openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Revisions of samba

Noel Power (npower) accepted request 654115 from

David Mulder (dmulder) over 5 years ago (revision 609)

- Remove python2 build dependency from samba-libs; (bsc#1116900);
- Update update-apparmor-samba-profile script to ignore the shares's
  paths containing substitution variables in any place, not only at the
  beginning of the path.

James McDonough (jmcdough) accepted request 652450 from

Samuel Cabrero (scabrero) over 5 years ago (revision 608)

- Update to samba-4.9.3
  + CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD
    Internal DNS server; (bso#13600); (bsc#1116319);
  + CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628);
    (bsc#1116320);
  + CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server;
    (bso#13674); (bsc#1116322);
  + CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers;
    (bso#13669); (bsc#1116321);
  + CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos
    configuration (unsupported); (bso#13678); (bsc#1116324);
  + CVE-2018-16857: Bad password count in AD DC not always effective;
    window; (bso#13683); (bsc#1116323);
- Update to samba-4.9.2
  + dsdb: Add comments explaining the limitations of our current backlink
    behaviour; (bso#13418);
  + Fix problems running domain backups (handling SMBv2, sites); (bso#13621);
  + testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3;
    (bso#13465);
  + Make vfs_fruit able to cleanup AppleDouble files; (bso#13642);
  + File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646);
  + Enabling vfs_fruit looses FinderInfo; (bso#13649);
  + Cancelling of SMB2 aio reads and writes returns wrong error
    NT_STATUS_INTERNAL_ERROR; (bso#13667);
  + Fix CTDB recovery record resurrection from inactive nodes and simplify
    vacuuming; (bso#13641);
  + examples: Fix the smb2mount build; (bso#13465);
  + libtevent: Fix build due to missing open_memstream on Illiumos;
    (bso#13629);
  + winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662);
  + dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path;
    (bso#13653);
  + Extended DN SID component missing for member after switching group
    membership; (bso#13418);
  + Return STATUS_SESSION_EXPIRED error encrypted, if the request was
    encrypted; (bso#13624);
  + python: Allow forced signing via smb.SMB(); (bso#13621);
  + lib:socket: If returning early, set ifaces; (bso#13665);
  + ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8
    encoded unicode; (bso#13616);
  + smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute;
    (bso#13673);
  + waf: Add -fstack-clash-protection; (bso#13601);
  + winbind: Fix segfault if an invalid passdb backend is configured;
    (bso#13668);
  + Fix bugs in CTDB event handling; (bso#13659);
  + Misbehaving nodes are sometimes not banned; (bso#13670);

James McDonough (jmcdough) accepted request 645785 from

David Mulder (dmulder) over 5 years ago (revision 607)

- lib:socket: If returning early, set ifaces; (bso#13665); (bsc#1111373);
- winbind requires latest version of libtevent-util0 to start

Paulo Alcantara (pauloac) accepted request 642051 from

James McDonough (jmcdough) over 5 years ago (revision 606)

Update baselibs for kdc->ad-dc package name change and enhance package description

James McDonough (jmcdough) accepted request 641830 from

James McDonough (jmcdough) over 5 years ago (revision 605)

Update baselibs for kdc->ad-dc package name change

James McDonough (jmcdough) accepted request 641729 from

David Mulder (dmulder) over 5 years ago (revision 604)

- Backport latest gpo code from master
  + Read policy from local gpt cache
  + Offline policy application
  + Make group policy extensible via register/unregister gpext
  + gpext's run via a process_group_policy method
- Enable profiling data collection
- Change samba-kdc package name to samba-ad-dc
- Move samba-ad-dc.service to the samba-ad-dc package

David Mulder (dmulder) accepted request 638021 from

Samuel Cabrero (scabrero) over 5 years ago (revision 603)

- Update to samba-4.9.1
  + s3: nmbd: Stop nmbd network announce storm; (bso#13620);
  + s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds;
    (bso#13597);
  + CTDB recovery lock has some race conditions; (bso#13617);
  + s3-rpc_client: Advertise Windows 7 client info; (bso#13597);
  + ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page; (bso#13610);

Samuel Cabrero (scabrero) accepted request 635794 from

David Mulder (dmulder) over 5 years ago (revision 602)

- Update to samba-4.9.0
  + samba_dnsupdate: Honor 'dns zone scavenging' option, only update if
    needed; (bso#13605);
  + wafsamba: Fix 'make -j<jobs>'; (bso#13606);
- Update to samba-4.9.0rc5
  + s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only
    returns absolute pathnames; (bso#13565);
  + s3: util: Do not take over stderr when there is no log file; (bso#13578);
  + Durable Reconnect fails because cookie.allow_reconnect is not
    set; (bso#13549);
  + krb5-samba: Interdomain trust uses different salt principal; (bso#13539);
  + vfs_fruit: Don't unlink the main file; (bso#13441);
  + smbd: Fix a memleak in async search ask sharemode; (bso#13602);
  + Fix Samba GPO issue when Trust is enabled; (bso#11517);
  + samba-tool: Add "virtualKerberosSalt" attribute to
    'user getpassword/syncpasswords'; (bso#13539);
  + Fix CTDB configuration issues; (bso#13589);
  + ctdbd logs an error until it can successfully connect to
    eventd; (bso#13592);
- Update to samba-4.9.0rc4
  + s3: smbd: Ensure get_real_filename() copes with empty
    pathnames; (bso#13585);
  + samba domain backup online/rename commands force user to specify
    password on CLI; (bso#13566);
  + wafsamba/samba_abi: Always hide ABI symbols which must be
    local; (bso#13579);
  + Fix a panic if fruit_access_check detects a locking conflict; (bso#13584);
  + Fix memory and resource leaks; (bso#13567);
  + python: Fix print in dns_invalid.py; (bso#13580);
  + Aliasing issue causes incorrect IPv6 checksum; (bso#13588);
  + Fix CTDB configuration issues; (bso#13589);
  + s3: vfs: time_audit: fix handling of token_blob in
    smb_time_audit_offload_read_recv(); (bso#13568);
- Update to samba-4.9.0rc3+git.22.3fff23ae36e
  + CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
    returns from malicious servers; (bso#13453);
  + CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query
    with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374);
  + CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
    not servicePrincipalName is set on a user; (bso#13552);
  + CVE-2018-10919: acl_read: Fix unauthorized attribute access via
    searches; (bso#13434);
  + ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540);
  + CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
    is disabled via "ntlm auth"; (bso#13360);
  + s3-tldap: do not install test_tldap; (bso#13529);
  + ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540);
  + CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
    ltdb_index_dn_attr(); (bso#13374);
  + ctdb-eventd: Fix CID 1438155; (bso#13554);
  + Fix CIDs 1438243, (Unchecked return value) 1438244
    (Unsigned compared against 0), 1438245 (Dereference before null check) and
    1438246 (Unchecked return value); (bso#13553);
  + ctdb: Fix a cut&paste error; (bso#13554);
  + systemd: Only start smb when network interfaces are up; (bso#13559);
  + Fix quotas don't work with SMB2; (bso#13553);
  + s3/smbd: Ensure quota code is only called when quota support
    detected; (bso#13563);
  + s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204);
  + s3:waf: Install eventlogadm to /usr/sbin; (bso#13561);
  + Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);
- Update to samba-4.9.0rc2+git.21.a1069afb007
  + s3: smbd:  Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537);
  + s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check();
    (bso#13535);
  + samba-tool trust: Support discovery via netr_GetDcName; (bso#13538);
  + s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542);
  + Fix portability issues on freebsd; (bso#13520);
  + DNS wildcard search does not handle multiple labels correctly; (bso#13536);
  + samba-tool domain trust: Fix trust compatibility to Windows
    Server 1709 and FreeIPA; (bso#13308);
  + Fix portability issues on freebsd; (bso#13520);
  + ctdb-protocol: Fix CTDB compilation issues; (bso#13545);
  + ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT
    option; (bso#13546);
  + ctdb-doc: Provide an example script for migrating old
    configuration; (bso#13550);
  + ctdb-event: Implement event tool "script list" command; (bso#13551);

Aurelien Aptel (aaptel) accepted request 631724 from

Vítězslav Čížek (vitezslav_cizek) over 5 years ago (revision 601)

- Add missing zlib-devel dependency which was previously pulled in
  by libopenssl-devel

James McDonough (jmcdough) accepted request 629523 from

Noel Power (npower) over 5 years ago (revision 600)

- Update to samba-4.8.4+git.37.a7a861d7982;
  + CVE-2018-1139:  Weak authentication protocol allowed;
    (bsc#1095048); (bsc#13360);
  + CVE-2018-1140:  Denial of Service Attack on DNS and LDAP server;
    (bsc#1095056); (bso#13466); (bso#13374);
  + CVE-2018-10858: Insufficient input validation on client directory
    listing in libsmbclient; (bsc#1103411); (bso#13453);
  + CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server;
    (bsc#1103414); (bso#13552);
  + CVE-2018-10919: Confidential attribute disclosure from the AD
    LDAP server; (bsc#1095057); (bso#13434);
  + s3:winbind: winbind normalize names' doesn't work for users;
    (bso#12851);
  + winbind: Fix UPN handling in canonicalize_username(); (bso#13369);
  + s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428);
  + samdb: Fix building Samba with gcc 8.1; (bso#13437);
  + s3:utils: Do not segfault on error in DoDNSUpdate();  (bso#13440);
  + smbd: Flush dfree memcache on service reload; (bso#13446);
  + ldb: Save a copy of the index result before calling the
  + lib/util: No Backtrace given by Samba's AD DC by default;
    (bso#13454).
  + s3: smbd: printing: Re-implement delete-on-close semantics for
    print files missing since 3.5.x; (bso#13457).
  + python: Fix talloc frame use in make_simple_acl(); (bso#13474).
  + krb5_wrap: Fix keep_old_entries logic for older Kerberos
    libraries;(bso#13478).
  + krb5_plugin: Add winbind localauth plugin for MIT Kerberos;
    (bso#13480).

David Disseldorp (dmdiss) accepted request 612904 from

Samuel Cabrero (scabrero) almost 6 years ago (revision 599)

- Add missing package descriptions; (bsc#1093864);
- Fix dependency issue between samba-python and samba-kdc; (bsc#1062876);
- Call update-apparmor-samba-profile when running samba-ad-dc;
  (bsc#1092099);

David Disseldorp (dmdiss) accepted request 611762 from

James McDonough (jmcdough) almost 6 years ago (revision 598)

Update to 4.8.2

David Disseldorp (dmdiss) accepted request 603033 from

Samuel Cabrero (scabrero) about 6 years ago (revision 597)

- Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is
  required by some client libs; (bsc#1074135);
- Update to 4.8.1; (bsc#1091179);
  + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error,
    we don't own it here; (bso#13244);
  + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't
    support fdopendir(); (bso#13270);
  + Round-tripping ACL get/set through vfs_fruit will increase the number of
    ACE entries without limit; (bso#13319);
  + s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit
    issues; (bso#13347);
  + s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without
    delete access; (bso#13358);
  + s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372);
  + s3: smbd: Unix extensions attempts to change wrong field in fchown call;
    (bso#13375);
  + ms_schema/samba-tool visualize: Fix python2.6 incompatibility;
    (bso#13337);
  + Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352);
  + Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
  + winbindd: Recover loss of netlogon secure channel in case the peer DC is
    rebooted; (bso#13332);
  + s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363);
  + ctdb-client: Fix bugs in client code; (bso#13356);
  + ctdb-scripts: Drop "net serverid wipe" from 50.samba event script;
    (bso#13359);
  + s3: lib: messages: Don't use the result of sec_init() before calling
    sec_init(); (bso#13368);
  + libads: Fix the build '--without-ads'; (bso#13273);
  + winbind: Keep "force_reauth" in invalidate_cm_connection, add
    'smbcontrol disconnect-dc'; (bso#13332);
  + vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343);
  + dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367);
  + rpc_server: Fix core dump in dfsgetinfo; (bso#13370);
  + smbclient: Fix notify; (bso#13382);
  + Fix smbd panic if the client-supplied channel sequence number wraps;
    (bso#13215);
  + Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
  + lib/util: Remove unused '#include <sys/syscall.h>' from tests/tfork.c;
    (bso#13342);
  + Fix build errors with cc from developerstudio 12.5 on Solaris;
    (bso#13343);
  + Fix the picky-developer build on FreeBSD 11; (bso#13344);
  + s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345);
  + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338);
  + lib:replace: Fix linking when libtirpc-devel overwrites system headers;
    (bso#13341);
  + winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid
    query; (bso#13312);
  + s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376);
  + Allow AESNI to be used on all processor supporting AESNI; (bso#13302);

David Mulder (dmulder) accepted request 597743 from

James McDonough (jmcdough) about 6 years ago (revision 596)

re-enable python for SLE

Samuel Cabrero (scabrero) accepted request 595751 from

Aurelien Aptel (aaptel) about 6 years ago (revision 595)

- Use new foreground execution flags for systemd samba daemons;
  (bsc#1088574); (bsc#1071090); (bsc#1065551);
  + Add %post scriptlet to clear old sysconfig flags
- Update vendor-files to commit 880b3e7.
  + Set samba sysconfig template variables to ""
  + Add required daemon flags directly to systemd unit

Aurelien Aptel (aaptel) accepted request 590371 from

Dominique Leuenberger (dimstar) about 6 years ago (revision 594)

- BuildRequire pkgconfig(systemd) and pkgconfig(libsystemd) in
  place of systemd and systemd-devel: Allow OBS to optimize the
  workload by allowing the usage of the 'build-optimized' systemd
  packages.

The build failure seen in my branch is unrelated to this change!

Aurelien Aptel (aaptel) accepted request 592006 from

James McDonough (jmcdough) about 6 years ago (revision 593)

Specfile cleanup

Aurelien Aptel (aaptel) accepted request 591871 from

Jan Engelhardt (jengelh) about 6 years ago (revision 592)

- Remove %if..%endif guards which have absolutely no effect on
  the build. Remove redundant %clean section. Replace old $RPM_*
  shell vars by macros.

Samuel Cabrero (scabrero) accepted request 590413 from

David Mulder (dmulder) about 6 years ago (revision 591)

Fixup samba spec file for python3

James McDonough (jmcdough) accepted request 590349 from

David Mulder (dmulder) about 6 years ago (revision 590)

Add changelog entry for python3 package change.

Displaying revisions 81 - 100 of 689

Places

Revisions of samba

Places