AD users can crash the server process
with an LDAP add or modify request; (bsc#1201492); (bso#15008);
* CVE-2022-32746: Samba AD users can induce a use-after-free in
the server process with an LDAP add or modify request;
(bsc#1201490); (bso#15009);
* CVE-2022-32742: Server memory information leak via SMB1;
(bsc#1201496); (bso#15085);
-------------------------------------------------------------------
Tue Jul 19 11:25:59 UTC 2022 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.16.3
* Using vfs_streams_xattr and deleting a file causes a panic;
(bso#15099);
* Add support for bind 9.18; (bso#14986);
* logging dsdb audit to specific files does not work;
(bso#15076);
* Problem when winbind renews Kerberos; (bso#14979);
(bsc#1196224);
* Samba with new lorikeet-heimdal fails to build on gcc 12.1 in
developer mode; (bso#15095);
* Crash in streams_xattr because fsp->base_fsp->fsp_name is
NULL; (bso#15105);
* Crash in rpcd_classic - NULL pointer deference in
mangle_is_mangled(); (bso#15118);
* smbclient commands del & deltree fail with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
(bsc#1200556);
* Fix check for chown when processing NFSv4 ACL; (bso#15120);
* The pcap background queue process should not be stopped;
(bso#15082);
* testparm: Fix typo in idmap rangesize check; (bso#15097);
* net ads info returns LDAP server and LDAP server name as
null; (bso#15106);
* ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link;
(bso#15108);
* CTDB child process logging does not work as expected;
(bso#15090);
-------------------------------------------------------------------
Tue Jul 12 10:48:47 UTC 2022 - Samuel Cabrero <scabrero@suse.de>
- Update spec file to fix the optional Heimdal DC build
- Fix external trusts with MIT Kerberos 1.20
- Add missing samba-client requirement to samba-winbind package;
(bsc#1198255);
- Move pdb backends from package samba-libs to package
samba-client-libs and remove samba-libs requirement from
samba-winbind; (bsc#1200964); (bsc#1198255);
- Add sysuser-shadow requirement for packages using
systemd-sysusers
- Use the canonical realm name to refresh the Kerberos tickets;
(bsc#1196224); (bso#14979);
-------------------------------------------------------------------
Tue Jun 21 14:29:52 UTC 2022 - Stefan Schubert <schubi@suse.de>
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
-------------------------------------------------------------------
Mon Jun 13 13:32:24 UTC 2022 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.16.2
* Use pathref fd instead of io fd in vfs_default_durable_cookie;
(bso#15042);
* vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
file had been deleted; (bso#15069);
* Reintroduce netgroups support; (bso#15087);
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted
server; (bso#14674);
* Update from 4.15 to 4.16 breaks discovery of [homes] on
standalone server from Win and IOS; (bso#15062);
* waf produces incorrect names for python extensions with Python
3.11; (bso#15071);
* smbclient -E doesn't work as advertised; (bso#15075);
* The samba background daemon doesn't refresh the printcap cache
on startup; (bso#15081);
* Out-by-4 error in smbd read reply max_send clamp; (bso#14443);
- Fix samba4.blackbox.net_ads_dns_async test with bind9 >= 9.17.7
- Support building with MIT Kerberos 1.20
- Bronze bit and S4U support with MIT Kerberos 1.20 for Samba AD DC;
(CVE-2020-17049);
- Resource Based Constrained Delegation (RBCD) for Samba AD DC
- Support building with gcc 12.1
-------------------------------------------------------------------
Wed May 11 09:30:15 UTC 2022 - Samuel Cabrero <scabrero@suse.de>
- Use requires_eq macro to require the libldb2 version available at
samba-dsdb-modules build time; (bsc#1199362);
-------------------------------------------------------------------
Tue May 3 07:38:02 UTC 2022 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.16.1
* Share and server swapped in smbget password prompt; (bso#14831);
* Durable handles won't reconnect if the leased file is written to;
(bso#15022);
* rmdir silently fails if directory contains unreadable files and
hide unreadable is yes; (bso#15023);
* SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information
on renamed file handle; (bso#15038);
* Need to describe --builtin-libraries= better (compare with
--bundled-libraries); (bso#8731);
* vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback;
(bso#14957);
* shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes;
(bso#15035);
* PAM Kerberos authentication incorrectly fails with a clock skew
error; (bso#15046);
* Username map - samba erroneously applies unix group memberships
to user account entries; (bso#15041);
* KVNO off by 100000; (bso#14951);
* Uninitialized litemask in variable in vfs_gpfs module; (bso#15027);
* vfs_gpfs recalls=no option prevents listing files; (bso#15055);
* smbd doesn't handle UPNs for looking up names; (bso#15054);
-------------------------------------------------------------------
Wed Apr 20 09:00:49 UTC 2022 - Noel Power <nopower@suse.com>
- Update update-apparmor-samba-profile script, replace
non-printable delimiter with more human readable separator as
sed can accept separators that can appear in the input data.
-------------------------------------------------------------------
Wed Apr 13 15:33:22 UTC 2022 - Noel Power <nopower@suse.com>
- Fix update-apparmor-samba-profile script, sed doesn't like
multibyte separators; (bsc#1198309).
-------------------------------------------------------------------
Thu Mar 24 15:00:36 UTC 2022 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.16.0
* New samba-dcerpcd binary to provide DCERPC in the member server
setup
* Certificate Auto Enrollment
* Ability to add ports to dns forwarder addresses in internal DNS
backend
* No longer using Linux mandatory locks for sharemodes
* SMB1 protocol has been deprecated, particularly older dialects
* SMB1 protocol SMBCopy command removed
* SMB1 server-side wildcard expansion removed
- Add python3-dnspython to samba-ad-dc recommens; (bsc#1187101);
- Use systemd-sysusers to create system users; (bsc#1182847);
-------------------------------------------------------------------
Tue Mar 15 17:54:57 UTC 2022 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.15.6
* Renaming file on DFS root fails with
NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169);
* Samba does not response STATUS_INVALID_PARAMETER when opening 2
objects with same lease key; (bso#14737);
* NT error code is not set when overwriting a file during rename
in libsmbclient; (bso#14938);
* Fix ldap simple bind with TLS auditing; (bso#14996);
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted
server; (bso#14674);
* Problem when winbind renews Kerberos; (bso#14979);
(bsc#1196224);
* pam_winbind will not allow gdm login if password about to
expire; (bso#8691);
* virusfilter_vfs_openat: Not scanned: Directory or special file;
(bso#14971);
* DFS fix for AIX broken; (bso#13631);
* Solaris and AIX acl modules: wrong function arguments;
(bso#14974);
* Function aixacl_sys_acl_get_file not declared / coredump;
(bso#7239);
* Regression: Samba 4.15.2 on macOS segfaults intermittently
during strcpy in tdbsam_getsampwnam; (bso#14900);
* Fix a use-after-free in SMB1 server; (bso#14989);
* smb2_signing_decrypt_pdu() may not decrypt with
gnutls_aead_cipher_decrypt() from gnutls before 3.5.2;
(bso#14968);
* Changing the machine password against an RODC likely destroys
the domain join; (bso#14984);
* authsam_make_user_info_dc() steals memory from its struct
ldb_message *msg argument; (bso#14993);
* Use Heimdal 8.0 (pre) rather than an earlier snapshot;
(bso#14995);
* Samba autorid fails to map AD users if id rangesize fits in the
id range only once; (bso#14967);
-------------------------------------------------------------------
Mon Mar 07 16:05:42 UTC 2022 - David Mulder <dmulder@suse.com>
- Fix mismatched version of libldb2; (bsc#1196788).
- Drop obsolete SuSEfirewall2 service files.
-------------------------------------------------------------------
Fri Mar 4 20:25:41 UTC 2022 - David Disseldorp <ddiss@suse.com>
- Drop obsolete Samba fsrvp v0->v1 state upgrade functionality;
(bsc#1080338).
-------------------------------------------------------------------
Wed Feb 23 10:04:15 UTC 2022 - Noel Power <nopower@suse.com>
- Fix ntlm authentications with "winbind use default domain = yes";
(bso#13126); (bsc#1173429); (bsc#1196308).
-------------------------------------------------------------------
Mon Feb 14 18:15:29 UTC 2022 - David Mulder <dmulder@suse.com>
- Fix samba-ad-dc status warning notification message by disabling
systemd notifications in bgqd; (bsc#1195896); (bso#14947).
-------------------------------------------------------------------
Mon Feb 07 20:15:46 UTC 2022 - David Mulder <dmulder@suse.com>
- libldb version mismatch in Samba dsdb component; (bsc#1118508);
-------------------------------------------------------------------
Mon Jan 31 14:23:44 UTC 2022 - Noel Power <nopower@suse.com>
- Update to 4.15.5
* CVE-2021-44141: UNIX extensions in SMB1 disclose whether the
outside target of a symlink exists; (bso#14911);
(bsc#1193690).
* CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit
module; (bso#14914); (bsc#1194859).
* CVE-2022-0336: Re-adding an SPN skips subsequent SPN
conflict checks; bso#14950); (bsc#1195048).
-------------------------------------------------------------------
Wed Jan 26 12:00:35 UTC 2022 - Samuel Cabrero <scabrero@suse.de>
- CVE-2021-44141: Information leak via symlinks of existance of
files or directories outside of the exported share; (bso#14911);
(bsc#1193690);
- CVE-2021-44142: Out-of-bounds heap read/write vulnerability
in VFS module vfs_fruit allows code execution; (bso#14914);
(bsc#1194859);
- CVE-2022-0336: Samba AD users with permission to write to an
account can impersonate arbitrary services; (bso#14950);
(bsc#1195048);
-------------------------------------------------------------------
Fri Jan 21 12:37:42 UTC 2022 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.15.4
* Duplicate SMB file_ids leading to Windows client cache
poisoning; (bso#14928);
* Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error -
NT_STATUS_BUFFER_TOO_SMALL; (bso#14932);
* kill_tcp_connections does not work; (bso#14934);
* Can't connect to Windows shares not requiring authentication
using KDE/Gnome; (bso#14935);
* smbclient -L doesn't set "client max protocol" to NT1 before
calling the "Reconnecting with SMB1 for workgroup listing"
path; (bso#14939);
* Cross device copy of the crossrename module always fails;
(bso#14940);
* symlinkat function from VFS cap module always fails with an
error; (bso#14941);
* Fix possible fsp pointer deference; (bso#14942);
* Missing pop_sec_ctx() in error path inside close_directory();
(bso#14944);
* "smbd --build-options" no longer works without an smb.conf file;
(bso#14945);
-------------------------------------------------------------------
Tue Jan 18 09:14:20 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>
- Use pkgconfig(krb5) as dependency for the -devel package: allow
OBS to pick the right flavor of krb5-devel (full vs mini).
- Do not require the 'krb5' symbol by samba-client-libs: this
package has an automatic dependency due to linkage on
libgssapi_krb5.so.2. Automatic deps are always better.
- Do not require the 'krb5' symbol from samba-libs: samba-libs
requires samba-client-libs, which in turn requires krb5
libraries. Samba-libs itself has no need for krb5 (but get it
indirectly anyway).
-------------------------------------------------------------------
Thu Jan 13 19:39:42 UTC 2022 - Samuel Cabrero <scabrero@suse.de>
- Reorganize libs packages. Split samba-libs into samba-client-libs,
samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba
public libraries depending on internal samba libraries into these
packages as there were dependency problems everytime one of these
public libraries changed its version (bsc#1192684). The devel
packages are merged into samba-devel.
- Rename package samba-core-devel to samba-devel
- Add python-rpm-macros to build requirements
- Update the symlink create by samba-dsdb-modules to private samba
ldb modules following libldb2 changes from /usr/lib64/ldb/samba to
/usr/lib64/ldb2/modules/ldb/samba
-------------------------------------------------------------------
Fri Dec 10 17:13:28 UTC 2021 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.15.3
* Recursive directory delete with veto files is broken in 4.15.0;
(bso#14878);
* A directory containing dangling symlinks cannot be deleted by
SMB2 alone when they are the only entry in the directory;
(bso#14879);
* SIGSEGV in rmdir_internals/synthetic_pathref - dirfsp is used
uninitialized in rmdir_internals(); (bso#14892);
* MaxQueryDuration not honoured in Samba AD DC LDAP; (bso#14694);
* The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token; (bso#14901); (bsc#1192849);
* User with multiple spaces (eg Fred<space><space>Nurk) become
un-deletable; (bso#14902);
* Avoid storing NTTIME_THAW (-2) as value on disk; (bso#14127);
* smbXsrv_client_global record validation leads to crash if existing
record points at non-existing process; (bso#14882);
* Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call;
(bso#14890);
* Samba process doesn't log to logfile; (bso#14897);
* set_ea_dos_attribute() fallback calling get_file_handle_for_metadata()
triggers locking.tdb assert; (bso#14907);
* Kerberos authentication on standalone server in MIT realm broken;
(bso#14922);
* Segmentation fault when joining the domain; (bso#14923);
* Support for ROLE_IPA_DC is incomplete; (bso#14903);
* rpcclient cannot connect to ncacn_ip_tcp services anymore;
(bso#14767);
* winexe crashes since 4.15.0 after popt parsing; (bso#14893);
* net ads status -P broken in a clustered environment; (bso#14908);
* Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before
smbd_smb2_ioctl_send; (bso#14788);
* winbindd doesn't start when "allow trusted domains" is off;
(bso#14899);
* smbclient login without password using '-N' fails with
NT_STATUS_INVALID_PARAMETER on Samba AD DC; (bso#14883);
* A schannel client incorrectly detects a downgrade connecting to
an AES only server; (bso#14912);
* Possible null pointer dereference in winbind; (bso#14921);
* Fix -k legacy option for client tools like smbclient, rpcclient,
net, etc.; (bso#14846);
* Add Debian 11 CI bootstrap support; (bso#14872);
* Crash in recycle_unlink_internal(); (bso#14888);
-------------------------------------------------------------------
Thu Nov 18 17:18:40 UTC 2021 - Samuel Cabrero <scabrero@suse.de>
- Fix dependency problem upgrading from libndr0 to libndr2 and
from libsamba-credentials0 to libsamba-credentials1;
(bsc#1192684);
-------------------------------------------------------------------
Wed Nov 10 10:26:01 UTC 2021 - Samuel Cabrero <scabrero@suse.de>
- Fix regression introduced by CVE-2020-25717 patches, winbindd
does not start when 'allow trusted domains' is off; (bso#14899);
- Update to 4.15.2
* CVE-2016-2124: SMB1 client connections can be downgraded to
plaintext authentication; (bso#12444); (bsc#1014440);
* CVE-2020-25717: A user on the domain can become root on domain
members; (bso#14556); (bsc#1192284);
* CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos
tickets issued by an RODC; (bso#14558); (bsc#1192246);
* CVE-2020-25719: Samba AD DC did not always rely on the SID and
PAC in Kerberos tickets; (bso#14561); (bsc#1192247);
* CVE-2020-25721: Kerberos acceptors need easy access to stable
AD identifiers (eg objectSid); (bso#14557); (bsc#1192505);
* CVE-2020-25722: Samba AD DC did not do suffienct access and
conformance checking of data stored; (bso#14564);
(bsc#1192283);
* CVE-2021-3738: Use after free in Samba AD DC RPC server;
(bso#14468); (bsc#1192215);
* CVE-2021-23192: Subsequent DCE/RPC fragment injection
vulnerability; (bso#14875); (bsc#1192214);
- Update to 4.15.1
* vfs_shadow_copy2: core dump in make_relative_path; (bso#14682);
* Log clutter from filename_convert_internal; (bso#14685);
* MacOSX compilation fixes; (bso#14862);
* rodc_rwdc test flaps; (bso#14868);
* Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
bit' S4U2Proxy Constrained Delegation bypass in Samba with
embedded Heimdal; (bso#14642);
* Python ldb.msg_diff() memory handling failure; (bso#14836);
* "in" operator on ldb.Message is case sensitive; (bso#14845);
* Release LDB 2.4.1 for Samba 4.15.1; (bso#14848);
* samldb_krbtgtnumber_available() looks for incorrect string;
(bso#14854);
* Fix Samba support for UF_NO_AUTH_DATA_REQUIRED; (bso#14871);
* Allow special chars like "@" in samAccountName when generating
the salt; (bso#14874);
* Correctly ignore comments in CTDB public addresses file;
(bso#14826);
* Fix transit path validation; (bso#12998);
* Fix that child winbindd logs to log.winbindd instead of
log.wb-<DOMAIN>; (bso#14852);
* SMB3 cancel requests should only include the MID together with
AsyncID when AES-128-GMAC is used; (bso#14855);
* Prepare to operate with MIT krb5 >= 1.20; (bso#14870);
* Heimdal prefers RC4 over AES for machine accounts; (bso#14864);
-------------------------------------------------------------------
Wed Oct 13 17:07:47 UTC 2021 - David Mulder <dmulder@suse.com>
- Enable samba-tool without ad dc.
-------------------------------------------------------------------
Thu Sep 30 15:57:14 UTC 2021 - Noel Power <nopower@suse.com>
- Adjust spec to use pam macros; (bsc#1191046).
-------------------------------------------------------------------
Wed Sep 29 08:58:28 UTC 2021 - Noel Power <nopower@suse.com>
- Adjust spec for size
* allow some Recommends instead Requires to be configured
for cifs-utils, samba-libs-python3 & samba-gpupdate;
(bsc#1182847).
* remove fam, undocumented and unneeded.
-------------------------------------------------------------------
Thu Sep 23 11:41:44 UTC 2021 - Samuel Cabrero <scabrero@suse.de>
- Add missing build dependency on bison when building with the
embedded Heimdal Kerberos
-------------------------------------------------------------------
Mon Sep 20 14:25:41 UTC 2021 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.15.0
* Removed SMB development dialects SMB2_22, SMB2_24 and SMB3_10
* VFS layer modernized.
* Add the ability to set allow/deny lists for zone transfer clients
in Bind DLZ plugin
* Server multi-channel support no longer experimental
* Improved command line user experience, unifying the options in
different commands
* Winbindd no longer scans trusted domains on startup and will use
enterprise principals by default.
* The net utility is now able to support the offline domain join feature
* New options for 'samba-tool dns zoneoptions' for aging control
and to mark old records as static or dynamic
* DNS tombstones are now deleted as appropriate and use a consistent
timestamp format
* The 'samba-tool dns update' command validates and rejects now malformed
IPv4 and IPv6 addresses
* The 'samba-tool domain backup' command correctly takes out locks
against concurrent modification during backup when using the LMDB
backend
* TruACL support has been removed
* NIS support has been removed
-------------------------------------------------------------------
Thu Sep 16 07:55:35 UTC 2021 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.14.7
* smbd panic on force-close share during offload write; (bso#14769);
* smbd should support copy_file_range() for FSCTL_SRV_COPYCHUNK;
(bso#12033);
* Fix returned attributes on fake quota file handle and avoid hitting
the VFS; (bso#14731);
* vfs_shadow_copy2 fix inodes not correctly updating inode numbers;
(bso#14756);
* Fix build on Solaris; (bso#14774);
* Make dos attributes available for unreadable files; (bso#14654);
* Work around special SMB2 READ response behavior of NetApp Ontap
7.3.7; (bso#14607);
* Start the SMB encryption as soon as possible; (bso#14793);
-------------------------------------------------------------------
Tue Aug 17 16:30:25 UTC 2021 - David Mulder <dmulder@suse.com>
- Add Certificate Auto Enrollment Policy; (jsc#SLE-18457).
-------------------------------------------------------------------
Fri Jul 23 16:05:05 UTC 2021 - David Mulder <dmulder@suse.com>
- Update to 4.14.6
* s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722).
* smbd: Fix pathref unlinking in create_file_unixpath(); (bso#14732).
* s3: VFS: default: Add proc_fd's fallback for vfswrap_fchown(); (bso#14734).
* s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in
change_file_owner_to_parent() error path; (bso#14736).
* NT_STATUS_FILE_IS_A_DIRECTORY error messages when using
glusterfs VFS module; (bso#14730).
* s3/modules: fchmod: Fallback to path based chmod if pathref; (bso#14734).
* Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740).
* gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750).
* smbXsrv_{open,session,tcon}: protect
smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records;
(bso#14752).
* samba-tool domain backup offline doesn't work against bind DLZ
backend; (bso#14027).
* netcmd: Use next_free_rid() function to calculate a SID for
restoring a backup; (bso#14669).
-------------------------------------------------------------------
Tue Jun 1 08:38:12 UTC 2021 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.14.5
* s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success;
(bso#14696);
* s3: smbd: Ensure POSIX default ACL is mapped into returned Windows
ACL for directory handles; (bso#14708);
* s3: smbd: Fix uninitialized memory read in process_symlink_open()
when used with vfs_shadow_copy2(); (bso#14721);
* docs: Expand the "log level" docs on audit logging; (bso#14689);
* smbd: Correctly initialize close timestamp fields; (bso#14714);
* Fix gcc11 compiler issues; (bso#14699);
* docs-xml: Update smbcacls manpage; (bso#14718);
* docs: Update list of available commands in rpcclient; (bso#14719);
* ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475);
* s3:winbind: For 'security = ADS' require realm/workgroup to be set;
(bso#14695);
* lib:replace: Do not build strndup test with gcc 11 or newer;
(bso#14699);
-------------------------------------------------------------------
Thu Apr 29 08:34:02 UTC 2021 - Noel Power <nopower@suse.com>
- Update to 4.14.4
* CVE-2021-20254: Fix buffer overrun in sids_to_unixids();
(bso#14571); (bsc#1184677).
- Update to 4.14.3
* s3:modules:vfs_virusfilter: Recent New_VFS changes break
vfs_virusfilter_openat; (bso#14671).
* build: Notice if flex is missing at configure time; (bso#14586).
* Fix smbd panic when two clients open same file; (bso#14672).
* Fix memory leak in the RPC server; (bso#14675).
* s3: smbd: fix deferred renames; (bso#14679).
* s3-iremotewinspool: Set the per-request memory context;
(bso#14675)
* Fix memory leak in the RPC server; (bso#14675).
* third_party: Update socket_wrapper to version 1.3.2;
(bso#11899).
* third_party: Update socket_wrapper to version 1.3.3;
(bso#14640).
* samba-gpupdate: Test that sysvol paths download in
case-insensitive way; (bso#14665).
* smbd: Ensure errno is preserved across fsp destructor;
(bso#14662).
* idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
conflict; (bso#14663).
* build: Only add -Wl,--as-needed when supported; (bso#14288).
-------------------------------------------------------------------
Wed Mar 31 14:59:15 UTC 2021 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.14.2
* Release with dependency on ldb version 2.3.0.
- Update to 4.14.1
* CVE-2021-20277: Fix out of bounds read in ldb_handler_fold; (bso#14655);
* CVE-2020-27840: Fix unauthenticated remote heap corruption via bad DNs;
(bso#14595);
- Update to 4.14.0
* VFS layer modernized.
* Printers publishing in AD improved.
* Client group policies support for sudoers configuration and
cron jobs.
* Improved consistency of samba-tool subcommands.
* CTDB now uses the terms leader and follower instead of master and
slave. Configuration options have changed accordingly.
* The ctdb isnotrecmaster command is removed.
* For details on all items see WHATSNEW.txt in samba-doc package.
-------------------------------------------------------------------
Mon Mar 1 12:09:56 UTC 2021 - Samuel Cabrero <scabrero@suse.de>
- Spec file fixes around systemd and requires; (bsc#1182830);
- Align systemd service unit files with upstream provided ones.
-------------------------------------------------------------------
Tue Jan 26 15:15:08 UTC 2021 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.13.4
* Work around special SMB2 IOCTL response behavior of NetApp Ontap
7.3.7; (bso#14607);
* Temporary DFS share setup doesn't set case parameters in the same
way as a regular share definition does; (bso#14612);
* lib: Avoid declaring zero-length VLAs in various messaging functions;
(bso#14605);
* Do not create an empty DB when accessing a sam.ldb; (bso#14579);
* vfs_fruit may close wrong backend fd; (bso#14596);
* Temporary DFS share setup doesn't set case parameters in the same way
as a regular share definition does; (bso#14612);
* vfs_virusfilter: Allocate separate memory for config char*; (bso#14606);
* vfs_fruit may close wrong backend fd; (bso#14596);
* Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7;
(bso#14607);
* The cache directory for the user gencache should be created recursively;
(bso#14601);
* Be more flexible with repository names in CentOS 8 test environments;
(bso#14594);
-------------------------------------------------------------------
Mon Dec 28 09:41:57 UTC 2020 - Samuel Cabrero <scabrero@suse.de>
- Uninstalling samba-client: Failed to disable unit, cifs.service
does not exists; (bsc#1180388);
-------------------------------------------------------------------
Wed Dec 16 11:30:25 UTC 2020 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.13.3
+ libcli: smb2: Never print length if smb2_signing_key_valid() fails for
crypto blob; (bso#14210);
+ s3: modules: gluster. Fix the error I made in preventing talloc leaks
from a function; (bso#14486);
+ s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL
via TALLOC_FREE(); (bso#14515);
+ s3: spoolss: Make parameters in call to user_ok_token() match all other
uses; (bso#14568);
+ s3: smbd: Quiet log messages from usershares for an unknown share;
(bso#14590);
+ samba process does not honor max log size; (bso#14248);
+ vfs_zfsacl: Add missing inherited flag on hidden "magic" everyone@ ACE;
(bso#14587);
+ s3-libads: Pass timeout to open_socket_out in ms; (bso#13124);
+ s3-vfs_glusterfs: Always disable write-behind translator; (bso#14486);
+ smbclient: Fix recursive mget; (bso#14517);
+ clitar: Use do_list()'s recursion in clitar.c; (bso#14581);
+ manpages/vfs_glusterfs: Mention silent skipping of write-behind
translator; (bso#14486);
+ vfs_shadow_copy2: Preserve all open flags assuming ROFS; (bso#14573);
+ interface: Fix if_index is not parsed correctly; (bso#14514);
-------------------------------------------------------------------
Mon Nov 16 09:30:52 UTC 2020 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.13.2
+ s3: modules: vfs_glusterfs: Fix leak of char **lines onto
mem_ctx on return; (bso#14486);
+ RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special;
(bso#14471);
+ smb.conf.5: Add clarification how configuration changes reflected
by Samba; (bso#14538);
+ daemons: Report status to systemd even when running in foreground;
(bso#14552);
+ DNS Resolver: Support both dnspython before and after 2.0.0;
(bso#14553);
+ s3-vfs_glusterfs: Refuse connection when write-behind xlator is
present; (bso#14486);
+ provision: Add support for BIND 9.16.x; (bso#14487);
+ ctdb-common: Avoid aliasing errors during code optimization;
(bso#14537);
+ libndr: Avoid assigning duplicate versions to symbols; (bso#14541);
+ docs: Fix default value of spoolss:architecture; (bso#14522);
+ winbind: Fix a memleak; (bso#14388);
+ s4:dsdb:acl_read: Implement "List Object" mode feature; (bso#14531);
+ docs-xml/manpages: Add warning about write-behind translator for
vfs_glusterfs; (bso#14486);
+ nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h.
+ vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530);
+ third_party: Update resolv_wrapper to version 1.1.7; (bso#14547);
+ examples:auth: Do not install example plugin; (bso#14550);
+ ctdb-recoverd: Drop unnecessary and broken code; (bso#14513);
+ RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special;
(bso#14471);
-------------------------------------------------------------------
Thu Nov 5 12:23:49 UTC 2020 - Noel Power <nopower@suse.com>
- Adjust smbcacls '--propagate-inheritance' feature to align with
upstream; (bsc#1178469).
-------------------------------------------------------------------
Tue Oct 6 16:52:00 UTC 2020 - Samuel Cabrero <scabrero@suse.de>
- Update to samba 4.13.1
+ CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with
easily crafted records; (bsc#1177613); (bso#14472);
+ CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994);
(bso#14436);
+ CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify;
(bsc#1173902); (bso#14434);
- Adjust systemd tmpfiles.d configuration, use /run/samba instead of
/var/run/samba; (bsc#1177355);
-------------------------------------------------------------------
Mon Oct 5 12:44:53 UTC 2020 - David Disseldorp <ddiss@suse.com>
- Fix vfs_ceph query_directory regression; (bso#14519)
- Drop liburing-devel for SLE15-SP2; (bsc#1177245)
-------------------------------------------------------------------
Thu Sep 24 16:01:26 UTC 2020 - David Disseldorp <ddiss@suse.com>
- Register CTDB recovery lock holder with ceph-mgr
- Add liburing-devel dependency
-------------------------------------------------------------------
Tue Sep 22 16:20:33 UTC 2020 - David Disseldorp <ddiss@suse.com>
- Update to samba 4.13.0
+ Require Python 3.6
+ Move wide links functionality into VFS module
+ Deprecate NT4-like 'classic' Samba domain controllers
+ Deprecate SMBv1 only protocol options
+ Remove deprecated "ldap ssl ads" option
+ Unify asynchronous DCE-RPC server; (jsc#SES-645)
+ Replay multichannel lease break requests; (bso#11897); (jsc#SES-655)
+ Drop internal byteorder.h header from util-devel package
+ Remove final code for the AD DC LDAP backend
+ Add AD DC Group Policy Scripts
+ Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14; (bso#14399)
+ Fix %U substitutions if it contains a domain name; (bso#14467)
+ Fix krb5.conf creation for 'net ads join'; (bso#14479)
+ Fix build problem if libbsd-dev is not installed; (bso#14482)
+ Toggle vfs_snapper using "--with-shared-modules"; (bso#14437)
+ Fix idmap_ad RFC4511 response handling; (bso#14465)
+ Fix panic in get_lease_type(); (bso#14428)
-------------------------------------------------------------------
Fri Sep 18 13:24:12 UTC 2020 - Samuel Cabrero <scabrero@suse.de>
- Update to samba 4.12.7
+ CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect
netr_ServerPasswordSet2 against unencrypted passwords; (bsc#1176579);
(bso#14497);
+ CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support
"server require schannel:WORKSTATION$ = no" about unsecure configurations;
(bsc#1176579); (bso#14497);
+ CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client
challenge; (bsc#1176579); (bso#14497);
+ CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in
netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no";
(bsc#1176579); (bso#14497);
- Update to samba 4.12.6
+ s3: libsmb: Fix SMB2 client rename bug to a Windows server;
(bso#14403).
+ dsdb: Allow "password hash userPassword schemes = CryptSHA256"
to work on RHEL7; (bso#14424).
+ dbcheck: Allow a dangling forward link outside our known NCs;
(bso#14450).
+ lib/debug: Set the correct default backend loglevel to
MAX_DEBUG_LEVEL; (bso#14426).
+ PANIC: Assert failed in get_lease_type(); (bso#14428).
+ util: Fix build on AIX by fixing the order of replace.h include;
(bso#14422).
+ srvsvc_NetFileEnum asserts with open files; (bso#14355).
+ KDC breaks with DES keys still in the database and
msDS-SupportedEncryptionTypes 31 indicating support for it;
(bso#14354).
+ s3:smbd: Make sure vfs_ChDir() always sets
conn->cwd_fsp->fh->fd = AT_FDCWD; (bso#14427).
+ PANIC: Assert failed in get_lease_type(); (bso#14428).
+ docs: Fix documentation for require_membership_of of
pam_winbind.conf; (bso#14358).
+ ctdb-scripts: Use nfsconf utility for variable values in CTDB
NFS scripts; (bso#14444).
+ s3:winbind:idmap_ad: Make failure to get attrnames for schema
mode fatal; (bso#14425).
-------------------------------------------------------------------
Tue Jul 28 13:25:09 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Don't install SuSEfirewall2 services, we don't have that package
anymore
-------------------------------------------------------------------
Thu Jul 2 15:18:42 UTC 2020 - Noel Power <nopower@suse.com>
- Update to samba 4.12.5
+ Fix smbd panic on force-close share during async
io; (bso#14301).
+ Fix segfault when using SMBC_opendir_ctx() routine for
share folder that contains incorrect symbols in any
file name; (bso#14374)
+ Fix DFS links; (bso#14391).
+ Can't use DNS functionality after a Windows DC has been
in domain; (bso#14310).
+ ldapi search to FreeIPA crashes; (bso#14413).
+ Add net-ads-join dnshostname=fqdn option; (bso#14396)
+ Fix adding msDS-AdditionalDnsHostName to keytab with
Windows DC; (bso#14406).
+ docs-xml: Update list of posible VFS operations for
vfs_full_audit; (bso#14386).
+ winbindd: Fix a use-after-free when winbind clients exit;
(bso#14382).
+ Client tools are not able to read gencache anymore;
(bso#14370).
-------------------------------------------------------------------
Thu Jul 2 11:56:15 UTC 2020 - Noel Power <nopower@suse.com>
- Update to samba 4.12.4
+ CVE-2020-10730: NULL de-reference in AD DC LDAP server when
ASQ and VLV combined; (bso#14364); (bsc#1173159)
+ CVE-2020-10745: invalid DNS or NBT queries containing dots use
several seconds of CPU each; (bso#14378); (bsc#1173160).
+ CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP
server with paged_result or VLV; (bso#14402); (bsc#1173161)
+ CVE-2020-14303: Endless loop from empty UDP packet sent to
AD DC nbt_server; (bso#14417); (bsc#1173359).
-------------------------------------------------------------------
Sat May 30 15:42:34 UTC 2020 - Marcus Meissner <meissner@suse.com>
- add libnetapi-devel to baselibs conf, for wine usage (bsc#1172307)
-------------------------------------------------------------------
Thu May 28 10:56:26 UTC 2020 - Samuel Cabrero <scabrero@suse.de>
- Add system-user-nobody to samba package requirements
-------------------------------------------------------------------
Wed May 20 15:56:03 UTC 2020 - Samuel Cabrero <scabrero@suse.de>
- Update to samba 4.12.3
+ Fix smbd panic on force-close share during async io; (bso#14301);
+ s3: vfs_full_audit: Add missing fcntl entry in vfs_op_names[] array;
(bso#14343);
+ vfs_io_uring: Fix data corruption with Windows clients; (bso#14361);
+ Fix smbd crashes when MacOS Catalina connects if iconv initialization
fails; (bso#14372);
+ Exporting from macOS Adobe Illustrator creates multiple copies;
(bso#14150);
+ smbd does a chdir() twice per request; (bso#14256);
+ smbd mistakenly updates a file's write-time on close; (bso#14320);
+ vfs_shadow_copy2: implement case canonicalisation in
shadow_copy2_get_real_filename(); (bso#14350);
+ Fix Windows 7 clients problem after upgrading samba file server;
(bso#14375);
+ s3: Pass DCE RPC handle type to create_policy_hnd; (bso#14359);
+ Fix uxsuccess test with new MIT krb5 library 1.18; (bso#14155);
+ mit-kdc: Explicitly reject S4U requests; (bso#14342);
+ dbwrap_watch: Set rec->value_valid while returning nested
share_mode_do_locked(); (bso#14352);
+ lib:util: Fix smbclient -l basename dir; (bso#14345);
+ s3:libads: Fix ads_get_upn(); (bso#14336);
+ ctdb: Fix a memleak; (bso#14348);
+ Malicous SMB1 server can crash libsmbclient; (bso#14366);
+ ldb: Bump version to 2.1.3, LMDB databases can grow without bounds;
(bso#14330);
+ vfs_io_uring: Fix data corruption with Windows clients; (bso#14361);
+ s3/librpc/crypto: Fix double free with unresolved credential cache;
(bso#14344);
+ docs-xml: Fix usernames in pam_winbind manpages; (bso#14358);
-------------------------------------------------------------------
Mon May 11 14:53:16 UTC 2020 - David Mulder <dmulder@dmulder.com>
- Installing: samba - samba-ad-dc.service does not exist and unit
not found; (bsc#1171437);
-------------------------------------------------------------------
Mon May 4 10:33:43 UTC 2020 - Samuel Cabrero <scabrero@suse.de>
- libsmb: Don't try to find posix stat info in SMBC_getatr();
(bso#14101); (bsc#1169242);
-------------------------------------------------------------------
Wed Apr 29 15:48:50 UTC 2020 - Noel Power <nopower@suse.com>
- Move libdcerpc-server-core.so to samba-libs package, this was
initially erroneously located in samba-ad-dc.
-------------------------------------------------------------------
Tue Apr 28 11:44:07 UTC 2020 - Noel Power <nopower@suse.com>
- Update to samba 4.12.2
+ CVE-2020-10700: A client combining the 'ASQ' and
'Paged Results' LDAP controls can cause a use-after-free
in Samba's AD DC LDAP server;(bso#14331); (bsc#1169850)
+ CVE-2020-10704: A deeply nested filter in an un-authenticated
LDAP search can exhaust the LDAP server's stack memory causing
a SIGSEGV; (bso#14334); (bsc#1169851).
-------------------------------------------------------------------
Mon Apr 13 09:07:02 UTC 2020 - Samuel Cabrero <scabrero@suse.de>
- Update to samba 4.12.1
+ nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14295);
+ samba-tool group: Handle group names with special chars correctly;
(bso#14296);
+ Add missing check for DMAPI offline status in async DOS attributes;
(bso#14293);
+ Starting ctdb node that was powered off hard before results in recovery
loop; (bso#14295);
+ smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs;
(bso#14307);
+ vfs_recycle: Prevent flooding the log if we're called on non-existant
paths; (bso#14316);
+ librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313);
+ nsswitch: Fix use-after-free causing segfault in _pam_delete_cred;
(bso#14327);
+ fruit:time machine max size is broken on arm; (bso#13622);
+ CTDB recovery corner cases can cause record resurrection and node
banning; (bso#14294);
+ s3/utils: Fix double free error with smbtree; (bso#14332);
+ CTDB recovery corner cases can cause record resurrection and node
banning; (bso#14294);
+ Starting ctdb node that was powered off hard before results in recovery
loop; (bso#14295);
+ CTDB recovery daemon can crash due to dereference of NULL pointer;
(bso#14324);
-------------------------------------------------------------------
Wed Mar 25 12:52:55 UTC 2020 - Noel Power <nopower@suse.com>
- s3: libsmbclient.h: add missing time.h include to fix
ffmpeg build and make it compatible with -std=c99.
-------------------------------------------------------------------
Mon Mar 16 10:40:16 UTC 2020 - Noel Power <nopower@suse.com>
- ndrdump tests: Make the tests less fragile
- python/samba/gp_parse: Fix test errors with python3.8
-------------------------------------------------------------------
Fri Mar 13 14:19:30 UTC 2020 - Noel Power <nopower@suse.com>
- Starting ctdb node that was powered off hard before results
in recovery loop; (bso#14295); (bsc#1162680).
-------------------------------------------------------------------
Fri Mar 6 15:38:01 UTC 2020 - Noel Power <nopower@suse.com>
- Update to samba 4.12.0
+ For details on all items see WHATSNEW.txt in samba-doc
package.
+ Samba 4.12 raises this minimum version to Python
3.5.
+ Samba now requires GnuTLS 3.4.7 to be installed.
+ New Spotlight backend for Elasticsearch.
+ Retiring DES encryption types in Kerberos. With this release,
support for DES encryption types has been removed from
Samba, and setting DES_ONLY flag for an account will cause
Kerberos authentication to fail for that account (see
RFC-6649).
+ Samba-DC: DES keys no longer saved in DB.
+ The netatalk VFS module has been removed.
+ The BIND9_FLATFILE DNS backend is deprecated in this release
and will be removed in the future.
+ CTDB changes
+ The ctdb_mutex_fcntl_helper periodically re-checks the
lock file.
+ Bugs
+ Retire DES encryption types in Kerberos; (bso#14202);
bsc#(1165574).
+ dsdb: Correctly handle memory in objectclass_attrs;
(bso#14258).
+ s3: DFS: Don't allow link deletion on a read-only share;
(bso#14269).
+ pidl/wscript: configure should insist on Parse::Yapp::Driver;
(bso#14284).
+ smbd fails to handle EINTR from open(2) properly;
(bso#14285).
+ ldb: version 2.1.1; (bso#14270)).
+ vfs: Set getting and setting of MS-DFS redirects on the
filesystem to go through two new VFS functions
SMB_VFS_CREATE_DFS_PATHAT() and
SMB_VFS_READ_DFS_PATHAT(); (bso#14282).
+ bootstrap: Remove un-used dependency python3-crypto;
(bso#14255)
+ Fix CID 1458418 and 1458420; (bso#14247).
+ lib: Fix a shutdown crash with "clustering = yes";
(bso#14281).
+ Winbind member (source3) fails local SAM auth with empty
domain name; (bso#14247).
+ winbindd: Handle missing idmap in getgrgid(); (bso#14265).
+ Don't use forward declaration for GnuTLS typedefs; (bso#14271).
+ Add io_uring vfs module; (bso#14280).
+ libcli:smb: Improve check for
gnutls_aead_cipher_(en|de)cryptv2; (bso#14250).
+ s3: lib: nmblib. Clean up and harden nmb packet processing;
(bso#14239);
+ lib:util: Log mkdir error on correct debug levels; (bso#14253).
-------------------------------------------------------------------
Sun Feb 2 20:42:05 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Remove unused pwdutils buildrequires
-------------------------------------------------------------------
Thu Jan 30 09:04:04 UTC 2020 - Samuel Cabrero <scabrero@suse.de>
- Update to samba 4.11.6
+ pygpo: Use correct method flags; (bso#14209);
+ Avoiding bad call flags with python 3.8, using METH_NOARGS
instead of zero; (bso#14209);
+ source4/utils/oLschema2ldif: Include stdint.h before cmocka.h;
(bso#14218);
+ docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc;
(bso#14122);
+ smbd: Fix the build with clang; (bso#14251);
+ upgradedns: Ensure lmdb lock files linked; (bso#14199);
+ s3: VFS: glusterfs: Reset nlinks for symlink entries during
readdir; (bso#14182);
+ smbc_stat() doesn't return the correct st_mode and also the
uid/gid is not filled (SMBv1) file; (bso#14101);
+ librpc: Fix string length checking in ndr_pull_charset_to_null();
(bso#14219);
+ ctdb-scripts: Strip square brackets when gathering connection info;
(bso#14227);
-------------------------------------------------------------------
Tue Jan 21 16:55:36 UTC 2020 - Samuel Cabrero <scabrero@suse.de>
- Fix nmbstatus not reporting detailed information about workgroups;
(bsc#1159464);
- Fix querying all names registered within broadcast area; (bso#8927);
-------------------------------------------------------------------
Tue Jan 21 16:31:07 UTC 2020 - Noel Power <nopower@suse.com>
- Update to samab 4.11.5
+ CVE-2019-14902: Replication of ACLs down subtree on
AD Directory is not automatic; (bso#12497); (bsc#1160850).
+ CVE-2019-19344: Fix server crash with
dns zone scavenging = yes; (bso#14050); (bsc#1160852).
+ CVE-2019-14907: server-side crash after charset conversion
failure (eg during NTLMSSP processing); (bso#14208);
(bsc#1160888).
- Update to samba 4.11.4
+ Ensure SMB1 cli_qpathinfo2() doesn't return an inode number;
(bso#14161).
+ Ensure we don't call cli_RNetShareEnum() on an SMB1
connection; (bso#14174).
+ NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in
SMBC_opendir_ctx; (bso#14176).
+ SMB2 - Ensure we use the correct session_id if encrypting
an interim response; (bso#14189).
+ Prevent smbd crash after invalid SMB1 negprot; (bso#14205).
+ printing: Fix %J substition; (bso#13745).
+ Remove now unneeded call to cmdline_messaging_context();
(bso#13925).
+ Fix incomplete conversion of former parametric options;
(bso#14069).
+ Fix sync dosmode fallback in async dosmode codepath;
(bso#14070).
+ vfs_fruit returns capped resource fork length; (bso#14171).
+ libnet_join: Add SPNs for additional-dns-hostnames entries;
(bso#14116).
+ smbd: Increase a debug level; (bso#14211).
+ Prevent azure ad connect from reporting discovery errors
reference-value-not-ldap-conformant; (bso#14153).
+ krb5_plugin: Fix developer build with newer heimdal system
library; (bso#14179).
+ replace: Only link libnsl and libsocket if required;
(bso#14168);
+ ctdb: Incoming queue can be orphaned causing communication;
breakdown; (bso#14175).
+ ldb: Release ldb 2.0.8. Cross-compile will not take
cross-answers or cross-execute; (bso#13846).
+ heimdal-build: Avoid hard-coded /usr/include/heimdal in
asn1_compile-generated code; (bso#13856).
-------------------------------------------------------------------
Fri Dec 20 17:59:01 UTC 2019 - David Disseldorp <ddiss@suse.com>
- Fix Ceph snapshot root relative path handling; (bso#14216); (bsc#1141320).
-------------------------------------------------------------------
Tue Dec 10 09:57:23 UTC 2019 - Noel Power <nopower@suse.com>
- Update to samba 4.11.3
+ CVE-2019-14861: DNSServer RPC server crash, an authenticated user
can crash the DCE/RPC DNS management server by creating records
with matching the zone name; (bso#14138); (bsc#1158108).
+ CVE-2019-14870: DelegationNotAllowed not being enforced, the
DelegationNotAllowed Kerberos feature restriction was not being
applied when processing protocol transition requests (S4U2Self),
in the AD DC KDC; (bso#14187); (bsc#1158109).
-------------------------------------------------------------------
Tue Oct 29 17:22:30 UTC 2019 - Jim McDonough <jmcdonough@suse.com>
- Update to samba 4.11.2
+ CVE-2019-10218: Client code can return filenames containing
path separators; (bsc#1144902); (bso#14071).
+ CVE-2019-14833: Samba AD DC check password script does not
receive the full password; (bso#12438).
+ CVE-2019-14847: User with "get changes" permission can crash
AD DC LDAP server via dirsync; (bso#14040).
- Fixes from 4.11.1
+ Overlinking libreplace against librt and pthread against every
binary or library causes issues; (bso#14140);
+ kpasswd fails when built with MIT Kerberos; (bso#14155);
+ Fix spnego fallback from kerberos to ntlmssp in smbd server;
(bso#14106);
+ Stale file handle error when using mkstemp on a share; (bso#14137);
+ non-AES schannel broken; (bso#14134);
+ Joining Active Directory should not use SAMR to set the password;
(bso#13884);
+ smbclient can blunder into the SMB1 specific cli_RNetShareEnum()
call on an SMB2 connection; (bso#14152);
+ Deleted records can be resurrected during recovery; (bso#14147);
+ getpwnam and getpwuid need to return data for ID_TYPE_BOTH group;
(bso#14141);
+ winbind does not list forest trusts with additional trust
attributes; (bso#14130);
+ fault report points to outdated documentation; (bso#14139);
+ pam_winbind with krb5_auth or wbinfo -K doesn't work for users of
trusted domains/forests; (bso#14124);
+ classicupgrade results in uncaught exception - a bytes-like object
is required, not 'str'; (bso#14136);
+ pod2man is not longer required, stop checking at build time;
(bso#14131);
+ Exit code of ctdb nodestatus should not be influenced by deleted
nodes; (bso#14129);
+ username/password authentication doesn't work with CUPS and
smbspool; (bso#14128);
+ smbc_readdirplus() is incompatible with smbc_telldir() and
smbc_lseekdir(); (bso#14094);
-------------------------------------------------------------------
Sat Oct 5 14:20:06 UTC 2019 - James McDonough <jmcdonough@suse.com>
- Update to samba 4.11.0
+ For details on all items see WHATSNEW.txt in samba-doc
package
+ Python2 runtime support removed; python 3.4 or later required
+ Security improvements:
- SMB1 disabled by default
- lanman and plaintext authentication deprecated
- winbind: PAM_AUTH and NTLM_AUTH events logged
- GnuTLS 3.2 required; system FIPS mode setting honored
+ CephFS Snapshot integration, exposed as previous file
versions
+ ctdb changes:
- onnode -o option removed
- ctdbd logs when using more than 90% of a CPU thread
- CTDB_MONITOR_SWAP_USAGE variable removed
+ AD Domain controller improvements:
- Upgrade AD databse format
- BIND9_FLATFILE deprecated
- default process model chagned to prefork
- bind9 dns operation duration logging
- Default schema updated to 2012_R2; function level is
unchanged
- many performance improvements
+ Configuration webserver support removed
-------------------------------------------------------------------
Tue Sep 3 09:18:38 UTC 2019 - Samuel Cabrero <scabrero@suse.de>
- Update to samba 4.10.8
+ CVE-2019-10197: user escape from share path definition;
(bso#14035); (bsc#1141267);
-------------------------------------------------------------------
Fri Aug 30 13:10:01 UTC 2019 - Noel Power <nopower@suse.com>
- Fix build on newer systems by modifying samba.spec to use
consistent non-relative paths for pammodules in configure line
and specification of pam_winbind.so library to package.
-------------------------------------------------------------------
Tue Aug 27 14:47:44 UTC 2019 - Noel Power <nopower@suse.com>
- Update to samba 4.10.7
+ Unable to create or rename file/directory inside shares
configured with vfs_glusterfs_fuse module; (bso#14010).
+ build: Allow build when '--disable-gnutls' is set; (bso#13844)
+ samba-tool: Add 'import samba.drs_utils' to fsmo.py;
(bso#13973).
+ Fix 'Error 32 determining PSOs in system' message on old DB
with FL upgrade; (bso#14008).
+ s4/libnet: Fix joining a Windows pre-2008R2 DC; (bso#14021)
+ join: Use a specific attribute order for the DsAddEntry
nTDSDSA object; (bso#14046).
+ vfs_catia: Pass stat info to synthetic_smb_fname();
(bso#14015).
+ lookup_name: Allow own domain lookup when flags == 0;
(bso#14091).
+ s4 librpc rpc pyrpc: Ensure tevent_context deleted last;
(bso#13932).
+ DEBUGC and DEBUGADDC doesn't print into a class specific log
file; (bso#13915).
+ Request to keep deprecated option "server schannel",
VMWare Quickprep requires "auto"; (bso#13949).
+ dbcheck: Fallback to the default tombstoneLifetime of 180 days;
(bso#13967).
+ dnsProperty fails to decode values from older Windows versions;
(bso#13969).
+ samba-tool: Use only one LDAP modify for dns partition fsmo
role transfer; (bso#13973).
+ third_party: Update waf to version 2.0.17; (bso#13960).
+ netcmd: Allow 'drs replicate --local' to create partitions;
(bso#14051).
+ ctdb-config: Depend on /etc/ctdb/nodes file; (bso#14017).
-------------------------------------------------------------------
Wed Aug 7 13:03:55 UTC 2019 - npower <nopower@suse.com>
- Prepare for use future use of kernel keyrings, modify
/etc/pam.d/samba to include pam_keyinit.so; (bsc#1144059).
-------------------------------------------------------------------
Thu Aug 1 10:00:00 UTC 2019 - Samuel Cabrero <scabrero@suse.de>
- Update samba-winbind script to work with systemd; (bsc#1132739);
- Drop samba dhcpcd hook scripts
- Update to samba 4.10.6
+ s3: winbind: Fix crash when invoking winbind idmap scripts;
(bso#13956).
+ smbd does not correctly parse arguments passed to dfree and quota
scripts; (bso#13964).
+ samba-tool dns: use bytes for inet_ntop; (bso#13965).
+ samba-tool domain provision: Fix --interactive module in python3;
(bso#13828).
+ ldb_kv: Skip @ records early in a search full scan; (bso#13893).
+ docs: Improve documentation of "lanman auth" and "ntlm auth"
connection; (bso#13981).
+ python/ntacls: Use correct "state directory" smb.conf option instead
of "state dir"; (bso#14002).
+ registry: Add a missing include; (bso#13840).
+ Fix SMB guest authentication; (bso#13944).
+ AppleDouble conversion breaks Resourceforks; (bso#13958).
+ vfs_fruit makes direct use of syscalls like mmap() and pread();
(bso#13968).
+ s3:mdssvc: Fix flex compilation error; (bso#13987).
+ s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly; (bso#13872).
+ dsdb:samdb: schemainfo update with relax control; (bso#13799).
+ s3:util: Move static file_pload() function to lib/util; (bso#13964).
+ smbd: Fix a panic; (bso#13957).
+ ldap server: Generate correct referral schemes; (bso#12478).
+ s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value;
(bso#13941).
+ s4 dsdb: Fix use after free in samldb_rename_search_base_callback;
(bso#13942).
+ dsdb/repl: we need to replicate the whole schema before we can apply it;
(bso#12204).
+ ldb: Release ldb 1.5.5; (bso#12478).
+ Schema replication fails if link crosses chunk boundary backwards;
(bso#13713).
+ 'samba-tool domain schemaupgrade' uses relax control and skips the
schemaInfo update provision; (bso#13799).
+ dsdb_audit: avoid printing "... remote host [Unknown] SID [(NULL SID)]
..."; (bso#13916).
+ python/ntacls: We only need security.SEC_STD_READ_CONTROL in order to
get the ACL; (bso#13917).
+ s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary;
(bso#13947).
+ Using Kerberos credentials to print using spoolss doesn't work;
(bso#13939).
+ wafsamba: Use native waf timer; (bso#13998).
+ ctdb-scripts: Fix tcp_tw_recycle existence check; (bso#13984).
-------------------------------------------------------------------
Wed Jun 19 09:20:12 UTC 2019 - Noel Power <nopower@suse.com>
- Update to samba-4.10.5 (including updates for 4.10.4, 4.10.3)
+ CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found
in DnssrvOperation2; (bso#13922); (bsc#1137815).
+ CVE-2019-12436 dsdb/paged_results: Ignore successful results
without messages; (bso#13951); (bsc#1137816).
- Update to samba-4.10.4
+ s3: SMB1: Don't allow recvfile on stream fsp's; (bso#13938).
+ py/provision: Fix for Python 2.6; (bso#13882).
+ netcmd: Fix 'passwordsettings --max-pwd-age' command;
(bso#13873).
+ s3-libnet_join: 'net ads join' to child domain fails when
using "-U admin@forestroot"; (bso#13861).
+ vfs_ceph: Explicitly enable libcephfs POSIX ACL support;
(bso#13896); (bsc#1130245).
+ vfs_ceph: Fix cephwrap_flistxattr() debug message;
(bso#13940); (bsc#1134697).
+ ctdb-common: Avoid race between fd and signal events;
(bso#13895).
+ ctdb-common: Fix memory leak in run_proc; (bso#13943).
+ lib: Initialize getline() arguments; (bso#13892).
+ winbind: Fix overlapping id ranges; (bco#13903).
+ lib util debug: Increase format buffer to 4KiB; (bso#13902).
+ nsswitch pam_winbind: Fix Asan use after free; (bso#13927).
+ s4 lib socket: Ensure address string owned by parent struct;
(bso#13929).
+ s3 rpc_client: Fix Asan stack use after scope; (bso#13936).
+ s3:smbd: Handle IO_REPARSE_TAG_DFS in
SMB_FIND_FILE_FULL_DIRECTORY_INFO; (bso#10097).
+ smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#10344).
+ smb2_sesssetup: avoid STATUS_PENDING responses for session setup;
(bso#12845).
+ smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#13698).
+ smb2_sesssetup: avoid STATUS_PENDING responses for session
setup; (bso#13796).
+ dbcheck: Fix the err_empty_attribute() check; (bso#13843).
+ vfs_snapper: Drop unneeded fstat handler; (bso#13858).
+ vfs_default: Fix vfswrap_offload_write_send()
NT_STATUS_INVALID_VIEW_SIZE check; (bso#13862).
+ smb2_server: Grant all 8192 credits to clients; (bso#13863).
+ smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling;
(bso#13919).
+ s3/vfs_glusterfs: Dynamically determine NAME_MAX; (bso#13872).
+ s3: modules: ceph: Use current working directory instead of
share path; (bso#13918); (bsc#1134452).
+ winbind: Use domain name from lsa query for sid_to_name cache
entry; (bso#13831).
+ memcache: Increase size of default memcache to 512k;
(bso#13865).
+ docs: Update smbclient manpage for "--max-protocol";
(bso#13857).
+ s3:utils: If share is NULL in smbcacls, don't print it;
(bso#13937).
+ s3:smbspool: Fix regression printing with Kerberos credentials;
(bso#13939).
+ ctdb-scripts: CTDB restarts failed NFS RPC services by hand,
which is incompatible with systemd; (bso#13860).
+ ctdb-daemon: Revert "We can not assume that just because we
could complete a TCP handshake"; (bso#13888).
+ ctdb-daemon: Never use 0 as a client ID; (bso#13930).
+ ctdb-common: Fix memory leak; (bso#13943).
+ s3:debug: Enable logging for early startup failures;
(bso#13904)
- Update to samba-4.10.3
+ CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed
checksum; (bso#13685); (bsc#1134024).
-------------------------------------------------------------------
Tue May 14 14:22:11 UTC 2019 - David Disseldorp <ddiss@suse.com>
- Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697).
- Add ceph_snapshots VFS module; (jsc#SES-183).
-------------------------------------------------------------------
Wed May 8 12:42:31 UTC 2019 - David Disseldorp <ddiss@suse.com>
- Fix vfs_ceph realpath; (bso#13918); (bsc#1134452).
-------------------------------------------------------------------
Wed Apr 17 11:20:32 UTC 2019 - npower <nopower@suse.com>
- Update to samba-4.10.2:
+ CVE-2019-3870 (World writable files in
Samba AD DC private/ dir); (bso#13834).
+ CVE-2019-3880 (Save registry file outside share as
unprivileged user); (bso#13851).
+ py/kcc_utils: py2.6 compatibility; (bso#13837).
+ libcli: permit larger values of DataLength in
SMB2_ENCRYPTION_CAPABILITIES of negotiate response;
(bso#13869).
+ regfio: Improve handling of malformed registry hive files;
(bso#13840).
+ ctdb-version: Simplify version string usage; (bso#13789).
+ lib: Make fd_load work for non-regular files; (bso#13859).
+ dbcheck: in the middle of the tombstone garbage collection
causes replication failures,
dbcheck: add --selftest-check-expired-tombstones cmdline
option; (bso#13816).
+ ndr_spoolss_buf: Fix out of scope use of stack variable in
NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818).
+ s4/messaging: Fix undefined reference in linking
libMESSAGING-samba4.so; (bso#13854).
+ acl_read: Fix regression for empty lists; (bso#13836).
+ s4:dlz make b9_has_soa check dc=@ node; (bso#13841).
+ s3:client: Fix printing via smbspool backend with kerberos
auth; (bso#13832).
+ s4:librpc: Fix installation of Samba; (bso#13847).
+ s3:lib: Fix the debug message for adding cache entries;
(bso#13848).
+ s3:utils: Add 'smbstatus -L --resolve-uids' to show username;
(bso#13793).
+ s3:lib: Fix the debug message for adding cache entries;
(bso#13848).
+ s3:waf: Fix the detection of makdev() macro on Linux;
(bso#13853).
* ctdb-build: Drop creation of .distversion in tarball;
(bso#13789).
* ctdb-packaging: Test package requires tcpdump, ctdb package
should not own system library directory; (bso#13838).
- Update to samba-4.10.1:
+ py/kcc_utils: py2.6 compatibility; (bso#13837);
+ libcli: permit larger values of DataLength in
SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869);
+ regfio: Improve handling of malformed registry hive files; (bso#13840);
+ ctdb-version: Simplify version string usage; (bso#13789);
+ lib: Make fd_load work for non-regular files; (bso#13859);
+ dbcheck in the middle of the tombstone garbage collection causes
replication failures, dbcheck: add --selftest-check-expired-tombstones
cmdline option; (bso#13816);
+ ndr_spoolss_buf: Fix out of scope use of stack variable in
NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818);
+ s4/messaging: Fix undefined reference in linking
libMESSAGING-samba4.so; (bso#13854);
+ acl_read: Fix regression for empty lists; (bso#13836);
+ s4:dlz make b9_has_soa check dc=@ node; (bso#13841);
+ s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832);
+ s4:librpc: Fix installation of Samba; (bso#13847);
+ s3:lib: Fix the debug message for adding cache entries; (bso#13848);
+ s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793);
+ s3:lib: Fix the debug message for adding cache entries; (bso#13848);
+ s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853);
+ ctdb-build: Drop creation of .distversion in tarball; (bso#13789);
+ ctdb-packaging: Test package requires tcpdump, ctdb package
should not own system library directory; (bso#13838);
- Update to samba-4.10.0:
+ s4-server: Open and close a transaction on sam.ldb at startup; (bso#13760);
+ access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
+ s4/scripting/bin: Open unicode files with utf8 encoding and write
+ unicode string.
+ sambaundoguididx: Use the right escaped oder unescaped sam ldb
files; (bso#13759);
+ Fix idmap cache pollution with S-1-22- IDs on winbind hickup; (bso#13813);
+ passdb: Update ABI to 0.27.2.
+ lib/winbind_util: Add winbind_xid_to_sid for --without-winbind; (bso#13813);
+ lib:util: Move debug message for mkdir failing to log level 1; (bso#13823);
-------------------------------------------------------------------
Sun Apr 14 22:31:32 UTC 2019 - David Disseldorp <ddiss@suse.com>
- Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245).
-------------------------------------------------------------------
Tue Apr 2 08:38:28 UTC 2019 - npower <nopower@suse.com>
- CVE-2019-3880: Save registry file outside share as unprivileged
user; (bso#13851); (bsc#1131060 ).
-------------------------------------------------------------------
Wed Mar 27 18:47:07 UTC 2019 - David Mulder <dmulder@suse.com>
- Update to samba-4.9.5
+ audit_logging: Remove debug log header and JSON Authentication:
prefix; (bso#13714);
+ Fix upgrade from 4.7 (or earlier) to 4.9; (bso#13760);
+ s3: lib: nmbname: Ensure we limit the NetBIOS name correctly; (bso#
CID: 1433607; (bso#11495);
+ smbd: uid: Don't crash if 'force group' is added to an existing
share connection; (bso#13690);
+ s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility
code; (bso#13770);
+ s3: SMB1 POSIX mkdir does case insensitive name lookup; (bso#13803);
+ s3:utils/smbget fix recursive download with empty source
directories; (bso#13199);
+ samba-tool drs showrepl: Do not crash if no dnsHostName found; (bso#13716);
+ s3:libsmb: cli_smb2_list() can sometimes fail initially on a
connection; (bso#13736);
+ join: Throw CommandError instead of Exception for simple errors; (bso#13747);
+ ldb: Avoid inefficient one-level searches; (bso#13762);
+ s3: libsmb: use smb2cli_conn_max_trans_size() in
cli_smb2_list(); (bso#13736);
+ tldap: Avoid use after free errors; (bso#13776);
+ Fix idmap xid2sid cache churn; (bso#13802);
+ access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
+ s3-smbd: Avoid assuming fsp is always intact after close_file
call; (bso#13720);
+ s3-vfs-fruit: Add close call; (bso#13725);
+ s3-smbd: Use fruit:model string for mDNS registration; (bso#13746);
+ s3-vfs: add glusterfs_fuse vfs module; (bso#13774);
+ printing: Check lp_load_printers() prior to pcap cache update; (bso#13766);
+ vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS)
ftruncate and fallocate; (bso#13807);
+ lib/audit_logging: Actually create talloc; (bso#13737);
+ netcmd/user: python[3]-gpgme unsupported and replaced by
python[3]-gpg; (bso#13728);
+ dns: Changing onelevel search for wildcard to subtree; (bso#13738);
+ samba-tool: Don't print backtrace on simple DNS errors; (bso#13721);
+ sambaundoguididx: Use the right escaped oder unescaped sam ldb
files; (bso#13759);
+ ctdb: Print locks latency in machinereadable stats; (bso#13742);
+ messages_dgm: Messaging gets stuck when pids are recycled; (bso#13786);
+ audit_logging: auth_json_audit required auth_json; (bso#13715);
+ man pages: Document prefork process model; (bso#13765);
+ CVE-2019-3824 ldb: Release ldb 1.4.6; (bso#13773);
+ s3:auth: ignore create_builtin_guests() failing without a valid
idmap configuration; (bso#13697);
+ s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC
without trusts; (bso#13722);
+ s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd
is not available; (bso#13723);
+ s4:server: Add support for 'smbcontrol samba shutdown' and
'smbcontrol <pid> debug/debuglevel'; (bso#13752);
+ Python: Ensure ldb.Dn can doesn't rencoded str with py2; (bso#13616);
+ vfs_glusterfs: Adapt to changes in libgfapi signatures; (bso#13330);
+ s3-vfs: Use ENOATTR in errno comparison for getxattr; (bso#13774);
+ notifyd: Fix SIGBUS on sparc; (bso#13704);
+ waf: Check for libnscd; (bso#13787);
+ s3:vfs: Correctly check if OFD locks should be enabled or not; (bso#13770);
+ lib/util: Count a trailing line that doesn't end in a newline; (bso#13717);
+ Recovery lock bug fixes; (bso#13800);
+ s3: net: Do not set NET_FLAGS_ANONYMOUS with -k; (bso#13726);
+ s3:libsmb: Honor disable_netbios option in smbsock_connect_send; (bso#13727);
+ vfs_fileid: Fix get_connectpath_ino; (bso#13741);
+ vfs_fileid: Fix fsname_norootdir algorithm; (bso#13744);
-------------------------------------------------------------------
Mon Mar 4 12:42:36 UTC 2019 - David Disseldorp <ddiss@suse.com>
- Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153).
-------------------------------------------------------------------
Fri Feb 22 11:58:53 UTC 2019 - Samuel Cabrero <scabrero@suse.de>
- Fix update-apparmor-samba-profile script after apparmor switched
to using named profiles. The change is backwards compatible;
(bsc#1126377);
-------------------------------------------------------------------
Thu Feb 7 16:13:15 UTC 2019 - David Mulder <dmulder@suse.com>
- LoadParm().load_default() fails with "Unable to load default file";
(bsc#1089758);
-------------------------------------------------------------------
Thu Feb 7 00:27:42 UTC 2019 - ddiss@suse.com
- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);
-------------------------------------------------------------------
Mon Feb 4 12:38:55 UTC 2019 - Samuel Cabrero <scabrero@suse.de>
- s3:winbindd: let normalize_name_map() call find_domain_from_name_noinit();
(bso#13173); (bsc#1123755);
- s3:winbind: Fix regression introduced with bso #12851;
(bso#12851); (bsc#1123755);
-------------------------------------------------------------------
Tue Jan 8 11:38:40 UTC 2019 - nopower@suse.com
- Update to samba-4.9.4
+ libcli/smb: Don't overwrite status code; (bso#9175).
+ wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164).
+ Session setup reauth fails to sign response; (bso#13661).
+ vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677).
+ vfs_shadow_copy2: Nicely deal with attempts to open previous
version for writing; (bso#13688).
+ Restoring previous version of stream with vfs_shadow_copy2 fails
with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455).
+ CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571).
+ s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708)
+ PEP8: fix E231: missing whitespace after ','.
+ winbindd: Fix crash when taking profiles;(bso#13629)
+ CVE-2018-14629 dns: Fix CNAME loop prevention using counter
regression; (bso#13600)
+ 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686).
+ CVE-2018-16853: Do not segfault if client is not set; (bso#13571).
+ lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679)
+ ctdb-daemon: Exit with error if a database directory does not
exist; (bso#13696).
+ s3:libads: Add net ads leave keep-account option; (bso#13498).
-------------------------------------------------------------------
Thu Dec 20 15:15:54 UTC 2018 - David Mulder <dmulder@suse.com>
- s3:passdb: Do not return OK if we don't have pinfo set up;
(bsc#1099590); (bso#13376);
-------------------------------------------------------------------
Thu Dec 6 20:55:23 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
- Drop more %if..%endif guards which are idempotent.
- Drop requires on ldconfig which are already auto-discovered.
- Do not ignore errors from useradd/groupadd.
-------------------------------------------------------------------
Thu Nov 29 15:54:27 UTC 2018 - David Mulder <dmulder@suse.com>
- Remove python2 build dependency from samba-libs; (bsc#1116900);
-------------------------------------------------------------------
Wed Nov 28 09:35:06 UTC 2018 - Samuel Cabrero <scabrero@suse.de>
- Update update-apparmor-samba-profile script to ignore the shares's
paths containing substitution variables in any place, not only at the
beginning of the path.
-------------------------------------------------------------------
Mon Nov 19 12:28:56 UTC 2018 - Samuel Cabrero <scabrero@suse.de>
- Update to samba-4.9.3
+ CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD
Internal DNS server; (bso#13600); (bsc#1116319);
+ CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628);
(bsc#1116320);
+ CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server;
(bso#13674); (bsc#1116322);
+ CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers;
(bso#13669); (bsc#1116321);
+ CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported); (bso#13678); (bsc#1116324);
+ CVE-2018-16857: Bad password count in AD DC not always effective;
window; (bso#13683); (bsc#1116323);
-------------------------------------------------------------------
Thu Nov 8 17:53:14 UTC 2018 - Samuel Cabrero <scabrero@suse.de>
- s3: winbind: Remove fstring from wb_acct_info struct; (bsc#1114459);
- Use foreground execution mode for systemd samba daemons; (bsc#1112223);
-------------------------------------------------------------------
Thu Nov 8 15:06:37 UTC 2018 - Samuel Cabrero <scabrero@suse.de>
- Update to samba-4.9.2
+ dsdb: Add comments explaining the limitations of our current backlink
behaviour; (bso#13418);
+ Fix problems running domain backups (handling SMBv2, sites); (bso#13621);
+ testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3;
(bso#13465);
+ Make vfs_fruit able to cleanup AppleDouble files; (bso#13642);
+ File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646);
+ Enabling vfs_fruit looses FinderInfo; (bso#13649);
+ Cancelling of SMB2 aio reads and writes returns wrong error
NT_STATUS_INTERNAL_ERROR; (bso#13667);
+ Fix CTDB recovery record resurrection from inactive nodes and simplify
vacuuming; (bso#13641);
+ examples: Fix the smb2mount build; (bso#13465);
+ libtevent: Fix build due to missing open_memstream on Illiumos;
(bso#13629);
+ winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662);
+ dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path;
(bso#13653);
+ Extended DN SID component missing for member after switching group
membership; (bso#13418);
+ Return STATUS_SESSION_EXPIRED error encrypted, if the request was
encrypted; (bso#13624);
+ python: Allow forced signing via smb.SMB(); (bso#13621);
+ lib:socket: If returning early, set ifaces; (bso#13665);
+ ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8
encoded unicode; (bso#13616);
+ smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute;
(bso#13673);
+ waf: Add -fstack-clash-protection; (bso#13601);
+ winbind: Fix segfault if an invalid passdb backend is configured;
(bso#13668);
+ Fix bugs in CTDB event handling; (bso#13659);
+ Misbehaving nodes are sometimes not banned; (bso#13670);
-------------------------------------------------------------------
Mon Oct 29 14:38:56 UTC 2018 - dmulder@suse.com
- lib:socket: If returning early, set ifaces; (bso#13665); (bsc#1111373);
-------------------------------------------------------------------
Tue Oct 23 18:44:53 UTC 2018 - dmulder@suse.com
- winbind requires latest version of libtevent-util0 to start
-------------------------------------------------------------------
Fri Oct 12 14:58:08 UTC 2018 - dmulder@suse.com
- Backport latest gpo code from master
+ Read policy from local gpt cache
+ Offline policy application
+ Make group policy extensible via register/unregister gpext
+ gpext's run via a process_group_policy method
-------------------------------------------------------------------
Mon Oct 8 08:36:43 UTC 2018 - Samuel Cabrero <scabrero@suse.de>
- Update to 4.6.16; (bsc#1110943);
+ CVE-2018-10919: Fix unauthorized attribute access via searches;
(bso#13434);
-------------------------------------------------------------------
Wed Sep 26 22:45:40 UTC 2018 - jmcdonough@suse.com
- Enable profiling data collection
-------------------------------------------------------------------
Tue Sep 25 20:26:47 UTC 2018 - dmulder@suse.com
- Change samba-kdc package name to samba-ad-dc
- Move samba-ad-dc.service to the samba-ad-dc package
-------------------------------------------------------------------
Mon Sep 24 09:43:08 UTC 2018 - Samuel Cabrero <scabrero@suse.de>
- Update to samba-4.9.1
+ s3: nmbd: Stop nmbd network announce storm; (bso#13620);
+ s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds;
(bso#13597);
+ CTDB recovery lock has some race conditions; (bso#13617);
+ s3-rpc_client: Advertise Windows 7 client info; (bso#13597);
+ ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page; (bso#13610);
-------------------------------------------------------------------
Thu Sep 13 19:19:34 UTC 2018 - dmulder@suse.com
- Tumbleweed doesn't define the sle_version macro, so we must
include a check for suse_version also. Otherwise python3 is
disabled on Tumbleweed.
-------------------------------------------------------------------
Thu Sep 13 13:28:06 UTC 2018 - Samuel Cabrero <scabrero@suse.de>
- Update to samba-4.9.0
+ samba_dnsupdate: Honor 'dns zone scavenging' option, only update if
needed; (bso#13605);
+ wafsamba: Fix 'make -j<jobs>'; (bso#13606);
-------------------------------------------------------------------
Mon Sep 10 20:46:20 UTC 2018 - dmulder@suse.com
- Update to samba-4.9.0rc5
+ s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only
returns absolute pathnames; (bso#13565);
+ s3: util: Do not take over stderr when there is no log file; (bso#13578);
+ Durable Reconnect fails because cookie.allow_reconnect is not
set; (bso#13549);
+ krb5-samba: Interdomain trust uses different salt principal; (bso#13539);
+ vfs_fruit: Don't unlink the main file; (bso#13441);
+ smbd: Fix a memleak in async search ask sharemode; (bso#13602);
+ Fix Samba GPO issue when Trust is enabled; (bso#11517);
+ samba-tool: Add "virtualKerberosSalt" attribute to
'user getpassword/syncpasswords'; (bso#13539);
+ Fix CTDB configuration issues; (bso#13589);
+ ctdbd logs an error until it can successfully connect to
eventd; (bso#13592);
-------------------------------------------------------------------
Wed Aug 29 15:49:29 UTC 2018 - dmulder@suse.com
- Update to samba-4.9.0rc4
+ s3: smbd: Ensure get_real_filename() copes with empty
pathnames; (bso#13585);
+ samba domain backup online/rename commands force user to specify
password on CLI; (bso#13566);
+ wafsamba/samba_abi: Always hide ABI symbols which must be
local; (bso#13579);
+ Fix a panic if fruit_access_check detects a locking conflict; (bso#13584);
+ Fix memory and resource leaks; (bso#13567);
+ python: Fix print in dns_invalid.py; (bso#13580);
+ Aliasing issue causes incorrect IPv6 checksum; (bso#13588);
+ Fix CTDB configuration issues; (bso#13589);
+ s3: vfs: time_audit: fix handling of token_blob in
smb_time_audit_offload_read_recv(); (bso#13568);
-------------------------------------------------------------------
Mon Aug 27 09:34:11 UTC 2018 - vcizek@suse.com
- Add missing zlib-devel dependency which was previously pulled in
by libopenssl-devel
-------------------------------------------------------------------
Tue Aug 21 13:39:49 UTC 2018 - dmulder@suse.com
- Update to samba-4.9.0rc3+git.22.3fff23ae36e
+ CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
returns from malicious servers; (bso#13453);
+ CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query
with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374);
+ CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
not servicePrincipalName is set on a user; (bso#13552);
+ CVE-2018-10919: acl_read: Fix unauthorized attribute access via
searches; (bso#13434);
+ ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540);
+ CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
is disabled via "ntlm auth"; (bso#13360);
+ s3-tldap: do not install test_tldap; (bso#13529);
+ ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540);
+ CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
ltdb_index_dn_attr(); (bso#13374);
+ ctdb-eventd: Fix CID 1438155; (bso#13554);
+ Fix CIDs 1438243, (Unchecked return value) 1438244
(Unsigned compared against 0), 1438245 (Dereference before null check) and
1438246 (Unchecked return value); (bso#13553);
+ ctdb: Fix a cut&paste error; (bso#13554);
+ systemd: Only start smb when network interfaces are up; (bso#13559);
+ Fix quotas don't work with SMB2; (bso#13553);
+ s3/smbd: Ensure quota code is only called when quota support
detected; (bso#13563);
+ s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204);
+ s3:waf: Install eventlogadm to /usr/sbin; (bso#13561);
+ Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);
-------------------------------------------------------------------
Mon Aug 20 21:25:27 UTC 2018 - ddiss@suse.com
- Update to 4.6.15
+ Fix ctdb_mutex_ceph_rados_helper deadlock; (bso#13540); (bsc#1102230);
+ Allow idmap_rid to have primary group other than "Domain Users";
(bsc#1087931).
-------------------------------------------------------------------
Mon Aug 20 15:03:01 MDT 2018 - dmulder@suse.com
- Update to samba-4.9.0rc2+git.21.a1069afb007
+ s3: smbd: Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537);
+ s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check();
(bso#13535);
+ samba-tool trust: Support discovery via netr_GetDcName; (bso#13538);
+ s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542);
+ Fix portability issues on freebsd; (bso#13520);
+ DNS wildcard search does not handle multiple labels correctly; (bso#13536);
+ samba-tool domain trust: Fix trust compatibility to Windows
Server 1709 and FreeIPA; (bso#13308);
+ Fix portability issues on freebsd; (bso#13520);
+ ctdb-protocol: Fix CTDB compilation issues; (bso#13545);
+ ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT
option; (bso#13546);
+ ctdb-doc: Provide an example script for migrating old
configuration; (bso#13550);
+ ctdb-event: Implement event tool "script list" command; (bso#13551);
-------------------------------------------------------------------
Tue Aug 14 13:06:03 UTC 2018 - nopower@suse.com
- Update to samba-4.8.4+git.37.a7a861d7982;
+ CVE-2018-1139: Weak authentication protocol allowed;
(bsc#1095048); (bsc#13360);
+ CVE-2018-1140: Denial of Service Attack on DNS and LDAP server;
(bsc#1095056); (bso#13466); (bso#13374);
+ CVE-2018-10858: Insufficient input validation on client directory
listing in libsmbclient; (bsc#1103411); (bso#13453);
+ CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server;
(bsc#1103414); (bso#13552);
+ CVE-2018-10919: Confidential attribute disclosure from the AD
LDAP server; (bsc#1095057); (bso#13434);
+ s3:winbind: winbind normalize names' doesn't work for users;
(bso#12851);
+ winbind: Fix UPN handling in canonicalize_username(); (bso#13369);
+ s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428);
+ samdb: Fix building Samba with gcc 8.1; (bso#13437);
+ s3:utils: Do not segfault on error in DoDNSUpdate(); (bso#13440);
+ smbd: Flush dfree memcache on service reload; (bso#13446);
+ ldb: Save a copy of the index result before calling the
+ lib/util: No Backtrace given by Samba's AD DC by default;
(bso#13454).
+ s3: smbd: printing: Re-implement delete-on-close semantics for
print files missing since 3.5.x; (bso#13457).
+ python: Fix talloc frame use in make_simple_acl(); (bso#13474).
+ krb5_wrap: Fix keep_old_entries logic for older Kerberos
libraries;(bso#13478).
+ krb5_plugin: Add winbind localauth plugin for MIT Kerberos;
(bso#13480).
-------------------------------------------------------------------
Wed Aug 1 14:57:51 UTC 2018 - scabrero@suse.de
- CVE-2018-10858: Insufficient input validation on client directory
listing in libsmbclient; (bso#13453); (bsc#1103411);
- s3: winbind: Fix 'winbind normalize names' in wb_getpwsid();
(bso#12851);
- winbind: avoid using fstrcpy in _dual_init_connection;
(bso#13294); (bsc#1087303);
- Fix ntlm authentications with "winbind use default domain = yes";
(bso#13126); (bsc#1068059);
- net: fix net ads keytab handling; (bso#13166); (bsc#1067700);
- fix vfs_ceph flock stub; (bso#13506).
-------------------------------------------------------------------
Tue May 29 12:08:15 UTC 2018 - scabrero@suse.de
- Add missing package descriptions; (bsc#1093864);
- Fix dependency issue between samba-python and samba-kdc; (bsc#1062876);
- Call update-apparmor-samba-profile when running samba-ad-dc;
(bsc#1092099);
-------------------------------------------------------------------
Wed May 23 14:01:16 UTC 2018 - ddiss@suse.com
- Fix vfs_ceph with "aio read size" or "aio write size" > 0;
(bsc#1093664).
+ vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425).
+ Fix memory leak in vfs_ceph; (bso#13424).
- Update to 4.6.14
+ winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection;
(bso#13294).
+ s3:smb2_server: correctly maintain request counters for compound
requests; (bso#13215).
+ s3: smbd: Unix extensions attempts to change wrong field in fchown
call; (bso#13375).
+ s3:smbd: map nterror on smb2_flush errorpath; (bso#13338).
+ vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async;
(bso#13297).
+ s3: smbd: Fix possible directory fd leak if the underlying OS doesn't
support fdopendir(); (bso#13270).
+ s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we
don't own it here; (bso#13244).
+ s3:libsmb: allow -U"\\administrator" to work; (bso#13206).
+ CVE-2018-1057: s4:dsdb: fix unprivileged password changes;
(bso#13272); (bsc#1081024).
+ s3:smbd: Do not crash if we fail to init the session table;
(bso#13315).
+ libsmb: Use smb2 tcon if conn_protocol >= SMB2_02; (bso#13310).
+ smbXcli: Add "force_channel_sequence"; (bso#13215).
+ smbd: Fix channel sequence number checks for long-running requests;
(bso#13215).
+ s3:smb2_server: allow logoff, close, unlock, cancel and echo on
expired sessions; (bso#13197).
+ s3:smbd: return the correct error for cancelled SMB2 notifies on
expired sessions; (bso#13197).
+ samba: Only use async signal-safe functions in signal handler;
(bso#13240).
+ subnet: Avoid a segfault when renaming subnet objects; (bso#13031).
-------------------------------------------------------------------
Wed May 23 09:52:28 UTC 2018 - jmcdonough@suse.com
- Update to 4.8.2
+ After update to 4.8.0 DC failed with "Failed to find our own
NTDS Settings objectGUID" (bso#13335).
+ fix incorrect reporting of stream dos attributes on a
directory (bso#13380).
+ vfs_ceph: add asynchronous fsync; fake synchronous call (bso#13412).
+ vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425)
+ vfs_ceph: Fix memory leak; (bso#13424).
+ libsmbclient: Fix hard-coded connection error return of
ETIMEDOUT; (bso#13419).
+ s4-lsa: Fix use-after-free in LSA server; (bso#13420).
+ winbindd: Do re-connect if the RPC call fails in the passdb
case; (bso#13430).
+ cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers; (bso#13416).
+ cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd
unclean process shutdown; (bso#13414).
+ ctdb-client: Remove ununsed functions from old client code;
(bso#13411).
+ printing: Return the same error code as windows does on upload
failures; (bso#13395).
+ nsswitch: Fix memory leak in winbind_open_pipe_sock() when the
privileged pipe is not accessable; (bso#13400).
+ s4:lsa_lookup: remove TALLOC_FREE(state) after all
dcesrv_lsa_Lookup{Names,Sids}_base_map() calls; (bso#13420).
+ rpc_server: Fix NetSessEnum with stale sessions; (bso#13407).
+ s3:smbspool: Fix cmdline argument handling; (bso#13417).
-------------------------------------------------------------------
Fri Apr 27 13:57:14 UTC 2018 - scabrero@suse.de
- Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is
required by some client libs; (bsc#1074135);
- Update to 4.8.1; (bsc#1091179);
+ s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error,
we don't own it here; (bso#13244);
+ s3: smbd: Fix possible directory fd leak if the underlying OS doesn't
support fdopendir(); (bso#13270);
+ Round-tripping ACL get/set through vfs_fruit will increase the number of
ACE entries without limit; (bso#13319);
+ s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit
issues; (bso#13347);
+ s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without
delete access; (bso#13358);
+ s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372);
+ s3: smbd: Unix extensions attempts to change wrong field in fchown call;
(bso#13375);
+ ms_schema/samba-tool visualize: Fix python2.6 incompatibility;
(bso#13337);
+ Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352);
+ Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
+ winbindd: Recover loss of netlogon secure channel in case the peer DC is
rebooted; (bso#13332);
+ s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363);
+ ctdb-client: Fix bugs in client code; (bso#13356);
+ ctdb-scripts: Drop "net serverid wipe" from 50.samba event script;
(bso#13359);
+ s3: lib: messages: Don't use the result of sec_init() before calling
sec_init(); (bso#13368);
+ libads: Fix the build '--without-ads'; (bso#13273);
+ winbind: Keep "force_reauth" in invalidate_cm_connection, add
'smbcontrol disconnect-dc'; (bso#13332);
+ vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343);
+ dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367);
+ rpc_server: Fix core dump in dfsgetinfo; (bso#13370);
+ smbclient: Fix notify; (bso#13382);
+ Fix smbd panic if the client-supplied channel sequence number wraps;
(bso#13215);
+ Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
+ lib/util: Remove unused '#include <sys/syscall.h>' from tests/tfork.c;
(bso#13342);
+ Fix build errors with cc from developerstudio 12.5 on Solaris;
(bso#13343);
+ Fix the picky-developer build on FreeBSD 11; (bso#13344);
+ s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345);
+ s3:smbd: map nterror on smb2_flush errorpath; (bso#13338);
+ lib:replace: Fix linking when libtirpc-devel overwrites system headers;
(bso#13341);
+ winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid
query; (bso#13312);
+ s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376);
+ Allow AESNI to be used on all processor supporting AESNI; (bso#13302);
-------------------------------------------------------------------
Wed Apr 11 14:55:09 UTC 2018 - aaptel@suse.com
- Use new foreground execution flags for systemd samba daemons;
(bsc#1088574); (bsc#1071090); (bsc#1065551);
+ Add %post scriptlet to clear old sysconfig flags
- Update vendor-files to commit 880b3e7.
+ Set samba sysconfig template variables to ""
+ Add required daemon flags directly to systemd unit
-------------------------------------------------------------------
Mon Mar 26 22:37:15 UTC 2018 - jengelh@inai.de
- Specfile cleanup
+ Remove %if..%endif guards which don't affect the build
+ Remove redundant %clean section
+ Replace old $RPM_* shell vars with macros
-------------------------------------------------------------------
Thu Mar 22 16:28:02 UTC 2018 - dimstar@opensuse.org
- BuildRequire pkgconfig(systemd) and pkgconfig(libsystemd) in
place of systemd and systemd-devel: Allow OBS to optimize the
workload by allowing the usage of the 'build-optimized' systemd
packages.
-------------------------------------------------------------------
Thu Mar 22 14:20:44 UTC 2018 - dmulder@suse.com
- Enable building samba with python3, and create a samba-python3 package.
-------------------------------------------------------------------
Thu Mar 15 11:29:04 UTC 2018 - jmcdonough@suse.com
- Update to 4.8
+ New GUID Index mode in sam.ldb for the AD DC
+ GPO support for samba KDC
+ Time machine support with vfs_fruit
+ Encrypted secrets
+ AD Replication visualization
+ Improved trust support
- ability to not scan global trust list
- AD external trusts have limited support
- verbose trusted domain listing
+ VirusFilter VFS module
+ NT4-style replication removed
+ vfs_aio_linux removed
-------------------------------------------------------------------
Tue Mar 13 20:12:10 UTC 2018 - david.mulder@suse.com
- Disable samba-pidl package, due to the removal of dependency
perl-Parse-Yapp; (bsc#1085150);
-------------------------------------------------------------------
Tue Mar 13 09:49:44 UTC 2018 - jmcdonough@suse.com
- Update to 4.7.6;
+ CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally;
(bso#11343); (bsc#1081741);
+ CVE-2018-1057: Authenticated users can change other users' password;
(bso#13272); (bsc#1081024).
-------------------------------------------------------------------
Wed Mar 7 11:54:50 UTC 2018 - jmcdonough@suse.com
- CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally;
(bso#11343); (bsc#1081741);
-------------------------------------------------------------------
Tue Mar 6 23:36:51 UTC 2018 - ddiss@suse.com
- Update to 4.6.13; (bsc#1084191)
+ ceph_statx configure time check doesn't work with a non-default
--with-libcephfs path; (bso#13250).
- follow up fix for libceph-common detection; (bso#13277).
+ Fail to copy file with empty FinderInfo from Windows client to Samba
share with fruit; (bso#13181).
+ vfs_ceph uses a local statvfs() call to determine FS capabilities;
(bso#13208).
+ smbd tries to release not leased oplock during oplock II downgrade;
(bso#13193).
+ smbd panic when chdir returns error during exit; (bso#13189).
+ ctdb_recovery_helper crashes if recovery process times out; (bso#13188).
+ POSIX ACL support is broken on hpux and possibly other big-endian OSs;
(bso#13176).
+ Kerberos: PKINIT: Can't decode algorithm parameters in
clientPublicValue; (bso#12986).
+ g_lock conflict detection broken when processing stale entries.;
(bso#13195).
+ The KDC on an RWDC doesn't send error replies in some situations;
(bso#13132).
-------------------------------------------------------------------
Mon Feb 26 22:09:49 UTC 2018 - aaptel@suse.com
- Disable python until full python3 port is done; (bsc#1082139);
+ Remove contents of package samba-python
+ Remove contents of package libsamba-policy0
+ Remove contents of package libsamba-policy-devel
+ Remove library libsamba-python-samba4.so from samba-libs package
+ Remove library libsamba-net-samba4.so from samba-libs package
+ Remove smbtorture binary and manpage from samba-test
-------------------------------------------------------------------
Fri Feb 23 15:27:07 UTC 2018 - dmulder@suse.com
- samba fails to build with glibc2.27; (bsc#1081042);
-------------------------------------------------------------------
Mon Feb 12 09:12:02 UTC 2018 - scabrero@suse.com
- Update to 4.7.5; (bsc#1080545);
+ smbd tries to release not leased oplock during oplock II downgrade;
(bso#13193);
+ Fix copying file with empty FinderInfo from Windows client to Samba share
with fruit; (bso#13181);
+ build: Deal with recent glibc sunrpc header removal; (bso#10976);
+ Make Samba work with tirpc and libnsl2; (bso#13238);
+ vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208);
(bsc#1075206);
+ Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
(bso#12986);
+ ctdb-recovery-helper: Deregister message handler in error paths;
(bso#13188);
+ samba: Only use async signal-safe functions in signal handler; (bso#13240);
+ Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
(bso#12986);
+ repl_meta_data: Fix linked attribute corruption on databases
with unsorted links on expunge. dbcheck: Add functionality to fix the
corrupt database; (bso#13228);
+ Fix smbd panic when chdir returns error during exit; (bso#13189);
+ Make Samba work with tirpc and libnsl2; (bso#13238);
+ Fix POSIX ACL support on HPUX and possibly other big-endian OSs;
(bso#13176);
-------------------------------------------------------------------
Fri Feb 9 13:25:11 UTC 2018 - scabrero@suse.com
- Update to 4.7.4; (bsc#1080545);
+ s3: smbclient: Implement 'volume' command over SMB2; (bso#13140);
+ s3: libsmb: Fix valgrind read-after-free error in
cli_smb2_close_fnum_recv(); (bso#13171);
+ s3: libsmb: Fix reversing of oldname/newname paths when creating a
reparse point symlink on Windows from smbclient; (bso#13172);
+ Build man page for vfs_zfsacl.8 with Samba; (bso#12934);
+ repl_meta_data: Allow delete of an object with dangling backlinks;
(bso#13095);
+ s4:samba: Fix default to be running samba as a deamon; (bso#13129);
+ Performance regression in DNS server with introduction of DNS wildcard,
ldb: Release 1.2.3; (bso#13191);
+ vfs_zfsacl: Fix compilation error; (bso#6133);
+ "smb encrypt" setting changes are not fully applied until full smbd
restart; (bso#13051);
+ winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052);
+ vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155);
+ winbindd: Dependency on trusted-domain list in winbindd in critical auth
codepath; (bso#13173);
+ repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120);
+ ctdb: sock_daemon leaks memory; (bso#13153);
+ TCP tickles not getting synchronised on CTDB restart; (bso#13154);
+ winbindd: winbind parent and child share a ctdb connection; (bso#13150);
+ pthreadpool: Fix deadlock; (bso#13170);
+ pthreadpool: Fix starvation after fork; (bso#13179);
+ messaging: Always register the unique id; (bso#13180);
+ s4/smbd: set the process group; (bso#13129);
+ Fix broken linked attribute handling; (bso#13095);
+ The KDC on an RWDC doesn't send error replies in some situations;
(bso#13132);
+ libnet_join: Fix 'net rpc oldjoin'; (bso#13149);
+ g_lock conflict detection broken when processing stale entries;
(bso#13195);
+ s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired
sessions; (bso#13197);
+ s3:libads: net ads keytab list fails with "Key table name malformed";
(bso#13166); (bsc#1067700);
+ Fix crash in pthreadpool thread after failure from pthread_create;
(bso#13170);
+ s4:samba: Allow samba daemon to run in foreground; (bso#13129);
(bsc#1065551);
+ third_party: Link the aesni-intel library with "-z noexecstack";
(bso#13174);
+ vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I"
options; (bso#13125);
-------------------------------------------------------------------
Wed Dec 6 17:52:41 UTC 2017 - kukuk@suse.de
- Re-enable usage of libnsl (did got lost with glibc change)
- Use TI-RPC (sunrpc is deprecated and will be removed soon from
glibc)
-------------------------------------------------------------------
Thu Nov 30 09:31:53 UTC 2017 - scabrero@suse.com
- Update to 4.6.11; (bsc#1084191)
+ vfs_glusterfs: Fix exporting subdirs with shadow_copy2; (bso#13091);
+ s3: smbclient: Ensure we call client_clean_name() before all
operations on remote pathnames; (bso#13093);
+ Non-smbd processes using kernel oplocks can hang smbd; (bso#13121);
+ python: use communicate to fix Popen deadlock; (bso#13127);
+ smbd on disk file corruption bug under heavy threaded load; (bso#13130);
+ tevent: version 0.9.34; (bso#13130);
+ vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086);
+ smbd: Move check for SMB2 compound request to new function; (bso#13047);
+ s3:vfs_glusterfs: Fix a double free in vfs_gluster_getwd(); (bso#13100);
+ s4:pyparam: Fix resource leaks on error; (bso#13101);
+ s3:smbd: Fix delete-on-close after smb2_find; (bso#13118);
-------------------------------------------------------------------
Wed Nov 29 16:59:07 UTC 2017 - david.mulder@suse.com
- smbc_opendir should not return EEXIST with invalid login credentials;
(bnc#1065868).
-------------------------------------------------------------------
Tue Nov 28 17:07:26 UTC 2017 - scabrero@suse.com
- Update to 4.7.3; (bsc#1069666);
+ Non-smbd processes using kernel oplocks can hang smbd;
(bso#13121);
+ python: use communicate to fix Popen deadlock; (bso#13127);
+ smbd on disk file corruption bug under heavy threaded load;
(bso#13130);
+ tevent: version 0.9.34; (bso#13130);
+ s3: smbd: Fix delete-on-close after smb2_find; (bso#13118);
+ CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug;
(bsc#1060427);(bso#13041);
+ CVE-2017-15275: s3: smbd: Chain code can return uninitialized
memory when talloc buffer is grown; (bsc#1063008); (bso#13077);
- Build with AD DC support only in openSUSE.
-------------------------------------------------------------------
Mon Nov 27 14:23:09 UTC 2017 - rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
-------------------------------------------------------------------
Wed Nov 15 17:00:50 UTC 2017 - dmulder@suse.com
- samba-tool requires samba-python; (bnc#1067771).
-------------------------------------------------------------------
Wed Nov 8 17:21:41 UTC 2017 - scabrero@suse.de
- CVE-2017-14746: Use-after-free vulnerability; (bso#13041);
(bsc#1060427);
- CVE-2017-15275: Server heap memory information leak;
(bso#13077); (bsc#1063008);
-------------------------------------------------------------------
Tue Nov 7 07:43:54 UTC 2017 - scabrero@suse.com
- Run all daemons in the foreground and let systemd handle it; (bsc#1065551).
- Update to 4.7.1;
+ Fix exporting subdirs with shadow_copy2; (bso#13091);
+ Currently if getwd() fails after a chdir(), we panic; (bso#13027);
+ Ensure default SMB_VFS_GETWD() call can't return a partially completed
struct smb_filename; (bso#13068);
+ sys_getwd() can leak memory or possibly return the wrong errno on older
systems; (bso#13069);
+ smbclient doesn't correctly canonicalize all local names before use;
(bso#13093);
+ Fix broken linked attribute handling; (bso#13095);
+ Missing LDAP query escapes in DNS rpc server; (bso#12994);
+ Link to -lbsd when building replace.c by hand; (bso#13087);
+ Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem;
(bso#6133);
+ Map SYNCHRONIZE acl permission statically in zfs_acl vfs module;
(bso#7909);
+ Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module;
(bso#7933);
+ Missing assignment in sl_pack_float; (bso#12991);
+ Wrong Samba access checks when changing DOS attributes; (bso#12995);
+ samba_runcmd_send() leaves zombie processes on timeout; (bso#13062);
+ groupmap cleanup should not delete BUILTIN mappings; (bso#13065);
+ Enabling vfs_fruit results in loss of Finder tags and other xattrs;
(bso#13076);
+ man pages: Properly ident lists; (bso#9613);
+ smb.conf.5: Sort parameters alphabetically; (bso#13081);
+ Fix GUID string format on GetPrinter info; (bso#12993);
+ Remote serverid check doesn't check for the unique id; (bso#13042);
+ CTDB starts consuming memory if there are dead nodes in the cluster;
(bso#13056);
+ ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070);
+ libgpo doesn't sort the GPOs in the correct order; (bso#13046);
+ Remote serverid check doesn't check for the unique id; (bso#13042);
+ vfs_catia: Fix a potential memleak; (bso#13090);
+ Fix file change notification for renames; (bso#12903);
+ Samba DNS server does not honour wildcards; (bso#12952);
+ Can't change password in samba from a Windows client if Samba runs on
IPv6 only interface; (bso#13079);
+ vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086);
+ Apple client can't cope with SMB2 async replies when creating symlinks;
(bso#13047);
+ s4:rpc_server:backupkey: Move variable into scope; (bso#12959);
+ Fix ntstatus_gen.h generation on 32bit; (bso#13099);
+ Fix a double free in vfs_gluster_getwd(); (bso#13100);
+ Fix resouce leaks and pointer issues; (bso#13101);
+ vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);
-------------------------------------------------------------------
Fri Oct 27 07:48:17 UTC 2017 - scabrero@suse.de
- Update to 4.6.9; (bsc#1065066);
+ Reverse sense of 'clear all attributes', ignore attribute change in SMB2
to match SMB1; (bso#12899);
+ SMBC_setatr() initially uses an SMB1 call before falling back;
(bso#12913);
+ Fix segfault on MacOS 10.12.3 clients caused by SMB_VFS_GET_COMPRESSION;
(bso#13003);
+ sys_getwd() can leak memory or possibly return the wrong errno on older
systems; (bso#13069);
+ Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem;
(bso#6133);
+ Map SYNCHRONIZE acl permission statically; (bso#7909);
+ Honor SEC_STD_WRITE_OWNER bit; (bso#7933);
+ Kernel oplocks still have issues with named streams; (bso#12791);
+ Handle EACCES when fetching DOS attributes; (bso#12944);
+ Missing assignment in sl_pack_float; (bso#12991);
+ Fix wrong Samba access checks when changing DOS attributes; (bso#12995);
+ Groupmap cleanup should not delete BUILTIN mappings; (bso#13065);
+ Enabling vfs_fruit results in loss of Finder tags and other xattrs;
(bso#13076);
+ Fix GUID string format on GetPrinter info; (bso#12993);
+ Match WS2016 ReFS set compression behaviour; (bso#12144);
+ Fix implementation of process_exists control; (bso#13012);
+ GET_DB_SEQNUM control can cause ctdb to deadlock when databases are
frozen; (bso#13021);
+ Free up record data if a call request is deferred; (bso#13029);
+ Initialize ctdb_ltdb_header completely for empty record; (bso#13036);
+ CTDB starts consuming memory if there are dead nodes in the cluster;
(bso#13056);
+ Ignore event scripts with multiple '.'s; (bso#13070);
+ Sort the GPOs in the correct order; (bso#13046);
+ 'smbd' uses a lot of CPU on startup of a connection; (bso#12973);
+ Fix str[n]casecmp_m() by comparing lower case values; (bso#13018);
+ Can't change password in Samba from a windows client if Samba runs on
IPv6 only interface; (bso#13079);
+ Fix file change notification for renames; (bso#12903);
+ Avoid a socket leak after fork; (bso#13006);
+ Fix a potential memleak; (bso#13090);
+ Fix passing of errno from async calls; (bso#12983);
+ Fix segfault when running with log level 10; (bso#13032);
+ Do not report an invalid range for AD DC role; (bso#12629);
+ Print the kinit failed message with DBGLVL_NOTICE; (bso#12704);
+ Fix changing passwords with Kerberos; (bso#12956);
+ Fix changing the password with 'smbpasswd' as a local user on a domain
member; (bso#12975);
+ Fix a read after free if a chained SMB1 call goes async; (bso#12836);
+ CVE-2017-12163: Prevent client short SMB1 write from writing server memory
to file; (bso#13020);
+ Let non_widelink_open() chdir() to directories directly; (bso#12885);
+ CVE-2017-12151: Keep required encryption across SMB3 dfs redirects;
(bso#12996);
+ CVE-2017-12150: Some code path don't enforce smb signing when they should;
(bso#12997);
-------------------------------------------------------------------
Mon Oct 23 15:10:32 UTC 2017 - dimstar@opensuse.org
- Add samba-kdc to baselibs.conf.
- Do not wrap samba-kdc's package definition into if/endif: the
package won't be generated simply based on the fact that there is
no files section for the package. Allows the source validator to
ensure samba-kdc is a built package.
-------------------------------------------------------------------
Thu Sep 28 11:25:54 UTC 2017 - scabrero@suse.com
- Update to 4.7.0;
+ Whole DB read locks: Improved LDAP and replication consistency;
(bso#12858).
+ Samba AD with MIT Kerberos
+ Dynamic RPC port range: Default range changed from "1024-1300" to
"49152-65535".
+ Authentication and Authorization audit support: New auth_audit debug
class.
+ Multi-process LDAP Server: The LDAP server in the AD DC now honours
the process model used for the rest of the 'samba' process.
+ Improved Read-Only Domain Controller (RODC) Support; (bso#12977).
+ Additional password hashes stored in supplementalCredentials.
+ Improvements to DNS during Active Directory domain join.
+ Significant AD performance and replication improvements.
+ Query record for open file or directory.
+ Removal of lpcfg_register_defaults_hook().
+ Change of loadable module interface.
+ SHA256 LDAPS Certificates: The self-signed certificate generated for use
on LDAPS will now be generated with a SHA256 self-signature, not a SHA1
self-signature.
+ CTDB no longer allows mixed minor versions in a cluster.
+ CTDB now ignores hints from Samba about TDB flags when attaching to
databases.
+ New configuration variable CTDB_NFS_CHECKS_DIR.
+ The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed.
+ The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed.
+ The example NFS Ganesha call-out has been improved.
+ A new "replicated" database type is available.
-------------------------------------------------------------------
Fri Sep 22 13:51:41 UTC 2017 - scabrero@suse.de
- Fix GUID string format on GetPrinter info request; (bso#12993);
(bsc#1050707).
-------------------------------------------------------------------
Thu Sep 14 20:41:11 UTC 2017 - aaptel@suse.com
- CVE-2017-12163: Prevent client short SMB1 write from
writing server memory to file; (bso#13020); (bsc#1058624).
-------------------------------------------------------------------
Thu Sep 14 19:03:56 UTC 2017 - nopower@suse.com
- CVE-2017-12150: Some code path don't enforce smb signing,
when they should; (bso#12997); (bsc#1058622).
-------------------------------------------------------------------
Thu Sep 14 14:39:37 UTC 2017 - nopower@suse.com
- CVE-2017-12151: Keep required encryption across SMB3 dfs
redirects; (bso#12996); (bsc#1058565).
-------------------------------------------------------------------
Thu Aug 31 08:31:51 UTC 2017 - aaptel@suse.com
- Clean specfile assuming SUSE-only system and product >=SLE11
+ %{ul_version}, %{rhel_version}, %{mandriva_version}, %{centos_version}
are always undefined
+ %{_vendor} is "suse" and %{suse_version} is at least 1100
-------------------------------------------------------------------
Wed Aug 16 11:33:36 UTC 2017 - ddiss@suse.com
- Update to 4.6.7; (bsc#1054017)
+ Joining a Huawai storage fails: empty CLDAP ping answer; (bso#11392).
+ smbcacls can fail against a directory on Windows using SMB2.; (bso#12937).
+ vfs_ceph provides inconsistent directory listings; (bso#12911).
+ Misused talloc context can cause a user to crash their smbd by chaining
SMB1 commands.; (bso#12836).
+ Use-after free can crash libsmbclient code.; (bso#12927).
+ Server exit with active AIO can crash.; (bso#12925).
+ Ensure notifyd doesn't return from smbd_notifyd_init; (bso#12910).
+ fd leak to ctdb sub-processes leads to SELinux AVC denial in audit logs;
(bso#12898).
+ vfs_fruit shouldn't send MS NFS ACEs to Windows clients; (bso#12897).
+ smbspool_krb5_wrapper does not tell CUPS that it requires negotiate for
authentication; (bso#12886).
+ finder sidebar showing question mark instead of icon when using ip to
connect with vfs_fruit; (bso#12840).
+ Winbind stops obtaining the 'unixHomeDirectory' & 'loginShell' attributes
from AD.; (bso#12720).
+ KCC run at selftest startup can fail spuriously due to a race;
(bso#12869).
+ winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for
the remote change; (bso#12782).
+ rpc_pipe_client memory leaks due to long term memory context passed to
rpc_pipe_open_interface(); (bso#12890).
+ CVE-2017-2619 breaks accessing previous versions of directories with
snapshots in subdirectories of the share; (bso#12885).
+ dns_name_equal doing OOB read; (bso#12813).
+ replica_sync tests flap; (bso#12753).
+ Selftest should not call 'net cache flush' and wipe important winbind
entries; (bso#12868).
+ Old Samba versions don't support using recent ldb versions (>=1.1.30);
(bso#12859).
+ pam_winbind fails with kerberos method = secrets and keytab; (bso#10490).
+ race starting winbindd against posixacl test; (bso#12843).
+ Crash in the reentrant smbd_smb2_create_send() if the something fails in
the subsequent try; (bso#12832).
+ spnego.c passes the wrong argument order to gensec_update_ev() for the
FALLBACK case; (bso#12788).
+ Clients with SMB3 support can't connect with
"server max protocol = SMB2_02"; (bso#12772).
+ A log message of samb-tool user syncpasswords reverses string arguments in
a debug message "Call Popen[...".; (bso#12768).
+ The smb tarmode tests kills the share dir contents; (bso#12867).
+ Fix for a bug in MacOS X Sierra NTLMv2 processing; (bso#12862).
+ CVE-2017-2619 regression with non-wide symlinks to directories; (bso#12860).
+ manpage/index.html lists links not in alphabetical order; (bso#12854).
+ smbcacls got error NT_STATUS_NETWORK_NAME_DELETED; (bso#12831).
+ If a record is locked in a database, then recovery does not complete;
(bso#12857).
+ debug_locks.sh script does not log any information; (bso#12856).
+ SIGSEGV in cm_connect_lsa_tcp dereferencing conn->lsa_tcp_pipe->transport
after error; (bso#12852).
+ smbclient can't parse DOMAIN+username if a different winbind separator is
used; (bso#12849).
+ Related requests with SessionSetup fail with INTERNAL_ERROR; (bso#12845).
+ Related requests with TreeConnect fail with NETWORK_NAME_DELETED;
(bso#12844).
+ cli->server_os not filled correctly; (bso#12779).
+ REGRESSION: smbclient doesn't print the session setup anymore;
(bso#12824).
+ smblcient doesn't handle STATUS_NOT_SUPPORTED gracefully for
FSCTL_VALIDATE_NEGOTIATE_INFO; (bso#12808).
+ CTDB NFS call-out failures do not cause event failures; (bso#12837).
+ net command fails due to incorrectly return code; (bso#12828).
+ Fix building Samba with GCC 7.1; (bso#12827).
-------------------------------------------------------------------
Tue Aug 8 12:58:56 UTC 2017 - dmulder@suse.com
- Fix duplicate CTDB_LOGGING params when downgraded and upgraded again;
(bsc#1048339).
-------------------------------------------------------------------
Mon Jul 24 13:34:55 UTC 2017 - ddiss@suse.com
- fix cephwrap_chdir(); (bsc#1048790).
- Update to 4.6.6
+ CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation;
(bsc#1048278).
-------------------------------------------------------------------
Thu Jul 13 21:13:21 UTC 2017 - dmulder@suse.com
- Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb; (bsc#1048339).
-------------------------------------------------------------------
Wed Jul 12 22:30:48 UTC 2017 - ddiss@suse.com
- Fix inconsistent ctdb socket path; (bsc#1048352).
- Fix non-admin cephx authentication; (bsc#1048387).
-------------------------------------------------------------------
Wed Jun 7 14:31:47 UTC 2017 - ddiss@suse.com
- Update to 4.6.5; (bsc#1040157)
+ Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at
startup; (bso#12814).
+ vfs_expand_msdfs tries to open the remote address as a file path;
(bso#12687).
+ PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type);
(bso#12798).
+ With clustering get update_num_read_oplocks failed and PANIC:
num_share_modes == 1 assertion failure; (bso#11844).
+ contend_level2_oplocks_begin_default oplock optimisation doesn't carry
over to leases; (bso#12766).
+ `ctdb nodestatus` incorrectly displays status for all nodes with wrong
exit code; (bso#12802).
+ CTDB can spin hard on revoking readonly delegations if a node becomes
disconnected; (bso#12697).
+ Printing a share mode entry with leases can crash in the ndr code;
(bso#12793).
+ Fix flakey unit tests for eventd; (bso#12792).
+ CTDB daemon crashes if built with clang; (bso#12770).
+ smbcacls fails if no password is specified; (bso#12765).
+ idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757).
+ samba-tool user syncpasswords doesn't trigger the script when a user gets
removed; (bso#12767).
+ systemd: fix detection of libsystemd; (bso#12764).
+ Notify subsystem only maps first inotify mask to Windows notify filter;
(bso#12760).
+ Allow passing trusted domain password as plain-text to PASSDB layer;
(bso#12751).
+ Can't case-rename files with vfs_fruit; (bso#12749).
+ wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702).
+ vfs_acl_common should force "create mask = 0777", not 0666; (bso#12562).
+ Ordering of notify responses broken; (bso#12756).
-------------------------------------------------------------------
Wed Jun 7 13:17:24 UTC 2017 - nopower@suse.com
- s3: libsmb: Fix error where short name length was read as 2
bytes, should be 1; (bso#11822); (bsc#1042419).
-------------------------------------------------------------------
Mon May 29 16:03:52 UTC 2017 - ddiss@suse.com
- Revert explicit winbind %{version}-%{release} dependency.
+ The ABI has stabilized since (bsc#936909), so remove to fix cross-media
dependencies; (bsc#1037899).
-------------------------------------------------------------------
Mon May 22 15:54:05 UTC 2017 - ddiss@suse.com
- Fix CVE-2017-7494 remote code execution from a writable share;
(bso#12780); (bsc#1038231).
-------------------------------------------------------------------
Tue Apr 25 15:28:16 UTC 2017 - ddiss@suse.com
- Update to 4.6.3; (bsc#1036011)
+ s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots
from shares with GlusterFS backend; (bso#12743).
+ Fix for Solaris C compiler; (bso#12559).
+ s3: locking: Update oplock optimization for the leases era; (bso#12628).
+ Make the Solaris C compiler happy; (bso#12693).
+ s3: libgpo: Allow skipping GPO objects that don't have the
expected LDAP attributes; (bso#12695).
+ Fix buffer overflow caused by wrong use of getgroups; (bso#12747).
+ lib: debug: Avoid negative array access; (bso#12746).
+ cleanupdb: Fix a memory read error; (bso#12748).
+ streams_xattr and kernel oplocks results in
NT_STATUS_NETWORK_BUSY; (bso#7537).
+ winbindd: idmap_autorid allocates ids for unknown SIDs from other
backends; (bso#11961).
+ vfs_fruit: Resource fork open request with
flags=O_CREAT|O_RDONLY; (bso#12565).
+ manpages/vfs_fruit: Document global options; (bso#12615).
+ lib/pthreadpool: Fix a memory leak; (bso#12624).
+ Lookup-domain for well-known SIDs on a DC; (bso#12727).
+ winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728).
+ winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729).
+ credentials_krb5: use gss_acquire_cred for client-side GSSAPI
use case; (bso#12611).
+ lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690).
+ ctdb-readonly: Avoid a tight loop waiting for revoke to
complete; (bso#12697).
+ ctdb_event monitor command crashes if event is not specified;
(bso#12723).
+ ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733).
+ smbd: Fix smb1 findfirst with DFS; (bso#12558).
+ smbd: Do an early exit on negprot failure; (bso#12610).
+ winbindd: Fix substitution for 'template homedir'; (bso#12699).
+ s4:kdc: Disable principal based autodetected referral detection;
(bso#12554).
+ idmap_autorid: Allocate new domain range if the callers knows
the sid is valid; (bso#12613).
+ LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724).
+ PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for
trusted domain; (bso#12725).
+ rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731).
+ winbindd: Fix password policy for pam authentication; (bso#12725).
+ s3:gse: Correctly handle external trusts with MIT; (bso#12554).
+ auth/credentials: Always set the realm if we set the principal
from the ccache; (bso#12611).
+ replace: Include sysmacros.h; (bso#12686).
+ s3:vfs_expand_msdfs: Do not open the remote address as a file;
(bso#12687).
+ s3:libsmb: Only print error message if kerberos use is forced;
(bso#12704).
+ winbindd: Child process crashes when kerberos-authenticating
a user with wrong password; (bso#12708).
+ vfs_fruit: Office document opens as read-only on macOS due to
CNID semantics; (bso#12715).
+ vfs_acl_xattr: Fix failure to get ACL on Linux if memory is
fragmented; (bso#12737).
-------------------------------------------------------------------
Tue Apr 25 13:46:20 UTC 2017 - ddiss@suse.com
- Generate and update vendor-files tarball from Git
+ SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416).
-------------------------------------------------------------------
Tue Apr 18 13:38:11 UTC 2017 - ddiss@suse.com
- Generate source tarball directly from Git using OBS tar_scm
+ use version string derived from parent Git tag and commit hash
- remove obsolete vendor-files/tools/package-data version ID
+ explicitly generate ctdb manpages, needed without "make dist"
-------------------------------------------------------------------
Mon Apr 10 13:52:40 UTC 2017 - ddiss@suse.com
- Update to 4.6.2
+ remove bso#12721 patches now upstream
-------------------------------------------------------------------
Fri Apr 7 12:59:26 UTC 2017 - ddiss@suse.com
- Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622).
+ x86-64 and aarch64
-------------------------------------------------------------------
Mon Apr 3 14:01:25 UTC 2017 - ddiss@suse.com
- Enable librados CTDB lock helper for samba-ceph package; (fate#321622).
-------------------------------------------------------------------
Thu Mar 30 17:18:54 UTC 2017 - dmulder@suse.com
- Build and install the html man pages (bsc#1021907).
-------------------------------------------------------------------
Thu Mar 30 12:33:39 UTC 2017 - nopower@suse.com
- Fix CVE-2017-2619 regression with "follow symlinks = no";
(bso#12721).
-------------------------------------------------------------------
Wed Mar 22 13:15:12 UTC 2017 - jmcdonough@suse.com
- Update to 4.6.1
+ symlink race permits opening files outside share directory;
CVE-2017-2619; (bso#12496); (bsc#1027147)
+ testparm checks for valid idmap parameters
+ add new krb client encryption types
+ support for printer driver upload from windows 10
+ inherit owner = 'unix only' for improved quota support
+ improved CTDB event support
+ new primary group support for idmap_ad
+ idmap_hash deprecated
+ mvxattr added to recursively rename extended attributes
-------------------------------------------------------------------
Wed Mar 15 11:50:50 UTC 2017 - aaptel@suse.com
- Remove chkconfig requirements for systemd systems
-------------------------------------------------------------------
Mon Mar 13 15:14:58 UTC 2017 - kukuk@suse.com
- Don't call insserv if systemd is used
-------------------------------------------------------------------
Fri Feb 10 23:00:14 CET 2017 - kukuk@suse.de
- Fix check if we need to require insserv
-------------------------------------------------------------------
Thu Feb 9 15:23:21 UTC 2017 - nopower@suse.com
- async_req: make async_connect_send() "reentrant";
(bso#12105); (bsc#1024416).
-------------------------------------------------------------------
Mon Feb 6 18:35:29 UTC 2017 - aaptel@suse.com
- Force usage of ncurses6-config thru NCURSES_CONFIG env var;
(bsc#1023847).
-------------------------------------------------------------------
Thu Jan 26 21:23:06 UTC 2017 - dmulder@suse.com
- add missing patch for libnss_wins segfault; (bsc#995730).
-------------------------------------------------------------------
Wed Jan 25 17:20:31 UTC 2017 - ddiss@suse.com
- Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933).
-------------------------------------------------------------------
Mon Jan 23 21:44:03 UTC 2017 - dmulder@suse.com
- Document "winbind: ignore domains" parameter; (bsc#1019416).
-------------------------------------------------------------------
Thu Jan 19 19:19:07 UTC 2017 - ddiss@suse.com
- Add base Samba dependency to samba-ceph package.
-------------------------------------------------------------------
Mon Dec 19 19:11:20 UTC 2016 - jmcdonough@suse.com
- Update to 4.5.3
+ Heap-based Buffer Overflow Remote Code Execution Vulnerability;
CVE-2016-2123; (bso#12409); (bsc#1014437).
+ Don't send delegated credentials to all servers; CVE-2016-2125;
(bso#12445); (bsc#1014441).
+ denial of service due to a client triggered crash in the winbindd
parent process; CVE-2016-2126; (bso#12446); (bsc#1014442).
- 4.5.1 and 4.5.2 updates
+ various streams vfs fixes
+ various printing fixes
+ ntlm_auth: do not map explicitly empty domain
+ various stability fixes in smbd
+ match file compression ReFS behavior
-------------------------------------------------------------------
Fri Dec 2 13:15:50 UTC 2016 - nopower@suse.com
- Add missing ldb module directory; (bnc#1012092).
-------------------------------------------------------------------
Thu Nov 17 08:33:07 UTC 2016 - nopower@suse.com
- s3/client: obey 'disable netbios' smb.conf param, don't
connect via NBT port; (bsc#1009085); (bso#12418).
-------------------------------------------------------------------
Mon Sep 26 17:55:13 UTC 2016 - nopower@suse.com
- Include vfstest in samba-test; (bsc#1001203).
-------------------------------------------------------------------
Wed Sep 21 08:55:37 UTC 2016 - nopower@suse.com
- s3/winbindd: using default domain with user@domain.com format
fails; (bsc#997833).
-------------------------------------------------------------------
Tue Sep 20 18:25:21 UTC 2016 - jmcdonough@suse.com
- Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730).
-------------------------------------------------------------------
Wed Sep 14 09:03:18 UTC 2016 - jmcdonough@suse.com
- Update to 4.5.0
+ NTLM1 Authentication disabled by default
+ SMB2.1 leases enabled by default
+ Support for OFD locks
+ ctdb tool rewritten
+ Added shadow copy snapshot prefix parameter
-------------------------------------------------------------------
Tue Aug 30 09:47:01 UTC 2016 - nopower@suse.com
- Fix illegal memory access after memory has been deleted;
(bso#11836); (bsc#975299).
-------------------------------------------------------------------
Mon Aug 29 10:25:40 UTC 2016 - nopower@suse.com
- Prevent core, make sure response->extra_data.data is always
cleared out; (bsc#993692).
-------------------------------------------------------------------
Mon Aug 15 14:54:14 UTC 2016 - ddiss@suse.com
- Don't package man pages for VFS modules that aren't built;
(boo#993707).
-------------------------------------------------------------------
Sat Aug 13 14:41:26 UTC 2016 - jmcdonough@suse.com
- Fix population of ctdb sysconfig after source merge; (bsc#981566).
-------------------------------------------------------------------
Fri Aug 12 16:22:33 UTC 2016 - ddiss@suse.com
- Enable vfs_ceph builds for Factory (x86-64)
+ Package as samba-ceph to avoid Ceph dependency in base package.
-------------------------------------------------------------------
Thu Jul 7 15:20:14 UTC 2016 - jmcdonough@suse.com
- Update to 4.4.5
+ Prevent client-side SMB2 signing downgrade; CVE-2016-2119;
(bso#11860); (bsc#986869).
-------------------------------------------------------------------
Wed Jun 22 10:49:02 UTC 2016 - jmcdonough@suse.com
- Remove obsolete syslog.target; (bsc#983938).
-------------------------------------------------------------------
Tue Jun 14 17:49:59 UTC 2016 - jmcdonough@suse.com
- Honor smb.conf socket options in winbind; (bsc#975131).
-------------------------------------------------------------------
Thu Jun 9 17:12:14 UTC 2016 - jmcdonough@suse.com
- Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522).
-------------------------------------------------------------------
Thu Jun 9 12:46:18 UTC 2016 - jmcdonough@suse.com
- Update to 4.4.4
+ SMB3 multichannel: Add implementation of missing channel sequence
number verification; (bso#11809).
+ smbd:close: Only remove kernel share modes if they had been
taken at open; (bso#11919).
+ notifyd: Prevent NULL deref segfault in notifyd_peer_destructor;
(bso#11930).
+ s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796).
+ Fix case sensitivity issues over SMB2 or above; (bso#11438).
+ s3:smbd: Fix anonymous authentication if signing is mandatory.
(bso#11910)
+ Fix NTLM Authentication issue with squid; (bso#11914).
+ pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530).
+ Fix memory leak in share mode locking; (bso#11934).
-------------------------------------------------------------------
Thu May 19 10:06:40 UTC 2016 - jmcdonough@suse.com
- Update to 4.4.3
+ Various post-badlock regressions; (bso#11841); (bso#11850);
(bso#11858); (bso#11870); (bso#11872).
+ Only allow idmap_hash for default idmap config (bso#11786).
+ smbd: Avoid large reads beyond EOF; (bso#11878).
+ vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls"
is set; (bso#11806).
+ libads: Record session expiry for spnego sasl binds; (bso#11852).
-------------------------------------------------------------------
Tue May 3 13:03:47 UTC 2016 - jmcdonough@suse.com
- Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849);
(bsc#975962); (bsc#979268), (bsc#977669).
-------------------------------------------------------------------
Thu Apr 28 22:48:17 UTC 2016 - jmcdonough@suse.com
- Revert shared library packaging to comply with SLPP
-------------------------------------------------------------------
Sat Apr 9 21:36:02 UTC 2016 - jmcdonough@suse.com
- Update to 4.4.2
+ A man-in-the-middle can downgrade NTLMSSP authentication;
CVE-2016-2110; (bso#11688); (bsc#973031).
+ Domain controller netlogon member computer can be spoofed;
CVE-2016-2111; (bso#11749); (bsc#973032).
+ LDAP conenctions vulnerable to downgrade and MITM attack;
CVE-2016-2112; (bso#11644); (bsc#973033).
+ TLS certificate validation missing; CVE-2016-2113; (bso#11752);
(bsc#973034).
+ Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115;
(bso#11756); (bsc#973036).
+ "Badlock" DCERPC impersonation of authenticated account possible;
CVE-2016-2118; (bso#11804); (bsc#971965).
+ DCERPC server and client vulnerable to DOS and MITM attacks;
CVE-2015-5370; (bso#11344); (bsc#936862).
-------------------------------------------------------------------
Fri Apr 8 10:23:22 UTC 2016 - nopower@suse.com
- Fix samba.tests.messaging test and prevent potential tdb corruption
by removing obsolete now invalid tdb_close call; (bsc#974629).
-------------------------------------------------------------------
Tue Mar 22 17:36:01 UTC 2016 - lmuelle@suse.com
- Obsolete libsmbclient from libsmbclient0 while not providing it;
(bsc#972197).
-------------------------------------------------------------------
Tue Mar 22 14:00:05 UTC 2016 - lmuelle@suse.com
- Update to 4.4.0.
+ Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686);
CVE-2016-0771.
+ Getting and setting Windows ACLs on symlinks can change permissions on link
target; (bso#11648); CVE-2015-7560.
+ Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543.
+ s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem
with no ACL support; (bso#10489).
+ docs: Add example for domain logins to smbspool man page; (bso#11643).
+ smbd: Show correct disk size for different quota and dfree block sizes;
(bso#11681).
+ docs: Add smbspool_krb5_wrapper manpage; (bso#11690).
+ winbindd: Return trust parameters when listing trusts; (bso#11691).
+ ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696).
+ Crypto.Cipher.ARC4 is not available on some platforms, fallback to
M2Crypto.RC4.RC4 then; (bso#11699).
+ s3:utils/smbget: Set default blocksize; (bso#11700).
+ Streamline 'smbget' options with the rest of the Samba utils; (bso#11700).
+ s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702).
+ s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703).
+ loadparm: Fix memory leak issue; (bso#11708).
+ lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
+ s3:vfs:glusterfs: Fix build after quota changes; (bso#11715).
+ ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719).
+ lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723).
+ smbd: Fix CID 1351215 Improper use of negative value; (bso#11724).
+ smbd: Fix CID 1351216 Dereference null return value; (bso#11725).
+ s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new
file; (bso#11727).
+ docs: Add manpage for cifsdd; (bso#11730).
+ param: Fix str_list_v3 to accept ; again; (bso#11732).
+ lib/socket: Fix improper use of default interface speed; (bso#11734).
+ lib:socket: Fix CID 1350009: Fix illegal memory accesses
(BUFFER_SIZE_WARNING); (bso#11735).
+ libcli: Fix debug message, print sid string for new_ace trustee;
(bso#11738).
+ Fix installation path of Samba helper binaries; (bso#11739).
+ Fix memory leak in loadparm; (bso#11740).
+ tevent: version 0.9.28: Fix memory leak when old signal action restored;
(bso#11742).
+ smbd: Ignore SVHDX create context; (bso#11753).
+ Fix net join; (bso#11755).
+ s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add;
(bso#11755).
+ passdb: Add linefeed to debug message; (bso#11763).
+ s3:utils/smbget: Fix option parsing; (bso#11767).
+ libnet: Make Kerberos domain join site-aware; (bso#11769).
+ Reset TCP Connections during IP failover; (bso#11770).
+ ldb: Version 1.1.26; (bso#11772).
+ s3:smbd: Add negprot remote arch detection for OSX; (bso#11773).
+ vfs_glusterfs: Fix use after free in AIO callback; (bso#11774).
+ mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780).
+ "trustdom_list_done: Got invalid trustdom response" message should be
avoided; (bso#11782).
+ Mismatch between local and remote attribute ids lets replication fail with
custom schema; (bso#11783).
+ Quota is not supported on Solaris 10; (bso#11788).
+ Talloc: Version 2.1.6; (bso#11789).
+ smbd: Enable multi-channel if 'server multi channel support = yes' in the
config; (bso#11796).
+ build: Fix build when '--without-quota' specified; (bso#11798).
+ lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802).
+ Access based share enum: handle permission set in configuration files;
(bso#8093).
+ See also WHATSNEW.txt from the samba-doc package.
-------------------------------------------------------------------
Sun Mar 6 16:23:02 UTC 2016 - jmcdonough@suse.com
- Update to 4.3.6.
+ Getting and setting Windows ACLs on symlinks can change permissions on link
target; CVE-2015-7560; (bso#11648); (bsc#968222).
+ Fix Out-of-bounds read in internal DNS server; CVE-2016-0771;
(bso#11128); (bso#11686); (bsc#968223).
-------------------------------------------------------------------
Thu Mar 3 11:37:35 UTC 2016 - nopower@suse.com
- Upgrade on-disk FSRVP server state to new version; (bsc#924519).
-------------------------------------------------------------------
Tue Mar 1 18:03:17 UTC 2016 - lmuelle@suse.com
- Only obsolete but do not provide gplv2/3 package names; (bsc#968973).
-------------------------------------------------------------------
Tue Mar 1 17:28:09 UTC 2016 - lmuelle@suse.com
- Relocate existing lock files to /var/lib/samba/lock; (bsc#968963).
-------------------------------------------------------------------
Thu Feb 25 10:16:06 UTC 2016 - lmuelle@suse.com
- Obsolete no longer existing samba-32bit package; (bsc#967625).
-------------------------------------------------------------------
Tue Feb 23 09:47:53 UTC 2016 - lmuelle@suse.com
- Update to 4.3.5.
+ s3:utils/smbget: Fix recursive download; (bso#6482).
+ s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi
with no ACL support; (bso#10489).
+ s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks;
(bso#11400).
+ vfs_shadow_copy2: Fix case where snapshots are outside the share;
(bso#11580).
+ smbclient: Query disk usage relative to current directory; (bso#11662).
+ winbindd: Handle expired sessions correctly; (bso#11670).
+ smbd: Show correct disk size for different quota and dfree block sizes;
(bso#11681).
+ smbcacls: Fix uninitialized variable; (bso#11682).
+ s3:smbd: Ignore initial allocation size for directory creation;
(bso#11684).
+ s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).
+ s3-parm: Clean up defaults when removing global parameters; (bso#11693).
+ Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699).
+ s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703).
+ ctdb: Remove error messages after kernel security update; CVE-2015-8543;
(bso#11705).
+ loadparm: Fix memory leak issue; (bso#11708).
+ lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
+ ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ...";
(bso#11719).
+ s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new
file; (bso#11727).
+ param: Fix str_list_v3 to accept ";" again; (bso#11732).
-------------------------------------------------------------------
Mon Feb 22 16:16:32 UTC 2016 - lmuelle@suse.com
- Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361).
-------------------------------------------------------------------
Wed Feb 17 17:44:10 UTC 2016 - lmuelle@suse.com
- Simplify shared library packaging; (bsc#966956).
-------------------------------------------------------------------
Sun Feb 14 18:41:34 UTC 2016 - lmuelle@suse.com
- Enable clustering (CTDB) support; (bsc#966271).
-------------------------------------------------------------------
Fri Feb 12 17:41:03 UTC 2016 - lmuelle@suse.com
- s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703);
(bsc#964023).
-------------------------------------------------------------------
Fri Jan 15 21:58:31 UTC 2016 - lmuelle@suse.com
- Add quotes around path of update-apparmor-samba-profile; (bnc#962177).
-------------------------------------------------------------------
Wed Jan 13 21:25:05 UTC 2016 - lmuelle@suse.com
- Remove autoconf build-time requirement.
-------------------------------------------------------------------
Wed Jan 13 10:23:56 UTC 2016 - lmuelle@suse.com
- Update to 4.3.4.
+ vfs_fruit: Enable POSIX directory rename semantics; (bso#11065).
+ Crash: Bad talloc magic value - access after free; (bso#11394).
+ Copying files with vfs_fruit fails when using vfs_streams_xattr without
stream prefix and type suffix; (bso#11466).
+ samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given;
(bso#11613).
+ Fix a typo in the smb.conf manpage, explanation of idmap config;
(bso#11619).
+ Correctly initialize the list head when keeping a list of primary followed
by DFS connections; (bso#11624).
+ Reduce the memory footprint of empty string options; (bso#11625).
+ lib/async_req: Do not install async_connect_send_test; (bso#11639).
+ Fix typos in man vfs_gpfs; (bso#11641).
+ Make "hide dot files" option work with "store dos attributes = yes";
(bso#11645).
+ Fix a corner case of the symlink verification; (bso#11647); (bnc#960249).
+ Do not disable "store dos attributes" on-the-fly; (bso#11649).
+ Update lastLogon and lastLogonTimestamp; (bso#11659).
-------------------------------------------------------------------
Mon Jan 11 19:16:46 UTC 2016 - lmuelle@suse.com
- Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249).
-------------------------------------------------------------------
Fri Dec 11 16:49:16 UTC 2015 - lmuelle@suse.com
- Update to 4.3.3.
+ Malicious request can cause Samba LDAP server to hang, spinning using CPU;
CVE-2015-3223; (bso#11325); (bnc#958581).
+ Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599);
(bnc#958586).
+ Insufficient symlink verification (file access outside the share);
CVE-2015-5252; (bso#11395); (bnc#958582).
+ No man in the middle protection when forcing smb encryption on the client
side; CVE-2015-5296; (bso#11536); (bnc#958584).
+ Currently the snapshot browsing is not secure thru windows previous version
(shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583).
+ Fix Microsoft MS15-096 to prevent machine accounts from being changed into
user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).
-------------------------------------------------------------------
Tue Dec 1 16:48:13 UTC 2015 - lmuelle@suse.com
- Update to 4.3.2.
+ vfs_gpfs: Re-enable share modes; (bso#11243).
+ dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327).
+ s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute
type of zero; (bso#11452).
+ Add libreplace dependency to texpect, fixes a linking error on Solaris;
(bso#11511).
+ s4: Fix linking of 'smbtorture' on Solaris; (bso#11512).
+ s4:lib/messaging: Use correct path for names.tdb; (bso#11562).
+ Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins;
(bso#11563).
+ async_req: Fix non-blocking connect(); (bso#11564).
+ auth: gensec: Fix a memory leak; (bso#11565).
+ lib: util: Make non-critical message a warning; (bso#11566).
+ Fix winbindd crashes with samlogon for trusted domain user; (bso#11569);
(bnc#949022).
+ smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).
+ ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577).
+ s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer;
(bso#11581).
+ s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581).
+ manpage: Correct small typo error; (bso#11584).
+ s3: smbd: If EAs are turned off on a share don't allow an SMB2 create
containing them; (bso#11589).
+ Backport some valgrind fixes from upstream master; (bso#11597).
+ auth: Consistent handling of well-known alias as primary gid; (bso#11608).
+ winbind: Fix crash on invalid idmap configs; (bso#11612).
+ s3: smbd: have_file_open_below() fails to enumerate open files below an
open directory handle; (bso#11615).
+ Changing log level of two entries to DBG_NOTICE; (bso#9912).
-------------------------------------------------------------------
Mon Nov 16 16:27:49 UTC 2015 - nopower@suse.com
- Ensure samlogon fallback requests are rerouted after kerberos failure;
(bnc#953382); (bnc#953972).
-------------------------------------------------------------------
Sat Nov 14 18:31:04 UTC 2015 - lmuelle@suse.com
- Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0.
- Always use the default optimization even on pre-9.2 systems.
-------------------------------------------------------------------
Sat Nov 14 18:10:01 UTC 2015 - lmuelle@suse.com
- Remove redundant configure options while adding with-relro.
-------------------------------------------------------------------
Sat Nov 14 17:44:24 UTC 2015 - lmuelle@suse.com
- Relocate the lockdir to the /var/lib/samba/lock directory.
-------------------------------------------------------------------
Sat Nov 14 16:59:09 UTC 2015 - lmuelle@suse.com
- Cleanup and enhance the pidl sub package.
-------------------------------------------------------------------
Thu Oct 22 22:09:19 UTC 2015 - lmuelle@suse.com
- Require renamed python-ldb-devel and python-talloc-devel at build-time.
- Requires python-ldb and python-talloc from the python subpackage.
-------------------------------------------------------------------
Wed Oct 21 10:51:58 UTC 2015 - lmuelle@suse.com
- Update to 4.3.1.
+ s3: smbd: Fix our access-based enumeration on "hide unreadable" to match
Windows; (bso#10252).
+ nss_winbind: Fix hang on Solaris on big groups; (bso#10365).
+ smbd: Fix file name buflen and padding in notify repsonse; (bso#10634).
+ kerberos: Make sure we only use prompter type when available;
winbind: Fix 100% loop; (bso#11038).
+ source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053).
+ s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket;
(bso#11316).
+ s3: smbd: Fix mkdir race condition; (bso#11486).
+ pam_winbind: Fix a segfault if initialization fails; (bso#11502).
+ s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509).
+ s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related
subdirs; (bso#11515).
+ s3: smbd: Fix opening/creating :stream files on the root share directory;
(bso#11522).
+ lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526).
+ net: Fix a crash with 'net ads keytab create'; (bso#11528).
+ s3: smbd: Fix a crash in unix_convert(); (bso#11535).
+ s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix
(bso#11522); (bso#11535).
+ vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543).
+ vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547).
+ s3:locking: Initialize lease pointer in share_mode_traverse_fn();
(bso#11549).
+ s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550).
+ s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555).
+ s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names
is incorrect; (bso#11555).
-------------------------------------------------------------------
Fri Oct 16 11:39:35 UTC 2015 - lmuelle@suse.com
- Fix 100% CPU in winbindd when logging in with "user must change password on
next logon"; (bso#11038).
-------------------------------------------------------------------
Fri Sep 25 15:23:47 UTC 2015 - lmuelle@suse.com
- Relocate the tmpfiles.d directory to the client package; (bnc#947552).
-------------------------------------------------------------------
Tue Sep 22 13:13:02 UTC 2015 - lmuelle@suse.com
- Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf
instead; (bnc#942716).
-------------------------------------------------------------------
Wed Sep 16 13:06:36 UTC 2015 - lmuelle@suse.com
- Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051).
-------------------------------------------------------------------
Fri Sep 11 15:53:45 UTC 2015 - lmuelle@suse.com
- Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502).
-------------------------------------------------------------------
Wed Sep 9 10:57:52 UTC 2015 - lmuelle@suse.com
- Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15
systems; (bnc#945013).
-------------------------------------------------------------------
Tue Sep 8 16:40:50 UTC 2015 - lmuelle@suse.com
- Update to 4.3.0.
+ Samba "map to guest = Bad uid" doesn't work; (bso#9862).
+ revert LDAP extended rule 1.2.840.113556.1.4.1941
LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493).
+ No objectClass found in replPropertyMetaData on ordinary objects
(non-deleted); (bso#10973).
+ Stream names with colon don't work with fruit:encoding = native;
(bso#11278).
+ NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291).
+ tevent_fd needs to be destroyed before closing the fd; (bso#11316).
+ "force group" with local group not working; (bso#11320).
+ strsep is not available on Solaris; (bso#11359).
+ smbtorture does not build when configured --with-system-mitkrb5;
(bso#11411).
+ Build with GPFS support is broken; (bso#11421).
+ Build broken with --disable-python; (bso#11424).
+ net share allowedusers crashes; (bso#11426).
+ nmbd incorrectly matches netbios names as own name; (bso#11427).
+ Python bindings don't check integer types; (bso#11429).
+ Python bindings don't check array sizes; (bso#11430).
+ CTDB's eventscript error handling is broken; (bso#11431).
+ Fix crash in nested ctdb banning; (bso#11432).
+ Cannot build ctdbpmda; (bso#11434).
+ samba-tool uncaught exception error; (bso#11436).
+ Crash in notify_remove caused by change notify = no; (bso#11444).
+ Poor SMB3 encryption performance with AES-GCM; (bso#11451).
+ Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451).
+ fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455).
+ --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and
install; (bso#11458).
+ xid2sid gives inconsistent results; (bso#11464).
+ ctdb: Fix the build on FreeBSD 10.1; (bso#11465).
+ Handling of 0 byte resource fork stream; (bso#11467).
+ AD samr GetGroupsForUser fails for users with "()" in their name;
(bso#11488).
-------------------------------------------------------------------
Mon Aug 31 22:34:57 UTC 2015 - lmuelle@suse.com
- Configure with --bundled-libraries=NONE; (bso#11458).
-------------------------------------------------------------------
Fri Aug 7 12:21:57 UTC 2015 - lmuelle@suse.com
- Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284).
-------------------------------------------------------------------
Fri Jul 17 14:11:21 UTC 2015 - lmuelle@suse.com
- Remove libiniparser-devel build-time requirement.
-------------------------------------------------------------------
Tue Jul 14 11:33:07 UTC 2015 - lmuelle@suse.com
- Update to 4.2.3.
+ s4:lib/tls: Fix build with gnutls 3.4; (bso#8780).
+ s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924).
+ winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991).
+ Logon via MS Remote Desktop hangs; (bso#11061).
+ s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068).
+ tevent: Add a note to tevent_add_fd(); (bso#11141).
+ s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170).
+ s3-unix_msg: Remove socket file after closing socket fd; (bso#11217).
+ smbd: Fix a use-after-free; (bso#11218); (bnc#919309).
+ s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces;
(bso#11245).
+ s3:smb2: Add padding to last command in compound requests; (bso#11277).
+ Add IPv6 support to ADS client side LDAP connects; (bso#11281).
+ Add IPv6 support for determining FQDN during ADS join; (bso#11282).
+ s3: IPv6 enabled DNS connections for ADS client; (bso#11283).
+ Fix invalid write in ctdb_lock_context_destructor; (bso#11293).
+ Excessive cli_resolve_path() usage can slow down transmission; (bso#11295).
+ vfs_fruit: Add option "veto_appledouble"; (bso#11305).
+ tstream: Make socketpair nonblocking; (bso#11312).
+ idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313).
+ Group creation: Add msSFU30Name only when --nis-domain was given;
(bso#11315).
+ tevent_fd needs to be destroyed before closing the fd; (bso#11316).
+ Build fails on Solaris 11 with "PTHREAD_MUTEX_ROBUST undeclared";
(bso#11319).
+ smbd/trans2: Add a useful diagnostic for files with bad encoding;
(bso#11323).
+ Change sharesec output back to previous format; (bso#11324).
+ Robust mutex support broken in 1.3.5; (bso#11326).
+ Kerberos auth info3 should contain resource group ids available from
pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info
exists in PAC; (bso#11328); (bnc#912457).
+ s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329).
+ tevent: Fix CID 1035381 Unchecked return value; (bso#11330).
+ tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331).
+ s3: smbd: Use separate flag to track become_root()/unbecome_root() state;
(bso#11339).
+ s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342).
+ pidl: Make the compilation of PIDL producing the same results if the
content hasn't change; (bso#11356).
+ winbindd: Disconnect child process if request is cancelled at main
process; (bso#11358).
+ vfs_fruit: Check offset and length for AFP_AfpInfo read requests;
(bso#11363).
+ docs: Overhaul the description of "smb encrypt" to include SMB3
encryption; (bso#11366).
+ s3:auth_domain: Fix talloc problem in connect_to_domain_password_server();
(bso#11367).
+ ncacn_http: Fix GNUism; (bso#11371).
-------------------------------------------------------------------
Sun Jul 5 10:54:29 UTC 2015 - tchvatal@suse.com
- Disable rpath usage; (bnc#902421).
-------------------------------------------------------------------
Fri Jul 3 15:06:57 UTC 2015 - lmuelle@suse.com
- Make the winbind package depend on the matching libwbclient version and
vice versa; (bnc#936909).
-------------------------------------------------------------------
Tue Jun 16 14:27:28 UTC 2015 - nopower@suse.com
- Backport changes to use resource group sids obtained from pac logon_info;
(bso#11328); (bnc#912457).
-------------------------------------------------------------------
Sat Jun 6 03:41:17 UTC 2015 - crrodriguez@opensuse.org
- Order winbind.service Before and Want nss-user-lookup target.
-------------------------------------------------------------------
Fri Jun 5 16:12:47 UTC 2015 - lmuelle@suse.com
- Remove fam-devel build-time dependency for post-6 RHEL systems.
-------------------------------------------------------------------
Fri May 29 12:23:07 UTC 2015 - lmuelle@suse.com
- Update to 4.2.2.
+ s3:smbXsrv: refactor duplicate code into
smbXsrv_session_clear_and_logoff(); (bso#11182).
+ gencache: don't fail gencache_stabilize if there were records to delete;
(bso#11260).
+ s3: libsmbclient: After getting attribute server, ensure main srv pointer
is still valid; (bso#11186).
+ s4: rpc: Refactor dcesrv_alter() function into setup and send steps;
(bso#11236).
+ s3: smbd: Incorrect file size returned in the response of
"FILE_SUPERSEDE Create"; (bso#11240).
+ Mangled names do not work with acl_xattr; (bso#11249).
+ nmbd rewrites browse.dat when not required; (bso#11254).
+ vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff;
(bso#11213).
+ s3:smbd: Add missing tevent_req_nterror; (bso#11224).
+ vfs: kernel_flock and named streams; (bso#11243).
+ vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244).
+ s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses
are used; (bso#11284).
+ ctdb: check for talloc_asprintf() failure; (bso#11201).
+ spoolss: purge the printer name cache on name change; (bso#11210);
(bnc#901813).
+ CTDB statd-callout does not scale; (bso#11204).
+ vfs_fruit: also map characters below 0x20; (bso#11221).
+ ctdb: Coverity fix for CID 1291643; (bso#11201).
+ Multiplexed RPC connections are not handled by DCERPC server; (bso#11225).
+ Fix terminate connection behavior for asynchronous endpoint with PUSH
notification flavors; (bso#11226).
+ ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007).
+ ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201).
+ SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the
directory is deleted; (bso#11257).
+ s3:winbindd: make sure we remove pending io requests before closing client
sockets; (bso#11141); (bnc#931854).
+ Fix panic triggered by smbd_smb2_request_notify_done() ->
smbXsrv_session_find_channel() in smbd; (bso#11182).
+ 'sharesec' output no longer matches input format; (bso#11237).
+ waf: Fix systemd detection; (bso#11200).
+ CTDB: Fix portability issues; (bso#11202).
+ CTDB: Fix some IPv6-related issues; (bso#11203).
+ CTDB statd-callout does not scale; (bso#11204).
+ 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you
enter invalid values; (bso#11234).
+ libads: record service ticket endtime for sealed ldap connections;
(bso#11267).
+ lib/util: Include DEBUG macro in internal header files before samba_util.h;
(bso#11033).
-------------------------------------------------------------------
Fri May 22 09:49:01 UTC 2015 - lmuelle@suse.com
- Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854).
-------------------------------------------------------------------
Wed May 13 16:10:00 UTC 2015 - lmuelle@suse.com
- Remove the independently built libraries ldb, talloc, tdn, and tevent and
the post-10.3 renamed libsmbclient from baselibs.conf.
-------------------------------------------------------------------
Wed May 6 17:09:36 UTC 2015 - lmuelle@suse.com
- Drop redundant doc attribute from man pages.
-------------------------------------------------------------------
Thu Apr 16 11:32:55 UTC 2015 - lmuelle@suse.com
- Update to 4.2.1.
+ s3:winbind:grent: Don't stop group enumeration when a group has no gid;
(bso#8905).
+ Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791).
+ s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with
servers that don't send the 2 unused fields; (bso#10016).
+ build:wafadmin: Fix use of spaces instead of tabs; (bso#10476).
+ waf: Fix the build on openbsd; (bso#10476).
+ s3: client: "client use spnego principal = yes" code checks wrong name;
(bso#10888).
+ spoolss: Retrieve published printer GUID if not in registry; (bso#11018).
+ s3: lib: libsmbclient: If reusing a server struct, check every cli->timout
miliseconds if it's still valid before use; (bso#11079).
+ vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125).
+ backupkey: Explicitly link to gnutls and gcrypt; (bso#11135).
+ replace: Remove superfluous check for gcrypt header; (bso#11135).
+ Backport subunit changes; (bso#11137).
+ libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with
implementation; (bso#11140).
+ s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143).
+ talloc: Version 2.1.2; (bso#11144).
+ Update libwbclient version to 0.12; (bso#11149).
+ brlock: Use 0 instead of empty initializer list; (bso#11153).
+ s4:auth/gensec_gssapi: Let gensec_gssapi_update() return
NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164).
+ docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169);
(bnc#913304).
+ s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev
fails in the SMB1 case; (bso#11173).
+ backupkey: Use ndr_pull_struct_blob_all(); (bso#11174).
+ Fix lots of winbindd zombie processes on Solaris platform; (bso#11175).
+ s3: libsmbclient: Add missing talloc stackframe; (bso#11177).
+ s4-process_model: Do not close random fds while forking; (bso#11180).
+ s3-passdb: Fix 'force user' with winbind default domain; (bso#11185).
-------------------------------------------------------------------
Thu Apr 16 10:20:52 UTC 2015 - lmuelle@suse.com
- Prevent samba package updates from disabling samba kerberos printing.
-------------------------------------------------------------------
Thu Apr 9 12:02:25 UTC 2015 - noel.power@suse.com
- Add sparse file support for samba; (fate#318424).
-------------------------------------------------------------------
Tue Mar 31 23:21:12 UTC 2015 - ddiss@suse.com
- Purge printer name cache on spoolss SetPrinter change; (bso#11210);
(bnc#901813).
-------------------------------------------------------------------
Fri Mar 20 13:21:43 UTC 2015 - ddiss@suse.com
- Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374).
-------------------------------------------------------------------
Wed Mar 18 17:57:50 UTC 2015 - lmuelle@suse.com
- Simplify libxslt build requirement and README.SUSE install.
- Remove no longer required cleanup steps while populating the build root.
-------------------------------------------------------------------
Tue Mar 17 15:21:58 UTC 2015 - ddiss@suse.com
- Remove deprecated base_rid example from idmap_rid manpage; (bso#11169);
(bnc#913304).
-------------------------------------------------------------------
Thu Mar 5 10:35:21 UTC 2015 - lmuelle@suse.com
- Update to 4.2.0.
+ smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115).
+ pam_winbind: fix warn_pwd_expire implementation; (bso#9056).
+ nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).
+ Make 'profiles' work again; (bso#9629).
+ s3:smb2_server: protect against integer wrap with
"smb2 max credits = 65535"; (bso#9702).
+ Make validate_ldb of String(Generalized-Time) accept millisecond format
".000Z"; (bso#9810).
+ Use -R linker flag on Solaris, not -rpath; (bso#10112).
+ vfs: Add glusterfs manpage; (bso#10240).
+ Make 'smbclient' use cached creds; (bso#10279).
+ pdb: Fix build issues with shared modules; (bso#10355).
+ s4-dns: Add support for BIND 9.10; (bso#10620).
+ idmap: Return the correct id type to *id_to_sid methods; (bso#10720).
+ printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808).
+ Don't build vfs_snapper on FreeBSD; (bso#10834).
+ nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835).
+ idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837).
+ s3: smb2cli: query info return length check was reversed; (bso#10848).
+ s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849).
+ lib: uid_wrapper: Fix setgroups and syscall detection on a system without
native uid_wrapper library; (bso#10851).
+ winbind3: Fix pwent variable substitution; (bso#10852).
+ Improve samba-regedit; (bso#10859).
+ registry: Don't leave dangling transactions; (bso#10860).
+ Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861).
+ build: Do not install 'texpect' binary anymore; (bso#10862).
+ Fix testparm to show hidden share defaults; (bso#10864).
+ libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1
max=PROTOCOL_SMB2_02; (bso#10866).
+ Integrate CTDB into top-level Samba build; (bso#10892).
+ samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895).
+ s3-nmbd: Fix netbios name truncation; (bso#10896).
+ spoolss: Fix handling of bad EnumJobs levels; (bso#10898).
+ Fix smbclient loops doing a directory listing against Mac OS X 10 server
with a non-wildcard path; (bso#10904).
+ Fix print job enumeration; (bso#10905); (bnc#898031).
+ samba-tool: Create NIS enabled users and unixHomeDirectory attribute;
(bso#10909).
+ Add support for SMB2 leases; (bso#10911).
+ btrfs: Don't leak opened directory handle; (bso#10918).
+ s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920).
+ s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921).
+ pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).
+ s3-keytab: fix keytab array NULL termination; (bso#10933).
+ s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940).
+ Cleanup add_string_to_array and usage; (bso#10942).
+ dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942).
+ Fix RootDSE search with extended dn control; (bso#10949).
+ Fix 'samba-tool dns serverinfo <server>' for IPv6; (bso#10952).
+ libcli/smb: only force signing of smb2 session setups when binding a new
session; (bso#10958).
+ s3-smbclient: Return success if we listed the shares; (bso#10960).
+ s3-smbstatus: Fix exit code of profile output; (bso#10961).
+ socket_wrapper: Add missing prototype check for eventfd; (bso#10965).
+ libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows
client does; (bso#10966).
+ vfs_streams_xattr: Check stream type; (bso#10971).
+ s3: smbd: Fix *allocate* calls to follow POSIX error return convention;
(bso#10982).
+ vfs_fruit: Add support for AAPL; (bso#10983).
+ Fix spoolss IDL response marshalling when returning error without clearing
info; (bso#10984).
+ dsdb-samldb: Check for extended access rights before we allow changes to
userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).
+ Fix IPv6 support in CTDB; (bso#10996).
+ ctdb-daemon: Use correct tdb flags when enabling robust mutex support;
(bso#11000).
+ vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005).
+ s3-util: Fix authentication with long hostnames; (bso#11008).
+ ctdb-build: Fix build without xsltproc; (bso#11014).
+ packaging: Include CTDB man pages in the tarball; (bso#11014).
+ pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords;
(bso#11016).
+ Make Sharepoint search show user documents; (bso#11022).
+ nss_wrapper: check for nss.h; (bso#11026).
+ Enable mutexes in gencache_notrans.tdb; (bso#11032).
+ tdb_wrap: Make mutexes easier to use; (bso#11032).
+ lib/util: Avoid collision which alread defined consumer DEBUG macro;
(bso#11033).
+ winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034).
+ s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037).
+ vfs_fruit: Fix base_fsp name conversion; (bso#11039).
+ vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040).
+ Fix authentication using Kerberos (not AD); (bso#11044).
+ net: Fix sam addgroupmem; (bso#11051).
+ vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055);
(bnc#913238).
+ cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058).
+ utils: Fix 'net time' segfault; (bso#11058).
+ libsmb: Provide authinfo domain for encrypted session referrals;
(bso#11059).
+ s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066).
+ vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069).
+ vfs/glusterfs: Change xattr key to match gluster key; (bso#11069).
+ vfs_glusterfs: Implement AIO support; (bso#11069).
+ s3-vfs: Fix developer build of vfs_ceph module; (bso#11070).
+ s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer;
(bso#11077); CVE-2015-0240; (bnc#917376).
+ vfs: Add a brief vfs_ceph manpage; (bso#11088).
+ s3: smbclient: Allinfo leaves the file handle open; (bso#11094).
+ Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain;
(bso#11097).
+ debug: Set close-on-exec for the main log file FD; (bso#11100).
+ s3: smbd: leases - losen paranoia check. Stat opens can grant leases;
(bso#11102).
+ s3: smbd: SMB2 close. If a file has delete on close, store the return info
before deleting; (bso#11104).
+ doc:man:vfs_glusterfs: improve the configuration section; (bso#11117).
+ snprintf: Try to support %j; (bso#11119).
+ ctdb-io: Do not use sys_write to write to client sockets; (bso#11124).
+ doc-xml: Add 'sharesec' reference to 'access based share enum';
(bso#11127).
-------------------------------------------------------------------
Sun Mar 1 13:32:41 UTC 2015 - lmuelle@suse.com
- Update to 4.2.0rc5.
+ Ensure we don't call talloc_free on an uninitialized pointer;
CVE-2015-0240; (bso#11077); (bnc#917376).
-------------------------------------------------------------------
Tue Feb 24 16:52:36 UTC 2015 - nopower@suse.com
- Fix usage of freed memory on server exit; (bso#11218); (bnc#919309).
-------------------------------------------------------------------
Tue Feb 24 16:23:16 UTC 2015 - ddiss@suse.com
- Fix tdb_store_flag_to_ntdb() gcc5 build failure.
-------------------------------------------------------------------
Thu Jan 22 14:03:52 UTC 2015 - ddiss@suse.com
- Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238).
-------------------------------------------------------------------
Thu Jan 22 12:40:18 UTC 2015 - lmuelle@suse.com
- Update to 4.1.16.
+ dsdb-samldb: Check for extended access rights before we allow changes to
userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).
-------------------------------------------------------------------
Tue Jan 20 11:33:34 UTC 2015 - lmuelle@suse.com
- Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.
-------------------------------------------------------------------
Mon Jan 19 17:15:19 UTC 2015 - ddiss@suse.com
- Fix libsmbclient DFS referral handling.
+ Reuse connections derived from DFS referrals; (bso#10123); (fate#316512).
+ Set domain/workgroup based on authentication callback value; (bso#11059).
-------------------------------------------------------------------
Mon Jan 19 12:33:21 UTC 2015 - lmuelle@suse.com
- Update to 4.2.0rc4.
- Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and
libhttp to the libs package; (boo#913547).
- Rename libpdb packages to libsamba-passdb.
- Drop libsmbsharemodes packages.
-------------------------------------------------------------------
Tue Jan 13 13:28:31 UTC 2015 - mpluskal@suse.com
- Enable avahi support on post-12.2 systems.
-------------------------------------------------------------------
Tue Jan 13 13:01:11 UTC 2015 - lmuelle@suse.com
- Update to 4.1.15.
+ pam_winbind: Fix warn_pwd_expire implementation; (bso#9056).
+ nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).
+ Fix profiles tool; (bso#9629).
+ s3-lib: Do not require a password with --use-ccache; (bso#10279).
+ s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control;
(bso#10949).
+ s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952).
+ s3:smb2_server: Allow reauthentication without signing; (bso#10958).
+ s3-smbclient: Return success if we listed the shares; (bso#10960).
+ s3-smbstatus: Fix exit code of profile output; (bso#10961).
+ libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows
client does; (bso#10966).
+ s3: smbd/modules: Fix *allocate* calls to follow POSIX error return
convention; (bso#10982).
+ Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute
'supported_extensions'; (bso#11006).
+ idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo;
(bso#11006).
+ winbind: Retry LogonControl RPC in ping-dc after session expiration;
(bso#11034).
-------------------------------------------------------------------
Tue Jan 6 10:33:44 CET 2015 - nopower@suse.de
- yast2-samba-client should be able to specify osName and osVer on
AD domain join; (bnc#873922).
-------------------------------------------------------------------
Mon Dec 8 12:01:35 UTC 2014 - ddiss@suse.com
- Lookup FSRVP share snums at runtime rather than storing them persistently;
(bnc#908627).
-------------------------------------------------------------------
Fri Dec 5 13:12:47 UTC 2014 - ddiss@suse.com
- Specify soft dependency for network-online.target in Winbind systemd service
file; (bnc#889175).
-------------------------------------------------------------------
Thu Dec 4 19:08:11 UTC 2014 - ddiss@suse.com
- Fix spoolss error response marshalling; (bso#10984).
-------------------------------------------------------------------
Tue Dec 2 10:19:26 UTC 2014 - lmuelle@suse.de
- Update to 4.1.14.
+ pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/
Tools/perl.py back to upstream state; (bso#10472).
+ s4-dns: Add support for BIND 9.10; (bso#10620).
+ nmbd fails to accept "--piddir" option; (bso#10711).
+ nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835).
+ S3: source3/smbd/process.c::srv_send_smb() returns true on the error path;
(bso#10880).
+ vfs_glusterfs: Remove "integer fd" code and store the glfs pointers;
(bso#10889).
+ s3-nmbd: Fix netbios name truncation; (bso#10896).
+ spoolss: Fix handling of bad EnumJobs levels; (bso#10898).
+ s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set
STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904).
+ spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905).
+ s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920).
+ s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921).
+ pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).
+ s3-keytab: Fix keytab array NULL termination; (bso#10933).
+ Cleanup add_string_to_array and usage; (bso#10942).
-------------------------------------------------------------------
Fri Nov 28 15:57:23 CET 2014 - nopower@suse.de
- Remove and cleanup shares and registry state associated with
externally deleted snaphots exposed as shadow copies; (bnc#876312).
-------------------------------------------------------------------
Thu Nov 6 13:41:46 UTC 2014 - lmuelle@suse.com
- Use the upstream tar ball, as signature verification is now able to handle
compressed archives.
-------------------------------------------------------------------
Wed Nov 5 13:02:57 CET 2014 - nopower@suse.de
- Fix leak when closing file descriptor returned from dirfd; (bso#10918).
-------------------------------------------------------------------
Thu Oct 30 10:29:04 UTC 2014 - ddiss@suse.com
- Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031).
+ Fix handling of bad EnumJobs levels; (bso#10898).
-------------------------------------------------------------------
Tue Oct 28 16:13:45 UTC 2014 - lmuelle@suse.com
- Remove dependency on gpg-offline as signature checking is implemented in the
source validator.
-------------------------------------------------------------------
Sat Oct 25 13:47:41 UTC 2014 - lmuelle@suse.com
- Update to 4.1.13.
+ s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984).
+ s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984).
+ s3-libads: Add all machine account principals to the keytab; (bso#9985).
+ s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to
be NULL. Ensure this is safe with modern AD-DCs; (bso#10717).
+ Fix unstrcpy; (bso#10735).
+ pthreadpool: Slightly serialize jobs; (bso#10779).
+ s3: smbd: streams - Ensure share mode validation ignores internal opens
(op_mid == 0); (bso#10797).
+ s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809).
+ vfs_media_harmony: Fix a crash bug; (bso#10813).
+ docs: Mention incompatibility between kernel oplocks and streams_xattr;
(bso#10814).
+ nmbd: Send waiting status to systemd; (bso#10816).
+ libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL;
(bso#10817).
+ nsswitch: Skip groups we were not able to map; (bso#10824).
+ s3-winbindd: Use correct realm for trusted domains in idmap child;
(bso#10826).
+ s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830).
+ s3: lib: Signal handling - ensure smbrun and change password code save and
restore existing SIGCHLD handlers; (bso#10831).
+ idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837).
+ s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call;
(bso#10838).
+ s3: smb2cli: Query info return length check was reversed; (bso#10848).
+ registry: Don't leave dangling transactions; (bso#10860).
-------------------------------------------------------------------
Wed Oct 15 10:11:49 UTC 2014 - lmuelle@suse.com
- Update to 4.2.0rc2.
-------------------------------------------------------------------
Wed Oct 8 18:22:21 UTC 2014 - ddiss@suse.com
- Rebase File Server Remote VSS Protocol (FSRVP) server against 4.2.0rc1;
(fate#313346).
-------------------------------------------------------------------
Wed Oct 8 10:13:03 CEST 2014 - nopower@suse.de
- Backport upstream master fixes for samba-regedit; (bnc#896536).
-------------------------------------------------------------------
Tue Oct 7 12:50:21 UTC 2014 - lmuelle@suse.com
- BuildRequire python-xml on SUSE systems only.
-------------------------------------------------------------------
Sun Oct 5 19:25:20 UTC 2014 - lmuelle@suse.com
- BuildRequire python-xml.
- Exclude unwanted texpect binary and libhttp, libsamba-cluster-support,
libsamba-debug, and libsocket-blocking shared libs.
- Add vfs_fruit and vfs_worm man pages and ndr_dcerpc, smb2_lease_struct,
tstream_smbXcli_np, idtree, and idtree_random header files.
- Remove nmblookup and smbclient4 binary and nmblookup4 man page.
-------------------------------------------------------------------
Thu Oct 2 21:14:56 UTC 2014 - lmuelle@suse.com
- Update to 4.2.0rc1.
-------------------------------------------------------------------
Thu Oct 2 16:49:23 UTC 2014 - ddiss@suse.com
- Fix small memory-leak in the background print process; (bnc#899558).
-------------------------------------------------------------------
Fri Sep 26 15:41:38 CEST 2014 - nopower@suse.de
- Modify samba-regedit so it displays correctly (related to ncurses).
Changed code to use menu sub windows, seems to fix problems with display not
refreshing; explicitly BuildRequire ncurses-devel; (bnc#896536).
-------------------------------------------------------------------
Thu Sep 25 12:44:48 UTC 2014 - lmuelle@suse.com
- Exclude unwanted libdnsserver_common and libdfs_server_ad shared libs and
the man page of the unused findsmb script.
-------------------------------------------------------------------
Tue Sep 23 16:55:55 UTC 2014 - ddiss@suse.com
- Skip groups that aren't mapped by idmap_ad; (bso#10824); (bnc#897969).
-------------------------------------------------------------------
Tue Sep 23 12:02:16 UTC 2014 - lmuelle@suse.com
- Update to 4.1.12.
+ s3: winbindd: On new client connect, prune idle or hung connections older
than "winbind request timeout". Add new parameter "winbind request
timeout". Please see smb.conf man page for details; (bso#3204);
(bnc#872912).
+ Fix smbd crashes when filename contains non-ascii character; (bso#10716).
+ s4-rpc: dnsserver: Handle updates of tombstoned dnsNode objects;
(bso#10749).
+ passdb: Fix NT_STATUS_NO_SUCH_GROUP; (bso#9570).
+ s4:setup/dns_update_list: make use of the new substitution variables;
(bso#9831).
+ build: Fix configure to honour '--without-dmapi'; (bso#10369).
+ provision: Correctly provision the SOA record minimum TTL; (bso#10466).
+ s3: Enforce a positive allocation_file_size for non-empty files;
(bso#10543).
+ lib: tevent: make TEVENT_SIG_INCREMENT atomic; (bso#10640).
+ Make "case sensitive = True" option working with "max protocol = SMB2" or
higher in large directories; (bso#10650).
+ Samba 4 consuming a lot of CPU when re-reading printcap info; (bso#10652).
+ lib: strings: Simplify strcasecmp; (bso#10716).
+ Allow netr_ServerReqChallenge() and netr_ServerAuthenticate3() on different
connections; (bso#10723).
+ 'net time': Fix usage and core dump; (bso#10728).
+ sys_poll_intr: Fix timeout arithmetic; (bso#10731).
+ s3:idmap: Don't log missing range config if range checking not requested;
(bso#10737).
+ Fix flapping VFS gpfs offline bit; (bso#10741).
+ s4-rpc: dnsserver: Allow . to be specified for @ record; (bso#10742).
+ s4-rpc: dnsserver: return DNS_RANK_NS_GLUE recors when explicitly asked
for; (bso#10751).
+ samba: Retain case sensitivity of cifs client; (bso#10755).
+ lib: Remove unused nstrcpy; (bso#10758).
+ Fix a memory leak in cli_set_mntpoint(); (bso#10759).
+ docs: Fix typos in smb.conf (inherit acls); (bso#10761).
+ libcli/security: Add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in
get_sec_info(); (bso#10773).
+ s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in
incoming security_information flags in posix_get_nt_acl_common();
(bso#10773).
+ Don't discard result of checking grouptype; (bso#10777).
+ s3:libsmb: Set a max charge for SMB2 connections; (bso#10778).
+ smbd: Properly initialize mangle_hash; (bso#10782).
+ dosmode: Fix FSCTL_SET_SPARSE request validation; (bso#10787).
+ vfs_dirsort: Fix an off-by-one error that can cause uninitialized memory
read; (bso#10794).
-------------------------------------------------------------------
Thu Sep 18 16:59:49 UTC 2014 - jmcdonough@suse.com
- Wait for network-online.target to prevent caching of
pre-network failures; (bnc#889175).
-------------------------------------------------------------------
Thu Sep 18 08:54:38 UTC 2014 - jmcdonough@suse.com
- Use domain name if search by domain SID fails to send SIDHistory
lookups to correct idmap backend; (bnc#773464).
-------------------------------------------------------------------
Thu Sep 11 17:26:26 UTC 2014 - ddiss@suse.com
- Prune idle or hung connections older than "winbind request timeout";
(bso#3204); (bnc#872912).
-------------------------------------------------------------------
Thu Aug 28 10:03:21 UTC 2014 - ddiss@suse.com
- fix FSCTL_SET_SPARSE request validation; (bso#10787); (bnc#893774).
-------------------------------------------------------------------
Tue Aug 19 14:07:53 UTC 2014 - lmuelle@suse.com
- Remove pre-11.2 patch which by default uses the smbpasswd passdb backend.
-------------------------------------------------------------------
Wed Aug 13 11:44:31 UTC 2014 - lmuelle@suse.com
- build: disable mmap on s390 systems; (bso#10765); (bnc#886193);
(bnc#882356).
-------------------------------------------------------------------
Mon Aug 11 11:55:35 UTC 2014 - lmuelle@suse.com
- Create the cups smb backend as sym link pointing to smbspool; (bnc#891220).
-------------------------------------------------------------------
Fri Aug 1 16:34:44 UTC 2014 - ddiss@suse.com
- Fix winbind service parameter usage; (bnc#890005).
-------------------------------------------------------------------
Fri Aug 1 13:47:57 UTC 2014 - lmuelle@suse.com
- lib/param: change the default for "winbind expand groups" to "0";
(bnc#890008).
-------------------------------------------------------------------
Fri Aug 1 13:42:19 UTC 2014 - lmuelle@suse.com
- Update to 4.1.11.
+ A malicious browser can send packets that may overwrite the heap of the
target nmbd NetBIOS name services daemon; CVE-2014-3560; (bnc#889429).
-------------------------------------------------------------------
Wed Jul 30 11:39:30 UTC 2014 - ddiss@suse.com
- Fix "net time" segfault; (bso#10728); (bnc#889539).
-------------------------------------------------------------------
Mon Jul 28 10:12:04 UTC 2014 - lmuelle@suse.com
- Update to 4.1.10.
+ net/doc: Make clear that net vampire is for NT4 domains only; (bso#3263).
+ dbcheck: Add check and test for various invalid userParameters values;
(bso#8077).
+ s4:dsdb/samldb: Don't allow 'userParameters' to be modified over LDAP for
now; (bso#8077).
+ Simple use case results in "no talloc stackframe around, leaking memory"
error; (bso#8449).
+ s4:dsdb/repl_meta_data: Make sure objectGUID can't be deleted; (bso#9763).
+ dsdb: Always store and return the userParameters as a array of LE 16-bit
values; (bso#10130).
+ s4:repl_meta_data: fix array assignment in
replmd_process_linked_attribute(); (bso#10294).
+ ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory();
(bso#10469).
+ dbchecker: Verify and fix broken dn values; (bso#10536).
+ dsdb: Rename private_data to rootdse_private_data in rootdse; (bso#10582).
+ s3: libsmbclient: Work around bugs in SLES cifsd and Apple smbx SMB1
servers; (bso#10587).
+ Fix "PANIC: assert failed at ../source3/smbd/open.c(1582): ret";
(bso#10593).
+ rid_array used before status checked - segmentation fault due to null
pointer dereference; (bso#10627).
+ Samba won't start on a machine configured with only IPv4; (bso#10653).
+ msg_channel: Fix a 100% CPU loop; (bso#10663).
+ s3: smbd: Prevent file truncation on an open that fails with share mode
violation; (bso#10671); (bnc#884056).
+ s3: SMB2: Fix leak of blocking lock records in the database; (bso#10673).
+ samba-tool: Add --site parameter to provision command; (bso#10674).
+ smbstatus: Fix an uninitialized variable; (bso#10680).
+ SMB1 blocking locks can fail notification on unlock, causing client
timeout; (bso#10684).
+ s3: smbd: Locking, fix off-by one calculation in brl_pending_overlap();
(bso#10685).
+ 'RW2' smbtorture test fails when -N <numprocs> is set to 2 due to the
invalid status check in the second client; (bso#10687).
+ wbcCredentialCache fails if challenge_blob is not first; (bso#10692).
+ Backport ldb-1.1.17 + changes from master; (bso#10693).
+ Fix SEGV from improperly formed SUBSTRING/PRESENCE filter; (bso#10693).
+ ldb: Add a env variable to disable RTLD_DEEPBIND; (bso#10693).
+ ldb: Do not build libldb-cmdline when using system ldb; (bso#10693).
+ ldb: Fix 1138330 Dereference null return value, fix CIDs 241329, 240798,
1034791, 1034792 1034910, 1034910); (bso#10693).
+ ldb: make the successful ldb_transaction_start() message clearer;
(bso#10693).
+ ldb:pyldb: Add some more helper functions for LdbDn; (bso#10693).
+ ldb: Use of NULL pointer bugfix; (bso#10693).
+ lib/ldb: Fix compiler warnings; (bso#10693).
+ pyldb: Decrement ref counters on py_results and quiet warnings;
(bso#10693).
+ s4-openldap: Remove use of talloc_reference in ldb_map_outbound.c;
(bso#10693).
+ dsdb: Return NO_SUCH_OBJECT if a basedn is a deleted object; (bso#10694).
+ s4:dsdb/extended_dn_in: Don't force DSDB_SEARCH_SHOW_RECYCLED; (bso#10694).
+ Backport autobuild/selftest fixes from master; (bso#10696).
+ Backport drs-crackname fixes from master; (bso#10698).
+ smbd: Avoid double-free in get_print_db_byname; (bso#10699).
+ Backport access check related fixes from master; (bso#10700).
+ Backport provision fixes from master; (bso#10703).
+ s3:smb2_read: let smb2_sendfile_send_data() behave like send_file_readX();
(bso#10706).
+ s3: Fix missing braces in nfs4_acls.c.
-------------------------------------------------------------------
Wed Jul 9 22:59:09 UTC 2014 - ddiss@suse.com
- Reduce printer_list.tdb lock contention during printcap update;
(bso#10652); (bnc#883870).
+ Only update the printer share inventory when needed.
-------------------------------------------------------------------
Tue Jul 8 12:35:25 UTC 2014 - lmuelle@suse.com
- Add missing newline to debug message in daemon_ready(); (bnc#865627).
-------------------------------------------------------------------
Mon Jul 7 13:59:24 UTC 2014 - lmuelle@suse.com
- BuildRequire systemd-devel, configure --with-systemd, and modify the service
files accordingly on post-12.2 systems; (bso#10517); (bnc#865627).
-------------------------------------------------------------------
Wed Jun 25 11:52:17 UTC 2014 - ddiss@suse.com
- Prevent file truncation on an open that fails with share mode violation;
(bso#10671); (bnc#884056).
-------------------------------------------------------------------
Mon Jun 23 09:43:53 UTC 2014 - lmuelle@suse.com
- Update to 4.1.9.
+ Fix nmbd denial of service; CVE-2014-0244; (bnc#880962).
+ Fix segmentation fault in smbd_marshall_dir_entry()'s SMB_FIND_FILE_UNIX
handler; CVE-2014-3493; (bnc#883758).
-------------------------------------------------------------------
Thu Jun 12 18:09:44 UTC 2014 - lmuelle@suse.com
- BuildRequire krb5-devel, libiniparser-devel, and python-devel in any case.
-------------------------------------------------------------------
Thu Jun 12 17:15:09 UTC 2014 - lmuelle@suse.com
- BuildRequire libxslt and perl-ExtUtils-MakeMaker and BuildIgnore libtevent
on CentOS, Fedora, and RHEL systems.
-------------------------------------------------------------------
Tue Jun 3 18:36:06 UTC 2014 - lmuelle@suse.com
- Update to 4.1.8.
+ dns: Don't reply to replies; CVE-2014-0239; (bso#10609).
+ Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response; CVE-2014-0178;
(bso#10549).
+ s3: smb2: Fix 'xcopy /d' with samba shares; (bso#3124).
+ Extra ':' in msg for Waf Cross Compile Build System with Cross-answers
command; (bso#10151).
+ s3: nmbd: Reset debug settings after reading config file; (bso#10239).
+ Fix empty body in if-statement in continue_domain_open_lookup; (bso#10348).
+ script/autobuild: Make use of '--with-perl-{arch,lib}-install-dir';
(bso#10472).
+ wafsamba: Fix the installation on FreeBSD; (bso#10472).
+ Use exit_daemon() to communicate status of startup to systemd; (bso#10517).
+ Fix adding NetApps; (bso#10524).
+ s3: lib/util: Fix logic inside set_namearray loops; (bso#10544).
+ s3: lib/util: set_namearray reads across end of namelist; (bso#10544).
+ idmap_autorid: Fix failure in reverse lookup if ID is from domain range
index #0; (bso#10547).
+ build: Fix ordering problems with lib-provided and internal RPATHs;
(bso#10548).
+ Fix read of deleted memory in reply_writeclose()'; (bso#10554).
+ lib-util: Rename memdup to smb_memdup and fix all callers; (bso#10556).
+ Fix lock order violation and file lost; (bso#10564).
+ dsdb: Do checks for invalid renames in samldb, before repl_meta_data;
(bso#10569).
+ Fix wildcard unlink to fail if we get an error rather than trying to
continue; (bso#10577).
+ byteorder: Do not assume PowerPC is big-endian; (bso#10590).
+ printing: Fix purge of all print jobs; (bso#10612).
-------------------------------------------------------------------
Fri May 23 10:41:11 UTC 2014 - lmuelle@suse.com
- examples/libsmbclient: avoid some compiler warnings; (bso#10624).
-------------------------------------------------------------------
Thu May 22 13:08:13 UTC 2014 - ddiss@suse.com
- Fix printer job purging; (bso#10612); (bnc#879390).
-------------------------------------------------------------------
Sun May 18 12:07:03 UTC 2014 - lmuelle@suse.com
- Update samba-pubkey_6568B7EA.asc which will expire 2016-01-17.
-------------------------------------------------------------------
Mon May 5 11:44:20 UTC 2014 - ddiss@suse.com
- Fix byte-order macros on little endian Power8; (bso#10590); (bnc#871701).
-------------------------------------------------------------------
Fri May 2 15:37:33 UTC 2014 - ddiss@suse.com
- Pass through vfs_btrfs snapshot manipulation requests when
"btrfs: manipulate snapshots = no" is configured; (bnc#874180).
-------------------------------------------------------------------
Fri Apr 25 08:47:57 UTC 2014 - ddiss@suse.com
- Clone the base share security descriptor when exposing a snapshot share;
(bnc#874656).
-------------------------------------------------------------------
Thu Apr 24 16:21:04 UTC 2014 - ddiss@suse.com
- Use appropriate HRESULT return codes; (bnc#875046).
-------------------------------------------------------------------
Thu Apr 17 15:44:30 UTC 2014 - lmuelle@suse.com
- Update to 4.1.7.
+ Make "force user" work as expected; (bso#9878).
+ Fix build on AIX with IBM XL C/C++ (gettext detection issues); (bso#9911).
+ Fix problem with server taking too long to respond to a
MSG_PRINTER_DRVUPGRADE message; (bso#9942).
+ s3-printing: Fix obvious memory leak in printer_list_get_printer();
(bso#9993).
+ doc: Add "spoolss: architecture" parameter usage; (bso#10188).
+ Make 'smbclient' support DFS shares with SMB2/3; (bso#10200).
+ Make (lib)smbclient work with NetApp; (bso#10230).
+ SessionLogoff on a signed connection with an outstanding notify request
crashes smbd; (bso#10344).
+ dfs: Always call create_conn_struct with root privileges; (bso#10378).
+ 'net ads search' on high latency networks can return a partial list with
no error indication; (bso#10387).
+ max xmit > 64kb leads to segmentation fault; (bso#10422).
+ Fix STATUS_NO_MEMORY response from Query File Posix Lock request;
(bso#10431).
+ Increase max netbios name components; (bso#10439).
+ smbd_server_connection_terminate("CTDB_SRVID_RELEASE_IP") panics from
within ctdbd_migrate() with invalid lock_order; (bso#10444).
+ Fix 'wbinfo -i' with one-way trust; (bso#10458).
+ samba4 services not binding on IPv6 addresses causing connection delays;
(bso#10464).
+ s3-vfs: Fix stream_depot vfs module on btrfs; (bso#10467).
+ Don't respond with NXDOMAIN to records that exist with another type;
(bso#10471).
+ pidl: waf should have an option for the dir to install perl files and do
not glob; (bso#10472).
+ s3-spoolssd: Don't register spoolssd if epmd is not running; (bso#10474).
+ s3-rpc_server: Fix handling of fragmented rpc requests; (bso#10481).
+ Initial FSRVP rpcclient requests fail with NT_STATUS_PIPE_NOT_AVAILABLE;
(bso#10484).
+ lsa.idl: Define lsa.ForestTrustCollisionInfo and ForestTrustCollisionRecord
as public structs; (bso#10504).
+ Make 'smbreadline' build with readline 6.3; (bso#10506).
+ smbd: Correctly add remote users into local groups; (bso#10508).
+ rpcclient FSRVP request UNCs should include a trailing backslash;
(bso#10521).
+ Cleanup messages.tdb record after unclean smbd shutdown; (bso#10534).
+ s3:rpc_server: Minor refactoring of process_request_pdu().
-------------------------------------------------------------------
Tue Apr 15 15:03:27 UTC 2014 - ddiss@suse.com
- Create a new DBus connection for every vfs_snapper request, to ensure
correct snapper UID detection; (bnc#866354).
-------------------------------------------------------------------
Tue Apr 15 10:41:04 UTC 2014 - nopower@suse.de
- Fix "Invalid read" in method reply_writeclose; (bso#10554); (bnc#873658).
-------------------------------------------------------------------
Fri Apr 11 12:37:48 UTC 2014 - ddiss@suse.com
- Fix minor compiler warnings in snapshot code-path; (bnc#873177).
-------------------------------------------------------------------
Fri Apr 11 12:21:48 UTC 2014 - lmuelle@suse.com
- Remove references to the obsolete samba-krb-printing package and
get_printing_ticket binary.
-------------------------------------------------------------------
Fri Apr 11 12:09:23 UTC 2014 - ddiss@suse.com
- Fix malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response; CVE-2014-0178;
(bso#10549); (bnc#872396).
-------------------------------------------------------------------
Fri Apr 11 11:50:08 UTC 2014 - nopower@suse.de
- User error strings instead of hex codes where possible for FSRVP
errors; (bnc#866927).
-------------------------------------------------------------------
Tue Apr 1 16:49:05 UTC 2014 - ddiss@suse.com
- Fix remote share shadow copy request UNCs; (bso#10521); (bnc#870957).
-------------------------------------------------------------------
Tue Apr 1 15:20:21 UTC 2014 - lmuelle@suse.com
- Add krb5rcache directory to the winbind package; (bnc#870607).
- Cleanup and consolidate the sysconfig and systemd service files.
-------------------------------------------------------------------
Fri Mar 28 11:45:03 UTC 2014 - ddiss@suse.com
- Extend vfs_snapper man page to cover permissions; (bnc#870570).
-------------------------------------------------------------------
Wed Mar 26 14:36:34 UTC 2014 - ddiss@suse.com
- Fix RPC server handling of fragmented requests; (bso#10481); (bnc#869707).
-------------------------------------------------------------------
Fri Mar 21 18:59:29 UTC 2014 - lmuelle@suse.com
- Default with the cache and lock directory to the same path to have both
non-persistent and persistent data at one location; (bnc#846586).
-------------------------------------------------------------------
Wed Mar 12 13:57:29 UTC 2014 - lmuelle@suse.com
- Depend only on %version with all manual Provides and Requires; (bnc#844307).
-------------------------------------------------------------------
Tue Mar 11 18:07:47 UTC 2014 - lmuelle@suse.com
- Update to 4.1.6.
+ Password lockout not enforced for SAMR password changes; CVE-2013-4496;
(bnc#849224).
+ smbcacls can remove a file or directory ACL by mistake; CVE-2013-6442;
(bnc#855866).
-------------------------------------------------------------------
Tue Mar 11 13:10:59 UTC 2014 - lmuelle@suse.com
- Password lockout not enforced for SAMR password changes;
CVE-2013-4496; (bnc#849224).
-------------------------------------------------------------------
Tue Mar 11 10:21:46 UTC 2014 - lmuelle@suse.com
- Call update-apparmor-samba-profile via ExecStartPre too; (bnc#867665).
-------------------------------------------------------------------
Mon Mar 10 16:00:03 UTC 2014 - nopower@suse.com
- samba4 smbcalcs --chown | --chgrp dacl regression; CVE-2013-6442;
(bnc#855866).
-------------------------------------------------------------------
Tue Mar 4 17:20:33 UTC 2014 - ddiss@suse.com
- Retry named pipe open requests on STATUS_PIPE_NOT_AVAILABLE; (bso#10484);
(bnc#865095).
-------------------------------------------------------------------
Thu Feb 27 15:19:56 UTC 2014 - ddiss@suse.com
- Propagate snapshot enumeration permissions errors to SMB clients;
(bnc#865641).
-------------------------------------------------------------------
Wed Feb 26 12:48:58 CET 2014 - nopower@suse.de
- Properly handle empty 'requires_membership_of' entries in
/etc/security/pam_winbind.conf; (bnc#865771).
-------------------------------------------------------------------
Tue Feb 25 13:12:25 UTC 2014 - ddiss@suse.com
- Fix problem with server taking too long to respond to a
MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748).
- Fix memory leak in printer_list_get_printer(); (bso#9993); (bnc#865561).
-------------------------------------------------------------------
Mon Feb 24 18:44:59 UTC 2014 - ddiss@suse.com
- Fix stream_depot VFS module on Btrfs; (bso#10467); (bnc#865397).
-------------------------------------------------------------------
Fri Feb 21 17:57:57 UTC 2014 - ddiss@suse.com
- Use libarchive to provide improved smbclient tarmode functionality;
(bso#9667); (bnc#861135).
-------------------------------------------------------------------
Fri Feb 21 16:02:12 UTC 2014 - lmuelle@suse.com
- Depend on %version-%release with all manual Provides and Requires;
(bnc#844307).
-------------------------------------------------------------------
Fri Feb 21 13:16:01 UTC 2014 - lmuelle@suse.com
- Update to 4.1.5.
+ Fix 100% CPU utilization in winbindd when trying to free memory in
winbindd_reinit_after_fork; (bso#10358); (bnc#786677).
+ smbd: Fix memory overwrites; (bso#10415).
+ s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done();
(bso#2191).
+ ntlm_auth sometimes returns the wrong username to mod_ntlm_auth_winbind;
(bso#10087).
+ s3: smbpasswd: Fix crashes on invalid input; (bso#10320).
+ s3: vfs_dirsort module: Allow dirsort to work when multiple simultaneous
directories are open; (bso#10406).
+ Add support for Heimdal's unified krb5 and hdb plugin system, cope with
first element in hdb_method having a different name in different heimdal
versions and fix INTERNAL ERROR: Signal 11 in the kdc pid; (bso#10418).
+ vfs_btrfs: Fix incorrect zero length server-side copy request handling;
(bso#10424).
+ s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we
can't cope with a symlink when lp_posix_pathnames() is true; (bso#10429).
+ smbd: Fix an ancient oplock bug; (bso#10436).
+ Fix crash bug in smb2_notify code; (bso#10442).
-------------------------------------------------------------------
Tue Feb 18 13:04:37 UTC 2014 - lmuelle@suse.com
- Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293).
-------------------------------------------------------------------
Fri Feb 14 00:31:35 UTC 2014 - ddiss@suse.com
- Migrate @GMT token parsing functionality into vfs_snapper; (bnc#863079).
+ Improve vfs_snapper documentation.
-------------------------------------------------------------------
Wed Feb 12 17:50:02 UTC 2014 - ddiss@suse.com
- Fix Winbind 100% CPU utilization caused by domain list corruption;
(bso#10358); (bnc#786677).
-------------------------------------------------------------------
Sat Feb 8 10:39:25 UTC 2014 - ddiss@suse.com
- Fix memory overwrite in FSCTL_VALIDATE_NEGOTIATE_INFO handler; (bso#10415);
(bnc#862370).
-------------------------------------------------------------------
Fri Feb 7 16:48:52 UTC 2014 - lmuelle@suse.com
- Streamline the vendor suffix handling and add support for SLE 12.
-------------------------------------------------------------------
Fri Feb 7 16:07:50 UTC 2014 - ddiss@suse.com
- Fix zero length server-side copy request handling; (bso#10424);
(bnc#862558).
-------------------------------------------------------------------
Tue Feb 4 17:22:52 UTC 2014 - lmuelle@suse.com
- Set the PID directory to /run/samba on post-12.2 systems.
-------------------------------------------------------------------
Tue Feb 4 16:02:45 UTC 2014 - lmuelle@suse.com
- Make use of the tmpfilesdir macro while calling systemd-tmpfiles.
-------------------------------------------------------------------
Tue Jan 28 20:05:30 CET 2014 - nopower@suse.de
- Make winbindd print the interface version when it gets an INTERFACE_VERSION
request; (bnc#726937).
-------------------------------------------------------------------
Tue Jan 28 15:16:30 UTC 2014 - ddiss@suse.com
- Fix vfs_btrfs build on older platforms with duplicate WRITE_FLUSH
definitions; (bnc#860832).
-------------------------------------------------------------------
Tue Jan 28 14:34:57 UTC 2014 - ddiss@suse.com
- Check for NULL gensec_security in gensec_security_by_auth_type();
(bnc#860809).
-------------------------------------------------------------------
Tue Jan 28 01:57:08 UTC 2014 - ddiss@suse.com
- Ensure ndr table initialization; (bnc#860648).
-------------------------------------------------------------------
Fri Jan 24 19:41:59 UTC 2014 - ddiss@suse.com
- Add File Server Remote VSS Protocol (FSRVP) server for SMB share
shadow-copies; (fate#313346).
-------------------------------------------------------------------
Fri Jan 24 15:17:53 UTC 2014 - lmuelle@suse.com
- s3-dir: Fix the DOS clients against 64-bit smbd's; (bso#2662).
- shadow_copy2: module "Previous Version" not working in Windows 7;
(bso#10259).
- s3-passdb: Fix string duplication to pointers; (bso#10367).
- vfs/glusterfs: in case atime is not passed, set it to the current atime;
(bso#10384)
-------------------------------------------------------------------
Fri Jan 24 14:30:45 UTC 2014 - lmuelle@suse.com
- s3: winbindd: Move calling setup_domain_child() into add_trusted_domain();
(bso#10358); (bnc#786677).
-------------------------------------------------------------------
Mon Jan 20 10:47:54 UTC 2014 - lmuelle@suse.com
- Default sysconfig daemon options to -D; (bso#10388); (bnc#857454).
-------------------------------------------------------------------
Thu Jan 16 19:19:58 UTC 2014 - lmuelle@suse.com
- Add /var/cache/samba to the client file list; (bnc#846586).
-------------------------------------------------------------------
Tue Jan 14 21:57:32 UTC 2014 - lmuelle@suse.com
- Really add the WINBINDDOPTIONS sysconfig variable on install; (bnc#857454).
-------------------------------------------------------------------
Mon Jan 13 13:04:53 UTC 2014 - lmuelle@suse.com
- Correct sysconfig variable names by adding the missing D char; (bnc#857454).
-------------------------------------------------------------------
Fri Jan 10 17:02:40 UTC 2014 - lmuelle@suse.com
- Update to 4.1.4.
+ Fix segfault in smbd; (bso#10284).
+ Fix SMB2 server panic when a smb2 brlock times out; (bso#10311).
-------------------------------------------------------------------
Wed Jan 8 15:36:42 UTC 2014 - lmuelle@suse.com
- Call stop_on_removal from preun and restart_on_update and insserv_cleanup
from postun on pre-12.3 systems only; (bnc#857454).
-------------------------------------------------------------------
Wed Jan 8 13:53:33 UTC 2014 - adrian@suse.de
- BuildRequire gamin-devel instead of unmaintained fam-devel package on
post-12.1 systems.
-------------------------------------------------------------------
Mon Jan 6 21:37:37 UTC 2014 - lmuelle@suse.com
- smbd: allow updates on directory write times on open handles; (bso#9870).
- lib/util: use proper include for struct stat; (bso#10276).
- s3:winbindd fix use of uninitialized variables; (bso#10280).
- s3-winbindd: Fix DEBUG statement in winbind_msg_offline(); (bso#10285).
- s3-lib: Fix %G substitution for domain users in smbd; (bso#10286).
- smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a
path for open; (bso#10297).
- smb2_server processing overhead; (bso#10298).
- ldb: bad if test in ldb_comparison_fold(); (bso#10305).
- Fix AIO with SMB2 and locks; (bso#10310).
- smbd: Fix a panic when a smb2 brlock times out; (bso#10311).
- vfs_glusterfs: Enable per client log file; (bso#10337).
-------------------------------------------------------------------
Mon Jan 6 17:12:55 UTC 2014 - lmuelle@suse.com
- Add /etc/sysconfig/samba to the main and winbind package; (bnc#857454).
-------------------------------------------------------------------
Mon Jan 6 13:09:35 UTC 2014 - lmuelle@suse.com
- Create /var/run/samba with systemd-tmpfiles on post-12.2 systems;
(bnc#856759).
-------------------------------------------------------------------
Mon Jan 6 10:06:59 UTC 2014 - lmuelle@suse.com
- Fix broken rc{nmb,smb,winbind} sym links which should point to the service
binary on post-12.2 systems; (bnc#856759).
-------------------------------------------------------------------
Mon Jan 6 07:01:48 UTC 2014 - ddiss@suse.com
- Add Snapper VFS module for snapshot manipulation; (fate#313347).
+ dbus-1-devel required at build time.
-------------------------------------------------------------------
Mon Jan 6 06:59:01 UTC 2014 - ddiss@suse.com
- Add File Server Remote VSS Protocol (FSRVP) client for SMB share
shadow-copies; (fate#313345).
-------------------------------------------------------------------
Wed Dec 11 12:12:21 UTC 2013 - lmuelle@suse.com
- Do not BuildRequire perl ExtUtils::MakeMaker and Parse::Yapp as they're part
of the minimum build environment.
-------------------------------------------------------------------
Mon Dec 9 10:48:06 UTC 2013 - lmuelle@suse.com
- Update to 4.1.3.
+ DCE-RPC fragment length field is incorrectly checked; CVE-2013-4408;
(bnc#844720).
+ pam_winbind login without require_membership_of restrictions;
CVE-2012-6150; (bnc#853347).
-------------------------------------------------------------------
Fri Dec 6 16:25:59 UTC 2013 - lmuelle@suse.com
- Make use of the full gpg pub key file name including the key ID.
-------------------------------------------------------------------
Thu Dec 5 19:22:47 UTC 2013 - ddiss@suse.com
- Add transparent file compression support; (fate#316266).
+ Implement FSCTL_GET_COMPRESSION and FSCTL_SET_COMPRESSION handlers.
+ Add FILE_ATTRIBUTE_COMPRESSED and FILE_NO_COMPRESSION support.
+ Extend vfs_btrfs VFS module to utilize get/set compression hooks.
-------------------------------------------------------------------
Thu Dec 5 17:03:34 UTC 2013 - ddiss@suse.com
- Add support for FSCTL_SRV_COPYCHUNK_WRITE; (fate#314770).
-------------------------------------------------------------------
Mon Dec 2 15:50:56 UTC 2013 - lmuelle@suse.com
- Remove bogus libsmbclient0 package description and cleanup the libsmbclient
line from baselibs.conf; (bnc#853021).
-------------------------------------------------------------------
Fri Nov 22 11:11:42 UTC 2013 - lmuelle@suse.com
- BuildRequire systemd on post-12.2 systems.
-------------------------------------------------------------------
Fri Nov 22 10:32:30 UTC 2013 - lmuelle@suse.com
- Update to 4.1.2.
+ s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled; (bso#9091).
+ dfs_server: Use dsdb_search_one to catch 0 results as well as
NO_SUCH_OBJECT errors; (bso#10052).
+ Missing talloc_free can leak stackframe in error path; (bso#10187).
+ Fix memset used with constant zero length parameter; (bso#10190).
+ s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName';
(bso#10193).
+ Make offline logon cache updating for cross child domain group membership;
(bso#10194).
+ nsswitch: Fix short writes in winbind_write_sock; (bso#10195).
+ RW Deny for a specific user is not overriding RW Allow for a group;
(bso#10196).
+ vfs_glusterfs: Fix excessive debug output from vfs_gluster_open();
(bso#10224).
+ vfs_glusterfs: Implement proper mashalling/unmarshalling of ACLs;
(bso#10224).
+ VFS plugin was sending the actual size of the volume instead of the total
number of block units because of which windows was getting the wrong
volume capacity; (bso#10224).
+ libcli/smb: Fix smb2cli_ioctl*() against Windows 2008; (bso#10232).
+ xattr: Fix listing EAs on *BSD for non-root users; (bso#10247).
+ Fix the build of vfs_glusterfs; (bso#10253).
+ s3-winbindd: Fix cache_traverse_validate_fn failure for NDR cache entries;
(bso#10264).
+ util: Remove 32bit macros breaking strict aliasing; (bso#10269).
-------------------------------------------------------------------
Thu Nov 21 17:16:42 UTC 2013 - lmuelle@suse.com
- Let gpg verify execution condition not fail on non SUSE systems.
-------------------------------------------------------------------
Thu Nov 21 14:13:37 UTC 2013 - lmuelle@suse.com
- Add systemd support for post-12.2 systems.
-------------------------------------------------------------------
Tue Nov 19 19:17:40 CET 2013 - nopower@suse.de
- Allow smbcacls to take a '--propagate-inheritance' flag to indicate that
the add, delete, modify and set operations now support automatic
propagation of inheritable ACE(s); (FATE#316474).
-------------------------------------------------------------------
Fri Nov 15 18:04:50 UTC 2013 - lmuelle@suse.com
- Unconditionally create the CUPS smb backend sym link pointing to smbspool;
(bnc#850656).
-------------------------------------------------------------------
Wed Nov 13 15:16:03 UTC 2013 - lmuelle@suse.com
- Update to 4.1.1.
+ ACLs are not checked on opening an alternate data stream on a file or
directory; CVE-2013-4475; (bso#10229); (bnc#848101).
+ Private key in key.pem world readable; CVE-2013-4476; (bnc#848103).
-------------------------------------------------------------------
Sun Nov 10 18:16:56 UTC 2013 - lmuelle@suse.com
- Private key in key.pem world readable; CVE-2013-4476; (bnc#848103).
-------------------------------------------------------------------
Wed Oct 30 14:11:42 UTC 2013 - lmuelle@suse.com
- ACLs are not checked on opening an alternate data stream on a file or
directory; CVE-2013-4475; (bso#10229); (bnc#848101).
-------------------------------------------------------------------
Fri Oct 11 08:58:29 UTC 2013 - lmuelle@suse.com
- Update to 4.1.0.
+ pam_winbindd: Support the KEYRING ccache type; (bso#10132).
+ Fix PAC parsing failure; (bso#10178).
-------------------------------------------------------------------
Wed Oct 9 20:41:52 UTC 2013 - lmuelle@suse.com
- Unify the defattr lines in the pidl, python, test and test-devel files
section by removing the optional directory mode.
-------------------------------------------------------------------
Wed Oct 9 15:30:31 UTC 2013 - lmuelle@suse.com
- Verify source tar ball gpg signature.
-------------------------------------------------------------------
Fri Sep 27 12:30:24 UTC 2013 - lmuelle@suse.com
- Update to 4.1.0rc4.
+ dsdb: Convert the full string from UTF16 to UTF8, including embedded
NULLs; (bso#8077).
+ python-samba-tool fsmo: Do not give an error on a successful role
transfer; (bso#9461).
+ dbwrap_ctdb: Treat empty records as non-existing; (bso#10008).
+ Raise the level of a debug when unable to open a printer; (bso#10118).
+ Add "acl allow execute always" parameter; (bso#10134).
+ vfs_shadow_copy2: Display previous versions correctly over SMB2;
(bso#10137).
+ smbd: Always clean up share modes after hard crash; (bso#10138).
+ Valid utf8 filenames cause "invalid conversion error" messages;
(bso#10139).
+ libcli/smb: Use SMB1 MID=0 for the initial Negprot; (bso#10144).
+ Samba SMB2 client code reads the wrong short name length in a directory
listing reply; (bso#10145).
+ libcli/smb: Only check the SMB2 session setup signature if required and
valid; (bso#10146).
+ Better document potential implications of a globally used "valid users";
(bso#10147).
+ cli_smb2_get_ea_list_path() failed to close file on exit; (bso#10149).
+ Not all OEM servers support the ALTNAME info level; (bso#10150).
+ Regression causes replication failure with Windows 2008R2 and deletes
Deleted Objects; (bso#10157).
+ Netbios related samba process consumes 100% CPU; (bso#10158).
+ Fix POSIX ACL mapping when setting DENY ACE's from Windows; (bso#10162).
-------------------------------------------------------------------
Thu Sep 19 22:10:11 UTC 2013 - lmuelle@suse.com
- Require libndr-standard-devel due to gen_ndr/lsa.h from libpdb-devel.
-------------------------------------------------------------------
Mon Sep 16 12:49:02 UTC 2013 - lmuelle@suse.com
- Add libdcerpc0, libdcerpc-atsvc0, libdcerpc-binding0, libdcerpc-samr0,
libgensec0, libndr0, libndr-krb5pac0, libndr-nbt0, libndr-standard0,
libpdb0, libregistry0, libsamba-credentials0, libsamba-hostconfig0,
libsamba-policy0, libsamba-util0, libsamdb0, libsmbclient-raw0, libsmbconf0,
libsmbldap0, and libtevent-util0 to baselibs.conf.
-------------------------------------------------------------------
Sat Sep 14 17:05:05 UTC 2013 - jengelh@inai.de
- Add or polish the shared library package summaries and descriptions.
-------------------------------------------------------------------
Fri Sep 13 09:24:47 UTC 2013 - lmuelle@suse.com
- Update to 4.1.0rc3.
+ Fix working on site with Read Only Domain Controller; (bso#5917).
+ Add man page for vfs_syncops; (bso#7364).
+ Add man page for vfs_linux_xfs_sgid; (bso#7490).
+ When replicating DNS for bind9_dlz we need to create the server-DNS
account remotely; (bso#9091).
+ Winbind unable to retrieve user information from AD; (bso#9615).
+ winbind_lookup_names() fails because of NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
(bso#9899).
+ Build Samba 4.0.x on AIX with IBM XL C/C++; (bso#9911).
+ Add SMB2 and SMB3 support for smbclient; (bso#9974).
+ Add man pages for ntdb tools; (bso#10000).
+ Add man page for samba-regedit tool; (bso#10001).
+ ::1 added to nameserver on join; (bso#10030).
+ Fix memory leak in source3/lib/util.c:1493; (bso#10063).
+ Fix segmentation fault in 'net ads join'; (bso#10073).
+ Fix variable list in vfs_crossrename man page; (bso#10076).
+ s3-winbind: Fix a segfault passing NULL to a fstring argument; (bso#10082).
+ smbd: Fix async echo handler forking; (bso#10086).
+ MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba;
(bso#10097).
+ Honour output buffer length set by the client for SMB2 GetInfo requests;
(bso#10106).
+ Fix Winbind crashes on DC with trusted AD domains; (bso#10107).
+ Handle Dropbox (write-only-directory) case correctly in pathname lookup;
(bso#10114).
+ Masks incorrectly applied to UNIX extension permission changes;
(bso#10121).
-------------------------------------------------------------------
Thu Sep 5 12:31:09 UTC 2013 - jengelh@inai.de
- Implement shared library packaging guidelines.
- Correct interpackage dependencies; (bso#10129).
-------------------------------------------------------------------
Tue Sep 3 17:30:08 UTC 2013 - lmuelle@suse.com
- Define the source URL differently in the case of a release candidate.
-------------------------------------------------------------------
Sat Aug 31 22:47:49 UTC 2013 - lmuelle@suse.com
- Update to 4.1.0rc2.
+ Add vfs_btrfs module.
+ Add support for server-side copy operations via the
SMB2 FSCTL_SRV_COPYCHUNK request.
+ Fix replication with --domain-crictical-only to fill in backlinks;
(bso#9029).
+ Windows 8 Roaming profiles fail; (bso#9678).
+ Fix crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol";
(bso#9820).
+ Windows error 0x800700FE when copying files with xattr names containing
":"; (bso#9992).
+ Do not delete an existing valid credential cache (s3-winbind); (bso#9994).
+ Fix segfault while reading incomplete session info; (bso#10003).
+ Missing integer wrap protection in EA list reading can cause server to
loop with DOS (CVE-2013-4124); (bso#10010).
+ Fix a 100% loop at shutdown time (smbd); (bso#10013).
+ Fix/improve debug options; (bso#10015).
+ Rename regedit to samba-regedit; (bso#10040).
+ Remove obsolete swat manpage and references; (bso#10041).
+ Fix crashes in socket_get_local_addr(); (bso#10042).
+ Allow to change the default location for Kerberos credential caches;
(bso#10043).
+ Remove a redundant inlined substitution of ACLs; (bso#10045).
+ nsswitch: Add OPT_KRB5CCNAME to avoid an error message; (bso#10048).
+ dsdb improvements; (bso#10056).
+ Linux kernel oplock breaks can miss signals; (bso#10064).
-------------------------------------------------------------------
Thu Aug 29 12:47:26 UTC 2013 - lmuelle@suse.com
- BuildRequire pyldb-devel.
-------------------------------------------------------------------
Wed Aug 28 14:56:09 UTC 2013 - lmuelle@suse.com
- Add libnetapi0 and samba-libs to baselibs.conf.
-------------------------------------------------------------------
Thu Aug 22 12:01:15 UTC 2013 - lmuelle@suse.de
- Update to 4.0.9.
+ Fix crash of Winbind after "ls -l /usr/local/samba/var/locks/sysvol";
(bso#9820).
+ s3-lib: Fix segmentation fault while reading incomplete session info;
(bso#10003).
+ smbd: Fix a 100% loop at shutdown time; (bso#10013).
+ Windows 8 Roaming profiles fail; (bso#9678).
+ Add UPN enumeration to passdb internal API; (bso#9779).
+ smbd: Cleanup disonnected durable handles; (bso#9930).
+ vfs_streams_xattr: Do not attempt to write empty attribute twice;
(bso#9970).
+ Fix Windows error 0x800700FE when copying files with xattr names
containing ":"; (bso#9992).
+ s3-winbind: Do not delete an existing valid credential cache; (bso#9994).
+ Fix excessive RID allocation; (bso#10014).
+ Add debugclass for DNS server; (bso#10015).
+ Fix/improve debug options; (bso#10015).
+ Allow to change the default location for Kerberos credential caches;
(bso#10043).
+ Linux kernel oplock breaks can miss signals; (bso#10064).
+ net ads join: Fix segmentation fault in
create_local_private_krb5_conf_for_domain; (bso#10073).
-------------------------------------------------------------------
Mon Aug 5 10:56:56 UTC 2013 - lmuelle@suse.com
- Update to 4.0.8.
+ Samba 3.0.x to 4.0.7 are affected by a denial of service attack on
authenticated or guest connections; CVE-2013-4124; (bnc#829969).
-------------------------------------------------------------------
Mon Jul 22 08:41:07 UTC 2013 - lmuelle@suse.com
- Require krb5 and not the non existing krb5-libs package.
-------------------------------------------------------------------
Wed Jul 17 17:42:23 UTC 2013 - lmuelle@suse.com
- Update to 4.1.0rc1.
+ Directory database replication (AD DC mode)
+ Server-Side Copy Support
+ Btrfs Filesystem Integration
-------------------------------------------------------------------
Fri Jul 12 13:07:11 UTC 2013 - lmuelle@suse.com
- BuildRequire perl ExtUtils::MakeMaker and Parse::Yapp.
- BuildRequire libxslt, libxslt1, or libxslt-tools depending on SUSE version.
- Require perl-base on SUSE systems only.
-------------------------------------------------------------------
Fri Jul 12 10:27:25 UTC 2013 - lmuelle@suse.com
- Adjust group setting of the test-devel subpackage.
- Require perl-base from the pidl subpackage.
-------------------------------------------------------------------
Fri Jul 12 10:11:50 UTC 2013 - lmuelle@suse.com
- Remove libdir/samba/ldb after install if we're building Samba without
Active Directory Domain Controller support.
-------------------------------------------------------------------
Thu Jul 11 21:31:07 UTC 2013 - lmuelle@suse.com
- Remove unused ccache switch from the spec file.
-------------------------------------------------------------------
Thu Jul 11 20:42:23 UTC 2013 - lmuelle@suse.com
- BuildRequire docbook-xsl-stylesheets and libxslt-tools to build the
man pages and add them to the package again.
-------------------------------------------------------------------
Thu Jul 11 16:20:32 UTC 2013 - lmuelle@suse.com
- Build from the package from the top level directory; (bnc#794744).
- BuildRequire pytalloc-devel, python-tdb, and python-tevent.
- Also use out of tree builds of talloc, tdb, tevent, and ldb for pre-12.1
SUSE systems.
-------------------------------------------------------------------
Fri Jul 5 18:48:26 UTC 2013 - lmuelle@suse.com
- Remove the empty data dir from the doc package filelist.
- Explicitly use samba instead of the name macro to define the docbook dir.
-------------------------------------------------------------------
Tue Jul 2 09:49:54 UTC 2013 - lmuelle@suse.com
- Update to 4.0.7.
+ Fix a core dump with invalid lock order while opening/editing
or copying MS files; (bso#9794).
+ Fix crash bug from search of mail=; (bso#9967).
+ s3-rpc_server: Ensure we are root when starting and using gensec;
(bso#9465).
+ Add support for MX queries; (bso#9485).
+ dns: Delete dnsNode objects when they are empty; (bso#9559).
+ dns: Support larger queries when asking forwarder; (bso#9632).
+ s3:lib/server_mutex: Open mutex.tdb with CLEAR_IF_FIRST; (bso#9805).
+ Use of wrong RFC2307 primary group field; (bso#9880).
+ Check for system libtevent; (bso#9881).
+ is_printer_published GUID retrieval; (bso#9900).
+ Doc fixes for 4.0; (bso#9906).
+ Build fixes for 4.0 found during autoconf or debian packaging work;
(bso#9907).
+ build: Add missing new line to replaced python shebang line; (bso#9909).
+ PIE builds not supported; (bso#9910).
+ s4:winbind: Don't leak libnet_context into the main event context;
(bso#9929).
+ Fix a bug of drvupgrade of smbcontrol; (bso#9941).
+ Check for netbios aliases in ad_get_referrals; (bso#9947).
+ Fix tevent_poll on 32-bit machines (Coverity ID 989236); (bso#9953).
+ docs: Avoid mentioning a possibly misleading option; (bso#9964).
+ Fix build with system Heimdal of samba4kgetcred; (bso#9968).
-------------------------------------------------------------------
Mon Jul 1 17:34:32 UTC 2013 - lmuelle@suse.com
- Use SLE as product prefix for SUSE Linux Enterprise, oS for openSUSE, and
OBS for any other operating system to define the vendor string while build.
-------------------------------------------------------------------
Fri Jun 28 16:49:31 UTC 2013 - lmuelle@suse.com
- Remove ldapsmb from the main spec file.
-------------------------------------------------------------------
Wed Jun 26 13:55:13 UTC 2013 - lmuelle@suse.com
- Adjust ldapsmb and nmbstatus man page syntax required by a newer pod2man.
-------------------------------------------------------------------
Tue Jun 25 17:03:49 UTC 2013 - lmuelle@suse.com
- Don't bzip2 the main tar ball, use the upstream gziped one instead.
-------------------------------------------------------------------
Sun Jun 23 05:45:26 UTC 2013 - jengelh@inai.de
- Explicitly BuildRequire cyrus-sasl-devel, libattr-devel, and
libopenssl-devel.
-------------------------------------------------------------------
Wed Jun 5 11:45:41 UTC 2013 - ddiss@suse.com
- Fix libreplace license ambiguity; (bso#8997); (bnc#765270).
-------------------------------------------------------------------
Wed May 22 11:32:46 UTC 2013 - lmuelle@suse.com
- Update to 4.0.6.
+ Fix crash during Win8 sync; (bso#9822).
+ Fix segfault when loging in with wrong password from w2k8r2; (bso#9834).
+ Fix the username map optimization; (bso#9139).
+ Add support for PFC_FLAG_OBJECT_UUID when parsing packets; (bso#9382).
+ SMB2 server doesn't support recvfile; (bso#9412).
+ Fix the build of vfs_notify_fam; (bso#9545).
+ Fix adding case sensitive spn; (bso#9699).
+ Properly handle oplock breaks in compound requests; (bso#9722).
+ Properly handle oplock breaks in compound requests; (bso#9722).
+ Cache name_to_sid/sid_to_name correctly; (bso#9766).
+ Fix 'net ads join' when called via stdin; (bso#9767).
+ Fix segfault for "artificial" conn_structs in vfs_fake_perms; (bso#9775).
+ vfs_dirsort uses non-stackable calls, dirfd(), malloc instead of talloc and
doesn't cope with directories being modified whilst reading; (bso#9777).
+ Fix panic when running 'smbtorture smb.base'; (bso#9782).
+ Use specified python for runtime installation of Samba; (bso#9785).
+ Change '--with-dmapi' to 'default=auto' to match the autoconf build;
(bso#9803).
+ wafsamba: Display the default value in help for SAMBA3_ADD_OPTION;
(bso#9804).
+ wbinfo: Fix segfault in wbinfo_pam_logon; (bso#9807).
+ Package new dbwrap_tool man page; (bso#9809).
+ Old DOS SMB CTEMP request uses a non-VFS function to access
the filesystem; (bso#9811).
+ Fix 'map untrusted to domain' with NTLMv2; (bso#9817).
+ SMB signing and the async echo responder don't work together; (bso#9824).
+ Fix panic in nt_printer_publish_ads; (bso#9830).
+ talloc use after free in winbind4; (bso#9832).
+ Function called in unix_convert() path can overwrite errno; (bso#9833).
+ Fix NULL pointer dereference in Winbind; (bso#9854).
+ Fix making LIBNDR_PREG_OBJ; (bso#9868).
-------------------------------------------------------------------
Fri Apr 26 15:54:50 UTC 2013 - lmuelle@suse.com
- Remove disabled and anyhow obsoleted net-report and net_rpc_migrate patches.
-------------------------------------------------------------------
Tue Apr 9 10:07:28 UTC 2013 - lmuelle@suse.com
- Update to 4.0.5.
+ Fix large reads/writes from some Linux clients; (bso#9706).
+ Add 'samba-tool dbcheck --reset-well-known-acls'; (bso#9740).
+ Can't delegate adding computers to domain; (bso#9267).
+ Fix GNU ld version detection with old gcc releases; (bso#7825).
+ Never try to map global SAM name; (bso#9039).
+ Certain xattrs cause Windows error 0x800700FF; (bso#9130).
+ Samba returns unexpected error on SMB posix open; (bso#9519).
+ Fix build on AIX; (bso#9557).
+ libnss-winbindd does not provide pass struct for groups mapped with
ID_TYPE_BOTH and vice versa; (bso#9617).
+ Reauth-capable client fails to access shares on Windows member; (bso#9625).
+ PIDL: Fix parsing linemarkers in preprocessor output; (bso#9636).
+ Rename internal subsystem pdb_ldap to pdb_ldapsam; (bso#9639).
+ Fix the build of vfs_afsacl; (bso#9642).
+ Fix the build with --fake-kaserver; (bso#9643).
+ Fix compile of source3/lib/afs.c; (bso#9644).
+ Make SMB2_GETINFO multi-volume aware; (bso#9646).
+ idmap_autorid: Fix freeing of non-talloced memory; (bso#9653).
+ Work around FreeBSD's getaddrinfo() underscore issue; (bso#9656).
+ 'make test' hangs; (bso#9663).
+ Fix correct linking of libreplace with cmdline-credentials; (bso#9664).
+ Fix filtering of link-local addresses; (bso#9666).
+ Fix crash in 'net rpc join' against a Samba 3.0.33 PDC; (bso#9669).
+ Samba denies owner Read Control when there is a DENY entry while W2K08
does not; (bso#9674).
+ Fix several resource (fd) leaks; (bso#9683).
+ Fix a memory leak in spoolss rpc server; (bso#9685).
+ Fix a possible buffer overrun in pdb_smbpasswd; (bso#9686).
+ Fix several possible null pointer dereferences; (bso#9687).
+ Make sure that domain joins work correctly when the DC disallows NTLM
auth; (bso#9689).
+ Backport tevent changes to bring library to version 0.9.18; (bso#9695).
+ Remove incomplete samba_dnsupdate IPv6 link-local address check;
(bso#9696).
+ DsReplicaGetInfo fails due to sendto() EMSGSIZE error on UNIX
domain socket; (bso#9697).
+ Fix vfs_catia and update documentation; (bso#9701); (bnc#824833).
+ Fix build on solaris8: Do not force a specific perl on pod2man; (bso#9703).
+ Fix nss_winbind name on FreeBSD; (bso#9704).
+ s4:winbindd: Do not drop the workgroup name in the getgrnam, getgrent and
getgrgid calls; (bso#9711).
+ Set LD_LIBRARY_PATH in install_with_python.sh; (bso#9717).
+ s4-idmap: Remove requirement that posixAccount or posixGroup be set for
rfc2307; (bso#9718).
+ Allow forcing an override of an old @MODULES record; (bso#9719).
+ Do not print the admin password during 'samba-tool classicupgrade';
(bso#9720).
+ Make samba_upgradedns more robust (do not guess addresses when just
changing roles); (bso#9721).
+ Add a tool to migrate latin1 printing tdbs to registry; (bso#9723).
+ is_encrypted_packet() function incorrectly used inside server; (bso#9724).
+ upgradeprovision and 'samba-tool dbcheck' patches for 4.0.NEXT; (bso#9725).
+ Fix NULL pointer dereference; (bso#9727).
+ DO NOT install samba_upgradeprovision in 4.0.x; (bso#9728).
+ Fix 'smbcontrol close-share'; (bso#9733).
+ Fix Winbind separator in upn to username conversion; (bso#9735).
+ Change to smbd/dir.c code gives significant performance increases on large
directory listings; (bso#9736).
+ PIDL: Build fixes for hosts without CPP (Solaris 11); (bso#9739).
+ Make sure that we only propogate the INHERITED flag when we are allowed
to; (bso#9747).
+ Remove unneeded fstat system call from hot read path; (bso#9748).
+ Don't leak the epm_Map policy handle; (bso#9758).
+ Fix incorrect parsing of SMB2 command codes; (bso#9760).
- Update to 4.0.4.
+ Remove forced set of 'create mask' to 0777; CVE-2013-1863; (bnc#809624).
-------------------------------------------------------------------
Thu Mar 14 14:40:51 UTC 2013 - ddiss@suse.com
- Fix periodic printcap cache reloads; (bso#9650); (bnc#807334).
-------------------------------------------------------------------
Tue Feb 26 13:03:46 UTC 2013 - lmuelle@suse.com
- No longer use the cifs- or smbfstab named configuration file on post-12.2
systems; (bnc#804822); (bnc#821889).
-------------------------------------------------------------------
Mon Feb 25 13:08:58 UTC 2013 - lmuelle@suse.com
- Shift the smbfs init script nfs dependency from Required to Should.
-------------------------------------------------------------------
Mon Feb 11 19:24:27 UTC 2013 - ddiss@suse.com
- Fix SMB1 Session Setup AndX handling with a large krb PAC;
(bso#9658); (bnc#802031).
-------------------------------------------------------------------
Fri Feb 8 21:06:56 UTC 2013 - lmuelle@suse.com
- Point LD_LIBRARY_PATH to the just-built libraries while calling testparm to
generate the default share snippets on pre-12.2 systems.
-------------------------------------------------------------------
Fri Feb 8 11:34:33 UTC 2013 - ddiss@suse.com
- Explicitly configure --with-ads.
-------------------------------------------------------------------
Thu Feb 7 15:30:36 UTC 2013 - ddiss@suse.com
- Fix smbclient recursive mget EPERM handling; (bso#9633); (bnc#786350).
-------------------------------------------------------------------
Thu Feb 7 12:28:31 UTC 2013 - lmuelle@suse.com
- Remove superfluous quotation marks while setting the
SAMBA_VERSION_VENDOR_SUFFIX string.
-------------------------------------------------------------------
Wed Feb 6 14:24:40 UTC 2013 - sjayaraman@suse.de
- Do not restart the smbfs service on pre-11.3 systems during dhcp lease
renewal when the IP address remains the same; (bnc#800782).
-------------------------------------------------------------------
Tue Feb 5 15:17:40 UTC 2013 - lmuelle@suse.com
- Update to 4.0.3.
+ Fix ACL problem with delegation of privileges and deletion of accounts
over LDAP interface; add documentation; (bso##8909).
+ check_password_quality: Handle non-ASCII characters properly; (bso##9105).
+ Fix 'smbd' panic triggered by unlink after open; (bso##9571).
+ smbd: Fix memleak in the async echo handler; (bso##9549).
+ defer_open is triggered multiple times on the same request; (bso#9196).
+ Add extra attributes for AD printer publishing; (bso#9378).
+ FSMO seize of naming role fails: NT_STATUS_IO_TIMEOUT; (bso#9461).
+ Downgrade v4 printer driver requests to v3; (bso#9474).
+ samba_upgradeprovision: fix the nTSecurityDescriptor on more containers;
(bso#9481).
+ s3:smb2_negprot: set the 'remote_proto' value; (bso#9499).
+ waf assumes that pythonX.Y-config is a Python script; (bso#9503).
+ s4:drsuapi: Make sure we report the meta data from the cycle start;
(bso#9508).
+ wafsamba: Use additional xml catalog file; (bso#9512).
+ samba_dnsupdate: Set KRB5_CONFIG for nsupdate command; (bso#9517).
+ conn->share_access appears not be be reset between users; (bso#9518).
+ Remove superfluous bracket in samba.8.xml; (bso#9528).
+ Fix typo in vfs_tsmsm.8.xml; (bso#9530).
+ terminate the irpc_servers_byname() result with
server_id_set_disconnected(); (bso#9540).
+ Make use of posix_openpt; (bso#9541).
+ Fix build of vfs_commit and plug in async pwrite support; (bso#9544).
+ Fix aio_suspend detection on FreeBSD; (bso#9546).
+ Correctly detect O_DIRECT; (bso#9548).
+ sigprocmask does not work on FreeBSD to stop further signals in a signal
handler; (bso#9550).
+ smb.conf(5): Update list of available protocols; (bso#9552).
+ s4-resolve: Fix parsing of IPv6/AAAA in dns_lookup; (bso#9555).
+ Fix compilation of Solaris ACL module; (bso#9564).
+ Adding additional Samba 4.0 DC to W2k8 srv AD domain (in win200 functional
level) produces dbcheck errors; (bso#9565).
+ Add dbwrap_tool.1 manual page; (bso#9568).
+ Document the command line options in dbwrap_tool(1); (bso#9568).
+ ntlm_auth(1): Fix format and make examples visible; (bso#9569).
+ Fix file corruption during SMB1 read by Mac OSX 10.8.2 clients;
(bso#9572).
+ Fix a possible null pointer dereference in spoolss; (bso#9574).
+ Duplicate flags defined in the winbindd protocol; (bso#9575).
+ gensec: Allow login without a PAC by default; (bso#9581).
+ smbd: disk_free: sys_popen() failed" message logged in /var/log/message
many times; (bso#9586).
+ Archive flag is always set on directories; (bso#9587).
+ ACLs are not inherited to directories for DFS shares; (bso#9588).
+ Correct meta data in ldb manpages; (bso#9591).
+ s3-winbind: Fix the build of idmap_ldap; (bso#9595).
+ Linked attribute handling should be by GUID; (bso#9596).
+ Fix timeouts of some IRPC calls; (bso#9598).
+ Use pid,task_id as cluster_id in process_single just like process_prefork;
(bso#9598).
+ Add 'ldbdump' tool; general code and documentation cleanup; (bso#9609).
+ dsdb: Make secrets_tdb_sync cope with -H secrets.ldb; (bso#9610).
-------------------------------------------------------------------
Thu Jan 31 16:51:30 UTC 2013 - lmuelle@suse.com
- Update to 4.0.2.
+ Address SWAT security issues CVE-2013-0213 and CVE-2013-0214 which both
don't apply to any SUSE Samba post-3.6.10 as it isn't longer built.
+ Don't build and package static libraries.
-------------------------------------------------------------------
Thu Jan 31 16:14:06 UTC 2013 - lmuelle@suse.com
- Drop separate build-source-timestamp file as it led to a second, incorrect
Source Timestamp line.
-------------------------------------------------------------------
Wed Jan 23 15:53:50 UTC 2013 - ddiss@suse.com
- Add server-side copy support; (fate#314770).
+ Implement FSCTL_SRV_COPYCHUNK and FSCTL_SRV_REQUEST_RESUME_KEY handlers.
+ Add vfs_btrfs VFS module for optimized Btrfs clone-range ioctl usage.
-------------------------------------------------------------------
Mon Jan 21 22:29:32 UTC 2013 - lmuelle@suse.com
- Add filter against shlib-policy-name-error for /lib*/libnss_wins.so.2.
-------------------------------------------------------------------
Mon Jan 21 11:02:35 UTC 2013 - lmuelle@suse.com
- Disable SWAT during configure and don't package it any longer.
-------------------------------------------------------------------
Fri Jan 18 17:34:55 UTC 2013 - lmuelle@suse.com
- Remove dangling references to Heimdal from the spec file.
-------------------------------------------------------------------
Thu Jan 17 18:07:11 UTC 2013 - lmuelle@suse.com
- Remove /lib/samba prefix from the localstatedir configure option.
-------------------------------------------------------------------
Tue Jan 15 12:12:17 UTC 2013 - lmuelle@suse.com
- Update to 4.0.1.
+ Samba 4.0.0 as an AD DC may provide authenticated users with write access
to LDAP directory objects; CVE-2013-0172; (bnc#798364).
-------------------------------------------------------------------
Wed Jan 9 21:53:11 UTC 2013 - lmuelle@suse.com
- Add the missing get_printing_ticket binary path while calling the
set_permissions macro; (bnc#783375).
-------------------------------------------------------------------
Sun Dec 23 14:56:51 UTC 2012 - lmuelle@suse.com
- Use the version macro while definition of the branch macro.
-------------------------------------------------------------------
Wed Dec 19 22:52:28 UTC 2012 - lmuelle@suse.com
- Remove references to no longer used devel macros.
-------------------------------------------------------------------
Tue Dec 11 18:42:04 UTC 2012 - lmuelle@suse.com
- Update to 4.0.0.
+ Honor password complexity settings; (bso#9414).
+ Install SWAT *.msg files with waf; (bso#9415).
+ Fix netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon AES;
(bso#9438).
+ developer-build: Fix panic when acl_xattr fails with access denied;
(bso#9456).
+ Fix "map username script" with "security=ads" and Winbind; (bso#9457).
+ Install manpages only if we install the target; (bso#9459).
+ Respond correctly to FILE_STREAM_INFO requests; (bso#9460).
+ Users can not be given write permissions any more by default; (bso#9462).
+ Fix MMC crashes; (bso#9470).
+ Fix SEGV when using second vfs module; (bso#9471).
+ Support FIPS mode when building Samba; (bso#9479).
+ Fix ACL on "cn=partitions,cn=configuration"; (bso#9481).
-------------------------------------------------------------------
Tue Dec 11 11:41:59 UTC 2012 - lmuelle@suse.com
- netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon AES broken;
(bso#9438).
- s3:auth: fix create_token_from_sid() to not fail in the winbindd case;
(bso#9457).
- s4:dsdb/acl_read: return the nTSecurityDescriptor attr if the sd_flags
control is given; (bso#9470).
- Support FIPS mode when building Samba; (bso#9479).
- s4:provision: set the correct nTSecurityDescriptor; (bso#9481).
-------------------------------------------------------------------
Mon Dec 10 22:25:04 UTC 2012 - lmuelle@suse.com
- SEGV when using second vfs module; (bso#9471).
-------------------------------------------------------------------
Mon Dec 10 11:24:52 UTC 2012 - lmuelle@suse.com
- Update to 3.6.10.
+ Respond correctly to FILE_STREAM_INFO requests; (bso#9460).
+ Fix segfault when "default devmode" is disabled; (bso#9433).
+ Fix segfaults in "log level = 10" on Solaris; (bso#9390).
-------------------------------------------------------------------
Sun Dec 9 00:05:32 UTC 2012 - lmuelle@suse.com
- s3:smbd:vfs_acl: fix a PANIC when setting an ACL fails with ACCESS_DENIED;
(bso#9456).
- Install manpages only if we install the target; (bso#9459).
- Users can not be given write permissions any more by default; (bso#9462).
-------------------------------------------------------------------
Sat Dec 8 18:57:16 UTC 2012 - lmuelle@suse.com
- Fix MD5 detection in the autoconf build; (bso#9037); (bso#9086); (bso#9094);
(bso#9418).
- Use work around for 'winbind use default domain' only if it is set;
(bso#9367).
- Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend;
(bso#9374).
- large read requests cause server to issue malformed reply; (bso#9422).
- s3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(); (bso#9426).
- Fix ncacn_ip_tcp reconnection code for lsa lookups; (bso#9439).
- Allow to force DNS updates using net; (bso#9451).
- Respond correctly to FILE_STREAM_INFO requests; (bso#9460).
-------------------------------------------------------------------
Fri Dec 7 15:48:52 UTC 2012 - lmuelle@suse.com
- Update to 4.0.0rc6.
See WHATSNEW.txt from the samba-doc package.
-------------------------------------------------------------------
Tue Dec 4 14:29:48 UTC 2012 - lmuelle@suse.com
- On uninstall remove winbind from the pam configuration, invalidate the nscd
passwd and group cache and only recommend the install of nscd; (bnc#792340).
-------------------------------------------------------------------
Mon Dec 3 16:43:51 UTC 2012 - lmuelle@suse.com
- BuildRequire libnscd-devel once.
-------------------------------------------------------------------
Sun Dec 2 21:47:01 UTC 2012 - lmuelle@suse.com
- Remove obsoleted references to pre-9.4 SUSE systems; (bnc#792294).
- Add SUSE version depending pkg-config requires macro; (bnc#792294).
-------------------------------------------------------------------
Sun Dec 2 15:14:37 UTC 2012 - lmuelle@suse.com
- Define library names and use it instead of libldb1, libnetapi0,
libsmbclient0, libsmbsharemodes0, libtalloc2, libtdb1, libtevent0, and
libwbclient0; (bnc#792294).
- Provide and obsolete libsmbsharemodes for post-10.3 SUSE systems.
-------------------------------------------------------------------
Fri Nov 30 18:14:37 UTC 2012 - lmuelle@suse.com
- Don't clutter the spec file diff view; (bnc#783384).
-------------------------------------------------------------------
Wed Nov 28 13:08:20 UTC 2012 - jmcdonough@suse.com
- Fix fd leak causing 100% CPU in winbind on certain dc connection
failures; (bso#9436); (bnc#786677).
-------------------------------------------------------------------
Tue Nov 27 17:22:58 UTC 2012 - ddiss@suse.com
- Fix spoolss segfault when default devmode is disabled; (bso#9433);
(bnc#791183).
-------------------------------------------------------------------
Mon Nov 19 17:49:36 UTC 2012 - lmuelle@suse.com
- Update to 4.0.0rc5.
See WHATSNEW.txt from the samba-doc package.
-------------------------------------------------------------------
Fri Nov 16 18:23:42 UTC 2012 - lmuelle@suse.com
- ACL masks incorrectly applied when setting ACLs; (bso#9236).
- s3-kerberos: also try with AES keys, when decrypting tickets; (bso#9272).
- lib/replace: replace all *printf function if we replace snprintf; (bso#9390).
- lib/addns: don't depend on the order in resp->answers[]; (bso#9402).
-------------------------------------------------------------------
Tue Nov 13 17:26:15 UTC 2012 - lmuelle@suse.com
- s4:torture/smb2: improve the smb2.create.blob tes; (bso#9209).
- lib/krb5_wrap: request enc_types in the correct order; (bso#9272).
- Fix net ads join message for the dns domain; (bso#9326).
- docs-xml: fix use of <smbconfoption> tag; (bso#9345).
- s3-aio_pthread: Optimize aio_pthread_handle_completion; (bso#9359).
- s3:winbind: Failover if netlogon pipe is not available; (bso#9386).
-------------------------------------------------------------------
Thu Nov 1 20:26:19 UTC 2012 - lmuelle@suse.com
- Execute the run_permissions macro on pre-11.4 systems and else the
set_permission one if available.
-------------------------------------------------------------------
Mon Oct 29 19:48:51 UTC 2012 - lmuelle@suse.com
- Ensure adding the winbind group never can fail.
-------------------------------------------------------------------
Mon Oct 29 16:59:09 UTC 2012 - lmuelle@suse.com
- Create ntadmin group only if it doesn't yet exist.
-------------------------------------------------------------------
Mon Oct 29 12:10:41 UTC 2012 - lmuelle@suse.com
- Update to 3.6.9.
+ When setting a non-default ACL, don't forget to apply masks to
SMB_ACL_USER and SMB_ACL_GROUP entries; (bso#9236).
+ Winbind can't fetch user or group info from AD via LDAP; (bso#9147).
+ Fix segfault in smbd if user specified ports out for range; (bso#9218).
-------------------------------------------------------------------
Mon Oct 29 12:03:21 UTC 2012 - lmuelle@suse.com
- quota: Don't force the block size to 512; (bso#3272).
- Fix poll replacement to become a msleep replacement; (bso#8107).
- Fix wrong test == syntax in configure; (bso#8146).
- Fix --with(out)-sendfile-support option handling in autoconf; (bso#8344).
- Fix builtin forms order to match Windows again; (bso#8632).
- Fix RAW printing for normal users; (bso#8769); (bnc#790741).
- Initialise ticket to ensure we do not invalid memory; (bso#8788).
- Fix 'net rpc share allowedusers' to work with 2008r2; (bso#8966).
- Fix crash on null pam change pw response; (bso#9013).
- Connection to outbound trusted domain goes offline; (bso#9016).
- Increase debug level for info that the db is empty; (bso#9112).
- 'smbclient' can't connect to a Windows 7 server using NTLMv2; (bso#9117).
- Winbind can't fetch user or group info from AD via LDAP; (bso#9147).
- Open printers with the right access mask; (bso#9154).
- Fix makerpms.sh on RHEL; (bso#9165).
- Remove non-existent option '-Y' from winbindd manpage; (bso#9171).
- Add quota support for gfs2; (bso#9172).
- Make SMB2 compound request create/delete_on_close/close work as Windows;
(bso#9173).
- Empty SPNEGO packet can cause smbd to crash; (bso#9174).
- pam_winbind: Match more return codes when wbcGetPwnam has failed;
(bso#9177).
- Fix crash bug in idmap_hash; (bso#9188); (bnc#788159).
- SMB2 Create doesn't return correct MAX ACCESS access mask in blob;
(bso#9189).
- Fix service control for non-internal services; (bso#9192).
- Don't take 'state->te' as indication for "was_deferred"; (bso#9196).
- Parse of invalid SMB2 create blob can cause smbd crash; (bso#9209).
- Bad ASN.1 NegTokenInit packet can cause invalid free; (bso#9213).
- Fix segfault in smbd if user specified ports out for range; (bso#9218).
- Signing cannot be disabled for SMB2 by design, so fix the documentation
instead; (bso#9222).
- Fix NT_STATUS_IO_TIMEOUT during slow import of printers into registry;
(bso#9231).
- When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER
and SMB_ACL_GROUP entries; (bso#9236).
- lib-addns: ensure that allocated buffer are pre set to 0; (bso#9259).
- Make tdb robust against shrinking tdbs and improper CLEAR_IF_FIRST restart;
(bso#9268).
- Add support for reloading systemd services; (bso#9280).
-------------------------------------------------------------------
Fri Oct 26 17:40:15 UTC 2012 - lmuelle@suse.com
- Warn via the smbd log if AppArmor and "wide links" are in use; (bnc#783719).
-------------------------------------------------------------------
Wed Sep 26 18:07:49 UTC 2012 - lmuelle@suse.com
- Do not write the build date into the header of the default smb.conf as this
causses superfluous rebuilds of packages depending on samba; (bnc#781601).
-------------------------------------------------------------------
Wed Sep 26 13:42:41 UTC 2012 - lmuelle@suse.com
- Do not prerequire SuSEconfig.permissions as it's already enough and more
generic to depend on the permissions package; (bnc#782293).
-------------------------------------------------------------------
Mon Sep 17 12:00:22 UTC 2012 - lmuelle@suse.com
- Update to 3.6.8.
+ Fix crash bug in smbd caused by a blocking lock followed by close;
(bso#9084).
+ Fix Winbind panic if we couldn't find the domain; (bso#9135).
-------------------------------------------------------------------
Mon Sep 17 11:56:46 UTC 2012 - lmuelle@suse.com
- Backport FSCTL codes and fix segfault in smbstatus from master; (bso#9058).
- Fix bad call to memcpy source3/registry/regfio.c; (bso#9065).
- "Domain Users" incorrectly added as additional group on domain members;
(bso#9066).
- Use correct RID for "Domain Guests" primary group; (bso#9067).
- Fix crash bug in smbd caused by a blocking lock followed by close;
(bso#9084).
- Fix smbclient/tarmode panic when connecting to Windows 2000 clients;
(bso#9088).
- Fix refreshing of Kerberos tickets in Winbind; (bso#9098).
- Fix identification of idle clients in Winbind to avoid crashes and NDR
parsing errors; (bso#9104).
- Fix compilation with newer MIT Kerberos which hides internal symbols;
(bso#9111).
- Fix flooding the logs with records we don't find in pcap; (bso#9112).
- Initialize the print backend after we setup winreg; (bso#9122).
- Fix lprng job tracking errors; (bso#9123).
- Fix setting of "inherited" bit on inherited ACE's; (bso#9124).
- Fix Winbind panic if we couldn't find the domain; (bso#9135).
- Make 'smbclient allinfo' show the snapshot list; (bso#9137).
- Fix nfs quota support with Linux nfs4 mounts; (bso#9144).
- Valid open requests can cause smbd assert due to incorrect oplock handling
on delete requests; (bso#9150).
-------------------------------------------------------------------
Thu Sep 13 05:32:48 MDT 2012 - shargagan@novell.com
- NMB registration for a duplicate workstation fails with registration
refuse; (bso#9085); (bnc#770056).
-------------------------------------------------------------------
Thu Aug 16 14:18:35 UTC 2012 - lmuelle@suse.com
- Remove backup files caused by running configure in examples/VFS.
-------------------------------------------------------------------
Mon Aug 6 20:41:15 UTC 2012 - lmuelle@suse.com
- Update to 3.6.7.
+ Fix resolving our own "Domain Local" groups; (bso#9052); (bnc#779269).
+ Fix migrating printers while upgrading from 3.5.x; (bso#9026).
-------------------------------------------------------------------
Mon Aug 6 19:40:23 UTC 2012 - lmuelle@suse.com
- Correct documentation of "case sensitive"; (bso#8552).
- Printing fails in function cups_job_submit; (bso#8719).
- Fix kernel oplocks when uid(file) != uid(process); (bso#8974).
- Send correct responses to NT Transact Secondary when no data and no params
for the Trans2 calls are set; (bso#8989).
- Fix build without ads support; (bso#8996).
- Don't turn negative cache entries into valid idmappings; (bso#9002).
- Fix posix acl on gpfs; (bso#9003).
- Make vfs_gpfs less verbose in get/set_xattr functions; (bso#9022).
- Fix migrating printers while upgrading from 3.5.x; (bso#9026).
- Fix typo in set_re_uid() call when USE_SETRESUID selected in configure;
(bso#9034).
- Using asynchronous IO with SMB2 can return NT_STATUS_FILE_CLOSED in error
instead ofNT_STATUS_FILE_LOCK_CONFLICT; (bso#9040).
- Fix resolving our own "Domain Local" groups; (bso#9052); (bnc#779269).
- Fix build against CUPS 1.6; (bso#9055).
- Fix bugs in SMB2 credit handling code; (bso#9057).
- rpcclient: Fix bad call to data_blob_const; (bso#9062).
-------------------------------------------------------------------
Fri Jul 20 23:02:10 UTC 2012 - lmuelle@suse.com
- Create missing doc directories while install.
- Remove no longer existing Manifest file from install.
- Don't creat a link to non existend html man pages for swat.
- Don't call the no longer existing libsmbclient testsuit while build.
-------------------------------------------------------------------
Fri Jul 20 22:08:35 UTC 2012 - lmuelle@suse.com
- Configure with option --mandir instead --with-mandir.
- Remove obsoleted --with-rootsbindir, --with-nmbdsocketdir, and
--with-swatdir configure options.
-------------------------------------------------------------------
Thu Jul 19 11:12:48 UTC 2012 - lmuelle@suse.com
- Update to 4.0.0beta4.
See WHATSNEW.txt from the samba-doc package.
-------------------------------------------------------------------
Mon Jul 16 14:35:39 UTC 2012 - lmuelle@suse.com
- BuildRequire gcc, make, and patch; (bnc#771516).
-------------------------------------------------------------------
Wed Jul 11 17:52:50 UTC 2012 - lmuelle@suse.com
- ndr: fix push/pull DATA_BLOB with NDR_NOALIGN; (bso#9026); (bnc#770262).
-------------------------------------------------------------------
Wed Jul 11 14:20:48 UTC 2012 - lmuelle@suse.com
- Fix shell syntax in dhcpcd hook script; (bnc#769957).
-------------------------------------------------------------------
Wed Jun 27 21:22:11 UTC 2012 - lmuelle@suse.com
- Add missing int declaration to the net kdc lookup patch.
-------------------------------------------------------------------
Mon Jun 25 21:42:20 UTC 2012 - lmuelle@suse.com
- Update to 4.0.0beta2.
See WHATSNEW.txt from the samba-doc package.
-------------------------------------------------------------------
Mon Jun 25 19:46:31 UTC 2012 - lmuelle@suse.com
- Update to 3.6.6.
+ Fix possible memory leaks in the Samba master process; (bso#8970).
+ Fix uninitialized memory read in talloc_free(); (bnc#764577).
+ Fix joining of XP Pro workstations to 3.6 DCs; (bso#8373); (bnc#787983).
-------------------------------------------------------------------
Thu Jun 21 18:05:33 UTC 2012 - lmuelle@suse.com
- resolve_ads() code can return zero addresses and miss valid DC IP addresses;
(bso#8910).
- Can't join XP Pro workstations to 3.6.1 DC; (bso#8373); (bnc#787983).
- winbind can hang as nbt_getdc() has no timeout; (bso#8953).
- Fix crash bug in dns_create_probe when dns_create_update fails; (bso#8627)
- s3-pid: Catch with pid filename's change when config file is not smb.conf;
(bso#8714).
- Possible memory leaks in the main Samba process; (bso#8970).
- s3: Fix uninitialized memory read in talloc_free(); (bnc#764577).
- Treat exit_server_cleanly() as a "clean" shutdown; (bso#8971).
- Avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute(); (bso#8988).
- Winzip occasionally can not read files out of an open winzip dialog;
(bso#8311).
- s3-winbindd: call dump_core_setup after command line option has been parsed;
(bso#8975).
- Directory group write permission bit is set if unix extensions are enabled;
(bso#8972).
- s3: remove dependency on automake for "make everything"; (bso#8978).
- sd_has_inheritable_components segfaults on an SD that se_access_check
accepts; (bso#8811).
- smbclient's tarmode insists on listing excluded directories; (bso#8922).
- Notify code can miss a ChDir; (bso#8998).
- s3:smbd: add a fsp_persistent_id() function; (bso#8995).
-------------------------------------------------------------------
Fri Jun 4 10:11:56 UTC 2012 - lmuelle@suse.com
- Call autogen.sh even on post-12.1 SUSE systems.
-------------------------------------------------------------------
Fri Jun 1 23:01:11 UTC 2012 - lmuelle@suse.com
- Don't call autogen.sh on post-12.1 SUSE and post-14 Fedora systems.
- Recompile all IDL in any case.
-------------------------------------------------------------------
Fri Jun 1 14:18:58 UTC 2012 - lmuelle@suse.com
- BuildIgnore libtalloc and libtdb to prevent a package conflict on Fedora
systems.
-------------------------------------------------------------------
Thu May 31 15:48:11 UTC 2012 - lmuelle@suse.com
- Install talloc.pc only on pre-12.2 and non SUSE systems.
-------------------------------------------------------------------
Thu May 31 14:07:36 UTC 2012 - lmuelle@suse.com
- BuildRequire libldb-devel, libtalloc-devel, libtdb-devel, and
libtevent-devel on post-12.1 systems.
-------------------------------------------------------------------
Wed May 30 12:07:39 UTC 2012 - lmuelle@suse.com
- s3: Fix a segfault with debug level 3 on Solaris; (bso#8861).
- s3: wbinfo --lookup-sids "" crashes winbind; (bso#8904).
- smbd crashes when deleting directory and veto files are enabled; (bso#8837).
- winbind_krb5_locator only returns one IP address; (bso#8897).
- Wrong assertion/comparison: Compare value not pointer; (bso#8859).
- Inconsistent (with manpage) command-line switch for "help" in smbtree;
(bso#8831).
- Fix incorrect debug statement.
- Setting traverse rights fails to enable directory traversal when acl_xattr
in use; (bso#8857).
- Syslog broken owing to mistyping of debug_settings.syslog; (bso#8877).
- s3/ldap: remove outdated netscape ds 5 schema file; (bso#8869).
- s3-docs: fixes several typos; (bso#7938).
- s3-VFS: Fix building out-of-tree modules; (bso#8822).
- s3-docs: Add hint that setting "profile acls = yes" on normal shares can
cause trouble; (bso#7930).
- s3-pam_winbind: Fix the build with a newer iniparser library; (bso#8915).
- Avoid null dereference in initialize_password_db(); (bso#8920).
- s3:registry: implement values_need_update and subkeys_need_update in the
smbconf backend.
- s3:registry:reg_api: fix reg_queryvalue to not fail when values are
modified while it runs.
- s4:torture:rpc:spoolss: also initialize driverName before checking it in
test_PrinterData_DsSpooler().
- s3:registry: multiple cleanups, fixes, and optimisations.
- s3:auth/server_info: the primary rid should be in the groups rid array;
(bso#8798).
- s3-printing: Add new printers to registry; (bso#8554); (bso#8612);
(bso#8748).
- Fix the overwriting of errno before use in a DEBUG statement and use the
return value from store_acl_blob_fsp rather than ignoring it; (bso#8945).
- s3-auth: Don't lookup the system user in pdb; (bso#8944).
- s3-passdb: Fix negative SID->uid/gid cache handling; (bso#8952).
- Fix typo in pam_winbindd code; (bso#8957).
- Fix remove_duplicate_addrs2 previously it could leave zero addresses in the
list; (bso#8910).
- Slow but responsive DC can lock up winbindd; (bso#8943).
- Broken processing of %U with vfs_full_audit when force user is set;
(bso#8882).
-------------------------------------------------------------------
Mon May 15 11:54:41 UTC 2012 - lmuelle@suse.com
- Disable included build of ldb, talloc, tdb, and tevent on post-12.1 systems.
- BuildRequire libldb1-devel, libtalloc2-devel, libtdb1-devel, and
libtevent0-devel on post-12.1 systems.
-------------------------------------------------------------------
Wed May 2 13:17:54 UTC 2012 - lmuelle@suse.com
- Add PreReq /etc/init.d/nscd to the winbind package; (bnc#759731).
-------------------------------------------------------------------
Sat Apr 21 20:59:53 UTC 2012 - lmuelle@suse.com
- docs-xml: fix default name resolve order; (bso#7564).
- s3-aio-fork: Fix a segfault in vfs_aio_fork; (bso#8836).
- docs: remove whitespace in example samba.ldif; (bso#8789).
- s3-smbd: move print_backend_init() behind init_system_info(); (bso#8845);
(bnc#730769).
- s3-docs: Prepend '/' to filename argument; (bso#8826).
-------------------------------------------------------------------
Fri Apr 20 09:51:25 UTC 2012 - lmuelle@suse.com
- Update to 3.6.5.
- Restrict self granting privileges where security=ads for Samba post-3.3.16;
CVE-2012-2111; (bnc#757576).
-------------------------------------------------------------------
Fri Apr 13 18:18:52 CEST 2012 - ddiss@suse.de
- Remove all precompiled idl output to ensure any pidl changes take effect;
(bnc#757080).
-------------------------------------------------------------------
Tue Apr 10 16:13:34 UTC 2012 - lmuelle@suse.com
- Update to 3.6.4.
- Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe-
cution as the "root" user; PIDL based autogenerated code allows overwriting
beyond of allocated array; CVE-2012-1182; (bso#8815); (bnc#752797).
-------------------------------------------------------------------
Sun Mar 25 21:14:33 UTC 2012 - lmuelle@suse.de
- s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys;
(bso#8599).
- Correctly handle DENY ACEs when privileges apply; (bso#8797).
-------------------------------------------------------------------
Fri Mar 16 20:26:20 UTC 2012 - lmuelle@suse.de
- s3:smb2_server: fix a logic error, we should sign non guest sessions;
(bso8749).
- Allow vfs_aio_pthread to build as a static module; (bso#8723).
- s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for
persistent dbs; (#bso8527).
- s3: segfault in dom_sid_compare(bso#8567).
- Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER;
(bso#8768).
- s3-winbindd: Close netlogon connection if the status returned by the
NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771).
- s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599).
- Fix problem when calculating the share security mask, take priviliges into
account for the connecting user; (bso#8784).
-------------------------------------------------------------------
Thu Mar 15 11:44:55 CET 2012 - ddiss@suse.de
- Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups;
(bso#8807); (bnc#751454).
-------------------------------------------------------------------
Wed Mar 14 20:00:25 UTC 2012 - lmuelle@suse.de
- Remove obsoleted Authors lines from spec file for post-11.2 systems.
-------------------------------------------------------------------
Mon Feb 27 15:57:07 UTC 2012 - lmuelle@suse.de
- Make ldapsmb build with Fedora 15 and 16; (bso#8783).
- BuildRequire libuuid-devel for post-11.0 and other systems.
- Define missing python macros for non SUSE systems.
- PreReq to fillup_prereq and insserv_prereq only on SUSE systems.
- Always use cifstab instead of smbfstab on non SUSE systems.
-------------------------------------------------------------------
Mon Feb 20 22:17:17 UTC 2012 - lmuelle@suse.de
- Ensure AndX offsets are increasing strictly monotonically in pre-3.4
versions; CVE-2012-0870; (bnc#747934).
-------------------------------------------------------------------
Fri Feb 17 13:34:23 CET 2012 - ddiss@suse.de
- Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760); (bnc#741854).
-------------------------------------------------------------------
Thu Feb 16 11:00:37 CET 2012 - ddiss@suse.de
- s3-printing: fix crash in printer_list_set_printer(); (bso#8762);
(bnc#746825).
-------------------------------------------------------------------
Mon Feb 6 13:39:48 UTC 2012 - lmuelle@suse.de
- s3:winbindd fix a return code check; (bso#8406).
-------------------------------------------------------------------
Mon Feb 6 13:36:38 UTC 2012 - lmuelle@suse.de
- s3: Add rmdir operation to streams_depot; (bso#8733).
-------------------------------------------------------------------
Mon Feb 6 13:34:09 UTC 2012 - lmuelle@suse.de
- s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used();
(bso#8738); CVE-2013-0454; (bnc#811975).
-------------------------------------------------------------------
Mon Feb 6 13:30:53 UTC 2012 - lmuelle@suse.de
- s3:auth: fill the sids array of the info3 in
wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739).
-------------------------------------------------------------------
Mon Feb 6 13:26:26 UTC 2012 - lmuelle@suse.de
- s3:client: ignore SMBecho errors (the server may not support it);
(bso#8139).
-------------------------------------------------------------------
Mon Feb 6 13:14:05 UTC 2012 - lmuelle@suse.de
- Be more strict when using PAM_AUTH API from winbind if Kerberos auth is
enabled and don't unintentionally use a bogus domain name; (bso#8734).
-------------------------------------------------------------------
Mon Feb 6 13:07:57 UTC 2012 - lmuelle@suse.de
- smbclient fails with posix large reads; (bso#8727).
-------------------------------------------------------------------
Thu Feb 2 20:27:25 UTC 2012 - lmuelle@suse.de
- Use the smbfs init script on versions pre-11.3, or cifs in later versions;
(bnc#744614).
-------------------------------------------------------------------
Mon Jan 30 15:03:43 UTC 2012 - lmuelle@suse.de
- s3: Compile IDL files in autogen, some configure tests need this.
-------------------------------------------------------------------
Mon Jan 30 15:46:17 CET 2012 - fcrozat@suse.com
- Fixes various deadlocks in if-up.d / if-down.d when running under
systemd; (bnc#732395).
-------------------------------------------------------------------
Sun Jan 29 21:06:24 UTC 2012 - lmuelle@suse.de
- Update to 3.6.3.
+ Fix memory leak in parent smbd on connection; CVE-2012-0817; (bso#8724);
(bnc#743986).
-------------------------------------------------------------------
Thu Jan 26 14:15:38 UTC 2012 - lmuelle@suse.de
- Use spdx.org compliant license names for all packages.
-------------------------------------------------------------------
Wed Jan 25 20:16:10 UTC 2012 - lmuelle@suse.de
- Update to 3.6.2.
+ Make Winbind receive user/group information (bug #8371).
+ Several SMB2 fixes.
+ Fix a crash bug in the spoolss code.
+ Add new contributing FAQ announcing acceptance of corporate (C).
+ DeletePrinterDriverEx deletes files in use; (bso#4942); (bnc#742504).
+ Fix cli_write_and_x() against OS/2 print shares; (bso#5326).
+ Fix 'smbclient tar' for files greater than 8GB on BE machines; (bso#563);
(bnc#726145).
+ Remove pointless use_memory_krb5_ccache; (bso#7465).
+ Fix perl path; (bso#8176).
+ Grant credits in async interim responses (SMB2); (bso#8357).
+ Make Winbind receive user/group information; (bso#8371).
+ Fix Windows XP clients crashing smbd process every once in a while;
(bso#8384); (bnc#731571).
+ Make VFS op "streaminfo" stackable; (bso#8419).
+ Add an allocation pool to idmap_autorid; (bso#8444).
+ Fix SEGFAULT from net registry export on not zero terminated REG_SZ
values; (bso#8528).
+ Make DSO_EXPORTS_CMD more portable; (bso#8531).
+ readlink() on Linux clients fails if the symlink target is outside of the
share; (bso#8541).
+ smbclient posix_open command fails to return correct info on open file;
(bso#8542).
+ winbind_samlogon_retry_loop ignores logon_parameters flags; (bso#8548).
+ Fix setting the machine account password; (bso#8550).
+ Make SMB2 handle compound request headers in the same way as Windows;
(bso#8560).
+ Password change settings not fully observed; (bso#8561).
+ Fix double free error in talloc; (bso#8562).
+ Fix alignment in the non-extended-security negprot; (bso#8573).
+ Add systemd service files; (bso#8575).
+ Add systemd service files; (bso#8575).
+ smb2_flush: Don't send uninitialized memory; (bso#8579).
+ Enable inotify if sys or kernel inotify is available; (bso#8580).
+ Increase a debug level; (bso#8585).
+ libsmb: Only align unicode pipe_name; (bso#8586).
+ Fix marshalling of samr_ChangePasswordUser3; (bso#8591).
+ Don't limit the number of open dptrs for SMB2; (bso#8592).
+ Fix a crash bug in cldap_socket_recv_dgram(); (bso#8593).
+ Make cldap work over IPv6; (bso#8600).
+ Fix intermittent print job failures caused by character conversion errors;
(bso#8606).
+ Improve configure.in so it can be used outside the Samba source tree;
(bso#8607).
+ Winbind: Don't fail on users without a uid; (bso#8608).
+ Ensure we correctly calculate reply credits over all returned SMB2
replies; (bso#8614).
+ Fix migrate printer code; (bso#8618).
+ Fix crash bug when trying to browse Samba printers; (bso#8623).
+ libsmb: Don't duplicate Kerberos service tickets; (bso#8628).
+ POSIX ACE x permission becomes rx following mapping to and from a DACL;
(bso#8631).
+ When returning an ACL without SECINFO_DACL requested, we still set
SEC_DESC_DACL_PRESENT in the type field; (bso#8636).
+ Fix the vfs_commit module; (bso#8639).
+ Add an update function for Winbind cache; (bso#8643).
+ vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries
on a directory with no stored ACL; (bso#8644).
+ Document the "ignore system acls" option of vfs_acl_xattr and vfs_acl_tdb
vfs modules; (bso#8652).
+ Fix deleting a symlink if the symlink target is outside of the share;
(bso#8663).
+ Fix renaming a symlink if the symlink target is outside of the share;
(bso#8664).
+ Fix NT ACL issue; (bso#8673).
+ Fix buffer overflow issue with AES encryption in samba traffic analyzer;
(bso#8674).
+ Fix Winbind segfault if we can't map the last user; (bso#8678).
+ recvfile code path using splice() on Linux leaves data in the pipe on
short write; (bso#8679).
+ Try ctdbd_init_connection() as root; (bso#8684).
+ Packet validation checks can be done before length validation causing
uninitialized memory read; (bso#8686).
+ Fix typo in 'net memberships' usage; (bso#8687).
+ libads: Fix malloc/talloc mismatch in ads_keytab_verify_ticket();
(bso#8692).
+ Make DeletePrinterDriverEx remove printer driver files; (bso#8697)
(bnc#740810).
+ Fix major leak with SMB2 in connections.tdb; (bso#8710).
-------------------------------------------------------------------
Wed Jan 25 19:55:25 UTC 2012 - lmuelle@suse.de
- s3-spoolss: Pass the right pointer type; (bso#4942); (bnc#742504).
-------------------------------------------------------------------
Wed Jan 25 12:56:23 UTC 2012 - lmuelle@suse.de
- Use correct license, LGPLv3+ for libwbclient packages.
-------------------------------------------------------------------
Tue Jan 24 19:46:46 UTC 2012 - lmuelle@suse.de
- When returning an ACL without SECINFO_DACL requested, we still set
SEC_DESC_DACL_PRESENT in the type field; (bso#8636).
-------------------------------------------------------------------
Tue Jan 24 10:58:38 CET 2012 - ddiss@suse.de
- Fix incorrect types in the full_audit VFS module. Add null terminators to
audit log enums; (bnc#742885).
-------------------------------------------------------------------
Sun Jan 22 01:38:35 CET 2012 - ddiss@suse.de
- Prefix print$ path on driver file deletion; (bso#8697); (bnc#740810).
- Fix printer_driver_files_in_use() call ordering; (bso#4942); (bnc#742504).
-------------------------------------------------------------------
Sat Jan 21 21:23:08 UTC 2012 - lmuelle@suse.de
- Buffer overflow issue with AES encryption in samba traffic analyzer;
(bso#8674).
- NT ACL issue; (bso#8673).
- Deleting a symlink fails if the symlink target is outside of the share;
(bso#8663).
- connections.tdb - major leak with SMB2; (bso#8710).
-------------------------------------------------------------------
Wed Jan 18 20:55:14 UTC 2012 - lmuelle@suse.de
- Renaming a symlink fails if the symlink target is outside of the share;
(bso#8664).
-------------------------------------------------------------------
Tue Jan 17 12:04:12 UTC 2012 - lmuelle@suse.de
- Intermittent print job failures caused by character conversion errors;
(bso#8606).
- ads_keytab_verify_ticket mixes talloc allocation with malloc free;
(bso#8692).
- libcli/cldap: fix a crash bug in cldap_socket_recv_dgram(); (bso#8593).
- s3:lib/ctdbd_conn: try ctdbd_init_connection() as root; (bso#8684).
- s3-printing: fix migrate printer code; (bso#8618).
- Packet validation checks can be done before length validation causing
uninitialized memory read; (bso#8686).
-------------------------------------------------------------------
Mon Jan 16 16:41:18 UTC 2012 - lmuelle@suse.de
- net memberships usage info was wrong; (bso#8687).
- s3-libsmb: Don't duplicate kerberos service tickets; (bso#8628).
- Recvfile code path using splice() on Linux leaves data in the pipe on short
write; (bso#8679).
- s3-winbind: Fix segfault if we can't map the last user; (bso#8678).
- vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on
a directory with no stored ACL; (bso#8644).
- s3/doc: document the ignore system acls option of vfs_acl_xattr and
vfs_acl_tdb; (bso#8652).
- Winbind can't receive any user/group information; (bso#8371).
- s3-winbind: Add an update function for winbind cache; (bso#8643).
- s3: Attempt to fix the vfs_commit module.
- POSIX ACE x permission becomes rx following mapping to and from a DACL;
(#bso#8631).
- s3:libsmb: only align unicode pipe_name; (bso#8586).
- s3-winbind: Don't fail on users without a uid; (bso#8608).
- Crash when trying to browse samba printers; (bso#8623).
- talloc: double free error; (bso#8562).
- cldap doesn't work over ipv6; (bso#8600).
- s3:libsmb: fix cli_write_and_x() against OS/2 print shares; (bso#5326).
- SMB2: not granting credits for all requests in a compound request;
(bso#8614).
- smb2_flush sends uninitialized memory; (bso#8579).
- Password change settings not fully observed; (bso#8561).
- s3:smb2_server: grant credits in async interim responses; (bso#8357).
- s3:smbd: don't limit the number of open dptrs for smb2; (bso#8592).
- samr_ChangePasswordUser3 IDL incorrect; (bso#8591).
- idmap_autorid does not have allocation pool; (bso#8444).
- Add systemd service files.
- s3:libsmb: the workgroup in the non-extended-security negprot is not
aligned; (bso#8573).
- s3-build: Fix inotify detection; (bso#8580).
- SMB2 doesn't handle compound request headers in the same way as Windows;
(#bso8560).
- Disconnecting clients swamp the logs; (bso#8585).
- s3-netlogon: Fix setting the machinge account password; (bso#8550).
- winbind_samlogon_retry_loop ignores logon_parameters flags; (#bso8548).
- smbclient posix_open command fails to return correct info on open file;
(bso#8542).
- readlink() on Linux clients fails if the symlink target is outside of the
share; (bso#8541).
- s3-netapi: remove pointless use_memory_krb5_ccache; (bso#7465).
- s3:Makefile: make DSO_EXPORTS_CMD more portable; (bso#8531).
- s3:registry: fix the test for a REG_SZ blob possibly being a zero terminated
ucs2 string; (bso#8528).
- Make VFS op "streaminfo" stackable; (bso#8419).
-------------------------------------------------------------------
Tue Jan 3 12:04:48 CET 2012 - ddiss@suse.de
- Fix incorrect perfcount array length calculations; (bnc#739258).
-------------------------------------------------------------------
Wed Dec 21 12:59:18 UTC 2011 - coolo@suse.com
- BuildRequire autoconf to avoid implicit dependency for post-11.4 systems.
-------------------------------------------------------------------
Wed Dec 21 10:31:47 UTC 2011 - coolo@suse.com
- Remove call to suse_update_config macro for post-11.4 systems.
-------------------------------------------------------------------
Mon Dec 19 23:57:12 UTC 2011 - lmuelle@suse.de
- Use samba.org for the ldapsmb source location.
-------------------------------------------------------------------
Wed Dec 7 03:53:18 MST 2011 - shargagan@novell.com
- Fixing libsmbsharemode dependency on ldap and krb5 libs in Makefile;
(bnc #729516).
-------------------------------------------------------------------
Thu Nov 25 18:57:04 CET 2011 - ddiss@suse.de
- Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES;
(bso#8631); (bnc#732572).
-------------------------------------------------------------------
Fri Nov 25 12:10:25 UTC 2011 - lmuelle@suse.de
- Add ldap to Should-Start and Stop of the smb init script; (bnc#730046).
-------------------------------------------------------------------
Sun Nov 20 00:22:14 CET 2011 - ddiss@suse.de
- Fix smbd srv_spoolss_replycloseprinter() segfault; (bso#8384); (bnc#731571).
-------------------------------------------------------------------
Fri Nov 4 12:21:56 CET 2011 - ddiss@suse.de
- Fix pam_winbind.so segfault in pam_sm_authenticate(); (bso#8564).
-------------------------------------------------------------------
Tue Nov 1 23:11:41 CET 2011 - ddiss@suse.de
- Fix smbclient >8GB tars on big endian machines; (bso#563); (bnc#726145).
-------------------------------------------------------------------
Mon Oct 31 18:29:48 CET 2011 - ddiss@suse.de
- Fix typo in net ads join output; (bnc#713135).
-------------------------------------------------------------------
Thu Oct 27 20:00:16 UTC 2011 - lmuelle@suse.de
- Ignore a potentially missing AppArmor snippet helper script; (bnc#725256).
-------------------------------------------------------------------
Thu Oct 20 20:33:56 UTC 2011 - lmuelle@suse.de
- Update to 3.6.1.
+ Fix smbd crashes triggered by Windows XP clients; (bso#8384).
+ Fix a Winbind race leading to 100% CPU load; (bso#8409).
+ Several SMB2 fixes.
+ The VFS ACL modules are no longer experimental but production-ready.
+ Fix 'net ads join -k' when KRB5CCNAME is not set; (bso#7465).
+ smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509).
+ Return error of cli_push when 'put - /some/file' is used; (bso#7551).
+ Fix usage of cli_errstr(); (bso#7864).
+ Fix 'widelinks' regression; (bso#8229).
+ Empty notify servername; (bso#8236).
+ Add man vfs_aio_fork; (bso#8256).
+ smb2: smbd logs "Invalid SMB packet: first request: 0x0008" and crashes;
(bso#8334).
+ Add a fallback for missing open&x support in MAC OS/X Lion; (bso#8338).
+ While migrating forms, don't fail if the form already exists; (bso#8351).
+ OS/2 sends an unexpected write&x/read&x chain; (bso#8360).
+ Fix build of vfs_prealloc on SLES8; (bso#8363).
+ Fix the build of gpfs.c on RHEL 6.0 with gpfs 3.4.0-4; (bso#8364).
+ Fix the fallback to the deprecated spelling idmap:script; (bso#8368).
+ Fix vfs_chown_fsp; (bso#8370).
+ Fix smbd crashes triggered by Windows XP clients; (bso#8384).
+ Fix smbclient access to NT4 shares; (bso#8385).
+ Optimize serverid_exists() for Solaris; (bso#8395).
+ registry/reg_format.c must include includes.h; (bso#8401).
+ SMB2 server can return requests out-of-order when processing a compound
request; (bso#8407).
+ Fix a Winbind race leading to 100% CPU load; (bso#8409).
+ Fix "saving as" of MS Office 2007 (Word) documents on Samba shares with
SMB2; (bso#8412).
+ Fix 'getent group' if trusted domains are not reachable; (bso#8420).
+ Fix infinite loop in ACL module code; (bso#8422).
+ Fix wrong reply to DHnC (durable handle reconnect); (bso#8428).
+ Compound SMB2 requests on an IPC connection can corrupt the reply stream;
(bso#8429).
+ Fix segfault in iconv.c; (bso#8433).
+ NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames;
(bso#8442).
+ Be smarter about setting default permissions when a ACL_USER_OBJ isn't
given; (bso#8443).
+ Check the wct of the incoming SMBnegprot responses; (bso#8452).
+ Fix smbclient segfaults when dialect option -m is used for legacy
dialects; (bso#8453).
+ Fix uninitialized memory problem in group_sids_to_info3; (bso#8455).
+ Samba PDC is looking up only primary user group; (bso#8455).
+ IE9 on Windows 7 cannot download files to samba 3.5.11 share; (bso#8458).
+ smb2_find uses a hard coded max reply size of 0x10000 instead of
smb2_max_trans; (bso#8473).
+ SMB2 create doesn't cope with an Apple client using NULL blob in create;
(bso#8474).
+ Don't call smbd_terminate_connection in smb2_validate_message_id();
(bso#8476).
+ Samba asserts when SMB2 client breaks the crediting rules; (bso#8476).
+ Map to guest can return uninitialized blob of data; (bso#8477).
+ acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480).
+ DFS breaks zip file extracting unless "follow symlinks = no" set;
(bso#8493).
+ Remove "experimental" label on VFS ACL modules; (bso#8494).
+ SMB2_OP_CANCEL requests don't have to be signed; (bso#8503).
+ smbd doesn't correctly honor the "force create mode" bits from a cifsfs
create; (bso#8507).
+ Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER;
(bso#8509).
+ Disallow "." in can_set_delete_on_close(); (bso#8515).
+ SMB2 create call returns incorrect file allocation size; (bso#8518).
+ Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements;
(bso#8520).
+ Winbind cache timeout expiry test was reversed; (bso#8521).
-------------------------------------------------------------------
Tue Oct 18 21:27:31 UTC 2011 - lmuelle@suse.de
- s3/doc: add man page for aio_fork vfs module.
-------------------------------------------------------------------
Tue Oct 18 21:23:57 UTC 2011 - lmuelle@suse.de
- Fix uninitialized memory problem in group_sids_to_info3; (bso#8455).
-------------------------------------------------------------------
Tue Oct 18 21:11:37 UTC 2011 - lmuelle@suse.de
- s3: Samba PDC is looking up only primary user group; (bso#8455).
-------------------------------------------------------------------
Tue Oct 18 18:33:34 UTC 2011 - lmuelle@suse.de
- Add script to create or update an AppArmor sniplet with permissions for all
Samba shares; (bnc#688040).
-------------------------------------------------------------------
Tue Oct 18 19:34:00 CEST 2011 - jmcdonough@suse.de
- Add "ldapsam:login cache" parameter to allow explicit disabling
of the login cache; (bnc#723261).
-------------------------------------------------------------------
Fri Oct 14 14:00:57 CEST 2011 - ddiss@suse.de
- Retain the smbd startproc return value for correct startup status reporting.
unset was incorrectly being called prior to rc_status; (bnc#723724).
-------------------------------------------------------------------
Fri Oct 14 11:46:53 CEST 2011 - ddiss@suse.de
- Prevent deadlock in systemd triggered by if-down.d handler on shutdown;
(bnc#721598).
-------------------------------------------------------------------
Thu Oct 13 19:44:22 UTC 2011 - lmuelle@suse.de
- smb2_find uses a hard coded max reply size of 0x10000 instead of
smb2_max_trans; changed defaults and documentation (bso8473).
-------------------------------------------------------------------
Thu Oct 13 12:13:27 UTC 2011 - lmuelle@suse.de
- Empty CIFS share can be blocked for other clients by deleting it via empty
path (DELETE_PENDING until the last client); (bso#8515).
-------------------------------------------------------------------
Wed Oct 12 19:48:02 UTC 2011 - lmuelle@suse.de
- winbindd cache timeout expiry test was reversed; (bso#8521).
-------------------------------------------------------------------
Wed Oct 12 19:40:16 UTC 2011 - lmuelle@suse.de
- Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements; (bso#8520).
-------------------------------------------------------------------
Wed Oct 12 16:33:39 UTC 2011 - lmuelle@suse.de
- s3:smb2_create: fix allocation size return value when opening existing
files; (bso#8518).
-------------------------------------------------------------------
Wed Oct 12 16:28:41 UTC 2011 - lmuelle@suse.de
- SMB2 create doesn't cope with an Apple client using NULL blob in create;
(bso#8474).
-------------------------------------------------------------------
Wed Oct 12 16:21:50 UTC 2011 - lmuelle@suse.de
- NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames;
(bso#8442).
-------------------------------------------------------------------
Wed Oct 12 16:13:58 UTC 2011 - lmuelle@suse.de
- s3-docs: Fix bug (bso#7908) and typo.
-------------------------------------------------------------------
Mon Oct 10 15:00:19 UTC 2011 - lmuelle@suse.de
- Return error of cli_push when 'put - /some/file' is used; (bso#7551).
-------------------------------------------------------------------
Mon Oct 10 14:57:48 UTC 2011 - lmuelle@suse.de
- Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER; (bso#8509).
-------------------------------------------------------------------
Mon Oct 10 14:53:48 UTC 2011 - lmuelle@suse.de
- smbd doesn't correctly honor the "force create mode" bits from a cifsfs
create; (bso#8507).
-------------------------------------------------------------------
Mon Oct 10 14:49:21 UTC 2011 - lmuelle@suse.de
- Default user entry is set to minimal permissions on incoming ACL change with
no user specified; (bso#8443).
-------------------------------------------------------------------
Mon Oct 10 14:42:10 UTC 2011 - lmuelle@suse.de
- smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509).
-------------------------------------------------------------------
Mon Oct 10 14:36:05 UTC 2011 - lmuelle@suse.de
- Handle the SECINFO_LABEL flag in the same was as Win2k3; enable Microsoft
Internet Explorer 9 on Windows 7 to download files; (bso#8458).
-------------------------------------------------------------------
Mon Oct 10 14:31:05 UTC 2011 - lmuelle@suse.de
- DFS breaks zip file extracting unless "follow symlinks = no" set;
(bso#8493).
-------------------------------------------------------------------
Mon Oct 10 14:28:08 UTC 2011 - lmuelle@suse.de
- s3-docs: Fix typos.
-------------------------------------------------------------------
Mon Oct 10 14:24:55 UTC 2011 - lmuelle@suse.de
- s3:smb2_server: SMB2_OP_CANCEL requests don't have to be signed; (bso#8503).
-------------------------------------------------------------------
Mon Oct 10 14:18:42 UTC 2011 - lmuelle@suse.de
- Remove "experimental" label on VFS ACL modules; (bso#8494).
-------------------------------------------------------------------
Mon Oct 10 14:07:40 UTC 2011 - lmuelle@suse.de
- acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480).
-------------------------------------------------------------------
Mon Oct 10 13:59:43 UTC 2011 - lmuelle@suse.de
- s3-smbd: asserts when SMB2 client breaks the crediting rules; (bso#8476).
-------------------------------------------------------------------
Mon Oct 10 13:55:35 UTC 2011 - lmuelle@suse.de
- s3-libnet: allow to use default krb5 ccache in libnet_Join/libnet_Unjoin;
(bso#7465).
-------------------------------------------------------------------
Mon Oct 10 13:52:16 UTC 2011 - lmuelle@suse.de
- smb2_find uses a hard coded max reply size of 0x10000 instead of
smb2_max_trans; (bso#8473).
-------------------------------------------------------------------
Mon Oct 10 13:49:45 UTC 2011 - lmuelle@suse.de
- s3-netapi: allow to use default krb5 credential cache for libnetapi users.
-------------------------------------------------------------------
Mon Oct 10 13:43:47 UTC 2011 - lmuelle@suse.de
- s3-docs: document -k switch in net manpage.
-------------------------------------------------------------------
Mon Oct 10 13:35:58 UTC 2011 - lmuelle@suse.de
- Map to guest can return uninitialized blob of data; (bso#8477).
-------------------------------------------------------------------
Mon Oct 10 13:32:39 UTC 2011 - lmuelle@suse.de
- s3-registry: registry/reg_format.c must include includes.h; (bso#8401).
-------------------------------------------------------------------
Mon Oct 10 13:29:19 UTC 2011 - lmuelle@suse.de
- smbclient segfaults when option -m is used for legacy dialects; (bso#8453).
-------------------------------------------------------------------
Mon Oct 10 13:24:11 UTC 2011 - lmuelle@suse.de
- Fix 'widelinks' regression intro'd in 3.2; (bso#8229).
-------------------------------------------------------------------
Mon Oct 10 13:20:41 UTC 2011 - lmuelle@suse.de
- Compound SMB2 requests on an IPC connection can corrupt the reply stream;
(bso#8429).
-------------------------------------------------------------------
Mon Oct 10 13:11:08 UTC 2011 - lmuelle@suse.de
- s3-spoolss: Fix bug forms migration; (bso#8351).
-------------------------------------------------------------------
Mon Oct 10 13:04:02 UTC 2011 - lmuelle@suse.de
- s3:libsmb: check the wct of the incoming SMBnegprot responses; (bso#8452).
-------------------------------------------------------------------
Mon Oct 10 12:58:36 UTC 2011 - lmuelle@suse.de
- s3: Do not fork the echo handler for smb2; (bso#8334).
-------------------------------------------------------------------
Mon Oct 10 12:54:11 UTC 2011 - lmuelle@suse.de
- s3-spoolss: Fix bug empty notify servername; (bso#8236).
-------------------------------------------------------------------
Mon Oct 10 12:50:26 UTC 2011 - lmuelle@suse.de
- SMB2 server can return requests out-of-order when processing a compound
request; (bso#8407).
-------------------------------------------------------------------
Fri Oct 7 10:40:49 UTC 2011 - lmuelle@suse.de
- Remove smb child crash fix. The issue had been fixed upstream differently.
-------------------------------------------------------------------
Sun Oct 2 16:23:19 UTC 2011 - lmuelle@suse.de
- BuildRequire ctdb-devel version greater than 1.0.105 for post-10.0 systems.
-------------------------------------------------------------------
Tue Sep 27 17:56:52 CEST 2011 - hhetter@suse.de
- Fix samba duplicates file content on appending. Move posix case semantics
out from under the VFS; (bso#6898); (bnc#681208).
-------------------------------------------------------------------
Wed Sep 21 22:09:00 CEST 2011 - jmcdonough@suse.de
- Make winbind child reconnect when remote end has closed, fix
failing sudo; (bso#7295); (bnc#569721).
-------------------------------------------------------------------
Fri Sep 9 13:08:58 UTC 2011 - lmuelle@suse.de
- Spec file cleanup as suggested by the spec-cleaner tool.
+ Make all BuildRequires, PreReq, and Provides a separate line.
+ Use %{buildroot} instead of ${RPM_BUILD_ROOT}.
+ Use straight commands instead of macros (make, install).
+ Use -p in post and postun if we only call one command.
+ Use %{_localstatedir} instead of %{_var} in the filelist.
+ Remove superfluous AutoReqProv on lines.
-------------------------------------------------------------------
Thu Sep 8 19:29:36 UTC 2011 - lmuelle@suse.de
- Remove %release from all Provides.
-------------------------------------------------------------------
Thu Sep 1 20:54:52 UTC 2011 - lmuelle@suse.de
- Fix segfault in iconv.c which caused a null pointer dereference; (bso#8433).
-------------------------------------------------------------------
Wed Aug 31 16:10:03 UTC 2011 - lmuelle@suse.de
- Use /var/run for the cifs state file in the init script too; (bnc#710304).
-------------------------------------------------------------------
Tue Aug 30 21:38:12 UTC 2011 - lmuelle@suse.de
- Microsoft Word from Microsoft Office 2007 fails to save as on a share with
SMB2; (bso#8412).
-------------------------------------------------------------------
Tue Aug 30 21:29:07 UTC 2011 - lmuelle@suse.de
- Use sys_write and sys_read in fork_domain_child to fix a winbind race
leading to 100% CPU usage; (bso#8409).
-------------------------------------------------------------------
Tue Aug 30 18:41:20 UTC 2011 - lmuelle@suse.de
- Fix wrong reply to smb2 durable handle reconnect (DHnC) request; (bso#8428).
-------------------------------------------------------------------
Tue Aug 30 18:31:29 UTC 2011 - lmuelle@suse.de
- Fix infinite loop in ACL module code; (bso#8422).
-------------------------------------------------------------------
Mon Aug 29 19:28:54 UTC 2011 - lmuelle@suse.de
- Fix getent group if trusted domains are not reachable; (bso#8420).
-------------------------------------------------------------------
Mon Aug 29 16:51:58 UTC 2011 - lmuelle@suse.de
- smbclient can't access a NT4 share since 3.6.0; (bso#8385).
-------------------------------------------------------------------
Sat Aug 27 19:38:01 UTC 2011 - lmuelle@suse.de
- Optimize serverid_exists() for Solaris; (bso#8395).
-------------------------------------------------------------------
Sat Aug 27 19:29:37 UTC 2011 - lmuelle@suse.de
- talloc:
+ check block count after references test.
+ added test suite for talloc_free_children().
+ license info erratum in the manpage.
+ fix typos and better differentiation between versions 1 and 2.
+ preserve context name on talloc_free_children().
+ ensure the sibling linked list remains valid during a free.
-------------------------------------------------------------------
Sat Aug 27 18:50:21 UTC 2011 - lmuelle@suse.de
- vfs_chown_fsp returned in the wrong directory; (bso#8370).
-------------------------------------------------------------------
Sat Aug 27 18:46:40 UTC 2011 - lmuelle@suse.de
- Remove irritating "." targets when recent system libs exist; (bso#8369).
-------------------------------------------------------------------
Sat Aug 27 18:39:50 UTC 2011 - lmuelle@suse.de
- Correctly initialize "idmap config * : script" with NULL; (bso#8368).
-------------------------------------------------------------------
Sat Aug 27 18:31:11 UTC 2011 - lmuelle@suse.de
- Add missing include to suppress compiler warnings; (bso#8365).
-------------------------------------------------------------------
Sat Aug 27 18:21:54 UTC 2011 - lmuelle@suse.de
- Point the chain offset beyond the current request; (bso#8360).
-------------------------------------------------------------------
Sat Aug 27 18:11:27 UTC 2011 - lmuelle@suse.de
- Fix gpfs vfs module build; (bso#8364).
-------------------------------------------------------------------
Sat Aug 27 18:05:29 UTC 2011 - lmuelle@suse.de
- Make vfs_prealloc even build on older systems; (bso#8363).
-------------------------------------------------------------------
Sat Aug 27 17:56:13 UTC 2011 - lmuelle@suse.de
- Do central cli_set_error and return the actual NTSTATUS; (bso#7864).
-------------------------------------------------------------------
Sat Aug 27 17:42:48 UTC 2011 - lmuelle@suse.de
- Add a fallback for missing open&x support in OS/X Lion; (bso#8338).
-------------------------------------------------------------------
Tue Aug 9 12:29:16 UTC 2011 - lmuelle@suse.de
- Update to 3.6.0.
+ BUG 7462: Make SA_RESETHAND conditional on its existance.
+ BUG 8303: db_ctdb_send_schedule_for_deletion() is not defined.
+ BUG 8324: smbclient cannot list directories from a big-endian machine.
+ BUG 8326: WinXP cannot join a Samba3 domain with a 'even' hostname.
+ BUG 8327: Fix the reload of the configuration, also reload activated
registry shares.
+ BUG 8328: Cleanup of idmap_tdb2 code.
+ BUG 8330: Fix NFSv4 ACL merging logic.
+ BUG 8335: File copy aborts with smb2_validate_message_id: bad message_id.
+ BUG 8341: Fix segfault in libsmbclient.
+ BUG 8343: Fix SMB2 crash reading with aio_fork beyond the end of file.
+ BUG 8347: Fix regression for HP-UX, AIX and OSF.
+ BUG 8357: Make sure we grant credits on async read/write operations.
+ BUG 8358: Fix a bug in run_poll_events().
+ BUG 8362: Fix build issue on old glibc systems.
-------------------------------------------------------------------
Mon Aug 8 15:03:53 UTC 2011 - lmuelle@suse.de
- Remove references to disabled vscan build.
-------------------------------------------------------------------
Thu Aug 4 17:12:25 UTC 2011 - lmuelle@suse.de
- Add missing define, includes, and initialization to get_printing_ticket.
-------------------------------------------------------------------
Thu Aug 4 10:40:57 UTC 2011 - lmuelle@suse.de
- Use /var/run for the cifs state file; (bnc#710304).
-------------------------------------------------------------------
Mon Aug 1 21:28:25 UTC 2011 - lmuelle@suse.de
- Fix #ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION issue; (bso#8303).
-------------------------------------------------------------------
Mon Aug 1 21:24:37 UTC 2011 - lmuelle@suse.de
- File copy aborts with smb2_validate_message_id: bad message_id; (bso#8335).
-------------------------------------------------------------------
Sun Jul 31 14:26:37 UTC 2011 - lmuelle@suse.de
- Fix reload of the configuration and also reload activated registry shares;
(bso#8327).
-------------------------------------------------------------------
Sun Jul 31 14:22:21 UTC 2011 - lmuelle@suse.de
- WinXP cannot join a Samba3 domain with a 'even' hostname; (bso#8326).
-------------------------------------------------------------------
Thu Jul 28 13:09:58 UTC 2011 - lmuelle@suse.de
- smbclient cannot list directories from a big-endian machine; (bso#8324).
-------------------------------------------------------------------
Wed Jul 27 01:40:00 UTC 2011 - lmuelle@suse.de
- Update to 3.6.0rc3.
+ BUG 7841: Explicitly pass domain_sid to wbint_LookupRids().
+ BUG 7888: Deal with buggy 3.0 based PDCs.
+ BUG 8083: Fix "inherit owner = yes" with vfs_acl_xattr or vfs_acl_tdb
module.
+ BUG 8102: Do not allow to change file ACLs from normal domusers.
+ BUG 8102: Do not allow to change file ACLs from normal domusers.
+ BUG 8193: Add new command 'enumerate_recursive'.
+ BUG 8195: Make rpc client code working against NT4 servers.
+ BUG 8211: Fix "inherit owner = yes" when "inherit permissions = yes" is
set.
+ BUG 8213: Fixes in idmap_autorid.
+ BUG 8214: Fix smbd crash on printer driver upgrade.
+ BUG 8215: Fix Winbind unix username lookup.
+ BUG 8216: Make Winbind returning correct results with 'sids2xids'.
+ BUG 8217: Do not stat-check the share path in 'net conf addshare'.
+ BUG 8219: Fix SMB Panic from Windows 7 client.
+ BUG 8224: Fix the build on FreeBSD.
+ BUG 8226: Use c99 initializers which are supported by old gcc 2.95
compilers.
+ BUG 8230: Move .nmbd socket directory to non-hidden name PREFIX/var/nmbd.
+ BUG 8231: Fix crash bug in 'net cache get'.
+ BUG 8235: Fix smbd crash on startup caused by migrate_printer().
+ BUG 8240: Fix Valgrind warnings in winreg/spoolss code.
+ BUG 8244: Fix copying files larger than 2 GB to a Samba share.
+ BUG 8247: Fix Coverity ID 2582: FORWARD_NULL.
+ BUG 8253: Fix Winbind panic if verify_idpool() fails.
+ BUG 8254: Fix "acl check permissions = no".
+ BUG 8260: Fix DCERPC responses with fragments larger than 1024 bytes.
+ BUG 8262: Fix build of vfs_commit.
+ BUG 8263: Fix build with --with-fake-kaserver or --with-vfs-afsacl.
+ BUG 8264: Fix Valgrind bugs in svcctl.
+ BUG 8276: Close all sockets attached to a subnet in close_subnet().
+ BUG 8278: Fix smbd panic when CTDB is unhealthy.
+ BUG 8281: Fix build of examples/VFS/*.
+ BUG 8286: Fix smbd crash on premature end of smb2 conn.
+ BUG 8292: Fix a major architectural flaw in the SMB2 server code.
+ BUG 8293: Fix log file rotating in SMB2.
+ BUG 8304: Fix uninitialized variable in error path.
+ BUG 8305: Fix segfault in nmbd when using 'smbtree ...'..
+ BUG 8307: brl_close_fnum does not call SMB_VFS_BRL_UNLOCK_WINDOWS on all
locks.
+ BUG 8310: toupper_ascii() is broken on big-endian systems.
+ BUG 8314: Fix smbd crash with unknown user.
+ Mark 'time offset' parameter as deprecated.
-------------------------------------------------------------------
Tue Jul 26 23:57:01 UTC 2011 - lmuelle@suse.de
- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are
affected by a cross-site scripting vulnerability; CVE-2011-2694; (bso#8289);
(bnc#708503).
-------------------------------------------------------------------
Tue Jul 26 20:44:01 UTC 2011 - lmuelle@suse.de
- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are
affected by a cross-site request forgery; CVE-2011-2522; (bso#8290);
(bnc#705241).
-------------------------------------------------------------------
Mon Jul 25 07:35:04 MDT 2011 - shargagan@novell.com
- Fixed the DFS referral response for msdfs root; (bnc#703655).
-------------------------------------------------------------------
Wed Jul 20 11:05:27 CEST 2011 - ddiss@suse.de
- Fix CUPS print job IDs; (bso#7288); (bnc#701257).
-------------------------------------------------------------------
Thu Jul 14 10:26:22 UTC 2011 - lmuelle@suse.de
- Make use of the actual library version as part of the package name on
post-11.3 systems only.
-------------------------------------------------------------------
Mon Jul 11 21:01:00 CEST 2011 - jmcdonough@suse.de
- Fix winbind internal error; (bso#7636); (bnc#659424).
-------------------------------------------------------------------
Mon Jul 11 16:21:23 CEST 2011 - ddiss@suse.de
- Improve ctdb vacuuming performance with use of SCHEDULE_FOR_DELETION;
(bnc#705170).
-------------------------------------------------------------------
Mon Jun 20 17:28:46 CEST 2011 - ddiss@suse.de
- Specify nmbdsocketdir at configure time; (bnc#700953).
-------------------------------------------------------------------
Thu Jun 9 14:58:08 UTC 2011 - lmuelle@suse.de
- Build the tdb, talloc, and tevent libraries ahead of anything else.
-------------------------------------------------------------------
Tue Jun 7 21:02:45 UTC 2011 - jmcdonough@suse.de
- Update to 3.6.0rc2.
+ BUG 6911: Fix Kerberos authentication from Vista to Samba.
+ BUG 8166: Don't lockout users when offline.
+ BUG 8200: Add support for multiple writeable ldap idmap domains.
+ BUG 8148: Default to protocol version 2 for SMB Traffic Analyzer.
+ BUG 7054: Fix X account flag when "pwdlastset" is "0".
+ BUG 8144: Fix setting timestamp when touching files with CIFS clients.
+ BUG 8153: Fix setting up getaddrinfo on IPv6-only machines.
+ BUG 8156: Fix 'net ads join' using the user's Kerberos ticket.
+ BUG 8157: Fix parsing a cups printcap file.
+ BUG 8175: Fix smbd deadlock.
+ BUG 8189: Support shadow copy display over SMB2.
+ BUG 8197: Winbind does not properly detect when a DC connection is dead.
+ BUG 8203: Winbind needs to reset the DC connection if an RPC times out.
-------------------------------------------------------------------
Mon Jun 06 10:30:00 CEST 2011 - mrsb@novell.com
- Make cupsaddsmb fill printers location; (bso#8132); (bnc#698209).
-------------------------------------------------------------------
Fri Jun 03 21:19:00 CEST 2011 - lpechacek@suse.cz
- Add "winbind max clients" parameter to remove 200-client
limit; (bnc#697461).
-------------------------------------------------------------------
Fri Jun 03 20:40:00 CEST 2011 - jmcdonough@suse.de
- Disable logon cache for password lockout consistency when
running in a cluster; (bnc#694836).
-------------------------------------------------------------------
Fri May 27 04:46:48 CEST 2011 - jmcdonough@suse.de
- Fix logon of AD users with many group memberships; (bso#6911);
(bnc#657026).
-------------------------------------------------------------------
Wed May 25 14:23:54 CEST 2011 - jmcdonough@suse.de
- Don't lockout users while offline; (bso#8166); (bnc#692607).
-------------------------------------------------------------------
Mon May 23 18:15:17 UTC 2011 - lmuelle@suse.de
- Update to 3.6.0rc1.
+ BUG 8111: CIFS VFS: Fix unexpected error on SMB posix open.
+ BUG 8112: POSIX extension opens of a directory are denied with EISDIR.
+ BUG 8132: Fix filling printers location field when using cups.
+ Remove fstrings from client struct.
+ BUGFIX when converting from safe_strcpy to strlcpy.
+ Fix off-by-one calculations with strlcpy.
+ Ensure we always write the correct incoming mid into the share mode table
entries.
+ Fix the SMB2 oplock showstopper.
+ Convert user-specified domain to uppercase in libsmb.
+ Fix Coverity CID #2302: FORWARD_NULL.
+ Fix cups_pull_comment_location().
+ Fix double free of cups request.
+ Make cups_pull_comment_location() work again.
+ Fix potential crash bug in display_print_driver3().
+ Properly clean up in pthreadpool_init in case of failure.
+ Make plaintext session setup async.
+ Reduce fd load in Winbind children.
+ Avoid a potential 100% CPU loop in Winbind.
+ Tune broadcast namequeries for unique names.
+ Properly deal with exited winbind children.
+ Fix dup_smb2_vec3.
+ Fix return check in nss_wins.
-------------------------------------------------------------------
Tue May 17 05:17:59 MDT 2011 - shargagan@novell.com
- Fix to renew the kerberos ticket in samba after expiry; (bnc#669949).
-------------------------------------------------------------------
Mon May 16 10:23:54 CEST 2011 - ddiss@suse.de
- Fix a 100% CPU loop when ctdbd dies during a traverse; (bnc#693945).
-------------------------------------------------------------------
Thu May 5 15:51:22 UTC 2011 - lmuelle@suse.de
- Make dhcpcd hook BOOTPROTO check cover dhcp6 too; (bnc#691969).
-------------------------------------------------------------------
Thu May 5 03:00:01 MDT 2011 - shargagan@novell.com
- Handling of large (> 256 bytes) ntlmv2 blobs in winbind; (bnc#529946).
-------------------------------------------------------------------
Sat Apr 30 19:38:49 UTC 2011 - lmuelle@suse.de
- Package static libraries with 0644 permissions.
-------------------------------------------------------------------
Sat Apr 30 19:15:27 UTC 2011 - lmuelle@suse.de
- Add Requires libtalloc-devel to libldb-devel and libtevent-devel.
-------------------------------------------------------------------
Sat Apr 30 18:48:57 UTC 2011 - lmuelle@suse.de
- Rename libldb0 to libldb1 as 1 is the current major version of the library.
- Add libldb1 and libtevent0 to baselibs.conf.
-------------------------------------------------------------------
Fri Apr 29 14:36:29 UTC 2011 - lmuelle@suse.de
- Don't call the suse_update_config macro before building lib ldb and tevent.
-------------------------------------------------------------------
Thu Apr 29 13:28:42 UTC 2011 - lmuelle@suse.de
- Update to 3.6.0pre3.
+ Listen on IPv6 addresses with IPV6_ONLY; (bso#7383).
+ Fix wrong output in 'smbget'; (bso#8066).
+ "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or
vfs_acl_tdb module; (bso#8083).
+ rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs are null;
(bso#8088).
+ setpwent() actually does endpwent() and vice versa on FreeBSD; (bso#8099).
+ Fix the build of 'smbget' on HP NonStop; (bso#8106).
+ Fix build of tdb2.
+ Correctly detect and deny symlinks anywhere in a path (not just the last
component) if "follow symlinks = no".
+ Fix timeout in rpc_pipe_open_tcp_port().
+ Fix the build of "--with-profiling-data".
+ Fix Coverity IDs 986, 1340, 2047, 2299, 2307, 2325, 2335, 2336, 2470,
2471, 2478.
+ nsswitch: Add 'wbinfo --lookup-sids'.
+ nsswitch: Add 'wbinfo --sids-to-unix-ids'.
+ Fix smbd with the async echo responder.
+ Fix the build of vfs_gpfs.c.
+ Add a 10-second timeout for the 445 or netbios connection to a DC.
+ Many pthreadpool fixes.
+ Fix transaction recovery area for converted tdbs.
-------------------------------------------------------------------
Thu Apr 28 21:43:14 UTC 2011 - lmuelle@suse.de
- Add PreReq permissions to the krb-printing package.
-------------------------------------------------------------------
Thu Apr 28 21:39:04 UTC 2011 - lmuelle@suse.de
- Remove _libdir ldb and tevent from file list.
- Explicitly state not to bundle talloc or tdb while ldb and tevent build.
-------------------------------------------------------------------
Thu Apr 21 21:12:31 UTC 2011 - lmuelle@suse.de
- Always use the actual library version as part of the package name.
- Exclude shared python modules.
-------------------------------------------------------------------
Thu Apr 21 11:45:59 CEST 2011 - ddiss@suse.de
- Fix printing from Windows 7 clients; (bso#7567); (bnc#687535).
-------------------------------------------------------------------
Thu Apr 21 10:49:04 CEST 2011 - ddiss@suse.de
- Update pidl and always compile IDL at build time; (bnc#688810).
-------------------------------------------------------------------
Thu Apr 14 18:21:56 UTC 2011 - lmuelle@suse.de
- Update to 3.6.0pre2.
+ ID Mapping changes.
+ Implement SMB2 support.
+ Add an Endpoint Mapper daemon.
+ Make "rlimit_max below minimum Windows limit" notification less scary;
(bso#6837).
+ Quota only shown when logged as root; (bso#7080).
+ Fix printing from Windows 7; (bso#7567).
+ Retry DNS updates when connection to one nameserver has failed; (bso#7690).
+ Unlink may unlink wrong file when hardlinks are involved; (bso#7863).
+ Fix 'nmbd --port'; (bso#7875).
+ cmd_spoolss_deletedriver() returned without checking all architectures;
(bso#7880).
+ Don't return "-1" on success in 'net rpc vampire keytab'; (bso#7899).
+ Fix cups pcap reload with no printers; (bso#7915).
+ Fix bug in chain_reply; (bso#7917).
+ Fix problems with "kernel oplocks" option set to "no"; (bso#7928).
+ Fall back for utimes calls; (bso#7940).
+ Catch lookup_names/sids schannel errors over ncacn_ip_tcp; (bso#7944).
+ Let winbind try to use samlogon validation level 6; (bso#7945).
+ Sgid bit lost on folder rename; (bso#7996).
+ Fix getting username in 'net rap session'; (bso#8009).
+ Fix inode generation so nautilus can count total dir size correctly;
(bso#8010).
+ Use jenkins hash for str_checksum; (bso#8010).
+ Add explicit configure option whether or not to enable dmapi support;
(bso#8033).
+ Fix smbclient segfault with Cyrillic netbios names; (bso#8040).
+ Fix file creation on OS/X; (bso#8042).
+ Add "--option" to 'testparm'.
+ Fix crash bug on smbd shutdown when using FOPENDIR().
+ Ensure we don't return an incorrect access mask.
+ Fix bug against the new Mac client.
+ Fix leak in error path.
+ Fix error where Windows client spoolss returns WERR_INVALID_DATA.
+ Fix a segfault in the krb5 locator plugin.
+ Enable sharesec for registry shares.
+ Fix memory leak in "security=share" and "force user".
+ Add "net idmap check", a check and repair tool for the
id mapping database.
+ Add new 'net idmap delete' command.
+ Fix segfault on missing input file in 'net idmap restore'.
+ Fix 'net usersidlist' not to skip every other user.
+ Fix potential crash bug in spoolss_PrinterEnumValues push path.
+ Internal restructuring.
+ Don't wipe out all printer drivers when only one should be deleted.
+ Fix winbindd_dual_pam_auth_samlogon() for NT4 domains.
+ Fix memory leak in print_cups.c.
+ Remove duplicate cups response processing code.
+ Follow force user/group for driver IO.
+ Initiate pcap reload from parent smbd.
+ Reload shares after pcap cache fill.
+ Fix numerous Coverity IDs (2041 and others).
+ Fix a memory leak in check_sam_security_info3.
+ Fix a segfault in the nss wrapper when libnss_winbind.so is not loadable.
+ Make "net sam list [users|workstations]" list only the right things.
+ Fix a potential memleak in secrets_fetch_trusted_domain_password.
+ Use the right credentials in check_netlogond_security.
+ Add support for AF_NETLINK addr notifications.
+ Fork multiple Winbind children per domain.
+ Fix a deadlock between smbd and ctdbd.
+ Add 'wbinfo --dc-info'.
+ Make "nmbd socket dir" configurable.
+ Fixed valgrind errors.
+ Fix a memleak in receive_getdc_response.
+ Don't grant SEC_STD_DELETE always to the owner of a file.
+ Fix segfaults on addrchange errors in Winbind.
+ Allow machine accounts as members in groupdb.
+ Add IPv6 support for the endpoint mapper.
+ Free unused memory in the rpc server.
+ Fix possible segfaults in svcctl server.
+ Fix possible segfault with client_id in rpc server.
+ Add a 'svcctl shutdown' function to rpc server.
+ Fix a resource leak in net_afs.
+ Fix a resource leak in smbta-util.
+ Fix possible resource leak in net_usershare.
+ Fix possible resource leak in 'smbget'.
+ Fix possible resource leak in 'smbfilter'.
+ Fix a possible null pointer dereference in smbd.
+ Ensure we send the direct levelII oplock break to the correct fid.
+ Fix private libdir and codepages paths.
- Add RFC 3454 to the vendor files.
-------------------------------------------------------------------
Thu Apr 7 21:38:00 CET 2011 - jmcdonough@suse.de
- Fix idmap_tdb for big-endian systems such as ppc and s390;
(bso#6901); (bnc#675978).
-------------------------------------------------------------------
Thu Mar 24 16:37:34 CET 2011 - ddiss@suse.de
- Fix smbclient -M NT_STATUS_PIPE_BROKEN failure; (bso#7635); (bnc#681913).
-------------------------------------------------------------------
Fri Mar 18 15:53:07 UTC 2011 - lmuelle@suse.de
- Replace jobs by _smp_mflags macro while calling make on post-11.4 systems.
-------------------------------------------------------------------
Thu Mar 17 10:24:31 CET 2011 - ddiss@suse.de
- Don't crash when publishing a single printer; (bnc#643119).
-------------------------------------------------------------------
Wed Mar 9 19:15:34 CET 2011 - ddiss@suse.de
- Carry error status in printer list IPC message, do not refresh printers if
cups is unavailable; (bso#7994); (bnc#675478).
-------------------------------------------------------------------
Wed Mar 9 10:46:20 UTC 2011 - lmuelle@suse.de
- Define the libwbclient packages ahead of packages with a different version.
-------------------------------------------------------------------
Wed Mar 9 00:48:12 UTC 2011 - jengelh@medozas.de
- Use %_smp_mflags for parallel building.
-------------------------------------------------------------------
Mon Mar 7 12:17:06 UTC 2011 - lmuelle@suse.de
- Update to 3.5.8.
+ Fix Winbind crash bug when no DC is available; (bso#7730).
+ Fix finding users on domain members; (bso#7743).
+ Fix memory leaks in Winbind; (bso#7879).
+ Fix printing with Windows 7 clients; (bso#7567).
+ Fix 'testparm' return code when EOF in encountered in param name;
(bso#3185).
+ Make "rlimit_max below minimum Windows limit" notification less scary;
(bso#6837).
+ Fix "Your Password expires today" message for users of trusted domains;
(bso#7066).
+ Fix maintaining of users' groups via UsrMgr; (bso#7262).
+ Fix 'net ads dns register' in Windows 2008 R2 domains; (bso#7356).
+ Raise debug level for "reduce_name: couldn't get realpath" messages;
(bso#7409).
+ Fix updating the time on close in vfs_gpfs; (bso#7498).
+ Fix "log=>ndr_pull_error" in 'wbinfo -u' and 'wbinfo -g'; (bso#7594).
+ Handle Windows 9x adddriver calls without config file; (bso#7641).
+ Fix scalability problem with hundreds of printers; (bso#7656).
+ Fix memory leak in the netapi routines; (bso#7665).
+ Store unmodified copies of security descriptors in acl_xattr and acl_tdb
modules; (bso#7716).
+ Fix incorrect unix mode_t caused by invalid client DOS attributes on
create; (bso#7733).
+ Apply appropriate create masks when creating files with "inherit ACLs" set
to true; (bso#7734).
+ Fix "dfree cache time" parameter; (bso#7744).
+ Fix a getgrent crash with many groups; (bso#7774).
+ Fix requesting lookups for BUILTIN sids; (bso#7777).
+ Fix smbd crash caused by expand_msdfs; (bso#7779).
+ Fix atime limit; (bso#7785).
+ vfs_scannedonly: Switch from mtime to ctime which is more reliable;
(bso#7789).
+ Fix copying files from a SMB share using Gnome vfs and SMB signing;
(bso#7791).
+ Make Winbind recover from a signing error; (bso#7800).
+ ACL inheritance cannot be disabled in vfs_acl_xattr/vfs_acl_tdb;
(bso#7812).
+ Fix "force group" with ntlmssp guest session setup; (bso#7817).
+ vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on;
(bso#7835).
+ Make WINBINDD_LOOKUPRIDS asking the right domain; (bso#7841).
+ Make WINBINDD_LOOKUPRIDS returning the domain name; (bso#7842).
+ Expand the local SAMs aliases; (bso#7843).
+ ntlm_auth: Support clients which offer a spnego mechs we don't support;
(bso#7855).
+ Fix 'net ads dns register' in cluster setups; (bso#7871).
+ Fix 'nmbd --port'; (bso#7875).
+ Make 'rpcclient deldriver' delete drivers for all architectures;
(bso#7880).
+ Fix flaky Winbind against Windows 2008; (bso#7881).
+ Fix SMB session setups with Kerberos against some closed source SMB
servers; (bso#7883).
+ Fix stale lock in open_file_fchmod(); (bso#7892).
+ Fix sporadic Winbind panic in rpc query_user_list; (bso#7894).
+ Don't set SAMR_FIELD_FULL_NAME if we just want to set the account name;
(bso#7896).
+ Don't return "-1" on success in 'net rpc vampire keytab'; (bso#7899).
+ Fix connections from WinCE; (bso#7917).
+ Fix opening MS Powerpoint files; (bso#7940).
+ Fix endless loops caused by inotify; (bso#7942).
+ Catch lookup_names/sids schannel errors over ncacn_ip_tcp; (bso#7944).
+ Let Winbind try to use samlogon validation level 6; (bso#7945).
+ Revalidate the pathname once re-constructed from a root fsp; (bso#7950).
-------------------------------------------------------------------
Fri Mar 4 20:12:24 UTC 2011 - lmuelle@suse.de
- Require a particular library version even if the major version is part of
the package name. Using the same major version does not guarantee forward
compatibility.
-------------------------------------------------------------------
Fri Mar 4 16:30:46 CET 2011 - ddiss@suse.de
- Fix a fd-leak in libwbclient at dlclose-time; (bso#7684); (bnc#668773).
-------------------------------------------------------------------
Mon Feb 28 14:36:49 UTC 2011 - lmuelle@suse.de
- Update to 3.5.7
+ Protect against possible denial of service caused by memory corruption;
CVE-2011-0719; (bso#7949); (bnc#670431).
-------------------------------------------------------------------
Wed Feb 23 11:20:14 UTC 2011 - lmuelle@suse.de
- Disable separate build of samba-doc for post-11.1 systems.
-------------------------------------------------------------------
Tue Feb 22 01:07:50 UTC 2011 - lmuelle@suse.de
- Protect against possible denial of service caused by memory corruption;
CVE-2011-0719; (bso#7949); (bnc#670431).
-------------------------------------------------------------------
Thu Feb 17 13:25:08 CET 2011 - ddiss@suse.de
- Increase the log level for missing PIDs on SIGCHLD, printcap child processes
are not added to the children PID list; (bnc#666460).
-------------------------------------------------------------------
Thu Feb 10 17:09:42 UTC 2011 - lmuelle@suse.de
- Do not require a particular library version if the major version is part of
the package name.
-------------------------------------------------------------------
Wed Feb 9 23:14:03 UTC 2011 - lmuelle@suse.de
- Use the actual version numbers of the ldb, talloc, tdb, and tevent libraries
on post-11.3 systems.
-------------------------------------------------------------------
Sun Jan 23 20:12:00 CET 2011 - ddiss@suse.de
- Abide by print$ share 'force user' & 'force group' settings when handling
AddprinterDriver and DeletePrinterDriver requests; (bso#7921); (bnc#653353).
-------------------------------------------------------------------
Tue Jan 18 11:04:02 CET 2011 - ddiss@suse.de
- Remove pcap_cache_loaded asserts from (re)load_printers. pcap_cache_loaded()
returns false if the pcap cache contains no printer entries. correct call
ordering is already enforced. (bso#7836); (bnc#625936).
-------------------------------------------------------------------
Fri Jan 14 15:22:51 CET 2011 - lmuelle@suse.de
- No longer force activation of the cifs service on post-11.3 systems.
- Add X-UnitedLinux-Default-Enabled to the cifs init script on pre-11.4
systems.
- Move the cifs init script nfs dependencies from Required to Should.
-------------------------------------------------------------------
Tue Jan 4 16:26:37 UTC 2011 - lmuelle@suse.de
- Recommend to install samba-krb-printing from samba-winbind on post-10.3
systems; (bnc#661845).
-------------------------------------------------------------------
Thu Dec 30 12:52:39 CET 2010 - ddiss@suse.de
- Fix error paths in cups_async_callback(), an empty cups printer list should
not be treated as an error; (bnc#661842).
-------------------------------------------------------------------
Tue Dec 21 16:31:15 CET 2010 - ddiss@suse.de
- Abide by printcap cache time, reload parent smbd pcap cache on expiry;
(bso#7836); (bnc#625936).
-------------------------------------------------------------------
Fri Dec 17 20:01:38 CET 2010 - ddiss@suse.de
- Fix race in cups async printer services reload; (bso#7836); (bnc#625936).
-------------------------------------------------------------------
Mon Dec 13 00:54:03 CET 2010 - ro@suse.de
- Don't tweak with baselibs.conf during %post if not present; (bnc#652620).
-------------------------------------------------------------------
Thu Dec 9 13:31:15 UTC 2010 - lmuelle@suse.de
- Don't make use of baselibs.conf on SUSE Linux Enterprise 10; (bnc#652620).
-------------------------------------------------------------------
Tue Dec 7 16:48:25 UTC 2010 - lmuelle@suse.de
- Don't use --tmpdir as this option isn't known by mktemp of SUSE Linux
Enterprise 10; (bnc#652620).
-------------------------------------------------------------------
Sun Dec 5 22:28:35 UTC 2010 - lars@samba.org
- vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on;
(bso#7835).
-------------------------------------------------------------------
Fri Dec 3 11:47:07 UTC 2010 - lmuelle@suse.de
- Replace Requires samba-client by samba-gplv3-client in the gplv3 packages;
(bnc#652620).
-------------------------------------------------------------------
Tue Nov 30 13:55:27 CET 2010 - ddiss@suse.de
- Fix Dolphin SMB share IO with SMB signing enabled; (bso#7791); (bnc#656112).
-------------------------------------------------------------------
Tue Nov 30 12:45:44 UTC 2010 - lmuelle@suse.de
- Add Conflicts to the samba-gplv3 main, client, doc, krb-printing, winbind,
client-gplv2, and doc-gplv2 packages; (bnc#652620).
-------------------------------------------------------------------
Fri Nov 26 21:13:10 UTC 2010 - lmuelle@suse.de
- Add Provides samba-client-gplv2 and samba-doc-gplv2 to pre-3.2 versions;
(bnc#652620).
-------------------------------------------------------------------
Fri Nov 26 19:56:23 UTC 2010 - lmuelle@suse.de
- Obsolete samba-client-gplv2 and samba-doc-gplv2; (bnc#652620).
-------------------------------------------------------------------
Thu Nov 25 17:29:24 UTC 2010 - lmuelle@suse.de
- Remove Provides samba-client:/usr/sbin/winbindd from the samba-gplv3-winbind
package to avoide an accidental install trigger; (bnc#652620).
-------------------------------------------------------------------
Thu Nov 25 15:06:44 UTC 2010 - lmuelle@suse.de
- Add Provides samba-client to the samba-gplv3-client package; (bnc#652620).
-------------------------------------------------------------------
Wed Nov 24 10:24:21 UTC 2010 - lmuelle@suse.de
- Remove all Obsoletes from the samba-gplv3 packages and only keep the
Provides samba; (bnc#652620).
-------------------------------------------------------------------
Sat Nov 20 08:31:14 UTC 2010 - lmuelle@suse.de
- Add fitting Conflicts to all samba-gplv3 packages; (bnc#652620).
-------------------------------------------------------------------
Fri Nov 19 19:18:17 CEST 2010 - jmcdonough@suse.de
- Reduce unnecessary ldap round trips and eliminate invalid DN
messages; (bnc#654719).
-------------------------------------------------------------------
Fri Nov 12 12:59:23 UTC 2010 - lmuelle@suse.de
- Exclude cifs-mount and ldapsmb from the samba-gplv3 build of SUSE Linux
Enterprise 10 SP 3 and 4.
-------------------------------------------------------------------
Thu Nov 11 12:36:36 UTC 2010 - lmuelle@suse.de
- Add the _build_arch at the end of the vendor version suffix.
-------------------------------------------------------------------
Thu Oct 28 15:06:20 UTC 2010 - lmuelle@suse.de
- Provide and Obsolete samba-gplv3 to replace potentially installed packages.
-------------------------------------------------------------------
Fri Oct 15 12:23:53 UTC 2010 - lmuelle@suse.de
- Change package base name to samba-gplv3 for SUSE Linux Enterprise 10 SP 4.
- Do not package libsmbclient and libsmbsharemodes.
-------------------------------------------------------------------
Sat Oct 10 13:24:17 CEST 2010 - jmcdonough@suse.de
- Update to 3.5.6
+ Fix auto printers with registry config; (bso#7280); (bnc#617153).
+ Fix SPNEGO auth when contacting Win7 system using Microsoft Live
Sign-in Assistant; (bso#7577).
+ Fix 'net idmap restore' setting HWM to avoid duplicates; (bso#7578).
+ Fix "admin users" when using vfs_acl_xattr; (bso#7581).
+ Fix using cached credentials in ntlm_auth; (bso#7589).
+ Fix Winbind offline login; (bso#7590).
+ Fix Winbind internal error; (bso#7636).
+ Fix mknod/mkfifo failing with "No such file or directory"; (bso#7651).
+ Fix smbd changing mode of files on rename; (bso#7693).
+ Fix crash bug with invalid SPNEGO token; (bso#7694).
+ Fix smbd panic on invalid NetBIOS session request; (bso#7698).
+ Fix smbd crash caused by "%D" in "printer admin"; (bso#7541).
+ Fix 'smbclient -M'; (bso#7635).
+ Fix scalability problem with hundreds of printers; (bso#7656).
+ Fix crash bug in rpcclient; (bso#7688).
+ Fix file corruption when setting Samba "write wache wize"; (bso#7715).
-------------------------------------------------------------------
Thu Oct 7 16:21:40 UTC 2010 - lmuelle@suse.de
- Let startproc wait for nmb, smb and winbind pid files getting created on
post-11.1 systems; (bnc#520036).
-------------------------------------------------------------------
Thu Oct 7 14:22:57 CEST 2010 - hhetter@suse.de
- Include the reviewed french translation for pam_winbind; (bnc#499233).
-------------------------------------------------------------------
Fri Sep 24 01:40:30 CEST 2010 - ddiss@suse.de
- Fix smbd crash with CUPS printers and no [printers] share defined;
(bso#7297); (bnc#637755).
-------------------------------------------------------------------
Tue Sep 21 01:18:17 CEST 2010 - jmcdonough@suse.de
- Fix printing from 64-bit windows clients; (bso#6888); (bnc#640870).
-------------------------------------------------------------------
Sun Sep 12 15:54:14 UTC 2010 - coolo@novell.com
- Fix baselibs.conf for libtalloc.
-------------------------------------------------------------------
Wed Sep 8 12:09:39 UTC 2010 - lmuelle@suse.de
- Fix buffer overflow in sid_parse() to correctly check the input lengths when
reading a binary representation of a Windows Security ID (SID);
CVE-2010-3069; (bso#7669); (bnc#637218).
-------------------------------------------------------------------
Mon Aug 30 22:11:20 CEST 2010 - jmcdonough@suse.de
- Use cached ntlm password in libsmbclient. Prevent lockouts
when kerberos tickets are lost; (bnc#602418); (bnc#606304).
-------------------------------------------------------------------
Thu Aug 26 11:08:42 UTC 2010 - gber@opensuse.org
- Add a dependency on nfs to the smbfs/ cifs init scripts as they require the
en_US locale and /usr might be on NFS.
-------------------------------------------------------------------
Mon Aug 23 17:00:20 CEST 2010 - jmcdonough@suse.de
- Complete fix for trusts with Windows 2008R2 DCs.
-------------------------------------------------------------------
Fri Aug 20 13:48:22 UTC 2010 - jmcdonough@suse.de
- Fix authentication dialogs when connecting to older systems;
(bnc#632055).
-------------------------------------------------------------------
Thu Aug 19 21:53:30 UTC 2010 - lmuelle@suse.de
- Adjust position of conditional ldapsmb %package and %files definition.
-------------------------------------------------------------------
Thu Aug 19 20:21:50 UTC 2010 - lmuelle@suse.de
- Create the /var/run/samba directory on the fly and package it as %ghost.
-------------------------------------------------------------------
Thu Aug 19 19:55:37 CEST 2010 - jmcdonough@suse.de
- Fix preexec scripts; (bso#7104); (bnc#632852).
-------------------------------------------------------------------
Thu Aug 19 15:22:28 UTC 2010 - lmuelle@suse.de
- Add missing netapi, smbclient, smbsharemodes, talloc, tevent, and wbclient
pkgconfig files and BuildRequire pkgconfig; (bnc#632770).
-------------------------------------------------------------------
Tue Aug 17 21:17:34 UTC 2010 - lmuelle@suse.de
- BuildRequire python-devel for post-9.3 systems.
-------------------------------------------------------------------
Tue Aug 17 20:36:10 UTC 2010 - lmuelle@suse.de
- Only create precompiled headers for post-10.2 systems.
- Remove mkinitrd scriptlets.
-------------------------------------------------------------------
Tue Aug 17 15:20:00 UTC 2010 - lmuelle@suse.de
- Add vfs_crossrename man page.
- Call make basic and remove conditional proto target.
- Increase libtevent version to 0.9.9.
- Remove wbc_async header from the file list.
- Remove remaining cifs-mount pieces from the spec file.
-------------------------------------------------------------------
Mon Aug 16 16:58:02 UTC 2010 - jmcdonough@suse.de
- Fix printers not auto loading with registry config; (bso#7280);
(bnc#617153).
-------------------------------------------------------------------
Sun Aug 15 18:20:41 UTC 2010 - lmuelle@suse.de
- Update to 3.6.0pre1.
+ SMB2 support is fully functional despite managing quota using the
Microsoft management tools.
+ Internal Winbind passdb changes to use samr and lsa rpc pipe to get local
user and group information.
+ The spoolss and the old RAP printing code have been completely overhauled
and refactored.
+ The SMB Traffic Analyzer (SMBTA) VFS module got added.
-------------------------------------------------------------------
Sun Aug 15 12:36:41 UTC 2010 - lmuelle@suse.de
- Intilize workgroup of nmblookup as empty string.
-------------------------------------------------------------------
Thu Aug 12 22:06:35 UTC 2010 - jmcdonough@suse.de
- Fix net ads join when using parent domain users; (bso#6364);
(bnc#630812).
-------------------------------------------------------------------
Wed Jul 28 15:08:09 CEST 2010 - sjayaraman@suse.de
- cifs: do not restart during dhcp lease renewal when IPaddress remains
the same; (bnc#573246).
-------------------------------------------------------------------
Mon Jul 5 19:31:55 UTC 2010 - lmuelle@suse.de
- Fix "Too many open files" when trying to access large number of files;
(bso#6837); (bnc#619787).
-------------------------------------------------------------------
Wed Jun 23 12:01:20 UTC 2010 - lmuelle@suse.de
- Update to 3.5.4.
+ Fix smbd crash when sambaLMPassword and sambaNTPassword entries missing
from ldap (bug #7448).
+ Fix init_sam_from_ldap storing group in sid2uid cache (bug #7507).
+ Allow previous password to be stored and use it to check tickets;
(bso#7099).
+ Make ea data checks identical for trans2open and trans2mkdir; (bso#7188).
+ Fix editing users' groups via UsrMgr; (bso#7262).
+ Fix Winbind over IPv6; (bso#7341).
+ Samba sends "raw" inode number as uniqueid with unix extensions;
(bso#7410).
+ Fix printing large formats; (bso#7423).
+ Fix spnego returning incorrect mechListMIC string; (bso#7449).
+ Fix some crash bugs and missing error codes in AddDriver paths;
(bso#7459).
+ Fix crash bug in _samr_QueryUserInfo{2} level 18; (bso#7479).
+ Fix 'not a string literal' warning in netdomjoin-gui; (bso#7500).
+ Fix calculation of st_blocks in vfs_streams_xattr; (bso#7503).
+ Fix numerous build issues; (bso#7504).
+ Fix session setup from linux kernel cifs clients with "sec=ntlmv2";
(bso#7517).
-------------------------------------------------------------------
Mon Jun 21 19:52:13 UTC 2010 - lmuelle@suse.de
- Remove all provides and obsoletes samba3 from the spec file. Packages with
this base name have not been offered as part of a product.
-------------------------------------------------------------------
Fri Jun 11 09:13:09 UTC 2010 - lmuelle@suse.de
- Fix a NULL pointer dereference in smbd of the 3.4 code base;
CVE-2010-1635; (bso#7229); (bnc#605935).
-------------------------------------------------------------------
Tue Jun 8 14:38:18 UTC 2010 - lmuelle@suse.de
- Address possible buffer overrun in chain_reply code of pre-3.4 versions;
CVE-2010-2063; (bso#7494); (bnc#611927).
-------------------------------------------------------------------
Mon Jun 7 17:43:35 CEST 2010 - hhetter@suse.de
- Update of the SMB Traffic Analyzer v2 VFS module
-------------------------------------------------------------------
Fri May 28 23:05:10 CEST 2010 - jmcdonough@suse.de
- Fix trusts with Windows 2008R2 DCs; (bnc#613459); (bnc#599873);
(bnc#592198); (bso#6697).
-------------------------------------------------------------------
Wed May 19 12:18:29 UTC 2010 - lmuelle@suse.de
- Update to 3.5.3.
+ Fix MS-DFS functionality; (bso#7339).
+ Fix a Winbind crash when scanning trusts; (bso#7389).
+ Fix problems with SIGCHLD handling in Winbind; (bso#7317).
+ Add replacement for IPV6_V6ONLY on linux systems with broken headers;
(bso#7196).
+ Fix cups encryption setting; (bso#7263).
+ Fix exporting printers via 'cupsaddsmb' command; (bso#7277).
+ Fix SMB job IDs in CUPS job names; (bso#7288).
+ Fix segfault in mount.cifs; (bso#7315).
+ Make TIME_T_MAX defines consistent; (bso#7352).
+ Re-fix a bug with smbd serving a windows terminal server; (bso#7357).
+ Display an error on 'net conf import' failures; (bso#7378).
+ Fix bitmap leak in dptr_Close; (bso#7384).
+ Fix rename problems with full_audit VFS module; (bso#7398).
+ Fix setting of passwords via 'net rpc user password' command; (bso#7417).
+ Fix 'net rpc printer list' command; (bso#7418).
+ Rename mod_name to module_name; (bso#7421).
- Fix unnecessary traversing winbindd_cache.tdb in SIGHUP handler.
- Added EN ISO 216, A0 and A1 to builtin forms; (bso#7423).
- Winbind not working over IPv6; (bso#7341).
-------------------------------------------------------------------
Tue May 18 22:54:35 CEST 2010 - jmcdonough@suse.de
- Honor "interfaces" list in net ad dns register; (bnc#606947).
-------------------------------------------------------------------
Tue May 18 09:54:15 UTC 2010 - lmuelle@suse.de
- Exclude the RPM release from the vendor tag for openSUSE Factory;
(bnc#604049).
-------------------------------------------------------------------
Thu Apr 29 10:24:54 UTC 2010 - lmuelle@suse.de
- Enable the build of the idmap tdb2 module; (bnc#600822).
-------------------------------------------------------------------
Sun Apr 25 19:14:03 UTC 2010 - lars@samba.org
- BuildRequire keyutils-libs-devel for Fedora and post-RHEL4.
-------------------------------------------------------------------
Sun Apr 25 19:00:56 UTC 2010 - lars@samba.org
- BuildRequire pkg-config for post-10.2 systems and else pkgconfig.
-------------------------------------------------------------------
Wed Apr 21 11:11:23 UTC 2010 - jmcdonough@suse.de
- Add "net conf import" error messages; (bso#7378, bnc#598189).
-------------------------------------------------------------------
Wed Apr 21 11:22:49 CEST 2010 - jsmeix@suse.de
- Define cups_lib_dir %{_prefix}/lib/cups for post-11.2 systems; (bnc#575544).
-------------------------------------------------------------------
Wed Apr 7 12:08:54 UTC 2010 - lmuelle@suse.de
- Update to 3.5.2.
+ Fix smbd segfaults in _netr_SamLogon for clients sending null domain;
(bso#7237).
+ Fix smbd segfaults in "waiting for connections" message; (bso#7251).
+ Fix an uninitialized variable read in smbd; (bso#7254); (bnc#605935);
CVE-2010-1642.
+ Fix a memleak in Winbind; (bso#7278).
+ Fix Winbind reconnection to it's own domain; (bso#7295).
+ Fix segfault if hide files or veto files has no ".AppleDouble";
(bso#1206).
+ Fix parsing of the gecos field; (bso#5198).
+ Fix several printing issues; (bso#6727).
+ Fix valgrind warning; (bso#6814).
+ Fix race condition in mount.cifs that allows user to replace mountpoint
with a symlink; (bso#6853).
+ Fix bug in vfs_scannedonly rmdir implementation; (bso#7075).
+ Fix handling of bad server data returns in client rpc_transport;
(bso#7159).
+ Never mark external domains as internal in Winbind; (bso#7170).
+ Fix access by multi-threaded applications; (bso#7202).
+ Fix 'net share' command; (bso#7203).
+ Fix DN parsing name was always null; (bso#7204).
+ Signals are processed twice in child; (bso#7206).
+ Fix returning of group members with 'getent group'; (bso#7212).
+ Fix the build of net_afs.c with --fake-kaserver=yes; (bso#7216).
+ Make Winbind logs more verbose for troubleshooting; (bso#7225).
+ Fix a NULL pointer dereference in smbd; CVE-2010-1635; (bso#7229);
(bnc#605935).
+ Fix automatic building of vfs_tsmsm if gpfs and dmapi are present;
(bso#7231).
+ Fix race conditions in CTDB persistent transactions; (bso#7232).
+ Symlink delete fails but incorrectly reports success to client;
(bso#7234).
+ Fix "printer admin" functionality; (bso#7255).
+ Fix value-needed calculation in_spoolss_EnumPrinterData(); (bso#7256).
+ Fix _winreg_QueryValue crash bugs and implement Windows behavior;
(bso#7258).
+ Fix job management commands for CUPS queues; (bso#7269).
+ Fix smbd segfault if using vfs_acl_tdb; (bso#7283).
+ Fix core dump in 'ntlm_auth' with "gss-spnego" helper; (bso#7290).
+ Fix smbd crashes with CUPS printers and no [printers] share defined;
(bso#7297).
+ Fix DOS attribute inconsistency with MS Office; (bso#7310).
+ Many disconnecting clients render clustered Samba unusuable for some time;
(bso#7312).
+ Make 'net conf addshare' atomic; (bso#7313).
+ Eliminate race condition in creating/scanning sorted subkeys in the
registry backend; (bso#7314).
+ Winbind possibly segfaults when trying a trusted domain without inbound
trust; (bso#7316).
-------------------------------------------------------------------
Tue Apr 6 22:21:43 CEST 2010 - hhetter@suse.de
- Add SMB Traffic Analyzer v2 VFS module.
-------------------------------------------------------------------
Tue Mar 30 20:44:27 UTC 2010 - lmuelle@suse.de
- Document "wide links" defaults to "no" in the smb.conf man page for versions
pre-3.4.6; (bnc#577868).
-------------------------------------------------------------------
Fri Mar 26 02:05:12 UTC 2010 - jmcdonough@suse.de
- Fix workgroup enumeration, for client printer and file share
selection; (bso#6880); (bnc#586215).
-------------------------------------------------------------------
Tue Mar 23 14:57:00 UTC 2010 - jmcdonough@suse.de
- Fix tdb validation for offline auth; (bnc#587014).
-------------------------------------------------------------------
Mon Mar 22 16:12:05 UTC 2010 - lmuelle@suse.de
- Fix "printer admin" functionality; (bso#7255).
-------------------------------------------------------------------
Mon Mar 22 15:55:51 UTC 2010 - lmuelle@suse.de
- An uninitialized variable read could cause an smbd crash; (bso#7254);
(bnc#605935); CVE-2010-1642.
-------------------------------------------------------------------
Mon Mar 22 15:42:58 UTC 2010 - lmuelle@suse.de
- Ensure to have a valid talloc stackframe; (bso#7251).
-------------------------------------------------------------------
Mon Mar 22 15:17:56 UTC 2010 - lmuelle@suse.de
- _netr_SamLogon segfaults for clients sending NULL domain; (bso#7237).
-------------------------------------------------------------------
Thu Mar 18 15:57:15 UTC 2010 - lmuelle@suse.de
- Merge missing pam_winbind message translations; (bnc#499233).
-------------------------------------------------------------------
Sun Mar 14 21:08:44 UTC 2010 - lmuelle@suse.de
- Remove cifs-mount subpackage for post-11.2 systems as the tools are now part
of the independent cifs-utils package.
-------------------------------------------------------------------
Thu Mar 11 19:18:00 CEST 2010 - jmcdonough@suse.de
- Fix join of Windows 2008 domains; (bnc#567013).
-------------------------------------------------------------------
Mon Mar 8 21:03:25 UTC 2010 - lmuelle@suse.de
- Update to 3.5.1 and 3.4.7.
+ Fix security flaw on Linux platforms if built with libcap support allowing
file system access even when permissions should have denied it;
CVE-2010-0728; (bso#7222); (bnc#586683).
-------------------------------------------------------------------
Mon Mar 8 09:12:07 UTC 2010 - rhafer@novell.com
- Fixed libldb.so link in libldb-devel.
-------------------------------------------------------------------
Fri Mar 5 15:47:25 UTC 2010 - hhetter@novell.com
- Fix argc handling in net_share, making the command "net share"
work again; (bso#7203); (bnc#584253).
-------------------------------------------------------------------
Mon Mar 1 16:22:52 CET 2010 - lmuelle@suse.de
- Update to 3.5.0.
+ Fix duplicate sam and unix accounts; (bso#7145).
+ Keep the the correct negotiate_flags on the cli->dc structure; (bso#7160).
+ Avoid calling cli_alloc_mid twice in cli_smb_req_iov_send; (bso#7166).
+ Fix 'net ads dns' usage calls; (bso#7181).
+ Fix uninitialized variable in wkssvc_enumerateusers; (bso#7182).
-------------------------------------------------------------------
Wed Feb 24 14:55:27 CET 2010 - lmuelle@suse.de
- Update to 3.4.6.
+ Change parameter "wide links" to default to "no"; it's also incompatible
with "unix extensions"; (bso#7104); (bnc#577868).
+ Fix printing with 64 bit clients (bso#6888).
+ Fix core dump on 64 bit Linux (bso#7063).
+ Fix failing of smbd to respond to a read or a write caused by Linux
asynchronous IO (aio) (bso#7067).
+ Fix string buffer overflow causing heap corruption in smbd (bso#7096).
+ Fix bogus ip address in SWAT; (bso#5885).
+ Fix vfs_full_audit; (bso#6557).
+ Use the first "uid" value; (bso#6157).
+ Fix large paged search with DirX LDAP servers; (bso#6981).
+ Fix crash bug in 'cifs.upcall'; (bso#6868).
+ Add cross option to samba_cv_linux_getgrouplist_ok; (bso#7047).
+ Fix DFS on AIX (maybe others); (bso#7052).
+ Fix pdb_search crash as non-root user; (bso#7068).
+ Fix unlocking of accounts from ldap; (bso#7072).
+ Fix vfs_expand_msdfs; (bso#7081).
+ Fix results of 'smbclient -L' with a large browse list; (bso#7098).
+ Normalize "Changing password for" msg IDs and STRs; (bso#7102).
+ Fix malformed require_membership_of_sid; (bso#7106).
+ Fix reading of large browselist; (bso#7122).
+ "mangling method = hash" can crash storing a name containing a '.';
(bso#7154).
+ Valgrind Conditional jump or move depends on uninitialised value(s) error
when "mangling method = hash"; (bso#7155).
+ Fix listing of printjobs in Windows 7; (bso#7130).
+ Spoolss getprinterdriver2 level 101 marshalling is bad; (bso#7136).
+ Make idmap cache persistent for "ldapsam:trusted".
+ Also fill the memcache with sid<->id mappings in ldapsam_sid_to_id() not
only the persistent idmap cache.
+ Shortcut uid_to_sid when "ldapsam:trusted = yes".
+ Make pdb_copy_sam_account also copy the group sid.
+ Shortcut gid_to_sid when "ldapsam:trusted = yes".
+ Speed up pdb_get_group_sid().
+ Try to build the full unix_pw structure with ldapsam:trusted support.
+ Optimize ldapsam_alias_memberships() and cache ldap searches.
-------------------------------------------------------------------
Fri Feb 19 16:27:03 CET 2010 - lmuelle@suse.de
- Update to 3.5.0rc3.
+ Change parameter "wide links" to default to "no"; it's also incompatible
with "unix extensions"; (bso#7104); (bnc#577868).
+ Fix vfs_full_audit; (bso#6557).
+ Fix crash bug in 'cifs.upcall'; (bso#6868).
+ Fix duplicate initializer in the rmdir module; (bso#6876).
+ Fix printing with 64 bit clients; (bso#6888).
+ Add cross option to samba_cv_linux_getgrouplist_ok; (bso#7047).
+ Fix core dump on Ubuntu 8.04 64 bit; (bso#7063).
+ Fix failing of smbd to respond to a read or a write caused by Linux
asynchronous IO (aio); (bso#7067).
+ Fix 'smbget' error status; (bso#7069).
+ Fix build of 'smbfilter'; (bso#7071).
+ Fix unlocking of accounts from ldap; (bso#7072).
+ Cliconnect gets realm wrong with trusted domains; (bso#7079).
+ Fix vfs_expand_msdfs; (bso#7081).
+ Fix storing of create time on directories in an EA in new create time
code; (bso#7084).
+ Fix an early release of the global lock that can cause data corruption in
libtdb; (bso#7085).
+ Fix string buffer overflow causing heap corruption in smbd; (bso#7096).
+ Fix results of 'smbclient -L' with a large browse list; (bso#7098).
+ Normalize "Changing password for" msg IDs and STRs; (bso#7102).
+ Fix malformed require_membership_of_sid; (bso#7106).
+ Add pdb_ldap performance fixes; (bso#7116).
+ Change ldap filter to what really was intended; (bso#7116).
+ Add new "nmbd bind explicit broadcast" parameter; (bso#7118).
+ Fix nmbd problems with socket address; (bso#7118).
+ Support large browselist; (bso#7119).
+ Fix reading of large browselist; (bso#7122).
+ Fix listing of printjobs in Windows 7; (bso#7130).
+ Owner of file not available with Kerberos; (bso#7139).
+ Fix IPv4/IPv6 problems; (bso#7140).
+ Fix get_acl_blob in the acl_tdb VFS module; (bso#7148).
+ "mangling method = hash" can crash storing a name containing a '.';
(bso#7154).
+ Valgrind Conditional jump or move depends on uninitialised value(s) error
when "mangling method = hash"; (bso#7155).
+ Fix some wrong newlines in de translation strings.
-------------------------------------------------------------------
Tue Feb 9 22:10:44 UTC 2010 - lmuelle@suse.de
- Take extra care that a mount point of mount.cifs isn't changed during mount
and don't allow it to be run as setuid root program; CVE-2010-0787;
(bso#6853); (bnc#550002).
-------------------------------------------------------------------
Tue Feb 9 17:10:55 UTC 2010 - lmuelle@suse.de
- Check in mount.cifs for invalid characters in device name and mountpoint;
CVE-2010-0547; (brc#562156); (bnc#577925).
-------------------------------------------------------------------
Tue Feb 9 05:00:08 CET 2010 - boyang@suse.de
- Don't invalidate cache for uninitialized domains; (bnc#538923).
-------------------------------------------------------------------
Tue Feb 9 04:59:09 CET 2010 - boyang@suse.de
- Signals are processed twice in child; (bnc#538923).
-------------------------------------------------------------------
Mon Feb 8 18:51:27 CET 2010 - jmcdonough@suse.de
- Allow forced pw change even with min pw age; (bnc#561894).
-------------------------------------------------------------------
Mon Feb 8 11:44:54 UTC 2010 - lmuelle@suse.de
- Change parameter "wide links" to default to "no"; it's also incompatible
with "unix extensions"; CVE-2010-0926; (bso#7104); (bnc#577868).
-------------------------------------------------------------------
Sun Feb 7 08:35:14 CET 2010 - boyang@suse.de
- Fix enumerate domain local groups for primary domain; (bnc#573813).
-------------------------------------------------------------------
Sun Feb 7 07:48:06 CET 2010 - boyang@suse.de
- Fix malformed require_membership_of_sid; (bnc#525123); (bso#7106).
-------------------------------------------------------------------
Fri Feb 5 17:12:24 UTC 2010 - lmuelle@suse.de
- Normalize "Changing password for" msg IDs and STRs; (bnc#499233).
-------------------------------------------------------------------
Thu Feb 4 16:58:53 UTC 2010 - rhafer@novell.com
- Build libtevent and libldb and put them into separate subpackages.
-------------------------------------------------------------------
Tue Jan 26 17:12:50 CET 2010 - lmuelle@suse.de
- Update to 3.5.0rc2.
+ The Using Samba HTML book has been removed.
+ 'net', 'smbclient' and libsmbclient can use logon credentials cached by
Winbind; (bso#7062).
+ New vfs_scannedonly module has been added; (bso#7028).
+ Check password history before increasing "badPasswordCount"; (bso#4347).
+ Fix changing of ACLs on writable file with "dos filemode=yes"; (bso#5202).
+ Restore Samba 3.0.x behavior and use the first "uid" value in pdb_ldap;
(bso#6157).
+ Fix deletion of an object whose parent folder does not have delete rights
fails even if the delete right is set on the object in vfs_acl_xattr and
vfs_acl_tdb; (bso#6876).
+ Fix large paged search with DirX LDAP servers; (bso#6981).
+ Fix a segfault in winbindd_dual_ccache_ntlm_auth(); (bso#7027).
+ Disable sanity check in NetShareEnum for better compatibility with
Windows; (bso#7029).
+ Fix SMBrmdir error message when deleting a directory fails; (bso#7033).
+ Fix segfault in vfs_cap; (bso#7034).
+ Fix 'net rpc getsid' in hardened Windows environments; (bso#7036).
+ Fix a Winbind segfault in "trusted_domains"; (bso#7037).
+ Complete and improve some German translation of 'net'; (bso#7039).
+ Fix compile error with WITH_DNS_UPDATE. Update .po files; (bso#7039).
+ Fix crash bug in libsmbclient; (bso#7043).
+ Fix bad (non memory copying) interfaces in smbc_setXXXX calls; (bso#7045).
+ Fix libsmbclient crash against OpenSolaris CIFS server; (bso#7046).
+ Lock down some srvsvc calls according to what w2k3 seems to do.
-------------------------------------------------------------------
Tue Jan 19 12:05:43 CET 2010 - lmuelle@suse.de
- Update to 3.4.5.
+ Fix memory leak in smbd (bug #7020).
+ Fix changing of ACLs on writable files with "dos filemode=yes"
(bug #5202).
+ BUG 6642: Fix opening the quota magic file.
+ BUG 6919: Fix remote quota management.
+ BUG 7034: Fix internal error caused by vfs_cap.
+ BUG 7036: Fix 'net rpc getsid' in hardened Windows environments.
+ BUG 7043: Fix crash bug in "SMBC_parse_path".
+ BUG 7045: Fix bad (non memory copying) interfaces in smbc_setXXXX calls.
+ BUG 7046: Fix a crash in libsmbclient used against the OpenSolaris CIFS
server.
-------------------------------------------------------------------
Tue Jan 12 22:55:44 UTC 2010 - lmuelle@suse.de
- Free unused memory after a packet got processed; (bso#7020).
-------------------------------------------------------------------
Fri Jan 8 04:56:21 CET 2010 - boyang@suse.de
- Add timeout to rpc call to prevent infinite loop when network is
down; (bnc#538923).
-------------------------------------------------------------------
Thu Jan 7 12:14:19 UTC 2010 - lmuelle@suse.de
- Update to 3.5.0rc1.
+ BUG 6837: Fix "Too many open files" when trying to access large number of
files with Windows 7; (bnc#619787).
+ BUG 6939: Fix long filenames when "mangling method" is set to "hash".
+ BUG 6991: Create symbol links to shared libraries.
+ BUG 6992: make test for getgrouplist cacheable.
+ BUG 7014: Fix Winbind crash when retrieving empty group members.
+ BUG 7020: Fix smbd using 2G memory.
+ Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned
attributes by protocol level.
+ Vector correctly through reply_openerror() (which uses the same logic).
+ Fix bugs with the full Windows ACL support.
+ Add a few missing gettext calls to the 'net' command.
+ Fix up a share type translation and translate some more strings in 'net'.
+ Allow to call "pdbedit -N description -u user" without specifiyng "-r".
+ Add spoolss_DriverInfo7.
+ Fix rpcclient after setprinter IDL fixes.
+ Use generated krb5.conf in 'net ads testjoin'.
+ Add some German translations for the 'net' command.
+ Update mount.cifs man page with nounix option.
+ Fix _samr_GetAliasMembership for results with 0 rids.
+ Fix an error case in cli_negprot.
+ Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc.
+ Restore correct timeouts for SMB requests.
+ Fix a 64-bit error in libsmb.
+ Replace IS_DOMAIN_OFFLINE by a function in Winbind.
+ Simplify/cleanup Winbind code.
+ Fix write behind memory block in libtalloc.
+ Fix result check for getaddrinfo().
+ Add tsocket_address_bsd_sockaddr() and tsocket_address_bsd_from_sockaddr()
to tsocket.
+ Always set tdb->tracefd to -1 to be safe on goto fail in libtdb.
+ Add TDB_DISALLOW_NESTING and make TDB_ALLOW_NESTING the default behavior.
+ Fix standalone 'make installdocs'.
+ Output %p as unsigned in snprintf replacement.
+ New attempt at TDB transaction nesting allow/disallow.
+ Remove swig stuff from libtdb.
+ Reset tdb->fd to -1 in tdb_close() in libtdb.
+ Change the way mksysms work in libtalloc.
+ Also build and install tdb manpages from standalone tdb.
+ Fix infinite loop in NCACN_IP_TCP as there is no timeout.
+ Make winbindd_cache.c aware of domain offline to avoid unnecessary backend
query.
+ List trusted domains from wcache when domain is offline.
-------------------------------------------------------------------
Thu Jan 7 11:21:35 UTC 2010 - lmuelle@suse.de
- Update to 3.4.4.
+ Fix interdomain trust relationships with Win2008R2 (bug #6697).
+ Fix Winbind crashes when queried from nss (bug #6889).
+ Fix Winbind crash when retrieving empty group members (bug #7014).
+ Fix "UID range full" error in Winbind (bug #6901).
+ Fix multiple LDAP servers in "idmap backend" and "idmap alloc
backend" (bug #6910).
+ BUG 4832: Fix iconv checks.
+ BUG 6338: Do not always display "none" in 'net rpc trustdom list'.
+ BUG 6851: Add pdbedit --kickoff-time/-K to set the user's kickoff time.
+ BUG 6828: Fix infinite timeout when byte lock held outside of samba.
+ BUG 6837: Fix "Too many open files" message when trying to access a large
number of files with Windows 7; (bnc#619787).
+ BUG 6841: Fix "map acl inherit = yes".
+ BUG 6850: Fix shadow copy display on Windows 7.
+ BUG 6867: Fix listing of directories with a lot of files.
+ BUG 6868: Support building with Heimdal we well as with MIT.
+ BUG 6875: Fix DOS attributes on OS/2 clients.
+ BUG 6880: Fix listing of workgroup servers in libsmbclient.
+ BUG 6898: Samba duplicates file content on appending.
+ BUG 6918: Fix krb5 build problem on Ubuntu karmic.
+ BUG 6929: Fix build with recent heimdal.
+ BUG 6939: Fix long filenames with "mangling method = hash".
+ BUG 6967: Fix 'net ads join' with OU.
+ BUG 6981: Fix paged search with DirX LDAP server.
+ BUG 6982: Remove erroneous out of memory error path in lookup_sid.
+ BUG 6997: Fix _samr_GetAliasMembership for results with 0 rids.
+ BUG 7005: Fix "mangle method = hash" truncates files with dot "."
character.
+ Fix the build of the winbind krb5 locator plugin.
+ Fix enumprinter key client and server.
-------------------------------------------------------------------
Wed Jan 6 17:17:58 UTC 2010 - lmuelle@suse.de
- Readjust the _libdir/cups/backend/smb sym link only on uninstall of the
samba-krb-printing package; (bnc#568603).
-------------------------------------------------------------------
Fri Jan 1 20:04:09 UTC 2010 - lars@samba.org
- Add BuildRequires to fam-devel; (bnc#564260).
-------------------------------------------------------------------
Wed Dec 30 22:04:19 CET 2009 - jmcdonough@suse.de
- Prevent winbind crash; (bso#7014); (bnc#566119).
-------------------------------------------------------------------
Mon Dec 21 20:16:21 CET 2009 - sjayaraman@suse.de
- Fix processing of open modes in POSIX open; (bnc#530683).
-------------------------------------------------------------------
Thu Dec 17 22:26:17 CET 2009 - jengelh@medozas.de
- Add baselibs.conf as a source.
-------------------------------------------------------------------
Tue Dec 15 16:47:48 UTC 2009 - lmuelle@suse.de
- Update to 3.5.0pre2.
+ BUG 2350: Add LDAP Alias Dereferencing support.
+ BUG 6288: SWAT adds a second share when changing parameters of an existing
share.
+ BUG 6435: Fix minor memory corruption.
+ BUG 6710: Only install the cifs.upcall man page if CIFSUPCALL_PROGS was
set while configure.
+ BUG 6802: A created folder does not properly inherit permissions from
parent in vfs_acl_xattr.
+ BUG 6837: "Too many open files" when trying to access large number of
files from Windows 7; (bnc#619787).
+ BUG 6860: Fix shared library build on QNX.
+ BUG 6879: Fix crash in Winbind.
+ BUG 6929: Fix build with recent heimdal.
+ BUG 6938 : No hook exists to check creation rights when using acl_xattr
module.
+ BUG 6967: Prevent glibc error on 'net ads join'.
+ Fix vfs_acl_xattr which was failing to call the NEXT connect function.
+ Restructure the ACL code.
+ Refactor reply_rmdir to use handle based code.
+ Fix the build when no external talloc and tdb are installed.
+ Fix detection of CTDB headers on systems without system-libtalloc.
+ Fix several printing issues.
+ Fix the build on Mac OS X 10.6.2.
+ Fix net and rpcclient after setprinterdataex changes.
+ Add full support for level 8 printer drivers.
+ Add more spoolss architectures to IDL.
+ Fix enumprinter key client and server.
+ Fix crash in EnumPrinterDataEx.
+ Prefer posix_fallocate for doing "strict allocate".
+ Restore "fake directory create times" as a share parameter.
+ Fix explicit stat64 support.
+ Add support for NetWkstaGetInfo 101 and 102.
+ Add rpcclient wkssvc_enumerateusers.
+ De-deprecate "write cache size" to prevent its removal without a proper
alternative.
+ Allow more than 1000 users in BUILTIN\Users.
+ Complete support for NetWkstaGetInfo/NetWkstaEnumUsers.
+ Fix the build of the example VFS modules.
+ Fix crash in free_file_list().
+ Give the user a chance to change password when password will expire soon.
-------------------------------------------------------------------
Wed Dec 9 20:44:21 UTC 2009 - lmuelle@suse.de
- Store the smbfs service state if enabled and restore it for cifs while
upgrade on post-11.2 systems.
-------------------------------------------------------------------
Wed Dec 9 16:43:45 UTC 2009 - lmuelle@suse.de
- Prevent cifstab from being overwritten while upgrade on post-11.2 systems.
-------------------------------------------------------------------
Wed Dec 9 07:44:59 CET 2009 - boyang@suse.de
- Give the user a chance to change password when password will expire soon;
(FATE#302414).
-------------------------------------------------------------------
Tue Dec 8 18:19:33 UTC 2009 - lmuelle@suse.de
- Rename smbfs init script to cifs for post-11.2 systems.
-------------------------------------------------------------------
Tue Dec 8 19:53:12 CEST 2009 - jmcdonough@suse.de
- Allow Windows 7 to connection to samba domain controllers and
member servers; (bnc#551811); (bso#6099); (bso#6100); (bso#6680).
-------------------------------------------------------------------
Fri Dec 4 18:59:22 CET 2009 - jmcdonough@suse.de
- Error on joining windows domain (invalid pointer); (bso#6967);
(bnc#553622).
-------------------------------------------------------------------
Thu Dec 3 11:47:02 CET 2009 - lmuelle@suse.de
- Add PreReq /usr/sbin/groupadd to the winbind package; (bnc#559165).
- Simplify the winbind package %pre script and suppress stdout only.
-------------------------------------------------------------------
Thu Nov 26 19:53:13 CET 2009 - lmuelle@suse.de
- Update to 3.5.0pre1
+ Add support for full Windows timestamp resolution.
+ Experimental implementation of SMB2.
+ Add encryption support for connections to a CUPS server.
+ Major windbind asynchronous refactoring.
- Remove using_samba from the doc package.
- Increase major version of libtalloc to 2.
-------------------------------------------------------------------
Thu Nov 19 03:57:41 CET 2009 - boyang@suse.de
- Fix kerberos refresh chain; (bnc#546162); (bso#6872).
-------------------------------------------------------------------
Fri Nov 6 19:55:27 CET 2009 - lmuelle@suse.de
- Hardlink duplicate files on post-11.1 systems.
-------------------------------------------------------------------
Fri Nov 6 18:08:17 CET 2009 - lmuelle@suse.de
- Add BuildArch noarch to samba-doc on post-11.1 systems.
-------------------------------------------------------------------
Tue Nov 3 03:10:47 CET 2009 - boyang@suse.de
- Use full 16byte session key in make_user_info_netlogon_interactive();
(bnc#551811).
-------------------------------------------------------------------
Thu Oct 29 14:22:08 CET 2009 - lmuelle@suse.de
- Update to 3.4.3.
+ Fix trust relationships to windows 2008 (2008 r2) (bug #6711).
+ Fix file corruption using smbclient with NT4 server (bug #6606).
+ Fix Windows 7 share access (which defaults to NTLMv2) (bug #6680).
+ BUG 4675: mount.cifs: Do not attempt to update /etc/mtab if it is a
symbolic link.
+ BUG 6529: Offline files conflict with Vista and Office 2003.
+ BUG 6532: Fix domain enumeration if master browser has space in name.
+ BUG 6606: Fix file corruption using smbclient with NT4 server.
+ BUG 6690: Fix wrong error check in profile.
+ BUG 6703: Allow smbstatus as non-root.
+ BUG 6704: Fix syntax error in avahi configure test.
+ BUG 6707: Fix an occasional segfault in config file parsing.
+ BUG 6710: Adjust regex to match variable names including underscores.
+ BUG 6711: Fix trust relationships to windows 2008 (2008 r2).
+ BUG 6726: SIVAL should have been an SVAL.
+ BUG 6728: BSD needs sys/sysctl.h included to build properly.
+ BUG 6731: Fix reading beyond the end of a named stream in xattr_streams.
+ BUG 6735: Don't overwrite password in pam_winbind, subsequent pam modules
might use the old password and new password.
+ BUG 6764: Fix timeval calculation.
+ BUG 6765: Add a "hidden" parameter "share:fake_fscaps".
+ BUG 6769: Fix symlink unlink.
+ BUG 6772: Allow outstanding_aio_calls to be decremented.
+ BUG 6774: smbd crashes if "aio write behind" is set.
+ BUG 6776: Fix core dump caused by running overlapping Byte Lock test.
+ BUG 6781: Fix renaming subfolders in Explorer view.
+ BUG 6791: Fix linking order in cifs.upcall.
+ BUG 6793: Fix Winbind crash with "INTERNAL ERROR: Signal 6".
+ BUG 6793: Fix segfault in winbindd_pam_auth.
+ BUG 6796: Deleting an event context on shutdown can cause smbd to crash.
+ BUG 6797: Fix a memleak in libwbclient.
+ BUG 6804: Fix hpux compiler issue.
+ BUG 6805: Correctly handle aio_error() and errno.
+ BUG 6807: Fix a segfault in "net rpc trustdom list" for long domain names.
+ BUG 6810: Add support for finding alternate credcaches to cifs.upcall.
+ BUG 6811: Fix reference to freed memory in pam_winbind.
+ BUG 6815: Fix Windows 2008 R2 SPNEGO negTokenTarg parsing failure.
+ BUG 6824: Fix avahi activation.
+ BUG 6826: Don't fail authentication when one or some group of
require-membership-of is invalid.
+ BUG 6828: Fix infinite timeout when byte lock held outside of Samba.
+ BUG 6829: Fix displaying of multibyte characters in smbclient.
+ BUG 6840: Fix crash in pam_winbind.
+ Fix an uninitialized variable.
+ Only ever handle one event after a select call.
+ Conditional install of the cifs.upcall man page.
+ Fix warning occuring when building the manpages.
-------------------------------------------------------------------
Fri Oct 23 10:50:50 CEST 2009 - lmuelle@suse.de
- Let smbclient show special characters properly; (bso#6829); (bnc#544204).
-------------------------------------------------------------------
Fri Oct 23 05:07:37 CEST 2009 - boyang@suse.de
- Don't fail authentication when one or some group of require-membership-of
is invalid; (bnc#525123); (bso#6826).
-------------------------------------------------------------------
Fri Oct 16 10:31:53 CEST 2009 - jmcdonough@suse.de
- Allow winbind to ignore certain domains; (bnc#539506).
-------------------------------------------------------------------
Thu Oct 8 21:54:16 CEST 2009 - lmuelle@suse.de
- Update to 3.4.2.
+ Fix unresolved home path; CVE-2009-2813; (bso#6763); (bnc#539517).
+ Fix potential denial of service; CVE-2009-2906; (bso#6768); (bnc#543115).
+ Fix potential mount.cifs password leaks; CVE-2009-2948; (bnc#542150).
-------------------------------------------------------------------
Wed Sep 30 12:56:02 CEST 2009 - jmcdonough@suse.de
- Fix potential denial of service; CVE-2009-2906; (bnc#543115).
-------------------------------------------------------------------
Fri Sep 25 18:57:30 CEST 2009 - jmcdonough@suse.de
- Fix potential mount.cifs password leaks; CVE-2009-2948; (bnc#542150).
-------------------------------------------------------------------
Wed Sep 23 21:56:35 CEST 2009 - jmcdonough@suse.de
- Fix unresolved home path; CVE-2009-2813; (bnc#539517).
-------------------------------------------------------------------
Mon Sep 21 11:56:54 CEST 2009 - boyang@suse.de
- Don't overwrite password in pam_winbind; (bnc#515444).
-------------------------------------------------------------------
Mon Sep 14 12:56:58 UTC 2009 - chris@computersalat.de
- mods for winbind (when used with squid - ntlm_auth)
o winbind adds group 'winbind'
o permission 0750,root,winbind LOCKDIR/winbindd_privileged
-------------------------------------------------------------------
Thu Sep 10 22:19:57 CEST 2009 - lmuelle@suse.de
- Merge two fixes from 3.2.8 and 3.3.1.
+ Adjust regex to match variable names including underscores.
+ Conditional install of the cifs.upcall man page.
-------------------------------------------------------------------
Thu Sep 10 00:36:36 CEST 2009 - lmuelle@suse.de
- Remove supplements from baselibs.conf while %clean for pre-11.1 systems;
(bnc#520579).
-------------------------------------------------------------------
Wed Sep 9 17:26:58 CEST 2009 - lmuelle@suse.de
- Update to 3.4.1.
+ Fix authentication on member servers without Winbind (bug #6650).
+ Nautilus fails to copy files from an SMB share (bug #6649).
+ Fix connections of Win98 clients (bug #6551).
+ Fix interdomain trusts with Windows 2008 R2 DCs (bug #6697).
+ Fix Winbind authentication issue (bug #6646).
+ BUG 5879: Update LDAP schema for Netscape DS 5.
+ BUG 5886: Fix password change propagation with ldapsam.
+ BUG 6105: Make linking of cifs.upcall and rpcclient --as-needed safe.
+ BUG 6222: Default to DRSUAPI replication for net rpc vampire keytab.
+ BUG 6437: Make open_udp_socket() IPv6 clean.
+ BUG 6496: MS-DFS cannot follow multibyte char link name in libsmbclient.
+ BUG 6506: Smbd server doesn't set EAs when a file is overwritten in
NT_TRANSACT_CREATE.
+ BUG 6532: Fix the build with external talloc.
+ BUG 6538: Cancel all locks that are made before the first failure.
+ BUG 6560: Fix lookupname.
+ BUG 6564: SetPrinter fails (panics) as non root.
+ BUG 6568: Fix _spoolss_GetPrintProcessorDirectory() implementation.
+ BUG 6585: Fix unqualified "net join".
+ BUG 6593: Correctly implement SMB_INFO_STANDARD setfileinfo.
+ BUG 6601: Avoid global fd limits.
+ BUG 6607: Fix crash bug in spoolss_addprinterex_level_2.
+ BUG 6611: Fix a valgrind error in chain_reply.
+ BUG 6615: Fix browsing of DFS when using kerberos in libsmbclient.
+ BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds.
+ BUG 6650: Fix authentication on member servers without Winbind.
+ BUG 6651: Fix smbd SIGSEGV when breaking oplocks.
+ BUG 6655: Fix 'smbcontrol smbd ping'.
+ BUG 6620: Fix a bug in renames of directories.
+ BUG 6664: Fix truncation of the session key.
+ BUG 6673: Fix 'smbpasswd' with "unix password sync = yes".
+ BUG 6680: Fix authentication failure from Windows 7 when domain joined.
+ BUG 6688: Fix crash in 'net usershare list'.
+ BUG 6693: Check we read off the complete event from inotify.
+ BUG 6700: Use dns domain name when needing to guess server principal.
-------------------------------------------------------------------
Thu Aug 13 03:52:07 CEST 2009 - boyang@suse.de
- Update to 3.2.14.
+ Fix SAMR access checks (e.g. bugs #6089 and #6112).
+ Fix 'force user' (bug #6291).
+ Improve Win7 support (bug #6099).
+ Fix posix ACLs when setting an ACL without explicit ACE for the
owner (bug #2346).
+ BUG 6387: Fix Winbind crash when multiple IDmappings exist in the
LDAP directory.
+ BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache().
+ BUG 6089: Fix SAMR access checks.
+ BUG 6112: Fix SAMR access checks.
+ BUG 6279: Fix Winbind crash.
+ BUG 6291: Fix 'force user'.
+ BUG 6099: Try to fix domain join of Win7 Beta.
+ BUG 6386: Groupdb mapping fix.
+ BUG 6421: Fix POSIX read-only open on read-only shares.
+ BUG 6476: Fix more smbd-zombies in memory.
+ BUG 6488: acl_group_override() call in posix acls references an
uninitialized variable.
+ BUG 6504: Fix SAMR server for Winbind access.
+ BUG 6520: Fix time stamps.
+ BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit.
+ BUG 6340: Don't segfault when cleartext trustdom pwd could not be
retrieved.
+ BUG 6372: Fix usermanager only displaying 1024 groups and aliases.
+ BUG 6465: Fix enum_aliasmem in ldb branch.
+ BUG 6484: Fix searching for users while adding them to groups via
Windows usermanager.
+ BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the
owner.
+ BUG 6526: Let parent_dirname() correctly return toplevel filenames.
+ BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds.
+ BUG 5798: Preserve CFLAGS info in configure.
+ BUG 6382: Case insensitive access to DFS links broken.
+ BUG 6481: Don't require "Modify property" perms to unjoin.
+ BUG 6628: 'smbpasswd -a' uses algorithmic rid base with
'passdb backend = tdbsam'.
+ BUG 6560: Lookupname failed, cannot find domain when attempt to change
password.
+ Prevent creation of keys containing the '/' character.
+ Fix join of Windows 7 RC to a Samba3 DC.
+ Fix bug in processing of open modes in POSIX open.
+ Fix the negotiate flags.
+ Protect netlogon_creds_server_step() against NULL creds.
+ Also handle DirX return codes.
+ Fix a crash bug if we timeout in net rpc trustdom list.
+ Add '--request-timeout' option to 'net'.
+ Fix a race condition in Winbind leading to a panic.
+ Add workaround for MS KB932762.
+ 5945: Fix out of memory error with Winbind idmap.
+ Avoid duplicate ACEs.
+ Fix profile ACLs in some corner cases.
+ Zero an uninitialized array.
-------------------------------------------------------------------
Wed Aug 12 05:07:06 CEST 2009 - boyang@suse.de
- Unable to browse DFS when using kerberos in libsmbclient; (bnc#528271);
(bso#6615).
-------------------------------------------------------------------
Mon Aug 10 03:53:53 CEST 2009 - boyang@suse.de
- check in .po files for pam_winbind; (bnc#499233); (bso#6602).
-------------------------------------------------------------------
Thu Aug 6 16:24:23 CEST 2009 - hhetter@suse.de
- Add ntp and network-remotefs as Should-Start dependency to the winbind init
script; (bnc#515629).
-------------------------------------------------------------------
Thu Aug 6 14:40:21 CEST 2009 - lmuelle@suse.de
- Update to 3.0.36.
+ Fix Winbind crash on 'getent group' (bug #5906).
+ Excel save operation corrupts file ACLs (bug #4308).
+ Prevent segmentation fault on joining a very long domain name.
+ BUG 4308: Excel save operation corrupts file ACLs.
+ BUG 4370: Clean-up entries in /etc/mtab after unmount.
+ BUG 4640: Fix guest mounts in mount-cifs.
+ BUG 5906: Fix Winbind crash on 'getent group'.
+ BUG 6066: netinet/ip.h present but cannot be compiled on Solaris.
+ BUG 6099: In order to allow Win7 to connect to a Samba NT style.
+ BUG 6279: Fix Winbind crash.
PDC we set the flags before we know if it's an error or not.
+ BUG 6085: Fix build of vfs_default.
+ BUG 6098: When the DNS server is invalid, the ads_find_dc() does not work
correctly.
+ Fix logic error in try_chown.
+ Correctly use chroot().
+ Fix bug in processing of open modes in POSIX open.
+ Don't install the cifs.upcall binary twice.
+ Fix mount.cifs handling of -V option.
+ Prevent segmentation fault on joining a very long domain name.
+ Don't try and delete a default ACL from a file.
+ Add workaround for MS KB932762.
+ Add fakemount (-f) and nomtab (-n) flags to mount.cifs.
+ Fix a crash during name resolution when log level >= 10
and libc segfaults if printf is passed NULL for a "%s" arg.
-------------------------------------------------------------------
Sat Aug 1 18:39:53 CEST 2009 - lmuelle@suse.de
- Use a conditional suse_version macro in front of the SUSE_ASNEEDED export.
-------------------------------------------------------------------
Mon Jul 27 13:45:04 CEST 2009 - boyang@suse.de
- lookupname failed, cannot find domain when attempt to change password;
(bnc#520645); (bso#6560).
-------------------------------------------------------------------
Thu Jul 16 16:09:48 CEST 2009 - lmuelle@suse.de
- Don't link with --as-needed flag on post-11.1 systems.
-------------------------------------------------------------------
Tue Jul 14 23:50:08 CEST 2009 - lmuelle@suse.de
- Stop the smbfs service if an interface goes down; (bnc#517768).
-------------------------------------------------------------------
Wed Jul 8 19:45:21 CEST 2009 - lmuelle@suse.de
- Disable build of static libraries on post-11.1 systems; (bnc#509945).
-------------------------------------------------------------------
Wed Jul 8 15:35:20 CEST 2009 - jmcdonough@suse.de
- Fix missing zlibs for cifs.upcall and test_shlibs.
-------------------------------------------------------------------
Fri Jul 3 17:21:17 CEST 2009 - lmuelle@suse.de
- Update to 3.4.0.
+ BUG 6431: Local groups from 3.0 setups no longer found.
+ BUG 6459: Fix build of pam_smbpass on some distributions.
+ BUG 6481: 'net ads leave' needs to try account deletion, NetUnjoinDomain
not.
+ BUG 6497: Fix calling of 'test' in configure.
+ BUG 6498: Add workaround for MS KB932762.
+ BUG 6499: Fix building of pam_smbpass.
+ BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache().
+ BUG 6512: Fix support for enumerating user forms.
+ BUG 6514: Improve error message in 'net' when smb.conf is not available.
+ BUG 6520: Fix time stamps when "unix extensions = yes".
+ BUG 6521: Fix building tevent_ntstatus without config.h.
+ BUG 6526: Fix notifies in the share root directory.
+ BUG 6531: Fix pid file name.
-------------------------------------------------------------------
Thu Jul 2 13:04:53 CEST 2009 - lmuelle@suse.de
- Package /etc/samba/smbpasswd as %ghost on post-11.1 systems.
-------------------------------------------------------------------
Tue Jun 30 13:26:32 CEST 2009 - jmcdonough@suse.de
- Fix net ads leave; (bnc#511695).
-------------------------------------------------------------------
Thu Jun 25 12:25:33 CEST 2009 - sbrabec@suse.cz
- Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164).
- Supplement glibc-32bit/glibc-64bit in baselibs.conf (bnc#354164).
-------------------------------------------------------------------
Wed Jun 24 17:11:15 CEST 2009 - lmuelle@suse.de
- Update to 3.2.13, 3.3.6.
+ In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with
file names treat user input as a format string to asprintf. With a
maliciously crafted file name smbclient can be made to execute code
triggered by the server; CVE-2009-1886; (bnc#513360); (bso#6478).
-------------------------------------------------------------------
Wed Jun 24 16:01:42 CEST 2009 - lmuelle@suse.de
- Update to 3.0.35.
+ In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
data value can potentially affect access control when "dos filemode"
is set to "yes"; CVE-2009-1888; (bnc#515479).
-------------------------------------------------------------------
Tue Jun 23 12:32:18 CEST 2009 - jmcdonough@suse.de
- Uninitialized read of a data value; CVE-2009-1888 (bnc#515479).
-------------------------------------------------------------------
Fri Jun 19 12:01:52 CEST 2009 - lmuelle@suse.de
- Update to 3.4.0rc1.
+ BUG 4699: Remove pidfile on clean shutdown.
+ BUG 5456: Fix "net ads testjoin".
+ BUG 6081: Make it possible to change machine account sids.
+ BUG 6253: Use correct value for password expiry calculation in
pam_winbind.
+ BUG 6297: Owner of sticky directory cannot delete files created by others.
+ BUG 6305: Correctly prompt for a password when a username was given.
+ BUG 6328: Add support for multiple rights to
"net sam rights grant/revoke".
+ BUG 6333: Consolidate create/delete account paths in pdbedit.
+ BUG 6449: 'net rap user add' crashes without -C option.
+ BUG 6451: net/libnetapi user rename using wrong access bits.
+ BUG 6458: Fix uninitialized variable in local_password_change().
+ BUG 6465: Fix enumeration of empty aliases.
+ BUG 6476: Fix smbd-zombies in memory when using [x]inetd.
+ BUG 6487: Add missing DFS call in trans2 mkdir call.
+ BUG 6488: acl_group_override() call in posix acls references an
uninitialized variable.
+ Improve pam_winbind documentation.
- Install a vendor copy of samba-common.dhcp as dhcpcd-hook-samba-functions.
-------------------------------------------------------------------
Thu Jun 18 16:29:34 CEST 2009 - boyang@suse.de
- Samba 3.2.0 - 3.2.12 smbclient commands dealing with file names treat user
input as a format string to asprintf; CVE-2009-1886; (bnc#513360).
-------------------------------------------------------------------
Wed Jun 17 18:11:46 CEST 2009 - boyang@suse.de
- Fix a bad memleak in vfs_full_audit; (bnc#510035).
-------------------------------------------------------------------
Mon Jun 16 16:51:38 CEST 2009 - lmuelle@suse.de
- Update to 3.3.5.
+ Fix SAMR and LSA checks (bug #6089, #6289)
+ Fix posix acls when setting an ACL without explicit ACE for the
owner (bug #2346).
+ Fix joining of Win7 into Samba domain (bug #6099).
+ Fix joining of Win2000 SP4 clients (bug #6301).
+ BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the
owner.
+ BUG 5832: Fix build on RHEL when ccache is not available.
+ BUG 5853: Add keyutils-devel to build requires to fix build on RHEL.
+ BUG 5897: Fix shutdown script example in the smb.conf manpage.
+ BUG 6089: Revert the extra SAMR and LSA checks.
+ BUG 6099: Fix joining of Win7 into Samba domain.
+ BUG 6157: Fix handling of multi-value attribute "uid".
+ BUG 6289: Revert the extra SAMR and LSA checks.
+ BUG 6297: Owner of sticky directory cannot delete files created by others.
+ BUG 6301: Fix joining of Win2000 SP4 clients.
+ BUG 6309: Support remote unjoining of Windows 2003 or greater.
+ BUG 6315: smbd crashes doing vfs_full_audit on IPC$ close event.
+ BUG 6320: Handle registry config source in file_list.
+ BUG 6330: Fix DFS on AIX.
+ BUG 6336: Fix 'net groupmap set' segfault.
+ BUG 6361: Make --rcfile work in smbget.
+ BUG 6365: Re-Add the "dropbox" functionality with -wx rights on a
directory.
+ BUG 6372: Fix usermanager only displaying 1024 groups and aliases.
+ BUG 6382: Fix case insensitive access to DFS links.
+ BUG 6415: Filter out of range mappings in default idmap config in
idmap_tdb.
+ BUG 6416: Filter out of range mappings in default idmap config in
idmap_tdb2.
+ BUG 6417: Filter out of range mappings in default idmap config in
idmap_ldap.
+ BUG 6441: Fix the compile with --enable-dnssd.
+ BUG 6449: 'net rap user add' crashes without -C option.
+ BUG 6465: Fix enumeration of empty aliases (ldb backend).
+ Prevent infinite include nesting.
+ Mark registry shares without path unavailable.
+ Also handle DirX return codes.
+ Fix Coverity ID 897.
+ Do not crash in ctdbd_traverse if ctdbd is not around.
+ Fix a race condition in winbind leading to a panic.
+ Some man pam_winbind improvements.
+ Zero an uninitialized array.
-------------------------------------------------------------------
Mon Jun 16 14:42:33 CEST 2009 - lmuelle@suse.de
- Update to 3.2.12.
+ Fix SAMR and LSA checks (bug #6089, #6289)
+ Fix posix acls when setting an ACL without explicit ACE for the
owner (bug #2346).
+ Fix "force user" (bug #6291).
+ Fix Winbind crash (bug #6279).
+ Fix joining of Win7 into Samba domain (bug #6099).
+ BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the
owner.
+ BUG 5798: CFLAGS info lost in configure.
+ BUG 5832: Fix build on RHEL when ccache is not available.
+ BUG 5835: Add keyutils-devel to build requires.
+ BUG 5945: Fix out of memory error with Winbind idmap.
+ BUG 6089: Revert the extra SAMR and LSA checks.
+ BUG 6099: Fix joining of Win7 into Samba domain.
+ BUG 6279: Fix Winbind crash.
+ BUG 6289: Revert the extra SAMR and LSA checks.
+ BUG 6291: Fix "force user".
+ BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit.
+ BUG 6372: Fix usermanager only displaying 1024 groups and aliases.
+ BUG 6386: Groupdb mapping fix.
+ BUG 6382: Fix case insensitive access to DFS links.
+ BUG 6465: Fix enumeration of empty aliases (ldb backend).
+ Prevent creation of keys containing the '/' character.
+ Fix bug in processing of open modes in POSIX open.
+ Protect netlogon_creds_server_step() against NULL creds.
+ Also handle DirX return codes.
+ Fix a race condition in winbind leading to a panic.
+ Fix a crash bug if we timeout in net rpc trustdom list.
+ Fix profile acls in some corner cases.
-------------------------------------------------------------------
Fri Jun 12 23:03:54 CEST 2009 - lmuelle@suse.de
- Default with passdb backend to smbpasswd for SUSE products older than 11.2.
-------------------------------------------------------------------
Fri Jun 12 15:47:51 CEST 2009 - lmuelle@suse.de
- Explicitly use 'tdbsam' as passdb backend in the default smb.conf file.
-------------------------------------------------------------------
Mon Jun 8 23:18:02 CEST 2009 - lmuelle@suse.de
- Update to 3.4.0pre2.
+ The default passdb backend has been changed to 'tdbsam'!
+ Samba4 and Samba3 sources are included in the tarball.
+ Changed the way smbd handles untrusted domain names given during user
authentication.
+ Various fixes including printer change notificiation for Samba spoolss
print servers.
+ The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog
and spoolss) were replaced by autogenerated code based on PIDL.
+ Samba3 and Samba4 do now share a common tevent library.
+ The code has been cleaned up and the major basic interfaces are shared
with Samba4 now.
+ An asynchronous API has been added.
+ Made parameter syntax of the net command more consistent.
+ BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the
owner.
+ BUG 4271: testparm should not print includes.
+ BUG 4831: Don't call openlog() or closelog() from pam_smbpass.
+ BUG 5681: Do not limit the number of network interfaces.
+ BUG 5859: Fix renaming of samr objects failed due to samr setuserinfo
access checks.
+ BUG 6099: Fix NETLOGON credential chain.
+ BUG 6136: New AFS syscall conventions.
+ BUG 6157: Fix handling of multi-value attribute "uid".
+ BUG 6253: Use correct value for password expiry calculation.
+ BUG 6291: Fix 'force user'.
+ BUG 6292: Update config.guess from gnu.org.
+ BUG 6302: Give the VFS a chance to read from 0-byte files.
+ BUG 6309: Support remote unjoining of Windows 2003 or greater.
+ BUG 6313: ldapsam_update_sam_account() crashes while doing talloc_free on
malloced memory.
+ BUG 6315: Fix smbd crashes when doing vfs_full_audit on IPC$ close event.
+ BUG 6320: Handle registry config source in file_list.
+ BUG 6330: Fix DFS on AIX.
+ BUG 6336: Fix segfault in 'net groupmap set'.
+ BUG 6340: Don't segfault when cleartext trustdom pwd could not be
retrieved.
+ BUG 6357: Use Samba default command line arguments in 'net'.
+ BUG 6359: smbclient -L does not list workgroup for hosts with both IPv4
and IPv6 addresses
+ BUG 6361: Make --rcfile work in smbget.
+ BUG 6371: Unsuccessful 'net conf setparm' leaves empty share.
+ BUG 6372: usermanager only displaying 1024 groups and aliases.
+ BUG 6387: Fix a crash bug in idmap_ldap_unixids_to_sids.
+ BUG 6415: Filter out of range mappings in default idmap config
(idmap_tdb).
+ BUG 6416: Filter out of range mappings in default idmap config
(idmap_tdb2).
+ BUG 6417: Filter out of range mappings in default idmap config
(idmap_ldap).
+ Change the way smbd handles untrusted domain names given during user
authentication.
+ Replace the hand-marshalled DCE/RPC services ntsvcs, svcctl, eventlog and
spoolss by autogenerated code based on PIDL.
+ Fix several printing issues and improve support for printer change
notificiations.
+ Add 'net eventlog'.
+ Add asynchronous API.
+ Make Samba3 and Samba4 share a tevent library.
+ Add two new parameters to control how we verify kerberos tickets.
+ Add 'net rpc service' subcommands 'create' and 'delete'.
+ Fix the core of the SAMR access functions.
+ Fix SAMR server for winbindd access.
+ Add dbwrap_tool - a tdb tool that is CTDB-aware.
+ Hide "config backend" from swat.
+ Fix linking with --disable-shared-libs.
+ Fix issue with missing entries when enumerating directories.
+ Map NULL domains to our global sam name.
+ Fix driver upload for Xerox 4110 PS printer driver.
+ Add "net dom renamecomputer" to rename machines in a domain.
+ Inspect the correct computername string before enabling/disabling the
change button in netdomjoin-gui.
+ Fix join prompt dialog test in netdomjoin-gui.
+ Only gray out labels when not root and not connecting to remote
machines (netdomjoin-gui).
+ Allow to switch between workgroups/domains with the same name
(netdomjoin-gui).
+ Add NetShutdownInit and NetShutdownAbort.
+ Fix samr access checks.
+ Add a security model to LSA.
+ Also handle DirX return codes.
+ Do not crash in ctdbd_traverse if ctdbd is not around.
+ Fix Coverity ID 897.
+ Fix a race condition in vfs_aio_fork with gpfs share modes.
+ Fix bug disclosed by lock8 torture test.
+ Fix a race condition in winbind leading to a panic.
+ Detect tight loop in tdb_find().
+ Fix chained sesssetupAndX/tconn messages.
+ Fix strict locking with chained reads.
+ Fix two bugs in sendfile.
+ Fix memory leak.
+ Fix file descriptor leak.
+ Fallback to the legacy sid_to_(uid|gid) instead of returning NULL.
+ Always allocate memory in dptr_ReadDirName.
+ Fix 'net' crash during domain join.
+ Zero an uninitialized array.
+ Allow child processes to exit gracefully if we are out of fds.
-------------------------------------------------------------------
Thu Jun 4 18:54:34 CEST 2009 - sjayaraman@suse.de
- Enable cifs.upcall on versions newer than SUSE 10.0.
-------------------------------------------------------------------
Thu Jun 4 18:43:13 CEST 2009 - sjayaraman@suse.de
- Add BuildRequires to keyutils-devel.
-------------------------------------------------------------------
Thu Jun 4 18:14:40 CEST 2009 - sjayaraman@suse.de
- Remove redundant Requires to keyutils-libs for cifs-mount.
-------------------------------------------------------------------
Wed May 27 22:26:15 CEST 2009 - jmcdonough@suse.de
- Detect tight loop in tdb_find(); (bnc#450974).
-------------------------------------------------------------------
Mon May 18 18:03:00 CEST 2009 - jmcdonough@suse.de
- Fix lp printing with kerberos; (bnc#476913).
-------------------------------------------------------------------
Sat May 9 20:19:51 CEST 2009 - lmuelle@suse.de
- Add BuildRequires to ctdb-devel for systems newer than SUSE 10.0 and all
other build targets.
-------------------------------------------------------------------
Thu Apr 30 15:47:13 CEST 2009 - lmuelle@suse.de
- Update to 3.4.0pre1.
+ Samba4 and Samba3 sources are included in the tarball
+ Changed the way smbd handles untrusted domain names given during user
authentication.
+ Various fixes including printer change notificiation for Samba spoolss
print servers.
+ The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog
and spoolss) were replaced by autogenerated code based on PIDL.
+ Samba3 and Samba4 do now share a common tevent library.
+ The code has been cleaned up and the major basic interfaces are shared
with Samba4 now.
+ An asynchronous API has been added.
+ Change the way smbd handles untrusted domain names given during user
authentication.
+ Replace the hand-marshalled DCE/RPC services ntsvcs, svcctl, eventlog and
spoolss by autogenerated code based on PIDL.
+ Fix several printing issues and improve support for printer change
notificiations.
+ Add 'net eventlog'.
+ Add asynchronous API.
+ Make Samba3 and Samba4 share a tevent library.
+ Add two new parameters to control how we verify kerberos tickets.
+ Add 'net rpc service' subcommands 'create' and 'delete'.
+ Make merged build possible.
+ Move common libraries to the shared lib/ directory.
-------------------------------------------------------------------
Thu Apr 30 15:15:41 CEST 2009 - lmuelle@suse.de
- Update to 3.3.4.
+ Fix domain logins for WinXP clients pre SP3 (bug #6263).
+ Fix samr_OpenDomain access checks (bug #6089).
+ Fix usrmgr.exe creating a user (bug #6243).
+ BUG 6089: Fix samr_OpenDomain access checks.
+ BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with
"msdfs root" set to "yes".
+ BUG 6279: Fix Winbind crash.
+ BUG 5329: Add "net rpc service delete/create".
+ BUG 6238: Make sure wbcLogoffUserParams are properly initialized before
freed.
+ BUG 6263: Fix domain logins for WinXP clients pre SP3.
+ BUG 6286: Call init function for builtin idmap modules before probing for
them as shared modules.
+ BUG 6243: Fix usrmgr.exe creating a user.
+ net conf: Save share name as given, not as lower case only.
+ Prevent creation of registry keys containing the '/' character.
+ Allow pdbedit to change a user rid/sid.
+ When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid.
+ Don't access a freed structure when logging off and re-using a vuid.
+ Try to to fix password_expired flag handling.
+ Make sure to grey out change fields in the netdomjoin-gui when not
running as root.
+ Don't look up local user for remote changes, even when root.
+ Use procid_str in debug messages for better cluster-debuggability.
+ Use cluster-aware procid_is_me instead of comparing pids.
+ Fix smbd crash for close_on_completion.
+ Fix a memleak in an unlikely error path in change_notify_create().
+ Do not use the file system GET_REAL_FILENAME for mangled names.
+ Fix a crash bug if we timeout in net rpc trustdom list.
+ Add '--request-timeout' option to net.
+ In net_conf_import, start a transaction when importing a single share.
+ Fix writing of roaming profiles with "profile acls" set to "yes".
-------------------------------------------------------------------
Fri Apr 17 21:36:47 CEST 2009 - lmuelle@suse.de
- Update to 3.2.11.
+ Fix domain logins for WinXP clients pre SP3 (bug #6263).
+ Fix samr_OpenDomain access checks (bug #6089).
+ Fix smbd crash for close_on_completion.
+ BUG 6089: Fix samr_OpenDomain access checks.
+ BUG 6205: Correct sample smb.conf share configuration.
+ BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with
"msdfs root" set to "yes".
+ BUG 6263: Fix domain logins for WinXP clients pre SP3.
+ Allow pdbedit to change a user rid/sid.
+ When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid.
+ Fix resume command typo for "printing = vlp".
+ Fix smbd crash for close_on_completion.
+ Fix a memleak in an unlikely error path in change_notify_create().
+ Don't look up local user for remote changes, even when root.
-------------------------------------------------------------------
Fri Apr 17 10:34:29 CEST 2009 - jmcdonough@suse.de
- Don't lookup local user for remote password changes; (bnc#493507).
-------------------------------------------------------------------
Thu Apr 2 22:14:03 CEST 2009 - lmuelle@suse.de
- Update to 3.3.3.
+ Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb
correctly (bug #6195).
+ Fix serving of files with colons to CIFS/VFS client (bug #6196).
+ Fix "map readonly" (bug #6186).
+ BUG 6195: Don't let smbd child processes panic.
+ Add backend_requires_messaging() method to libsmbconf.
+ Add methods is_writeable() and wrapper smbconf_is_writeable() to libsmbconf.
+ Fall back to file backend when no valid backend was found.
+ Fix a memleak in dbwrap_rbt.
+ Provide transaction_start|commit|cancel fns for the registry tdb.
+ Speed up "net conf drop".
+ Speed up "net conf import".
+ Add transactions to the libsmbconf API.
+ Reduce memory usage of "net conf import".
+ Registry cleanup.
+ Fix handling of SAMBA_VERSION_VENDOR_PATCH.
+ Fix build of pam_winbind.so with static linking.
+ Tidy up some convert_string_internal error cases.
+ BUG 6224: nmbd waits 5 minutes at startup before checking if it needs to
run elections.
+ Allow DFS client paths to work when POSIX pathnames have been selected.
+ Try and fix the build farm RAW-STREAMS errors.
+ Ensure files starting with multiple dots are hidden.
+ BUG 6102: NetQueryDisplayInformation could return wrong information.
+ BUG 6193: Avoid messing with sync_context in libnet_samsync_delta().
+ Fix notify_printer_status_byname.
+ Fix Coverity IDs 722, 762, 774, 775, 776.
+ Fix build on old Heimdal based systems.
+ Fix compile warning.
+ Use parentheses in if condition to make negation clear.
+ Add dirsort module.
+ BUG 6147: Fix detection of the GNU ld version.
+ BUG 6097: Fix smbd segfault.
+ BUG 6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped
members.
+ BUG 6139: Add missing whitespace in mount.cifs error message.
+ Fix a malloc/talloc mismatch when cli_initialise() fails.
+ Fix a valgrind error.
+ Speed up "net conf list".
+ Add sorted subkey cache.
+ Use StrCaseCmp in the dirsort module.
+ Document the dirsort module.
+ Disable dns_sd by default.
+ Add avahi detection to configure.
+ Add event avahi binding.
+ Use avahi to register _smb._tcp in smbd.
+ Fix two memleaks in the encryption code.
+ Fix a scary "fill_share_mode_lock failed" message.
+ BUG 6228: Fix SMBC_open_ctx failure due to path resolve failure doesn't set
errno.
+ Don't use reserved words in smbconftort.
+ Fix smb signing for fragmented trans/trans2/nttrans requests.
+ Parse_packet can return NULL which is then dereferenced in
match_mailslot_name.
+ Format the header check for netinet/ip.h more nicely.
+ Missing break in conversion function prevents tdb password database
update.
-------------------------------------------------------------------
Wed Apr 1 16:04:11 CEST 2009 - jmcdonough@suse.de
- Update to 3.2.10.
+ BUG #6195: Don't let smbd child processes panic.
-------------------------------------------------------------------
Wed Apr 1 13:03:44 CEST 2009 - jmcdonough@suse.de
- BUG 6195: Fix crash on passdb conversion.
-------------------------------------------------------------------
Tue Mar 31 15:06:03 CET 2009 - jmcdonough@suse.de
- Update to 3.2.9.
+ BUG 5920: The length of the memcpy was calculated wrong.
+ BUG 6097: Fix smbd segfault.
+ BUG 6098: Fix ads_find_dc() with "security = domain" when the DNS
server is invalid.
+ BUG 6099: Samba returns incurrate capabilities list.
+ BUG 6100: Implement _netr_LogonGetCapabilities() with
NT_STATUS_NOT_IMPLEMENTED.
+ BUG 6102: NetQueryDisplayInformation could return wrong information.
+ BUG 6130: Fix crash in winbindd_rpc lookup_groupmem() on unmapped
members.
+ BUG 6133: Cannot delete non-ACL files on NFSv4 ACL filesystem.
+ BUG 6161: smbclient corrupts source path in tar mode.
+ BUG 6193: Avoid messing with sync_context in fetch_database_to_ldif().
+ BUG 6196: Unable to serve files with colons to Linux CIFS/VFS client.
+ BUG 6224: nmbd waits 5 minutes before checking to run elections.
+ BUG 6228: Fix SMBC_open_ctx failure when path failure doesn't set errno.
+ Numerous Coverity fixes
+ Fix double free caused by incorrect talloc_steal usage.
+ Backport delete semantics of alternate data streams on a file truncate.
+ Allow set attributes on a stream fnum to redirect to the base filename.
+ Fix use of streams modules with CIFSFS client.
+ Fix more POSIX path lstat calls.
+ Allow DFS client paths to work with POSIX pathnames.
+ Ensure files starting with multiple dots are hidden.
+ Fix guest auth when Winbind is running.
+ Fix memleak in get_remote_printer_publishing_data().
+ cifs mount fix for handling -V parameter.
+ Fix guest mounts.
+ Clean-up entries in /etc/mtab after unmount.
+ Add fakemount (-f) and nomtab (-n) flags to mount.cifs.
+ Enable total anonymization in vfs_smb_traffic_analyzer.
+ Don't try and delete a default ACL from a file.
+ Fix remotely adding a share via MMC.
+ Fix resume handle for _samr_EnumDomainGroups.
+ Fix a buffer handling bug when adding lots of registry keys.
+ Fix a O(n^2) algorithm in regdb_fetch_keys().
+ Fix a valgrind error / segfault in dns_register_smbd().
+ Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog.
+ Fix a malloc/talloc mismatch when cli_initialise() fails.
+ Fix two memleaks in the encryption code.
+ Fix "fill_share_mode_lock failed" message.
+ Add S-1-22-X-Y sids to the local token.
+ Fix smb signing for fragmented trans/trans2/nttrans requests.
+ Don't miss an absolute pathname as a kerberos keytab path.
+ Have nmbd check all available interfaces for WINS before failing.
+ Initialize the id_map status in idmap_ldap to avoid surprise.
-------------------------------------------------------------------
Sun Mar 15 12:48:28 CET 2009 - lmuelle@suse.de
- Obsolete change from 2008-03-05 by removing the needless examples cleanup.
-------------------------------------------------------------------
Sat Mar 14 12:17:03 CET 2009 - lmuelle@suse.de
- Update to 3.3.2.
+ Fix "force group" (bug #6155).
+ Fix saving of files on Samba share using MS Office 2007 (bug #6160).
+ Fix guest authentication in setups with "security = share" and "guest ok =
yes" when Winbind is running.
+ Fix corruptions of source path in tar mode of smbclient (bug #6161).
+ BUG 6082: Fix renaming and deleting of directories using Windows clients.
+ BUG 6154: Make ZFS honor admin users.
+ BUG 6155: Fix "force group".
+ BUG 6160: Fix saving of files on Samba share using MS Office 2007.
+ BUG 6161: Fix corruptions of source path in tar mode of smbclient.
+ Fix some NetBSD warnings.
+ Fix bug in processing of open modes in POSIX open.
+ Fix use of streams modules with CIFSFS client.
+ Ensure ACL modules work with POSIX paths.
+ Use fsp->posix_open in preference if we have it.
+ Fix more POSIX path lstat calls.
+ Fix a bug in message handling for the change notify code.
+ Fix guest authentication in setups with "security = share" and "guest ok =
yes" when Winbind is running.
+ BUG 4640: Fix guest mounts in mount.cifs.
+ Fix displaying the version string properly when no other parameters passed
in in mount.cifs.
+ Prefer gssapi header files from subdirectory.
+ BUG 6176: winbindd -n should disable the winbind idmap cache.
+ Add a vfs_preopen module to hide fs latencies.
+ Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog.
+ Fix a valgrind error / segfault in dns_register_smbd().
+ Fix build on SLES8.
+ Decremented by 1 for ntcancel requests.
+ Fix creation of core files.
+ Fix first mapping of uids/gids in Winbind.
+ Initialize the id_map status in idmap_ldap to avoid surprise.
+ Fix initialization of idmap status.
-------------------------------------------------------------------
Tue Mar 10 15:07:29 CET 2009 - lmuelle@suse.de
- Only call '%find_lang pam_winbind' in the samba spec file, not samba-doc.
-------------------------------------------------------------------
Thu Mar 5 16:07:10 CET 2009 - ro@suse.de
- Ignore return value from subshell to fix build.
-------------------------------------------------------------------
Wed Feb 25 09:24:25 CET 2009 - boyang@suse.de
- Make libsmbclient work with DFS, backported from 3.3; (bnc#475995).
-------------------------------------------------------------------
Tue Feb 24 16:43:02 CET 2009 - lmuelle@suse.de
- Update to 3.3.1.
+ Fix net ads join when "ldap ssl = start tls" (bug #6073).
+ Fix renaming/deleting of files using Windows clients (bug #6082).
+ Fix renaming/deleting a "not matching/resolving" symlink (bug #6090).
+ Fix remotely adding a share via the Windows MMC.
+ BUG 6082: Fix renaming/deleting of files using Windows clients.
+ BUG 6069: Fix build with too many arguments.
+ BUG 6090: Fix renaming/deleting a "not matching/resolving" symlink.
+ BUG 6099: Try to fix domain join of Win7 Beta.
+ BUG 6117: Fix core dump of pdbedit -a.
+ BUG 6133: Fix deletion of non-ACL files on Solaris/ZFS/NFSv4 ACL
filesystem.
+ Fix Coverity IDs 115, 116, 117, 602.
+ Fix warning (bad handler prototype).
+ Unify the detection of the timespec code in configure.in, and the
application of it in time.c.
+ Correctly use chroot().
+ Parameterize in local.h the MAX_RPC_DATA_SIZE, and ensure that "offered"
read from the rpc packet in spoolss is under that size.
+ Backport the semantics of when to delete alternate data streams on a file
truncate.
+ Fix printf warnings.
+ BUG 6073: Prevent ads_connect() from using SSL unless explicitly
requested.
+ Fix 'getent passwd' to allocate new uids.
+ Fix 'getent group' to allocate new gids.
+ Remove check for sharename being a username in 'net conf addshare'.
+ Fix Coverity ID 848.
+ Remove unused ENUM_HND from 'net'.
+ Fix getform command asprintf return code in rpcclient.
+ Fix memleak in get_remote_printer_publishing_data().
+ Remove duplicate prototypes for generated rpc server functions.
+ Enable total anonymization in vfs_smb_traffic_analyzer.
+ Fix build with external dns_sd libraries.
+ Fix configure check "sub-second timestamps without struct timespec".
+ Use correct BSD evironment variable.
+ Don't try and delete a default ACL from a file.
+ BUG 5798: CFLAGS info lost in configure.
+ Fix Coverity IDs 740, 742, 744, 745, 876, 879, 880.
+ Fix remotely adding a share via the Windows MMC.
+ Avoid valgrind errors.
+ Fix 'net rpc join' for users with the SeMachineAccountPrivilege.
+ Fix resume handle for _samr_EnumDomainGroups.
+ Fix a buffer handling bug when adding lots of registry keys.
+ Fix a O(n^2) algorithm in regdb_fetch_keys().
+ Initialize rc to 0 in main in mount.cifs.
+ BUG 6069: Add a fstatvfs function for libsmbclient.
+ Eliminate compiler warnings.
+ Don't miss an absolute pathname as a kerberos keytab path.
+ BUG 6100: Implement _netr_LogonGetCapabilities() with
NT_STATUS_NOT_IMPLEMENTED.
+ Make Samba work with older ctdb versions.
+ Add S-1-22-X-Y sids to the local token.
+ Conditional install of the cifs.upcall man page.
+ Adjust regex to match variable names including underscores.
+ BUG 4370: Clean-up entries in /etc/mtab after unmount.
+ Add fakemount (-f) and nomtab (-n) flags to mount.cifs.
+ Fix a crash during name resolution.
+ Fix "assignment discards qualifiers from pointer target type" warnings.
+ Fix SMB_VFS_RECVFILE/SENDFILE macros.
+ Change "ldap ssl:ads" parameter to "ldap ssl ads".
+ Add manpages for vfs_acl_xattr and vfs_acl_tdb.
+ Fix double free caused by incorrect talloc_steal usage.
+ Build ldbrename.
+ Make nmbd check all available interfaces for WINS before failing.
+ Fix compilation of vfs_default on systems that do not support utimes().
+ BUG 5920: Fix the calculation of the memcpy length.
+ BUG 6098: Fix ads_find_dc() in setups with "security = domain".
+ Make libsmbclient work with DFS.
-------------------------------------------------------------------
Mon Feb 23 17:29:02 CET 2009 - hhetter@suse.de
- Define init_samba_module in all samba-vscan modules; (bnc#469218).
-------------------------------------------------------------------
Sat Feb 21 15:30:41 CET 2009 - lmuelle@suse.de
- Add GPLv3 header to all init scripts; (bnc#459766).
-------------------------------------------------------------------
Tue Feb 10 07:17:07 CET 2009 - boyang@suse.de
- Backport of the clean event context after fork and krb5 refresh chain
fixes; (bnc#415026).
-------------------------------------------------------------------
Mon Feb 9 15:53:40 CET 2009 - jmcdonough@suse.de
- Revert accidental partial strict allocate upstream commit
-------------------------------------------------------------------
Sun Feb 8 12:59:50 CET 2009 - jmcdonough@suse.de
- Update to 3.2.8.
+ Fix and streamline join and DC detection
+ BUG 4308: Excel save operation corrupts file ACLs.
+ BUG 5933: Fix incrementing/decrementing num_validated_vuids.
+ BUG 5953: Fix smbclient crashes.
+ BUG 5953: Make cli_send_smb_direct_writeX use writev.
+ BUG 5965: Fix creation of the first share using SWAT.
+ BUG 5969: Optimize smbclient put command.
+ BUG 5979: Fix level 2 oplocks.
+ BUG 5980: Fix race condition when granting level2 oplocks
+ BUG 5986: Fix renaming of streams.
+ BUG 5990: Strict allocate should be checked before ftruncate.
+ BUG 6000: Avoid bashism in perfcount.init.
+ BUG 6009: Setting "min receivefile size = 1" breaks writes.
+ BUG 6014: mget shouldn't segfault without arguments.
+ BUG 6016: Alternate Data Streams / Extended Attributes seem to conflict.
+ BUG 6017: Fix magic scripts.
+ BUG 6021: smbclient du command does not recuse properly.
+ BUG 6030: Add missing <th> header in Status page.
+ BUG 6035: Fix possible race between fcntl F_SETLKW and alarm delivery.
+ BUG 6040: Calling Samba print server with an aliased DNS-name fails.
+ BUG 6058: Use 'make distclean' instead of 'make clean' in build_docs.
+ Fix "allow trusted domain" so it disables trusted domains.
+ Fix error code when smbclient puts a file over an existing directory.
+ Don't return 0 on error in smbcacls - bad for scripts.
+ Determine case sensitivity based on file system attributes.
+ Add vfs_fileid manpage.
+ Adjust regex to match variable names including underscores.
+ Fix stream marshalling to return the correct streaminfo status.
+ Fix a delete on close divergence from Windows.
+ Allow renames of streams via NTRENAME and fix stream error codes.
+ Fix a segfault if ? is there but the options are NULL.
+ Avoid flooding of syslog with failing pam_putenv messages.
+ Document default of the printing config variable.
+ Change default value for "ldap ssl" to "start tls".
+ Check if Unix account exists before asking for the password in smbpasswd.
+ Add manpage for vfs_shadow_copy2.
+ Clean event context after child is forked.
+ Refresh sequence number as soon as possible.
+ Don't set child->requests to NULL in parent after fork.
+ Clean event context after fork and fix krb5 refresh chain.
+ Fix null pointer refrence in event context.
+ Don't send message to any other child in child process.
+ Fix bug in get_dc_name_via_netlogon(), null pointer refrence.
-------------------------------------------------------------------
Tue Feb 3 22:08:03 CET 2009 - jmcdonough@suse.de
- Backport 3.2.8 fixes.
+ cups leaks and crashes
+ various winbind child handling fixes
+ join fixes
+ ACL fixes for Excel
+ allow usrmgr with non-root
-------------------------------------------------------------------
Mon Feb 2 22:31:32 CET 2009 - lmuelle@suse.de
- Replace cifs.upcall Makefile patches by the upstream version.
-------------------------------------------------------------------
Wed Jan 28 22:17:33 CET 2009 - lmuelle@suse.de
- Only add ccache to BuildRequires if it is used.
-------------------------------------------------------------------
Tue Jan 27 22:41:19 CET 2009 - lmuelle@suse.de
- Update to 3.3.0.
+ The passdb tdbsam version has been raised.
+ Splitting of library directory into library directory and separate modules
directory.
+ The default value of "ldap ssl" has been changed to "start tls".
+ Extended Cluster support.
+ New experimental VFS modules "vfs_acl_xattr" and "vfs_acl_tdb" to store
NTFS ACLs on Samba file servers.
+ Simplified idmap configuration.
+ New idmap backends "adex" and "hash".
+ Added new parameter "winbind reconnect delay".
+ Added support for user and group aliasing.
+ Added support for multiple domains to idmap_ad.
+ The destination "all" of smbcontrol does now affect all running daemons
including nmbd and winbindd.
+ New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands.
+ The 'net' utility can now use kerberos for joining and authentication.
+ The 'wbinfo' utility can now add, modify and remove identity mapping
entries.
+ NetApi library implements various new calls for User- and Group Account
Management.
+ libsmbclient does now determine case sensitivity based on file system
attributes.
-------------------------------------------------------------------
Fri Jan 23 16:32:16 CET 2009 - anschneider@suse.de
- Replace all chkconfig calls with rc_active calls to improve performance
during boot.
-------------------------------------------------------------------
Fri Jan 23 14:01:29 CET 2009 - anschneider@suse.de
- Add SuSEfirewall2 service config file to allow samba browsing on
post-10.2 systems; (bnc#460902).
-------------------------------------------------------------------
Tue Jan 20 20:57:38 CET 2009 - lmuelle@suse.de
- Update to 3.0.34.
+ Fix update of machine account passwords.
+ Fix SMB signing issue on Windows Vista with MS Hotfix KB955302.
+ Fix Winbind crashes.
+ Correctly detect if the current dc is the closest one.
+ Add saf_join_store() function to memorize the dc used at join time. This
avoids problems caused by replication delays shortly after domain joins.
+ Fix write list in setups using "security = share".
-------------------------------------------------------------------
Wed Jan 7 12:34:56 CET 2009 - olh@suse.de
- Obsolete old -XXbit packages; (bnc#437293).
-------------------------------------------------------------------
Mon Jan 5 13:27:03 CET 2009 - lmuelle@suse.de
- Update to 3.2.7.
+ Samba 3.2.0 to 3.2.6 can potentially give root filesystem access
to older versions of smbclient; CVE-2009-0022; (bnc#460764).
-------------------------------------------------------------------
Sat Dec 27 13:27:24 CET 2008 - jmcdonough@suse.de
- Samba 3.2.0 to 3.2.6 can potentially give root filesystem access
to older versions of smbclient; CVE-2009-0022; (bnc#460764).
-------------------------------------------------------------------
Thu Dec 25 07:59:49 CET 2008 - boyang@suse.de
- Fix nmbstatus dipslay when workgroup parameter is given; (bnc#459785).
-------------------------------------------------------------------
Thu Dec 25 07:36:24 CET 2008 - boyang@suse.de
- Fix Mounting failure when there is white spaces in service; (bnc#460793).
-------------------------------------------------------------------
Mon Dec 15 16:56:26 CET 2008 - anschneider@suse.de
- Update to 3.3.0rc2.
+ Splitting of library directory into library directory and separate
modules directory.
+ Extended Cluster support.
+ Simplified idmap configuration.
+ New idmap backends "adex" and "hash".
+ Added new parameter "winbind reconnect delay".
+ Added support for user and group aliasing.
+ Added support for multiple domains to idmap_ad.
+ The destination "all" of smbcontrol does now affect all running
daemons including nmbd and winbindd.
+ New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands.
+ The 'net' utility can now use kerberos for joining and authentication.
+ The 'wbinfo' utility can now add, modify and remove identity mapping entries.
+ NetApi library implements various new calls for User- and Group
Account Management.
-------------------------------------------------------------------
Fri Dec 12 17:49:48 CET 2008 - lmuelle@suse.de
- Fix all remaining conditional macro calls; (bnc#456469).
-------------------------------------------------------------------
Fri Dec 12 15:50:33 CET 2008 - anschneider@suse.de
- Add IPv6 support for mount.cifs.
-------------------------------------------------------------------
Wed Dec 10 23:14:12 CET 2008 - lmuelle@suse.de
- Update to 3.2.6.
+ Fix potential segfault in vfs_tsmsm.
+ Don't list the domain twice when expanding internal aliases.
+ Fix the output of "getent group" when "winbind use default domain = yes"
with "security = ads".
+ Add domain prefix to username in lookup_groupmem().
+ Prevent negative GM/ cache entries due to broken connections.
+ Fix crash in sync_eventlog_params().
+ Fix timeouts when calling 'getgrent'.
+ BUG 1254: Fix "write list" in setups using "security = share".
+ BUG 5080: Fix access to cups-printers with cups 1.3.4.
+ BUG 5737: Fix Winbind crash in an unusual failure mode; (bnc#416598).
+ BUG 5783: Fix FindFirst where search pattern equals the mangled filename.
+ BUG 5790: Fix returning of STATUS_OBJECT_NAME_NOT_FOUND on set file
disposition.
+ BUG 5797: Fix moving of readonly files.
+ BUG 5814: Fix Winbind crash bug while doing "rescan_trusted_domain".
+ BUG 5818: Sort ACEs in smbcacl output properly and honor inheritance.
+ BUG 5825: Fix account locking with LDAP backend.
+ BUG 5826: Fix truncated filenames when accessing old servers.
+ BUG 5889: Fix "delete veto files = no".
+ BUG 5891: Fix smbd crash when viewing the eventlog exported by "eventlog
list".
+ BUG 5900: Fix vfs_readonly.
+ BUG 5903: Fix vfs_streams_xattr breaking contents of files.
+ BUG 5904: Fix libnss_wins causing SIGABRT while servicing getaddrinfo()
request.
+ BUG 5914: Fix build failure: redefinition of struct name_list.
+ BUG 5937: Fix filenames with "*" char hiding other files.
+ BUG 5953: Fix smbclient crashes.
+ Fix rename_open_files.
+ Restructure VFS SMB traffic analyzer VFS module.
+ Correctly fix smbclient to terminate on eof from server.
+ Unify access checks for lsa server functions.
+ Remove the requirement for ldap call made as root.
+ Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles.
+ Fix net rpc vampire, based on an *amazing* piece of debugging work by
"Cooper S. Blake" <the_analogkid@yahoo.com>.
+ Fix Coverity IDs 456, 574, 592, 606 and 607.
+ Fix net rpc vampire.
+ Use the same prerequisite for DDNS update as Windows XP.
+ Make "lwinet ads dns register" honor the "interfaces" parameter.
+ Fix extended DN parse error when AD object does not have a SID.
+ BUG 5888: Fix PNP_GetHwProfInfo().
+ BUG 5957: Do not abort rename process on valid rename script.
+ BUG 5898: Fix 'net rpc shutdown'.
+ Fix duplicate installation of cifs.upcall.
+ Fix _srvsvc_NetShareAdd segfault.
+ Ensure consistency when reporting password complexity.
+ Fix _lsa_GetUserName.
+ Fix access check in _samr_QuerySecurity().
+ _samr_DeleteUser needs to wipe out the user_handle on success.
+ NetGroupEnum_r needs to handle servers with no groups.
+ Search for gpfs functions in both libgpfs_gpl.so an libgpfs.so.
+ BUG 5908: Fix internal change notify on shared directory.
+ BUG 5135 and 5446: Prevent calling POSIX ACL vfs methods on zfs share.
+ BUG 5929: Fix building of vfs_prealloc with option --with-cluster-support
and GPFS.
+ Add new VFS module to analyze SMB traffic
+ BUG 5928: Fix 'testparm --version'.
+ Have uppercase_string return success on NULL pointer in mount.cifs.
+ Make mount.cifs return codes match the return codes for /bin/mount.
+ Use lock/unlock_mtab scheme from util-linux-ng mount prog in mount.cifs.
+ BUG 5778: Check if strlcpy and strlcat are already defined.
+ BUG 5840: Fix segfault in "rpcclient lsaaddacctrights".
+ BUG 5860: Fix nasty error message for overlong strings in safe_strcpy.
+ Fix a potential NULL deref in found by the IBM Checker.
+ Fix an uninitialized variable found by the IBM Checker.
+ Fix an unlikely memleak found by the IBM Checker.
+ Fix some missing error handlings.
+ Add workaround for domain joins using a netbios name which is different
from the hostname.
+ Fix crash bug when freeing a non-malloc'ed buffer if the client sends a
non-encrypted packet with the crypto state set.
+ Fix trans2findfirst for the large directory optimization.
+ Fix checking for presence of cups-devel and correct cups-devel test for
HAVE_IPRINT.
+ BUG 5805: Don't close stdout when calling setup_logging multiple times.
+ Fix setting of trust password using 'net rpc trustdom add'.
+ Fix several issues in vfs_streams_xattr and vfs_stream_depot.
+ Return an error instead of crashing when no realm is given (trigerred by
"net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't exist) and
"disable netbios = yes").
+ Fix the new vfs_smb_traffic_analyzer build for static links.
+ BUG 5901: Fix default for streams_depot location.
+ Fix several build warnings.
+ Delete the krb5 ccname variable from the PAM environment if set.
+ Fix circular dependency error with autoconf 2.6.3.
+ Add @CIFSUPCALL_PROGS@ to "all" target so cifs.upcall gets built at
compile time rather than install time.
+ BUG 5906: Fix Winbind crash when calling 'getent group'.
+ Fix logging to syslog.
+ Allow SYSLOG_FACILITY to be modified with a new configure option called
--with-syslog-facility.
+ BUG 5909: Fix MS-DFS on Vista clients.
+ BUG 5944: Fix starting of nmbd with "socket address" set to "".
+ Fix segfault on startup with trusted domains.
+ Re-add "winbind:ignore domains" parameter.
+ Avoid freeing fsp twice when opening new_file fails (Debian #431696).
-------------------------------------------------------------------
Wed Dec 10 19:24:29 CET 2008 - anschneider@suse.de
- Fix the conditional macro to start smbfs by default; (bnc#456469).
-------------------------------------------------------------------
Wed Dec 3 16:07:17 CET 2008 - anschneider@suse.de
- Readd libsmbclient to baselibs.conf for pre 11.0 distributions.
-------------------------------------------------------------------
Wed Dec 3 12:17:40 CET 2008 - anschneider@suse.de
- Use %__install macro to install files with the right permissions
instead of cp.
-------------------------------------------------------------------
Mon Dec 1 10:37:03 CET 2008 - anschneider@suse.de
- Update to 3.3.0rc1.
+ Splitting of library directory into library directory and separate
modules directory.
+ Extended Cluster support.
+ Simplified idmap configuration.
+ New idmap backends "adex" and "hash".
+ Added new parameter "winbind reconnect delay".
+ Added support for user and group aliasing.
+ The destination "all" of smbcontrol does now affect all running
daemons including nmbd and winbindd.
+ New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands.
+ The 'net' utility can now use kerberos for joining and authentication.
+ The 'wbinfo' utility can now add, modify and remove identity mapping
entries.
+ NetApi library implements various new calls for User- and Group
Account Management.
- Added German translation for pam_winbind.
-------------------------------------------------------------------
Mon Dec 1 09:12:45 CET 2008 - boyang@suse.de
- Remove patch for bnc#336854, which doesn't exist in 3.2.x or higher.
-------------------------------------------------------------------
Mon Dec 1 00:32:20 CET 2008 - lmuelle@suse.de
- Use %{NET_CFGDIR} define instead of a fixed path to the network conf.
-------------------------------------------------------------------
Sat Nov 29 13:51:57 CET 2008 - lmuelle@suse.de
- Update to 3.2.5.
+ Samba 3.0.29 to 3.2.4 can potentially leak arbitrary memory contents to
malicious clients; CVE-2008-4314; (bnc#446971).
-------------------------------------------------------------------
Thu Nov 27 14:15:19 CET 2008 - ro@suse.de
- Update baselibs.conf.
-------------------------------------------------------------------
Thu Nov 27 12:06:30 CET 2008 - anschneider@suse.de
- Fix circular dependency error with autoconf 2.6.3.
-------------------------------------------------------------------
Thu Nov 27 11:48:28 CET 2008 - anschneider@suse.de
- Fix the dhcp hook script and support CODE11; (bnc#442335).
-------------------------------------------------------------------
Thu Nov 27 11:39:36 CET 2008 - anschneider@suse.de
- Fix perl v5.10 warnings in nmbstatus; (bnc#448225).
-------------------------------------------------------------------
Wed Nov 26 11:19:52 CET 2008 - sjayaraman@suse.de
- Include the missing spec file change mentioned the previous commit.
-------------------------------------------------------------------
Tue Nov 25 12:31:24 CET 2008 - sjayaraman@suse.de
- Make cifs-mount depend on keyutils, keyutils-libs packages as they
are required to support dfs and kerberos; (bnc#432494).
-------------------------------------------------------------------
Thu Nov 20 15:45:11 CET 2008 - lmuelle@suse.de
- Fix the offset checks in the trans routines; CVE-2008-4314; (bnc#446971).
-------------------------------------------------------------------
Thu Nov 20 11:54:58 CET 2008 - hhetter@suse.de
- Change the runlevel description for winbindd to use
"Microsoft Windows" instead of "NT"; (bnc#446154).
-------------------------------------------------------------------
Tue Nov 11 05:50:49 CET 2008 - boyang@suse.de
- Directory/Filenames get truncated when 3.2.0 client acesses old server;
(bnc#432471).
-------------------------------------------------------------------
Thu Nov 6 11:23:59 CET 2008 - anschneider@suse.de
- Add SuSEfirewall2 services config file to open Netbios and Samba ports on
post-10.2 systems; (bnc#247344).
-------------------------------------------------------------------
Wed Oct 29 11:19:08 CET 2008 - anschneider@suse.de
- Remove unrecognized configure options.
-------------------------------------------------------------------
Fri Oct 24 13:18:53 CEST 2008 - anschneider@suse.de
- Fix the pam_winbind build.
-------------------------------------------------------------------
Tue Oct 21 16:32:56 CEST 2008 - anschneider@suse.de
- Delete the krb5 ccname variable from the PAM environment if set.
-------------------------------------------------------------------
Thu Oct 16 14:49:16 CEST 2008 - anschneider@suse.de
- Move the nss_info modules to the samba-winbind package.
-------------------------------------------------------------------
Thu Oct 16 13:40:25 CEST 2008 - anschneider@suse.de
- Activate the idmap backends "adex" and "hash".
-------------------------------------------------------------------
Thu Oct 16 11:40:17 CEST 2008 - anschneider@suse.de
- Add version branding for CODE 11.
-------------------------------------------------------------------
Wed Oct 15 17:24:25 CEST 2008 - anschneider@suse.de
- Restart smbfs even with the traditional network setup; (bnc#425058).
-------------------------------------------------------------------
Fri Oct 3 16:48:31 CEST 2008 - lmuelle@suse.de
- Only call the stop_on_removal, restart_on_update, or insserv_cleanup macro
if available.
-------------------------------------------------------------------
Fri Oct 3 15:12:23 CEST 2008 - lmuelle@suse.de
- Only call the fillup_and_insserv or fillup_only macro if available.
-------------------------------------------------------------------
Fri Oct 3 12:42:13 CEST 2008 - lmuelle@suse.de
- Use package names instead of macros for cp, mkdir, mv, rm, and grep or
instead of the full path to the binary for ln, find and xargs.
-------------------------------------------------------------------
Fri Oct 3 01:28:07 CEST 2008 - lmuelle@suse.de
- Introduce NET_CFGDIR to fit the needs for a differing location of the
network configuration per vendor.
-------------------------------------------------------------------
Fri Oct 3 00:59:49 CEST 2008 - lmuelle@suse.de
- Use path macros for cp, mkdir, mv, rm, and grep.
-------------------------------------------------------------------
Thu Oct 2 21:30:06 CEST 2008 - lmuelle@suse.de
- Only use SUSE rpm macros and SuSEconfig.permissions if available.
-------------------------------------------------------------------
Thu Oct 2 18:03:21 CEST 2008 - lmuelle@suse.de
- Update to 3.3.0pre2.
+ BUG 5729: Explicitly allow "-valid".
+ BUG 5737: Fix winbindd crash in an unusual failure mode; (bnc#416598).
+ BUG 5751: Fix showing of ACLs on DFS in (lib)smbclient.
+ BUG 5762: Fix opening of mangled directory name (resulted 'is a stream
name').
+ BUG 5783: Fix FindFirst where search pattern == mangled filename.
+ BUG 5790: Fix returning of STATUS_OBJECT_NAME_NOT_FOUND on set file
disposition.
+ BUG 5797: Fix moving of readonly files.
+ Fix crashes when looking up a non-existant uid.
+ Fix getting/setting of NT ACLs on a file.
+ Fix the wcache_invalidate_samlogon calls.
+ Clarify usage of "force create mode".
+ Get smbd to look (read-only) into the winbindd cache for uid/gid <--> sid
mappings.
+ Write times code update.
+ Add experimental version of VFS module acl_xattr.
+ Fix rename_open_files.
+ Make SMB traffic analyzer VFS module more efficient.
+ Fix segfault when calling nss_get_info() with a NULL ads structure.
+ Add support for name aliasing in Winbind.
+ Add the idmap/nss-info provider from Likewise Open.
+ Allow an admin to define the "uid" attribute for a RFC2307 user object in
AD to be the username alias.
+ Add new idmap backend "adex" to support RFC2307 enabled AD forests.
+ Add new idmap backend "hash".
+ Fix build warnings.
+ Cleanup of DC enumeration in get_dcs().
+ BUG 5710: Fix changing of machine account passwords.
+ BUG 5784: Fix pam_winbind build issue on Solaris.
+ Fix invalid sid copy (hit when enumerating sibling domains) in Winbind.
+ Fix double installation of cifs.upcall.
+ Add change-user-password command to wbinfo.
+ Fix segfault in _srvsvc_NetShareAdd.
+ BUG 5736: Fix Winbind crash bug with trusted domains.
+ Correct the netsamlogon_clear_cached_user function.
+ Add new VFS module to analyze SMB traffic to record write and read
operations on the Samba server.
+ Fix build warnings in cifs.upcall.
+ BUG 5707: Do proper error handling if the socket is closed.
+ BUG 5778: Don't define 'strlcat' and 'strlcpy' if it's already defined.
+ Fix Coverity IDs 587 and 589.
+ Increase the default positive idmap cache time to a week.
+ Fix calculation of useable_space for trans2 and nttrans replies.
+ Add mapping of generic bits when setting an NFSv4 ACL.
+ Some write time fixes.
+ Add new parameter "cups connection timeout".
+ Fix enumeration of nested group memberships in Winbind. This affected
only setups using "security = ads".
+ Fix cut and paste error in quota code.
+ Fix display of POSIX ACLs.
+ Fix permissions of group_mapping.ldb (CVE-2008-3789); (bnc#420634).
+ Avoid a race condition in glibc between AIO and setresuid().
+ Add missing become root for AIO operations.
+ Fix an errno handling bug that could lead to an infinite loop.
+ Fix logic of tsmsm_sendfile().
+ Fix handling of arbitrary new PAC types.
+ Fix segfault on startup with trusted domains.
+ Fix segfault on the CTDB destructor code.
+ Re-add "winbind:ignore domains".
+ BUG 5609: Remove configure option "--with-libdir" and add
"--with-modulesdir".
+ Extend "net rpc vampire keytab" to support differential replication and
storing of kerberos keys.
+ Rework internal logic of registry tdb code.
+ Freeze autogenerated prototype headers (good bye "make proto").
+ Add new "winbind reconnect delay" parameter.
+ Make the change to smbcontrol for "all" to mean broadcast, and "smbd" to
mean the main smb daemon.
+ Allow an admin to define the "uid" attribute for a RFC2307 user object in
AD to be the username alias.
+ Add "net rpc vampire keytab" and "net rpc vampire ldif".
+ Rework of the Winbind idmap backend.
-------------------------------------------------------------------
Wed Oct 1 22:30:49 CEST 2008 - lmuelle@suse.de
- Define PAM_AUTHTOK_RECOVERY_ERR when not available on older Linux products.
-------------------------------------------------------------------
Mon Sep 29 16:09:11 CEST 2008 - lmuelle@suse.de
- Adopt samba-vscan to build after the change to the bool type define.
-------------------------------------------------------------------
Mon Sep 22 15:13:40 CEST 2008 - lmuelle@suse.de
- Build cifs.upcall for CentOS 5, Fedora 8 and RHEL 5 and newer too.
-------------------------------------------------------------------
Sat Sep 20 14:53:45 CEST 2008 - lmuelle@suse.de
- Call mkinitrd_setup during %post and %postun for post-9.2 systems only.
-------------------------------------------------------------------
Thu Sep 18 14:17:24 CEST 2008 - anschneider@suse.de
- Create a link to the html manpages so that they can be accesses in swat;
(bnc#426182).
-------------------------------------------------------------------
Tue Sep 9 17:46:28 CEST 2008 - jmcdonough@suse.de
- "Password last set" timestamp update from admin pw change; (bnc#420407).
-------------------------------------------------------------------
Wed Sep 3 11:09:34 CEST 2008 - hare@suse.de
- Call mkinitrd_setup during %post and %postun for package cifs-mount;
(bnc#413709).
-------------------------------------------------------------------
Wed Aug 27 23:29:09 CEST 2008 - lmuelle@suse.de
- Update to 3.3.0pre1.
+ Splitting of library directory into library directory and separate modules
directory.
+ Extended Cluster support.
+ Simplyfied idmap configuration.
+ Added new parameter "winbind reconnect delay".
+ The destination "all" of smbcontrol does now affect all running daemons
including nmbd and winbindd.
+ New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands.
-------------------------------------------------------------------
Wed Aug 27 18:33:40 CEST 2008 - lmuelle@suse.de
- Update to 3.2.3.
+ Force the permissions on group_mapping.ldb to 0600; CVE-2008-3789;
(bnc#420634).
-------------------------------------------------------------------
Tue Aug 19 14:55:16 CEST 2008 - lmuelle@suse.de
- Update to 3.2.2.
+ BUG 5592: Fix creation and installation of shared libraries.
+ Fix replacement of random seed generator.
+ Fix a race condition in idmap_tdb2_allocate_id().
+ Fix unix_convert() for "*" after changing map_nt_error_from_unix().
+ Make sure to always set errno on error path in OpenDir.
+ BUG 5675: Fix smbspool program assuming Kerberos authentication by
mistake.
+ BUG 5686: Fix segfaults in libsmbclient.
+ BUG 5692: Fix coredump in full_audit.so.
+ BUG 5696: Fix "force group" in setups using Winbind.
+ Rename cifs.spnego to cifs.upcall.
+ Fix segfault in cifs.upcall when it is called without any arguments.
+ Fix coverity ID 594 (resource leak on error path).
+ Fix assigning of primary group memberships when authenticating via
Winbind.
+ BUG #5617: Fix freezing Windows Explorer on WinXP while browsing Samba
shares.
+ Include stdlib.h to get a prototype for free().
+ Solve an IBM XL C/C++ compiler error encountered in get_exit_code()
auth_errors array initialization in client/smbspool.c.
+ Use NGROUPS_MAX instead of 32 for the max group value in
rep_initgroups().
+ Add add c++ guard to netapi.
+ Fix compile warning in cifs.upcall.
+ Add "dns_resolver" key type to cifs.upcall.
+ BUG 5688: Fix orphaned LPQ processes if socket address is invalid.
+ BUG 5684: Fix removal of dead records in tdb files.
+ Fix coverity IDs 595, 596.
+ Fix smb_len calculation for chained requests.
+ Fix output of test status.
+ Fix smbclient connections to older servers.
+ Fix a fd leak when trying to regain contact to a domain controller in
Winbind.
+ Fix permissions on ctdb databases.
+ Fix passing back success when a function had in fact failed in two
places.
- Add --enable-static to the configure options to get the statical libraries
installed by the install Makefile target.
- Add --with-cifsupcall to build the cifs.upcall binary for post 10.2 systems.
-------------------------------------------------------------------
Thu Aug 14 14:53:28 CEST 2008 - lmuelle@suse.de
- Set Required- and Should-Stop in the init info part of all init scripts.
-------------------------------------------------------------------
Thu Aug 14 03:15:25 CEST 2008 - jmcdonough@suse.de
- Fix libsmbclient to older servers; (bnc#402776).
-------------------------------------------------------------------
Tue Aug 5 22:03:11 CEST 2008 - lmuelle@suse.de
- Update to 3.2.1.
+ BUG 5594: Fix "make test" by adding and using a new testparm switch
"--skip-logic-checks".
+ Fix creation of libaddns.a, libsmbclient.a and libsharemodes.a.
+ Update the section about net conf in the net(8) manpage.
+ Improve processing of registry shares.
+ Fix listing of registry shares with testparm.
+ Fix several build issues.
+ BUG 5578: Fix error from strlcat.
+ BUG 5613: Fix flushing of smb.conf when creating a new share using SWAT.
+ Ensure consistent use of pdb_get_nt_passwd instead of
pdb_get_lanman_passwd.
+ Remove worrying warning message when safe_strcpy tries to copy a pseaudo
interface name that's too long.
+ Canonicalize servername in the printer functions to remove leading '\\'
characters.
+ Fix option processing in smbcacls - add POPT_COMMON_CONNECTION.
+ Fix bug creating files using DOS clients with mixed case files.
+ Fix uninitialized variable.
+ BUG 5616: Fix session keys also in rpccli_netr_LogonSamLogonEx wrapper.
+ BUG 5570: Fix bogus error message during AD domain join.
+ Fix trusted domain handling in Winbindd.
+ Fix build warning.
+ BUG 5202: Fix setting of ACEs for users/groups with write access in setups
with 'dos filemode = yes'.
+ Re-activate 'acl group control' parameter and make it only apply to owning
group.
+ Make ntimes function more like POSIX and allow NULL arg.
+ BUG 5512: Fix alignment problems on sparc.
+ BUG 5616: Fix share connections in setups with
"server signing = mandatory" or SMB signing set on the client side.
+ Fix a race condition in Winbind leading to a crash.
+ Fix a segfault in base64_encode_data_blob.
+ Fix some uninitialized variable references via ndr_print.
+ Fix error message if trying to join with a non-privileged user.
+ Fix setups using "include = registry" without [global] settings in the
registry.
+ Fix "net sam rights" on domain member servers.
+ Add documentation for the vfs streams modules.
+ Cleanup some duplicate code by passing the password to the wbinfo_auth*
functions.
+ Allow SID with 0 in subauthority to be converted properly.
+ Set sin[6]_family instead of ss_family in in[6]_addr_to_sockaddr_storage.
+ Fix realpath() check so that it doesn't generate a core() when it fails.
+ Fix overwriting of winbind logfiles.
+ Fix "vfs_full_audit.c: name table not in sync with vfs.h" panic.
+ Add broadcasting of the debug message to all winbindd children.
+ BUG 5635: Fix updating of printer queues.
+ Release still reachable memory if the smbclient context is freed.
+ Remove trailing withespace from wbinfo -m which breaks gdm auth.
+ BUG 5540: Fix "set primary group script" user option substitution.
+ Fix regression in Winbindd offline mode.
+ Allow authentication and memory credential refresh after password
change from gdm/xdm.
+ Allow %u parameters for print job username.
-------------------------------------------------------------------
Tue Jul 29 09:59:36 CEST 2008 - anschneider@suse.de
- Fix a race condition in winbind leading to a crash; (bnc#406623).
-------------------------------------------------------------------
Mon Jul 28 17:00:42 CEST 2008 - anschneider@suse.de
- Use the configure option to enable debugging. This fixes the creation
of the debuginfo and debugsource package.
-------------------------------------------------------------------
Sun Jul 27 08:53:56 CEST 2008 - anschneider@suse.de
- Fix emptying the printing queue; (bnc#411493).
-------------------------------------------------------------------
Fri Jul 25 09:22:13 CEST 2008 - anschneider@suse.de
- Remove trailing withespace from wbinfo -m which breaks gdm auth.
-------------------------------------------------------------------
Thu Jul 24 15:13:15 CEST 2008 - anschneider@suse.de
- Add a recommendation to the samba and samba-winbind package to install
logrotate for openSUSE 11.0 and later.
-------------------------------------------------------------------
Wed Jul 23 16:27:57 CEST 2008 - hare@suse.de
- Include mkinitrd scriptlets.
-------------------------------------------------------------------
Mon Jul 21 08:37:01 CEST 2008 - boyang@suse.de
- Allow %u parameters for print job username - use advanced sub; (bnc#374389).
-------------------------------------------------------------------
Thu Jul 17 18:10:03 CEST 2008 - lmuelle@suse.de
- Update to 3.0.31.
+ BUG 5504: Fix SIGTERM handling in Winbind children so that they do not
remove the unix domain socket used to field client requests.
+ Split the winbindd_passdb backend into a 'builtin' and a 'sam' backend.
+ When allocating client buffers for large read/write - make sure we take
account of the large read/write SMB headers as well as the buffer space.
+ Memory leak fixes in DC location code.
+ BUG 5533: Winbindd fails to cope correctly with a workgroup name
containing a '.'
+ BUG 5555: Don't return NT_STATUS_PASSWORD_MUST_CHANGE error on machine
account logon.
+ BUG 5551: smbd recursing back into winbindd from a winbindd call.
+ Fix usage message for "net rpc trustdom add".
+ Ensure consistent use of pdb_get_nt_passwd instead of pdb_get_lanman_passwd.
+ BUG 5578: Bad (non-Samba) use of strlcat gives error.
+ Canonicalize servername in the printer functions to remove leading '\\'
characters.
+ Documentation build fixes.
+ [DOCS] Fix use of smbconfoption in samba.entities.
+ Return NULL in sitename_fetch() if gencache_init() fails.
+ Use machine account and machine password from our domain when contacting
trusted domains.
+ SPNEGO SPN fix when contacting trusted domains.
+ BUG 5285: Fix libcap header mismatch.
+ Fix joining NT4 domains.
+ Don't let winbind getgroups crash when we have no gids in the token.
+ Fallback to level 24 pwd set while joining.
+ Fix joining w2k domains in "security = ads".
+ Fix pam_sm_chauthtok for storing modified cached creds.
+ BUG 5202: Re-activate "acl group control" parameter and make it only apply
to owning group.
+ BUG 5531: Fix conversion of ns units when converting from nttime to
timespec.
+ BUG 4974: Map NT_STATUS_OBJECT_PATH_NOT_FOUND to ENOENT in libsmbclient.
+ Fix a segfault in base64_encode_data_blob.
+ AIX build fixes.
+ ENODATA is not defined in freeBSD 4.6.2.
+ Don't reset password last set time just because the expired flag is set to
0.
+ Fix usage message for 'net idmap dump'.
+ Miscellaneous man page fixes.
+ BUG 4203: Samba3-HOWTO: Add improvements/fixes submitted by Pete Boyd.
+ Fixes to man pages.
+ Add tdb file documentation.
+ Ensure that winbindd trusted domain children keep primary domain online
status up to date.
+ Update cached creds during password change.
+ Ensure that Winbind always uses set_domain_offline() to mark a domain
offline.
+ Allow authentication and memory credential refresh after password change
from gdm/xdm.
+ Memory leak fixes.
-------------------------------------------------------------------
Tue Jul 8 08:14:38 CEST 2008 - boyang@suse.de
- Allow authentication and memory credential refresh after password change
from gdm/xdm; [bnc#395578].
-------------------------------------------------------------------
Fri Jul 4 16:22:17 CEST 2008 - lmuelle@suse.de
- Add SMB_VFS_OP_RECVFILE to vfs_op_names to get it in sync with vfs.h.
-------------------------------------------------------------------
Wed Jul 2 21:31:38 CEST 2008 - lmuelle@suse.de
- Call the libsmbclient testsuite from the %check instead of the %build
script.
-------------------------------------------------------------------
Wed Jul 2 10:44:21 CEST 2008 - boyang@suse.de
- Use machine account and machine password from our domain when
contacting trusted domains; [bnc#404667].
-------------------------------------------------------------------
Tue Jul 1 22:02:31 CEST 2008 - anschneider@suse.de
- Add a %check section move the test of the PAM modules to this section
and add more tests.
-------------------------------------------------------------------
Tue Jul 1 14:51:04 CEST 2008 - anschneider@suse.de
- Add a recommendation to the samba and samba-winbind package to install
cron for openSUSE 11.0 and later.
-------------------------------------------------------------------
Tue Jul 1 14:06:17 CEST 2008 - anschneider@suse.de
- Use a variable for syslog and add missing $remote_fs dependency for
Require-Start in the init information of the init scripts.
-------------------------------------------------------------------
Tue Jul 1 11:34:57 CEST 2008 - lmuelle@suse.de
- Update to 3.2.0.
+ Support for establishing interdomain trust relationships with Windows
2008.
+ All changes from the pre and rc releases as noted in here earlier.
-------------------------------------------------------------------
Tue Jul 1 11:28:40 CEST 2008 - lmuelle@suse.de
- Move header files from the devel sub package to lib*-devel.
-------------------------------------------------------------------
Mon Jun 30 16:53:35 CEST 2008 - schwab@suse.de
- Work around bad use of autoconf interna.
-------------------------------------------------------------------
Mon Jun 30 14:41:41 CEST 2008 - anschneider@suse.de
- Build Samba with debug symbols to get working debuginfo packages.
-------------------------------------------------------------------
Thu Jun 26 21:08:35 CEST 2008 - lmuelle@suse.de
- Add /etc/openldap to the file list and not only the schema directory.
-------------------------------------------------------------------
Wed Jun 25 10:34:09 CEST 2008 - anschneider@suse.de
- Improve samba-winbindd and dhcpcd-hook-samba interface scripts for faster
booting; [fate#304967], [fate#304965].
-------------------------------------------------------------------
Wed Jun 18 15:21:38 CEST 2008 - anschneider@suse.de
- Move sysconfig variable DHCLIENT_MODIFY_SMB_CONF from Other to
'Network/DHCP/DHCP client'; [bnc#400467].
-------------------------------------------------------------------
Wed Jun 11 11:39:46 CEST 2008 - boyang@suse.de
- pam_winbind: Update cached creds during password change; [bnc#395578].
-------------------------------------------------------------------
Tue Jun 10 12:14:47 CEST 2008 - lmuelle@suse.de
- Update to 3.2.0rc2.
+ BUG 5504: Fix behaviour of winbindd children receiving a SIGTERM.
+ BUG 5489: Split the winbindd_passdb backend into a 'builtin' and a 'sam'.
+ Make sure we take account of the large read/write SMB headers as well as
the buffer space when allocating cli buffers for large read/write.
+ Fix tag as a goto target we were not reinitializing the array counts.
+ BUG 5451: Fix for using the correct machine domain when looking up trust
credentials in our tdb.
+ Fix spnego SPN when contacting trusted domains.
+ BUG 5285: Fix libcap header mismatch.
+ Fix pam_sm_chauthtok for storing modified cached creds.
+ Fix joining issue in setups with "config backend = registry".
+ BUG 4544: Add new parameter 'ldap connection timeout' to prevent waiting
for TCP connection timeouts if no LDAP server is available.
+ BUG 5502: Fix security=server.
+ Fix coverity IDs 552, 553, 570, 571, 572.
+ Shrink ldbtools.
+ Fix reset of password last set time just because the expired flag is set
to 0.
+ Remove support for symbol versioning in shared libraries.
+ Fix autogen for autoconf 2.62.
+ BUG 5515: Fix empty input fields in SWAT.
+ BUG 5516: Fix saving of the config file in SWAT.
+ Fix winbindd trusted domain child not keeping primary domain online status
up to date.
-------------------------------------------------------------------
Tue Jun 10 10:21:57 CEST 2008 - boyang@suse.de
- pam_winbind: fix pam_sm_chauthtok for storing modified cached creds;
[bnc#395578].
-------------------------------------------------------------------
Mon Jun 9 21:08:17 CEST 2008 - jmcdonough@suse.de
- Don't reset "password last set time" when unlocking an autolocked
account; [bnc#382111].
-------------------------------------------------------------------
Fri Jun 6 22:40:38 CEST 2008 - jmcdonough@suse.de
- Fix winbind sigterm handling and make init script send sighup to
all child winbind processes; [bnc#382027].
-------------------------------------------------------------------
Thu Jun 5 12:01:51 CEST 2008 - boyang@suse.de
- Fix bug with winbindd trusted domain child not keeping primary domain
online status up to date, merge to trunk from reversion 1801; [bnc#373560].
-------------------------------------------------------------------
Fri May 30 22:38:05 CEST 2008 - jmcdonough@suse.de
- Make winbind children reopen logs on SIGHUP; [bnc#382027].
-------------------------------------------------------------------
Fri May 30 19:18:17 CEST 2008 - lmuelle@suse.de
- Set only CONFIGDIR and LIBDIR while make everything and install. No longer
set CONFIGFILE, DRIVERFILE, LMHOSTSFILE, and SMB_PASSWD_FILE; [bnc#395877].
-------------------------------------------------------------------
Wed May 28 17:49:51 CEST 2008 - lmuelle@suse.de
- Update to 3.0.30.
+ Fix for CVE-2008-1105.
+ Remove man pages for ldb tools not included in Samba 3.0.
-------------------------------------------------------------------
Wed May 28 16:15:43 CEST 2008 - lmuelle@suse.de
- Fix vulnerability that allows for the execution of arbitrary code in smbd;
CVE-2008-1105; SA30228; [#391168].
-------------------------------------------------------------------
Tue May 27 11:07:45 CEST 2008 - coolo@suse.de
- Follow the rename of libtdb0 in baselibs.conf.
-------------------------------------------------------------------
Fri May 23 17:34:31 CEST 2008 - lmuelle@suse.de
- Rename sub package libtdb0 to libtdb1.
-------------------------------------------------------------------
Fri May 23 16:58:44 CEST 2008 - lmuelle@suse.de
- Update to 3.2.0rc1.
+ Move the posix pending close functionality down into the VFS layer.
+ Fix activation of registry globals in loadparm.
+ BUG 5452: Fix smbclient put.
+ BUG 5434: Ensure the loaded password doesn't contain the '\n' at the end.
+ BUG 5456: Fix missing echo if we ^C at the prompt.
+ BUG 5464: Fix timeout in winbindd.
+ Fix returning a directory value for a QPATHINFO on a msdfs link with a
non-dfs path.
+ Use more error-prone form of testing dm_destroy_session() return code.
+ BUG 5453: Fix winbindd and smbd crash when dsgetdcname is used.
+ BUG 5465: Fix joining with createcomputer=ou1/ou2/ou3.
+ BUG 5461: Fix issue with Citrix on Samba DCs with more than 900 groups.
+ Fix wins null pointer crash in nss_wins module.
+ Fix lm session key length in _netr_LogonSamLogon.
+ Add -f switch for DsGetDCName() example and be more verbose on output.
+ BUG 5429: Clarify log msgs re: failure to create
BUILTIN\{Administrators,Users}
+ Fix the DNS Update option of "net ads join".
+ BUG 5184: Add Missing HAVE_UPDWTMPX check before using updwtmpx().
+ Recognize and allow longer UA keys in winbindd_cache.
+ BUG 5436: Fix signing problem in the client with transs requests.
+ Fix a valgrind bug in the new [ug]id2sid cache.
+ Fix Coverity IDs 565 and 222.
+ Fix dfs_Enum: In form_junctions, correctly check for malloc failure.
+ Add support for symbol versioning in shared libraries (can be disabled with
--disable-sysmbol-versioning).
+ Add new function wbcLibraryDetails() to libwbclient.
+ Cleanup size_t return values in convert_string_allocate.
+ Fix Kerberos support for CUPS 1.3 in smbspool.
+ Fix printing with Vista.
+ Fix deletion of files when they're in use by other drivers.
-------------------------------------------------------------------
Fri May 23 11:34:27 CEST 2008 - lmuelle@suse.de
- Update to 3.0.29.
+ Fix a crash in tdb_wrap_log().
+ BUG 5267: Fix for nmbd termination problems when no interfaces found.
+ BUG 5326: OS/2 servers give strange "high word" replies for print jobs.
+ Remove MS-DFS check that required the target host be ourself.
+ BUG 5372: Fix high CPU usage of cupsd on large print servers by using more
efficient CUPS queries in smbd.
+ BUG 5095: Fix the enforcement of the "Manage Documents" access right.
+ BUG 5460: Fix MS-DFS referral problem in server code.
+ Fix bug in Winbind that caused the parent to ignore dead children.
+ BUG 4235: Improve compliance to the Squid helper protocol. Original patch
from Pawel Worach <pawel.worach@gmail.com>.
+ Prevent cycle in Wibind's list of children when reaping dead processes.
+ BUG 5419: Fix memory leak in ads_do_search_all_args() (merge from v3-2).
+ Fix winbind NETLOGON credential chain on a samba dc for w2k8 trusts.
+ Fix client connections and negotiation with Windows 2008 DCs in member
server code.
+ Add NT_STATUS_DOWNGRADE_DETECTED error code (merge from v3-2).
+ BUG 5430: Fix pam_winbind.so on Solaris (requires -lsocket).
+ Re-add samr getdispinfoindex parsing which got lost in the glue commit.
+ BUG 5461: Implement a very basic _samr_GetDisplayEnumerationIndex().
Corrects interop problem between Citrix PM and a Samba DC.
+ BUG 3840: Fix smbclient connecting to NetApp filers when using whitespace
in the user's password.
+ BUG 4901: Fix behavior of "ldap passwd sync = only".
+ BUG 5317: Fix debug output from domain_client_validate().
+ BUG 5338: Fix format string bug in rpcclient.
+ Ensure that "wbinfo -a trusted\\user%password" works correctly on a Samba
DC with trusts.
+ BUG 5336: Fix SetUsetrInfo(level 25) to update the pwdLastSet attribute.
+ BUG 5350: Fallback to anonymous sessions if not trust password could be
obtained on Samba DCs and member servers.
+ Fix signing problem in the client with trans requests.
+ Enable winbind child processes to do something with signals, in particular
closing and reopening logs on SIGHUP.
+ Add implementation of machine-authenticated connection to netlogon pipe
used when connecting to win2k and newer domain controllers.
+ Fix trusted users on a DC that uses the old idmap syntax.
+ Only have Winbind cache domain password policies that were successfully
retrieved.
+ Fix alignment bug when marshalling printer data replies.
+ Fix DeleteDriverDriverEx() checks to prevent removing in use files.
-------------------------------------------------------------------
Sat May 17 23:58:01 CEST 2008 - lmuelle@suse.de
- Expand baselibs.conf to match pre SUSE 11.0 products.
-------------------------------------------------------------------
Fri May 16 16:10:14 CEST 2008 - lmuelle@suse.de
- Remove obsoletes and provides <package>3 for all packages and systems.
-------------------------------------------------------------------
Fri May 16 14:55:02 CEST 2008 - lmuelle@suse.de
- Cleanup the use of the suse_version macro to achieve consistent defaults.
-------------------------------------------------------------------
Fri May 16 13:28:53 CEST 2008 - lmuelle@suse.de
- Set CODEPAGEDIR while make to fit the install location.
-------------------------------------------------------------------
Fri May 16 13:20:11 CEST 2008 - hhetter@suse.de
- Prevent errors during the cache validation when ua keys reach a size larger
than 1024; [bnc#372558].
-------------------------------------------------------------------
Thu May 15 00:16:13 CEST 2008 - lmuelle@suse.de
- Package man page files independent of the used compression method (gz,lzma).
-------------------------------------------------------------------
Wed May 14 18:08:26 CEST 2008 - lmuelle@suse.de
- Rewrite spec file to build packages for Fedora, Redhat, CentOS, and Mandriva
in the OBS too.
-------------------------------------------------------------------
Wed May 14 17:27:52 CEST 2008 - anschneider@suse.de
- Add a script to restart smbfs if NetworkMangaer gets an IP address;
[bnc#373075].
-------------------------------------------------------------------
Tue May 13 17:30:00 CEST 2008 - lmuelle@suse.de
- Remove all references to the obsoleted samba-pdb package.
-------------------------------------------------------------------
Fri May 9 18:19:17 CEST 2008 - lmuelle@suse.de
- Compose the BuildRequires in a more flexible way to fit the openSUSE build
service (OBS) requirements to support different operating system targets.
-------------------------------------------------------------------
Mon Apr 28 16:55:00 CEST 2008 - lmuelle@suse.de
- Use _libdir macro instead of a local define of LIBDIR.
-------------------------------------------------------------------
Mon Apr 28 15:10:24 CEST 2008 - lmuelle@suse.de
- Remove PreReq /sbin/ldconfig from the libtdb-devel package.
-------------------------------------------------------------------
Sat Apr 26 18:03:06 CEST 2008 - lmuelle@suse.de
- Install the shared libraries with the same name as used as soname.
-------------------------------------------------------------------
Fri Apr 25 21:46:25 CEST 2008 - lmuelle@suse.de
- Update to 3.2.0pre3.
+ Use of IDL generated parsing layer for several DCE/RPC interfaces.
+ Removal of the 1024 byte limit on pathnames and 256 byte limit on filename
components to honor the MAX_PATH setting from the host OS.
+ Introduction of a registry based configuration system.
+ Improved CIFS Unix Extensions support.
+ Experimental support for file serving clusters.
+ Support for IPv6 in the server, and client tools and libraries.
+ Support for storing alternate data streams in xattrs.
+ Encrypted SMB transport in client tools and libraries, and server.
+ Support for Vista clients authenticating via Kerberos.
+ Full support for Windows 2003 cross-forest, transitive trusts and one-way
domain trusts.
+ Support for userPrincipalName logons via pam_winbind and NSS lookups.
+ Expansion of nested domain groups via NSS calls.
+ Support for Active Directory LDAP Signing policy.
+ New LGPL Winbind client library (libwbclient.so).
+ New NetApi library for domain join related queries (libnetapi.so) and
example GTK+ Domain join gui.
+ New client and server support for remotely joining and unjoining Domains.
+ Support for joining into Windows 2008 domains.
+ New ldb backend for local group mapping tables
+ Raised level of security defaults for authentication operations.
+ Inclusion of an HTML version of the 3rd edition of "Using Samba" from
O'Reilly Publishing.
-------------------------------------------------------------------
Fri Apr 25 16:28:44 CEST 2008 - lmuelle@suse.de
- Add libtalloc1, libtdb0, and libwbclient0 to baselibs.conf.
-------------------------------------------------------------------
Fri Apr 25 14:35:11 CEST 2008 - lmuelle@suse.de
- Remove obsoletes and provides samba3 for post 10.3 systems.
-------------------------------------------------------------------
Fri Apr 25 14:09:56 CEST 2008 - lmuelle@suse.de
- Let libsmbsharemodes-devel require libsmbsharemodes0 for post 10.3 systems.
-------------------------------------------------------------------
Wed Apr 23 13:30:26 CEST 2008 - lmuelle@suse.de
- Rename the libsmbsharemodes package to libsmbsharemodes0 to follow the
shared library packaging policy for post 10.3 systems.
-------------------------------------------------------------------
Tue Apr 22 15:47:56 CEST 2008 - jmcdonough@suse.de
- Update kdc dns-only lookup patch to IPv6.
-------------------------------------------------------------------
Thu Apr 17 12:18:03 CEST 2008 - lmuelle@suse.de
- Move mount.cifs and umount.cifs from /sbin/ to /usr/sbin/ and create sym
links in /sbin/; [bnc#380693].
-------------------------------------------------------------------
Thu Apr 17 11:30:17 CEST 2008 - anschneider@suse.de
- Enable the build of vfs_cacheprime and vfs_readahead modules.
-------------------------------------------------------------------
Mon Apr 14 23:14:07 CEST 2008 - lmuelle@suse.de
- Update to 3.2.0pre2.
+ Add library for access to the registry configuration data.
+ BUG 5023: Separate NFS4 and POSIX ACL code in file access checks.
+ BUG 4308: Fix Excel save operation ACL bug.
+ BUG 4801: Correctly implement LSA lookup levels for LookupNames.
+ Add new option "debug class" to control printing of the debug class.
+ Enable building of the zfsacl and notify_fam vfs modules.
+ BUG 5083: Fix memleak in solarisacl module.
+ BUG 5063: Fix build on RHEL5.
+ New smb.conf parameter "config backend = registry" to enable registry only
configuration.
+ Added support for IPv6 client and server connections.
+ Remove unused utilities: smbctool and rpctorture.
+ Fix service principal detection to match Windows Vista
(based on work from Andreas Schneider).
+ Encrypted SMB transport in client tools and libraries, and server.
+ Added support for an SMB_CONF_PATH environment variable containing the
path to smb.conf.
+ Various fixes to ntlm_auth.
+ Correctly handle mixed-case hostnames in NTLMv2 authentication.
+ Add Winbind client library.
+ Enhance client and server remote registry access.
+ Add client calls for remotely joining a computer to a domain (including
calls from "net dom" command).
+ Add libnetapi.so library for joining domains including sample GTK+ app.
+ Fixes for Vista SP1 Kerberos authdata handling to only pickup the PAC.
+ Various fixes for DsGetDcName and conversion to IDL based structures.
+ Add ads_get_joinable_ous() to libads to get list of joinable ous.
+ Add get_logon_hours_from_pdb() to comply with new IDL based structures.
+ Migration of the entire client and server DCE/RPC code to IDL based
structures and autogenerated code for DSSETUP, LSA, SAMR and NETLOGON.
+ Started migration of client and server DCE/RPC code to IDL based
structures and autogenerated code for NTSSVC, SVCCTL and EVENTLOG.
+ Use IDL and autogenerated code for samlogoncache and Kerberos PAC
handling.
+ Add remote join/unjoin server-side implementation.
+ Import the Linux red-black tree implementation.
+ Support for storing xattrs in tdb files.
+ Support for storing alternate data streams in xattrs.
+ Implement a generic in-memory cache based on rb-trees.
+ Speed up the smbclient "get" command.
+ Add the aio_fork module.
+ Modified libsmbclient API for more easily maintaining ABI compatibility
while adding new features to libsmbclient.
+ Refactor Winbind internal parent-child interface tables to achieve better
unit testing support.
+ Networking fixes to the libreplace library.
+ Add support for DNS Service Discovery. Based on work from Rishi
Srivatsavai <rishisv@gmail.com>.
+ Don't restart winbind if a corrupted tdb is found during initialization.
+ Add share parameter "administrative share".
+ Improve error messages of net subcommands.
+ Add 'net rap file user'.
+ Change LDAP search filter to find machine accounts which are not located
in the user suffix.
+ Remove smbmount.
+ BUG 5073: Allow "delete readonly = yes" to correctly override deletion of
a file.
+ Register the smb service with mDNS if mDNS is supported.
+ Add smbclient support for basic mDNS browsing.
+ Fix padding between Winbind 32bit/64bit client library in the request/
response structures.
+ Added a syncops VFS module for file systems which do not guarantee
meta-data operations are immediately committed to disk in stable form.
+ Additional portability support for building shared libraries.
+ Get Samba version or capability information from Windows user space.
- Add new sub packages libnetapi0, libnetapi-devel, libtalloc1,
libtalloc-devel, libtdb0, libtdb-devel, libwbclient0, libwbclient-devel.
-------------------------------------------------------------------
Mon Apr 14 15:29:54 CEST 2008 - anschneider@suse.de
- Fix build with glibc 2.8.
-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
- Added baselibs.conf file to build xxbit packages for multilib support for
post 10.3 systems.
-------------------------------------------------------------------
Thu Apr 10 09:40:52 CEST 2008 - boyang@suse.de
- Only cache password policy results that worked, otherwise we cannot login
until the cache expires even if a connection to a DC has been restored;
[bnc#373552].
-------------------------------------------------------------------
Tue Apr 1 16:21:16 CEST 2008 - mkoenig@suse.de
- Remove dir /usr/share/omc/svcinfo.d as it is provided now by filesystem.
-------------------------------------------------------------------
Tue Mar 11 14:45:11 CET 2008 - lmuelle@suse.de
- Prevent tdb lock call getting interrupted by sig alarm; [bnc#364200].
-------------------------------------------------------------------
Mon Mar 10 10:49:16 CET 2008 - lmuelle@suse.de
- Update to 3.0.28a.
+ Failure to join Windows 2008 domains.
+ Windows Vista (including SP1 RC) interop issues.
-------------------------------------------------------------------
Tue Mar 4 13:46:45 CET 2008 - lmuelle@suse.de
- Rename the libsmbclient package to libsmbclient0 to follow the shared
library packaging policy and remove provides libsmbclient3 for post 10.3
systems.
-------------------------------------------------------------------
Fri Feb 22 17:14:27 CET 2008 - anschneider@suse.de
- Add variable to define if a share should be an administrative share;
[bnc#358841].
-------------------------------------------------------------------
Mon Feb 18 11:56:47 MST 2008 - jjaimon@novell.com
- Fix patch errors with dcerpc and idmap_global; [bnc#280452].
-------------------------------------------------------------------
Thu Feb 7 16:05:10 CET 2008 - jmcd@suse.de
- Fix safe_strcpy error caused by duplicate domain name fix;
[bnc#356025].
-------------------------------------------------------------------
Thu Feb 7 10:57:27 CET 2008 - anschneider@suse.de
- Fix two memleaks if num_validated_vuids exceeds its maximum;
[bnc#349581].
-------------------------------------------------------------------
Fri Jan 25 21:42:11 CET 2008 - jmcdonough@suse.de
- Fix ACL inheritance; [bnc#351570].
-------------------------------------------------------------------
Wed Jan 23 15:53:03 CET 2008 - anschneider@suse.de
- Fix a gcc 4.3 buffer overflow warning.
-------------------------------------------------------------------
Wed Jan 9 04:30:56 CET 2008 - boyang@novell.com
- Remove duplicate domain name prepend when user SID is in winbindd cache;
[#336854].
-------------------------------------------------------------------
Tue Jan 8 10:26:31 CET 2008 - anschneider@suse.de
- Prevent winbindd from segfaulting due to corrupted cache tdb on flushing
caches; [#340332].
-------------------------------------------------------------------
Thu Dec 20 16:32:32 CET 2007 - anschneider@suse.de
- Fix kerberos authentication with Vista; [#350032].
-------------------------------------------------------------------
Wed Dec 12 13:59:11 CET 2007 - jmcdonough@suse.de
- Update to 3.0.28.
+ Fix send_mailslot overflow: CVE-2007-6015; [#343702].
-------------------------------------------------------------------
Wed Nov 28 22:00:57 CET 2007 - jmcdonough@suse.de
- Additional cases and problems caused by fix for CVE-2007-4572;
[#337823].
-------------------------------------------------------------------
Mon Nov 26 16:56:13 CET 2007 - jmcdonough@suse.de
- Fix send_mailslot overflow: CVE-2007-6015; [#343702].
-------------------------------------------------------------------
Fri Nov 23 10:42:22 CET 2007 - hhetter@suse.de
- Added default printing system information to README.vendor;
[#113759].
-------------------------------------------------------------------
Fri Nov 16 19:33:23 CET 2007 - lmuelle@suse.de
- Add missing define of AI_ADDRCONFIG for systems with older glibc versions.
-------------------------------------------------------------------
Thu Nov 15 19:49:53 CET 2007 - lmuelle@suse.de
- Update to 3.0.27.
+ Stack buffer overflow in nmbd's logon request processing; CVE-2007-4572;
[#326261].
+ Remote code execution in Samba's WINS server daemon (nmbd) whe
processing name registration followed name query requests; CVE-2007-5398;
[#337823].
-------------------------------------------------------------------
Thu Nov 15 14:36:34 CET 2007 - anschneider@suse.de
- Change the spec file to get debug packages again.
-------------------------------------------------------------------
Wed Nov 14 15:24:48 CET 2007 - jmcdonough@suse.de
- Additional case for overflow: CVE-2007-4572; [#326261].
-------------------------------------------------------------------
Thu Nov 8 18:07:07 CET 2007 - jmcdonough@suse.de
- Fix process_logon_packet overflow; CVE-2007-4572; [#326261].
-------------------------------------------------------------------
Wed Nov 7 16:53:08 CET 2007 - jmcdonough@suse.de
- Fix reply_netbios_packet vulnerability; CVE-2007-5398; [#337823].
-------------------------------------------------------------------
Tue Oct 30 14:34:56 CET 2007 - jmcdonough@suse.de
- Fix missing getpwent mutex unlock; [#329796], [#331754], [#336854].
-------------------------------------------------------------------
Tue Oct 30 01:10:15 CET 2007 - jmcdonough@suse.de
- Fix the alignment of 32 and 64-bit winbind requests; [#331754].
-------------------------------------------------------------------
Fri Oct 12 11:23:47 CEST 2007 - lmuelle@suse.de
- Add dmapi-devel and xfsprogs-devel to the BuildRequires for post 10.0
systems; [#289599], fate [#302668].
-------------------------------------------------------------------
Tue Oct 9 14:41:10 CEST 2007 - anschneider@suse.de
- Fix possible segfault in winbind which could be caused by uninitialized
variables; [#253862c223].
-------------------------------------------------------------------
Fri Oct 5 17:36:28 CEST 2007 - jmcdonough@suse.de
- Use FQDN in KDC DNS lookup; [#295284].
-------------------------------------------------------------------
Thu Oct 4 00:59:14 CEST 2007 - lmuelle@suse.de
- Update to 3.2.0pre1.
+ Use of IDL generated parsing layer for several DCE/RPC interfaces.
+ Removal of the 1024 byte limit on pathnames and 256 byte limit on filename
components to honor the MAX_PATH setting from the host OS.
+ Introduction of a registry based configuration system.
+ Improved CIFS Unix Extensions support.
+ Experimental support for file serving clusters.
+ Full support for Windows 2003 cross-forest, transitive trusts and one-way
domain trusts
+ Support for userPrincipalName logons via pam_winbind and NSS lookups.
+ Support in pam_winbind for logging on using the userPrincipalName.
+ Expansion of nested domain groups via NSS calls.
+ Support for Active Directory LDAP Signing policy.
+ New ldb backend for local group mapping tables
+ Raised level of security defaults for authentication operations.
+ Inclusion of an HTLM version of the 3rd edition of "Using Samba" from
O'Reilly Publishing.
- Update samba-vscan to 0.3.6c-beta5.
- Disable dcerpc-funnel and idmap_ad-Global_Catalog as both currently don't
apply to Samba 3.2.
-------------------------------------------------------------------
Wed Oct 3 23:42:42 CEST 2007 - jmcdonough@suse.de
- Make nss_winbind thread-safe; [#293907, #329796].
-------------------------------------------------------------------
Wed Oct 3 17:09:11 CEST 2007 - jmcdonough@suse.de
- Perform KDC lookup using DNS only; [#295284].
-------------------------------------------------------------------
Thu Sep 27 00:35:42 CEST 2007 - anschneider@suse.de
- Handle smb child crash; [#294895].
-------------------------------------------------------------------
Wed Sep 26 01:59:41 CEST 2007 - lmuelle@suse.de
- Add a global lock inside nss_winbind as workaround; [#293907].
-------------------------------------------------------------------
Thu Sep 20 22:46:09 CEST 2007 - lmuelle@suse.de
- Merge ranged retrieval optimization to winbindd.
-------------------------------------------------------------------
Wed Sep 19 20:55:15 CEST 2007 - lmuelle@suse.de
- Update to 3.0.26a.
+ Memory leaks in Winbind's IDMap manager.
- Update to 3.0.26.
+ Incorrect primary group assignment for domain users using the rfc2307 or
sfu winbind nss info plugin; CVE-2007-4138; [#307623].
-------------------------------------------------------------------
Fri Sep 7 15:32:13 CEST 2007 - lmuelle@suse.de
- Fix two memleaks in idmap_cache.c; bso [#4917].
- Correct failure of libsmbclient against a version of Windows.
- Make read_sock return the total number of bytes read instead.
- Fix error in enum_dom_groups.
- Fix logic error in timeout of blocking lock processing.
- Add parameter "directory name cache size".
- Fix use of pwrite in tdb code.
-------------------------------------------------------------------
Thu Aug 30 15:08:06 CEST 2007 - lmuelle@suse.de
- Also ensure to initialize ip_srv_site and count_site even if we are not on
site; [#230963#c124].
- Use an off site DC if we're not online and talking to the KDC of our domain;
[#230963#c106].
-------------------------------------------------------------------
Wed Aug 22 17:40:45 CEST 2007 - anschneider@suse.de
- Fix a bug where samba writes the wrong default value of max_passwd_expire to
an LDAP server; [#298469].
-------------------------------------------------------------------
Tue Aug 21 16:50:03 CEST 2007 - lmuelle@suse.de
- Fix if statements where we still expected cli_connect() to return BOOL.
-------------------------------------------------------------------
Tue Aug 21 12:36:12 CEST 2007 - lmuelle@suse.de
- Update to 3.0.25c.
+ File sharing with Widows 9x clients.
+ Winbind running out of file descriptors due to stalled child processes.
+ MS-DFS inter-operability issues.
-------------------------------------------------------------------
Tue Jul 24 10:47:35 CEST 2007 - anschneider@suse.de
- Update the cache tdb validation patch which improves the backup handling
trying to end up with a useable cache tdb. This applies mostly to the
situation that disk space is short; [#256166c82].
-------------------------------------------------------------------
Thu Jul 19 10:15:23 CEST 2007 - anschneider@suse.de
- Update the cache tdb validation patch to support backup and corrupted
file handling; [#256166c77].
-------------------------------------------------------------------
Wed Jul 11 09:48:36 CEST 2007 - anschneider@suse.de
- Fix a bug that causes smbd to 'hang' intermittently; [#289599].
-------------------------------------------------------------------
Tue Jul 10 19:03:25 CEST 2007 - lmuelle@suse.de
- Fix event based krb5 ticket refreshing in winbindd.
-------------------------------------------------------------------
Fri Jul 6 19:31:25 CEST 2007 - lmuelle@suse.de
- Limit the LDAP expression in lookup_usergroups_member() to security groups;
[253862c209].
-------------------------------------------------------------------
Fri Jul 6 10:20:29 CEST 2007 - lmuelle@suse.de
- Don't reset the num_names counter in lookup_groupmem(); [253862c198].
-------------------------------------------------------------------
Wed Jul 4 16:37:34 CEST 2007 - anschneider@suse.de
- Make the days before the password expiry warning appears configurable in
pam_winbind.conf; [#287871].
-------------------------------------------------------------------
Tue Jul 3 13:32:31 CEST 2007 - schwab@suse.de
- Don't link shared libraries of vscan with -pie.
-------------------------------------------------------------------
Fri Jun 29 14:01:47 CEST 2007 - lmuelle@suse.de
- Increase LOOKUP_SIDS_HUNK_SIZE for rpccli_lsa_lookup_sids_all() from 1000 to
20480; [#253862c175].
-------------------------------------------------------------------
Wed Jun 27 16:21:43 CEST 2007 - lmuelle@suse.de
- Update to 3.0.25b.
+ Offline caching of files with Windows XP/Vista clients.
+ Improper cleanup of expired or invalid byte range locks on files.
+ Crashes is idmap_ldap and idmap_rid.
-------------------------------------------------------------------
Sat Jun 23 19:43:15 CEST 2007 - lmuelle@suse.de
- Fix reply when no dfs share is configured.
- Fix the DFS code to work with Vista clients; [#286937].
-------------------------------------------------------------------
Fri Jun 22 16:57:31 CEST 2007 - lmuelle@suse.de
- Migrate old if-up/down scripts to new names on update; [#283706, #285187].
-------------------------------------------------------------------
Tue Jun 19 16:03:55 CEST 2007 - anschneider@suse.de
- Introduced prefix numbering of if-up/down scripts that they get executed in
the right order; [#283706, #285187].
-------------------------------------------------------------------
Tue Jun 19 13:40:39 CEST 2007 - anschneider@suse.de
- Restart nscd on winbind update to load the new libnss_winbind.so.2 library.
This will not resolve every problem with nss modules; [#174589c88].
-------------------------------------------------------------------
Mon Jun 18 15:43:31 CEST 2007 - anschneider@suse.de
- Fix winbind segfaults with idmap_rid; bso [#4624].
-------------------------------------------------------------------
Thu Jun 7 19:43:52 CEST 2007 - lmuelle@suse.de
- Add missed 'c' character to the list of valid ones in escape_shell_string();
[#273611].
-------------------------------------------------------------------
Fri Jun 1 19:16:30 CEST 2007 - lmuelle@suse.de
- Let lookup_groupmem() only resolve not yet cached SIDs; [#253862c106].
-------------------------------------------------------------------
Thu May 31 08:28:53 CEST 2007 - lmuelle@suse.de
- Remove superfluous requires to samba from the devel package.
-------------------------------------------------------------------
Wed May 30 18:29:23 CEST 2007 - lmuelle@suse.de
- Ensure the returned structure size from _samr_query_dispinfo() is smaller
than the total size; [#203833].
-------------------------------------------------------------------
Sat May 26 16:39:00 CEST 2007 - lmuelle@suse.de
- Remove 'unset CONFIGURE_OPTIONS' in front of the configure call to vscan.
- Install header files with 0644 instead of 0755 permissions.
- Enable build of the python package.
-------------------------------------------------------------------
Fri May 25 13:36:38 CEST 2007 - anschneider@suse.de
- Branch a samba-devel package for post 10.2 systems.
- Install .a library files with 0644 instead of 0755 permissions.
-------------------------------------------------------------------
Fri May 25 10:19:18 CEST 2007 - lmuelle@suse.de
- Update to 3.0.25a.
+ Missing supplementary Unix group membership when using "force·group".
+ Premature expiration of domain user passwords when using a·Samba domain
controller.
+ Failure to open the Windows object picker against a server configured to
use "security = domain".
+ Authentication failures when using security = server.
-------------------------------------------------------------------
Thu May 24 19:41:34 CEST 2007 - lmuelle@suse.de
- Add %dir /usr/share/samba to the client package.
- Remove samba-classic{,-client}, samba-ldap{,-client}, sambaxp{,-client}, and
smbclnt from Provides and Obsoletes of the main or client package.
-------------------------------------------------------------------
Thu May 24 10:41:37 CEST 2007 - stbinner@suse.de
- Add /sbin/ldconfig to %post and %postun of libsmbsharemode.
-------------------------------------------------------------------
Wed May 23 19:02:26 CEST 2007 - lmuelle@suse.de
- Update samba-vscan to 0.3.6c-beta4.
-------------------------------------------------------------------
Wed May 23 11:45:31 CEST 2007 - anschneider@suse.de
- In some cases PRS_ALLOC_MEM was called with zero count; [#273613];
bso [#4637].
-------------------------------------------------------------------
Wed May 23 10:08:00 CEST 2007 - hhetter@suse.de
- Enhance the patch to the ads version of lookup_groupmem(); [#253862c89].
-------------------------------------------------------------------
Mon May 21 20:13:57 CEST 2007 - lmuelle@suse.de
- Don't use current_user to prep the security ctx in change_to_user();
[#273613].
-------------------------------------------------------------------
Mon May 21 11:51:23 CEST 2007 - lmuelle@suse.de
- Prevent winbindd segfaulting due to corrupted cache tdb; [#256166].
-------------------------------------------------------------------
Sat May 19 13:31:34 CEST 2007 - lmuelle@suse.de
- Use WORKGROUP instead of TUX-NET as default workgroup setting in smb.conf.
-------------------------------------------------------------------
Fri May 18 09:50:26 CEST 2007 - lmuelle@suse.de
- No longer check in the pre package scripts if swat or winbindd of version
2.2 are updated; [#273160].
-------------------------------------------------------------------
Mon May 14 13:55:15 CEST 2007 - lmuelle@suse.de
- Update to 3.0.25.
+ Significant improvements in the winbind off-line logon support.
+ Support for secure DDNS updates as part of the 'net ads join'·process.
+ Rewritten IdMap interface which allows for TTL based caching and·per
domain backends.
+ New plug-in interface for the "winbind nss info" parameter.
+ New file change notify subsystem which is able to make use of·inotify on
Linux.
+ Support for passing Windows security descriptors to a VFS·plug-in allowing
for multiple Unix ACL implements to running side·by side on the Same
server.
+ Improved compatibility with Windows Vista clients including·improved read
performance with Linux servers.
+ Man pages for IdMap and VFS plug-ins.
+ Security Fixes CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447.
- Disable build of the python package.
-------------------------------------------------------------------
Fri May 11 11:57:55 CEST 2007 - lmuelle@suse.de
- Fix heap overflows to prevent remote code execution; CVE-2007-2446;
[#273613].
- Fix remote command injection vulnerability; CVE-2007-2447; [#273611].
-------------------------------------------------------------------
Tue May 8 21:07:43 CEST 2007 - lmuelle@suse.de
- Remove obsolete samba-pdb package and required packages from BuildRequires
for post 10.2 systems.
-------------------------------------------------------------------
Mon May 7 14:54:35 CEST 2007 - lmuelle@suse.de
- Remove X-UnitedLinux- prefix from init scripts for post 9.0 systems.
-------------------------------------------------------------------
Mon May 7 13:17:27 CEST 2007 - lmuelle@suse.de
- Remove requires on release from devel packages.
-------------------------------------------------------------------
Thu May 3 12:55:55 CEST 2007 - lmuelle@suse.de
- Reduces the number of queries made to the DC in the ads version of
lookup_groupmem(); [#253862].
-------------------------------------------------------------------
Thu May 3 11:43:57 CEST 2007 - lmuelle@suse.de
- Allow winbindd to take local shortcut on secondary DCs in case dce funnel
directory is set; [#266853].
-------------------------------------------------------------------
Wed May 2 19:41:04 CEST 2007 - lmuelle@suse.de
- Really remove Should-Start smb in smbfs init script; [#242918].
-------------------------------------------------------------------
Wed Apr 25 23:33:27 CEST 2007 - lmuelle@suse.de
- Disable 'msdfs root' by default again; [#268004].
-------------------------------------------------------------------
Fri Apr 20 23:50:15 CEST 2007 - lmuelle@suse.de
- Build libsmbsharemodes and create libsmbsharemodes and corresponding devel
package; [#264623].
-------------------------------------------------------------------
Fri Apr 20 12:05:01 CEST 2007 - lmuelle@suse.de
- Let idmap_ad search in the Global Catalog in case dce funnel directory is
set; [#266049].
-------------------------------------------------------------------
Tue Apr 17 22:02:11 CEST 2007 - lmuelle@suse.de
- Allow share names with a lengths greater than 32 chars; bso [#4512].
-------------------------------------------------------------------
Tue Apr 17 21:01:05 CEST 2007 - lmuelle@suse.de
- Check the euid and call become_root() to get write access to dump a core.
-------------------------------------------------------------------
Tue Apr 17 13:12:50 CEST 2007 - lmuelle@suse.de
- Add pwdutils BuildRequires for post 10.2 systems.
-------------------------------------------------------------------
Mon Apr 16 19:30:38 CEST 2007 - lmuelle@suse.de
- Do not restart winbindd under any if-up circumstances; [#227942].
-------------------------------------------------------------------
Fri Apr 13 14:49:00 CEST 2007 - lmuelle@suse.de
- Replace unneeded become_root_uid_only() by refactored become_root();
CVE-2007-2444; [#262090].
-------------------------------------------------------------------
Tue Apr 3 17:02:19 CEST 2007 - lmuelle@suse.de
- Add repository version and branch to the spec file via
build-source-timestamp mechanism.
-------------------------------------------------------------------
Tue Apr 3 11:33:11 CEST 2007 - lmuelle@suse.de
- Allow applications to set the share mode while opening a file using
libsmbclient; bso [#3684]; [#203737].
-------------------------------------------------------------------
Thu Mar 29 14:36:13 CEST 2007 - lmuelle@suse.de
- Fix for fd leak on error path in winbindd; bso [#3204], [#258737].
-------------------------------------------------------------------
Mon Mar 26 15:02:45 CEST 2007 - rguenther@suse.de
- Add gdbm-devel BuildRequires for post 10.2 systems.
-------------------------------------------------------------------
Mon Mar 26 14:04:50 CEST 2007 - lmuelle@suse.de
- Remove setlocale(LC_ALL, "C") calls; bso [#2926], [#247728].
-------------------------------------------------------------------
Sat Mar 17 23:34:52 CET 2007 - lmuelle@suse.de
- Fix segfault and memleak in wb_lookup_rids(); bso [#4434].
-------------------------------------------------------------------
Mon Mar 5 16:06:04 CET 2007 - lmuelle@suse.de
- Fixes a known bottleneck under very high load situations; [#247984].
-------------------------------------------------------------------
Mon Feb 26 12:32:20 CET 2007 - gd@suse.de
- Avoid passdb builtin group membership calls in the DCERPC funnel patch;
[#248556].
-------------------------------------------------------------------
Fri Feb 23 11:37:06 CET 2007 - lmuelle@suse.de
- Allow pre 3.0.23 multi passdb backend configurations to work with
post 3.0.22 by using the first backend only; [#245167].
-------------------------------------------------------------------
Thu Feb 22 15:05:48 CET 2007 - gd@suse.de
- Prevent nscd crash in NSS winbind initgroups(); [#237719].
- Fix pam_winbind cached login for samba/NT4 domains; bso [#4225].
- Various pam_winbind fixes; bso [#4094, #4288].
- Fix DCERPC funnel patch; [#245278].
- Fix vista and share level security.
- Fix vista variable expansion; bso [#4093].
- Fix vista DFS support; bso [#4356].
- Fix vista backup tool; bso [#4361].
- Fix vista deletion on shares; bso [#4188].
- Fix vista spoolss problems.
-------------------------------------------------------------------
Tue Feb 13 10:59:39 CET 2007 - gd@suse.de
- Fix crash bug in rpc_pipe_bind(); [#244892].
-------------------------------------------------------------------
Fri Feb 9 20:30:34 CET 2007 - lmuelle@suse.de
- Enable DCERPC funnel patch.
-------------------------------------------------------------------
Fri Feb 9 11:50:29 CET 2007 - gd@suse.de
- Fix accumulation of expired LDAP connections when winbind in ads mode;
bso [#4009].
-------------------------------------------------------------------
Wed Feb 7 10:34:06 CET 2007 - gd@suse.de
- Fix all lp_dce_funnel_directory() callers; [#242833].
-------------------------------------------------------------------
Wed Feb 7 09:44:46 CET 2007 - lmuelle@suse.de
- Disable broken DCERPC funnel patch; [#242833].
-------------------------------------------------------------------
Mon Feb 5 12:45:24 CET 2007 - lmuelle@suse.de
- Update to 3.0.24.
+ Potential Denial of Service bug in smbd; CVE-2007-0452; [#240265].
-------------------------------------------------------------------
Thu Feb 1 20:37:35 CET 2007 - lmuelle@suse.de
- Fix logic error in the deferred open code; CVE-2007-0452; [#240265].
-------------------------------------------------------------------
Thu Feb 1 15:31:03 CET 2007 - gd@suse.de
- Avoid winbind event handler for internal domains.
-------------------------------------------------------------------
Tue Jan 30 17:59:15 CET 2007 - gd@suse.de
- Fix smbcontrol winbind offline; [#223418].
- Fail on offline pwd change attempts; [#223501].
- Register check_dom_handler when coming from offline mode.
- Fix pam_winbind passwd changes in online mode.
- Call set_domain_online in init_domain_list().
- Winbind cleanup after failure and fix crash bug.
- Don't register check domain handler for all trusts.
- Add separate logfile for dc-connect wb child.
- Only write custom krb5 conf for own domain.
- Move check domain handler to fork_domain_child.
-------------------------------------------------------------------
Fri Jan 26 11:46:05 CET 2007 - gd@suse.de
- Fix pam_winbind text string typo; [#238496].
- Support sites without DCs (automatic site coverage); [#219793].
- Fix invalid krb5 cred cache deletion; [#227782].
- Fix invalid warning in the PAM session close;
- Fix DC queries for all DCs; [#230963].
- Fix sitename usage depending on realm; [#195354].
-------------------------------------------------------------------
Wed Jan 24 18:36:30 CET 2007 - gd@suse.de
- Add DCERPC funnel patch; fate [#300768].
-------------------------------------------------------------------
Mon Jan 22 14:25:21 CET 2007 - gd@suse.de
- Fix pam password change with w2k DCs; [#237281].
-------------------------------------------------------------------
Thu Jan 18 18:20:28 CET 2007 - lmuelle@suse.de
- Check from the init script for SAMBA_<daemonname>_ENV variable expected to
be set in /etc/sysconfig/samba to export a particular environment variable
before starting a daemon. See section 'Setup a particular environment for
a Samba daemon' from the README file how this feature is to use.
-------------------------------------------------------------------
Mon Jan 15 11:24:31 CET 2007 - lmuelle@suse.de
- Remove %config tag from /usr/share/omc/svcinfo.d/*.xml files.
-------------------------------------------------------------------
Thu Jan 11 17:36:13 CET 2007 - gd@suse.de
- Fix pam_winbind grace offline logins; [#223501].
- Fix password expiry message; [#231583].
-------------------------------------------------------------------
Thu Jan 11 15:36:42 CET 2007 - lmuelle@suse.de
- Move XML service description documents; fate [#301712].
-------------------------------------------------------------------
Wed Jan 10 11:09:29 CET 2007 - lmuelle@suse.de
- Disable smbmnt, smbmount, and smbumount for systems newer than 10.1.
-------------------------------------------------------------------
Tue Jan 9 16:26:58 CET 2007 - lmuelle@suse.de
- Add XML service description documents; fate [#301712].
-------------------------------------------------------------------
Thu Jan 4 11:25:55 CET 2007 - lmuelle@suse.de
- Move tdb utils to the client package.
-------------------------------------------------------------------
Thu Dec 14 03:34:11 CET 2006 - jeallison@novell.com
- Fix crash caused by deleting a message dispatch
handler from inside the handler itself; [#221709].
-------------------------------------------------------------------
Fri Dec 8 21:17:59 CET 2006 - jeallison@novell.com
- Fix delays in winbindd access when on a non-home
network; [#222595].
-------------------------------------------------------------------
Thu Nov 23 00:49:55 CET 2006 - jeallison@novell.com
- Fix client-side smb signing; [#222951].
- Fix imcomplete merge for firefox NTLM handling; [#198255].
-------------------------------------------------------------------
Mon Nov 20 20:32:26 CET 2006 - lmuelle@suse.de
- Add IA64 and x64 printer drivers directory.
-------------------------------------------------------------------
Thu Nov 16 17:44:22 CET 2006 - lmuelle@suse.de
- Update to 3.0.23d.
+ Stability fixes for winbindd.
-------------------------------------------------------------------
Fri Nov 3 10:37:45 CET 2006 - gd@suse.de
- Fix ldapsmb group and unicode issues; [#143417, #216606].
- Fix net ads account management; [#217046].
- Fix libnscd usage in passdb; [#217363].
- Add the "mega patch"
+ Add site support for winbind; [#195354], fate [#300909].
+ Add site support for net; [#211281], fate [#300909].
+ Fix winbind krb5 ticket handling from offline; [#178028].
+ Fix "net ads leave"; [#196771].
+ Fix winbind username case handling; [#184902].
+ Fix winbind name canonicalisation; [#210174].
+ Fix winbind online/offline handling; [#196859].
+ Add NTLM cached credential handling for firefox; [#198255],
fate [#300973].
+ Fix winbind groupmembership handling; [#211324].
+ Fix winbind site-support handling on reconnect; [#195354].
+ Fix winbind child initialization and online/offline handling;
[#196859].
+ Fix winbind cached credential storage; [#185053].
+ Fix winbind long login delays; [#184450].
+ Fix winbind crash for new AD user; [#208454].
-------------------------------------------------------------------
Thu Oct 26 16:29:03 CEST 2006 - gd@suse.de
- Fix pam_winbind overriding syslog settings; [#201756].
- Fix profilepath pam_set_data for other PAM modules; [#215707].
-------------------------------------------------------------------
Mon Oct 23 18:12:39 CEST 2006 - gd@suse.de
- Fix timeout handling for winbindd (samr, netlogon).
- Fix gencache access; [#209409, #211281].
- Fix libsmbclient accessing NetApp; bso [#4018].
- Fix error handling in ads printer code; [#209409].
- Fix passwd pam segfault; [#211719].
- Fix crash in winbind async child.
- Fix winbind failure mode for trusted domains.
-------------------------------------------------------------------
Fri Oct 20 09:52:55 CEST 2006 - jeallison@novell.com
- Add realm to username if missing in net ads join; [#211706].
-------------------------------------------------------------------
Thu Oct 19 22:35:17 CEST 2006 - lmuelle@suse.de
- Move the LOCKDIR to the client sub package.
-------------------------------------------------------------------
Thu Oct 12 16:56:17 CEST 2006 - lmuelle@suse.de
- Activate the libaddns.
-------------------------------------------------------------------
Thu Sep 28 23:25:57 CEST 2006 - lmuelle@suse.de
- Add version of the package subversion to Samba vendor version suffix.
-------------------------------------------------------------------
Fri Sep 1 14:29:17 CEST 2006 - lmuelle@suse.de
- Update to 3.0.23c.
+ Authentication failures in pam_winbind when the AD domain
policy is set to not expire passwords.
+ Authorization failures when using smb.conf options such
as "valid users" with the smbpasswd passdb backend.
-------------------------------------------------------------------
Thu Aug 24 19:59:00 CEST 2006 - jeallison@novell.com
- Fix time value reporting in libsmbclient; [#195285].
-------------------------------------------------------------------
Tue Aug 15 10:10:25 CEST 2006 - ro@suse.de
- Remove update-messages.
-------------------------------------------------------------------
Tue Aug 8 22:30:40 CEST 2006 - jeallison@novell.com
- Store and restore NT hashes as string compatible values; [#185053].
-------------------------------------------------------------------
Tue Aug 8 19:59:44 CEST 2006 - jeallison@novell.com
- Added winbindd null sid fix; [#185053].
-------------------------------------------------------------------
Tue Aug 8 15:53:23 CEST 2006 - lmuelle@suse.de
- Update to 3.0.23b.
+ Ambiguity with unqualified names in smb.conf parameters
such as "force user" and "valid users".
+ Errors in 'net ads join' caused by bad IP address in the list
of domain controllers.
+ SMB signing errors in the client and server code.
+ Domain join failures when using smbpasswd on a Samba PDC.
-------------------------------------------------------------------
Wed Jul 26 10:51:41 CEST 2006 - lmuelle@suse.de
- Fix from Alison Winters of SGI to build even if make_vscan is 0.
-------------------------------------------------------------------
Sat Jul 22 12:05:33 CEST 2006 - lmuelle@suse.de
- Update to 3.0.23a.
+ Failure to strip the domain name from groups when 'winbind
use default domain = yes'
+ Bad token creation of local users on member servers not
running winbindd.
+ Failure to add users or groups to ACLs using the Windows
object picker.
+ Failure in file serving code when 'kernel oplocks = yes'.
+ New "createupn" option to "net ads join"
+ Rewritten Kerberos keytab generation when 'use kerberos
keytab = yes'
-------------------------------------------------------------------
Tue Jul 18 13:27:26 CEST 2006 - lmuelle@suse.de
- Replace vendor-files/tools/dlopen.sh by test_pam_modules make rule.
-------------------------------------------------------------------
Tue Jul 18 12:48:15 CEST 2006 - lmuelle@suse.de
- Fix pam config file parsing in pam_winbind; bso [#3916].
-------------------------------------------------------------------
Mon Jul 10 22:46:04 CEST 2006 - lmuelle@suse.de
- Update to 3.0.23.
+ Improved 'make test'
+ New offline mode in winbindd.
+ New Kerberos support for pam_winbind.so.
+ New handling of unmapped users and groups.
+ New non-root share management tools.
+ Improved support for local and BUILTIN groups.
-------------------------------------------------------------------
Fri Jul 7 18:10:40 CEST 2006 - gd@suse.de
- Prevent potential crash in winbindd's credential cache handling;
[#184450].
-------------------------------------------------------------------
Thu Jul 6 12:08:51 CEST 2006 - lmuelle@suse.de
- Fix memory exhaustion DoS; CVE-2006-3403; [#190468].
-------------------------------------------------------------------
Sun Jul 2 02:24:22 CEST 2006 - jeallison@novell.com
- Fix the munlock call, samba.org svn rev r16755 from Volker.
-------------------------------------------------------------------
Sat Jul 1 01:45:26 CEST 2006 - jeallison@novell.com
- Change the kerberos principal for LDAP authentication to
netbios-name$@realm from host/name@realm; [#184450].
-------------------------------------------------------------------
Tue Jun 27 15:55:57 CEST 2006 - lmuelle@suse.de
- Ensure to link all required libraries to libnss_wins; [#184306].
-------------------------------------------------------------------
Sat Jun 24 19:46:24 CEST 2006 - lmuelle@suse.de
- Update to 3.0.23rc3.
+ Warnings from the Klocwork code analyzer.
+ Various portability bugs on AIX, Solaris, and True64.
+ Authorization problems when managing services.
+ Problems joining Windows clients to a Samba/LDAP domain.
-------------------------------------------------------------------
Wed Jun 21 02:36:07 CEST 2006 - jeallison@novell.com
- Change log level of debug message to avaoid flodded nmbd log; [#157623].
-------------------------------------------------------------------
Mon Jun 19 16:14:25 CEST 2006 - lmuelle@suse.de
- Add 'usershare allow guests = Yes' to the default config; [#144787].
-------------------------------------------------------------------
Fri Jun 16 12:52:10 CEST 2006 - schwab@suse.de
- Fix syntax error in configure script.
-------------------------------------------------------------------
Fri Jun 16 00:44:45 CEST 2006 - gd@suse.de
- Add CHANGEPW kpasswd fallback to TCP; [#184945].
-------------------------------------------------------------------
Tue Jun 13 21:46:28 CEST 2006 - lmuelle@suse.de
- Update to 3.0.23rc2.
+ Winbindd & Samba PDC integration issues.
+ Join problems from Windows clients in a Samba domain.
+ Winbind & AD trust failures.
-------------------------------------------------------------------
Fri Jun 9 16:17:33 CEST 2006 - lmuelle@suse.de
- Remove VFS examples; [#182117].
-------------------------------------------------------------------
Fri Jun 9 15:31:12 CEST 2006 - gd@suse.de
- Honour 'sn' attribute for eDir; [#176799].
-------------------------------------------------------------------
Thu Jun 8 12:05:30 CEST 2006 - lmuelle@suse.de
- Adapt smbclient fix to smbtree to enable long share names; [#175999].
- Make smbclient -L use RPC to list shares, fall back to RAP; [#171311].
-------------------------------------------------------------------
Wed Jun 7 16:23:26 CEST 2006 - gd@suse.de
- Re-add in-forest domain trusts; [bso #3823].
-------------------------------------------------------------------
Thu Jun 1 16:09:32 CEST 2006 - lmuelle@suse.de
- Remove SO_SNDBUF and SO_RCVBUF from socket options example; [#165723].
-------------------------------------------------------------------
Wed May 31 19:51:49 CEST 2006 - gd@suse.de
- Add wbinfo --own-domain; [#167344].
- Fix usability of pam_winbind on a Samba PDC; [bso #3800].
-------------------------------------------------------------------
Tue May 30 12:28:17 CEST 2006 - lmuelle@suse.de
- Remove intrusive affinity patches for winbindd.
-------------------------------------------------------------------
Sun May 28 01:08:59 CEST 2006 - jeallison@novell.com
- Merge Volker's winbindd crash fix for half-opened connections
in winbindd_cm.c (sessionsetup succeeded but tconX failed).
-------------------------------------------------------------------
Thu May 25 19:05:14 CEST 2006 - lmuelle@suse.de
- Update to 3.0.23rc1.
+ Winbind IDMAP integration with RFC2307 schema objects supported by Windows
2003 R2.
+ Rewritten 'net ads join' to mimic Windows XP without requiring
administrative rights to join a domain.
-------------------------------------------------------------------
Mon May 22 20:14:38 CEST 2006 - lmuelle@suse.de
- Optimize lookup of user's group memberships via ExtendedDn LDAP control;
[#168100].
- Restart winbind if the hostname is modified by the DHCP client; [#169260].
- Set the groups membership first whilst we're still root and use execve()
instead of execv() in get_printing_ticket; [#177114].
- Add samba-krb-printing sub package with get_printing_ticket wrapper binary;
[#149698].
-------------------------------------------------------------------
Tue May 16 16:37:07 CEST 2006 - gd@suse.de
- Prevent passwords beeing swapped to disc; [#174834].
- Remove length limit from winbind cache cleanup function; [#175737].
- Fix NDS_ldapsam memory leak.
- Only add password to linked list when necessary.
- Don't try cached credentials when changing passwords.
- Cleanup winbind linked list of credential caches.
- Use the index objectCategory attribute in AD LDAP requests.
- Adjust AD time difference when validating tickets.
- Add password change warning for passwords beeing too young.
- Remove experimental Heimdal KCM support.
-------------------------------------------------------------------
Mon May 8 17:37:28 CEST 2006 - lmuelle@suse.de
- Added "usershare allow guests" global parameter; [#144787].
-------------------------------------------------------------------
Thu May 4 19:52:01 CEST 2006 - gd@suse.de
- Return domain name in samrquerydominfo 5; [#172756].
-------------------------------------------------------------------
Tue May 2 11:58:34 CEST 2006 - gd@suse.de
- Fix unauthorized access when logging in with pam_winbind; [#156385].
-------------------------------------------------------------------
Thu Apr 27 17:40:34 CEST 2006 - lmuelle@suse.de
- Don't ever set O_SYNC on open unless "strict sync = yes"; [#165431].
-------------------------------------------------------------------
Mon Apr 24 12:23:29 CEST 2006 - gd@suse.de
- Correct fix to exit from "net" with an inproper configuration; [#163227],
[#182749].
- Robustness fixes for winbind; [#167952].
- Fix build of own iniparser copy.
-------------------------------------------------------------------
Sun Apr 23 23:11:47 CEST 2006 - lmuelle@suse.de
- Update to 3.0.23pre1.
-------------------------------------------------------------------
Sat Apr 15 20:24:12 CEST 2006 - lmuelle@suse.de
- Exit from the net command with an error if Samba is not configured for the
required role; [#163227].
- Add portability issue fixes between 32-bit winbind clients and a 64-bit
winbindd server.
- Install pam_winbind.conf to /etc/security and add it with %config(noreplace)
to the samba-winbind sub package.
- Add fix to the vscan antivir module to circumvent longer startup times of
the antivir scanner process.
-------------------------------------------------------------------
Wed Apr 12 19:45:57 CEST 2006 - gd@suse.de
- Use iniparser for pam_winbind.
-------------------------------------------------------------------
Mon Apr 3 12:09:28 CEST 2006 - lmuelle@suse.de
- Allow testparm to dump a paramatrical option.
- Update to 3.0.22; CVE-2006-1059; [#161778].
-------------------------------------------------------------------
Fri Mar 31 13:20:05 CEST 2006 - gd@suse.de
- Don't assume account objectclass for eDir; [#160169].
-------------------------------------------------------------------
Wed Mar 29 11:50:36 CEST 2006 - gd@suse.de
- Only send CLDAP request to an connect AD DC; [#159684].
- Invalidate krb5 credential cache when pam_auth has failed; [#161018].
-------------------------------------------------------------------
Tue Mar 28 14:26:43 CEST 2006 - lmuelle@suse.de
- Enhance comment for the 'cups options = raw' line; [#160720].
-------------------------------------------------------------------
Thu Mar 23 14:30:15 CET 2006 - gd@suse.de
- Align pam_winbind patch with upstream version.
-------------------------------------------------------------------
Tue Mar 21 10:47:16 PST 2006 - jeallison@novell.com
- Fix oplock logic bug under heavy load; [#159626].
-------------------------------------------------------------------
Mon Mar 20 16:25:53 CET 2006 - gd@suse.de
- Flush nscd cache also on winbindd startup; [#137793].
- Remove paranoia check for empty acct_flags to support NT4 and older Samba 3
DCs; [#149477].
- Skip superfluous keytab-iteration; [#154951].
- Avoid fallback to samlogon after password failure; [#158717].
- Fix empty domain name in NSS calls; [#154954].
-------------------------------------------------------------------
Wed Mar 15 19:02:18 CET 2006 - lmuelle@suse.de
- Call make proto instead of pch for pre 10.0 systems.
- Use 0750 as default permissions for /var/log/samba as the log files are
created with 0644.
- Add libnscd-devel to BuildRequires for post 9.1 systems.
-------------------------------------------------------------------
Tue Mar 14 11:57:10 PST 2006 - jeallison@novell.com
- Fix Coverity bug missing return on error case in usershare code.
Samba.org svn rev 14019.
-------------------------------------------------------------------
Mon Mar 13 17:39:54 CET 2006 - gd@suse.de
- Correctly flush nscd caches when winbindd comes (back) online; [#137793].
- Fix ldapsmb handling of quoted strings in smb.conf; [#153756].
-------------------------------------------------------------------
Thu Mar 9 10:14:19 CET 2006 - gd@suse.de
- Fix LDAP replication sleep handling for search requests; [#118378].
-------------------------------------------------------------------
Tue Mar 7 16:41:51 CET 2006 - lmuelle@suse.de
- Use dlopen.sh to test that every module we just built can actually be loaded
by a minimal PAM-aware application.
- Link pam_smbpass with the required object files; bso [#3565].
-------------------------------------------------------------------
Wed Mar 1 09:53:00 CET 2006 - lmuelle@suse.de
- Fix case where a non existing tdb let smbpasswd -a core dump.
- Use make everything only to build the same result.
- Call proto_exists before we create the precompiled headers (pch).
- Set LC_ALL, LC_CTYPE, and LANG from /etc/sysconfig/language before we start
smbd and unset it afterwards; [#105322].
- Fix message handling with smbcontrol; [#153699].
- Build and install mount.cifs and umount.cifs as part of the main Makefile.
- Define 'symbols' heimdal if we build on a system older than 9.1. Else the
heimdal specific patches are not applied.
- Start nmbd in /etc/sysconfig/network/scripts/samba-winbindd if the service
is enabled before we switch winbindd online.
-------------------------------------------------------------------
Fri Feb 24 23:48:08 CET 2006 - lmuelle@suse.de
- Only use absolute paths for the targets of sym links.
- Add a comment to the smbusers file that we are not using it in our default
configuration; [#153370].
- Update to final 3.0.21c.
- Properly shutdown winbindd with invalid configuration; [#153074].
- Never overwrite the acct_flags in rpccli_netlogon_sam_network_logon;
[#149477].
- Fix usage of DESTDIR while calling make install; bso [#3282].
- Allow to rename workstations in a Samba Domain; [#140877], bso [#2331].
- Honour workgroup when parsing smb-uris correctly; [#152821].
- Simplify fillup_and_insserv call in the %post of the client package for post
10.0 systems.
- Fix net usershare info core dump; [#150870].
- Reorder Prereq lines and add missing binaries.
- Run /sbin/ldconfig from %post and %postun if the package contains a lib;
also replace any %run_ldconfig by /sbin/ldconfig; add PreReq /sbin/ldconfig.
-------------------------------------------------------------------
Mon Feb 20 17:31:12 CET 2006 - lmuelle@suse.de
- Update to 3.0.21c from svn.Samba.org SAMBA_3_0_RELEASE tree.
-------------------------------------------------------------------
Thu Feb 16 23:06:07 CET 2006 - lmuelle@suse.de
- Replace swat-welcome.diff by the upstream version; [#63160], bso [#2278].
- Replace pdbedit-pw-stdin.diff by the upstream version; bso [#1386].
- Add winbind offline config template; fate [#300457].
- Enhance return codes of net usershare; [#150870].
- Don't let lp_load() overwrite configuration settings; [#149682].
- Fix winbindd getpwnam behaviour for pam_winbind; [#149021].
- Replace nss-soname.diff by the upstream version; bso [#3381].
- Move libnss_wins into the client package.
- Fix pam_winbind Kerberos/NTLM fallback; [#149477].
- Update eDirectory LDAP schema for account policies; [#149470].
- Fix login password expiry handling in pam_winbind; [#149462].
-------------------------------------------------------------------
Tue Feb 14 17:53:11 CET 2006 - gd@suse.de
- Send correct workstation name to prevent NT_STATUS_INVALID_WORKSTATION
beeing returned in samlogon; [#148645], [#161051].
-------------------------------------------------------------------
Wed Feb 8 10:42:34 CET 2006 - aj@suse.de
- Remove openafs requirement.
-------------------------------------------------------------------
Tue Feb 7 00:39:26 CET 2006 - lmuelle@suse.de
- Add Requires kerberos devel package to libsmbclient-devel; [#148579].
- Add Requires of the main lib packages to the libsmbclient and libmsrps devel
packages.
- Add missing documentation to testparm man page..
-------------------------------------------------------------------
Mon Feb 6 17:34:54 CET 2006 - lmuelle@suse.de
- Remove /var/spool/samba from the filelist.
- No longer ignore NetworkManager controlled interfaces in dhcpcd-hook-samba.
- No longer call netbios_setup() if we source dhcpcd-hook-samba-functions.
-------------------------------------------------------------------
Thu Feb 2 23:35:40 CET 2006 - lmuelle@suse.de
- Add missing \ to the dhcpcd-hook-samba-functions.
- Change password character to '*' in NSS replies.
- Fix online/offline message handling for winbindd.
- Only do anything while calling the helper script samba-winbindd if "winbind
offline logon" is "Yes".
- Starting nmbd with helper script samba-winbindd if we are going online and
service nmb is activated.
- Package network interface scripts as %ghost and only create the sym links on
the initial install.
- Update to final 3.0.21b.
- Always use a local copy of guards (patches/tools/guards) instead of
depending to the quilt package at build time.
- Install any section of the default smb.conf as separate file packaged in
/usr/share/samba/templates/default-* into the client package.
- Append product version string to SAMBA_VERSION_VENDOR_SUFFIX.
- Add new feature to allow winbindd online offline state to be controlled by
smbcontrol; [#147249].
- Add -k switch to tdbdump to dump the data of a single key; [#133453].
-------------------------------------------------------------------
Thu Jan 26 12:47:35 CET 2006 - lmuelle@suse.de
- Add --all-domains switch to wbinfo.
- Update to 3.0.21b from svn.Samba.org SAMBA_3_0_RELEASE tree.
- Add script to trigger winbindd on- or offline mode.
- By default only allow to share directories owned by the user; [#144787].
- Add more verbose error message if usershares aren't activated; [#145299].
- Remove /var/lib/samba/usershares/ from the filelist; [#144013].
-------------------------------------------------------------------
Wed Jan 25 21:41:18 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Fri Jan 20 21:35:08 CET 2006 - lmuelle@suse.de
- Add %w macro to be replaced by the winbind separator.
- Add a desktop smb.conf as template to the client package.
- Run SuSEconfig --module permissions if the package is not installed with
YaST and we have a /etc/permissions.d/samba-usershares file.
- Add /etc/permissions.d/samba-usershares as %ghost to the filelist.
- Set %verify(not group mode), root:users and 01700 as default for the default
usershare path, /var/lib/samba/usershares/.
- It turns out krb5_kt_get_entry() on MIT does an implicit open/read/close and
blows away an open keytab handle - so make sure we use a new handle; bso
[#3421].
- Ensure net usershare add uses an absolute path; [#143777].
- Use stderr for error messages of the net command.
- Ensure to rewind rem_backend if we have to workaround an old configuration.
Else winbindd might seg fault.
- Fix crash bug in the idmap winbindd child.
- Add PAM conversation for disallowed password change.
-------------------------------------------------------------------
Sat Jan 14 23:34:19 CET 2006 - lmuelle@suse.de
- Remove idmap_ prefix from any idmap backend config setting; bso [#3264].
- Add net usershare command to manipulate user shares from trunk of samba.org.
- Align suse/samba3-pam_winbind patch with trunk of samba.org.
- Fix segfault in "net rpc vampire|samdump"; bso [#3390].
-------------------------------------------------------------------
Mon Jan 9 17:05:56 CET 2006 - jeallison@novell.com
- Don't assume owning sticky bit directory means write access allowed;
bso [#3348].
-------------------------------------------------------------------
Wed Jan 4 18:43:37 CET 2006 - lmuelle@suse.de
- Create the precompiled headers with exactly the same flags as the
binaries.
- Allow to rename machine accounts. Fixed crash against eDirectory;
[#140877].
-------------------------------------------------------------------
Tue Jan 3 18:11:26 CET 2006 - lmuelle@suse.de
- Add 'winbind refresh tickets' parameter; [#140962].
-------------------------------------------------------------------
Sun Jan 1 21:44:35 CET 2006 - lmuelle@suse.de
- Update to 3.0.21a; bso [#3349].
-------------------------------------------------------------------
Wed Dec 21 09:00:41 CET 2005 - lmuelle@suse.de
- Update to 3.0.21.
-------------------------------------------------------------------
Mon Dec 19 19:44:12 CET 2005 - gd@suse.de
- Add extended pam_winbind work from trunk.
-------------------------------------------------------------------
Wed Dec 14 22:47:51 CET 2005 - lmuelle@suse.de
- Return NT_STATUS_ACCOUNT_DISABLED if eDirectory returns
LDAP_UNWILLING_TO_PERFORM; [#138491].
-------------------------------------------------------------------
Sun Dec 4 19:05:42 CET 2005 - lmuelle@suse.de
- Package libmsrpc files separate.
- Revert libsmbclient package renaming.
- Update to 3.0.21rc2.
-------------------------------------------------------------------
Tue Nov 29 21:05:43 CET 2005 - lmuelle@suse.de
- Ensure to be root while calling pdb_search_destroy(); else we don't have
enough permissions to do the last paged LDAP search.
-------------------------------------------------------------------
Wed Nov 23 23:32:35 CET 2005 - lmuelle@suse.de
- Store "sambaLogonHours" in GMT and display them in localtime; bso [#3187]
- Update to ldapsmb 1.34.
- Cache the results more agressivly to stop multiple LDAP searches; bnc
[#134082].
- Allow anonymous printing to Microsoft Windows 2000 and XP systems via
unauthenticated ntlmssp session setup, bnc [#106335].
-------------------------------------------------------------------
Mon Nov 21 16:01:18 CET 2005 - lmuelle@suse.de
- Improve performance when enumerating users from a LDAP database; bnc
[#134082].
-------------------------------------------------------------------
Fri Nov 18 16:02:15 CET 2005 - lmuelle@suse.de
- Add fix for quota on ext[23], reiserfs.
-------------------------------------------------------------------
Thu Nov 17 19:26:22 CET 2005 - lmuelle@suse.de
- Create a separate Samba documentation package to build it as noarch for post
10.0 systems.
-------------------------------------------------------------------
Sun Nov 13 20:07:00 CET 2005 - lmuelle@suse.de
- Update to 3.0.21rc1.
-------------------------------------------------------------------
Wed Nov 9 13:18:28 CET 2005 - lmuelle@suse.de
- Add samba.org post 3.0.20b fixes.
+ Ensure printjob deletion.
+ Fix setting of quotas on Linux.
+ Clear request structure before used by wbinfo; bso [#3201].
+ Added new parameter 'map readonly = [yes|no|permissions]'; bnc [#134188].
+ Fix acl evaluation bug.
+ Don't count open pipes in the num_files_open on a connection.
-------------------------------------------------------------------
Fri Oct 28 14:33:57 CEST 2005 - lmuelle@suse.de
- Speed up load of the configuration file with a large number of share
definitions; bnc [#129341], bso [#1117].
-------------------------------------------------------------------
Sun Oct 16 19:06:28 CEST 2005 - lmuelle@suse.de
- Update patch for mount.cifs to work with named uid/ gid; [#120601].
-------------------------------------------------------------------
Fri Oct 14 12:47:15 CEST 2005 - lmuelle@suse.de
- Use upstream fix to supress LDAP build warnings with OpenLDAP 2.3.7 or
higher and to build with openssl 0.9.8a or higher.
- Allow mount.cifs also to work with uid/ gid names; [#120601].
-------------------------------------------------------------------
Thu Oct 13 20:33:18 CEST 2005 - lmuelle@suse.de
- Disable smbwrapper support for all architectures.
- Update to 3.0.20b
+ winbindd crash with alt_names; bso [#3068]
+ denied write on a share in read/write mode; bso [#3088]
+ read-only share files are always seen as read-only
+ quota support; bso [#3070]
-------------------------------------------------------------------
Sun Oct 9 02:37:26 CEST 2005 - schwab@suse.de
- Make syscall wrapper stuff compilable.
-------------------------------------------------------------------
Sat Oct 1 01:15:31 CEST 2005 - lmuelle@suse.de
- Update to 3.0.20a.
-------------------------------------------------------------------
Mon Sep 26 15:57:20 CEST 2005 - ro@suse.de
- fix some implicit function declarations in getdate.
-------------------------------------------------------------------
Mon Sep 19 19:31:53 CEST 2005 - lmuelle@suse.de
- Add iprint support; [#113346].
- Update to samba-vscan 0.3.6b.
- Add more samba.org post 3.0.20 fixes.
+ RegCreateKeyEx() Failures
+ Usrmgr.exe and Groups
+ net rpc shutdown
+ DOS applications
- Disable build of smbwrapper for ia64.
-------------------------------------------------------------------
Mon Sep 12 10:09:13 CEST 2005 - gd@suse.de
- Fix x86_64 crash bugs
+ security descriptor upgrade in print tdbs [#106751, samba.org #3084]
+ winbindd resolving group membership [samba.org #3082]
-------------------------------------------------------------------
Mon Aug 29 17:57:09 CEST 2005 - lmuelle@suse.de
- Add samba.org post 3.0.20 fixes.
+ Fix password history for eDirectory
+ fix enumerated group name
+ other minor fixes
-------------------------------------------------------------------
Sat Aug 20 15:47:23 CEST 2005 - lmuelle@suse.de
- Update to 3.0.20.
-------------------------------------------------------------------
Thu Aug 18 14:55:14 CEST 2005 - lmuelle@suse.de
- Fix assembling of the filepath in vscan-icap; [#105582].
- Fix typo in vscan-mcdaemon; [#102372].
-------------------------------------------------------------------
Wed Aug 10 00:46:28 CEST 2005 - lmuelle@suse.de
- Update to 3.0.20rc2.
-------------------------------------------------------------------
Tue Aug 9 14:22:41 CEST 2005 - lmuelle@suse.de
- Enable vscan filetype support for post 9.0 systems as SLES 9 SP 2 provides
a file package built with -fPIC; [#102372].
-------------------------------------------------------------------
Wed Aug 3 23:46:14 CEST 2005 - lmuelle@suse.de
- Update to ldapsmb 1.33.
- Create precompiled headers on post 9.3 systems.
-------------------------------------------------------------------
Fri Jul 29 23:26:36 CEST 2005 - lmuelle@suse.de
- Update to 3.0.20rc1.
- Fail build if a patch doesn't apply.
-------------------------------------------------------------------
Wed Jul 20 14:42:38 CEST 2005 - lmuelle@suse.de
- Use guards of the quilt package to apply all patches.
- Add shared module idmap_ad.
- Update to ldapsmb 1.32.
-------------------------------------------------------------------
Wed Jul 13 17:46:16 CEST 2005 - lmuelle@suse.de
- Update to 3.0.20pre2.
-------------------------------------------------------------------
Wed Jun 29 00:42:00 CEST 2005 - lmuelle@suse.de
- Update to 3.0.20pre1.
-------------------------------------------------------------------
Mon Jun 20 17:46:55 CEST 2005 - lmuelle@suse.de
- Add more post 3.0.14a fixes; bugzilla.Samba.org [#2729, #2698].
- Add hint to documentation about the permissions of umount.cifs; [#85813].
-------------------------------------------------------------------
Tue May 10 15:15:02 CEST 2005 - lmuelle@suse.de
- Add more post 3.0.14a fixes.
- Update umount.cifs to the current version.
-------------------------------------------------------------------
Tue Apr 26 14:09:12 CEST 2005 - lmuelle@suse.de
- Add umount.cifs binary.
-------------------------------------------------------------------
Fri Apr 22 19:34:05 CEST 2005 - lmuelle@suse.de
- Fix potential buffer overflow in torture.
- Change Requires ... = %{version} to >= ... %{version} to allow installation
of an subpackage from the original media after a version update was
available and installed by online update. Kept Requires samba = %{version}
for samba-vscan [#80230].
-------------------------------------------------------------------
Wed Apr 20 16:16:07 CEST 2005 - lmuelle@suse.de
- Add missing /usr/sbin/groupadd to PreReq of the main package.
-------------------------------------------------------------------
Tue Apr 19 15:31:46 CEST 2005 - lmuelle@suse.de
- Remove 'dos filetimes = Yes' from smb.conf as it now is the default.
-------------------------------------------------------------------
Tue Apr 19 02:14:07 CEST 2005 - ro@suse.de
- try to make testsuite build with gcc-4
-------------------------------------------------------------------
Fri Apr 15 16:57:38 CEST 2005 - lmuelle@suse.de
- Update to version 3.0.14a.
- Fix net share migrate and report in the case of the top level share
directory ACL.
-------------------------------------------------------------------
Tue Apr 12 17:50:55 CEST 2005 - lmuelle@suse.de
- Update to version 3.0.14.
-------------------------------------------------------------------
Fri Apr 8 18:47:22 CEST 2005 - lmuelle@suse.de
- Update samba-vscan to version 0.3.6.
- Set 'dos filetimes = Yes' in smb.conf for all shares where other users than
the owning user might have write access to Microsoft Excel files.
-------------------------------------------------------------------
Thu Mar 24 17:18:24 CET 2005 - lmuelle@suse.de
- Update to version 3.0.13; fix Samba to POSIX draft ACL mapping [#74373];
bugzilla.Samba.org [#2521].
-------------------------------------------------------------------
Mon Mar 21 19:13:45 CET 2005 - lmuelle@suse.de
- Fix copy/delete files from Microsoft Windows 98 explorer; [#74102];
bugzilla.Samba.org [#2501].
-------------------------------------------------------------------
Fri Mar 18 19:04:51 CET 2005 - lmuelle@suse.de
- Update to version 3.0.12.
-------------------------------------------------------------------
Sun Mar 13 23:02:51 CET 2005 - lmuelle@suse.de
- Ensure to package smbfstab with limited access permissions.
- Add additional Provides and Obsoletes and add %version-%release to the
Provides tags.
-------------------------------------------------------------------
Fri Feb 25 14:44:59 CET 2005 - lmuelle@suse.de
- Disable com_err patch for post 9.2 products.
- Use NO_BRP_STRIP_DEBUG="true" in the %install section if make_devel is set.
- Call mkversion.sh to add VENDOR_SUFFIX to version.h
-------------------------------------------------------------------
Mon Feb 7 01:37:46 CET 2005 - ro@suse.de
- use kerberos-devel-packages in neededforbuild (again)
-------------------------------------------------------------------
Fri Feb 4 20:07:40 CET 2005 - lmuelle@suse.de
- Update to 3.0.11.
- Create extra package, cifs-mount for the mount.cifs for post 9.2 products;
[#45324].
- Replace SWAT welcome.html sym link post and pre script workaround by a SWAT
fix; [#48160]; bugzilla.Samba.org [#2278].
-------------------------------------------------------------------
Fri Jan 21 20:46:37 CET 2005 - lmuelle@suse.de
- Enusre to free memory used for response and language in the print_cups code;
[#49999]; bugzilla.Samba.org [#2270].
-------------------------------------------------------------------
Thu Jan 20 10:45:00 CET 2005 - lmuelle@suse.de
- Fix order of evaluation in the bitmap code; Samba.org svn revision 4120;
[#49476,#49514,#49947].
-------------------------------------------------------------------
Fri Jan 14 15:52:18 CET 2005 - ro@suse.de
- fix typo in specfile
-------------------------------------------------------------------
Wed Dec 22 21:57:28 CET 2004 - lmuelle@suse.de
- Fix open_any_socket_out on request of Volker Lendecke; bugzilla.Samba.org
[#2180]; [#49480].
-------------------------------------------------------------------
Thu Dec 16 14:25:41 CET 2004 - lmuelle@suse.de
- Update to version 3.0.10; CAN-2004-1154; [#49119].
-------------------------------------------------------------------
Wed Dec 15 14:16:48 CET 2004 - lmuelle@suse.de
- Set IDMAP_RID_SUPPORT_TRUSTED_DOMAINS to 1 in sam/idmap_rid.c and add
Samba.org svn revision 4216; [#49250].
- Disable none working pdf share; [#49221].
- Don't remove statically defined printers in remove_stale_printers();
bugzilla.Samba.org [#2091]; [#49221].
-------------------------------------------------------------------
Tue Dec 14 07:54:45 CET 2004 - lmuelle@suse.de
- Add more changes from Vince Brimhall <vbrimhall at Novell dot com> to the
eDirectory integration patches; [#48821].
-------------------------------------------------------------------
Mon Dec 13 20:30:28 CET 2004 - lmuelle@suse.de
- Fix remote exploitation of an integer overflow vulnerability in the smbd
daemon; will be addressed in 3.0.10 upstream; CAN-2004-1154; [#49119].
- Add workaround for samba-vscan if TMPDIR env is set; [#49041].
- Add more changes from Vince Brimhall <vbrimhall at Novell dot com> to the
eDirectory integration patches; rename the passdb backend file to pdb_nds;
[#48821].
- Remove patch to avoid inclusion of linux/audit.h as it - even for post 9.1
products - is superfluous; bugzilla.Samba.org [#2061].
-------------------------------------------------------------------
Tue Nov 30 14:25:44 CET 2004 - lmuelle@suse.de
- Add -O to CFLAGS only for pre 9.2 products; [#44167], bugzilla.Samba.org
[#1631].
- Ensure to include /usr/lib/cups/backend only in post 9.0 products.
-------------------------------------------------------------------
Fri Nov 19 15:42:02 CET 2004 - lmuelle@suse.de
- Only avoid inclusion of linux/audit.h for post 9.1 products.
- Fix also max fd count for the select() call in nmbd and wrepld.
- Add more post 3.0.9 fixes.
-------------------------------------------------------------------
Fri Nov 19 01:00:09 CET 2004 - lmuelle@suse.de
- Add missing ldapsmb man page.
- Add AntiVir module to samba-vscan.
- Fix fixed PID file name if multiple Samba daemons are used; [#48237].
- Add fixes to nds_ldap.c and nds-pdb_ldap.c.diff from Vince Brimhall
<vbrimhall at Novell dot com>.
- Use common* PAM configuration only for post 9.2 products.
- Update to version 3.0.9.
-------------------------------------------------------------------
Mon Nov 15 15:54:23 CET 2004 - lmuelle@suse.de
- Add max fd count for select call in smbd/server.c.
-------------------------------------------------------------------
Mon Nov 15 14:55:25 CET 2004 - kukuk@suse.de
- Use common-* PAM configuration.
-------------------------------------------------------------------
Fri Nov 12 22:59:31 CET 2004 - lmuelle@suse.de
- Remove check for uid and gib mapping from winbind init script as winbind
nowadays works fine as a proxy only.
- Add -t 10 to all killproc calls in the init scripts; [#47227].
- Fix output of smbstatus to make the man page; fix -L, -p, & -S and the -u
<username> functionality.
- Move doc subpackage %preun to %postun and change sym link only if first arg
is less than 1 as only this situation is a deinstallation case.
-------------------------------------------------------------------
Thu Nov 11 23:30:03 CET 2004 - lmuelle@suse.de
- Fix seg fault in lanman printing code.
- Fix testparm reporting for the passwd program string.
- Add welcome.html also as %ghost to the samba-doc package and remove rm from
%preun as this breaks the uninstall of samba-doc; [#48160].
- Protect all welcome-* files in the %pre section of samba-doc to not get
deleteted. welcome-en-no-samba-doc.html of the samba package was accidently
removed.
-------------------------------------------------------------------
Thu Nov 11 01:47:06 CET 2004 - lmuelle@suse.de
- Update Samba docs to version 3.0.8; [#48137].
- Use a 32 instead of a 64 byte case-exact string in the samba-nds.schema
for the sambaPasswordHistory object; [#48134].
- Use samba-nds.schema of examples/LDAP/samba-nds.schema as it is now part of
the main line and mark it as %config in the filelist.
- Remove admin from default smbusers mapping file; [#48111].
- Add post 3.0.8 fixes.
- Remove rest of old net RPC printer migration patch as the problem is solved
different in 3.0.8.
- Fix undefined reference to `secrets_*' in libsmbclient; [#48082].
- Enable testsuite for libsmbclient.
- Fix domain/ workgroup bug for multibyte names in nmbstatus; [#38309].
- Remove superfluous rm in the preun of the samba package.
-------------------------------------------------------------------
Mon Nov 8 19:00:58 CET 2004 - lmuelle@suse.de
- Update to version 3.0.8; CAN-2004-0930; [#48019].
- Fix roundup problem for non-Windows clients; CAN-2004-0882 [#46203].
- Use upstream version of the HTML index file; [#48041].
-------------------------------------------------------------------
Wed Nov 3 13:26:12 CET 2004 - lmuelle@suse.de
- Add samba-nds.schema to /usr/share/samba/LDAP, [#47894].
-------------------------------------------------------------------
Tue Nov 2 19:44:37 CET 2004 - lmuelle@suse.de
- Remove incomplete account expiry feature.
- Remove broken clockskew fix on request of the author.
-------------------------------------------------------------------
Thu Oct 28 16:47:23 CEST 2004 - lmuelle@suse.de
- Add printername and queue update patch, bugzilla.Samba.org [#1519].
- Add account and password expire feature mainly for migration.
- Add bad password count and logon count while migration.
- Use define for common %setup options and set it to -q.
- Fix several serious compiler warnings in smbd/lanman.c.
-------------------------------------------------------------------
Fri Oct 22 12:05:38 CEST 2004 - adrian@suse.de
- make it possible to build the package as user
-------------------------------------------------------------------
Thu Oct 21 14:35:45 CEST 2004 - mc@suse.de
- disable samba3-account_pol_ldap.diff; breaks libsmbclient
-------------------------------------------------------------------
Tue Oct 19 22:10:16 CEST 2004 - lmuelle@suse.de
- Add showacls option to smbclient.
-------------------------------------------------------------------
Mon Oct 18 11:00:26 CEST 2004 - mc@suse.de
- Update pdb_ldap.c.diff from Vince Brimhall <vbrimhall at Novell dot com>.
-------------------------------------------------------------------
Fri Oct 15 16:08:02 CEST 2004 - lmuelle@suse.de
- Update eDirectory patch from Vince Brimhall <vbrimhall at Novell dot com>.
-------------------------------------------------------------------
Thu Oct 14 14:22:13 CEST 2004 - lmuelle@suse.de
- Add information to the default smb.conf that the full version is only
available if samba-doc is installed, [#43953].
- Move samba.reg to the vendor-files tar ball.
- Use $syslog for Required-Start in the smbfs init script, [#37618].
- Add eDirectory patch from Vince Brimhall <vbrimhall at Novell dot com>.
- Add alias migration code from Volker Lendecke <vl at Sernet do DE>.
- Add account policy migration to LDAP code from Guenther Deschner <gd at
Samba dot org>.
-------------------------------------------------------------------
Mon Oct 11 14:55:57 CEST 2004 - lmuelle@suse.de
- Fix recursive ls in smbclient. Fix by Josef Zlomek.
-------------------------------------------------------------------
Wed Oct 6 17:33:00 CEST 2004 - lmuelle@suse.de
- Fix job check of smbfs init script.
- Use 0754 permissions for all init scripts.
-------------------------------------------------------------------
Thu Sep 23 12:45:01 CEST 2004 - lmuelle@suse.de
- Fix smbfs init script for case where we wait for mount or umount to succeed,
[#45778].
-------------------------------------------------------------------
Tue Sep 21 18:48:13 CEST 2004 - lmuelle@suse.de
- User 0775 and root:ntadmin for drivers and 0770 and root:users for profiles
directory as with the Samba 2.2 packages.
- Add groupadd ntadmin to %pre of the main package, [#45719].
- Modify NetBIOS Datagram Distributor extensions patch to protect records
which are marked as permanent.
-------------------------------------------------------------------
Thu Sep 16 11:06:57 CEST 2004 - lmuelle@suse.de
- Enable krb5_cc_close() in libsmb/clikrb5 to avoid memleak of winbindd.
- Remove obsolet part from vendor README.
- Call mount only one time in the smbfs init script.
- Add additional information to the samba-vscan INSTALL file.
-------------------------------------------------------------------
Mon Sep 13 19:31:19 CEST 2004 - lmuelle@suse.de
- Update to version 3.0.7, CAN-2004-0807, CAN-2004-0808, [#44883].
- Restructure vendor-files tar ball.
- Use -dPARANOIDSAFER as option to gs in smbprngenpdf.
- Move all 'inherit permissions' to 'inherit acls' in the default smb.conf.
- Enhance libtool --mode patch for examples/pdb/ as suggested by Andreas
Schwab <schwab at suse dot de>.
- Add %{?jobs:-j%jobs} to most make calls as suggested by Stephan Kulow <coolo
at suse dot de>
-------------------------------------------------------------------
Fri Sep 3 15:32:26 CEST 2004 - lmuelle@suse.de
- Remove letters from the version string of autoconf and autoheader.
- Add --mode=MODE to libtool calls.
- Add logrotate settings for nmbd and smbd only on systems newer than 8.1.
-------------------------------------------------------------------
Wed Sep 1 22:23:23 CEST 2004 - lmuelle@suse.de
- Disable filetype support in vscan for version older than 9.2 where file was
built without -fPIC.
- Use new update message mechanism, [#44359].
- Disable profile information gathering. This is the Samba default.
- Check in %pre of the doc package if there are still directories and files in
swat/help and remove them to allow cpio to create sym links here, [#44564].
- Check in dhcpcd-hook-samba if the interface is configured for BOOTPROTO
dhcp and exit gracefully if not.
-------------------------------------------------------------------
Fri Aug 27 18:44:38 CEST 2004 - lmuelle@suse.de
- Fix check for DHCLIENT_MODIFY_SMB_CONF, add copyright to and remove 'set -e'
from dhcpcd-hook script.
- Remove swat/help/* and replace it with sym links to the samba-doc package.
- Add VENDOR suffix to mount.cifs.
- Add NetBIOS Datagram Distributor extensions provided by Brian Landy <landy
at alumni dot caltech dot edu>. See http://www.landy.cx/ or the comments in
the patch.
- Add more post 3.0.6 fixes.
-------------------------------------------------------------------
Thu Aug 26 11:24:55 CEST 2004 - lmuelle@suse.de
- Use try-restart in nmb init script when called with force-reload.
- Add DHCP support for wins server and netbios scope setting.
-------------------------------------------------------------------
Tue Aug 24 15:34:00 CEST 2004 - lmuelle@suse.de
- Update to version 3.0.6, [#43737, #43773].
- Update samba-vscan to version 0.3.5, [#43853].
- Update net RPC printer migrate patch from Günther Deschner.
- Add several post 3.0.6 fixes.
- Use -O instead of default -O2 for CFLAGS to avoid potential miscompilation,
[#44167]; bugzilla.Samba.org [#1631].
-------------------------------------------------------------------
Tue Jul 22 16:12:16 CEST 2004 - lmuelle@suse.de
- Update to version 3.0.5. CAN-2004-0600 and CAN-2004-0686.
- Add net RPC printer migrate patch from Günther Deschner.
- Add RPM release to the vendor suffix in the version header file.
-------------------------------------------------------------------
Tue Jun 22 11:37:47 CEST 2004 - lmuelle@suse.de
- Fix premature optimization in unix_convert() [#42332]; bugzilla.Samba.org
[#1345].
-------------------------------------------------------------------
Wed Jun 16 14:21:56 CEST 2004 - lmuelle@suse.de
- Convert spec file to UTF-8 to produce mail with content type UTF-8 if we
create one in the %pre or %post section.
-------------------------------------------------------------------
Tue Jun 15 18:23:18 CEST 2004 - lmuelle@suse.de
- Create a mail if we update from Samba 2.2 and used LDAP as SAM before
[#42055].
- Move /var/log/samba and /var/run/samba to the client package [#42018].
-------------------------------------------------------------------
Fri Jun 11 17:21:18 CEST 2004 - lmuelle@suse.de
- Ensure that we always use tdb_open_log() instead of tdb_open_ex() [#41929].
- Fix afs syscall patch. Already tested and added upstream.
- Add some information about the commented example configuration file to the
README.
- Add an inative [netlogon] share to the example configuration.
-------------------------------------------------------------------
Wed Jun 2 11:33:30 CEST 2004 - ro@suse.de
- avoid inclusion of linux/audit.h
-------------------------------------------------------------------
Tue Jun 1 16:31:17 CEST 2004 - lmuelle@suse.de
- Add CIFS support to smbfs init script [#41486].
- Use stderr for important messages in the init scripts.
- Remove empty Samba named configuration.
- Add hu translation to Samba.desktop file.
-------------------------------------------------------------------
Mon May 31 20:48:32 CEST 2004 - lmuelle@suse.de
- Move smb.conf existence test in all init scripts to the start case [#41430].
- Add WHATSNEW and README to the htmldocs file.
- Use samba.css in htmldocs.html and manpages.html.
- Add X-DOC-* lines to enable search index creation and some translations to
the Samba.desktop file.
-------------------------------------------------------------------
Sun May 30 22:24:03 CEST 2004 - lmuelle@suse.de
- Remove backtrace file from vendor-files as our version it's now in upstream.
- Add Samba.desktop file for SuSEhelp system to the doc package.
- Move smbpasswd, smbcontrol binaries and man pages to the client package.
- Move README to the client package.
- Add additional information to the README.
-------------------------------------------------------------------
Sun May 30 02:20:23 CEST 2004 - lmuelle@suse.de
- Split winbind and wrepl logrotate from main package [#41433].
- Skip test for smb.conf file in case of stop in nmb, smb, winbind, and wrepl
init scripts [#41430].
- Move sym link /usr/share/samba/swat/using_samba to the doc package [#41429].
- Return always with success from smbfs init script in case of stop [#41428].
- Don't add /etc/samba/*.tdb files to file list.
- Enable patch to build examples-vfs with -fPIC for all architectures.
-------------------------------------------------------------------
Fri May 28 15:15:39 CEST 2004 - lmuelle@suse.de
- Add profiles share with setting to suppress popup of a desktop.ini file to
the default smb.conf.
-------------------------------------------------------------------
Thu May 27 17:56:41 CEST 2004 - lmuelle@suse.de
- Enable logon drive, path, and home in the way Standard Server 8 does and add
'username map' setting to default smb.conf.
- Use /var/log/samba/ as a secure directory for the smb-print script [#36676].
- Readd -t|--password-from-stdin option to pdbedit [#41182];
bugzilla.Samba.org [#1386].
- Fix winbind in case schannel verifier does not include the nonce [#41100];
bugzilla.Samba.org [#1315].
- Fix 'write list' option in case of security is better than share [#41101];
bugzilla.Samba.org [#1319].
- Touch smbd pid file in the init script while reload if the daemon runs.
This allows probe to return a value not equal reload.
- Add upstream changes to the 'printcap cache time' feature. Thie requires to
set 'printcap cache time = 750' in our default smb.conf as the upstream
default is 0 which disables the feature.
-------------------------------------------------------------------
Wed May 19 02:33:44 CEST 2004 - ro@suse.de
- fix some gcc warnings (py_spoolss_drivers.c: argument sequence)
-------------------------------------------------------------------
Thu May 13 16:14:14 CEST 2004 - lmuelle@suse.de
- Add patch to fix clock skew of winbind in ADS security. For details see
bugzilla.Samba.org [#1208].
- Add patch to fix printing to the IP address of the server.
- Remove TDB files from below /var/lib/samba/ from filelist.
- Update to version 3.0.4. Fix password change broken by Microsoft hotfix
MS04-011 [#40087].
- Add libsmbclient fix from Stephan Kulow <coolo at suse dot de>. For details
see bugzilla.samba.org [#429].
- Add 'printcap cache time' option to remove stale and add new printers
[#21846]. See also bugzilla.Samba.org [#1259]. By this we no longer have
to wait for the CUPS dameon in the init script.
- Disable 'interfaces' and 'bind interfaces only' by default [#39491].
- Use right path to smb.conf in smbpasswd file and add some hints.
-------------------------------------------------------------------
Thu Apr 29 23:41:20 CEST 2004 - lmuelle@suse.de
- Add quotactl support patch from Stefan Metzmacher <metze at samba dot org>
[#39666]
- Replace suse_ver macro by real version string.
-------------------------------------------------------------------
Thu Apr 29 17:58:34 CEST 2004 - lmuelle@suse.de
- Update to version 3.0.3.
- Adopt missing patches from 2.2.8a.
- Move LDAP schema to samba-client package.
- Add prerequires to samba package.
- Add missing stop_on_removal macros
- Add /var/lib/samba/browse.dat to the file list.
- Add /var/lib/samba/printing directory to the file list.
- Remove printingCupsOptions and expired_service_tickets diff; use upstream
version instead; they are now part of the printingAndManyOtherFixes diff.
- Enhance waiting for cupsd function in the smb init script
* only check with lpstat every two seconds
* remember start time in seconds and calculate the waiting time in relation
to this; this is important if a configured CUPS server is unreachable.
In this case we now really wait only 30 seconds and not 30 times of the
lpstat timeout.
* Thanks to Bjoern Jacke <bjoern at j3e dot de> for the patch.
-------------------------------------------------------------------
Mon Apr 19 18:03:36 CEST 2004 - lmuelle@suse.de
- fix ldapsmb script
- add expired service tickets patch from Guenther Deschner <gd at suse dot de>
-------------------------------------------------------------------
Thu Apr 15 14:24:39 CEST 2004 - lmuelle@suse.de
- add 'cups options = raw' to the default smb.conf, [#28176]
- fix typo and use signal USR2 in write-status case of init script
-------------------------------------------------------------------
Mon Apr 5 19:01:16 CEST 2004 - lmuelle@suse.de
- add patch from Alexander Bokovoy <ab@samba.org> to fix smbmount, [#37871]
- only create notify message on first installation
-------------------------------------------------------------------
Sat Apr 3 18:21:45 CEST 2004 - lmuelle@suse.de
- readd /var/lock/samba/{drivers,netlogon,profiles}
- add more TDB files as %ghost %config(noreplace) to the file list
- enhance default configuration file, [#38024]
-------------------------------------------------------------------
Wed Mar 31 14:11:46 CEST 2004 - lmuelle@suse.de
- add restart_on_update macros for nmb, smb and winbind
- fix path to smb-print.log, [#36676]
- move smbpasswd, pdbedit and testparm binaries and man pages to the client
package
- add cracklib-devel to BuildRequires
- add several TDB files as %ghost %config(noreplace) to the file list
- add backtrace script to examples/scripts
- fix smbadduser paths
- move /etc/xinetd.d/samba to /etc/xinetd.d/swat
-------------------------------------------------------------------
Mon Mar 22 21:21:47 CET 2004 - lmuelle@suse.de
- add 'printing cups options' feature; this allows us to print with option
'raw' without enabeling raw printing in the cups.conf, [#20218]
- add big patch collected from the CVS; [#36602]
- add sambaxp and sambaxp-client to the provides and obsoletes tag
- spec file cleanup
-------------------------------------------------------------------
Tue Feb 24 23:38:57 CET 2004 - gd@suse.de
- readd nmbstatus, mkntpwd, ldap-schema and cups-smb-backend
-------------------------------------------------------------------
Sun Feb 22 20:38:46 CET 2004 - gd@suse.de
- disable build of utils-package
-------------------------------------------------------------------
Wed Feb 18 17:42:34 CET 2004 - gd@suse.de
- update to 3.0.2a
- removed last references of docbook package
- moved cifsmount into client package
- added pgsql-backend
- cleaned up neededforbuild
- build as root
- fixed dependencies
- smb init-script should check for defaults
- winbind init-script should warn for required params
-------------------------------------------------------------------
Wed Feb 18 11:21:55 CET 2004 - coolo@suse.de
- readding my fix for libsmbclient. without it surfing windows
networks is pure luck ;(
-------------------------------------------------------------------
Mon Feb 16 22:19:18 CET 2004 - adrian@suse.de
- register samba and swat via slp.reg.d
-------------------------------------------------------------------
Wed Feb 11 09:52:31 CET 2004 - kukuk@suse.de
- Remove self Conflicts
-------------------------------------------------------------------
Sun Feb 1 17:49:13 CET 2004 - gd@suse.de
- update to 3.0.2rc2
-------------------------------------------------------------------
Sun Jan 25 17:58:49 CET 2004 - adrian@suse.de
- rename package back to "samba"
- fix build
- add %defattr
- clean up Provides/Obsoletes
- add Provides/Obsoletes for libsmbclient3
-------------------------------------------------------------------
Sun Jan 25 14:20:44 CET 2004 - gd@suse.de
- removed extra docbook-package
-------------------------------------------------------------------
Sun Jan 25 01:58:23 CET 2004 - gd@suse.de
- initial package of samba3. based on the work of Lars Mueller
<lmuelle-at-suse.de>.
-------------------------------------------------------------------
Sun Jan 18 21:00:42 CET 2004 - meissner@suse.de
- Added -fPIC to libmksd build.
-------------------------------------------------------------------
Fri Jan 16 00:44:38 CET 2004 - kukuk@suse.de
- added pam-devel to neededforbuild
-------------------------------------------------------------------
Fri Oct 17 22:10:19 CEST 2003 - kukuk@suse.de
- Remove unused des from neededforbuild
-------------------------------------------------------------------
Mon Sep 15 08:37:41 CEST 2003 - kukuk@suse.de
- Add requires to libsmbclient-devel [Bug #30718]
-------------------------------------------------------------------
Fri Sep 5 09:22:03 CEST 2003 - kukuk@suse.de
- Move /var/log/samba and /var/run/samba to samba-client [#30027]
-------------------------------------------------------------------
Thu Aug 28 23:46:18 CEST 2003 - lmuelle@suse.de
- call sbin/SuSEconfig --module samba and not directly the script in the %post
section
-------------------------------------------------------------------
Tue Aug 26 15:12:36 CEST 2003 - lmuelle@suse.de
- add patch from Ademar de Souza Reis Jr. <ademar at conectiva dot com dot br>
for smbclient to get a working -TI option, #27353
-------------------------------------------------------------------
Thu Aug 21 15:50:33 CEST 2003 - lmuelle@suse.de
- add nss-soname patch from Andreas Schwab, #28248
- add stop_on_removal and restart_on_update macros to preun and postun section
-------------------------------------------------------------------
Tue Jul 29 16:37:45 CEST 2003 - lmuelle@suse.de
- point getSambaOptions to the right location of the source file
- fix handling of uninitialized variable in nmbstatus
-------------------------------------------------------------------
Mon Jul 28 16:34:16 CEST 2003 - lmuelle@suse.de
- add Urban Widmark <urban at teststation dot com> patches for smbmount; this
includes LFS, unicode, escape character, and 32 bit uid suppprt, #18472
- add nmbstatus utility
- add schannel feature from Volker Lendecke <Volker.Lendecke at SerNet dot DE>
- move winbind init script and rc sysm link to the client package
- remove superfluous linkvfs patch
- activate root = administrator admin in smbusers by default
- add smbprngenpdf
- add configure option --with-sendfile-support
- autocreate samba.opts.ini while build
-------------------------------------------------------------------
Mon Jun 23 12:01:44 CEST 2003 - lmuelle@suse.de
- add /usr/lib/cups/backend/smb to the samba-client package
- unify init scripts; add one space at the end to all echos
-------------------------------------------------------------------
Wed Jun 4 21:17:26 CEST 2003 - lmuelle@suse.de
- fix pointer cast on 64bit big endian architecture in winbind_nss.c, #27220
- add new sysconfig tags
-------------------------------------------------------------------
Wed May 14 12:04:01 CEST 2003 - ro@suse.de
- run autoreconf / fix build with latest libtool
-------------------------------------------------------------------
Thu May 8 12:29:46 CEST 2003 - lmuelle@suse.de
- remove %ghost from sym linked files
-------------------------------------------------------------------
Mon Apr 28 14:41:03 CEST 2003 - lmuelle@suse.de
- cleanup %post script part which takes care of old configuration location
-------------------------------------------------------------------
Sun Apr 20 15:25:06 CEST 2003 - lmuelle@suse.de
- remove tdbtorture from package on request of the Samba team
- update to version 2.2.8a
-------------------------------------------------------------------
Mon Mar 17 13:09:41 CET 2003 - lmuelle@suse.de
- readd map to guest = Bad User to smb.conf
-------------------------------------------------------------------
Fri Mar 14 19:10:54 CET 2003 - lmuelle@suse.de
- move samba LDAP schema to the client package
- add product suffix to README and smb.conf files of documentation
- mark sym links from /var/lib/samba/bin/ as %ghost
-------------------------------------------------------------------
Thu Mar 13 17:59:08 CET 2003 - lmuelle@suse.de
- add security patch for the client side, #25140
- remove check for existence of sysconfig and smb.conf from smbfs init script
-------------------------------------------------------------------
Wed Mar 12 17:11:34 CET 2003 - lmuelle@suse.de
- add security patch from SuSE Security Team, #25140
- cleanup init scripts try-restart part
-------------------------------------------------------------------
Mon Mar 10 18:15:03 CET 2003 - lmuelle@suse.de
- add fix to samba-nds.schema provided by Jochen Schaefer <jschaef@SuSE.de>
- add fixes for winbind caching and uid handling , smbpasswd, smbd and TDB
handling
-------------------------------------------------------------------
Sun Mar 9 09:01:10 CET 2003 - kukuk@suse.de
- Use getent in smbadduser
-------------------------------------------------------------------
Fri Mar 7 01:46:40 CET 2003 - ro@suse.de
- remove mminimal-toc from CFLAGS (ppc64)
-------------------------------------------------------------------
Thu Mar 6 17:24:21 CET 2003 - kukuk@suse.de
- Add xinetd config file [Bug #24682]
-------------------------------------------------------------------
Thu Mar 6 16:50:01 CET 2003 - kukuk@suse.de
- Remove cyrus-sasl from neededforbuild
-------------------------------------------------------------------
Mon Mar 3 16:48:44 CET 2003 - lmuelle@suse.de
- add header files to samba package for squid, #24235
- remove rc_reset from status part of nmb init script
-------------------------------------------------------------------
Mon Feb 24 18:07:28 CET 2003 - lmuelle@suse.de
- update samba-vscan to version 0.3.2a
-------------------------------------------------------------------
Tue Feb 18 13:15:56 CET 2003 - lmuelle@suse.de
- add separate binaries to PreReq
- add /bin/grep to PreReq of the client package
- move README to client package and inform about the new doc package, #23838
- fix %post in case of update
- fix nmb init script, #23854
-------------------------------------------------------------------
Mon Feb 17 22:57:22 CET 2003 - lmuelle@suse.de
- add appropriate suffix to example smb.conf of documentation
- add example to auto mount or umount CD drive to smb.conf
- add -s ${SMB_CONF} to all startproc calls in init scripts
-------------------------------------------------------------------
Fri Feb 14 19:46:23 CET 2003 - lmuelle@suse.de
- call SuSEconfig -module samba if packages with binaries are installed via rpm
- only insserv nmb depending on an active smb service, if we update from a
version before SuSE Linux 8.1
- add meta data to sysconfig file
- add appropriate suffix to README
- update samba-vscan to version 0.3.2
- split libsmbclient and libsmbclient-devel package from samba-client
- add msdfsproxy and ldaprebind patches from Guenther Deschner <gd@suse.de>
-------------------------------------------------------------------
Wed Jan 29 15:17:55 CET 2003 - kukuk@suse.de
- Remove samba-doc requires from samba-client
-------------------------------------------------------------------
Wed Jan 15 20:50:31 CET 2003 - ro@suse.de
- use fPIC in samba-vscan
-------------------------------------------------------------------
Wed Jan 15 18:26:45 CET 2003 - ro@suse.de
- use sasl2
-------------------------------------------------------------------
Wed Jan 15 12:56:26 CET 2003 - ro@suse.de
- added logrotate config
- added patch to work around glibc defining st_atime as macro
-------------------------------------------------------------------
Fri Dec 13 15:27:29 CET 2002 - ro@suse.de
- updated neededforbuild
-------------------------------------------------------------------
Thu Dec 12 13:49:34 CET 2002 - lmuelle@suse.de
- update samba to version 2.2.7a
- update samba-vscan to version 0.3.1
- move tdb tools to client package
- move smbldap-tools from examples/LDAP to a new package
- move samba.schema to /etc/openldap/schema
-------------------------------------------------------------------
Fri Nov 22 16:31:29 CET 2002 - lmuelle@suse.de
- fix some broken literals in samba-svan and nettime
- split documentation to samba-doc subpackage
- move provides smbfs to samba-client package
-------------------------------------------------------------------
Wed Nov 20 09:21:15 CET 2002 - lmuelle@suse.de
- update samba to version 2.2.7; this includes the security fix for the
broken password length handling
- update samba-vscan to version 0.3.0
- remove superfluous aclocal, autoconf and libtoolize calls
-------------------------------------------------------------------
Fri Nov 8 16:57:22 CET 2002 - lmuelle@suse.de
- use rc_exit, not exit at the end of the smbfs init script, #21641
-------------------------------------------------------------------
Wed Nov 6 18:59:52 CET 2002 - lmuelle@suse.de
- remove check and Required-Start for nmb in smbfs init script, #20793
move nmb from Required-Start to X-UnitedLinux-Should-Start
add section about smbfs and nmb service to README.SuSE
- add fix for s390 interface handling, #15717
-------------------------------------------------------------------
Tue Nov 5 21:26:46 CET 2002 - lmuelle@suse.de
- add security fix for wrong passwd len handling
-------------------------------------------------------------------
Sat Oct 19 01:18:12 CEST 2002 - lmuelle@suse.de
- update to version 2.2.6
-------------------------------------------------------------------
Thu Oct 17 20:10:10 CEST 2002 - lmuelle@suse.de
- generate version suffix UL or SuSE as required from Samba team
-------------------------------------------------------------------
Wed Oct 16 18:21:57 CEST 2002 - lmuelle@suse.de
- add improved ACL mapping patch, #19494
- remove check_nmbd and rc_reset from smb init script status part, #20921
- also remove check_nmbd from winbind and smbfs init scripts
-------------------------------------------------------------------
Tue Oct 8 12:49:56 CEST 2002 - lmuelle@suse.de
- add improved ACL mapping patch, #19494
- set syslog = 0, log level = 1 in smb.conf, #20411
- switch to RFC 3330 conform example IP addresses in smb.conf
- remove character set and client code page from smb.conf, #20378
-------------------------------------------------------------------
Thu Sep 26 11:51:43 CEST 2002 - ro@suse.de
- remove hang in smbfs init script (#20204)
-------------------------------------------------------------------
Wed Sep 25 19:47:26 CEST 2002 - agruen@suse.de
- WinNT compatibility fix in the improved ACL mapping
-------------------------------------------------------------------
Mon Sep 23 23:39:11 CEST 2002 - lmuelle@suse.de
- add ACL mapping fixes from Andreas Gruenbacher <agruen@suse.de>
- put SAM related binaries in extra subdirectories
- set TMPDIR to /var/tmp in smb init script
- create classic and ldap sudirectories for the binaries to get usual
process names
- remove runlevel 2 from Default-Start of smbfs; add nmb to Required-Start
- warn if nmbd is not running while start of smb, smbfs and winbind
- drop rcsamba
-------------------------------------------------------------------
Thu Sep 12 16:41:38 CEST 2002 - lmuelle@suse.de
- add missing user information if nmbd is reloaded
- add root to write list of print$ in default smb.conf
-------------------------------------------------------------------
Thu Sep 12 01:01:55 CEST 2002 - lmuelle@suse.de
- add check for ready cupsd if CUPS is active and Samba using CUPS as
printing system
- remove ACL fixes, #19494
-------------------------------------------------------------------
Wed Sep 11 06:15:38 CEST 2002 - lmuelle@suse.de
- add winbind to X-UnitedLinux-Should-Start of smb init script
-------------------------------------------------------------------
Tue Sep 10 20:33:49 CEST 2002 - lmuelle@suse.de
- intergrate ACL fixes from Andreas Gruenbacher <agruen@suse.de>
- split smb in two (smb and nmb) init scripts
- fix Required-Start of smb and winbind init script
- include most parts of two mostly printing related pre 2.2.6 patches
-------------------------------------------------------------------
Mon Sep 9 10:24:19 CEST 2002 - lmuelle@suse.de
- check existence of brlock and locking tdb, #18978
- include tdbdump, tdbtest, tdbtool, tdbtorture
- change smb and winbind init script, #18784
-------------------------------------------------------------------
Tue Sep 3 00:18:11 CEST 2002 - lmuelle@suse.de
- let SuSEconfig.samba use correct lib subdirectory, #18730
- include printing patch for 2.2.5 from Samba team
- let smb and winbind init script also recognize daemons started before
an update of the package; workaround for #18784
- include netttime program, #6508
-------------------------------------------------------------------
Fri Aug 30 08:15:55 CEST 2002 - lmuelle@suse.de
- replace wrong, left variable in %post of samba by filename
-------------------------------------------------------------------
Wed Aug 28 15:43:52 CEST 2002 - lmuelle@suse.de
- make reload of smbfs init script equal to restart
- remove Should-Start smb in smbfs init script
- create ntadmin group in %pre of samba
- adjust permission and ownership of /var/lib/samba/drivers
-------------------------------------------------------------------
Wed Aug 21 15:31:57 CEST 2002 - lmuelle@suse.de
- fix start of smbfs init script; introduce /etc/samba/smbfstab, #7146
- reinclude lost pdbedit and man page, now part of the client package
- move cupsd to Should-Start in smb, also smb and remove $remote_fs from
Required-Start in smbfs init script
- rename sysconfig.samba-samba-client to sysconfig.samba-client and use
fillup_only with -ans due to usage in a subpackage
- force LDAP protocol version 3 during connection establishment
-------------------------------------------------------------------
Tue Aug 20 11:08:57 CEST 2002 - lmuelle@suse.de
- add missing PreReq to samba and samba-client, #17979, #17980
- fix status of smbfs init script, #9092
-------------------------------------------------------------------
Tue Aug 20 00:01:19 CEST 2002 - lmuelle@suse.de
- fix path to temp file in %post of samba
- fix %post of samba-client, rename sysconfig.samba to
sysconfig.samba-samba-client
-------------------------------------------------------------------
Mon Aug 19 18:54:15 CEST 2002 - lmuelle@suse.de
- drop the split in classic and ldap version; introduce etc/sysconfig/samba
and SuSEconfig.samba instead to get the appropriate binaries, #17691
-------------------------------------------------------------------
Fri Jul 26 14:36:02 CEST 2002 - gd@suse.de
- fixed /usr/share/samba in %files
- moved libsmbclient libraries to samba-client
-------------------------------------------------------------------
Fri Jul 19 11:27:04 CEST 2002 - gd@suse.de
- added rediffed start_tls-fix from cvs
- enabled challenge-response-auth for winbind
- removed all references to rc.config
- made cups default printing system for SuSE Linux 8.1
-------------------------------------------------------------------
Thu Jul 18 17:26:51 MEST 2002 - link@suse.de
- updated to samba-vscan-0.2.5d
-- bugfix for F-Prot Daemon and ScannerDaemon
-- added a sanity check for "grepping" the virus name from
the output of ScannerDaemon and F-Prot Daemon
-- init message has been changed when module is loaded
-- added Makefile fix for x86-64 by Ulricht Hecht
-------------------------------------------------------------------
Tue Jul 16 17:32:16 CEST 2002 - uli@suse.de
- link PIC objects into examples/VFS stuff (fixes x86-64)
-------------------------------------------------------------------
Tue Jul 16 12:05:38 CEST 2002 - kukuk@suse.de
- Don't use macros for Version:
-------------------------------------------------------------------
Mon Jul 15 17:52:01 CEST 2002 - gd@suse.de
- update to version 2.2.5 (mainly done by Lars Mueller <lmuelle@suse.de>)
- added samba-vscan 0.2.5a as subpackage
- link against acl and attr library
- added winbind-init script, rewrote smb-init script
- updates, clean-ups in smb.conf and more examples
- added patch for pdbedit to handle script based LDAP account creation
and make deletion of only SAM LDAP entries possible and added a -b option
for pdbedit to allow stdin password changes (patch by lmuelle@suse.de)
- fixed smbadduser script patch (bug #15562)
- split the samba-package into a classic and a ldap-version:
thus you need in either case samba/samba-client, then you choose
between samba-classic/samba-classic-client for the common smbpasswd-backend
or samba-ldap/samba-ldap-client to support the ldapsam-backend.
- added README.SuSE
- added link to make using_samba accessible from swat
- no sgid for printer-drivers-dir
-------------------------------------------------------------------
Fri Jun 14 16:40:23 CEST 2002 - meissner@suse.de
- rerun auto* tools, use -mminimal-toc on ppc64.
-------------------------------------------------------------------
Fri Mar 8 13:28:15 CET 2002 - kukuk@suse.de
- Add libsmbclient.so.0 and /usr/share/samba to filelist
-------------------------------------------------------------------
Thu Feb 14 12:41:17 CET 2002 - adrian@suse.de
- install needed header file for libsmbclient.so
-------------------------------------------------------------------
Sun Feb 10 09:08:56 CET 2002 - kukuk@suse.de
- Don't test for -fpic if PICFLAG is already set
-------------------------------------------------------------------
Thu Feb 7 14:58:28 CET 2002 - lmuelle@suse.de
- Update to 2.2.3a, minor bugfix release
-------------------------------------------------------------------
Thu Feb 7 04:15:08 CET 2002 - lmuelle@suse.de
- Update to 2.2.3
- Fix smbsh library search path
- Removed 'kernel oplocks = No' from smb.conf; default is yes
- Include pam_smbpass, syslog, utmp, and winbind support
- Include libsmbclient
- Include findsmb
-------------------------------------------------------------------
Tue Jan 8 19:59:18 CET 2002 - egmont@suselinux.hu
- Cosmetical changes in init scripts
-------------------------------------------------------------------
Thu Dec 20 14:09:00 CET 2001 - ro@suse.de
- removed START_SMB and added insserv_macros
-------------------------------------------------------------------
Sun Sep 23 01:40:36 CEST 2001 - lmuelle@suse.de
- Shorten output and tunig of old configuration files handling
- Include SID and secrets files to old configuration files handling
- Move netlogon and profiles directories to /var/lib/samba
- Move smbpasswd binary and man page to samba-client package
- Introduce additional sym link from /etc/init.d/smb to rcsamba due to
too many typos and cleaner systematic
- Add character set = ISO8859-15 and client code page = 850 to smb.conf
in the global section to enable correct UNIX <-> DOS character
mapping for west European languages
- Change create mask of home section to 0640, directory mask to 0750;
change create mask of printers section to 0600 in smb.conf
- Move path of printers section to /var/tmp
-------------------------------------------------------------------
Fri Aug 24 15:43:24 CEST 2001 - lmuelle@suse.de
- Move all configuration files to /etc/samba
- Move data bases to /var/lib/samba; important, cause boot script
cleans up /var/lock/samba
- Move pid files to /var/run/samba
- Link against cups library
- Use build root
- Rename subpackage smbclnt to samba-client
- Move /usr/share/doc/packages/samba to package samba-client
- Move /usr/lib/samba/scripts to /usr/share/samba/scripts
- Move /usr/lib/samba/codepages to /usr/share/samba/codepages
- Move /usr/lib/samba/swat to /usr/share/samba/swat
- Move /usr/lib/samba/VFS/* to /usr/lib/samba
- Remove smb.conf from package samba, kept in samba-client
- Remove redundant html documentation of man pages
- Remove superfluous install and uninstall scripts
- Add example configuration file /etc/samba/smbusers
- Update to 2.2.1a: fixes bug with too strict name handling while adding
a machine into a domain
- Update to 2.2.1: add pam password changing and pam restrictions code;
printer driver management improvements (delete driver); fix for Samba
running on top of Linux VFAT ftruncate bug
-------------------------------------------------------------------
Tue Aug 14 18:06:21 CEST 2001 - ro@suse.de
- Don't use absolute paths to PAM modules in PAM config files
-------------------------------------------------------------------
Wed Jun 27 01:42:19 CEST 2001 - ro@suse.de
- re-added the libtoolize to make it build
-------------------------------------------------------------------
Tue Jun 26 03:06:56 CEST 2001 - lmuelle@suse.de
- Update to 2.2.0a fixes remote file create/ append bug. This may
only happen by '%m' macro usage for the 'log file' command.
- spec and dif cleanup
- Include VFS module support.
-------------------------------------------------------------------
Wed Jun 13 18:00:09 CEST 2001 - ro@suse.de
- fix to build with new autoconf
-------------------------------------------------------------------
Wed May 30 02:16:00 CEST 2001 - ro@suse.de
- config-dist.sh: accept any kernel version on s390
-------------------------------------------------------------------
Thu May 10 16:40:17 CEST 2001 - bodammer@suse.de
- initscript fix: don't start smbd in runlevel 2 [bug #8046]
- some additional files included to doc (COPYING, README, ..)
-------------------------------------------------------------------
Wed May 9 11:42:01 CEST 2001 - uli@suse.de
- bzipped tarball
-------------------------------------------------------------------
Tue May 8 19:03:56 CEST 2001 - schwab@suse.de
- Don't use _syscallX.
-------------------------------------------------------------------
Mon Apr 30 16:08:24 CEST 2001 - ro@suse.de
- added config-dist.sh to build only on 2.4 machines
(samba configure seems braindead enough to check
the running kernel)
-------------------------------------------------------------------
Mon Apr 30 15:26:49 CEST 2001 - ro@suse.de
- removed kerberos support: does not work as expected
-------------------------------------------------------------------
Tue Apr 24 16:51:21 CEST 2001 - lemsi@suse.de
- for 7.2 we have added some kerbereos 5 support
-------------------------------------------------------------------
Tue Apr 24 15:55:42 CEST 2001 - lemsi@suse.de
- new version samba 2.2
- new spec file with more functions for configure
- libnss_winbind.so support for /etc/nsswich.conf
-------------------------------------------------------------------
Wed Apr 18 18:46:49 CEST 2001 - lemsi@suse.de
- new security fixes and version 2.0.8 for 6.3, 6.4, 7.0, 7.1
-------------------------------------------------------------------
Tue Apr 17 15:26:43 CEST 2001 - lemsi@suse.de
- new rcsmb script
- include security fixes
-------------------------------------------------------------------
Fri Mar 9 02:38:30 CET 2001 - ro@suse.de
- don't mess with os_install_post
-------------------------------------------------------------------
Fri Feb 23 00:10:25 CET 2001 - ro@suse.de
- added readline/readline-devel to neededforbuild (split from bash)
-------------------------------------------------------------------
Wed Feb 7 16:18:05 CET 2001 - schwab@suse.de
- Fix LFS support in client.
-------------------------------------------------------------------
Mon Feb 5 19:25:29 CET 2001 - schwab@suse.de
- Compile with -D_GNU_SOURCE and -D_LARGEFILE64_SOURCE to get missing
declarations.
- Include <sys/types.h> when checking for ino64_t.
- Include <crypt.h> for crypt declaration.
-------------------------------------------------------------------
Wed Jan 31 11:23:29 CET 2001 - lemsi@suse.de
- added codepages in smbclnt-subpackage
- changed german coments to english coments
-------------------------------------------------------------------
Wed Jan 3 10:52:49 CET 2001 - lemsi@suse.de
- changed in the share section the path /cd to /cdrom
- added smb.conf to the smbclnt-subpackage
-------------------------------------------------------------------
Tue Nov 28 11:07:35 CET 2000 - kukuk@suse.de
- Fix init scripts and move them to /etc/init.d
- Fix post/postun section for subpackages
-------------------------------------------------------------------
Fri Nov 24 20:33:06 CET 2000 - bodammer@suse.de
- rcscript update
-------------------------------------------------------------------
Mon Aug 28 09:33:13 CEST 2000 - choeger@suse.de
- changed $* to "$@" in mount.smbfs to make it also
possible to mount shares with spaces
-------------------------------------------------------------------
Mon Jul 31 11:01:30 CEST 2000 - choeger@suse.de
- improvement for rcsmb
- fix for spec-file to compile with NIS netgroups
-------------------------------------------------------------------
Thu Jul 20 13:05:51 CEST 2000 - choeger@suse.de
- added smbfs initscript that has been removed
by an error
-------------------------------------------------------------------
Tue Jul 11 11:56:14 MEST 2000 - choeger@suse.de
- split package into client and server parts
client package name: smbclnt
-------------------------------------------------------------------
Wed Apr 26 14:22:19 MEST 2000 - choeger@suse.de
- new version, 2.0.7
-------------------------------------------------------------------
Thu Apr 6 02:12:06 CEST 2000 - ro@suse.de
- removed pam,cracklib from neededforbuild: build handles this
-------------------------------------------------------------------
Wed Apr 5 19:27:15 MEST 2000 - bk@suse.de
- s390 team added config.{sub,guess} update macro for s390
-------------------------------------------------------------------
Mon Mar 27 15:41:26 MEST 2000 - choeger@suse.de
- fixed bug in specfile
the multilined configure call missed a "\" :-(
-------------------------------------------------------------------
Thu Mar 9 19:26:32 MET 2000 - choeger@suse.de
- fixed typo in specfile
-------------------------------------------------------------------
Wed Mar 1 12:34:09 MET 2000 - choeger@suse.de
- added %{_mandir}
-------------------------------------------------------------------
Tue Feb 8 09:19:58 MET 2000 - choeger@suse.de
- removed /sbin/init.d/smbfs because it is no longer needed
-------------------------------------------------------------------
Mon Jan 3 16:01:43 MET 2000 - choeger@suse.de
- bugfix for ipc.c
to make roaming profiles work again.
-------------------------------------------------------------------
Tue Nov 30 11:17:55 CET 1999 - choeger@suse.de
- changed kernel oplocks = off to
kernel oplocks = false
-------------------------------------------------------------------
Tue Nov 16 14:22:34 CET 1999 - choeger@suse.de
- added kernel oplocks = off in smb.conf
-------------------------------------------------------------------
Fri Nov 12 13:50:29 CET 1999 - choeger@suse.de
- new version, 2.0.6
-------------------------------------------------------------------
Fri Nov 5 11:57:52 CET 1999 - choeger@suse.de
- Fix for the smbmount lost-connection problem
_seems_ to work...
-------------------------------------------------------------------
Fri Oct 29 16:46:29 CEST 1999 - choeger@suse.de
- removed comment sign in /etc/inetd.conf for swat
-------------------------------------------------------------------
Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de
- ran old prepare_spec on spec file to switch to new prepare_spec.
-------------------------------------------------------------------
Tue Aug 10 10:29:06 MEST 1999 - fehr@suse.de
- set execute permissions for mksmbpasswd.sh and changesmbpasswd.sh
-------------------------------------------------------------------
Thu Jul 29 11:49:12 MEST 1999 - fehr@suse.de
- fixed typo in /sbin/init.d/smbfs
-------------------------------------------------------------------
Thu Jul 22 11:39:26 MEST 1999 - fehr@suse.de
- changed to new version 2.0.5a
-------------------------------------------------------------------
Wed Jul 21 10:03:04 MEST 1999 - fehr@suse.de
- changed to new version 2.0.5
-------------------------------------------------------------------
Tue Jul 20 14:35:53 MEST 1999 - fehr@suse.de
- install /sbin/init.d/smbfs
- changed to new version 2.0.5pre4
-------------------------------------------------------------------
Mon Jul 19 16:20:58 MEST 1999 - fehr@suse.de
- add /sbin/init.d/smbfs
- changed to new version 2.0.5pre3
-------------------------------------------------------------------
Fri Jul 2 11:06:56 MEST 1999 - fehr@suse.de
- removed "umount -a -t smbfs" from start sscript
-------------------------------------------------------------------
Tue Jun 22 11:05:15 MEST 1999 - kukuk@suse.de
- 2.0.4b changed default values, enable PAM again
-------------------------------------------------------------------
Fri Jun 18 14:08:40 MEST 1999 - kukuk@suse.de
- changed to new version 2.0.4b
-------------------------------------------------------------------
Mon Jun 14 19:14:02 MEST 1999 - kukuk@suse.de
- Enable PAM, add samba.pamd
-------------------------------------------------------------------
Mon May 3 11:24:23 MEST 1999 - fehr@suse.de
- add umount -a -t smbfs to shutdown sequence of samba
-------------------------------------------------------------------
Thu Mar 11 16:49:16 MET 1999 - ro@suse.de
- smbmount: define NR_OPEN to 1024 if undefined (GLIBC-2.1)
-------------------------------------------------------------------
Wed Mar 10 15:19:44 MET 1999 - choeger@suse.de
- some enhancements for smb.conf
-------------------------------------------------------------------
Wed Mar 10 13:18:38 MET 1999 - choeger@suse.de
- new version 2.0.3 and smbmount now seems to work
-------------------------------------------------------------------
Tue Mar 9 02:33:08 MET 1999 - ro@suse.de
- use samba-2.0.2 for STABLE
- use smbfs-2.1 with kernel 2.2.2
-------------------------------------------------------------------
Sun Feb 28 11:11:27 MET 1999 - ro@suse.de
- for glibc-2.1 strncat uses strcat for one subcase, so don't
redefine strcat to "ERROR" for glibc-2.1
-------------------------------------------------------------------
Mon Feb 15 15:06:28 CET 1999 - fehr@suse.de
- fix for umount problem from Volker
-------------------------------------------------------------------
Tue Feb 9 12:07:41 CET 1999 - fehr@suse.de
- changed to version 2.0.2 of samba
-------------------------------------------------------------------
Fri Jan 15 21:16:43 MET 1999 - bs@suse.de
- replaced /sbin/init.d/smb with newer style version (again)
-------------------------------------------------------------------
Fri Jan 15 16:28:53 MET 1999 - fehr@suse.de
- switched to new version 2.0.0
-------------------------------------------------------------------
Wed Jan 13 17:08:15 MET 1999 - bs@suse.de
- fixed entry in inetd.conf
-------------------------------------------------------------------
Wed Jan 13 15:21:20 MET 1999 - bs@suse.de
- replaced /sbin/init.d/smb with newer style version
-------------------------------------------------------------------
Mon Jan 11 17:38:03 MET 1999 - vl@suse.de
- make 2.0.0beta5 package of samba
-------------------------------------------------------------------
Mon Aug 24 12:16:30 MEST 1998 - vl@suse.de
- changed to version 1.9.18p10
-------------------------------------------------------------------
Mon Jun 29 11:10:10 MEST 1998 - vl@suse.de
- changed to version 1.9.18p8
-------------------------------------------------------------------
Mon Apr 20 14:32:25 MEST 1998 - vl@suse.de
- changed to version 1.9.18p4
-------------------------------------------------------------------
Thu Feb 19 11:22:51 MET 1998 - vl@suse.de
- changed to version 1.9.18p3
-------------------------------------------------------------------
Tue Feb 3 11:06:45 MET 1998 - vl@suse.de
- changed to version 1.9.18p2
- fixed some problems in spec-file, some files were missing :-(
- fixed smbfs-2.0.2/Makefile.Linux
-------------------------------------------------------------------
Tue Jan 13 10:00:58 MET 1998 - vl@suse.de
- changed to version 1.9.18p1
-------------------------------------------------------------------
Fri Jan 9 15:44:26 MET 1998 - vl@suse.de
- changed to version 1.9.18
-------------------------------------------------------------------
Tue Dec 2 10:23:50 MET 1997 - bs@suse.de
- disable samba by default in /etc/rc.config
-------------------------------------------------------------------
Mon Oct 6 16:55:35 MEST 1997 - fehr@suse.de
- package prepared for automatic building
-------------------------------------------------------------------
Mon Sep 29 13:31:55 MEST 1997 - fehr@suse.de
- updated to version 1.9.17p2 due to security hole.
-------------------------------------------------------------------
Wed Jul 16 08:20:29 MEST 1997 - fehr@suse.de
- add fillup-template for rc.config and install it in doinst.sh
-------------------------------------------------------------------
Fri Jun 27 14:54:45 CEST 1997 - bs@suse.de
- update to smbfs-2.0.2, due to security hole.
-------------------------------------------------------------------
Tue Jun 17 18:36:38 MEST 1997 - fehr@suse.de
- changed init-skript to recognize entry START_SMB of rc.config
-------------------------------------------------------------------
Mon Jun 2 08:18:20 MEST 1997 - vl@suse.de
- update to version 1.9.16p11
- Starting Samba from /sbin/init.d, not from inetd.conf
-------------------------------------------------------------------
Sun Feb 2 19:26:53 MET 1997 - vl@suse.de
- update to version 1.9.16p10
- Adapted /etc/smb.conf.sample to 4.4.1 manual
-------------------------------------------------------------------
Sat Nov 2 17:35:11 CET 1996 - florian@suse.de
- update to version 1.9.16p9
- configuration file is now /etc/smb.conf
- smbd and nmbd are now in /usr/sbin
- added start-script /sbin/init.d/smb and entry in /etc/rc.config
-------------------------------------------------------------------
Thu Oct 17 16:05:09 CEST 1996 - florian@suse.de
- Update auf neue Version 1.9.16p6.