From 25e8716475b748821aff2067f46aa6ce392b710ab66c96bb1c049827a30d7779 Mon Sep 17 00:00:00 2001
From: James McDonough <jmcdonough@suse.com>
Date: Thu, 16 Aug 2018 10:27:26 +0000
Subject: [PATCH] Accepting request 629523 from home:npower:update_factory

- Update to samba-4.8.4+git.37.a7a861d7982;
  + CVE-2018-1139:  Weak authentication protocol allowed;
    (bsc#1095048); (bsc#13360);
  + CVE-2018-1140:  Denial of Service Attack on DNS and LDAP server;
    (bsc#1095056); (bso#13466); (bso#13374);
  + CVE-2018-10858: Insufficient input validation on client directory
    listing in libsmbclient; (bsc#1103411); (bso#13453);
  + CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server;
    (bsc#1103414); (bso#13552);
  + CVE-2018-10919: Confidential attribute disclosure from the AD
    LDAP server; (bsc#1095057); (bso#13434);
  + s3:winbind: winbind normalize names' doesn't work for users;
    (bso#12851);
  + winbind: Fix UPN handling in canonicalize_username(); (bso#13369);
  + s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428);
  + samdb: Fix building Samba with gcc 8.1; (bso#13437);
  + s3:utils: Do not segfault on error in DoDNSUpdate();  (bso#13440);
  + smbd: Flush dfree memcache on service reload; (bso#13446);
  + ldb: Save a copy of the index result before calling the
  + lib/util: No Backtrace given by Samba's AD DC by default;
    (bso#13454).
  + s3: smbd: printing: Re-implement delete-on-close semantics for
    print files missing since 3.5.x; (bso#13457).
  + python: Fix talloc frame use in make_simple_acl(); (bso#13474).
  + krb5_wrap: Fix keep_old_entries logic for older Kerberos
    libraries;(bso#13478).
  + krb5_plugin: Add winbind localauth plugin for MIT Kerberos;
    (bso#13480).

OBS-URL: https://build.opensuse.org/request/show/629523
OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/samba?expand=0&rev=600
---
 samba-4.8.2+git.30.690aa93c189.tar.bz2 |  3 ---
 samba-4.8.4+git.37.a7a861d7982.tar.bz2 |  3 +++
 samba.changes                          | 32 ++++++++++++++++++++++++++
 samba.spec                             |  3 ++-
 4 files changed, 37 insertions(+), 4 deletions(-)
 delete mode 100644 samba-4.8.2+git.30.690aa93c189.tar.bz2
 create mode 100644 samba-4.8.4+git.37.a7a861d7982.tar.bz2

diff --git a/samba-4.8.2+git.30.690aa93c189.tar.bz2 b/samba-4.8.2+git.30.690aa93c189.tar.bz2
deleted file mode 100644
index 44ea6cc..0000000
--- a/samba-4.8.2+git.30.690aa93c189.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:aecf01226cea2487fea3bc3b8aa45bdb0a7bd7ea48a6debd7efc7375d793779c
-size 24231611
diff --git a/samba-4.8.4+git.37.a7a861d7982.tar.bz2 b/samba-4.8.4+git.37.a7a861d7982.tar.bz2
new file mode 100644
index 0000000..d909594
--- /dev/null
+++ b/samba-4.8.4+git.37.a7a861d7982.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5be8488d6886dee86704fcf6fe9c98b5c711f7662f191c87becbf2f6fadf1c3c
+size 24339786
diff --git a/samba.changes b/samba.changes
index 2a35d69..0679235 100644
--- a/samba.changes
+++ b/samba.changes
@@ -1,3 +1,35 @@
+-------------------------------------------------------------------
+Tue Aug 14 13:06:03 UTC 2018 - nopower@suse.com
+
+- Update to samba-4.8.4+git.37.a7a861d7982;
+  + CVE-2018-1139:  Weak authentication protocol allowed;
+    (bsc#1095048); (bsc#13360);
+  + CVE-2018-1140:  Denial of Service Attack on DNS and LDAP server;
+    (bsc#1095056); (bso#13466); (bso#13374);
+  + CVE-2018-10858: Insufficient input validation on client directory
+    listing in libsmbclient; (bsc#1103411); (bso#13453);
+  + CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server;
+    (bsc#1103414); (bso#13552);
+  + CVE-2018-10919: Confidential attribute disclosure from the AD
+    LDAP server; (bsc#1095057); (bso#13434);
+  + s3:winbind: winbind normalize names' doesn't work for users;
+    (bso#12851);
+  + winbind: Fix UPN handling in canonicalize_username(); (bso#13369);
+  + s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428);
+  + samdb: Fix building Samba with gcc 8.1; (bso#13437);
+  + s3:utils: Do not segfault on error in DoDNSUpdate();  (bso#13440);
+  + smbd: Flush dfree memcache on service reload; (bso#13446);
+  + ldb: Save a copy of the index result before calling the
+  + lib/util: No Backtrace given by Samba's AD DC by default;
+    (bso#13454).
+  + s3: smbd: printing: Re-implement delete-on-close semantics for
+    print files missing since 3.5.x; (bso#13457).
+  + python: Fix talloc frame use in make_simple_acl(); (bso#13474).
+  + krb5_wrap: Fix keep_old_entries logic for older Kerberos
+    libraries;(bso#13478).
+  + krb5_plugin: Add winbind localauth plugin for MIT Kerberos;
+    (bso#13480).
+
 -------------------------------------------------------------------
 Tue May 29 12:08:15 UTC 2018 - scabrero@suse.de
 
diff --git a/samba.spec b/samba.spec
index 3abb96d..2163bc4 100644
--- a/samba.spec
+++ b/samba.spec
@@ -162,7 +162,7 @@ BuildRequires:  krb5-devel
 %else
 %define	build_make_smp_mflags %{?jobs:-j%jobs}
 %endif
-Version:        4.8.2+git.30.690aa93c189
+Version:        4.8.4+git.37.a7a861d7982
 Release:        0
 Url:            https://www.samba.org/
 Obsoletes:      samba-32bit < %{version}
@@ -2022,6 +2022,7 @@ exit 0
 %{_libdir}/samba/idmap
 %{_libdir}/samba/nss_info
 %{_libdir}/winbind_krb5_locator.so
+%{_libdir}/winbind-krb5-localauth.so
 %{_mandir}/man1/ntlm_auth.1.*
 %{_mandir}/man1/wbinfo.1.*
 %{_mandir}/man7/winbind_krb5_locator.7.*