Revisions of samba
David Disseldorp (dmdiss)
accepted
request 798848
from
Noel Power (npower)
(revision 629)
- Update to samba 4.12.2
+ CVE-2020-10700: A client combining the 'ASQ' and
'Paged Results' LDAP controls can cause a use-after-free
in Samba's AD DC LDAP server;(bso#14331); (bsc#1169850)
+ CVE-2020-10704: A deeply nested filter in an un-authenticated
LDAP search can exhaust the LDAP server's stack memory causing
a SIGSEGV; (bso#14334); (bsc#1169851).
- Update to samba 4.12.1
+ nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14295);
+ samba-tool group: Handle group names with special chars correctly;
(bso#14296);
+ Add missing check for DMAPI offline status in async DOS attributes;
(bso#14293);
+ Starting ctdb node that was powered off hard before results in recovery
loop; (bso#14295);
+ smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs;
(bso#14307);
+ vfs_recycle: Prevent flooding the log if we're called on non-existant
paths; (bso#14316);
+ librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313);
+ nsswitch: Fix use-after-free causing segfault in _pam_delete_cred;
(bso#14327);
+ fruit:time machine max size is broken on arm; (bso#13622);
+ CTDB recovery corner cases can cause record resurrection and node
banning; (bso#14294);
+ s3/utils: Fix double free error with smbtree; (bso#14332);
+ CTDB recovery corner cases can cause record resurrection and node
banning; (bso#14294);
+ Starting ctdb node that was powered off hard before results in recovery
Samuel Cabrero (scabrero)
accepted
request 788997
from
Noel Power (npower)
(revision 628)
- s3: libsmbclient.h: add missing time.h include to fix ffmpeg build and make it compatible with -std=c99.
Noel Power (npower)
accepted
request 786416
from
Samuel Cabrero (scabrero)
(revision 627)
- ndrdump tests: Make the tests less fragile
- python/samba/gp_parse: Fix test errors with python3.8
- Starting ctdb node that was powered off hard before results
in recovery loop; (bso#14295); (bsc#1162680).
- Update to samba 4.12.0
+ For details on all items see WHATSNEW.txt in samba-doc
package.
+ Samba 4.12 raises this minimum version to Python
3.5.
+ Samba now requires GnuTLS 3.4.7 to be installed.
+ New Spotlight backend for Elasticsearch.
+ Retiring DES encryption types in Kerberos. With this release,
support for DES encryption types has been removed from
Samba, and setting DES_ONLY flag for an account will cause
Kerberos authentication to fail for that account (see
RFC-6649).
+ Samba-DC: DES keys no longer saved in DB.
+ The netatalk VFS module has been removed.
+ The BIND9_FLATFILE DNS backend is deprecated in this release
and will be removed in the future.
+ CTDB changes
+ The ctdb_mutex_fcntl_helper periodically re-checks the
lock file.
+ Bugs
+ Retire DES encryption types in Kerberos; (bso#14202);
bsc#(1165574).
+ dsdb: Correctly handle memory in objectclass_attrs;
(bso#14258).
David Disseldorp (dmdiss)
committed
(revision 626)
- Remove unused pwdutils buildrequires
- Update to samba 4.11.6
+ pygpo: Use correct method flags; (bso#14209);
+ Avoiding bad call flags with python 3.8, using METH_NOARGS
instead of zero; (bso#14209);
+ source4/utils/oLschema2ldif: Include stdint.h before cmocka.h;
(bso#14218);
+ docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc;
(bso#14122);
+ smbd: Fix the build with clang; (bso#14251);
+ upgradedns: Ensure lmdb lock files linked; (bso#14199);
+ s3: VFS: glusterfs: Reset nlinks for symlink entries during
readdir; (bso#14182);
+ smbc_stat() doesn't return the correct st_mode and also the
uid/gid is not filled (SMBv1) file; (bso#14101);
+ librpc: Fix string length checking in ndr_pull_charset_to_null();
(bso#14219);
+ ctdb-scripts: Strip square brackets when gathering connection info;
(bso#14227);
David Disseldorp (dmdiss)
accepted
request 769391
from
Thorsten Kukuk (kukuk)
(revision 625)
- Remove not used pwdutils buildrequires (pwdutils is gone since ages)
David Mulder (dmulder)
accepted
request 766660
from
Noel Power (npower)
(revision 624)
- Fix nmbstatus not reporting detailed information about workgroups;
(bsc#1159464);
- Fix querying all names registered within broadcast area; (bso#8927);
- Update to samab 4.11.5
+ CVE-2019-14902: Replication of ACLs down subtree on
AD Directory is not automatic; (bso#12497); (bsc#1160850).
+ CVE-2019-19344: Fix server crash with
dns zone scavenging = yes; (bso#14050); (bsc#1160852).
+ CVE-2019-14907: server-side crash after charset conversion
failure (eg during NTLMSSP processing); (bso#14208);
(bsc#1160888).
- Update to samba 4.11.4
+ Ensure SMB1 cli_qpathinfo2() doesn't return an inode number;
(bso#14161).
+ Ensure we don't call cli_RNetShareEnum() on an SMB1
connection; (bso#14174).
+ NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in
SMBC_opendir_ctx; (bso#14176).
+ SMB2 - Ensure we use the correct session_id if encrypting
an interim response; (bso#14189).
+ Prevent smbd crash after invalid SMB1 negprot; (bso#14205).
+ printing: Fix %J substition; (bso#13745).
+ Remove now unneeded call to cmdline_messaging_context();
(bso#13925).
+ Fix incomplete conversion of former parametric options;
(bso#14069).
+ Fix sync dosmode fallback in async dosmode codepath;
(bso#14070).
+ vfs_fruit returns capped resource fork length; (bso#14171).
Samuel Cabrero (scabrero)
accepted
request 755761
from
Noel Power (npower)
(revision 623)
- Update to samba 4.11.3
+ CVE-2019-14861: DNSServer RPC server crash, an authenticated user
can crash the DCE/RPC DNS management server by creating records
with matching the zone name; (bso#14138); (bsc#1158108).
+ CVE-2019-14870: DelegationNotAllowed not being enforced, the
DelegationNotAllowed Kerberos feature restriction was not being
applied when processing protocol transition requests (S4U2Self),
in the AD DC KDC; (bso#14187); (bsc#1158109).
Samuel Cabrero (scabrero)
accepted
request 744290
from
James McDonough (jmcdough)
(revision 622)
Update to 4.11.2
James McDonough (jmcdough)
accepted
request 737886
from
Samuel Cabrero (scabrero)
(revision 621)
- Update to samba 4.11.0
+ For details on all items see WHATSNEW.txt in samba-doc
package
+ Python2 runtime support removed; python 3.4 or later required
+ Security improvements:
- SMB1 disabled by default
- lanman and plaintext authentication deprecated
- winbind: PAM_AUTH and NTLM_AUTH events logged
- GnuTLS 3.2 required; system FIPS mode setting honored
+ CephFS Snapshot integration, exposed as previous file
versions
+ ctdb changes:
- onnode -o option removed
- ctdbd logs when using more than 90% of a CPU thread
- CTDB_MONITOR_SWAP_USAGE variable removed
+ AD Domain controller improvements:
- Upgrade AD databse format
- BIND9_FLATFILE deprecated
- default process model chagned to prefork
- bind9 dns operation duration logging
- Default schema updated to 2012_R2; function level is
unchanged
- many performance improvements
+ Configuration webserver support removed
David Disseldorp (dmdiss)
accepted
request 728061
from
Samuel Cabrero (scabrero)
(revision 620)
- Update to samba 4.10.8
+ CVE-2019-10197: user escape from share path definition;
(bso#14035); (bsc#1141267);
Samuel Cabrero (scabrero)
accepted
request 727708
from
Noel Power (npower)
(revision 619)
- Fix build on newer systems by modifying samba.spec to use
consistent non-relative paths for pammodules in configure line
and specification of pam_winbind.so library to package.
- Update to samba 4.10.7
+ Unable to create or rename file/directory inside shares
configured with vfs_glusterfs_fuse module; (bso#14010).
+ build: Allow build when '--disable-gnutls' is set; (bso#13844)
+ samba-tool: Add 'import samba.drs_utils' to fsmo.py;
(bso#13973).
+ Fix 'Error 32 determining PSOs in system' message on old DB
with FL upgrade; (bso#14008).
+ s4/libnet: Fix joining a Windows pre-2008R2 DC; (bso#14021)
+ join: Use a specific attribute order for the DsAddEntry
nTDSDSA object; (bso#14046).
+ vfs_catia: Pass stat info to synthetic_smb_fname();
(bso#14015).
+ lookup_name: Allow own domain lookup when flags == 0;
(bso#14091).
+ s4 librpc rpc pyrpc: Ensure tevent_context deleted last;
(bso#13932).
+ DEBUGC and DEBUGADDC doesn't print into a class specific log
file; (bso#13915).
+ Request to keep deprecated option "server schannel",
VMWare Quickprep requires "auto"; (bso#13949).
+ dbcheck: Fallback to the default tombstoneLifetime of 180 days;
(bso#13967).
+ dnsProperty fails to decode values from older Windows versions;
(bso#13969).
+ samba-tool: Use only one LDAP modify for dns partition fsmo
Noel Power (npower)
accepted
request 710941
from
Samuel Cabrero (scabrero)
(revision 618)
- Update to samba-4.10.5 (including updates for 4.10.4, 4.10.3)
David Disseldorp (dmdiss)
committed
(revision 616)
- Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). - Add ceph_snapshots VFS module; (jsc#SES-183). - Fix vfs_ceph realpath; (bso#13918); (bsc#1134452). - Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245).
Samuel Cabrero (scabrero)
accepted
request 696786
from
David Mulder (dmulder)
(revision 615)
- Update to samba-4.10.2:
+ CVE-2019-3870 (World writable files in
Samba AD DC private/ dir); (bso#13834).
+ CVE-2019-3880 (Save registry file outside share as
unprivileged user); (bso#13851).
+ py/kcc_utils: py2.6 compatibility; (bso#13837).
+ libcli: permit larger values of DataLength in
SMB2_ENCRYPTION_CAPABILITIES of negotiate response;
(bso#13869).
+ regfio: Improve handling of malformed registry hive files;
(bso#13840).
+ ctdb-version: Simplify version string usage; (bso#13789).
+ lib: Make fd_load work for non-regular files; (bso#13859).
+ dbcheck: in the middle of the tombstone garbage collection
causes replication failures,
dbcheck: add --selftest-check-expired-tombstones cmdline
option; (bso#13816).
+ ndr_spoolss_buf: Fix out of scope use of stack variable in
NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818).
+ s4/messaging: Fix undefined reference in linking
libMESSAGING-samba4.so; (bso#13854).
+ acl_read: Fix regression for empty lists; (bso#13836).
+ s4:dlz make b9_has_soa check dc=@ node; (bso#13841).
+ s3:client: Fix printing via smbspool backend with kerberos
auth; (bso#13832).
+ s4:librpc: Fix installation of Samba; (bso#13847).
+ s3:lib: Fix the debug message for adding cache entries;
(bso#13848).
+ s3:utils: Add 'smbstatus -L --resolve-uids' to show username;
(bso#13793).
+ s3:lib: Fix the debug message for adding cache entries;
(bso#13848).
+ s3:waf: Fix the detection of makdev() macro on Linux;
(bso#13853).
* ctdb-build: Drop creation of .distversion in tarball;
(bso#13789).
* ctdb-packaging: Test package requires tcpdump, ctdb package
should not own system library directory; (bso#13838).
- Update to samba-4.10.1:
+ py/kcc_utils: py2.6 compatibility; (bso#13837);
+ libcli: permit larger values of DataLength in
SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869);
+ regfio: Improve handling of malformed registry hive files; (bso#13840);
+ ctdb-version: Simplify version string usage; (bso#13789);
+ lib: Make fd_load work for non-regular files; (bso#13859);
+ dbcheck in the middle of the tombstone garbage collection causes
replication failures, dbcheck: add --selftest-check-expired-tombstones
cmdline option; (bso#13816);
+ ndr_spoolss_buf: Fix out of scope use of stack variable in
NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818);
+ s4/messaging: Fix undefined reference in linking
libMESSAGING-samba4.so; (bso#13854);
+ acl_read: Fix regression for empty lists; (bso#13836);
+ s4:dlz make b9_has_soa check dc=@ node; (bso#13841);
+ s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832);
+ s4:librpc: Fix installation of Samba; (bso#13847);
+ s3:lib: Fix the debug message for adding cache entries; (bso#13848);
+ s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793);
+ s3:lib: Fix the debug message for adding cache entries; (bso#13848);
+ s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853);
+ ctdb-build: Drop creation of .distversion in tarball; (bso#13789);
+ ctdb-packaging: Test package requires tcpdump, ctdb package
should not own system library directory; (bso#13838);
- Update to samba-4.10.0:
+ s4-server: Open and close a transaction on sam.ldb at startup; (bso#13760);
+ access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
+ s4/scripting/bin: Open unicode files with utf8 encoding and write
+ unicode string.
+ sambaundoguididx: Use the right escaped oder unescaped sam ldb
files; (bso#13759);
+ Fix idmap cache pollution with S-1-22- IDs on winbind hickup; (bso#13813);
+ passdb: Update ABI to 0.27.2.
+ lib/winbind_util: Add winbind_xid_to_sid for --without-winbind; (bso#13813);
+ lib:util: Move debug message for mkdir failing to log level 1; (bso#13823);
David Disseldorp (dmdiss)
committed
(revision 614)
- Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153). - Fix update-apparmor-samba-profile script after apparmor switched to using named profiles. The change is backwards compatible; (bsc#1126377); - LoadParm().load_default() fails with "Unable to load default file"; (bsc#1089758); - Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);
Samuel Cabrero (scabrero)
committed
(revision 613)
Samuel Cabrero (scabrero)
accepted
request 664132
from
Noel Power (npower)
(revision 612)
- Update to samba-4.9.4
+ libcli/smb: Don't overwrite status code; (bso#9175).
+ wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164).
+ Session setup reauth fails to sign response; (bso#13661).
+ vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677).
+ vfs_shadow_copy2: Nicely deal with attempts to open previous
version for writing; (bso#13688).
+ Restoring previous version of stream with vfs_shadow_copy2 fails
with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455).
+ CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571).
+ s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708)
+ PEP8: fix E231: missing whitespace after ','.
+ winbindd: Fix crash when taking profiles;(bso#13629)
+ CVE-2018-14629 dns: Fix CNAME loop prevention using counter
regression; (bso#13600)
+ 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686).
+ CVE-2018-16853: Do not segfault if client is not set; (bso#13571).
+ lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679)
+ ctdb-daemon: Exit with error if a database directory does not
exist; (bso#13696).
+ s3:libads: Add net ads leave keep-account option; (bso#13498).
- Drop more %if..%endif guards which are idempotent.
- Drop requires on ldconfig which are already auto-discovered.
- Do not ignore errors from useradd/groupadd.
James McDonough (jmcdough)
accepted
request 655864
from
David Mulder (dmulder)
(revision 611)
Fix package naming and dependencies
James McDonough (jmcdough)
accepted
request 655382
from
David Mulder (dmulder)
(revision 610)
Fix package names in baselibs.conf
Displaying revisions 61 - 80 of 689
