File samba.changes of Package samba-heimdal-ad

-------------------------------------------------------------------
Tue Feb  6 16:12:41 UTC 2024 - macke d <mdbuild@use.startmail.com>

-                    ===============================
                   Release Notes for Samba 4.18.10
                          January 31, 2024
                   ===============================


This is the latest stable release of the Samba 4.18 release series.


Changes since 4.18.9
--------------------

o  Ralph Boehme <slow@samba.org>
   * BUG 13688: Windows 2016 fails to restore previous version of a file from a
     shadow_copy2 snapshot.
   * BUG 15549: Symlinks on AIX are broken in 4.19 (and a few version before
     that).

o  Samuel Cabrero <scabrero@samba.org>
   * BUG 13577: net changesecretpw cannot set the machine account password if
     secrets.tdb is empty.

o  Bjoern Jacke <bj@sernet.de>
   * BUG 12421: Fake directory create times has no effect.

o  Björn Jacke <bjacke@samba.org>
   * BUG 15540: For generating doc, take, if defined, env XML_CATALOG_FILES.
   * BUG 15541: Trivial C typo in nsswitch/winbind_nss_netbsd.c.
   * BUG 15542: vfs_linux_xfs is incorrectly named.
   * BUG 15550: ctime mixed up with mtime by smbd.

o  Volker Lendecke <vl@samba.org>
   * BUG 15523: ctdb RELEASE_IP causes a crash in release_ip if a connection to
     a non-public address disconnects first.
   * BUG 15544: shadow_copy2 broken when current fileset's directories are
     removed.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15523: ctdb RELEASE_IP causes a crash in release_ip if a connection to
     a non-public address disconnects first.
   * BUG 15534: smbd does not detect ctdb public ipv6 addresses for multichannel
     exclusion.

o  Martin Schwenke <mschwenke@ddn.com>
   * BUG 15523: ctdb RELEASE_IP causes a crash in release_ip if a connection to
     a non-public address disconnects first.

o  Shachar Sharon <ssharon@redhat.com>
   * BUG 15440: Unable to copy and write files from clients to Ceph cluster via
     SMB Linux gateway with Ceph VFS module.

o  Jones Syue <jonessyue@qnap.com>
   * BUG 15547: Multichannel refresh network information.
   * BUG 15555: smbpasswd reset permissions only if not 0600.

-------------------------------------------------------------------
Wed Nov 29 15:25:58 UTC 2023 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.18.9
                         November 29, 2023
                   ==============================


This is the latest stable release of the Samba 4.18 release series.
It contains the security-relevant bugfix CVE-2018-14628:

    Wrong ntSecurityDescriptor values for "CN=Deleted Objects"
    allow read of object tombstones over LDAP
    (Administrator action required!)
    https://www.samba.org/samba/security/CVE-2018-14628.html


Description of CVE-2018-14628
-----------------------------

All versions of Samba from 4.0.0 onwards are vulnerable to an
information leak (compared with the established behaviour of
Microsoft's Active Directory) when Samba is an Active Directory Domain
Controller.

When a domain was provisioned with an unpatched Samba version,
the ntSecurityDescriptor is simply inherited from Domain/Partition-HEAD-Object
instead of being very strict (as on a Windows provisioned domain).

This means also non privileged users can use the
LDAP_SERVER_SHOW_DELETED_OID control in order to view,
the names and preserved attributes of deleted objects.

No information that was hidden before the deletion is visible, but in
with the correct ntSecurityDescriptor value in place the whole object
is also not visible without administrative rights.

There is no further vulnerability associated with this error, merely an
information disclosure.

Action required in order to resolve CVE-2018-14628!
---------------------------------------------------

The patched Samba does NOT protect existing domains!

The administrator needs to run the following command
(on only one domain controller)
in order to apply the protection to an existing domain:

  samba-tool dbcheck --cross-ncs --attrs=nTSecurityDescriptor --fix

The above requires manual interaction in order to review the
changes before they are applied. Typicall question look like this:

  Reset nTSecurityDescriptor on CN=Deleted Objects,DC=samba,DC=org back to provision default?
        Owner mismatch: SY (in ref) DA(in current)
        Group mismatch: SY (in ref) DA(in current)
        Part dacl is different between reference and current here is the detail:
                (A;;LCRPLORC;;;AU) ACE is not present in the reference
                (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) ACE is not present in the reference
                (A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DA) ACE is not present in the reference
                (A;;CCDCLCSWRPWPSDRCWDWO;;;SY) ACE is not present in the current
                (A;;LCRP;;;BA) ACE is not present in the current
   [y/N/all/none] y
  Fixed attribute 'nTSecurityDescriptor' of 'CN=Deleted Objects,DC=samba,DC=org'

The change should be confirmed with 'y' for all objects starting with
'CN=Deleted Objects'.


Changes since 4.18.8
--------------------

o  Michael Adam <obnox@samba.org>
   * BUG 15497: Add make command for querying Samba version.

o  Ralph Boehme <slow@samba.org>
   * BUG 15487: smbd crashes if asked to return full information on close of a
     stream handle with delete on close disposition set.
   * BUG 15521: smbd: fix close order of base_fsp and stream_fsp in
     smb_fname_fsp_destructor().

o  Björn Jacke <bj@sernet.de>
   * BUG 15093: Files without "read attributes" NFS4 ACL permission are not
     listed in directories.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 13595: CVE-2018-14628 [SECURITY] Deleted Object tombstones visible in
     AD LDAP to normal users.

o  Christof Schmitt <cs@samba.org>
   * BUG 15507: vfs_gpfs stat calls fail due to file system permissions.

o  Christof Schmitt <christof.schmitt@us.ibm.com>
   * BUG 15497: Add make command for querying Samba version.

o  Martin Schwenke <mschwenke@ddn.com>
   * BUG 15479: ctdbd: setproctitle not initialized messages flooding logs.

-------------------------------------------------------------------
Tue Oct 10 15:52:02 UTC 2023 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.18.8
                          October 10, 2023
                   ==============================


This is a security release in order to address the following defects:


o CVE-2023-3961:  Unsanitized pipe names allow SMB clients to connect as root to
                  existing unix domain sockets on the file system.
                  https://www.samba.org/samba/security/CVE-2023-3961.html

o CVE-2023-4091:  SMB client can truncate files to 0 bytes by opening files with
                  OVERWRITE disposition when using the acl_xattr Samba VFS
                  module with the smb.conf setting
                  "acl_xattr:ignore system acls = yes"
                  https://www.samba.org/samba/security/CVE-2023-4091.html

o CVE-2023-4154:  An RODC and a user with the GET_CHANGES right can view all
                  attributes, including secrets and passwords.  Additionally,
                  the access check fails open on error conditions.
                  https://www.samba.org/samba/security/CVE-2023-4154.html

o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
                  server block for a user-defined amount of time, denying
                  service.
                  https://www.samba.org/samba/security/CVE-2023-42669.html

o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
                  listeners, disrupting service on the AD DC.
                  https://www.samba.org/samba/security/CVE-2023-42670.html


Changes since 4.18.7
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 15422: CVE-2023-3961.

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 15424: CVE-2023-4154.
   * BUG 15473: CVE-2023-42670.
   * BUG 15474: CVE-2023-42669.

o  Ralph Boehme <slow@samba.org>
   * BUG 15439: CVE-2023-4091.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15424: CVE-2023-4154.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 15424: CVE-2023-4154.


-------------------------------------------------------------------
Wed Sep 27 09:28:19 UTC 2023 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.18.7
                         September 27, 2023
                   ==============================


This is the latest stable release of the Samba 4.18 release series.


Changes since 4.18.6
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 15419: Weird filename can cause assert to fail in
     openat_pathref_fsp_nosymlink().
   * BUG 15423: use-after-free in aio_del_req_from_fsp during smbd shutdown
     after failed IPC FSCTL_PIPE_TRANSCEIVE.
   * BUG 15432: TREE_CONNECT without SETUP causes smbd to use uninitialized
     pointer.

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 15401: Avoid infinite loop in initial user sync with Azure AD Connect.
   * BUG 15407: Samba replication logs show (null) DN.

o  Ralph Boehme <slow@samba.org>
   * BUG 15463: macOS mdfind returns only 50 results.

o  Remi Collet <rcollet@redhat.com>
   * BUG 14808: smbc_getxattr() return value is incorrect.

o  Volker Lendecke <vl@samba.org>
   * BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with
     previous cache entry value.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15464: libnss_winbind causes memory corruption since samba-4.18,
     impacts sendmail, zabbix, potentially more.

o  MikeLiu <mikeliu@qnap.com>
   * BUG 15453: File doesn't show when user doesn't have permission if
     aio_pthread is loaded.

o  Martin Schwenke <mschwenke@ddn.com>
   * BUG 15451: ctdb_killtcp fails to work with --enable-pcap and libpcap ≥
     1.9.1.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 15476: The KDC in 4.18 (and older) is not able to accept tickets with
     empty claims pac blobs (from Samba 4.19 or Windows).
   * BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is
     in use.

-------------------------------------------------------------------
Thu Aug 17 06:37:34 UTC 2023 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.18.6
                          August 16, 2023
                   ==============================


This is the latest stable release of the Samba 4.18 release series.


Changes since 4.18.5
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 15420: reply_sesssetup_and_X() can dereference uninitialized tmp
     pointer.
   * BUG 15430: Missing return in reply_exit_done().

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 15289: post-exec password redaction for samba-tool is more reliable for
     fully random passwords as it no longer uses regular expressions
     containing the password value itself.
   * BUG 9959: Windows client join fails if a second container CN=System exists
     somewhere.

o  Ralph Boehme <slow@samba.org>
   * BUG 15342: Spotlight sometimes returns no results on latest macOS.
   * BUG 15417: Renaming results in NT_STATUS_SHARING_VIOLATION if previously
     attempted to remove the destination.
   * BUG 15427: Spotlight results return wrong date in result list.

o  Günther Deschner <gd@samba.org>
   * BUG 15414: "net offlinejoin provision" does not work as non-root user.

o  Pavel Filipenský <pfilipensky@samba.org>
   * BUG 15400: rpcserver no longer accepts double backslash in dfs pathname.
   * BUG 15433: cm_prepare_connection() calls close(fd) for the second time.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15346: 2-3min delays at reconnect with smb2_validate_sequence_number:
     bad message_id 2.
   * BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
   * BUG 15446: DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed.

o  Noel Power <noel.power@suse.com>
   * BUG 15390: Python tarfile extraction needs change to avoid a warning
     (CVE-2007-4559 mitigation).
   * BUG 15435: Regression DFS not working with widelinks = true.

o  Arvid Requate <requate@univention.de>
   * BUG 9959: Windows client join fails if a second container CN=System exists
    somewhere.

o  Jones Syue <jonessyue@qnap.com>
   * BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
   * BUG 15449: mdssvc: Do an early talloc_free() in _mdssvc_open().

-------------------------------------------------------------------
Sat Jul 22 21:58:46 UTC 2023 - macke d <mdbuild@use.startmail.com>

- -                    ==============================
                   Release Notes for Samba 4.18.5
                           July 19, 2023
                   ==============================


This is a security release in order to address the following defects:

o CVE-2022-2127:  When winbind is used for NTLM authentication, a maliciously
                  crafted request can trigger an out-of-bounds read in winbind
                  and possibly crash it.
                  https://www.samba.org/samba/security/CVE-2022-2127.html

o CVE-2023-3347:  SMB2 packet signing is not enforced if an admin configured
                  "server signing = required" or for SMB2 connections to Domain
                  Controllers where SMB2 packet signing is mandatory.
                  https://www.samba.org/samba/security/CVE-2023-3347.html

o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service for
                  Spotlight can be triggered by an unauthenticated attacker by
                  issuing a malformed RPC request.
                  https://www.samba.org/samba/security/CVE-2023-34966.html

o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service for
                  Spotlight can be used by an unauthenticated attacker to
                  trigger a process crash in a shared RPC mdssvc worker process.
                  https://www.samba.org/samba/security/CVE-2023-34967.html

o CVE-2023-34968: As part of the Spotlight protocol Samba discloses the server-
                  side absolute path of shares and files and directories in
                  search results.
                  https://www.samba.org/samba/security/CVE-2023-34968.html


Changes since 4.18.4
--------------------

o  Ralph Boehme <slow@samba.org>
   * BUG 15072: CVE-2022-2127.
   * BUG 15340: CVE-2023-34966.
   * BUG 15341: CVE-2023-34967.
   * BUG 15388: CVE-2023-34968.
   * BUG 15397: CVE-2023-3347.

o  Volker Lendecke <vl@samba.org>
   * BUG 15072: CVE-2022-2127.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.


-------------------------------------------------------------------
Sat Jul 22 21:55:54 UTC 2023 - macke d <mdbuild@use.startmail.com>

- 

                   ==============================
                   Release Notes for Samba 4.18.4
                           July 05, 2023
                   ==============================


This is the latest stable release of the Samba 4.18 release series.


Changes since 4.18.3
--------------------

o  Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
   * BUG 15404: Backport --pidl-developer fixes.

o  Samuel Cabrero <scabrero@samba.org>
   * BUG 14030: Named crashes on DLZ zone update.

o  Björn Jacke <bj@sernet.de>
   * BUG 2312: smbcacls and smbcquotas do not check // before the server.

o  Volker Lendecke <vl@samba.org>
   * BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers.
   * BUG 15391: smbclient leaks fds with showacls.
   * BUG 15402: smbd returns NOT_FOUND when creating files on a r/o filesystem.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15355: NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and
     causes test timeouts.

o  Noel Power <noel.power@suse.com>
   * BUG 15384: net ads lookup (with unspecified realm) fails.

o  Christof Schmitt <cs@samba.org>
   * BUG 15381: Register Samba processes with GPFS.

o  Andreas Schneider <asn@samba.org>
   * BUG 15390: Python tarfile extraction needs change to avoid a warning
     (CVE-2007-4559 mitigation).
   * BUG 15398: The winbind child segfaults when listing users with `winbind
     scan trusted domains = yes`.

o  Jones Syue <jonessyue@qnap.com>
   * BUG 15383: Remove comments about deprecated 'write cache size'.
   * BUG 15403: smbget memory leak if failed to download files recursively.

-------------------------------------------------------------------
Wed May 31 18:59:23 UTC 2023 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.18.3
                            May 31, 2023
                   ==============================


This is the latest stable release of the Samba 4.18 release series.


Changes since 4.18.2
--------------------

o  Ralph Boehme <slow@samba.org>
   * BUG 15375: Symlinks to files can have random DOS mode information in a
     directory listing.
   * BUG 15378: vfs_fruit might cause a failing open for delete.

o  Volker Lendecke <vl@samba.org>
   * BUG 15361: winbind recurses into itself via rpcd_lsad.
   * BUG 15366: wbinfo -u fails on ad dc with >1000 users.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15338: DS ACEs might be inherited to unrelated object classes.
   * BUG 15362: a lot of messages: get_static_share_mode_data:
     get_static_share_mode_data_fn failed: NT_STATUS_NOT_FOUND.
   * BUG 15374: aes256 smb3 encryption algorithms are not allowed in
     smb3_sid_parse().

o  Andreas Schneider <asn@samba.org>
   * BUG 15360: Setting veto files = /.*/ break listing directories.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 15363: "samba-tool domain provision" does not run interactive mode if
     no arguments are given.

o  Nathaniel W. Turner <nturner@exagrid.com>
   * BUG 15325: dsgetdcname: assumes local system uses IPv4.

-------------------------------------------------------------------
Wed May 31 18:59:02 UTC 2023 - macke d <mdbuild@use.startmail.com>

- 

-------------------------------------------------------------------
Wed Apr 19 10:28:13 UTC 2023 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.18.2
                           April 19, 2023
                   ==============================


This is the latest stable release of the Samba 4.18 release series.


Changes since 4.18.1
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 15302: Log flood: smbd_calculate_access_mask_fsp: Access denied:
     message level should be lower.
   * BUG 15306: Floating point exception (FPE) via cli_pull_send at
     source3/libsmb/clireadwrite.c.

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 15328: test_tstream_more_tcp_user_timeout_spin fails intermittently on
     Rackspace GitLab runners.
   * BUG 15329: Reduce flapping of ridalloc test.
   * BUG 15351: large_ldap test is unreliable.

o  Ralph Boehme <slow@samba.org>
   * BUG 15143: New filename parser doesn't check veto files smb.conf parameter.
   * BUG 15354: mdssvc may crash when initializing.

o  Volker Lendecke <vl@samba.org>
   * BUG 15313: large directory optimization broken for non-lcomp path elements.
   * BUG 15357: streams_depot fails to create streams.
   * BUG 15358: shadow_copy2 and streams_depot don't play well together.

o  Rob van der Linde <rob@catalyst.net.nz>
   * BUG 15316: Flapping tests in samba_tool_drs_show_repl.py.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15317: winbindd idmap child contacts the domain controller without a
     need.
   * BUG 15318: idmap_autorid may fail to map sids of trusted domains for the
     first time.
   * BUG 15319: idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings.
   * BUG 15323: net ads search -P doesn't work against servers in other domains.
   * BUG 15353: Temporary smbXsrv_tcon_global.tdb can't be parsed.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 15316: Flapping tests in samba_tool_drs_show_repl.py.
   * BUG 15343: Tests use depricated and removed methods like
     assertRegexpMatches.

-------------------------------------------------------------------
Wed Mar 29 14:29:14 UTC 2023 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.18.1
                           March 29, 2023
                   ==============================


This is a security release in order to address the following defects:

o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated
                 but otherwise unprivileged users to delete this attribute from
                 any object in the directory.
                 https://www.samba.org/samba/security/CVE-2023-0225.html

o CVE-2023-0922: The Samba AD DC administration tool, when operating against a
                 remote LDAP server, will by default send new or reset
                 passwords over a signed-only connection.
                 https://www.samba.org/samba/security/CVE-2023-0922.html

o CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
                 Confidential attribute disclosure via LDAP filters was
                 insufficient and an attacker may be able to obtain
                 confidential BitLocker recovery keys from a Samba AD DC.
                 Installations with such secrets in their Samba AD should
                 assume they have been obtained and need replacing.
                 https://www.samba.org/samba/security/CVE-2023-0614.html


Changes since 4.18.0
--------------------

o  Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
   * BUG 15276: CVE-2023-0225.

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 15270: CVE-2023-0614.
   * BUG 15331: ldb wildcard matching makes excessive allocations.
   * BUG 15332: large_ldap test is inefficient.

o  Rob van der Linde <rob@catalyst.net.nz>
   * BUG 15315: CVE-2023-0922.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 15270: CVE-2023-0614.
   * BUG 15276: CVE-2023-0225.

-------------------------------------------------------------------
Wed Mar  8 13:50:04 UTC 2023 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.18.0
                           March 08, 2023
                   ==============================

This is the first stable release of the Samba 4.18 release series.
Please read the release notes carefully before upgrading.

NEW FEATURES/CHANGES
====================

SMB Server performance improvements
-----------------------------------

The security improvements in recent releases
(4.13, 4.14, 4.15, 4.16), mainly as protection against symlink races,
caused performance regressions for metadata heavy workloads.

While 4.17 already improved the situation quite a lot,
with 4.18 the locking overhead for contended path based operations
is reduced by an additional factor of ~ 3 compared to 4.17.
It means the throughput of open/close
operations reached the level of 4.12 again.

More succinct samba-tool error messages
---------------------------------------

Historically samba-tool has reported user error or misconfiguration by
means of a Python traceback, showing you where in its code it noticed
something was wrong, but not always exactly what is amiss. Now it
tries harder to identify the true cause and restrict its output to
describing that. Particular cases include:

 * a username or password is incorrect
 * an ldb database filename is wrong (including in smb.conf)
 * samba-tool dns: various zones or records do not exist
 * samba-tool ntacl: certain files are missing
 * the network seems to be down
 * bad --realm or --debug arguments

Accessing the old samba-tool messages
-------------------------------------

This is not new, but users are reminded they can get the full Python
stack trace, along with other noise, by using the argument '-d3'.
This may be useful when searching the web.

The intention is that when samba-tool encounters an unrecognised
problem (especially a bug), it will still output a Python traceback.
If you encounter a problem that has been incorrectly identified by
samba-tool, please report it on https://bugzilla.samba.org.

Colour output with samba-tool --color
-------------------------------------

For some time a few samba-tool commands have had a --color=yes|no|auto
option, which determines whether the command outputs ANSI colour
codes. Now all samba-tool commands support this option, which now also
accepts 'always' and 'force' for 'yes', 'never' and 'none' for 'no',
and 'tty' and 'if-tty' for 'auto' (this more closely matches
convention). With --color=auto, or when --color is omitted, colour
codes are only used when output is directed to a terminal.

Most commands have very little colour in any case. For those that
already used it, the defaults have changed slightly.

 * samba-tool drs showrepl: default is now 'auto', not 'no'
 
 * samba-tool visualize: the interactions between --color-scheme,
   --color, and --output have changed slightly. When --color-scheme is
   set it overrides --color for the purpose of the output diagram, but
   not for other output like error messages.

New samba-tool dsacl subcommand for deleting ACES
-------------------------------------------------

The samba-tool dsacl tool can now delete entries in directory access
control lists. The interface for 'samba-tool dsacl delete' is similar
to that of 'samba-tool dsacl set', with the difference being that the
ACEs described by the --sddl argument are deleted rather than added.

No colour with NO_COLOR environment variable
--------------------------------------------

With both samba-tool --color=auto (see above) and some other places
where we use ANSI colour codes, the NO_COLOR environment variable will
disable colour output. See https://no-color.org/ for a description of
this variable. `samba-tool --color=always` will use colour regardless
of NO_COLOR.

New wbinfo option --change-secret-at
------------------------------------

The wbinfo command has a new option, --change-secret-at=<DOMAIN CONTROLLER>
which forces the trust account password to be changed at a specified domain
controller. If the specified domain controller cannot be contacted the
password change fails rather than trying other DCs.

New option to change the NT ACL default location
------------------------------------------------

Usually the NT ACLs are stored in the security.NTACL extended
attribute (xattr) of files and directories. The new
"acl_xattr:security_acl_name" option allows to redefine the default
location. The default "security.NTACL" is a protected location, which
means the content of the security.NTACL attribute is not accessible
from normal users outside of Samba. When this option is set to use a
user-defined value, e.g. user.NTACL then any user can potentially
access and overwrite this information. The module prevents access to
this xattr over SMB, but the xattr may still be accessed by other
means (eg local access, SSH, NFS). This option must only be used when
this consequence is clearly understood and when specific precautions
are taken to avoid compromising the ACL content.

Azure Active Directory / Office365 synchronisation improvements
--------------------------------------------------------------

Use of the Azure AD Connect cloud sync tool is now supported for
password hash synchronisation, allowing Samba AD Domains to synchronise
passwords with this popular cloud environment.

REMOVED FEATURES
================


smb.conf changes
================

  Parameter Name                          Description     Default
  --------------                          -----------     -------
  acl_xattr:security_acl_name             New             security.NTACL
  server addresses                        New


CHANGES SINCE 4.18.0rc4
=======================

o  Jeremy Allison <jra@samba.org>
   * BUG 15314: streams_xattr is creating unexpected locks on folders.

o  Volker Lendecke <vl@samba.org>
   * BUG 15310: New samba-dcerpc architecture does not scale gracefully.


CHANGES SINCE 4.18.0rc3
=======================

o  Andreas Schneider <asn@samba.org>
   * BUG 15308: Avoid that tests fail because other tests didn't do cleanup on
     failure.

o  baixiangcpp <baixiangcpp@gmail.com>
   * BUG 15311: fd_load() function implicitly closes the fd where it should not.


CHANGES SINCE 4.18.0rc2
=======================

o  Jeremy Allison <jra@samba.org>
   * BUG 15301: Improve file_modtime() and issues around smb3 unix test.

o  Ralph Boehme <slow@samba.org>
   * BUG 15299: Spotlight doesn't work with latest macOS Ventura.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15298: Build failure on solaris with tevent 0.14.0 (and ldb 2.7.0).
     (tevent 0.14.1 and ldb 2.7.1 are already released...)

o  John Mulligan <jmulligan@redhat.com>
   * BUG 15307: vfs_ceph incorrectly uses fsp_get_io_fd() instead of
     fsp_get_pathref_fd() in close and fstat.

o  Andreas Schneider <asn@samba.org>
   * BUG 15291: test_chdir_cache.sh doesn't work with SMBD_DONT_LOG_STDOUT=1.
   * BUG 15301: Improve file_modtime() and issues around smb3 unix test.


CHANGES SINCE 4.18.0rc1
=======================

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 10635: Office365 azure Password Sync not working.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo.

o  Noel Power <noel.power@suse.com>
   * BUG 15293: With clustering enabled samba-bgqd can core dump due to use
     after free.


KNOWN ISSUES
============

https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.18#Release_blocking_bugs

-------------------------------------------------------------------
Thu Jan 26 19:00:40 UTC 2023 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.17.5
                          January 26, 2023
                   ==============================


This is the latest stable release of the Samba 4.17 release series.


Changes since 4.17.4
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 14808: smbc_getxattr() return value is incorrect.
   * BUG 15172: Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled
     correctly.
   * BUG 15210: synthetic_pathref AFP_AfpInfo failed errors.
   * BUG 15226: samba-tool gpo listall fails IPv6 only - finddcs() fails to find
     DC when there is only an AAAA record for the DC in DNS.
   * BUG 15236: smbd crashes if an FSCTL request is done on a stream handle.
   * BUG 15277: DFS links don't work anymore on Mac clients since 4.17.
   * BUG 15283: vfs_virusfilter segfault on access, directory edgecase
     (accessing NULL value).

o  Samuel Cabrero <scabrero@samba.org>
   * BUG 15240: CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5)
     based SChannel on NETLOGON (additional changes).

o  Volker Lendecke <vl@samba.org>
   * BUG 15243: %U for include directive doesn't work for share listing
     (netshareenum).
   * BUG 15266: Shares missing from netshareenum response in samba 4.17.4.
   * BUG 15269: ctdb: use-after-free in run_proc.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15243: %U for include directive doesn't work for share listing
     (netshareenum).
   * BUG 15266: Shares missing from netshareenum response in samba 4.17.4.
   * BUG 15280: irpc_destructor may crash during shutdown.
   * BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo.

o  Andreas Schneider <asn@samba.org>
   * BUG 15268: smbclient segfaults with use after free on an optimized build.

o  Jones Syue <jonessyue@qnap.com>
   * BUG 15282: smbstatus leaking files in msg.sock and msg.lock.

o  Andrew Walker <awalker@ixsystems.com>
   * BUG 15164: Leak in wbcCtxPingDc2.
   * BUG 15265: Access based share enum does not work in Samba 4.16+.
   * BUG 15267: Crash during share enumeration.
   * BUG 15271: rep_listxattr on FreeBSD does not properly check for reads off
     end of returned buffer.

o  Florian Weimer <fweimer@redhat.com>
   * BUG 15281: Avoid relying on C89 features in a few places.

-------------------------------------------------------------------
Thu Dec 15 19:24:25 UTC 2022 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.17.4
                         December 15, 2022
                   ==============================


This is the latest stable release of the Samba 4.17 release series.
It also contains security changes in order to address the following defects:


o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos
                  RC4-HMAC Elevation of Privilege Vulnerability
                  disclosed by Microsoft on Nov 8 2022.

                  A Samba Active Directory DC will issue weak rc4-hmac
                  session keys for use between modern clients and servers
                  despite all modern Kerberos implementations supporting
                  the aes256-cts-hmac-sha1-96 cipher.

                  On Samba Active Directory DCs and members
                  'kerberos encryption types = legacy' would force
                  rc4-hmac as a client even if the server supports
                  aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.

                  https://www.samba.org/samba/security/CVE-2022-37966.html

o CVE-2022-37967: This is the Samba CVE for the Windows
                  Kerberos Elevation of Privilege Vulnerability
                  disclosed by Microsoft on Nov 8 2022.

                  A service account with the special constrained
                  delegation permission could forge a more powerful
                  ticket than the one it was presented with.

                  https://www.samba.org/samba/security/CVE-2022-37967.html

o CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the
                  same algorithms as rc4-hmac cryptography in Kerberos,
                  and so must also be assumed to be weak.

                  https://www.samba.org/samba/security/CVE-2022-38023.html

Note that there are several important behavior changes
included in this release, which may cause compatibility problems
interacting with system still expecting the former behavior.
Please read the advisories of CVE-2022-37966,
CVE-2022-37967 and CVE-2022-38023 carefully!

samba-tool got a new 'domain trust modify' subcommand
-----------------------------------------------------

This allows "msDS-SupportedEncryptionTypes" to be changed
on trustedDomain objects. Even against remote DCs (including Windows)
using the --local-dc-ipaddress= (and other --local-dc-* options).
See 'samba-tool domain trust modify --help' for further details.

smb.conf changes
----------------

  Parameter Name                               Description             Default
  --------------                               -----------             -------
  allow nt4 crypto                             Deprecated              no
  allow nt4 crypto:COMPUTERACCOUNT             New
  kdc default domain supported enctypes        New (see manpage)
  kdc supported enctypes                       New (see manpage)
  kdc force enable rc4 weak session keys       New                     No
  reject md5 clients                           New Default, Deprecated Yes
  reject md5 servers                           New Default, Deprecated Yes
  server schannel                              Deprecated              Yes
  server schannel require seal                 New, Deprecated         Yes
  server schannel require seal:COMPUTERACCOUNT New
  winbind sealed pipes                         Deprecated              Yes

Changes since 4.17.3
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
     same size.

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
     user-controlled pointer in FAST.
   * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
   * BUG 15237: CVE-2022-37966.
   * BUG 15258: filter-subunit is inefficient with large numbers of knownfails.

o  Ralph Boehme <slow@samba.org>
   * BUG 15240: CVE-2022-38023.
   * BUG 15252: smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 13135: The KDC logic arround msDs-supportedEncryptionTypes differs from
     Windows.
   * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
     atomically.
   * BUG 15203: CVE-2022-42898 [SECURITY] krb5_pac_parse() buffer parsing
     vulnerability.
   * BUG 15206: libnet: change_password() doesn't work with
     dcerpc_samr_ChangePasswordUser4().
   * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
   * BUG 15230: Memory leak in snprintf replacement functions.
   * BUG 15237: CVE-2022-37966.
   * BUG 15240: CVE-2022-38023.
   * BUG 15253: RODC doesn't reset badPwdCount reliable via an RWDC
     (CVE-2021-20251 regression).

o  Noel Power <noel.power@suse.com>
   * BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
     same size.

o  Anoop C S <anoopcs@samba.org>
   * BUG 15198: Prevent EBADF errors with vfs_glusterfs.

o  Andreas Schneider <asn@samba.org>
   * BUG 15237: CVE-2022-37966.
   * BUG 15243: %U for include directive doesn't work for share listing
     (netshareenum).
   * BUG 15257: Stack smashing in net offlinejoin requestodj.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 15197: Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue.
   * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
   * BUG 15231: CVE-2022-37967.
   * BUG 15237: CVE-2022-37966.

o  Nicolas Williams <nico@twosigma.com>
   * BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
     user-controlled pointer in FAST.

-------------------------------------------------------------------
Tue Nov 15 16:26:29 UTC 2022 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.17.3
                         November 15, 2022
                   ==============================


This is a security release in order to address the following defects:


o CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against
                  integer overflows when parsing a PAC on a 32-bit system, which
                  allowed an attacker with a forged PAC to corrupt the heap.
                  https://www.samba.org/samba/security/CVE-2022-42898.html

Changes since 4.17.2
--------------------
o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 15203: CVE-2022-42898

o  Nicolas Williams <nico@twosigma.com>
   * BUG 15203: CVE-2022-42898

-------------------------------------------------------------------
Tue Oct 25 09:54:38 UTC 2022 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.17.2
                          October 25, 2022
                   ==============================


This is a security release in order to address the following defects:

o CVE-2022-3437:  There is a limited write heap buffer overflow in the GSSAPI
                  unwrap_des() and unwrap_des3() routines of Heimdal (included
                  in Samba).
                  https://www.samba.org/samba/security/CVE-2022-3437.html

o CVE-2022-3592:  A malicious client can use a symlink to escape the exported
                  directory.
                  https://www.samba.org/samba/security/CVE-2022-3592.html

Changes since 4.17.1
--------------------

o  Volker Lendecke <vl@samba.org>
   * BUG 15207: CVE-2022-3592.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 15134: CVE-2022-3437.


-------------------------------------------------------------------
Wed Oct 19 12:41:31 UTC 2022 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.17.1
                          October 19, 2022
                   ==============================


This is the latest stable release of the Samba 4.17 release series.


Changes since 4.17.0
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
     atomically.
   * BUG 15174: smbXsrv_connection_shutdown_send result leaked.
   * BUG 15182: Flush on a named stream never completes.
   * BUG 15195: Permission denied calling SMBC_getatr when file not exists.

o  Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
   * BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
     over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC.
   * BUG 15191: pytest: add file removal helpers for TestCaseInTempDir.

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
     atomically.
   * BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later.
     over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC.

o  Ralph Boehme <slow@samba.org>
   * BUG 15182: Flush on a named stream never completes.

o  Volker Lendecke <vl@samba.org>
   * BUG 15151: vfs_gpfs silently garbles timestamps > year 2106.

o  Gary Lockyer <gary@catalyst.net.nz>
   * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
     atomically.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15200: multi-channel socket passing may hit a race if one of the
     involved processes already existed.
   * BUG 15201: memory leak on temporary of struct imessaging_post_state and
     struct tevent_immediate on struct imessaging_context (in
     rpcd_spoolss and maybe others).

o  Noel Power <noel.power@suse.com>
   * BUG 15205: Since popt1.19 various use after free errors using result of
     poptGetArg are now exposed.

o  Anoop C S <anoopcs@samba.org>
   * BUG 15192: Remove special case for O_CREAT in SMB_VFS_OPENAT from
     vfs_glusterfs.

o  Andreas Schneider <asn@samba.org>
   * BUG 15169: GETPWSID in memory cache grows indefinetly with each NTLM auth.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
     atomically.


-------------------------------------------------------------------
Tue Sep 13 17:34:54 UTC 2022 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.17.0
                         September 13, 2022
                   ==============================


This is the first stable release of the Samba 4.17 release series.
Please read the release notes carefully before upgrading.


NEW FEATURES/CHANGES
====================

SMB Server performance improvements
-----------------------------------

The security improvements in recent releases
(4.13, 4.14, 4.15, 4.16), mainly as protection against symlink races,
caused performance regressions for meta data heavy workloads.

With 4.17 the situation improved a lot again:

- Pathnames given by a client are devided into dirname and basename.
  The amount of syscalls to validate dirnames is reduced to 2 syscalls
  (openat, close) per component. On modern Linux kernels (>= 5.6) smbd
  makes use of the openat2() syscall with RESOLVE_NO_SYMLINKS,
  in order to just use 2 syscalls (openat2, close) for the whole dirname.

- Contended path based operations used to generate a lot of unsolicited
  wakeup events causing thundering herd problems, which lead to masive
  latencies for some clients. These events are now avoided in order
  to provide stable latencies and much higher throughput of open/close
  operations.

Configure without the SMB1 Server
---------------------------------

It is now possible to configure Samba without support for
the SMB1 protocol in smbd. This can be selected at configure
time with either of the options:

--with-smb1-server
--without-smb1-server

By default (without either of these options set) Samba
is configured to include SMB1 support (i.e. --with-smb1-server
is the default). When Samba is configured without SMB1 support,
none of the SMB1 code is included inside smbd except the minimal
stub code needed to allow a client to connect as SMB1 and immediately
negotiate the selected protocol into SMB2 (as a Windows server also
allows).

None of the SMB1-only smb.conf parameters are removed when
configured without SMB1, but these parameters are ignored by
the smbd server. This allows deployment without having to change
an existing smb.conf file.

This option allows sites, OEMs and integrators to configure Samba
to remove the old and insecure SMB1 protocol from their products.

Note that the Samba client libraries still support SMB1 connections
even when Samba is configured as --without-smb1-server. This is
to ensure maximum compatibility with environments containing old
SMB1 servers.

Bronze bit and S4U support now also with MIT Kerberos 1.20
----------------------------------------------------------

In 2020 Microsoft Security Response Team received another Kerberos-related
report. Eventually, that led to a security update of the CVE-2020-17049,
Kerberos KDC Security Feature Bypass Vulnerability, also known as a ‘Bronze
Bit’. With this vulnerability, a compromised service that is configured to use
Kerberos constrained delegation feature could tamper with a service ticket that
is not valid for delegation to force the KDC to accept it.

With the release of MIT Kerberos 1.20, Samba AD DC is able able to mitigate the
‘Bronze Bit’ attack. MIT Kerberos KDC's KDB (Kerberos Database Driver) API was
changed to allow passing more details between KDC and KDB components. When built
against MIT Kerberos, Samba AD DC supports MIT Kerberos 1.19 and 1.20 versions
but 'Bronze Bit' mitigation is provided only with MIT Kerberos 1.20.

In addition to fixing the ‘Bronze Bit’ issue, Samba AD DC now fully supports
S4U2Self and S4U2Proxy Kerberos extensions.

Note the default (Heimdal-based) KDC was already fixed in 2021,
see https://bugzilla.samba.org/show_bug.cgi?id=14642

Resource Based Constrained Delegation (RBCD) support
----------------------------------------------------

Samba AD DC built with MIT Kerberos 1.20 offers RBCD support now. With MIT
Kerberos 1.20 we have complete RBCD support passing Sambas S4U testsuite.

samba-tool delegation got the 'add-principal' and 'del-principal' subcommands
in order to manage RBCD.

To complete RBCD support and make it useful to Administrators we added the
Asserted Identity [1] SID into the PAC for constrained delegation. This is
available for Samba AD compiled with MIT Kerberos 1.20.

Note the default (Heimdal-based) KDC does not support RBCD yet.

[1] https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview

Customizable DNS listening port
-------------------------------

It is now possible to set a custom listening port for the builtin DNS service,
making easy to host another DNS on the same system that would bind to the
default port and forward the domain-specific queries to Samba using the custom
port. This is the opposite configuration of setting a forwarder in Samba.

It makes possible to use another DNS server as a front and forward to Samba.

Dynamic DNS updates may not be proxied by the front DNS server when forwarding
to Samba. Dynamic DNS update proxying depends on the features of the other DNS
server used as a front.

CTDB changes
------------

* When Samba is configured with both --with-cluster-support and
  --systemd-install-services then a systemd service file for CTDB will
  be installed.

* ctdbd_wrapper has been removed.  ctdbd is now started directly from
  a systemd service file or init script.

* The syntax for the ctdb.tunables configuration file has been
  relaxed.  However, trailing garbage after the value, including
  comments, is no longer permitted.  Please see ctdb-tunables(7) for
  more details.

Operation without the (unsalted) NT password hash
-------------------------------------------------

When Samba is configured with 'nt hash store = never' then Samba will
no longer store the (unsalted) NT password hash for users in Active
Directory.  (Trust accounts, like computers, domain controllers and
inter-domain trusts are not impacted).

In the next version of Samba the default for 'nt hash store' will
change from 'always' to 'auto', where it will follow (behave as 'nt
hash store = never' when 'ntlm auth = disabled' is set.

Security-focused deployments of Samba that have eliminated NTLM from
their networks will find setting 'ntlm auth = disabled' with 'nt hash
store = always' as a useful way to improve compliance with
best-practice guidance on password storage (which is to always use an
interated hash).

Note that when 'nt hash store = never' is set, then arcfour-hmac-md5
Kerberos keys will not be available for users who subsequently change
their password, as these keys derive their values from NT hashes.  AES
keys are stored by default for all deployments of Samba with Domain
Functional Level 2008 or later, are supported by all modern clients,
and are much more secure.

Finally, also note that password history in Active Directory is stored
in nTPwdHistory using a series of NT hash values.  Therefore the full
password history feature is not available in this mode.

To provide some protection against password re-use previous Kerberos
hash values (the current, old and older values are already stored) are
used, providing a history length of 3.

There is one small limitation of this workaround: Changing the
sAMAccountName, userAccountControl or userPrincipalName of an account
can cause the Kerberos password salt to change.  This means that after
*both* an account rename and a password change, only the current
password will be recognised for password history purposes.

Python API for smbconf
----------------------

Samba's smbconf library provides a generic frontend to various
configuration backends (plain text file, registry) as a C library. A
new Python wrapper, importable as 'samba.smbconf' is available.  An
additional module, 'samba.samba3.smbconf', is also available to enable
registry backend support. These libraries allow Python programs to
read, and optionally write, Samba configuration natively.

JSON support for smbstatus
--------------------------

It is now possible to print detailed information in JSON format in
the smbstatus program using the new option --json. The JSON output
covers all the existing text output including sessions, connections,
open files, byte-range locks, notifies and profile data with all
low-level information maintained by Samba in the respective databases.

Protected Users security group
------------------------------

Samba AD DC now includes support for the Protected Users security
group introduced in Windows Server 2012 R2. The feature reduces the
attack surface of user accounts by preventing the use of weak
encryption types. It also mitigates the effects of credential theft by
limiting credential lifetime and scope.

The protections are intended for user accounts only, and service or
computer accounts should not be added to the Protected Users
group. User accounts added to the group are granted the following
security protections:

   * NTLM authentication is disabled.
   * Kerberos ticket-granting tickets (TGTs) encrypted with RC4 are
     not issued to or accepted from affected principals. Tickets
     encrypted with AES, and service tickets encrypted with RC4, are
     not affected by this restriction.
   * The lifetime of Kerberos TGTs is restricted to a maximum of four
     hours.
   * Kerberos constrained and unconstrained delegation is disabled.

If the Protected Users group is not already present in the domain, it
can be created with 'samba-tool group add'. The new '--special'
parameter must be specified, with 'Protected Users' as the name of the
group. An example command invocation is:

samba-tool group add 'Protected Users' --special

or against a remote server:

samba-tool group add 'Protected Users' --special -H ldap://dc1.example.com -U Administrator

The Protected Users group is identified in the domain by its having a
RID of 525. Thus, it should only be created with samba-tool and the
'--special' parameter, as above, so that it has the required RID
to function correctly.


REMOVED FEATURES
================

LanMan Authentication and password storage removed from the AD DC
-----------------------------------------------------------------

The storage and authentication with LanMan passwords has been entirely
removed from the Samba AD DC, even when "lanman auth = yes" is set.


smb.conf changes
================

  Parameter Name                          Description     Default
  --------------                          -----------     -------
  dns port                                New default     53
  fruit:zero_file_id                      New default     yes
  nt hash store                           New parameter   always
  smb1 unix extensions                    Replaces "unix extensions"
  volume serial number                    New parameter   -1
  winbind debug traceid                   New parameter   no


CHANGES SINCE 4.17.0rc4
=======================

o  Ralph Boehme <slow@samba.org>
   * BUG 15126: acl_xattr VFS module may unintentionally use filesystem
     permissions instead of ACL from xattr.
   * BUG 15153: Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1.
   * BUG 15161: assert failed: !is_named_stream(smb_fname)") at
     ../../lib/util/fault.c:197.

o  Volker Lendecke <vl@samba.org>
   * BUG 15126: acl_xattr VFS module may unintentionally use filesystem
     permissions instead of ACL from xattr.
   * BUG 15161: assert failed: !is_named_stream(smb_fname)") at
     ../../lib/util/fault.c:197.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15159: Cross-node multi-channel reconnects result in SMB2 Negotiate
     returning NT_STATUS_NOT_SUPPORTED.

o  Noel Power <noel.power@suse.com>
   * BUG 15160: winbind at info level debug can coredump when processing
     wb_lookupusergroups.


CHANGES SINCE 4.17.0rc3
=======================

o  Anoop C S <anoopcs@samba.org>
   * BUG 15157: Make use of glfs_*at() API calls in vfs_glusterfs.


CHANGES SINCE 4.17.0rc2
=======================

o  Jeremy Allison <jra@samba.org>
   * BUG 15128: Possible use after free of connection_struct when iterating
     smbd_server_connection->connections.

o  Christian Ambach <ambi@samba.org>
   * BUG 15145: `net usershare add` fails with flag works with --long but fails
     with -l.

o  Ralph Boehme <slow@samba.org>
   * BUG 15126: acl_xattr VFS module may unintentionally use filesystem
     permissions instead of ACL from xattr.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15125: Performance regression on contended path based operations.
   * BUG 15148: Missing READ_LEASE break could cause data corruption.

o  Andreas Schneider <asn@samba.org>
   * BUG 15141: libsamba-errors uses a wrong version number.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 15152: SMB1 negotiation can fail to handle connection errors.


CHANGES SINCE 4.17.0rc1
=======================

o  Jeremy Allison <jra@samba.org>
   * BUG 15143: New filename parser doesn't check veto files smb.conf parameter.
   * BUG 15144: 4.17.rc1 still uses symlink-race prone unix_convert()
   * BUG 15146: Backport fileserver related changed to 4.17.0rc2

o  Jule Anger <janger@samba.org>
   * BUG 15147: Manpage for smbstatus json is missing

o  Volker Lendecke <vl@samba.org>
   * BUG 15146: Backport fileserver related changed to 4.17.0rc2

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15125: Performance regression on contended path based operations
   * BUG 15146: Backport fileserver related changed to 4.17.0rc2

o  Andreas Schneider <asn@samba.org>
   * BUG 15140: Fix issues found by coverity in smbstatus json code
   * BUG 15146: Backport fileserver related changed to 4.17.0rc2


-------------------------------------------------------------------
Thu Sep  8 07:26:40 UTC 2022 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.16.5
                         September 07, 2022
                   ==============================


This is the latest stable release of the Samba 4.16 release series.


Changes since 4.16.4
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 15128: Possible use after free of connection_struct when iterating
     smbd_server_connection->connections.

o  Ralph Boehme <slow@samba.org>
   * BUG 15086: Spotlight RPC service returns wrong response when Spotlight is
     disabled on a share.
   * BUG 15126: acl_xattr VFS module may unintentionally use filesystem
     permissions instead of ACL from xattr.
   * BUG 15153: Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1.
   * BUG 15161: assert failed: !is_named_stream(smb_fname)") at
     ../../lib/util/fault.c:197.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15148: Missing READ_LEASE break could cause data corruption.

o  Andreas Schneider <asn@samba.org>
   * BUG 15124: rpcclient can crash using setuserinfo(2).
   * BUG 15132: Samba fails to build with glibc 2.36 caused by including
     <sys/mount.h> in libreplace.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 15152: SMB1 negotiation can fail to handle connection errors.

o  Michael Tokarev <mjt@tls.msk.ru>
   * BUG 15078: samba-tool domain join segfault when joining a samba ad domain.

-------------------------------------------------------------------
Wed Jul 27 13:03:27 UTC 2022 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.16.4
                           July 27, 2022
                   ==============================


This is a security release in order to address the following defects:

o CVE-2022-2031:  Samba AD users can bypass certain restrictions associated with
                  changing passwords.
                  https://www.samba.org/samba/security/CVE-2022-2031.html

o CVE-2022-32744: Samba AD users can forge password change requests for any user.
                  https://www.samba.org/samba/security/CVE-2022-32744.html

o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add
                  or modify request.
                  https://www.samba.org/samba/security/CVE-2022-32745.html

o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
                  process with an LDAP add or modify request.
                  https://www.samba.org/samba/security/CVE-2022-32746.html

o CVE-2022-32742: Server memory information leak via SMB1.
                  https://www.samba.org/samba/security/CVE-2022-32742.html

Changes since 4.16.3
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 15085: CVE-2022-32742.

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 15009: CVE-2022-32746.

o  Andreas Schneider <asn@samba.org>
   * BUG 15047: CVE-2022-2031.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 15008: CVE-2022-32745.
   * BUG 15009: CVE-2022-32746.
   * BUG 15047: CVE-2022-2031.
   * BUG 15074: CVE-2022-32744.

-------------------------------------------------------------------
Mon Jul 25 07:13:05 UTC 2022 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.16.3
                           July 18, 2022
                   ==============================


This is the latest stable release of the Samba 4.16 release series.


Changes since 4.16.2
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 15099: Using vfs_streams_xattr and deleting a file causes a panic.

o  Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
   * BUG 14986: Add support for bind 9.18.
   * BUG 15076: logging dsdb audit to specific files does not work.

o  Samuel Cabrero <scabrero@samba.org>
   * BUG 14979: Problem when winbind renews Kerberos.
   * BUG 15095: Samba with new lorikeet-heimdal fails to build on gcc 12.1 in
     developer mode.

o  Volker Lendecke <vl@samba.org>
   * BUG 15105: Crash in streams_xattr because fsp->base_fsp->fsp_name is NULL.
   * BUG 15118: Crash in rpcd_classic - NULL pointer deference in
     mangle_is_mangled().

o  Noel Power <noel.power@suse.com>
   * BUG 15100: smbclient commands del & deltree fail with
     NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS.

o  Christof Schmitt <cs@samba.org>
   * BUG 15120: Fix check for chown when processing NFSv4 ACL.

o  Andreas Schneider <asn@samba.org>
   * BUG 15082: The pcap background queue process should not be stopped.
   * BUG 15097: testparm: Fix typo in idmap rangesize check.
   * BUG 15106: net ads info returns LDAP server and LDAP server name as null.
   * BUG 15108: ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link.

o  Martin Schwenke <martin@meltin.net>
   * BUG 15090: CTDB child process logging does not work as expected.

-------------------------------------------------------------------
Mon Jun 13 09:15:45 UTC 2022 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.16.2
                           June 13, 2022
                   ==============================


This is the latest stable release of the Samba 4.16 release series.


Changes since 4.16.1
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 15042: Use pathref fd instead of io fd in vfs_default_durable_cookie.

o  Ralph Boehme <slow@samba.org>
   * BUG 15069: vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
     file had been deleted.

o  Samuel Cabrero <scabrero@samba.org>
   * BUG 15087: netgroups support removed.

o  Samuel Cabrero <scabrero@suse.de>
   * BUG 14674: net ads info shows LDAP Server: 0.0.0.0 depending on contacted
     server.

o  Volker Lendecke <vl@samba.org>
   * BUG 15062: Update from 4.15  to 4.16 breaks discovery of [homes] on
     standalone server from Win and IOS.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 15071: waf produces incorrect names for python extensions with Python
     3.11.

o  Noel Power <noel.power@suse.com>
   * BUG 15075: smbclient -E doesn't work as advertised.

o  Andreas Schneider <asn@samba.org>
   * BUG 15071: waf produces incorrect names for python extensions with Python
     3.11.
   * BUG 15081: The samba background daemon doesn't refresh the printcap cache
     on startup.

o  Robert Sprowson <webpages@sprow.co.uk>
   * BUG 14443: Out-by-4 error in smbd read reply max_send clamp..

-------------------------------------------------------------------
Mon May  2 09:56:14 UTC 2022 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.16.1
                            May 02, 2022
                   ==============================


This is the latest stable release of the Samba 4.16 release series.


Changes since 4.16.0
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 14831: Share and server swapped in smbget password prompt.
   * BUG 15022: Durable handles won't reconnect if the leased file is written
     to.
   * BUG 15023: rmdir silently fails if directory contains unreadable files and
     hide unreadable is yes.
   * BUG 15038: SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on
     renamed file handle.

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 8731: Need to describe --builtin-libraries= better (compare with
    --bundled-libraries).

o  Ralph Boehme <slow@samba.org>
   * BUG 14957: vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback.
   * BUG 15035: shadow_copy2 fails listing snapshotted dirs with
     shadow:fixinodes.

o  Samuel Cabrero <scabrero@samba.org>
   * BUG 15046: PAM Kerberos authentication incorrectly fails with a clock skew
     error.

o  Pavel Filipenský <pfilipen@redhat.com>
   * BUG 15041: Username map - samba erroneously applies unix group memberships
     to user account entries.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 14951: KVNO off by 100000.

o  Christof Schmitt <cs@samba.org>
   * BUG 15027: Uninitialized litemask in variable in vfs_gpfs module.
   * BUG 15055: vfs_gpfs recalls=no option prevents listing files.

o  Andreas Schneider <asn@cryptomilk.org>
   * BUG 15054: smbd doesn't handle UPNs for looking up names.


-------------------------------------------------------------------
Mon Mar 21 18:58:55 UTC 2022 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.16.0
                           March 21, 2022
                   ==============================

This is the first stable release of the Samba 4.16 release series.
Please read the release notes carefully before upgrading.


NEW FEATURES/CHANGES
====================

New samba-dcerpcd binary to provide DCERPC in the member server setup
---------------------------------------------------------------------

In order to make it much easier to break out the DCERPC services
from smbd, a new samba-dcerpcd binary has been created.

samba-dcerpcd can be used in two ways. In the normal case without
startup script modification it is invoked on demand from smbd or
winbind --np-helper to serve DCERPC over named pipes. Note that
in order to run in this mode the smb.conf [global] section has
a new parameter "rpc start on demand helpers = [true|false]".
This parameter is set to "true" by default, meaning no changes to
smb.conf files are needed to run samba-dcerpcd on demand as a named
pipe helper.

It can also be used in a standalone mode where it is started
separately from smbd or winbind but this requires changes to system
startup scripts, and in addition a change to smb.conf, setting the new
[global] parameter "rpc start on demand helpers = false". If "rpc
start on demand helpers" is not set to false, samba-dcerpcd will
refuse to start in standalone mode.

Note that when Samba is run in the Active Directory Domain Controller
mode the samba binary that provides the AD code will still provide its
normal DCERPC services whilst allowing samba-dcerpcd to provide
services like SRVSVC in the same way that smbd used to in this
configuration.

The parameters that allowed some smbd-hosted services to be started
externally are now gone (detailed below) as this is now the default
setting.

samba-dcerpcd can also be useful for use outside of the Samba
framework, for example, use with the Linux kernel SMB2 server ksmbd or
possibly other SMB2 server implementations.

Heimdal-8.0pre used for Samba Internal Kerberos, adds FAST support
------------------------------------------------------------------

Samba has since Samba 4.0 included a snapshot of the Heimdal Kerberos
implementation.  This snapshot has now been updated and will closely
match what will be released as Heimdal 8.0 shortly.

This is a major update, previously we used a snapshot of Heimdal from
2011, and brings important new Kerberos security features such as
Kerberos request armoring, known as FAST.  This tunnels ticket
requests and replies that might be encrypted with a weak password
inside a wrapper built with a stronger password, say from a machine
account.

In Heimdal and MIT modes Samba's KDC now supports FAST, for the
support of non-Windows clients.

Windows clients will not use this feature however, as they do not
attempt to do so against a server not advertising domain Functional
Level 2012.  Samba users are of course free to modify how Samba
advertises itself, but use with Windows clients is not supported "out
of the box".

Finally, Samba also uses a per-KDC, not per-realm 'cookie' to secure part of
the FAST protocol.  A future version will align this more closely with
Microsoft AD behaviour.

If FAST needs to be disabled on your Samba KDC, set

 kdc enable fast = no

in the smb.conf.

The Samba project wishes to thank the numerous developers who have put
in a massive effort to make this possible over many years.  In
particular we thank Stefan Metzmacher, Joseph Sutton, Gary Lockyer,
Isaac Boukris and Andrew Bartlett.  Samba's developers in turn thank
their employers and in turn their customers who have supported this
effort over many years.

Certificate Auto Enrollment
---------------------------

Certificate Auto Enrollment allows devices to enroll for certificates from
Active Directory Certificate Services. It is enabled by Group Policy.
To enable Certificate Auto Enrollment, Samba's group policy will need to be
enabled by setting the smb.conf option `apply group policies` to Yes. Samba
Certificate Auto Enrollment depends on certmonger, the cepces certmonger
plugin, and sscep. Samba uses sscep to download the CA root chain, then uses
certmonger paired with cepces to monitor the host certificate templates.
Certificates are installed in /var/lib/samba/certs and private keys are
installed in /var/lib/samba/private/certs.

Ability to add ports to dns forwarder addresses in internal DNS backend
-----------------------------------------------------------------------

The internal DNS server of Samba forwards queries non-AD zones to one or more
configured forwarders. Up until now it has been assumed that these forwarders
listen on port 53. Starting with this version it is possible to configure the
port using host:port notation. See smb.conf for more details. Existing setups
are not affected, as the default port is 53.

CTDB changes
------------

* The "recovery master" role has been renamed "leader"

  Documentation and logs now refer to "leader".

  The following ctdb tool command names have changed:

    recmaster -> leader
    setrecmasterrole -> setleaderrole

  Command output has changed for the following commands:

    status
    getcapabilities

  The "[legacy] -> recmaster capability" configuration option has been
  renamed and moved to the cluster section, so this is now:

    [cluster] -> leader capability

* The "recovery lock" has been renamed "cluster lock"

  Documentation and logs now refer to "cluster lock".

  The "[cluster] -> recovery lock" configuration option has been
  deprecated and will be removed in a future version.  Please use
  "[cluster] -> cluster lock" instead.

  If the cluster lock is enabled then traditional elections are not
  done and leader elections use a race for the cluster lock.  This
  avoids various conditions where a node is elected leader but can not
  take the cluster lock.  Such conditions included:

  - At startup, a node elects itself leader of its own cluster before
    connecting to other nodes

  - Cluster filesystem failover is slow

  The abbreviation "reclock" is still used in many places, because a
  better abbreviation eludes us (i.e. "clock" is obvious bad) and
  changing all instances would require a lot of churn.  If the
  abbreviation "reclock" for "cluster lock" is confusing, please
  consider mentally prefixing it with "really excellent".

* CTDB now uses leader broadcasts and an associated timeout to
  determine if an election is required

  The leader broadcast timeout can be configured via new configuration
  option

    [cluster] -> leader timeout

  This specifies the number of seconds without leader broadcasts
  before a node calls an election.  The default is 5.


REMOVED FEATURES
================

Older SMB1 protocol SMBCopy command removed
-------------------------------------------

SMB is a nearly 30-year old protocol, and some protocol commands that
while supported in all versions, have not seen widespread use.

One of those is SMBCopy, a feature for a server-side copy of a file.
This feature has been so unmaintained that Samba has no testsuite for
it.

The SMB1 command SMB_COM_COPY (SMB1 command number 0x29) was
introduced in the LAN Manager 1.0 dialect and it was rendered obsolete
in the NT LAN Manager dialect.

Therefore it has been removed from the Samba smbd server.

We do note that a fully supported and tested server-side copy is
present in SMB2, and can be accessed with "scopy" subcommand in
smbclient)

SMB1 server-side wildcard expansion removed
-------------------------------------------

Server-side wildcard expansion is another feature that sounds useful,
but is also rarely used and has become problematic - imposing extra
work on the server (both in terms of code and CPU time).

In actual OS design, wildcard expansion is handled in the local shell,
not at the remote server using SMB wildcard syntax (which is not shell
syntax).

In Samba 4.16 the ability to process file name wildcards in requests
using the SMB1 commands SMB_COM_RENAME (SMB1 command number 0x7),
SMB_COM_NT_RENAME (SMB1 command number 0xA5) and SMB_COM_DELETE (SMB1
command number 0x6) has been removed.

SMB1 protocol has been deprecated, particularly older dialects
--------------------------------------------------------------

We take this opportunity to remind that we have deprecated and
disabled by default, but not removed, the whole SMB1 protocol since
Samba 4.11.  If needed for security purposes or code maintenance we
will continue to remove older protocol commands and dialects that are
unused or have been replaced in more modern SMB1 versions.

We specifically deprecate the older dialects older than "NT LM 0.12"
(also known as "NT LANMAN 1.0" and "NT1").

Please note that "NT LM 0.12" is the dialect used by software as old
as Windows 95, Windows NT and Samba 2.0, so this deprecation applies
to DOS and similar era clients.

We do reassure that that 'simple' operation of older clients than
these (eg DOS) will, while untested, continue for the near future, our
purpose is not to cripple use of Samba in unique situations, but to
reduce the maintaince burden.

Eventually SMB1 as a whole will be removed, but no broader change is
announced for 4.16.

In the rare case where the above changes cause incompatibilities,
users requiring support for these features will need to use older
versions of Samba.

No longer using Linux mandatory locks for sharemodes
====================================================

smbd mapped sharemodes to Linux mandatory locks. This code in the Linux kernel
was broken for a long time, and is planned to be removed with Linux 5.15. This
Samba release removes the usage of mandatory locks for sharemodes and the
"kernel share modes" config parameter is changed to default to "no". The Samba
VFS interface is kept, so that file-system specific VFS modules can still use
private calls for enforcing sharemodes.


smb.conf changes
================

  Parameter Name                          Description     Default
  --------------                          -----------     -------
  kernel share modes                      New default     No
  dns forwarder                           Changed
  rpc_daemon                              Removed
  rpc_server                              Removed
  rpc start on demand helpers             Added           true


CHANGES SINCE 4.16.0rc5
=======================

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 15000: Memory leak in FAST cookie handling.

o  Elia Geretto <elia.f.geretto@gmail.com>
   * BUG 14983: NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES
     in SMBC_server_internal.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 13879: Simple bind doesn't work against an RODC (with non-preloaded
     users).
   * BUG 14641: Crash of winbind on RODC.
   * BUG 15001: LDAP simple binds should honour "old password allowed period".
   * BUG 15002: S4U2Self requests don't work against servers without FAST
     support.
   * BUG 15003: wbinfo -a doesn't work reliable with upn names.
   * BUG 15005: A cross-realm kerberos client exchanges fail using KDCs with and
     without FAST.
   * BUG 15015: PKINIT: hdb_samba4_audit: Unhandled hdb_auth_status=9 =>
     INTERNAL_ERROR.

o  Garming Sam <garming@catalyst.net.nz>
   * BUG 13879: Simple bind doesn't work against an RODC (with non-preloaded
     users).

o  Andreas Schneider <asn@samba.org>
   * BUG 15016: Regression: create krb5 conf = yes doesn't work with a single
     KDC.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 15015: PKINIT: hdb_samba4_audit: Unhandled hdb_auth_status=9 =>
     INTERNAL_ERROR.


CHANGES SINCE 4.16.0rc4
=======================

o  Jeremy Allison <jra@samba.org>
   * BUG 14737: Samba does not response STATUS_INVALID_PARAMETER when opening 2
     objects with same lease key.

o  Jule Anger <janger@samba.org>
   * BUG 14999: Listing shares with smbstatus no longer works.

o  Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
   * BUG 14996: Fix ldap simple bind with TLS auditing.

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 14995: Use Heimdal 8.0 (pre) rather than an earlier snapshot.

o  Volker Lendecke <vl@samba.org>
   * BUG 14989: Fix a use-after-free in SMB1 server.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 14865: Uncached logon on RODC always fails once.
   * BUG 14984: Changing the machine password against an RODC likely destroys
     the domain join.
   * BUG 14993: authsam_make_user_info_dc() steals memory from its struct
     ldb_message *msg argument.
   * BUG 14995: Use Heimdal 8.0 (pre) rather than an earlier snapshot.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 14995: Use Heimdal 8.0 (pre) rather than an earlier snapshot.


CHANGES SINCE 4.16.0rc3
=======================

o  Samuel Cabrero <scabrero@suse.de>
   * BUG 14979: Problem when winbind renews Kerberos.

o  Björn Jacke <bj@sernet.de>
   * BUG 13631: DFS fix for AIX broken.
   * BUG 14974: Solaris and AIX acl modules: wrong function arguments.
   * BUG 7239: Function aixacl_sys_acl_get_file not declared / coredump.

o  Andreas Schneider <asn@samba.org>
   * BUG 14967: Samba autorid fails to map AD users if id rangesize fits in the
     id range only once.

o  Martin Schwenke <martin@meltin.net>
   * BUG 14958: CTDB can get stuck in election and recovery.


CHANGES SINCE 4.16.0rc2
=======================

o  Jeremy Allison <jra@samba.org>
   * BUG 14169: Renaming file on DFS root fails with
     NT_STATUS_OBJECT_PATH_NOT_FOUND.
   * BUG 14938: NT error code is not set when overwriting a file during rename
     in libsmbclient.

o  Ralph Boehme <slow@samba.org>
   * BUG 14674: net ads info shows LDAP Server: 0.0.0.0 depending on contacted
     server.

o  Pavel Filipenský <pfilipen@redhat.com>
   * BUG 14971: virusfilter_vfs_openat: Not scanned: Directory or special file.

o  Volker Lendecke <vl@samba.org>
   * BUG 14900: Regression: Samba 4.15.2 on macOS segfaults intermittently
     during strcpy in tdbsam_getsampwnam.
   * BUG 14975: Fix a crash in vfs_full_audit - CREATE_FILE can free a used fsp.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 14968: smb2_signing_decrypt_pdu() may not decrypt with
     gnutls_aead_cipher_decrypt() from gnutls before 3.5.2.

o  Andreas Schneider <asn@samba.org>
   * BUG 14960: SDB uses HDB flags directly which can lead to unwanted side
     effects.


CHANGES SINCE 4.16.0rc1
=======================

o  Jeremy Allison <jra@samba.org>
   * BUG 14911: CVE-2021-44141: UNIX extensions in SMB1 disclose whether the
     outside target of a symlink exists.

o  Ralph Boehme <slow@samba.org>
   * BUG 14914: CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit
     module.
   * BUG 14961: install elasticsearch_mappings.json

o  FeRD (Frank Dana) <ferdnyc@gmail.com>
   * BUG 14947: samba-bgqd still notifying systemd, triggering log warnings
     without NotifyAccess=all.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 14867: Printing no longer works on Windows 7 with 2021-10 monthly
     rollup patch.
   * BUG 14956: ndr_push_string() adds implicit termination for
     STR_NOTERM|REMAINING empty strings.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 14950: CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict
     checks.


KNOWN ISSUES
============

https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.16#Release_blocking_bugs

-------------------------------------------------------------------
Tue Mar 15 14:17:25 UTC 2022 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.15.6
                           March 15, 2022
                   ==============================


This is the latest stable release of the Samba 4.15 release series.


Changes since 4.15.5
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 14169: Renaming file on DFS root fails with
     NT_STATUS_OBJECT_PATH_NOT_FOUND.
   * BUG 14737: Samba does not response STATUS_INVALID_PARAMETER when opening 2
     objects with same lease key.
   * BUG 14938: NT error code is not set when overwriting a file during rename
     in libsmbclient.

o  Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
   * BUG 14996: Fix ldap simple bind with TLS auditing.

o  Ralph Boehme <slow@samba.org>
   * BUG 14674: net ads info shows LDAP Server: 0.0.0.0 depending on contacted
     server.

o  Samuel Cabrero <scabrero@suse.de>
   * BUG 14979: Problem when winbind renews Kerberos.

o  Günther Deschner <gd@samba.org>
   * BUG 8691: pam_winbind will not allow gdm login if password about to expire.

o  Pavel Filipenský <pfilipen@redhat.com>
   * BUG 14971: virusfilter_vfs_openat: Not scanned: Directory or special file.

o  Björn Jacke <bj@sernet.de>
   * BUG 13631: DFS fix for AIX broken.
   * BUG 14974: Solaris and AIX acl modules: wrong function arguments.
   * BUG 7239: Function aixacl_sys_acl_get_file not declared / coredump.

o  Volker Lendecke <vl@samba.org>
   * BUG 14900: Regression: Samba 4.15.2 on macOS segfaults intermittently
     during strcpy in tdbsam_getsampwnam.
   * BUG 14989: Fix a use-after-free in SMB1 server.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 14968: smb2_signing_decrypt_pdu() may not decrypt with
     gnutls_aead_cipher_decrypt() from gnutls before 3.5.2.
   * BUG 14984: changing the machine password against an RODC likely destroys
     the domain join.
   * BUG 14993: authsam_make_user_info_dc() steals memory from its struct
     ldb_message *msg argument.
   * BUG 14995: Use Heimdal 8.0 (pre) rather than an earlier snapshot.

o  Andreas Schneider <asn@samba.org>
   * BUG 14967: Samba autorid fails to map AD users if id rangesize fits in the
     id range only once.

-------------------------------------------------------------------
Mon Jan 31 13:49:07 UTC 2022 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.15.5
                          January 31, 2022
                   ==============================


This is a security release in order to address the following defects:

o CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target
                  of a symlink exists.
                  https://www.samba.org/samba/security/CVE-2021-44141.html

o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
                  https://www.samba.org/samba/security/CVE-2021-44142.html

o CVE-2022-0336:  Re-adding an SPN skips subsequent SPN conflict checks.
                  https://www.samba.org/samba/security/CVE-2022-0336.html


Changes since 4.15.4
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 14911: CVE-2021-44141

o  Ralph Boehme <slow@samba.org>
   * BUG 14914: CVE-2021-44142

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 14950: CVE-2022-0336

-------------------------------------------------------------------
Wed Jan 19 15:16:13 UTC 2022 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.15.4
                          January 19, 2022
                   ==============================


This is the latest stable release of the Samba 4.15 release series.


Changes since 4.15.3
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 14928: Duplicate SMB file_ids leading to Windows client cache
     poisoning.
   * BUG 14939: smbclient -L doesn't set "client max protocol" to NT1 before
     calling the "Reconnecting with SMB1 for workgroup listing" path.
   * BUG 14944: Missing pop_sec_ctx() in error path inside close_directory().

o  Pavel Filipenský <pfilipen@redhat.com>
   * BUG 14940: Cross device copy of the crossrename module always fails.
   * BUG 14941: symlinkat function from VFS cap module always fails with an
     error.
   * BUG 14942: Fix possible fsp pointer deference.

o  Volker Lendecke <vl@samba.org>
   * BUG 14934: kill_tcp_connections does not work.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 14932: Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error -
     NT_STATUS_BUFFER_TOO_SMALL.
   * BUG 14935: Can't connect to Windows shares not requiring authentication
     using KDE/Gnome.

o  Andreas Schneider <asn@samba.org>
   * BUG 14945: "smbd --build-options" no longer works without an smb.conf file.

o  Jones Syue <jonessyue@qnap.com>
   * BUG 14928: Duplicate SMB file_ids leading to Windows client cache
     poisoning.


-------------------------------------------------------------------
Wed Dec  8 15:13:00 UTC 2021 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.15.3
                         December 08, 2021
                   ==============================


This is the latest stable release of the Samba 4.15 release series.

Important Notes
===============

There have been a few regressions in the security release 4.15.2:

o CVE-2020-25717: A user on the domain can become root on domain members.
                  https://www.samba.org/samba/security/CVE-2020-25717.html
                  PLEASE [RE-]READ!
                  The instructions have been updated and some workarounds
                  initially adviced for 4.15.2 are no longer required and
                  should be reverted in most cases.

o BUG-14902: User with multiple spaces (eg Fred<space><space>Nurk) become
             un-deletable. While this release should fix this bug, it is
             adviced to have a look at the bug report for more detailed
             information, see https://bugzilla.samba.org/show_bug.cgi?id=14902.

Changes since 4.15.2
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 14878: Recursive directory delete with veto files is broken in 4.15.0.
   * BUG 14879: A directory containing dangling symlinks cannot be deleted by
     SMB2 alone when they are the only entry in the directory.
   * BUG 14892: SIGSEGV in rmdir_internals/synthetic_pathref - dirfsp is used
     uninitialized in rmdir_internals().

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 14694: MaxQueryDuration not honoured in Samba AD DC LDAP.
   * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
     side effects for the local nt token.
   * BUG 14902: User with multiple spaces (eg Fred<space><space>Nurk) become
     un-deletable.

o  Ralph Boehme <slow@samba.org>
   * BUG 14127: Avoid storing NTTIME_THAW (-2) as value on disk.
   * BUG 14882: smbXsrv_client_global record validation leads to crash if
     existing record points at non-existing process.
   * BUG 14890: Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call.
   * BUG 14897: Samba process doesn't log to logfile.
   * BUG 14907: set_ea_dos_attribute() fallback calling
     get_file_handle_for_metadata() triggers locking.tdb assert.
   * BUG 14922: Kerberos authentication on standalone server in MIT realm
     broken.
   * BUG 14923: Segmentation fault when joining the domain.

o  Alexander Bokovoy <ab@samba.org>
   * BUG 14903: Support for ROLE_IPA_DC is incomplete.

o  Günther Deschner <gd@samba.org>
   * BUG 14767: rpcclient cannot connect to ncacn_ip_tcp services anymore
   * BUG 14893: winexe crashes since 4.15.0 after popt parsing.

o  Volker Lendecke <vl@samba.org>
   * BUG 14908: net ads status -P broken in a clustered environment.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 14788: Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before
     smbd_smb2_ioctl_send.
   * BUG 14882: smbXsrv_client_global record validation leads to crash if
     existing record points at non-existing process.
   * BUG 14899: winbindd doesn't start when "allow trusted domains" is off.
   * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
     side effects for the local nt token.

o  Andreas Schneider <asn@samba.org>
   * BUG 14767: rpcclient cannot connect to ncacn_ip_tcp services anymore.
   * BUG 14883: smbclient login without password using '-N' fails with
     NT_STATUS_INVALID_PARAMETER on Samba AD DC.
   * BUG 14912: A schannel client incorrectly detects a downgrade connecting to
     an AES only server.
   * BUG 14921: Possible null pointer dereference in winbind.

o  Andreas Schneider <asn@cryptomilk.org>
   * BUG 14846: Fix -k legacy option for client tools like smbclient, rpcclient,
     net, etc.

o  Martin Schwenke <martin@meltin.net>
   * BUG 14872: Add Debian 11 CI bootstrap support.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 14694: MaxQueryDuration not honoured in Samba AD DC LDAP.
   * BUG 14901: The CVE-2020-25717 username map [script] advice has undesired
     side effects for the local nt token.

o  Andrew Walker <awalker@ixsystems.com>
   * BUG 14888: Crash in recycle_unlink_internal().


-------------------------------------------------------------------
Tue Nov  9 18:22:48 UTC 2021 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.15.2
                           November 9, 2021
                   ==============================


This is a security release in order to address the following defects:

o CVE-2016-2124:  SMB1 client connections can be downgraded to plaintext
                  authentication.
                  https://www.samba.org/samba/security/CVE-2016-2124.html

o CVE-2020-25717: A user on the domain can become root on domain members.
                  https://www.samba.org/samba/security/CVE-2020-25717.html
                  (PLEASE READ! There are important behaviour changes described)

o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued
                  by an RODC.
                  https://www.samba.org/samba/security/CVE-2020-25718.html

o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos
                  tickets.
                  https://www.samba.org/samba/security/CVE-2020-25719.html

o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers
                  (eg objectSid).
                  https://www.samba.org/samba/security/CVE-2020-25721.html

o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
                  checking of data stored.
                  https://www.samba.org/samba/security/CVE-2020-25722.html

o CVE-2021-3738:  Use after free in Samba AD DC RPC server.
                  https://www.samba.org/samba/security/CVE-2021-3738.html

o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
                  https://www.samba.org/samba/security/CVE-2021-23192.html


Changes since 4.15.1
--------------------

o  Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
   * CVE-2020-25722

o  Andrew Bartlett <abartlet@samba.org>
   * CVE-2020-25718
   * CVE-2020-25719
   * CVE-2020-25721
   * CVE-2020-25722

o  Ralph Boehme <slow@samba.org>
   * CVE-2020-25717

o  Alexander Bokovoy <ab@samba.org>
   * CVE-2020-25717

o  Samuel Cabrero <scabrero@samba.org>
   * CVE-2020-25717

o  Nadezhda Ivanova <nivanova@symas.com>
   * CVE-2020-25722

o  Stefan Metzmacher <metze@samba.org>
   * CVE-2016-2124
   * CVE-2020-25717
   * CVE-2020-25719
   * CVE-2020-25722
   * CVE-2021-23192
   * CVE-2021-3738

o  Andreas Schneider <asn@samba.org>
   * CVE-2020-25719

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * CVE-2020-17049
   * CVE-2020-25718
   * CVE-2020-25719
   * CVE-2020-25721
   * CVE-2020-25722
   * MS CVE-2020-17049
-------------------------------------------------------------------
Wed Oct 27 16:00:29 UTC 2021 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.15.1
                          October 27, 2021
                   ==============================


This is the latest stable release of the Samba 4.15 release series.


Changes since 4.15.0
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 14682: vfs_shadow_copy2: core dump in make_relative_path.
   * BUG 14685: Log clutter from filename_convert_internal.
   * BUG 14862: MacOSX compilation fixes.

o  Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
   * BUG 14868: rodc_rwdc test flaps.

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
     bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded
     Heimdal.
   * BUG 14836: Python ldb.msg_diff() memory handling failure.
   * BUG 14845: "in" operator on ldb.Message is case sensitive.
   * BUG 14848: Release LDB 2.4.1 for Samba 4.15.1.
   * BUG 14854: samldb_krbtgtnumber_available() looks for incorrect string.
   * BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED.
   * BUG 14874: Allow special chars like "@" in samAccountName when generating
     the salt.

o  Ralph Boehme <slow@samba.org>
   * BUG 14826: Correctly ignore comments in CTDB public addresses file.

o  Isaac Boukris <iboukris@gmail.com>
   * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
     bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded
     Heimdal.

o  Viktor Dukhovni <viktor@twosigma.com>
   * BUG 12998: Fix transit path validation.

o  Pavel Filipenský <pfilipen@redhat.com>
   * BUG 14852: Fix that child winbindd logs to log.winbindd instead of
     log.wb-<DOMAIN>.

o  Luke Howard <lukeh@padl.com>
   * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
     bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded
     Heimdal.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 14855: SMB3 cancel requests should only include the MID together with
     AsyncID when AES-128-GMAC is used.

o  Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
   * BUG 14862: MacOSX compilation fixes.

o  Andreas Schneider <asn@samba.org>
   * BUG 14870: Prepare to operate with MIT krb5 >= 1.20.

o  Martin Schwenke <martin@meltin.net>
   * BUG 14826: Correctly ignore comments in CTDB public addresses file.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
     bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded
     Heimdal.
   * BUG 14836: Python ldb.msg_diff() memory handling failure.
   * BUG 14845: "in" operator on ldb.Message is case sensitive.
   * BUG 14864: Heimdal prefers RC4 over AES for machine accounts.
   * BUG 14868: rodc_rwdc test flaps.
   * BUG 14871: Fix Samba support for UF_NO_AUTH_DATA_REQUIRED.
   * BUG 14874: Allow special chars like "@" in samAccountName when generating
     the salt.

o  Nicolas Williams <nico@twosigma.com>
   * BUG 14642: Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
     bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded
     Heimdal.


-------------------------------------------------------------------
Wed Oct 27 16:00:26 UTC 2021 - macke d <mdbuild@use.startmail.com>

- 

-------------------------------------------------------------------
Mon Sep 20 15:25:32 UTC 2021 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.15.0
                         September 20, 2021
                   ==============================


This is the first stable release of the Samba 4.15 release series.
Please read the release notes carefully before upgrading.


Removed SMB (development) dialects
==================================

The following SMB (development) dialects are no longer
supported: SMB2_22, SMB2_24 and SMB3_10. They are were
only supported by Windows technical preview builds.
They used to be useful in order to test against the
latest Windows versions, but it's no longer useful
to have them. If you have them explicitly specified
in your smb.conf or an the command line,
you need to replace them like this:
- SMB2_22 => SMB3_00
- SMB2_24 => SMB3_00
- SMB3_10 => SMB3_11
Note that it's typically not useful to specify
"client max protocol" or "server max protocol"
explicitly to a specific dialect, just leave
them unspecified or specify the value "default".

New GPG key
===========

The GPG release key for Samba releases changed from:

pub   dsa1024/6F33915B6568B7EA 2007-02-04 [SC] [expires: 2021-02-05]
      Key fingerprint = 52FB C0B8 6D95 4B08 4332  4CDC 6F33 915B 6568 B7EA
uid                 [  full  ] Samba Distribution Verification Key <samba-bugs@samba.org>
sub   elg2048/9C6ED163DA6DFB44 2007-02-04 [E] [expires: 2021-02-05]

to the following new key:

pub   rsa4096/AA99442FB680B620 2020-12-21 [SC] [expires: 2022-12-21]
      Key fingerprint = 81F5 E283 2BD2 545A 1897  B713 AA99 442F B680 B620
uid                 [ultimate] Samba Distribution Verification Key <samba-bugs@samba.org>
sub   rsa4096/97EF9386FBFD4002 2020-12-21 [E] [expires: 2022-12-21]

Starting from Jan 21th 2021, all Samba releases will be signed with the new key.

See also GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt

New minimum version for the experimental MIT KDC
================================================

The build of the AD DC using the system MIT Kerberos, an
experimental feature, now requires MIT Kerberos 1.19.  An up-to-date
Fedora 34 has this version and has backported fixes for the KDC crash
bugs CVE-2021-37750 and CVE-2021-36222


NEW FEATURES/CHANGES
====================

VFS
---

The effort to modernize Samba's VFS interface is complete and Samba 4.15.0 ships
with a modernized VFS designed for the post SMB1 world.

For details please refer to the documentation at source3/modules/The_New_VFS.txt
or visit the <https://wiki.samba.org/index.php/The_New_VFS>.


Bind DLZ: add the ability to set allow/deny lists for zone transfer clients
---------------------------------------------------------------------------

Up to now, any client could use a DNS zone transfer request to the
bind server, and get an answer from Samba. Now the default behaviour
will be to deny those request. Two new options have been added to
manage the list of authorized/denied clients for zone transfer
requests. In order to be accepted, the request must be issued by a
client that is in the allow list and NOT in the deny list.


"server multi channel support" no longer experimental
-----------------------------------------------------

This option is enabled by default starting with 4.15 (on Linux and FreeBSD).
Due to dependencies on kernel APIs of Linux or FreeBSD, it's only possible
to use this feature on Linux and FreeBSD for now.


samba-tool available without the ad-dc
--------------------------------------

The 'samba-tool' command is now available when samba is configured
"--without-ad-dc". Not all features will work, and some ad-dc specific options
have been disabled. The 'samba-tool domain' options, for example, are limited
when no ad-dc is present. Samba must still be built with ads in order to enable
'samba-tool'.


Improved command line user experience
-------------------------------------

Samba utilities did not consistently implement their command line interface. A
number of options were requiring to specify values in one tool and not in the
other, some options meant different in different tools.

These should be stories of the past now. A new command line parser has been
implemented with sanity checking. Also the command line interface has been
simplified and provides better control for encryption, signing and kerberos.

Previously many tools silently ignored unknown options. To prevent unexpected
behaviour all tools will now consistently reject unknown options.

Also several command line options have a smb.conf variable to control the
default now.

All tools are now logging to stderr by default. You can use "--debug-stdout" to
change the behavior. All servers will log to stderr at early startup until logging
is setup to go to a file by default.

### Common parser:

Options added:
--client-protection=off|sign|encrypt

Options renamed:
--kerberos       ->    --use-kerberos=required|desired|off
--krb5-ccache    ->    --use-krb5-ccache=CCACHE
--scope          ->    --netbios-scope=SCOPE
--use-ccache     ->    --use-winbind-ccache

Options removed:
-e|--encrypt
-C removed from --use-winbind-ccache
-i removed from --netbios-scope
-S|--signing


### Duplicates in command line utils

ldbadd/ldbdel/ldbedit/ldbmodify/ldbrename/ldbsearch:
-e is still available as an alias for --editor,
   as it used to be.
-s is no longer reported as an alias for --configfile,
   it never worked that way as it was shadowed by '-s' for '--scope'.

ndrdump:
-l is not available for --load-dso anymore

net:
-l is not available for --long anymore

sharesec:
-V is not available for --viewsddl anymore

smbcquotas:
--user        ->    --quota-user

nmbd:
--log-stdout  ->    --debug-stdout

smbd:
--log-stdout  ->    --debug-stdout

winbindd:
--log-stdout  ->    --debug-stdout


Scanning of trusted domains and enterprise principals
-----------------------------------------------------

As an artifact from the NT4 times, we still scanned the list of trusted domains
on winbindd startup. This is wrong as we never can get a full picture in Active
Directory. It is time to change the default value to "No". Also with this change
we always use enterprise principals for Kerberos so that the DC will be able
to redirect ticket requests to the right DC. This is e.g. needed for one way
trusts. The options `winbind use krb5 enterprise principals` and
`winbind scan trusted domains` will be deprecated in one of the next releases.


Support for Offline Domain Join (ODJ)
-------------------------------------

The net utility is now able to support the offline domain join feature
as known from the Windows djoin.exe command for many years. Samba's
implementation is accessible via the 'net offlinejoin' subcommand. It
can provision computers and request offline joining for both Windows
and Unix machines. It is also possible to provision computers from
Windows (using djoin.exe) and use the generated data in Samba's 'net'
utility. The existing options for the provisioning and joining steps
are documented in the net(8) manpage.


'samba-tool dns zoneoptions' for aging control
----------------------------------------------

The 'samba-tool dns zoneoptions' command can be used to turn aging on
and off, alter the refresh and no-refresh periods, and manipulate the
timestamps of existing records.

To turn aging on for a zone, you can use something like this:

  samba-tool dns zoneoptions --aging=1 --refreshinterval=306600

which turns on aging and ensures no records less than five years old
are aged out and scavenged. After aging has been on for sufficient
time for records to be renewed, the command

  samba-tool dns zoneoptions --refreshinterval=168

will set the refresh period to the standard seven days. Using this two
step process will help prevent the temporary loss of dynamic records
if scavenging happens before their first renewal.


Marking old records as static or dynamic with 'samba-tool'
----------------------------------------------------------

A bug in Samba versions prior to 4.9 meant records that were meant to
be static were marked as dynamic and vice versa. To fix the timestamps
in these domains, it is possible to use the following options,
preferably before turning aging on.

   --mark-old-records-static
   --mark-records-dynamic-regex
   --mark-records-static-regex

The "--mark-old-records-static" option will make records older than the
specified date static (that is, with a zero timestamp). For example,
if you upgraded to Samba 4.9 in November 2018, you could use ensure no
old records will be mistakenly interpreted as dynamic using the
following option:

  samba-tool dns zoneoptions --mark-old-records-static=2018-11-30

Then, if you know that that will have marked some records as static
that should be dynamic, and you know which those are due to your
naming scheme, you can use commands like:

  samba-tool dns zoneoptions --mark-records-dynamic-regex='\w+-desktop'

where '\w+-desktop' is a perl-compatible regular expression that will
match 'bob-desktop', 'alice-desktop', and so on.

These options are deliberately long and cumbersome to type, so people
have a chance to think before they get to the end. You can make a
mess if you get it wrong.

All 'samba-tool dns zoneoptions' modes can be given a "--dry-run/-n"
argument that allows you to inspect the likely results before going
ahead.

NOTE: for aging to work, you need to have "dns zone scavenging = yes"
set in the smb.conf of at least one server.


DNS tombstones are now deleted as appropriate
---------------------------------------------

When all the records for a DNS name have been deleted, the node is put
in a tombstoned state (separate from general AD object tombstoning,
which deleted nodes also go through). These tombstones should be
cleaned up periodically. Due to a conflation of scavenging and
tombstoning, we have only been deleting tombstones when aging is
enabled.

If you have a lot of tombstoned DNS nodes (that is, DNS names for
which you have removed all the records), cleaning up these DNS
tombstones may take a noticeable time.


DNS tombstones use a consistent timestamp format
------------------------------------------------

DNS records use an hours-since-1601 timestamp format except for in the
case of tombstone records where a 100-nanosecond-intervals-since-1601
format is used (this latter format being the most common in Windows).
We had mixed that up, which might have had strange effects in zones
where aging was enabled (and hence tombstone timestamps were used).


samba-tool dns update and RPC changes
-------------------------------------

The dnsserver DCERPC pipe can be used by 'samba-tool' and Windows tools
to manipulate dns records on the remote server. A bug in Samba meant
it was not possible to update an existing DNS record to change the
TTL. The general behaviour of RPC updates is now closer to that of
Windows.

'samba-tool dns update' is now a bit more careful in rejecting and
warning you about malformed IPv4 and IPv6 addresses.

CVE-2021-3671: Crash in Heimdal KDC and updated security release policy
-----------------------------------------------------------------------

An unuthenticated user can crash the AD DC KDC by omitting the server
name in a TGS-REQ.  Per Samba's updated security process a specific
security release was not made for this issue as it is a recoverable
Denial Of Service.

See https://wiki.samba.org/index.php/Samba_Security_Proces

samba-tool domain backup offline with the LMDB backend
------------------------------------------------------

samba-tool domain backup offline, when operating with the LMDB backend
now correctly takes out locks against concurrent modification of the
database during the backup.  If you use this tool on a Samba AD DC
using LMDB, you should upgrade to this release for safer backups.

REMOVED FEATURES
================

Tru64 ACL support has been removed from this release. The last
supported release of Tru64 UNIX was in 2012.

NIS support has been removed from this release. This is not
available in Linux distributions anymore.

The DLZ DNS plugin is no longer built for Bind versions 9.8 and 9.9,
which have been out of support since 2018.


smb.conf changes
================

  Parameter Name                          Description     Default
  --------------                          -----------     -------
  client use kerberos                     New             desired
  client max protocol                     Values Removed
  client min protocol                     Values Removed
  client protection                       New             default
  client smb3 signing algorithms          New             see man smb.conf
  client smb3 encryption algorithms       New             see man smb.conf
  preopen:posix-basic-regex               New             No
  preopen:nomatch_log_level               New             5
  preopen:match_log_level                 New             5
  preopen:nodigits_log_level              New             1
  preopen:founddigits_log_level           New             3
  preopen:reset_log_level                 New             5
  preopen:push_log_level                  New             3
  preopen:queue_log_level                 New             10
  server max protocol                     Values Removed
  server min protocol                     Values Removed
  server multi channel support            Changed         Yes (on Linux and FreeBSD)
  server smb3 signing algorithms          New             see man smb.conf
  server smb3 encryption algorithms       New             see man smb.conf
  winbind use krb5 enterprise principals  Changed         Yes
  winbind scan trusted domains            Changed         No


CHANGES SINCE 4.15.0rc6
=======================

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 14791: All the ways to specify a password are not documented.

o  Ralph Boehme <slow@samba.org>
   * BUG 14790: vfs_btrfs compression support broken.
   * BUG 14828: Problems with commandline parsing.
   * BUG 14829: smbd crashes when "ea support" is set to no.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 14825: "{client,server} smb3 {signing,encryption} algorithms" should
     use the same strings as smbstatus output.
   * BUG 14828: Problems with commandline parsing.

o  Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
   * BUG 8773: smbd fails to run as root because it belongs to more than 16
     groups on MacOS X.

o  Martin Schwenke <martin@meltin.net>
   * BUG 14784: Fix CTDB flag/status update race conditions.


CHANGES SINCE 4.15.0rc5
=======================

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 14806: Address a signifcant performance regression in database access
     in the AD DC since Samba 4.12.
   * BUG 14807: Fix performance regression in lsa_LookupSids3/LookupNames4 since
     Samba 4.9 by using an explicit database handle cache.
   * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
     server name in a TGS-REQ.
   * BUG 14818: Address flapping samba_tool_drs_showrepl test.
   * BUG 14819: Address flapping dsdb_schema_attributes test.

o  Luke Howard <lukeh@padl.com>
   * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
     server name in a TGS-REQ.

o  Gary Lockyer <gary@catalyst.net.nz>
   * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
     server name in a TGS-REQ.

o  Andreas Schneider <asn@samba.org>
   * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
     server name in a TGS-REQ.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 14817: An unuthenticated user can crash the AD DC KDC by omitting the
     server name in a TGS-REQ.


CHANGES SINCE 4.15.0rc4
=======================

o  Jeremy Allison <jra@samba.org>
   * BUG 14809: Shares with variable substitutions cause core dump upon
     connection from MacOS Big Sur 11.5.2.
   * BUG 14816: Fix pathref open of a filesystem fifo in the DISABLE_OPATH
     build.

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 14815: A subset of tests from Samba's selftest system were not being
     run, while others were run twice.

o  Ralph Boehme <slow@samba.org>
   * BUG 14771: Some VFS operations on pathref (O_PATH) handles fail on GPFS.
   * BUG 14787: net conf list crashes when run as normal user,
   * BUG 14803: smbd/winbindd started in daemon mode generate output on
     stderr/stdout.
   * BUG 14804: winbindd can crash because idmap child state is not fully
     initialized.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 14771: Some VFS operations on pathref (O_PATH) handles fail on GPFS.


CHANGES SINCE 4.15.0rc3
=======================

o  Bjoern Jacke <bj@sernet.de>
   * BUG 14800: util_sock: fix assignment of sa_socklen.


CHANGES SINCE 4.15.0rc2
=======================

o  Jeremy Allison <jra@samba.org>
   * BUG 14760: vfs_streams_depot directory creation permissions and store
     location problems.
   * BUG 14766: vfs_ceph openat() doesn't cope with dirfsp != AT_FDCW.
   * BUG 14769: smbd panic on force-close share during offload write.
   * BUG 14805: OpenDir() loses the correct errno return.

o  Ralph Boehme <slow@samba.org>
   * BUG 14795: copy_file_range() may fail with EOPNOTSUPP.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 14793: Start the SMB encryption as soon as possible.

o  Andreas Schneider <asn@samba.org>
   * BUG 14779: Winbind should not start if the socket path is too long.

o  Noel Power <noel.power@suse.com>
   * BUG 14760: vfs_streams_depot directory creation permissions and store
     location problems.


CHANGES SINCE 4.15.0rc1
=======================

o  Andreas Schneider <asn@samba.org>
   * BUG 14768: smbd/winbind should load the registry if configured
   * BUG 14777: do not quote passed argument of configure script
   * BUG 14779: Winbind should not start if the socket path is too long

o  Stefan Metzmacher <metze@samba.org>
   * BUG 14607: tree connect failed: NT_STATUS_INVALID_PARAMETER
   * BUG 14764: aes-256-gcm and aes-256-ccm doesn't work in the server

o Ralph Boehme <slow@samba.org>
   * BUG 14700: file owner not available when file unredable

o Jeremy Allison <jra@samba.org>
   * BUG 14607: tree connect failed: NT_STATUS_INVALID_PARAMETER
   * BUG 14759: 4.15rc can leak meta-data about the directory containing the
     share path


KNOWN ISSUES
============

https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.15#Release_blocking_bugs


-------------------------------------------------------------------
Tue Aug 24 12:57:19 UTC 2021 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.14.7
                          August 24, 2021
                   ==============================


This is the latest stable release of the Samba 4.14 release series.


Changes since 4.14.6
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 14769: smbd panic on force-close share during offload write.

o  Ralph Boehme <slow@samba.org>
   * BUG 12033: smbd should support copy_file_range() for FSCTL_SRV_COPYCHUNK.
   * BUG 14731: Fix returned attributes on fake quota file handle and avoid
     hitting the VFS.
   * BUG 14756: vfs_shadow_copy2 fix inodes not correctly updating inode
     numbers.

o  David Gajewski <dgajews@math.utoledo.edu>
   * BUG 14774: Fix build on Solaris. 

o  Björn Jacke <bj@sernet.de>
   * BUG 14654: Make dos attributes available for unreadable files. 

o  Stefan Metzmacher <metze@samba.org>
   * BUG 14607: Work around special SMB2 READ response behavior of NetApp Ontap
     7.3.7.
   * BUG 14793: Start the SMB encryption as soon as possible.


-------------------------------------------------------------------
Sat Jul 24 14:11:55 UTC 2021 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.14.6
                            July 13, 2021
                   ==============================


This is the latest stable release of the Samba 4.14 release series.


Changes since 4.14.5
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 14722: s3: lib: Fix talloc heirarcy error in parent_smb_fname().
   * BUG 14732: smbd: Fix pathref unlinking in create_file_unixpath().
   * BUG 14734: s3: VFS: default: Add proc_fd's fallback for vfswrap_fchown().
   * BUG 14736: s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in
     change_file_owner_to_parent() error path.

o  Ralph Boehme <slow@samba.org>
   * BUG 14730: NT_STATUS_FILE_IS_A_DIRECTORY error messages when using
     glusterfs VFS module.
   * BUG 14734: s3/modules: fchmod: Fallback to path based chmod if pathref.
   * BUG 14740: Spotlight RPC service doesn't work with vfs_glusterfs.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 14750: gensec_krb5: Restore ipv6 support for kpasswd.
   * BUG 14752: smbXsrv_{open,session,tcon}: protect
     smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records.

o  Joseph Sutton <josephsutton@catalyst.net.nz>
   * BUG 14027: samba-tool domain backup offline doesn't work against bind DLZ
     backend.
   * BUG 14669: netcmd: Use next_free_rid() function to calculate a SID for
     restoring a backup.




-------------------------------------------------------------------
Tue Jun  1 08:16:24 UTC 2021 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.14.5
                            June 01, 2021
                   ==============================


This is the latest stable release of the Samba 4.14 release series.


Changes since 4.14.4
--------------------

o  Jeremy Allison <jra@samba.org>
   * BUG 14696: s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success.
   * BUG 14708: s3: smbd: Ensure POSIX default ACL is mapped into returned
     Windows ACL for directory handles.
   * BUG 14721: s3: smbd: Fix uninitialized memory read in
     process_symlink_open() when used with vfs_shadow_copy2().

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 14689: docs: Expand the "log level" docs on audit logging.

o  Ralph Boehme <slow@samba.org>
   * BUG 14714: smbd: Correctly initialize close timestamp fields.

o  Günther Deschner <gd@samba.org>
   * BUG 14699: Fix gcc11 compiler issues.

o  Pavel Filipenský <pfilipen@redhat.com>
   * BUG 14718: docs-xml: Update smbcacls manpage.
   * BUG 14719: docs: Update list of available commands in rpcclient.

o  Volker Lendecke <vl@samba.org>
   * BUG 14475: ctdb: Fix a crash in run_proc_signal_handler().

o  Andreas Schneider <asn@samba.org>
   * BUG 14695: s3:winbind: For 'security = ADS' require realm/workgroup to be
     set.
   * BUG 14699: lib:replace: Do not build strndup test with gcc 11 or newer.


-------------------------------------------------------------------
Thu Apr 29 17:58:46 UTC 2021 - macke d <mdbuild@use.startmail.com>

-                    ==============================
                   Release Notes for Samba 4.14.4
                           April 29, 2021
                   ==============================


This is a security release in order to address the following defect:

o CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries
  in the Samba file server process token.


=======
Details
=======

o  CVE-2021-20254:
   The Samba smbd file server must map Windows group identities (SIDs) into unix
   group ids (gids). The code that performs this had a flaw that could allow it
   to read data beyond the end of the array in the case where a negative cache
   entry had been added to the mapping cache. This could cause the calling code
   to return those values into the process token that stores the group
   membership for a user.

   Most commonly this flaw caused the calling code to crash, but an alert user
   (Peter Eriksson, IT Department, Linköping University) found this flaw by
   noticing an unprivileged user was able to delete a file within a network
   share that they should have been disallowed access to.

   Analysis of the code paths has not allowed us to discover a way for a
   remote user to be able to trigger this flaw reproducibly or on demand,
   but this CVE has been issued out of an abundance of caution.


Changes since 4.14.3
--------------------

o  Volker Lendecke <vl@samba.org>
   * BUG 14571: CVE-2021-20254: Fix buffer overrun in sids_to_unixids().


                   ==============================
                   Release Notes for Samba 4.14.3
                           April 20, 2021
                   ==============================


This is the latest stable release of the Samba 4.14 release series.


Changes since 4.14.2
--------------------

o  Trever L. Adams <trever.adams@gmail.com>
   * BUG 14671: s3:modules:vfs_virusfilter: Recent New_VFS changes break
     vfs_virusfilter_openat.

o  Andrew Bartlett <abartlet@samba.org>
   * BUG 14586: build: Notice if flex is missing at configure time.

o  Ralph Boehme <slow@samba.org>
   * BUG 14672: Fix smbd panic when two clients open same file.
   * BUG 14675: Fix memory leak in the RPC server.
   * BUG 14679: s3: smbd: fix deferred renames.

o  Samuel Cabrero <scabrero@samba.org>
   * BUG 14675: s3-iremotewinspool: Set the per-request memory context.

o  Volker Lendecke <vl@samba.org>
   * BUG 14675: Fix memory leak in the RPC server.

o  Stefan Metzmacher <metze@samba.org>
   * BUG 11899: third_party: Update socket_wrapper to version 1.3.2.
   * BUG 14640: third_party: Update socket_wrapper to version 1.3.3.

o  David Mulder <dmulder@suse.com>
   * BUG 14665: samba-gpupdate: Test that sysvol paths download in
     case-insensitive way.

o  Sachin Prabhu <sprabhu@redhat.com>
   * BUG 14662: smbd: Ensure errno is preserved across fsp destructor.

o  Christof Schmitt <cs@samba.org>
   * BUG 14663: idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
     conflict.

o  Martin Schwenke <martin@meltin.net>
   * BUG 14288: build: Only add -Wl,--as-needed when supported.



-------------------------------------------------------------------
Wed Mar 31 14:59:15 UTC 2021 - Samuel Cabrero <scabrero@suse.de>

- Update to 4.14.2
  * Release with dependency on ldb version 2.3.0.

- Update to 4.14.1
  * CVE-2021-20277: Fix out of bounds read in ldb_handler_fold; (bso#14655);
  * CVE-2020-27840: Fix unauthenticated remote heap corruption via bad DNs;
    (bso#14595);

- Update to 4.14.0
  * VFS layer modernized.
  * Printers publishing in AD improved.
  * Client group policies support for sudoers configuration and
    cron jobs.
  * Improved consistency of samba-tool subcommands.
  * CTDB now uses the terms leader and follower instead of master and
    slave. Configuration options have changed accordingly.
  * The ctdb isnotrecmaster command is removed.
  * For details on all items see WHATSNEW.txt in samba-doc package.

-------------------------------------------------------------------
Mon Mar  1 12:09:56 UTC 2021 - Samuel Cabrero <scabrero@suse.de>

- Spec file fixes around systemd and requires; (bsc#1182830);
- Align systemd service unit files with upstream provided ones.

-------------------------------------------------------------------
Tue Jan 26 15:15:08 UTC 2021 - Samuel Cabrero <scabrero@suse.de>

- Update to 4.13.4
  * Work around special SMB2 IOCTL response behavior of NetApp Ontap
    7.3.7; (bso#14607);
  * Temporary DFS share setup doesn't set case parameters in the same
    way as a regular share definition does; (bso#14612);
  * lib: Avoid declaring zero-length VLAs in various messaging functions;
    (bso#14605);
  * Do not create an empty DB when accessing a sam.ldb; (bso#14579);
  * vfs_fruit may close wrong backend fd; (bso#14596);
  * Temporary DFS share setup doesn't set case parameters in the same way
    as a regular share definition does; (bso#14612);
  * vfs_virusfilter: Allocate separate memory for config char*; (bso#14606);
  * vfs_fruit may close wrong backend fd; (bso#14596);
  * Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7;
    (bso#14607);
  * The cache directory for the user gencache should be created recursively;
    (bso#14601);
  * Be more flexible with repository names in CentOS 8 test environments;
    (bso#14594);

-------------------------------------------------------------------
Mon Dec 28 09:41:57 UTC 2020 - Samuel Cabrero <scabrero@suse.de>

- Uninstalling samba-client: Failed to disable unit, cifs.service
  does not exists; (bsc#1180388);

-------------------------------------------------------------------
Wed Dec 16 11:30:25 UTC 2020 - Samuel Cabrero <scabrero@suse.de>

- Update to 4.13.3
  + libcli: smb2: Never print length if smb2_signing_key_valid() fails for
    crypto blob; (bso#14210);
  + s3: modules: gluster. Fix the error I made in preventing talloc leaks
    from a function; (bso#14486);
  + s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL
    via TALLOC_FREE(); (bso#14515);
  + s3: spoolss: Make parameters in call to user_ok_token() match all other
    uses; (bso#14568);
  + s3: smbd: Quiet log messages from usershares for an unknown share;
    (bso#14590);
  + samba process does not honor max log size; (bso#14248);
  + vfs_zfsacl: Add missing inherited flag on hidden "magic" everyone@ ACE;
    (bso#14587);
  + s3-libads: Pass timeout to open_socket_out in ms; (bso#13124);
  + s3-vfs_glusterfs: Always disable write-behind translator; (bso#14486);
  + smbclient: Fix recursive mget; (bso#14517);
  + clitar: Use do_list()'s recursion in clitar.c; (bso#14581);
  + manpages/vfs_glusterfs: Mention silent skipping of write-behind
    translator; (bso#14486);
  + vfs_shadow_copy2: Preserve all open flags assuming ROFS; (bso#14573);
  + interface: Fix if_index is not parsed correctly; (bso#14514);

-------------------------------------------------------------------
Mon Nov 16 09:30:52 UTC 2020 - Samuel Cabrero <scabrero@suse.de>

- Update to 4.13.2
  + s3: modules: vfs_glusterfs: Fix leak of char **lines onto
    mem_ctx on return; (bso#14486);
  + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special;
    (bso#14471);
  + smb.conf.5: Add clarification how configuration changes reflected
    by Samba; (bso#14538);
  + daemons: Report status to systemd even when running in foreground;
    (bso#14552);
  + DNS Resolver: Support both dnspython before and after 2.0.0;
    (bso#14553);
  + s3-vfs_glusterfs: Refuse connection when write-behind xlator is
    present; (bso#14486);
  + provision: Add support for BIND 9.16.x; (bso#14487);
  + ctdb-common: Avoid aliasing errors during code optimization;
    (bso#14537);
  + libndr: Avoid assigning duplicate versions to symbols; (bso#14541);
  + docs: Fix default value of spoolss:architecture; (bso#14522);
  + winbind: Fix a memleak; (bso#14388);
  + s4:dsdb:acl_read: Implement "List Object" mode feature; (bso#14531);
  + docs-xml/manpages: Add warning about write-behind translator for
    vfs_glusterfs; (bso#14486);
  + nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h.
  + vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530);
  + third_party: Update resolv_wrapper to version 1.1.7; (bso#14547);
  + examples:auth: Do not install example plugin; (bso#14550);
  + ctdb-recoverd: Drop unnecessary and broken code; (bso#14513);
  + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special;
    (bso#14471);

-------------------------------------------------------------------
Thu Nov  5 12:23:49 UTC 2020 - Noel Power <nopower@suse.com>

- Adjust smbcacls '--propagate-inheritance' feature to align with
  upstream; (bsc#1178469).

-------------------------------------------------------------------
Tue Oct  6 16:52:00 UTC 2020 - Samuel Cabrero <scabrero@suse.de>

- Update to samba 4.13.1
  + CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with
    easily crafted records; (bsc#1177613); (bso#14472);
  + CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994);
    (bso#14436);
  + CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify;
    (bsc#1173902); (bso#14434);
- Adjust systemd tmpfiles.d configuration, use /run/samba instead of
  /var/run/samba; (bsc#1177355);

-------------------------------------------------------------------
Mon Oct  5 12:44:53 UTC 2020 - David Disseldorp <ddiss@suse.com>

- Fix vfs_ceph query_directory regression; (bso#14519)
- Drop liburing-devel for SLE15-SP2; (bsc#1177245)

-------------------------------------------------------------------
Thu Sep 24 16:01:26 UTC 2020 - David Disseldorp <ddiss@suse.com>

- Register CTDB recovery lock holder with ceph-mgr
- Add liburing-devel dependency

-------------------------------------------------------------------
Tue Sep 22 16:20:33 UTC 2020 - David Disseldorp <ddiss@suse.com>

- Update to samba 4.13.0
  + Require Python 3.6
  + Move wide links functionality into VFS module
  + Deprecate NT4-like 'classic' Samba domain controllers
  + Deprecate SMBv1 only protocol options
  + Remove deprecated "ldap ssl ads" option
  + Unify asynchronous DCE-RPC server; (jsc#SES-645)
  + Replay multichannel lease break requests; (bso#11897); (jsc#SES-655)
  + Drop internal byteorder.h header from util-devel package
  + Remove final code for the AD DC LDAP backend
  + Add AD DC Group Policy Scripts
  + Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14; (bso#14399)
  + Fix %U substitutions if it contains a domain name; (bso#14467)
  + Fix krb5.conf creation for 'net ads join'; (bso#14479)
  + Fix build problem if libbsd-dev is not installed; (bso#14482)
  + Toggle vfs_snapper using "--with-shared-modules"; (bso#14437)
  + Fix idmap_ad RFC4511 response handling; (bso#14465)
  + Fix panic in get_lease_type(); (bso#14428)

-------------------------------------------------------------------
Fri Sep 18 13:24:12 UTC 2020 - Samuel Cabrero <scabrero@suse.de>

- Update to samba 4.12.7
  + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect
    netr_ServerPasswordSet2 against unencrypted passwords; (bsc#1176579);
    (bso#14497);
  + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support
    "server require schannel:WORKSTATION$ = no" about unsecure configurations;
    (bsc#1176579); (bso#14497);
  + CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client
    challenge; (bsc#1176579); (bso#14497);
  + CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in
    netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no";
    (bsc#1176579); (bso#14497);

- Update to samba 4.12.6
  + s3: libsmb: Fix SMB2 client rename bug to a Windows server;
    (bso#14403).
  + dsdb: Allow "password hash userPassword schemes = CryptSHA256"
    to work on RHEL7; (bso#14424).
  + dbcheck: Allow a dangling forward link outside our known NCs;
    (bso#14450).
  + lib/debug: Set the correct default backend loglevel to
    MAX_DEBUG_LEVEL; (bso#14426).
  + PANIC: Assert failed in get_lease_type(); (bso#14428).
  + util: Fix build on AIX by fixing the order of replace.h include;
    (bso#14422).
  + srvsvc_NetFileEnum asserts with open files; (bso#14355).
  + KDC breaks with DES keys still in the database and
    msDS-SupportedEncryptionTypes 31 indicating support for it;
    (bso#14354).
  + s3:smbd: Make sure vfs_ChDir() always sets
    conn->cwd_fsp->fh->fd = AT_FDCWD; (bso#14427).
  + PANIC: Assert failed in get_lease_type(); (bso#14428).
  + docs: Fix documentation for require_membership_of of
    pam_winbind.conf; (bso#14358).
  + ctdb-scripts: Use nfsconf utility for variable values in CTDB
    NFS scripts; (bso#14444).
  + s3:winbind:idmap_ad: Make failure to get attrnames for schema
    mode fatal; (bso#14425).

-------------------------------------------------------------------
Tue Jul 28 13:25:09 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>

- Don't install SuSEfirewall2 services, we don't have that package
  anymore

-------------------------------------------------------------------
Thu Jul  2 15:18:42 UTC 2020 - Noel Power <nopower@suse.com>

- Update to samba 4.12.5
  + Fix smbd panic on force-close share during async
    io; (bso#14301).
  + Fix segfault when using SMBC_opendir_ctx() routine for
    share folder that contains incorrect symbols in any
    file name; (bso#14374)
  + Fix DFS links; (bso#14391).
  + Can't use DNS functionality after a Windows DC has been
    in domain; (bso#14310).
  + ldapi search to FreeIPA crashes; (bso#14413).
  + Add net-ads-join dnshostname=fqdn option; (bso#14396)
  + Fix adding msDS-AdditionalDnsHostName to keytab with
    Windows DC; (bso#14406).
  + docs-xml: Update list of posible VFS operations for
    vfs_full_audit; (bso#14386).
  + winbindd: Fix a use-after-free when winbind clients exit;
    (bso#14382).
  + Client tools are not able to read gencache anymore;
    (bso#14370).

-------------------------------------------------------------------
Thu Jul  2 11:56:15 UTC 2020 - Noel Power <nopower@suse.com>

- Update to samba 4.12.4
  + CVE-2020-10730: NULL de-reference in AD DC LDAP server when
    ASQ and VLV combined; (bso#14364); (bsc#1173159)
  + CVE-2020-10745: invalid DNS or NBT queries containing dots use
    several seconds of CPU each; (bso#14378); (bsc#1173160).
  + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP
    server with paged_result or VLV; (bso#14402); (bsc#1173161)
  + CVE-2020-14303: Endless loop from empty UDP packet sent to
    AD DC nbt_server; (bso#14417); (bsc#1173359).

-------------------------------------------------------------------
Sat May 30 15:42:34 UTC 2020 - Marcus Meissner <meissner@suse.com>

- add libnetapi-devel to baselibs conf, for wine usage (bsc#1172307)

-------------------------------------------------------------------
Thu May 28 10:56:26 UTC 2020 - Samuel Cabrero <scabrero@suse.de>

- Add system-user-nobody to samba package requirements

-------------------------------------------------------------------
Wed May 20 15:56:03 UTC 2020 - Samuel Cabrero <scabrero@suse.de>

- Update to samba 4.12.3
  + Fix smbd panic on force-close share during async io; (bso#14301);
  + s3: vfs_full_audit: Add missing fcntl entry in vfs_op_names[] array;
    (bso#14343);
  + vfs_io_uring: Fix data corruption with Windows clients; (bso#14361);
  + Fix smbd crashes when MacOS Catalina connects if iconv initialization
    fails; (bso#14372);
  + Exporting from macOS Adobe Illustrator creates multiple copies;
    (bso#14150);
  + smbd does a chdir() twice per request; (bso#14256);
  + smbd mistakenly updates a file's write-time on close; (bso#14320);
  + vfs_shadow_copy2: implement case canonicalisation in
    shadow_copy2_get_real_filename(); (bso#14350);
  + Fix Windows 7 clients problem after upgrading samba file server;
    (bso#14375);
  + s3: Pass DCE RPC handle type to create_policy_hnd; (bso#14359);
  + Fix uxsuccess test with new MIT krb5 library 1.18; (bso#14155);
  + mit-kdc: Explicitly reject S4U requests; (bso#14342);
  + dbwrap_watch: Set rec->value_valid while returning nested
    share_mode_do_locked(); (bso#14352);
  + lib:util: Fix smbclient -l basename dir; (bso#14345);
  + s3:libads: Fix ads_get_upn(); (bso#14336);
  + ctdb: Fix a memleak; (bso#14348);
  + Malicous SMB1 server can crash libsmbclient; (bso#14366);
  + ldb: Bump version to 2.1.3, LMDB databases can grow without bounds;
    (bso#14330);
  + vfs_io_uring: Fix data corruption with Windows clients; (bso#14361);
  + s3/librpc/crypto: Fix double free with unresolved credential cache;
    (bso#14344);
  + docs-xml: Fix usernames in pam_winbind manpages; (bso#14358);

-------------------------------------------------------------------
Mon May 11 14:53:16 UTC 2020 - David Mulder <dmulder@dmulder.com>

- Installing: samba - samba-ad-dc.service does not exist and unit
  not found; (bsc#1171437);

-------------------------------------------------------------------
Mon May  4 10:33:43 UTC 2020 - Samuel Cabrero <scabrero@suse.de>

- libsmb: Don't try to find posix stat info in SMBC_getatr();
  (bso#14101); (bsc#1169242);

-------------------------------------------------------------------
Wed Apr 29 15:48:50 UTC 2020 - Noel Power <nopower@suse.com>

- Move libdcerpc-server-core.so to samba-libs package, this was
  initially erroneously located in  samba-ad-dc.

-------------------------------------------------------------------
Tue Apr 28 11:44:07 UTC 2020 - Noel Power <nopower@suse.com>

- Update to samba 4.12.2
  + CVE-2020-10700: A client combining the 'ASQ' and
    'Paged Results' LDAP controls can cause a use-after-free
    in Samba's AD DC LDAP server;(bso#14331); (bsc#1169850)
  + CVE-2020-10704: A deeply nested filter in an un-authenticated
    LDAP search can exhaust the LDAP server's stack memory causing
    a SIGSEGV; (bso#14334); (bsc#1169851).

-------------------------------------------------------------------
Mon Apr 13 09:07:02 UTC 2020 - Samuel Cabrero <scabrero@suse.de>

- Update to samba 4.12.1
  + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14295);
  + samba-tool group: Handle group names with special chars correctly;
    (bso#14296);
  + Add missing check for DMAPI offline status in async DOS attributes;
    (bso#14293);
  + Starting ctdb node that was powered off hard before results in recovery
    loop; (bso#14295);
  + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs;
    (bso#14307);
  + vfs_recycle: Prevent flooding the log if we're called on non-existant
    paths; (bso#14316);
  + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313);
  + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred;
    (bso#14327);
  + fruit:time machine max size is broken on arm; (bso#13622);
  + CTDB recovery corner cases can cause record resurrection and node
    banning; (bso#14294);
  + s3/utils: Fix double free error with smbtree; (bso#14332);
  + CTDB recovery corner cases can cause record resurrection and node
    banning; (bso#14294);
  + Starting ctdb node that was powered off hard before results in recovery
    loop; (bso#14295);
  + CTDB recovery daemon can crash due to dereference of NULL pointer;
    (bso#14324);

-------------------------------------------------------------------
Wed Mar 25 12:52:55 UTC 2020 - Noel Power <nopower@suse.com>

- s3: libsmbclient.h: add missing time.h include to fix
  ffmpeg build and make it compatible with -std=c99.

-------------------------------------------------------------------
Mon Mar 16 10:40:16 UTC 2020 - Noel Power <nopower@suse.com>

- ndrdump tests: Make the tests less fragile
- python/samba/gp_parse: Fix test errors with python3.8

-------------------------------------------------------------------
Fri Mar 13 14:19:30 UTC 2020 - Noel Power <nopower@suse.com>

- Starting ctdb node that was powered off hard before results
  in recovery loop; (bso#14295); (bsc#1162680).

-------------------------------------------------------------------
Fri Mar  6 15:38:01 UTC 2020 - Noel Power <nopower@suse.com>

- Update to samba 4.12.0
  + For details on all items see WHATSNEW.txt in samba-doc
    package.
  + Samba 4.12 raises this minimum version to Python
    3.5.
  + Samba now requires GnuTLS 3.4.7 to be installed.
  + New Spotlight backend for Elasticsearch.
  + Retiring DES encryption types in Kerberos. With this release,
    support for DES encryption types has been removed from
    Samba, and setting DES_ONLY flag for an account will cause
    Kerberos authentication to fail for that account (see
    RFC-6649).
  + Samba-DC: DES keys no longer saved in DB.
  + The netatalk VFS module has been removed.
  + The BIND9_FLATFILE DNS backend is deprecated in this release
    and will be removed in the future.
  + CTDB changes
    + The ctdb_mutex_fcntl_helper periodically re-checks the
      lock file.
+ Bugs
  + Retire DES encryption types in Kerberos; (bso#14202);
    bsc#(1165574).
  + dsdb: Correctly handle memory in objectclass_attrs;
    (bso#14258).
  + s3: DFS: Don't allow link deletion on a read-only share;
    (bso#14269).
  + pidl/wscript: configure should insist on Parse::Yapp::Driver;
    (bso#14284).
  + smbd fails to handle EINTR from open(2) properly;
    (bso#14285).
  + ldb: version 2.1.1; (bso#14270)).
  + vfs: Set getting and setting of MS-DFS redirects on the
    filesystem to go through two new VFS functions
    SMB_VFS_CREATE_DFS_PATHAT() and
    SMB_VFS_READ_DFS_PATHAT(); (bso#14282).
  + bootstrap: Remove un-used dependency python3-crypto;
    (bso#14255)
  + Fix CID 1458418 and 1458420; (bso#14247).
  + lib: Fix a shutdown crash with "clustering = yes";
    (bso#14281).
  + Winbind member (source3) fails local SAM auth with empty
    domain name; (bso#14247).
  + winbindd: Handle missing idmap in getgrgid(); (bso#14265).
  + Don't use forward declaration for GnuTLS typedefs; (bso#14271).
  + Add io_uring vfs module; (bso#14280).
  + libcli:smb: Improve check for
    gnutls_aead_cipher_(en|de)cryptv2; (bso#14250).
  + s3: lib: nmblib. Clean up and harden nmb packet processing;
    (bso#14239);
  + lib:util: Log mkdir error on correct debug levels; (bso#14253).

-------------------------------------------------------------------
Sun Feb  2 20:42:05 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>

- Remove unused pwdutils buildrequires

-------------------------------------------------------------------
Thu Jan 30 09:04:04 UTC 2020 - Samuel Cabrero <scabrero@suse.de>

- Update to samba 4.11.6
  + pygpo: Use correct method flags; (bso#14209);
  + Avoiding bad call flags with python 3.8, using METH_NOARGS
    instead of zero; (bso#14209);
  + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h;
    (bso#14218);
  + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc;
    (bso#14122);
  + smbd: Fix the build with clang; (bso#14251);
  + upgradedns: Ensure lmdb lock files linked; (bso#14199);
  + s3: VFS: glusterfs: Reset nlinks for symlink entries during
    readdir; (bso#14182);
  + smbc_stat() doesn't return the correct st_mode and also the
    uid/gid is not filled (SMBv1) file; (bso#14101);
  + librpc: Fix string length checking in ndr_pull_charset_to_null();
    (bso#14219);
  + ctdb-scripts: Strip square brackets when gathering connection info;
    (bso#14227);

-------------------------------------------------------------------
Tue Jan 21 16:55:36 UTC 2020 - Samuel Cabrero <scabrero@suse.de>

- Fix nmbstatus not reporting detailed information about workgroups;
  (bsc#1159464);
- Fix querying all names registered within broadcast area; (bso#8927);

-------------------------------------------------------------------
Tue Jan 21 16:31:07 UTC 2020 - Noel Power <nopower@suse.com>

- Update to samab 4.11.5
  + CVE-2019-14902: Replication of ACLs down subtree on
    AD Directory is not automatic; (bso#12497); (bsc#1160850).
  + CVE-2019-19344: Fix  server crash with
    dns zone scavenging = yes; (bso#14050); (bsc#1160852).
  + CVE-2019-14907: server-side crash after charset conversion
    failure (eg during NTLMSSP processing); (bso#14208);
    (bsc#1160888).

- Update to samba 4.11.4
   + Ensure SMB1 cli_qpathinfo2() doesn't return an inode number;
     (bso#14161).
   + Ensure we don't call cli_RNetShareEnum() on an SMB1
     connection; (bso#14174).
   + NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in
     SMBC_opendir_ctx; (bso#14176).
   + SMB2 - Ensure we use the correct session_id if encrypting
     an interim response; (bso#14189).
   + Prevent smbd crash after invalid SMB1 negprot; (bso#14205).
   + printing: Fix %J substition; (bso#13745).
   + Remove now unneeded call to cmdline_messaging_context();
     (bso#13925).
   + Fix incomplete conversion of former parametric options;
     (bso#14069).
   + Fix sync dosmode fallback in async dosmode codepath;
     (bso#14070).
   + vfs_fruit returns capped resource fork length; (bso#14171).
   + libnet_join: Add SPNs for additional-dns-hostnames entries;
     (bso#14116).
   + smbd: Increase a debug level; (bso#14211).
   + Prevent azure ad connect from reporting discovery errors
     reference-value-not-ldap-conformant; (bso#14153).
   + krb5_plugin: Fix developer build with newer heimdal system
     library; (bso#14179).
   + replace: Only link libnsl and libsocket if required;
     (bso#14168);
   + ctdb: Incoming queue can be orphaned causing communication;
     breakdown; (bso#14175).
   + ldb: Release ldb 2.0.8. Cross-compile will not take
     cross-answers or cross-execute; (bso#13846).
   + heimdal-build: Avoid hard-coded /usr/include/heimdal in
     asn1_compile-generated code; (bso#13856).

-------------------------------------------------------------------
Fri Dec 20 17:59:01 UTC 2019 - David Disseldorp <ddiss@suse.com>

- Fix Ceph snapshot root relative path handling; (bso#14216); (bsc#1141320).

-------------------------------------------------------------------
Tue Dec 10 09:57:23 UTC 2019 - Noel Power <nopower@suse.com>

- Update to samba 4.11.3
  + CVE-2019-14861: DNSServer RPC server crash, an authenticated user
    can crash the DCE/RPC DNS management server by creating records
    with matching the zone name; (bso#14138); (bsc#1158108).
  + CVE-2019-14870: DelegationNotAllowed not being enforced, the
    DelegationNotAllowed Kerberos feature restriction was not being
    applied when processing protocol transition requests (S4U2Self),
    in the AD DC KDC; (bso#14187); (bsc#1158109).

-------------------------------------------------------------------
Tue Oct 29 17:22:30 UTC 2019 - Jim McDonough <jmcdonough@suse.com>

- Update to samba 4.11.2
  + CVE-2019-10218: Client code can return filenames containing
    path separators; (bsc#1144902); (bso#14071).
  + CVE-2019-14833: Samba AD DC check password script does not
    receive the full password; (bso#12438).
  + CVE-2019-14847: User with "get changes" permission can crash
    AD DC LDAP server via dirsync; (bso#14040).
- Fixes from 4.11.1
  + Overlinking libreplace against librt and pthread against every
    binary or library causes issues; (bso#14140);
  + kpasswd fails when built with MIT Kerberos; (bso#14155);
  + Fix spnego fallback from kerberos to ntlmssp in smbd server;
    (bso#14106);
  + Stale file handle error when using mkstemp on a share; (bso#14137);
  + non-AES schannel broken; (bso#14134);
  + Joining Active Directory should not use SAMR to set the password;
    (bso#13884);
  + smbclient can blunder into the SMB1 specific cli_RNetShareEnum()
    call on an SMB2 connection; (bso#14152);
  + Deleted records can be resurrected during recovery; (bso#14147);
  + getpwnam and getpwuid need to return data for ID_TYPE_BOTH group;
    (bso#14141);
  + winbind does not list forest trusts with additional trust
    attributes; (bso#14130);
  + fault report points to outdated documentation; (bso#14139);
  + pam_winbind with krb5_auth or wbinfo -K doesn't work for users of
    trusted domains/forests; (bso#14124);
  + classicupgrade results in uncaught exception - a bytes-like object
    is required, not 'str'; (bso#14136);
  + pod2man is not longer required, stop checking at build time;
    (bso#14131);
  + Exit code of ctdb nodestatus should not be influenced by deleted
    nodes; (bso#14129);
  + username/password authentication doesn't work with CUPS and
    smbspool; (bso#14128);
  + smbc_readdirplus() is incompatible with smbc_telldir() and
    smbc_lseekdir(); (bso#14094);

-------------------------------------------------------------------
Sat Oct  5 14:20:06 UTC 2019 - James McDonough <jmcdonough@suse.com>

- Update to samba 4.11.0
  + For details on all items see WHATSNEW.txt in samba-doc
    package
  + Python2 runtime support removed; python 3.4 or later required
  + Security improvements:
    - SMB1 disabled by default
    - lanman and plaintext authentication deprecated
    - winbind: PAM_AUTH and NTLM_AUTH events logged
    - GnuTLS 3.2 required; system FIPS mode setting honored
  + CephFS Snapshot integration, exposed as previous file
    versions
  + ctdb changes:
    - onnode -o option removed
    - ctdbd logs when using more than 90% of a CPU thread
    - CTDB_MONITOR_SWAP_USAGE variable removed
  + AD Domain controller improvements:
    - Upgrade AD databse format
    - BIND9_FLATFILE deprecated
    - default process model chagned to prefork
    - bind9 dns operation duration logging
    - Default schema updated to 2012_R2; function level is
      unchanged
    - many performance improvements
  + Configuration webserver support removed

-------------------------------------------------------------------
Tue Sep  3 09:18:38 UTC 2019 - Samuel Cabrero <scabrero@suse.de>

- Update to samba 4.10.8
  + CVE-2019-10197: user escape from share path definition;
    (bso#14035); (bsc#1141267);

-------------------------------------------------------------------
Fri Aug 30 13:10:01 UTC 2019 - Noel Power <nopower@suse.com>

- Fix build on newer systems by modifying samba.spec to use
  consistent non-relative paths for pammodules in configure line
  and specification of pam_winbind.so library to package.

-------------------------------------------------------------------
Tue Aug 27 14:47:44 UTC 2019 - Noel Power <nopower@suse.com>

- Update to samba 4.10.7
  + Unable to create or rename file/directory inside shares
    configured with vfs_glusterfs_fuse module; (bso#14010).
  + build: Allow build when '--disable-gnutls' is set; (bso#13844)
  + samba-tool: Add 'import samba.drs_utils' to fsmo.py;
    (bso#13973).
  + Fix 'Error 32 determining PSOs in system' message on old DB
    with FL upgrade; (bso#14008).
  + s4/libnet: Fix joining a Windows pre-2008R2 DC; (bso#14021)
  + join: Use a specific attribute order for the DsAddEntry
    nTDSDSA object; (bso#14046).
  + vfs_catia: Pass stat info to synthetic_smb_fname();
    (bso#14015).
  + lookup_name: Allow own domain lookup when flags == 0;
    (bso#14091).
  + s4 librpc rpc pyrpc: Ensure tevent_context deleted last;
    (bso#13932).
  + DEBUGC and DEBUGADDC doesn't print into a class specific log
    file; (bso#13915).
  + Request to keep deprecated option "server schannel",
    VMWare Quickprep requires "auto"; (bso#13949).
  + dbcheck: Fallback to the default tombstoneLifetime of 180 days;
    (bso#13967).
  + dnsProperty fails to decode values from older Windows versions;
    (bso#13969).
  + samba-tool: Use only one LDAP modify for dns partition fsmo
    role transfer; (bso#13973).
  + third_party: Update waf to version 2.0.17; (bso#13960).
  + netcmd: Allow 'drs replicate --local' to create partitions;
    (bso#14051).
  + ctdb-config: Depend on /etc/ctdb/nodes file; (bso#14017).

-------------------------------------------------------------------
Wed Aug  7 13:03:55 UTC 2019 - npower <nopower@suse.com>

- Prepare for use future use of kernel keyrings, modify
  /etc/pam.d/samba to include  pam_keyinit.so; (bsc#1144059).

-------------------------------------------------------------------
Thu Aug  1 10:00:00 UTC 2019 - Samuel Cabrero <scabrero@suse.de>

- Update samba-winbind script to work with systemd; (bsc#1132739);
- Drop samba dhcpcd hook scripts
- Update to samba 4.10.6
  + s3: winbind: Fix crash when invoking winbind idmap scripts;
    (bso#13956).
  + smbd does not correctly parse arguments passed to dfree and quota
    scripts; (bso#13964).
  + samba-tool dns: use bytes for inet_ntop; (bso#13965).
  + samba-tool domain provision: Fix --interactive module in python3;
    (bso#13828).
  + ldb_kv: Skip @ records early in a search full scan; (bso#13893).
  + docs: Improve documentation of "lanman auth" and "ntlm auth"
    connection; (bso#13981).
  + python/ntacls: Use correct "state directory" smb.conf option instead
    of "state dir"; (bso#14002).
  + registry: Add a missing include; (bso#13840).
  + Fix SMB guest authentication; (bso#13944).
  + AppleDouble conversion breaks Resourceforks; (bso#13958).
  + vfs_fruit makes direct use of syscalls like mmap() and pread();
    (bso#13968).
  + s3:mdssvc: Fix flex compilation error; (bso#13987).
  + s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly; (bso#13872).
  + dsdb:samdb: schemainfo update with relax control; (bso#13799).
  + s3:util: Move static file_pload() function to lib/util; (bso#13964).
  + smbd: Fix a panic; (bso#13957).
  + ldap server: Generate correct referral schemes; (bso#12478).
  + s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value;
    (bso#13941).
  + s4 dsdb: Fix use after free in samldb_rename_search_base_callback;
    (bso#13942).
  + dsdb/repl: we need to replicate the whole schema before we can apply it;
    (bso#12204).
  + ldb: Release ldb 1.5.5; (bso#12478).
  + Schema replication fails if link crosses chunk boundary backwards;
    (bso#13713).
  + 'samba-tool domain schemaupgrade' uses relax control and skips the
    schemaInfo update provision; (bso#13799).
  + dsdb_audit: avoid printing "... remote host [Unknown] SID [(NULL SID)]
    ..."; (bso#13916).
  + python/ntacls: We only need security.SEC_STD_READ_CONTROL in order to
    get the ACL; (bso#13917).
  + s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary;
    (bso#13947).
  + Using Kerberos credentials to print using spoolss doesn't work;
    (bso#13939).
  + wafsamba: Use native waf timer; (bso#13998).
  + ctdb-scripts: Fix tcp_tw_recycle existence check; (bso#13984).

-------------------------------------------------------------------
Wed Jun 19 09:20:12 UTC 2019 - Noel Power <nopower@suse.com>

- Update to samba-4.10.5 (including updates for 4.10.4, 4.10.3)
  + CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found
     in DnssrvOperation2; (bso#13922); (bsc#1137815).
  + CVE-2019-12436 dsdb/paged_results: Ignore successful results
     without messages; (bso#13951); (bsc#1137816).
- Update to samba-4.10.4
  + s3: SMB1: Don't allow recvfile on stream fsp's; (bso#13938).
  + py/provision: Fix for Python 2.6; (bso#13882).
  + netcmd: Fix 'passwordsettings --max-pwd-age' command;
    (bso#13873).
  + s3-libnet_join: 'net ads join' to child domain fails when
    using "-U admin@forestroot"; (bso#13861).
  + vfs_ceph: Explicitly enable libcephfs POSIX ACL support;
    (bso#13896); (bsc#1130245).
  + vfs_ceph: Fix cephwrap_flistxattr() debug message;
    (bso#13940); (bsc#1134697).
  + ctdb-common: Avoid race between fd and signal events;
    (bso#13895).
  + ctdb-common: Fix memory leak in run_proc; (bso#13943).
  + lib: Initialize getline() arguments; (bso#13892).
  + winbind: Fix overlapping id ranges; (bco#13903).
  + lib util debug: Increase format buffer to 4KiB; (bso#13902).
  + nsswitch pam_winbind: Fix Asan use after free; (bso#13927).
  + s4 lib socket: Ensure address string owned by parent struct;
    (bso#13929).
  + s3 rpc_client: Fix Asan stack use after scope; (bso#13936).
  + s3:smbd: Handle IO_REPARSE_TAG_DFS in
    SMB_FIND_FILE_FULL_DIRECTORY_INFO; (bso#10097).
  + smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#10344).
  + smb2_sesssetup: avoid STATUS_PENDING responses for session setup;
    (bso#12845).
  + smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#13698).
  + smb2_sesssetup: avoid STATUS_PENDING responses for session
    setup; (bso#13796).
  + dbcheck: Fix the err_empty_attribute() check; (bso#13843).
  + vfs_snapper: Drop unneeded fstat handler; (bso#13858).
  + vfs_default: Fix vfswrap_offload_write_send()
    NT_STATUS_INVALID_VIEW_SIZE check; (bso#13862).
  + smb2_server: Grant all 8192 credits to clients; (bso#13863).
  + smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling;
    (bso#13919).
  + s3/vfs_glusterfs: Dynamically determine NAME_MAX; (bso#13872).
  + s3: modules: ceph: Use current working directory instead of
    share path; (bso#13918); (bsc#1134452).
  + winbind: Use domain name from lsa query for sid_to_name cache
     entry; (bso#13831).
  + memcache: Increase size of default memcache to 512k;
    (bso#13865).
  + docs: Update smbclient manpage for "--max-protocol";
    (bso#13857).
  + s3:utils: If share is NULL in smbcacls, don't print it;
    (bso#13937).
  + s3:smbspool: Fix regression printing with Kerberos credentials;
    (bso#13939).
  + ctdb-scripts: CTDB restarts failed NFS RPC services by hand,
     which is incompatible with systemd; (bso#13860).
  + ctdb-daemon: Revert "We can not assume that just because we
     could complete a TCP handshake"; (bso#13888).
  + ctdb-daemon: Never use 0 as a client ID; (bso#13930).
  + ctdb-common: Fix memory leak; (bso#13943).
  + s3:debug: Enable logging for early startup failures;
    (bso#13904)

- Update to samba-4.10.3
  + CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed
    checksum; (bso#13685); (bsc#1134024).

-------------------------------------------------------------------
Tue May 14 14:22:11 UTC 2019 - David Disseldorp <ddiss@suse.com>

- Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697).
- Add ceph_snapshots VFS module; (jsc#SES-183).

-------------------------------------------------------------------
Wed May  8 12:42:31 UTC 2019 - David Disseldorp <ddiss@suse.com>

- Fix vfs_ceph realpath; (bso#13918); (bsc#1134452).

-------------------------------------------------------------------
Wed Apr 17 11:20:32 UTC 2019 - npower <nopower@suse.com>

- Update to samba-4.10.2:
  + CVE-2019-3870 (World writable files in
    Samba AD DC private/ dir); (bso#13834).
  + CVE-2019-3880 (Save registry file outside share as
    unprivileged user); (bso#13851).
  + py/kcc_utils: py2.6 compatibility; (bso#13837).
  + libcli: permit larger values of DataLength in
    SMB2_ENCRYPTION_CAPABILITIES of negotiate response;
    (bso#13869).
  + regfio: Improve handling of malformed registry hive files;
    (bso#13840).
  + ctdb-version: Simplify version string usage; (bso#13789).
  + lib: Make fd_load work for non-regular files; (bso#13859).
  + dbcheck: in the middle of the tombstone garbage collection
    causes replication failures,
      dbcheck: add --selftest-check-expired-tombstones cmdline
      option; (bso#13816).
  + ndr_spoolss_buf: Fix out of scope use of stack variable in
    NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818).
  + s4/messaging: Fix undefined reference in linking
    libMESSAGING-samba4.so; (bso#13854).
  + acl_read: Fix regression for empty lists; (bso#13836).
  + s4:dlz make b9_has_soa check dc=@ node; (bso#13841).
  + s3:client: Fix printing via smbspool backend with kerberos
    auth; (bso#13832).
  + s4:librpc: Fix installation of Samba; (bso#13847).
  + s3:lib: Fix the debug message for adding cache entries;
    (bso#13848).
  + s3:utils: Add 'smbstatus -L --resolve-uids' to show username;
    (bso#13793).
  + s3:lib: Fix the debug message for adding cache entries;
    (bso#13848).
  + s3:waf: Fix the detection of makdev() macro on Linux;
    (bso#13853).
   * ctdb-build: Drop creation of .distversion in tarball;
     (bso#13789).
   * ctdb-packaging: Test package requires tcpdump, ctdb package
     should not own system library directory;  (bso#13838).
- Update to samba-4.10.1:
  + py/kcc_utils: py2.6 compatibility; (bso#13837);
  + libcli: permit larger values of DataLength in
     SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869);
  + regfio: Improve handling of malformed registry hive files; (bso#13840);
  + ctdb-version: Simplify version string usage; (bso#13789);
  + lib: Make fd_load work for non-regular files; (bso#13859);
  + dbcheck in the middle of the tombstone garbage collection causes
     replication failures, dbcheck: add --selftest-check-expired-tombstones
     cmdline option; (bso#13816);
  + ndr_spoolss_buf: Fix out of scope use of stack variable in
     NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818);
  + s4/messaging: Fix undefined reference in linking
     libMESSAGING-samba4.so; (bso#13854);
  + acl_read: Fix regression for empty lists; (bso#13836);
  + s4:dlz make b9_has_soa check dc=@ node; (bso#13841);
  + s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832);
  + s4:librpc: Fix installation of Samba; (bso#13847);
  + s3:lib: Fix the debug message for adding cache entries; (bso#13848);
  + s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793);
  + s3:lib: Fix the debug message for adding cache entries; (bso#13848);
  + s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853);
  + ctdb-build: Drop creation of .distversion in tarball; (bso#13789);
  + ctdb-packaging: Test package requires tcpdump, ctdb package
     should not own system library directory; (bso#13838);
- Update to samba-4.10.0:
  + s4-server: Open and close a transaction on sam.ldb at startup; (bso#13760);
  + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
  + s4/scripting/bin: Open unicode files with utf8 encoding and write
  + unicode string.
  + sambaundoguididx: Use the right escaped oder unescaped sam ldb
    files; (bso#13759);
  + Fix idmap cache pollution with S-1-22- IDs on winbind hickup; (bso#13813);
  + passdb: Update ABI to 0.27.2.
  + lib/winbind_util: Add winbind_xid_to_sid for --without-winbind; (bso#13813);
  + lib:util: Move debug message for mkdir failing to log level 1; (bso#13823);

-------------------------------------------------------------------
Sun Apr 14 22:31:32 UTC 2019 - David Disseldorp <ddiss@suse.com>

- Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245).

-------------------------------------------------------------------
Tue Apr  2 08:38:28 UTC 2019 - npower <nopower@suse.com>

- CVE-2019-3880: Save registry file outside share as unprivileged
  user; (bso#13851); (bsc#1131060 ).

-------------------------------------------------------------------
Wed Mar 27 18:47:07 UTC 2019 - David Mulder <dmulder@suse.com>

- Update to samba-4.9.5
  + audit_logging: Remove debug log header and JSON Authentication:
    prefix; (bso#13714);
  + Fix upgrade from 4.7 (or earlier) to 4.9; (bso#13760);
  + s3: lib: nmbname: Ensure we limit the NetBIOS name correctly; (bso#
    CID: 1433607; (bso#11495);
  + smbd: uid: Don't crash if 'force group' is added to an existing
    share connection; (bso#13690);
  + s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility
    code; (bso#13770);
  + s3: SMB1 POSIX mkdir does case insensitive name lookup; (bso#13803);
  + s3:utils/smbget fix recursive download with empty source
    directories; (bso#13199);
  + samba-tool drs showrepl: Do not crash if no dnsHostName found; (bso#13716);
  + s3:libsmb: cli_smb2_list() can sometimes fail initially on a
    connection; (bso#13736);
  + join: Throw CommandError instead of Exception for simple errors; (bso#13747);
  + ldb: Avoid inefficient one-level searches; (bso#13762);
  + s3: libsmb: use smb2cli_conn_max_trans_size() in
    cli_smb2_list(); (bso#13736);
  + tldap: Avoid use after free errors; (bso#13776);
  + Fix idmap xid2sid cache churn; (bso#13802);
  + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
  + s3-smbd: Avoid assuming fsp is always intact after close_file
    call; (bso#13720);
  + s3-vfs-fruit: Add close call; (bso#13725);
  + s3-smbd: Use fruit:model string for mDNS registration; (bso#13746);
  + s3-vfs: add glusterfs_fuse vfs module; (bso#13774);
  + printing: Check lp_load_printers() prior to pcap cache update; (bso#13766);
  + vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS)
    ftruncate and fallocate; (bso#13807);
  + lib/audit_logging: Actually create talloc; (bso#13737);
  + netcmd/user: python[3]-gpgme unsupported and replaced by
    python[3]-gpg; (bso#13728);
  + dns: Changing onelevel search for wildcard to subtree; (bso#13738);
  + samba-tool: Don't print backtrace on simple DNS errors; (bso#13721);
  + sambaundoguididx: Use the right escaped oder unescaped sam ldb
    files; (bso#13759);
  + ctdb: Print locks latency in machinereadable stats; (bso#13742);
  + messages_dgm: Messaging gets stuck when pids are recycled; (bso#13786);
  + audit_logging: auth_json_audit required auth_json; (bso#13715);
  + man pages: Document prefork process model; (bso#13765);
  + CVE-2019-3824 ldb: Release ldb 1.4.6; (bso#13773);
  + s3:auth: ignore create_builtin_guests() failing without a valid
    idmap configuration; (bso#13697);
  + s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC
    without trusts; (bso#13722);
  + s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd
    is not available; (bso#13723);
  + s4:server: Add support for 'smbcontrol samba shutdown' and
    'smbcontrol <pid> debug/debuglevel'; (bso#13752);
  + Python: Ensure ldb.Dn can doesn't rencoded str with py2; (bso#13616);
  + vfs_glusterfs: Adapt to changes in libgfapi signatures; (bso#13330);
  + s3-vfs: Use ENOATTR in errno comparison for getxattr; (bso#13774);
  + notifyd: Fix SIGBUS on sparc; (bso#13704);
  + waf: Check for libnscd; (bso#13787);
  + s3:vfs: Correctly check if OFD locks should be enabled or not; (bso#13770);
  + lib/util: Count a trailing line that doesn't end in a newline; (bso#13717);
  + Recovery lock bug fixes; (bso#13800);
  + s3: net: Do not set NET_FLAGS_ANONYMOUS with -k; (bso#13726);
  + s3:libsmb: Honor disable_netbios option in smbsock_connect_send; (bso#13727);
  + vfs_fileid: Fix get_connectpath_ino; (bso#13741);
  + vfs_fileid: Fix fsname_norootdir algorithm; (bso#13744);

-------------------------------------------------------------------
Mon Mar  4 12:42:36 UTC 2019 - David Disseldorp <ddiss@suse.com>

- Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153).

-------------------------------------------------------------------
Fri Feb 22 11:58:53 UTC 2019 - Samuel Cabrero <scabrero@suse.de>

- Fix update-apparmor-samba-profile script after apparmor switched
  to using named profiles. The change is backwards compatible;
  (bsc#1126377);

-------------------------------------------------------------------
Thu Feb  7 16:13:15 UTC 2019 - David Mulder <dmulder@suse.com>

- LoadParm().load_default() fails with "Unable to load default file";
  (bsc#1089758);

-------------------------------------------------------------------
Thu Feb  7 00:27:42 UTC 2019 - ddiss@suse.com

- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);

-------------------------------------------------------------------
Mon Feb  4 12:38:55 UTC 2019 - Samuel Cabrero <scabrero@suse.de>

- s3:winbindd: let normalize_name_map() call find_domain_from_name_noinit();
  (bso#13173); (bsc#1123755);
- s3:winbind: Fix regression introduced with bso #12851;
  (bso#12851); (bsc#1123755);

-------------------------------------------------------------------
Tue Jan  8 11:38:40 UTC 2019 - nopower@suse.com

- Update to samba-4.9.4
  + libcli/smb: Don't overwrite status code; (bso#9175).
  + wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164).
  + Session setup reauth fails to sign response; (bso#13661).
  + vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677).
  + vfs_shadow_copy2: Nicely deal with attempts to open previous
    version for writing; (bso#13688).
  + Restoring previous version of stream with vfs_shadow_copy2 fails
    with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455).
  + CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571).
  + s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708)
  + PEP8: fix E231: missing whitespace after ','.
  + winbindd: Fix crash when taking profiles;(bso#13629)
  + CVE-2018-14629 dns: Fix CNAME loop prevention using counter
    regression; (bso#13600)
  + 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686).
  + CVE-2018-16853: Do not segfault if client is not set; (bso#13571).
  + lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679)
  + ctdb-daemon: Exit with error if a database directory does not
    exist; (bso#13696).
  + s3:libads: Add net ads leave keep-account option; (bso#13498).

-------------------------------------------------------------------
Thu Dec 20 15:15:54 UTC 2018 - David Mulder <dmulder@suse.com>

- s3:passdb: Do not return OK if we don't have pinfo set up;
  (bsc#1099590); (bso#13376);

-------------------------------------------------------------------
Thu Dec  6 20:55:23 UTC 2018 - Jan Engelhardt <jengelh@inai.de>

- Drop more %if..%endif guards which are idempotent.
- Drop requires on ldconfig which are already auto-discovered.
- Do not ignore errors from useradd/groupadd.

-------------------------------------------------------------------
Thu Nov 29 15:54:27 UTC 2018 - David Mulder <dmulder@suse.com>

- Remove python2 build dependency from samba-libs; (bsc#1116900);

-------------------------------------------------------------------
Wed Nov 28 09:35:06 UTC 2018 - Samuel Cabrero <scabrero@suse.de>

- Update update-apparmor-samba-profile script to ignore the shares's
  paths containing substitution variables in any place, not only at the
  beginning of the path.

-------------------------------------------------------------------
Mon Nov 19 12:28:56 UTC 2018 - Samuel Cabrero <scabrero@suse.de>

- Update to samba-4.9.3
  + CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD
    Internal DNS server; (bso#13600); (bsc#1116319);
  + CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628);
    (bsc#1116320);
  + CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server;
    (bso#13674); (bsc#1116322);
  + CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers;
    (bso#13669); (bsc#1116321);
  + CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos
    configuration (unsupported); (bso#13678); (bsc#1116324);
  + CVE-2018-16857: Bad password count in AD DC not always effective;
    window; (bso#13683); (bsc#1116323);

-------------------------------------------------------------------
Thu Nov  8 17:53:14 UTC 2018 - Samuel Cabrero <scabrero@suse.de>

- s3: winbind: Remove fstring from wb_acct_info struct; (bsc#1114459);
- Use foreground execution mode for systemd samba daemons; (bsc#1112223);

-------------------------------------------------------------------
Thu Nov  8 15:06:37 UTC 2018 - Samuel Cabrero <scabrero@suse.de>

- Update to samba-4.9.2
  + dsdb: Add comments explaining the limitations of our current backlink
    behaviour; (bso#13418);
  + Fix problems running domain backups (handling SMBv2, sites); (bso#13621);
  + testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3;
    (bso#13465);
  + Make vfs_fruit able to cleanup AppleDouble files; (bso#13642);
  + File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646);
  + Enabling vfs_fruit looses FinderInfo; (bso#13649);
  + Cancelling of SMB2 aio reads and writes returns wrong error
    NT_STATUS_INTERNAL_ERROR; (bso#13667);
  + Fix CTDB recovery record resurrection from inactive nodes and simplify
    vacuuming; (bso#13641);
  + examples: Fix the smb2mount build; (bso#13465);
  + libtevent: Fix build due to missing open_memstream on Illiumos;
    (bso#13629);
  + winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662);
  + dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path;
    (bso#13653);
  + Extended DN SID component missing for member after switching group
    membership; (bso#13418);
  + Return STATUS_SESSION_EXPIRED error encrypted, if the request was
    encrypted; (bso#13624);
  + python: Allow forced signing via smb.SMB(); (bso#13621);
  + lib:socket: If returning early, set ifaces; (bso#13665);
  + ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8
    encoded unicode; (bso#13616);
  + smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute;
    (bso#13673);
  + waf: Add -fstack-clash-protection; (bso#13601);
  + winbind: Fix segfault if an invalid passdb backend is configured;
    (bso#13668);
  + Fix bugs in CTDB event handling; (bso#13659);
  + Misbehaving nodes are sometimes not banned; (bso#13670);

-------------------------------------------------------------------
Mon Oct 29 14:38:56 UTC 2018 - dmulder@suse.com

- lib:socket: If returning early, set ifaces; (bso#13665); (bsc#1111373);

-------------------------------------------------------------------
Tue Oct 23 18:44:53 UTC 2018 - dmulder@suse.com

- winbind requires latest version of libtevent-util0 to start

-------------------------------------------------------------------
Fri Oct 12 14:58:08 UTC 2018 - dmulder@suse.com

- Backport latest gpo code from master
  + Read policy from local gpt cache
  + Offline policy application
  + Make group policy extensible via register/unregister gpext
  + gpext's run via a process_group_policy method

-------------------------------------------------------------------
Mon Oct  8 08:36:43 UTC 2018 - Samuel Cabrero <scabrero@suse.de>

- Update to 4.6.16; (bsc#1110943);
  + CVE-2018-10919: Fix unauthorized attribute access via searches;
    (bso#13434);

-------------------------------------------------------------------
Wed Sep 26 22:45:40 UTC 2018 - jmcdonough@suse.com

- Enable profiling data collection

-------------------------------------------------------------------
Tue Sep 25 20:26:47 UTC 2018 - dmulder@suse.com

- Change samba-kdc package name to samba-ad-dc
- Move samba-ad-dc.service to the samba-ad-dc package

-------------------------------------------------------------------
Mon Sep 24 09:43:08 UTC 2018 - Samuel Cabrero <scabrero@suse.de>

- Update to samba-4.9.1
  + s3: nmbd: Stop nmbd network announce storm; (bso#13620);
  + s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds;
    (bso#13597);
  + CTDB recovery lock has some race conditions; (bso#13617);
  + s3-rpc_client: Advertise Windows 7 client info; (bso#13597);
  + ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page; (bso#13610);

-------------------------------------------------------------------
Thu Sep 13 19:19:34 UTC 2018 - dmulder@suse.com

- Tumbleweed doesn't define the sle_version macro, so we must
  include a check for suse_version also. Otherwise python3 is
  disabled on Tumbleweed.

-------------------------------------------------------------------
Thu Sep 13 13:28:06 UTC 2018 - Samuel Cabrero <scabrero@suse.de>

- Update to samba-4.9.0
  + samba_dnsupdate: Honor 'dns zone scavenging' option, only update if
    needed; (bso#13605);
  + wafsamba: Fix 'make -j<jobs>'; (bso#13606);

-------------------------------------------------------------------
Mon Sep 10 20:46:20 UTC 2018 - dmulder@suse.com

- Update to samba-4.9.0rc5
  + s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only
    returns absolute pathnames; (bso#13565);
  + s3: util: Do not take over stderr when there is no log file; (bso#13578);
  + Durable Reconnect fails because cookie.allow_reconnect is not
    set; (bso#13549);
  + krb5-samba: Interdomain trust uses different salt principal; (bso#13539);
  + vfs_fruit: Don't unlink the main file; (bso#13441);
  + smbd: Fix a memleak in async search ask sharemode; (bso#13602);
  + Fix Samba GPO issue when Trust is enabled; (bso#11517);
  + samba-tool: Add "virtualKerberosSalt" attribute to
    'user getpassword/syncpasswords'; (bso#13539);
  + Fix CTDB configuration issues; (bso#13589);
  + ctdbd logs an error until it can successfully connect to
    eventd; (bso#13592);

-------------------------------------------------------------------
Wed Aug 29 15:49:29 UTC 2018 - dmulder@suse.com

- Update to samba-4.9.0rc4
  + s3: smbd: Ensure get_real_filename() copes with empty
    pathnames; (bso#13585);
  + samba domain backup online/rename commands force user to specify
    password on CLI; (bso#13566);
  + wafsamba/samba_abi: Always hide ABI symbols which must be
    local; (bso#13579);
  + Fix a panic if fruit_access_check detects a locking conflict; (bso#13584);
  + Fix memory and resource leaks; (bso#13567);
  + python: Fix print in dns_invalid.py; (bso#13580);
  + Aliasing issue causes incorrect IPv6 checksum; (bso#13588);
  + Fix CTDB configuration issues; (bso#13589);
  + s3: vfs: time_audit: fix handling of token_blob in
    smb_time_audit_offload_read_recv(); (bso#13568);

-------------------------------------------------------------------
Mon Aug 27 09:34:11 UTC 2018 - vcizek@suse.com

- Add missing zlib-devel dependency which was previously pulled in
  by libopenssl-devel

-------------------------------------------------------------------
Tue Aug 21 13:39:49 UTC 2018 - dmulder@suse.com

- Update to samba-4.9.0rc3+git.22.3fff23ae36e
  + CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
    returns from malicious servers; (bso#13453);
  + CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query
    with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374);
  + CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
    not servicePrincipalName is set on a user; (bso#13552);
  + CVE-2018-10919: acl_read: Fix unauthorized attribute access via
    searches; (bso#13434);
  + ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540);
  + CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
    is disabled via "ntlm auth"; (bso#13360);
  + s3-tldap: do not install test_tldap; (bso#13529);
  + ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540);
  + CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
    ltdb_index_dn_attr(); (bso#13374);
  + ctdb-eventd: Fix CID 1438155; (bso#13554);
  + Fix CIDs 1438243, (Unchecked return value) 1438244
    (Unsigned compared against 0), 1438245 (Dereference before null check) and
    1438246 (Unchecked return value); (bso#13553);
  + ctdb: Fix a cut&paste error; (bso#13554);
  + systemd: Only start smb when network interfaces are up; (bso#13559);
  + Fix quotas don't work with SMB2; (bso#13553);
  + s3/smbd: Ensure quota code is only called when quota support
    detected; (bso#13563);
  + s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204);
  + s3:waf: Install eventlogadm to /usr/sbin; (bso#13561);
  + Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);

-------------------------------------------------------------------
Mon Aug 20 21:25:27 UTC 2018 - ddiss@suse.com

- Update to 4.6.15
  + Fix ctdb_mutex_ceph_rados_helper deadlock; (bso#13540); (bsc#1102230);
  + Allow idmap_rid to have primary group other than "Domain Users";
    (bsc#1087931).

-------------------------------------------------------------------
Mon Aug 20 15:03:01 MDT 2018 - dmulder@suse.com

- Update to samba-4.9.0rc2+git.21.a1069afb007
  + s3: smbd:  Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537);
  + s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check();
    (bso#13535);
  + samba-tool trust: Support discovery via netr_GetDcName; (bso#13538);
  + s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542);
  + Fix portability issues on freebsd; (bso#13520);
  + DNS wildcard search does not handle multiple labels correctly; (bso#13536);
  + samba-tool domain trust: Fix trust compatibility to Windows
    Server 1709 and FreeIPA; (bso#13308);
  + Fix portability issues on freebsd; (bso#13520);
  + ctdb-protocol: Fix CTDB compilation issues; (bso#13545);
  + ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT
    option; (bso#13546);
  + ctdb-doc: Provide an example script for migrating old
    configuration; (bso#13550);
  + ctdb-event: Implement event tool "script list" command; (bso#13551);

-------------------------------------------------------------------
Tue Aug 14 13:06:03 UTC 2018 - nopower@suse.com

- Update to samba-4.8.4+git.37.a7a861d7982;
  + CVE-2018-1139:  Weak authentication protocol allowed;
    (bsc#1095048); (bsc#13360);
  + CVE-2018-1140:  Denial of Service Attack on DNS and LDAP server;
    (bsc#1095056); (bso#13466); (bso#13374);
  + CVE-2018-10858: Insufficient input validation on client directory
    listing in libsmbclient; (bsc#1103411); (bso#13453);
  + CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server;
    (bsc#1103414); (bso#13552);
  + CVE-2018-10919: Confidential attribute disclosure from the AD
    LDAP server; (bsc#1095057); (bso#13434);
  + s3:winbind: winbind normalize names' doesn't work for users;
    (bso#12851);
  + winbind: Fix UPN handling in canonicalize_username(); (bso#13369);
  + s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428);
  + samdb: Fix building Samba with gcc 8.1; (bso#13437);
  + s3:utils: Do not segfault on error in DoDNSUpdate();  (bso#13440);
  + smbd: Flush dfree memcache on service reload; (bso#13446);
  + ldb: Save a copy of the index result before calling the
  + lib/util: No Backtrace given by Samba's AD DC by default;
    (bso#13454).
  + s3: smbd: printing: Re-implement delete-on-close semantics for
    print files missing since 3.5.x; (bso#13457).
  + python: Fix talloc frame use in make_simple_acl(); (bso#13474).
  + krb5_wrap: Fix keep_old_entries logic for older Kerberos
    libraries;(bso#13478).
  + krb5_plugin: Add winbind localauth plugin for MIT Kerberos;
    (bso#13480).

-------------------------------------------------------------------
Wed Aug  1 14:57:51 UTC 2018 - scabrero@suse.de

- CVE-2018-10858: Insufficient input validation on client directory
  listing in libsmbclient; (bso#13453); (bsc#1103411);
- s3: winbind: Fix 'winbind normalize names' in wb_getpwsid();
  (bso#12851);
- winbind: avoid using fstrcpy in _dual_init_connection;
  (bso#13294); (bsc#1087303);
- Fix ntlm authentications with "winbind use default domain = yes";
  (bso#13126); (bsc#1068059);
- net: fix net ads keytab handling; (bso#13166); (bsc#1067700);
- fix vfs_ceph flock stub; (bso#13506).

-------------------------------------------------------------------
Tue May 29 12:08:15 UTC 2018 - scabrero@suse.de

- Add missing package descriptions; (bsc#1093864);
- Fix dependency issue between samba-python and samba-kdc; (bsc#1062876);
- Call update-apparmor-samba-profile when running samba-ad-dc;
  (bsc#1092099);

-------------------------------------------------------------------
Wed May 23 14:01:16 UTC 2018 - ddiss@suse.com

- Fix vfs_ceph with "aio read size" or "aio write size" > 0;
  (bsc#1093664).
  + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425).
  + Fix memory leak in vfs_ceph; (bso#13424).

- Update to 4.6.14
  + winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection;
    (bso#13294).
  + s3:smb2_server: correctly maintain request counters for compound
    requests; (bso#13215).
  + s3: smbd: Unix extensions attempts to change wrong field in fchown
    call; (bso#13375).
  + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338).
  + vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async;
    (bso#13297).
  + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't
    support fdopendir(); (bso#13270).
  + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we
    don't own it here; (bso#13244).
  + s3:libsmb: allow -U"\\administrator" to work; (bso#13206).
  + CVE-2018-1057: s4:dsdb: fix unprivileged password changes;
    (bso#13272); (bsc#1081024).
  + s3:smbd: Do not crash if we fail to init the session table;
    (bso#13315).
  + libsmb: Use smb2 tcon if conn_protocol >= SMB2_02; (bso#13310).
  + smbXcli: Add "force_channel_sequence"; (bso#13215).
  + smbd: Fix channel sequence number checks for long-running requests;
    (bso#13215).
  + s3:smb2_server: allow logoff, close, unlock, cancel and echo on
    expired sessions; (bso#13197).
  + s3:smbd: return the correct error for cancelled SMB2 notifies on
    expired sessions; (bso#13197).
  + samba: Only use async signal-safe functions in signal handler;
    (bso#13240).
  + subnet: Avoid a segfault when renaming subnet objects; (bso#13031).

-------------------------------------------------------------------
Wed May 23 09:52:28 UTC 2018 - jmcdonough@suse.com

- Update to 4.8.2
  + After update to 4.8.0 DC failed with "Failed to find our own
    NTDS Settings objectGUID" (bso#13335).
  + fix incorrect reporting of stream dos  attributes on a
    directory (bso#13380).
  + vfs_ceph: add asynchronous fsync; fake synchronous call (bso#13412).
  + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425)
  + vfs_ceph: Fix memory leak; (bso#13424).
  + libsmbclient: Fix hard-coded connection error return of
    ETIMEDOUT; (bso#13419).
  + s4-lsa: Fix use-after-free in LSA server; (bso#13420).
  + winbindd: Do re-connect if the RPC call fails in the passdb
    case; (bso#13430).
  + cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers; (bso#13416).
  + cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd
    unclean process shutdown; (bso#13414).
  + ctdb-client: Remove ununsed functions from old client code;
    (bso#13411).
  + printing: Return the same error code as windows does on upload
    failures; (bso#13395).
  + nsswitch: Fix memory leak in winbind_open_pipe_sock() when the
    privileged pipe is not accessable; (bso#13400).
  + s4:lsa_lookup: remove TALLOC_FREE(state) after all
    dcesrv_lsa_Lookup{Names,Sids}_base_map() calls; (bso#13420).
  + rpc_server: Fix NetSessEnum with stale sessions; (bso#13407).
  + s3:smbspool: Fix cmdline argument handling; (bso#13417).

-------------------------------------------------------------------
Fri Apr 27 13:57:14 UTC 2018 - scabrero@suse.de

- Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is
  required by some client libs; (bsc#1074135);
- Update to 4.8.1; (bsc#1091179);
  + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error,
    we don't own it here; (bso#13244);
  + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't
    support fdopendir(); (bso#13270);
  + Round-tripping ACL get/set through vfs_fruit will increase the number of
    ACE entries without limit; (bso#13319);
  + s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit
    issues; (bso#13347);
  + s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without
    delete access; (bso#13358);
  + s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372);
  + s3: smbd: Unix extensions attempts to change wrong field in fchown call;
    (bso#13375);
  + ms_schema/samba-tool visualize: Fix python2.6 incompatibility;
    (bso#13337);
  + Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352);
  + Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
  + winbindd: Recover loss of netlogon secure channel in case the peer DC is
    rebooted; (bso#13332);
  + s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363);
  + ctdb-client: Fix bugs in client code; (bso#13356);
  + ctdb-scripts: Drop "net serverid wipe" from 50.samba event script;
    (bso#13359);
  + s3: lib: messages: Don't use the result of sec_init() before calling
    sec_init(); (bso#13368);
  + libads: Fix the build '--without-ads'; (bso#13273);
  + winbind: Keep "force_reauth" in invalidate_cm_connection, add
    'smbcontrol disconnect-dc'; (bso#13332);
  + vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343);
  + dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367);
  + rpc_server: Fix core dump in dfsgetinfo; (bso#13370);
  + smbclient: Fix notify; (bso#13382);
  + Fix smbd panic if the client-supplied channel sequence number wraps;
    (bso#13215);
  + Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
  + lib/util: Remove unused '#include <sys/syscall.h>' from tests/tfork.c;
    (bso#13342);
  + Fix build errors with cc from developerstudio 12.5 on Solaris;
    (bso#13343);
  + Fix the picky-developer build on FreeBSD 11; (bso#13344);
  + s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345);
  + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338);
  + lib:replace: Fix linking when libtirpc-devel overwrites system headers;
    (bso#13341);
  + winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid
    query; (bso#13312);
  + s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376);
  + Allow AESNI to be used on all processor supporting AESNI; (bso#13302);

-------------------------------------------------------------------
Wed Apr 11 14:55:09 UTC 2018 - aaptel@suse.com

- Use new foreground execution flags for systemd samba daemons;
  (bsc#1088574); (bsc#1071090); (bsc#1065551);
  + Add %post scriptlet to clear old sysconfig flags
- Update vendor-files to commit 880b3e7.
  + Set samba sysconfig template variables to ""
  + Add required daemon flags directly to systemd unit

-------------------------------------------------------------------
Mon Mar 26 22:37:15 UTC 2018 - jengelh@inai.de

- Specfile cleanup
  + Remove %if..%endif guards which don't affect the build
  + Remove redundant %clean section
  + Replace old $RPM_* shell vars with macros

-------------------------------------------------------------------
Thu Mar 22 16:28:02 UTC 2018 - dimstar@opensuse.org

- BuildRequire pkgconfig(systemd) and pkgconfig(libsystemd) in
  place of systemd and systemd-devel: Allow OBS to optimize the
  workload by allowing the usage of the 'build-optimized' systemd
  packages.

-------------------------------------------------------------------
Thu Mar 22 14:20:44 UTC 2018 - dmulder@suse.com

- Enable building samba with python3, and create a samba-python3 package.

-------------------------------------------------------------------
Thu Mar 15 11:29:04 UTC 2018 - jmcdonough@suse.com

- Update to 4.8
  + New GUID Index mode in sam.ldb for the AD DC
  + GPO support for samba KDC
  + Time machine support with vfs_fruit
  + Encrypted secrets
  + AD Replication visualization
  + Improved trust support
    - ability to not scan global trust list
    - AD external trusts have limited support
    - verbose trusted domain listing
  + VirusFilter VFS module
  + NT4-style replication removed
  + vfs_aio_linux removed

-------------------------------------------------------------------
Tue Mar 13 20:12:10 UTC 2018 - david.mulder@suse.com

- Disable samba-pidl package, due to the removal of dependency
  perl-Parse-Yapp; (bsc#1085150);

-------------------------------------------------------------------
Tue Mar 13 09:49:44 UTC 2018 - jmcdonough@suse.com

- Update to 4.7.6;
  + CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally;
    (bso#11343); (bsc#1081741);
  + CVE-2018-1057: Authenticated users can change other users' password;
    (bso#13272); (bsc#1081024).

-------------------------------------------------------------------
Wed Mar  7 11:54:50 UTC 2018 - jmcdonough@suse.com

- CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally;
  (bso#11343); (bsc#1081741);

-------------------------------------------------------------------
Tue Mar  6 23:36:51 UTC 2018 - ddiss@suse.com

- Update to 4.6.13; (bsc#1084191)
  + ceph_statx configure time check doesn't work with a non-default
    --with-libcephfs path; (bso#13250).
    - follow up fix for libceph-common detection; (bso#13277).
  + Fail to copy file with empty FinderInfo from Windows client to Samba
    share with fruit; (bso#13181).
  + vfs_ceph uses a local statvfs() call to determine FS capabilities;
    (bso#13208).
  + smbd tries to release not leased oplock during oplock II downgrade;
    (bso#13193).
  + smbd panic when chdir returns error during exit; (bso#13189).
  + ctdb_recovery_helper crashes if recovery process times out; (bso#13188).
  + POSIX ACL support is broken on hpux and possibly other big-endian OSs;
    (bso#13176).
  + Kerberos: PKINIT: Can't decode algorithm parameters in
    clientPublicValue; (bso#12986).
  + g_lock conflict detection broken when processing stale entries.;
    (bso#13195).
  + The KDC on an RWDC doesn't send error replies in some situations;
    (bso#13132).

-------------------------------------------------------------------
Mon Feb 26 22:09:49 UTC 2018 - aaptel@suse.com

- Disable python until full python3 port is done; (bsc#1082139);
  + Remove contents of package samba-python
  + Remove contents of package libsamba-policy0
  + Remove contents of package libsamba-policy-devel
  + Remove library libsamba-python-samba4.so from samba-libs package
  + Remove library libsamba-net-samba4.so from samba-libs package
  + Remove smbtorture binary and manpage from samba-test

-------------------------------------------------------------------
Fri Feb 23 15:27:07 UTC 2018 - dmulder@suse.com

- samba fails to build with glibc2.27; (bsc#1081042);

-------------------------------------------------------------------
Mon Feb 12 09:12:02 UTC 2018 - scabrero@suse.com

- Update to 4.7.5; (bsc#1080545);
  + smbd tries to release not leased oplock during oplock II downgrade;
    (bso#13193);
  + Fix copying file with empty FinderInfo from Windows client to Samba share
    with fruit; (bso#13181);
  + build: Deal with recent glibc sunrpc header removal; (bso#10976);
  + Make Samba work with tirpc and libnsl2; (bso#13238);
  + vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208);
    (bsc#1075206);
  + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
    (bso#12986);
  + ctdb-recovery-helper: Deregister message handler in error paths;
    (bso#13188);
  + samba: Only use async signal-safe functions in signal handler; (bso#13240);
  + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
    (bso#12986);
  + repl_meta_data: Fix linked attribute corruption on databases
    with unsorted links on expunge. dbcheck: Add functionality to fix the
    corrupt database; (bso#13228);
  + Fix smbd panic when chdir returns error during exit; (bso#13189);
  + Make Samba work with tirpc and libnsl2; (bso#13238);
  + Fix POSIX ACL support on HPUX and possibly other big-endian OSs;
    (bso#13176);

-------------------------------------------------------------------
Fri Feb  9 13:25:11 UTC 2018 - scabrero@suse.com

- Update to 4.7.4; (bsc#1080545);
  + s3: smbclient: Implement 'volume' command over SMB2; (bso#13140);
  + s3: libsmb: Fix valgrind read-after-free error in
    cli_smb2_close_fnum_recv(); (bso#13171);
  + s3: libsmb: Fix reversing of oldname/newname paths when creating a
    reparse point symlink on Windows from smbclient; (bso#13172);
  + Build man page for vfs_zfsacl.8 with Samba; (bso#12934);
  + repl_meta_data: Allow delete of an object with dangling backlinks;
    (bso#13095);
  + s4:samba: Fix default to be running samba as a deamon; (bso#13129);
  + Performance regression in DNS server with introduction of DNS wildcard,
    ldb: Release 1.2.3; (bso#13191);
  + vfs_zfsacl: Fix compilation error; (bso#6133);
  + "smb encrypt" setting changes are not fully applied until full smbd
    restart; (bso#13051);
  + winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052);
  + vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155);
  + winbindd: Dependency on trusted-domain list in winbindd in critical auth
    codepath; (bso#13173);
  + repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120);
  + ctdb: sock_daemon leaks memory; (bso#13153);
  + TCP tickles not getting synchronised on CTDB restart; (bso#13154);
  + winbindd: winbind parent and child share a ctdb connection; (bso#13150);
  + pthreadpool: Fix deadlock; (bso#13170);
  + pthreadpool: Fix starvation after fork; (bso#13179);
  + messaging: Always register the unique id; (bso#13180);
  + s4/smbd: set the process group; (bso#13129);
  + Fix broken linked attribute handling; (bso#13095);
  + The KDC on an RWDC doesn't send error replies in some situations;
    (bso#13132);
  + libnet_join: Fix 'net rpc oldjoin'; (bso#13149);
  + g_lock conflict detection broken when processing stale entries;
    (bso#13195);
  + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired
    sessions; (bso#13197);
  + s3:libads: net ads keytab list fails with "Key table name malformed";
    (bso#13166); (bsc#1067700);
  + Fix crash in pthreadpool thread after failure from pthread_create;
    (bso#13170);
  + s4:samba: Allow samba daemon to run in foreground; (bso#13129);
    (bsc#1065551);
  + third_party: Link the aesni-intel library with "-z noexecstack";
    (bso#13174);
  + vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I"
    options; (bso#13125);

-------------------------------------------------------------------
Wed Dec  6 17:52:41 UTC 2017 - kukuk@suse.de

- Re-enable usage of libnsl (did got lost with glibc change)
- Use TI-RPC (sunrpc is deprecated and will be removed soon from
  glibc)

-------------------------------------------------------------------
Thu Nov 30 09:31:53 UTC 2017 - scabrero@suse.com

- Update to 4.6.11; (bsc#1084191)
  + vfs_glusterfs: Fix exporting subdirs with shadow_copy2; (bso#13091);
  + s3: smbclient: Ensure we call client_clean_name() before all
    operations on remote pathnames; (bso#13093);
  + Non-smbd processes using kernel oplocks can hang smbd; (bso#13121);
  + python: use communicate to fix Popen deadlock; (bso#13127);
  + smbd on disk file corruption bug under heavy threaded load; (bso#13130);
  + tevent: version 0.9.34; (bso#13130);
  + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086);
  + smbd: Move check for SMB2 compound request to new function; (bso#13047);
  + s3:vfs_glusterfs: Fix a double free in vfs_gluster_getwd(); (bso#13100);
  + s4:pyparam: Fix resource leaks on error; (bso#13101);
  + s3:smbd: Fix delete-on-close after smb2_find; (bso#13118);

-------------------------------------------------------------------
Wed Nov 29 16:59:07 UTC 2017 - david.mulder@suse.com

- smbc_opendir should not return EEXIST with invalid login credentials;
  (bnc#1065868).

-------------------------------------------------------------------
Tue Nov 28 17:07:26 UTC 2017 - scabrero@suse.com

- Update to 4.7.3; (bsc#1069666);
  + Non-smbd processes using kernel oplocks can hang smbd;
    (bso#13121);
  + python: use communicate to fix Popen deadlock; (bso#13127);
  + smbd on disk file corruption bug under heavy threaded load;
    (bso#13130);
  + tevent: version 0.9.34; (bso#13130);
  + s3: smbd: Fix delete-on-close after smb2_find; (bso#13118);
  + CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug;
    (bsc#1060427);(bso#13041);
  + CVE-2017-15275: s3: smbd: Chain code can return uninitialized
    memory when talloc buffer is grown; (bsc#1063008); (bso#13077);
- Build with AD DC support only in openSUSE.

-------------------------------------------------------------------
Mon Nov 27 14:23:09 UTC 2017 - rbrown@suse.com

- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)

-------------------------------------------------------------------
Wed Nov 15 17:00:50 UTC 2017 - dmulder@suse.com

- samba-tool requires samba-python; (bnc#1067771).

-------------------------------------------------------------------
Wed Nov  8 17:21:41 UTC 2017 - scabrero@suse.de

- CVE-2017-14746: Use-after-free vulnerability; (bso#13041);
  (bsc#1060427);
- CVE-2017-15275: Server heap memory information leak;
  (bso#13077); (bsc#1063008);

-------------------------------------------------------------------
Tue Nov  7 07:43:54 UTC 2017 - scabrero@suse.com

- Run all daemons in the foreground and let systemd handle it; (bsc#1065551).
- Update to 4.7.1;
  + Fix exporting subdirs with shadow_copy2; (bso#13091);
  + Currently if getwd() fails after a chdir(), we panic; (bso#13027);
  + Ensure default SMB_VFS_GETWD() call can't return a partially completed
    struct smb_filename; (bso#13068);
  + sys_getwd() can leak memory or possibly return the wrong errno on older
    systems; (bso#13069);
  + smbclient doesn't correctly canonicalize all local names before use;
    (bso#13093);
  + Fix broken linked attribute handling; (bso#13095);
  + Missing LDAP query escapes in DNS rpc server; (bso#12994);
  + Link to -lbsd when building replace.c by hand; (bso#13087);
  + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem;
    (bso#6133);
  + Map SYNCHRONIZE acl permission statically in zfs_acl vfs module;
    (bso#7909);
  + Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module;
    (bso#7933);
  + Missing assignment in sl_pack_float; (bso#12991);
  + Wrong Samba access checks when changing DOS attributes; (bso#12995);
  + samba_runcmd_send() leaves zombie processes on timeout; (bso#13062);
  + groupmap cleanup should not delete BUILTIN mappings; (bso#13065);
  + Enabling vfs_fruit results in loss of Finder tags and other xattrs;
    (bso#13076);
  + man pages: Properly ident lists; (bso#9613);
  + smb.conf.5: Sort parameters alphabetically; (bso#13081);
  + Fix GUID string format on GetPrinter info; (bso#12993);
  + Remote serverid check doesn't check for the unique id; (bso#13042);
  + CTDB starts consuming memory if there are dead nodes in the cluster;
    (bso#13056);
  + ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070);
  + libgpo doesn't sort the GPOs in the correct order; (bso#13046);
  + Remote serverid check doesn't check for the unique id; (bso#13042);
  + vfs_catia: Fix a potential memleak; (bso#13090);
  + Fix file change notification for renames; (bso#12903);
  + Samba DNS server does not honour wildcards; (bso#12952);
  + Can't change password in samba from a Windows client if Samba runs on
    IPv6 only interface; (bso#13079);
  + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086);
  + Apple client can't cope with SMB2 async replies when creating symlinks;
    (bso#13047);
  + s4:rpc_server:backupkey: Move variable into scope; (bso#12959);
  + Fix ntstatus_gen.h generation on 32bit; (bso#13099);
  + Fix a double free in vfs_gluster_getwd(); (bso#13100);
  + Fix resouce leaks and pointer issues; (bso#13101);
  + vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);

-------------------------------------------------------------------
Fri Oct 27 07:48:17 UTC 2017 - scabrero@suse.de

- Update to 4.6.9; (bsc#1065066);
  + Reverse sense of 'clear all attributes', ignore attribute change in SMB2
    to match SMB1; (bso#12899);
  + SMBC_setatr() initially uses an SMB1 call before falling back;
    (bso#12913);
  + Fix segfault on MacOS 10.12.3 clients caused by SMB_VFS_GET_COMPRESSION;
    (bso#13003);
  + sys_getwd() can leak memory or possibly return the wrong errno on older
    systems; (bso#13069);
  + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem;
    (bso#6133);
  + Map SYNCHRONIZE acl permission statically; (bso#7909);
  + Honor SEC_STD_WRITE_OWNER bit; (bso#7933);
  + Kernel oplocks still have issues with named streams; (bso#12791);
  + Handle EACCES when fetching DOS attributes; (bso#12944);
  + Missing assignment in sl_pack_float; (bso#12991);
  + Fix wrong Samba access checks when changing DOS attributes; (bso#12995);
  + Groupmap cleanup should not delete BUILTIN mappings; (bso#13065);
  + Enabling vfs_fruit results in loss of Finder tags and other xattrs;
    (bso#13076);
  + Fix GUID string format on GetPrinter info; (bso#12993);
  + Match WS2016 ReFS set compression behaviour; (bso#12144);
  + Fix implementation of process_exists control; (bso#13012);
  + GET_DB_SEQNUM control can cause ctdb to deadlock when databases are
    frozen; (bso#13021);
  + Free up record data if a call request is deferred; (bso#13029);
  + Initialize ctdb_ltdb_header completely for empty record; (bso#13036);
  + CTDB starts consuming memory if there are dead nodes in the cluster;
    (bso#13056);
  + Ignore event scripts with multiple '.'s; (bso#13070);
  + Sort the GPOs in the correct order; (bso#13046);
  + 'smbd' uses a lot of CPU on startup of a connection; (bso#12973);
  + Fix str[n]casecmp_m() by comparing lower case values; (bso#13018);
  + Can't change password in Samba from a windows client if Samba runs on
    IPv6 only interface; (bso#13079);
  + Fix file change notification for renames; (bso#12903);
  + Avoid a socket leak after fork; (bso#13006);
  + Fix a potential memleak; (bso#13090);
  + Fix passing of errno from async calls; (bso#12983);
  + Fix segfault when running with log level 10; (bso#13032);
  + Do not report an invalid range for AD DC role; (bso#12629);
  + Print the kinit failed message with DBGLVL_NOTICE; (bso#12704);
  + Fix changing passwords with Kerberos; (bso#12956);
  + Fix changing the password with 'smbpasswd' as a local user on a domain
    member; (bso#12975);
  + Fix a read after free if a chained SMB1 call goes async; (bso#12836);
  + CVE-2017-12163: Prevent client short SMB1 write from writing server memory
    to file; (bso#13020);
  + Let non_widelink_open() chdir() to directories directly; (bso#12885);
  + CVE-2017-12151: Keep required encryption across SMB3 dfs redirects;
    (bso#12996);
  + CVE-2017-12150: Some code path don't enforce smb signing when they should;
    (bso#12997);

-------------------------------------------------------------------
Mon Oct 23 15:10:32 UTC 2017 - dimstar@opensuse.org

- Add samba-kdc to baselibs.conf.
- Do not wrap samba-kdc's package definition into if/endif: the
  package won't be generated simply based on the fact that there is
  no files section for the package. Allows the source validator to
  ensure samba-kdc is a built package.

-------------------------------------------------------------------
Thu Sep 28 11:25:54 UTC 2017 - scabrero@suse.com

- Update to 4.7.0;
  + Whole DB read locks: Improved LDAP and replication consistency;
    (bso#12858).
  + Samba AD with MIT Kerberos
  + Dynamic RPC port range: Default range changed from "1024-1300" to
    "49152-65535".
  + Authentication and Authorization audit support: New auth_audit debug
    class.
  + Multi-process LDAP Server: The LDAP server in the AD DC now honours
    the process model used for the rest of the 'samba' process.
  + Improved Read-Only Domain Controller (RODC) Support; (bso#12977).
  + Additional password hashes stored in supplementalCredentials.
  + Improvements to DNS during Active Directory domain join.
  + Significant AD performance and replication improvements.
  + Query record for open file or directory.
  + Removal of lpcfg_register_defaults_hook().
  + Change of loadable module interface.
  + SHA256 LDAPS Certificates: The self-signed certificate generated for use
    on LDAPS will now be generated with a SHA256 self-signature, not a SHA1
    self-signature.
  + CTDB no longer allows mixed minor versions in a cluster.
  + CTDB now ignores hints from Samba about TDB flags when attaching to
    databases.
  + New configuration variable CTDB_NFS_CHECKS_DIR.
  + The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed.
  + The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed.
  + The example NFS Ganesha call-out has been improved.
  + A new "replicated" database type is available.

-------------------------------------------------------------------
Fri Sep 22 13:51:41 UTC 2017 - scabrero@suse.de

- Fix GUID string format on GetPrinter info request; (bso#12993);
  (bsc#1050707).

-------------------------------------------------------------------
Thu Sep 14 20:41:11 UTC 2017 - aaptel@suse.com

- CVE-2017-12163: Prevent client short SMB1 write from
  writing server memory to file; (bso#13020); (bsc#1058624).

-------------------------------------------------------------------
Thu Sep 14 19:03:56 UTC 2017 - nopower@suse.com

- CVE-2017-12150: Some code path don't enforce smb signing,
  when they should; (bso#12997); (bsc#1058622).

-------------------------------------------------------------------
Thu Sep 14 14:39:37 UTC 2017 - nopower@suse.com

- CVE-2017-12151: Keep required encryption across SMB3 dfs
  redirects; (bso#12996); (bsc#1058565).

-------------------------------------------------------------------
Thu Aug 31 08:31:51 UTC 2017 - aaptel@suse.com

- Clean specfile assuming SUSE-only system and product >=SLE11
  + %{ul_version}, %{rhel_version}, %{mandriva_version}, %{centos_version}
    are always undefined
  + %{_vendor} is "suse" and %{suse_version} is at least 1100

-------------------------------------------------------------------
Wed Aug 16 11:33:36 UTC 2017 - ddiss@suse.com

- Update to 4.6.7; (bsc#1054017)
  + Joining a Huawai storage fails: empty CLDAP ping answer; (bso#11392).
  + smbcacls can fail against a directory on Windows using SMB2.; (bso#12937).
  + vfs_ceph provides inconsistent directory listings; (bso#12911).
  + Misused talloc context can cause a user to crash their smbd by chaining
    SMB1 commands.; (bso#12836).
  + Use-after free can crash libsmbclient code.; (bso#12927).
  + Server exit with active AIO can crash.; (bso#12925).
  + Ensure notifyd doesn't return from smbd_notifyd_init; (bso#12910).
  + fd leak to ctdb sub-processes leads to SELinux AVC denial in audit logs;
    (bso#12898).
  + vfs_fruit shouldn't send MS NFS ACEs to Windows clients; (bso#12897).
  + smbspool_krb5_wrapper does not tell CUPS that it requires negotiate for
    authentication; (bso#12886).
  + finder sidebar showing question mark instead of icon when using ip to
    connect with vfs_fruit; (bso#12840).
  + Winbind stops obtaining the 'unixHomeDirectory' & 'loginShell' attributes
    from AD.; (bso#12720).
  + KCC run at selftest startup can fail spuriously due to a race;
    (bso#12869).
  + winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for
    the remote change; (bso#12782).
  + rpc_pipe_client memory leaks due to long term memory context passed to
    rpc_pipe_open_interface(); (bso#12890).
  + CVE-2017-2619 breaks accessing previous versions of directories with
    snapshots in subdirectories of the share; (bso#12885).
  + dns_name_equal doing OOB read; (bso#12813).
  + replica_sync tests flap; (bso#12753).
  + Selftest should not call 'net cache flush' and wipe important winbind
    entries; (bso#12868).
  + Old Samba versions don't support using recent ldb versions (>=1.1.30);
    (bso#12859).
  + pam_winbind fails with kerberos method = secrets and keytab; (bso#10490).
  + race starting winbindd against posixacl test; (bso#12843).
  + Crash in the reentrant smbd_smb2_create_send() if the something fails in
    the subsequent try; (bso#12832).
  + spnego.c passes the wrong argument order to gensec_update_ev() for the
    FALLBACK case; (bso#12788).
  + Clients with SMB3 support can't connect with
    "server max protocol = SMB2_02"; (bso#12772).
  + A log message of samb-tool user syncpasswords reverses string arguments in
    a debug message "Call Popen[...".; (bso#12768).
  + The smb tarmode tests kills the share dir contents; (bso#12867).
  + Fix for a bug in MacOS X Sierra NTLMv2 processing; (bso#12862).
  + CVE-2017-2619 regression with non-wide symlinks to directories; (bso#12860).
  + manpage/index.html lists links not in alphabetical order; (bso#12854).
  + smbcacls got error NT_STATUS_NETWORK_NAME_DELETED; (bso#12831).
  + If a record is locked in a database, then recovery does not complete;
    (bso#12857).
  + debug_locks.sh script does not log any information; (bso#12856).
  + SIGSEGV in cm_connect_lsa_tcp dereferencing conn->lsa_tcp_pipe->transport
    after error; (bso#12852).
  + smbclient can't parse DOMAIN+username if a different winbind separator is
    used; (bso#12849).
  + Related requests with SessionSetup fail with INTERNAL_ERROR; (bso#12845).
  + Related requests with TreeConnect fail with NETWORK_NAME_DELETED;
    (bso#12844).
  + cli->server_os not filled correctly; (bso#12779).
  + REGRESSION: smbclient doesn't print the session setup anymore;
    (bso#12824).
  + smblcient doesn't handle STATUS_NOT_SUPPORTED gracefully for
    FSCTL_VALIDATE_NEGOTIATE_INFO; (bso#12808).
  + CTDB NFS call-out failures do not cause event failures; (bso#12837).
  + net command fails due to incorrectly return code; (bso#12828).
  + Fix building Samba with GCC 7.1; (bso#12827).

-------------------------------------------------------------------
Tue Aug  8 12:58:56 UTC 2017 - dmulder@suse.com

- Fix duplicate CTDB_LOGGING params when downgraded and upgraded again;
  (bsc#1048339).

-------------------------------------------------------------------
Mon Jul 24 13:34:55 UTC 2017 - ddiss@suse.com

- fix cephwrap_chdir(); (bsc#1048790).
- Update to 4.6.6
  + CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation;
    (bsc#1048278).

-------------------------------------------------------------------
Thu Jul 13 21:13:21 UTC 2017 - dmulder@suse.com

- Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb; (bsc#1048339).

-------------------------------------------------------------------
Wed Jul 12 22:30:48 UTC 2017 - ddiss@suse.com

- Fix inconsistent ctdb socket path; (bsc#1048352).
- Fix non-admin cephx authentication; (bsc#1048387).

-------------------------------------------------------------------
Wed Jun  7 14:31:47 UTC 2017 - ddiss@suse.com

- Update to 4.6.5; (bsc#1040157)
  + Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at
    startup; (bso#12814).
  + vfs_expand_msdfs tries to open the remote address as a file path;
    (bso#12687).
  + PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type);
    (bso#12798).
  + With clustering get update_num_read_oplocks failed and PANIC:
    num_share_modes == 1 assertion failure; (bso#11844).
  + contend_level2_oplocks_begin_default oplock optimisation doesn't carry
    over to leases; (bso#12766).
  + `ctdb nodestatus` incorrectly displays status for all nodes with wrong
    exit code; (bso#12802).
  + CTDB can spin hard on revoking readonly delegations if a node becomes
    disconnected; (bso#12697).
  + Printing a share mode entry with leases can crash in the ndr code;
    (bso#12793).
  + Fix flakey unit tests for eventd; (bso#12792).
  + CTDB daemon crashes if built with clang; (bso#12770).
  + smbcacls fails if no password is specified; (bso#12765).
  + idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757).
  + samba-tool user syncpasswords doesn't trigger the script when a user gets
    removed; (bso#12767).
  + systemd: fix detection of libsystemd; (bso#12764).
  + Notify subsystem only maps first inotify mask to Windows notify filter;
    (bso#12760).
  + Allow passing trusted domain password as plain-text to PASSDB layer;
    (bso#12751).
  + Can't case-rename files with vfs_fruit; (bso#12749).
  + wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702).
  + vfs_acl_common should force "create mask = 0777", not 0666; (bso#12562).
  + Ordering of notify responses broken; (bso#12756).

-------------------------------------------------------------------
Wed Jun  7 13:17:24 UTC 2017 - nopower@suse.com

- s3: libsmb: Fix error where short name length was read as 2
  bytes, should be 1; (bso#11822); (bsc#1042419).

-------------------------------------------------------------------
Mon May 29 16:03:52 UTC 2017 - ddiss@suse.com

- Revert explicit winbind %{version}-%{release} dependency.
  + The ABI has stabilized since (bsc#936909), so remove to fix cross-media
    dependencies; (bsc#1037899).

-------------------------------------------------------------------
Mon May 22 15:54:05 UTC 2017 - ddiss@suse.com

- Fix CVE-2017-7494 remote code execution from a writable share;
  (bso#12780); (bsc#1038231).

-------------------------------------------------------------------
Tue Apr 25 15:28:16 UTC 2017 - ddiss@suse.com

- Update to 4.6.3; (bsc#1036011)
  + s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots
    from shares with GlusterFS backend; (bso#12743).
  + Fix for Solaris C compiler; (bso#12559).
  + s3: locking: Update oplock optimization for the leases era; (bso#12628).
  + Make the Solaris C compiler happy; (bso#12693).
  + s3: libgpo: Allow skipping GPO objects that don't have the
    expected LDAP attributes; (bso#12695).
  + Fix buffer overflow caused by wrong use of getgroups; (bso#12747).
  + lib: debug: Avoid negative array access; (bso#12746).
  + cleanupdb: Fix a memory read error; (bso#12748).
  + streams_xattr and kernel oplocks results in
    NT_STATUS_NETWORK_BUSY; (bso#7537).
  + winbindd: idmap_autorid allocates ids for unknown SIDs from other
    backends; (bso#11961).
  + vfs_fruit: Resource fork open request with
    flags=O_CREAT|O_RDONLY; (bso#12565).
  + manpages/vfs_fruit: Document global options; (bso#12615).
  + lib/pthreadpool: Fix a memory leak; (bso#12624).
  + Lookup-domain for well-known SIDs on a DC; (bso#12727).
  + winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728).
  + winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729).
  + credentials_krb5: use gss_acquire_cred for client-side GSSAPI
    use case; (bso#12611).
  + lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690).
  + ctdb-readonly: Avoid a tight loop waiting for revoke to
    complete; (bso#12697).
  + ctdb_event monitor command crashes if event is not specified;
    (bso#12723).
  + ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733).
  + smbd: Fix smb1 findfirst with DFS; (bso#12558).
  + smbd: Do an early exit on negprot failure; (bso#12610).
  + winbindd: Fix substitution for 'template homedir'; (bso#12699).
  + s4:kdc: Disable principal based autodetected referral detection;
    (bso#12554).
  + idmap_autorid: Allocate new domain range if the callers knows
    the sid is valid; (bso#12613).
  + LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724).
  + PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for
    trusted domain; (bso#12725).
  + rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731).
  + winbindd: Fix password policy for pam authentication; (bso#12725).
  + s3:gse: Correctly handle external trusts with MIT; (bso#12554).
  + auth/credentials: Always set the realm if we set the principal
    from the ccache; (bso#12611).
  + replace: Include sysmacros.h; (bso#12686).
  + s3:vfs_expand_msdfs: Do not open the remote address as a file;
    (bso#12687).
  + s3:libsmb: Only print error message if kerberos use is forced;
    (bso#12704).
  + winbindd: Child process crashes when kerberos-authenticating
    a user with wrong password; (bso#12708).
  + vfs_fruit: Office document opens as read-only on macOS due to
    CNID semantics; (bso#12715).
  + vfs_acl_xattr: Fix failure to get ACL on Linux if memory is
    fragmented; (bso#12737).

-------------------------------------------------------------------
Tue Apr 25 13:46:20 UTC 2017 - ddiss@suse.com

- Generate and update vendor-files tarball from Git
  + SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416).

-------------------------------------------------------------------
Tue Apr 18 13:38:11 UTC 2017 - ddiss@suse.com

- Generate source tarball directly from Git using OBS tar_scm
  + use version string derived from parent Git tag and commit hash
    - remove obsolete vendor-files/tools/package-data version ID
  + explicitly generate ctdb manpages, needed without "make dist"

-------------------------------------------------------------------
Mon Apr 10 13:52:40 UTC 2017 - ddiss@suse.com

- Update to 4.6.2
  + remove bso#12721 patches now upstream

-------------------------------------------------------------------
Fri Apr  7 12:59:26 UTC 2017 - ddiss@suse.com

- Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622).
  + x86-64 and aarch64

-------------------------------------------------------------------
Mon Apr  3 14:01:25 UTC 2017 - ddiss@suse.com

- Enable librados CTDB lock helper for samba-ceph package; (fate#321622).

-------------------------------------------------------------------
Thu Mar 30 17:18:54 UTC 2017 - dmulder@suse.com

- Build and install the html man pages (bsc#1021907).

-------------------------------------------------------------------
Thu Mar 30 12:33:39 UTC 2017 - nopower@suse.com

- Fix CVE-2017-2619 regression with "follow symlinks = no";
  (bso#12721).

-------------------------------------------------------------------
Wed Mar 22 13:15:12 UTC 2017 - jmcdonough@suse.com

- Update to 4.6.1
  + symlink race permits opening files outside share directory;
    CVE-2017-2619; (bso#12496); (bsc#1027147)
  + testparm checks for valid idmap parameters
  + add new krb client encryption types
  + support for printer driver upload from windows 10
  + inherit owner = 'unix only' for improved quota support
  + improved CTDB event support
  + new primary group support for idmap_ad
  + idmap_hash deprecated
  + mvxattr added to recursively rename extended attributes

-------------------------------------------------------------------
Wed Mar 15 11:50:50 UTC 2017 - aaptel@suse.com

- Remove chkconfig requirements for systemd systems

-------------------------------------------------------------------
Mon Mar 13 15:14:58 UTC 2017 - kukuk@suse.com

 - Don't call insserv if systemd is used

-------------------------------------------------------------------
Fri Feb 10 23:00:14 CET 2017 - kukuk@suse.de

- Fix check if we need to require insserv

-------------------------------------------------------------------
Thu Feb  9 15:23:21 UTC 2017 - nopower@suse.com

- async_req: make async_connect_send() "reentrant";
  (bso#12105); (bsc#1024416).

-------------------------------------------------------------------
Mon Feb  6 18:35:29 UTC 2017 - aaptel@suse.com

- Force usage of ncurses6-config thru NCURSES_CONFIG env var;
   (bsc#1023847).

-------------------------------------------------------------------
Thu Jan 26 21:23:06 UTC 2017 - dmulder@suse.com

- add missing patch for libnss_wins segfault; (bsc#995730).

-------------------------------------------------------------------
Wed Jan 25 17:20:31 UTC 2017 - ddiss@suse.com

- Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933).

-------------------------------------------------------------------
Mon Jan 23 21:44:03 UTC 2017 - dmulder@suse.com

- Document "winbind: ignore domains" parameter; (bsc#1019416).

-------------------------------------------------------------------
Thu Jan 19 19:19:07 UTC 2017 - ddiss@suse.com

- Add base Samba dependency to samba-ceph package.

-------------------------------------------------------------------
Mon Dec 19 19:11:20 UTC 2016 - jmcdonough@suse.com

- Update to 4.5.3
  + Heap-based Buffer Overflow Remote Code Execution Vulnerability;
    CVE-2016-2123; (bso#12409); (bsc#1014437).
  + Don't send delegated credentials to all servers; CVE-2016-2125;
  (bso#12445); (bsc#1014441).
  + denial of service due to a client triggered crash in the winbindd
    parent process; CVE-2016-2126; (bso#12446); (bsc#1014442).
- 4.5.1 and 4.5.2 updates
  + various streams vfs fixes
  + various printing fixes
  + ntlm_auth: do not map explicitly empty domain
  + various stability fixes in smbd
  + match file compression ReFS behavior

-------------------------------------------------------------------
Fri Dec  2 13:15:50 UTC 2016 - nopower@suse.com

-  Add missing ldb module directory; (bnc#1012092).

-------------------------------------------------------------------
Thu Nov 17 08:33:07 UTC 2016 - nopower@suse.com

- s3/client: obey 'disable netbios' smb.conf param, don't
 connect via NBT port; (bsc#1009085); (bso#12418).

-------------------------------------------------------------------
Mon Sep 26 17:55:13 UTC 2016 - nopower@suse.com

- Include vfstest in samba-test; (bsc#1001203).

-------------------------------------------------------------------
Wed Sep 21 08:55:37 UTC 2016 - nopower@suse.com

- s3/winbindd: using default domain with user@domain.com format
  fails; (bsc#997833).

-------------------------------------------------------------------
Tue Sep 20 18:25:21 UTC 2016 - jmcdonough@suse.com

- Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730).

-------------------------------------------------------------------
Wed Sep 14 09:03:18 UTC 2016 - jmcdonough@suse.com

- Update to 4.5.0
  + NTLM1 Authentication disabled by default
  + SMB2.1 leases enabled by default
  + Support for OFD locks
  + ctdb tool rewritten
  + Added shadow copy snapshot prefix parameter

-------------------------------------------------------------------
Tue Aug 30 09:47:01 UTC 2016 - nopower@suse.com

- Fix illegal memory access after memory has been deleted;
  (bso#11836); (bsc#975299).

-------------------------------------------------------------------
Mon Aug 29 10:25:40 UTC 2016 - nopower@suse.com

- Prevent core, make sure response->extra_data.data is always
  cleared out; (bsc#993692).

-------------------------------------------------------------------
Mon Aug 15 14:54:14 UTC 2016 - ddiss@suse.com

- Don't package man pages for VFS modules that aren't built;
  (boo#993707).

-------------------------------------------------------------------
Sat Aug 13 14:41:26 UTC 2016 - jmcdonough@suse.com

- Fix population of ctdb sysconfig after source merge; (bsc#981566).

-------------------------------------------------------------------
Fri Aug 12 16:22:33 UTC 2016 - ddiss@suse.com

- Enable vfs_ceph builds for Factory (x86-64)
  + Package as samba-ceph to avoid Ceph dependency in base package.

-------------------------------------------------------------------
Thu Jul  7 15:20:14 UTC 2016 - jmcdonough@suse.com

- Update to 4.4.5
  +  Prevent client-side SMB2 signing downgrade; CVE-2016-2119;
    (bso#11860); (bsc#986869).

-------------------------------------------------------------------
Wed Jun 22 10:49:02 UTC 2016 - jmcdonough@suse.com

- Remove obsolete syslog.target; (bsc#983938).

-------------------------------------------------------------------
Tue Jun 14 17:49:59 UTC 2016 - jmcdonough@suse.com

- Honor smb.conf socket options in winbind; (bsc#975131).

-------------------------------------------------------------------
Thu Jun  9 17:12:14 UTC 2016 - jmcdonough@suse.com

- Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522).

-------------------------------------------------------------------
Thu Jun  9 12:46:18 UTC 2016 - jmcdonough@suse.com

- Update to 4.4.4
  + SMB3 multichannel: Add implementation of missing channel sequence
    number verification; (bso#11809).
  + smbd:close: Only remove kernel share modes if they had been
    taken at open; (bso#11919).
  + notifyd: Prevent NULL deref segfault in notifyd_peer_destructor;
    (bso#11930).
  + s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796).
  + Fix case sensitivity issues over SMB2 or above; (bso#11438).
  + s3:smbd: Fix anonymous authentication if signing is mandatory.
    (bso#11910)
  + Fix NTLM Authentication issue with squid; (bso#11914).
  + pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530).
  + Fix memory leak in share mode locking; (bso#11934).

-------------------------------------------------------------------
Thu May 19 10:06:40 UTC 2016 - jmcdonough@suse.com

- Update to 4.4.3
   + Various post-badlock regressions; (bso#11841); (bso#11850);
     (bso#11858); (bso#11870); (bso#11872).
   + Only allow idmap_hash for default idmap config (bso#11786).
   + smbd: Avoid large reads beyond EOF; (bso#11878).
   + vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls"
     is set; (bso#11806).
   + libads: Record session expiry for spnego sasl binds; (bso#11852).

-------------------------------------------------------------------
Tue May  3 13:03:47 UTC 2016 - jmcdonough@suse.com

- Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849);
  (bsc#975962); (bsc#979268), (bsc#977669).

-------------------------------------------------------------------
Thu Apr 28 22:48:17 UTC 2016 - jmcdonough@suse.com

- Revert shared library packaging to comply with SLPP

-------------------------------------------------------------------
Sat Apr  9 21:36:02 UTC 2016 - jmcdonough@suse.com

- Update to 4.4.2
  + A man-in-the-middle can downgrade NTLMSSP authentication;
    CVE-2016-2110; (bso#11688); (bsc#973031).
  + Domain controller netlogon member computer can be spoofed;
    CVE-2016-2111; (bso#11749); (bsc#973032).
  + LDAP conenctions vulnerable to downgrade and  MITM attack;
    CVE-2016-2112; (bso#11644); (bsc#973033).
  + TLS certificate validation missing; CVE-2016-2113; (bso#11752);
    (bsc#973034).
  + Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115;
    (bso#11756); (bsc#973036).
  + "Badlock" DCERPC impersonation of authenticated account possible;
    CVE-2016-2118; (bso#11804); (bsc#971965).
  + DCERPC server and client vulnerable to DOS and MITM attacks;
    CVE-2015-5370; (bso#11344); (bsc#936862).

-------------------------------------------------------------------
Fri Apr  8 10:23:22 UTC 2016 - nopower@suse.com

- Fix samba.tests.messaging test and prevent potential tdb corruption
  by removing obsolete now invalid tdb_close call; (bsc#974629).

-------------------------------------------------------------------
Tue Mar 22 17:36:01 UTC 2016 - lmuelle@suse.com

- Obsolete libsmbclient from libsmbclient0 while not providing it;
  (bsc#972197).

-------------------------------------------------------------------
Tue Mar 22 14:00:05 UTC 2016 - lmuelle@suse.com

- Update to 4.4.0.
  + Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686);
    CVE-2016-0771.
  + Getting and setting Windows ACLs on symlinks can change permissions on link
    target; (bso#11648); CVE-2015-7560.
  + Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543.
  + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem
    with no ACL support; (bso#10489).
  + docs: Add example for domain logins to smbspool man page; (bso#11643).
  + smbd: Show correct disk size for different quota and dfree block sizes;
    (bso#11681).
  + docs: Add smbspool_krb5_wrapper manpage; (bso#11690).
  + winbindd: Return trust parameters when listing trusts; (bso#11691).
  + ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696).
  + Crypto.Cipher.ARC4 is not available on some platforms, fallback to
    M2Crypto.RC4.RC4 then; (bso#11699).
  + s3:utils/smbget: Set default blocksize; (bso#11700).
  + Streamline 'smbget' options with the rest of the Samba utils; (bso#11700).
  + s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702).
  + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703).
  + loadparm: Fix memory leak issue; (bso#11708).
  + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
  + s3:vfs:glusterfs: Fix build after quota changes; (bso#11715).
  + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719).
  + lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723).
  + smbd: Fix CID 1351215 Improper use of negative value; (bso#11724).
  + smbd: Fix CID 1351216 Dereference null return value; (bso#11725).
  + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new
    file; (bso#11727).
  + docs: Add manpage for cifsdd; (bso#11730).
  + param: Fix str_list_v3 to accept ; again; (bso#11732).
  + lib/socket: Fix improper use of default interface speed; (bso#11734).
  + lib:socket: Fix CID 1350009: Fix illegal memory accesses
    (BUFFER_SIZE_WARNING); (bso#11735).
  + libcli: Fix debug message, print sid string for new_ace trustee;
    (bso#11738).
  + Fix installation path of Samba helper binaries; (bso#11739).
  + Fix memory leak in loadparm; (bso#11740).
  + tevent: version 0.9.28: Fix memory leak when old signal action restored;
    (bso#11742).
  + smbd: Ignore SVHDX create context; (bso#11753).
  + Fix net join; (bso#11755).
  + s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add;
    (bso#11755).
  + passdb: Add linefeed to debug message; (bso#11763).
  + s3:utils/smbget: Fix option parsing; (bso#11767).
  + libnet: Make Kerberos domain join site-aware; (bso#11769).
  + Reset TCP Connections during IP failover; (bso#11770).
  + ldb: Version 1.1.26; (bso#11772).
  + s3:smbd: Add negprot remote arch detection for OSX; (bso#11773).
  + vfs_glusterfs: Fix use after free in AIO callback; (bso#11774).
  + mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780).
  + "trustdom_list_done: Got invalid trustdom response" message should be
    avoided; (bso#11782).
  + Mismatch between local and remote attribute ids lets replication fail with
    custom schema; (bso#11783).
  + Quota is not supported on Solaris 10; (bso#11788).
  + Talloc: Version 2.1.6; (bso#11789).
  + smbd: Enable multi-channel if 'server multi channel support = yes' in the
    config; (bso#11796).
  + build: Fix build when '--without-quota' specified; (bso#11798).
  + lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802).
  + Access based share enum: handle permission set in configuration files;
    (bso#8093).
  + See also WHATSNEW.txt from the samba-doc package.

-------------------------------------------------------------------
Sun Mar  6 16:23:02 UTC 2016 - jmcdonough@suse.com

- Update to 4.3.6.
  + Getting and setting Windows ACLs on symlinks can change permissions on link
    target; CVE-2015-7560; (bso#11648); (bsc#968222).
  + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771;
    (bso#11128); (bso#11686); (bsc#968223).

-------------------------------------------------------------------
Thu Mar  3 11:37:35 UTC 2016 - nopower@suse.com

- Upgrade on-disk FSRVP server state to new version; (bsc#924519).

-------------------------------------------------------------------
Tue Mar  1 18:03:17 UTC 2016 - lmuelle@suse.com

- Only obsolete but do not provide gplv2/3 package names; (bsc#968973).

-------------------------------------------------------------------
Tue Mar  1 17:28:09 UTC 2016 - lmuelle@suse.com

- Relocate existing lock files to /var/lib/samba/lock; (bsc#968963).

-------------------------------------------------------------------
Thu Feb 25 10:16:06 UTC 2016 - lmuelle@suse.com

- Obsolete no longer existing samba-32bit package; (bsc#967625).

-------------------------------------------------------------------
Tue Feb 23 09:47:53 UTC 2016 - lmuelle@suse.com

- Update to 4.3.5.
  + s3:utils/smbget: Fix recursive download; (bso#6482).
  + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi
    with no ACL support; (bso#10489).
  + s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks;
    (bso#11400).
  + vfs_shadow_copy2: Fix case where snapshots are outside the share;
    (bso#11580).
  + smbclient: Query disk usage relative to current directory; (bso#11662).
  + winbindd: Handle expired sessions correctly; (bso#11670).
  + smbd: Show correct disk size for different quota and dfree block sizes;
    (bso#11681).
  + smbcacls: Fix uninitialized variable; (bso#11682).
  + s3:smbd: Ignore initial allocation size for directory creation;
    (bso#11684).
  + s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).
  + s3-parm: Clean up defaults when removing global parameters; (bso#11693).
  + Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699).
  + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703).
  + ctdb: Remove error messages after kernel security update; CVE-2015-8543;
    (bso#11705).
  + loadparm: Fix memory leak issue; (bso#11708).
  + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
  + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ...";
    (bso#11719).
  + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new
    file; (bso#11727).
  + param: Fix str_list_v3 to accept ";" again; (bso#11732).

-------------------------------------------------------------------
Mon Feb 22 16:16:32 UTC 2016 - lmuelle@suse.com

- Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361).

-------------------------------------------------------------------
Wed Feb 17 17:44:10 UTC 2016 - lmuelle@suse.com

- Simplify shared library packaging; (bsc#966956).

-------------------------------------------------------------------
Sun Feb 14 18:41:34 UTC 2016 - lmuelle@suse.com

- Enable clustering (CTDB) support; (bsc#966271).

-------------------------------------------------------------------
Fri Feb 12 17:41:03 UTC 2016 - lmuelle@suse.com

- s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703);
  (bsc#964023).

-------------------------------------------------------------------
Fri Jan 15 21:58:31 UTC 2016 - lmuelle@suse.com

- Add quotes around path of update-apparmor-samba-profile; (bnc#962177).

-------------------------------------------------------------------
Wed Jan 13 21:25:05 UTC 2016 - lmuelle@suse.com

- Remove autoconf build-time requirement.

-------------------------------------------------------------------
Wed Jan 13 10:23:56 UTC 2016 - lmuelle@suse.com

- Update to 4.3.4.
  + vfs_fruit: Enable POSIX directory rename semantics; (bso#11065).
  + Crash: Bad talloc magic value - access after free; (bso#11394).
  + Copying files with vfs_fruit fails when using vfs_streams_xattr without
    stream prefix and type suffix; (bso#11466).
  + samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given;
    (bso#11613).
  + Fix a typo in the smb.conf manpage, explanation of idmap config;
    (bso#11619).
  + Correctly initialize the list head when keeping a list of primary followed
    by DFS connections; (bso#11624).
  + Reduce the memory footprint of empty string options; (bso#11625).
  + lib/async_req: Do not install async_connect_send_test; (bso#11639).
  + Fix typos in man vfs_gpfs; (bso#11641).
  + Make "hide dot files" option work with "store dos attributes = yes";
    (bso#11645).
  + Fix a corner case of the symlink verification; (bso#11647);  (bnc#960249).
  + Do not disable "store dos attributes" on-the-fly; (bso#11649).
  + Update lastLogon and lastLogonTimestamp; (bso#11659).

-------------------------------------------------------------------
Mon Jan 11 19:16:46 UTC 2016 - lmuelle@suse.com

- Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249).

-------------------------------------------------------------------
Fri Dec 11 16:49:16 UTC 2015 - lmuelle@suse.com

- Update to 4.3.3.
  + Malicious request can cause Samba LDAP server to hang, spinning using CPU;
    CVE-2015-3223; (bso#11325); (bnc#958581).
  + Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599);
    (bnc#958586).
  + Insufficient symlink verification (file access outside the share);
    CVE-2015-5252; (bso#11395); (bnc#958582).
  + No man in the middle protection when forcing smb encryption on the client
    side; CVE-2015-5296; (bso#11536); (bnc#958584).
  + Currently the snapshot browsing is not secure thru windows previous version
    (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583).
  + Fix Microsoft MS15-096 to prevent machine accounts from being changed into
    user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).

-------------------------------------------------------------------
Tue Dec  1 16:48:13 UTC 2015 - lmuelle@suse.com

- Update to 4.3.2.
  + vfs_gpfs: Re-enable share modes; (bso#11243).
  + dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327).
  + s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute
    type of zero; (bso#11452).
  + Add libreplace dependency to texpect, fixes a linking error on Solaris;
    (bso#11511).
  + s4: Fix linking of 'smbtorture' on Solaris; (bso#11512).
  + s4:lib/messaging: Use correct path for names.tdb; (bso#11562).
  + Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins;
    (bso#11563).
  + async_req: Fix non-blocking connect(); (bso#11564).
  + auth: gensec: Fix a memory leak; (bso#11565).
  + lib: util: Make non-critical message a warning; (bso#11566).
  + Fix winbindd crashes with samlogon for trusted domain user; (bso#11569);
    (bnc#949022).
  + smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).
  + ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577).
  + s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer;
    (bso#11581).
  + s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581).
  + manpage: Correct small typo error; (bso#11584).
  + s3: smbd: If EAs are turned off on a share don't allow an SMB2 create
    containing them; (bso#11589).
  + Backport some valgrind fixes from upstream master; (bso#11597).
  + auth: Consistent handling of well-known alias as primary gid; (bso#11608).
  + winbind: Fix crash on invalid idmap configs; (bso#11612).
  + s3: smbd: have_file_open_below() fails to enumerate open files below an
    open directory handle; (bso#11615).
  + Changing log level of two entries to DBG_NOTICE; (bso#9912).

-------------------------------------------------------------------
Mon Nov 16 16:27:49 UTC 2015 - nopower@suse.com

- Ensure samlogon fallback requests are rerouted after kerberos failure;
  (bnc#953382); (bnc#953972).

-------------------------------------------------------------------
Sat Nov 14 18:31:04 UTC 2015 - lmuelle@suse.com

- Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0.
- Always use the default optimization even on pre-9.2 systems.

-------------------------------------------------------------------
Sat Nov 14 18:10:01 UTC 2015 - lmuelle@suse.com

- Remove redundant configure options while adding with-relro.

-------------------------------------------------------------------
Sat Nov 14 17:44:24 UTC 2015 - lmuelle@suse.com

- Relocate the lockdir to the /var/lib/samba/lock directory.

-------------------------------------------------------------------
Sat Nov 14 16:59:09 UTC 2015 - lmuelle@suse.com

- Cleanup and enhance the pidl sub package.

-------------------------------------------------------------------
Thu Oct 22 22:09:19 UTC 2015 - lmuelle@suse.com

- Require renamed python-ldb-devel and python-talloc-devel at build-time.
- Requires python-ldb and python-talloc from the python subpackage.

-------------------------------------------------------------------
Wed Oct 21 10:51:58 UTC 2015 - lmuelle@suse.com

- Update to 4.3.1.
  + s3: smbd: Fix our access-based enumeration on "hide unreadable" to match
    Windows; (bso#10252).
  + nss_winbind: Fix hang on Solaris on big groups; (bso#10365).
  + smbd: Fix file name buflen and padding in notify repsonse; (bso#10634).
  + kerberos: Make sure we only use prompter type when available;
    winbind: Fix 100% loop; (bso#11038).
  + source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053).
  + s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket;
    (bso#11316).
  + s3: smbd: Fix mkdir race condition; (bso#11486).
  + pam_winbind: Fix a segfault if initialization fails; (bso#11502).
  + s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509).
  + s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related
    subdirs; (bso#11515).
  + s3: smbd: Fix opening/creating :stream files on the root share directory;
    (bso#11522).
  + lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526).
  + net: Fix a crash with 'net ads keytab create'; (bso#11528).
  + s3: smbd: Fix a crash in unix_convert(); (bso#11535).
  + s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix
    (bso#11522); (bso#11535).
  + vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543).
  + vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547).
  + s3:locking: Initialize lease pointer in share_mode_traverse_fn();
    (bso#11549).
  + s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550).
  + s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555).
  + s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names
    is incorrect; (bso#11555).

-------------------------------------------------------------------
Fri Oct 16 11:39:35 UTC 2015 - lmuelle@suse.com

- Fix 100% CPU in winbindd when logging in with "user must change password on
  next logon"; (bso#11038).

-------------------------------------------------------------------
Fri Sep 25 15:23:47 UTC 2015 - lmuelle@suse.com

- Relocate the tmpfiles.d directory to the client package; (bnc#947552).

-------------------------------------------------------------------
Tue Sep 22 13:13:02 UTC 2015 - lmuelle@suse.com

- Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf
  instead; (bnc#942716).

-------------------------------------------------------------------
Wed Sep 16 13:06:36 UTC 2015 - lmuelle@suse.com

- Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051).

-------------------------------------------------------------------
Fri Sep 11 15:53:45 UTC 2015 - lmuelle@suse.com

- Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502).

-------------------------------------------------------------------
Wed Sep  9 10:57:52 UTC 2015 - lmuelle@suse.com

- Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15
  systems; (bnc#945013).

-------------------------------------------------------------------
Tue Sep  8 16:40:50 UTC 2015 - lmuelle@suse.com

- Update to 4.3.0.
  + Samba "map to guest = Bad uid" doesn't work; (bso#9862).
  + revert LDAP extended rule 1.2.840.113556.1.4.1941
    LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493).
  + No objectClass found in replPropertyMetaData on ordinary objects
    (non-deleted); (bso#10973).
  + Stream names with colon don't work with fruit:encoding = native;
    (bso#11278).
  + NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291).
  + tevent_fd needs to be destroyed before closing the fd; (bso#11316).
  + "force group" with local group not working; (bso#11320).
  + strsep is not available on Solaris; (bso#11359).
  + smbtorture does not build when configured --with-system-mitkrb5;
    (bso#11411).
  + Build with GPFS support is broken; (bso#11421).
  + Build broken with --disable-python; (bso#11424).
  + net share allowedusers crashes; (bso#11426).
  + nmbd incorrectly matches netbios names as own name; (bso#11427).
  + Python bindings don't check integer types; (bso#11429).
  + Python bindings don't check array sizes; (bso#11430).
  + CTDB's eventscript error handling is broken; (bso#11431).
  + Fix crash in nested ctdb banning; (bso#11432).
  + Cannot build ctdbpmda; (bso#11434).
  + samba-tool uncaught exception error; (bso#11436).
  + Crash in notify_remove caused by change notify = no; (bso#11444).
  + Poor SMB3 encryption performance with AES-GCM; (bso#11451).
  + Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451).
  + fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455).
  + --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and
    install; (bso#11458).
  + xid2sid gives inconsistent results; (bso#11464).
  + ctdb: Fix the build on FreeBSD 10.1; (bso#11465).
  + Handling of 0 byte resource fork stream; (bso#11467).
  + AD samr GetGroupsForUser fails for users with "()" in their name;
    (bso#11488).

-------------------------------------------------------------------
Mon Aug 31 22:34:57 UTC 2015 - lmuelle@suse.com

- Configure with --bundled-libraries=NONE; (bso#11458).

-------------------------------------------------------------------
Fri Aug  7 12:21:57 UTC 2015 - lmuelle@suse.com

- Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284).

-------------------------------------------------------------------
Fri Jul 17 14:11:21 UTC 2015 - lmuelle@suse.com

- Remove libiniparser-devel build-time requirement.

-------------------------------------------------------------------
Tue Jul 14 11:33:07 UTC 2015 - lmuelle@suse.com

- Update to 4.2.3.
  + s4:lib/tls: Fix build with gnutls 3.4; (bso#8780).
  + s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924).
  + winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991).
  + Logon via MS Remote Desktop hangs; (bso#11061).
  + s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068).
  + tevent: Add a note to tevent_add_fd(); (bso#11141).
  + s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170).
  + s3-unix_msg: Remove socket file after closing socket fd; (bso#11217).
  + smbd: Fix a use-after-free; (bso#11218); (bnc#919309).
  + s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces;
    (bso#11245).
  + s3:smb2: Add padding to last command in compound requests; (bso#11277).
  + Add IPv6 support to ADS client side LDAP connects; (bso#11281).
  + Add IPv6 support for determining FQDN during ADS join; (bso#11282).
  + s3: IPv6 enabled DNS connections for ADS client; (bso#11283).
  + Fix invalid write in ctdb_lock_context_destructor; (bso#11293).
  + Excessive cli_resolve_path() usage can slow down transmission; (bso#11295).
  + vfs_fruit: Add option "veto_appledouble"; (bso#11305).
  + tstream: Make socketpair nonblocking; (bso#11312).
  + idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313).
  + Group creation: Add msSFU30Name only when --nis-domain was given;
    (bso#11315).
  + tevent_fd needs to be destroyed before closing the fd; (bso#11316).
  + Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’ undeclared";
    (bso#11319).
  + smbd/trans2: Add a useful diagnostic for files with bad encoding;
    (bso#11323).
  + Change sharesec output back to previous format; (bso#11324).
  + Robust mutex support broken in 1.3.5; (bso#11326).
  + Kerberos auth info3 should contain resource group ids available from
    pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info
    exists in PAC; (bso#11328); (bnc#912457).
  + s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329).
  + tevent: Fix CID 1035381 Unchecked return value; (bso#11330).
  + tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331).
  + s3: smbd: Use separate flag to track become_root()/unbecome_root() state;
    (bso#11339).
  + s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342).
  + pidl: Make the compilation of PIDL producing the same results if the
    content hasn't change; (bso#11356).
  + winbindd: Disconnect child process if request is cancelled at main
    process; (bso#11358).
  + vfs_fruit: Check offset and length for AFP_AfpInfo read requests;
    (bso#11363).
  + docs: Overhaul the description of "smb encrypt" to include SMB3
    encryption; (bso#11366).
  + s3:auth_domain: Fix talloc problem in connect_to_domain_password_server();
    (bso#11367).
  + ncacn_http: Fix GNUism; (bso#11371).

-------------------------------------------------------------------
Sun Jul  5 10:54:29 UTC 2015 - tchvatal@suse.com

- Disable rpath usage; (bnc#902421).

-------------------------------------------------------------------
Fri Jul  3 15:06:57 UTC 2015 - lmuelle@suse.com

- Make the winbind package depend on the matching libwbclient version and
  vice versa; (bnc#936909).

-------------------------------------------------------------------
Tue Jun 16 14:27:28 UTC 2015 - nopower@suse.com

- Backport changes to use resource group sids obtained from pac logon_info;
  (bso#11328); (bnc#912457).

-------------------------------------------------------------------
Sat Jun  6 03:41:17 UTC 2015 - crrodriguez@opensuse.org

- Order winbind.service Before and Want nss-user-lookup target.

-------------------------------------------------------------------
Fri Jun  5 16:12:47 UTC 2015 - lmuelle@suse.com

- Remove fam-devel build-time dependency for post-6 RHEL systems.

-------------------------------------------------------------------
Fri May 29 12:23:07 UTC 2015 - lmuelle@suse.com

- Update to 4.2.2.
  + s3:smbXsrv: refactor duplicate code into
    smbXsrv_session_clear_and_logoff(); (bso#11182).
  + gencache: don't fail gencache_stabilize if there were records to delete;
    (bso#11260).
  + s3: libsmbclient: After getting attribute server, ensure main srv pointer
    is still valid; (bso#11186).
  + s4: rpc: Refactor dcesrv_alter() function into setup and send steps;
    (bso#11236).
  + s3: smbd: Incorrect file size returned in the response of
    "FILE_SUPERSEDE Create"; (bso#11240).
  + Mangled names do not work with acl_xattr; (bso#11249).
  + nmbd rewrites browse.dat when not required; (bso#11254).
  + vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff;
    (bso#11213).
  + s3:smbd: Add missing tevent_req_nterror; (bso#11224).
  + vfs: kernel_flock and named streams; (bso#11243).
  + vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244).
  + s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses
    are used; (bso#11284).
  + ctdb: check for talloc_asprintf() failure; (bso#11201).
  + spoolss: purge the printer name cache on name change; (bso#11210);
    (bnc#901813).
  + CTDB statd-callout does not scale; (bso#11204).
  + vfs_fruit: also map characters below 0x20; (bso#11221).
  + ctdb: Coverity fix for CID 1291643; (bso#11201).
  + Multiplexed RPC connections are not handled by DCERPC server; (bso#11225).
  + Fix terminate connection behavior for asynchronous endpoint with PUSH
    notification flavors; (bso#11226).
  + ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007).
  + ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201).
  + SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the
    directory is deleted; (bso#11257).
  + s3:winbindd: make sure we remove pending io requests before closing client
    sockets; (bso#11141); (bnc#931854).
  + Fix panic triggered by smbd_smb2_request_notify_done() ->
    smbXsrv_session_find_channel() in smbd; (bso#11182).
  + 'sharesec' output no longer matches input format; (bso#11237).
  + waf: Fix systemd detection; (bso#11200).
  + CTDB: Fix portability issues; (bso#11202).
  + CTDB: Fix some IPv6-related issues; (bso#11203).
  + CTDB statd-callout does not scale; (bso#11204).
  + 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you
    enter invalid values; (bso#11234).
  + libads: record service ticket endtime for sealed ldap connections;
    (bso#11267).
  + lib/util: Include DEBUG macro in internal header files before samba_util.h;
    (bso#11033).

-------------------------------------------------------------------
Fri May 22 09:49:01 UTC 2015 - lmuelle@suse.com

- Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854).

-------------------------------------------------------------------
Wed May 13 16:10:00 UTC 2015 - lmuelle@suse.com

- Remove the independently built libraries ldb, talloc, tdn, and tevent and
  the post-10.3 renamed libsmbclient from baselibs.conf.

-------------------------------------------------------------------
Wed May  6 17:09:36 UTC 2015 - lmuelle@suse.com

- Drop redundant doc attribute from man pages.

-------------------------------------------------------------------
Thu Apr 16 11:32:55 UTC 2015 - lmuelle@suse.com

- Update to 4.2.1.
  + s3:winbind:grent: Don't stop group enumeration when a group has no gid;
    (bso#8905).
  + Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791).
  + s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with
    servers that don't send the 2 unused fields; (bso#10016).
  + build:wafadmin: Fix use of spaces instead of tabs; (bso#10476).
  + waf: Fix the build on openbsd; (bso#10476).
  + s3: client: "client use spnego principal = yes" code checks wrong name;
    (bso#10888).
  + spoolss: Retrieve published printer GUID if not in registry; (bso#11018).
  + s3: lib: libsmbclient: If reusing a server struct, check every cli->timout
    miliseconds if it's still valid before use; (bso#11079).
  + vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125).
  + backupkey: Explicitly link to gnutls and gcrypt; (bso#11135).
  + replace: Remove superfluous check for gcrypt header; (bso#11135).
  + Backport subunit changes; (bso#11137).
  + libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with
    implementation; (bso#11140).
  + s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143).
  + talloc: Version 2.1.2; (bso#11144).
  + Update libwbclient version to 0.12; (bso#11149).
  + brlock: Use 0 instead of empty initializer list; (bso#11153).
  + s4:auth/gensec_gssapi: Let gensec_gssapi_update() return
    NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164).
  + docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169);
    (bnc#913304).
  + s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev
    fails in the SMB1 case; (bso#11173).
  + backupkey: Use ndr_pull_struct_blob_all(); (bso#11174).
  + Fix lots of winbindd zombie processes on Solaris platform; (bso#11175).
  + s3: libsmbclient: Add missing talloc stackframe; (bso#11177).
  + s4-process_model: Do not close random fds while forking; (bso#11180).
  + s3-passdb: Fix 'force user' with winbind default domain; (bso#11185).

-------------------------------------------------------------------
Thu Apr 16 10:20:52 UTC 2015 - lmuelle@suse.com

- Prevent samba package updates from disabling samba kerberos printing.

-------------------------------------------------------------------
Thu Apr  9 12:02:25 UTC 2015 - noel.power@suse.com

- Add sparse file support for samba; (fate#318424).

-------------------------------------------------------------------
Tue Mar 31 23:21:12 UTC 2015 - ddiss@suse.com

- Purge printer name cache on spoolss SetPrinter change; (bso#11210);
  (bnc#901813).

-------------------------------------------------------------------
Fri Mar 20 13:21:43 UTC 2015 - ddiss@suse.com

- Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374).

-------------------------------------------------------------------
Wed Mar 18 17:57:50 UTC 2015 - lmuelle@suse.com

- Simplify libxslt build requirement and README.SUSE install.
- Remove no longer required cleanup steps while populating the build root.

-------------------------------------------------------------------
Tue Mar 17 15:21:58 UTC 2015 - ddiss@suse.com

- Remove deprecated base_rid example from idmap_rid manpage; (bso#11169);
  (bnc#913304).

-------------------------------------------------------------------
Thu Mar  5 10:35:21 UTC 2015 - lmuelle@suse.com

- Update to 4.2.0.
  + smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115).
  + pam_winbind: fix warn_pwd_expire implementation; (bso#9056).
  + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).
  + Make 'profiles' work again; (bso#9629).
  + s3:smb2_server: protect against integer wrap with
    "smb2 max credits = 65535"; (bso#9702).
  + Make validate_ldb of String(Generalized-Time) accept millisecond format
    ".000Z"; (bso#9810).
  + Use -R linker flag on Solaris, not -rpath; (bso#10112).
  + vfs: Add glusterfs manpage; (bso#10240).
  + Make 'smbclient' use cached creds; (bso#10279).
  + pdb: Fix build issues with shared modules; (bso#10355).
  + s4-dns: Add support for BIND 9.10; (bso#10620).
  + idmap: Return the correct id type to *id_to_sid methods; (bso#10720).
  + printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808).
  + Don't build vfs_snapper on FreeBSD; (bso#10834).
  + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835).
  + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837).
  + s3: smb2cli: query info return length check was reversed; (bso#10848).
  + s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849).
  + lib: uid_wrapper: Fix setgroups and syscall detection on a system without
    native uid_wrapper library; (bso#10851).
  + winbind3: Fix pwent variable substitution; (bso#10852).
  + Improve samba-regedit; (bso#10859).
  + registry: Don't leave dangling transactions; (bso#10860).
  + Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861).
  + build: Do not install 'texpect' binary anymore; (bso#10862).
  + Fix testparm to show hidden share defaults; (bso#10864).
  + libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1
    max=PROTOCOL_SMB2_02; (bso#10866).
  + Integrate CTDB into top-level Samba build; (bso#10892).
  + samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895).
  + s3-nmbd: Fix netbios name truncation; (bso#10896).
  + spoolss: Fix handling of bad EnumJobs levels; (bso#10898).
  + Fix smbclient loops doing a directory listing against Mac OS X 10 server
    with a non-wildcard path; (bso#10904).
  + Fix print job enumeration; (bso#10905); (bnc#898031).
  + samba-tool: Create NIS enabled users and unixHomeDirectory attribute;
    (bso#10909).
  + Add support for SMB2 leases; (bso#10911).
  + btrfs: Don't leak opened directory handle; (bso#10918).
  + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920).
  + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921).
  + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).
  + s3-keytab: fix keytab array NULL termination; (bso#10933).
  + s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940).
  + Cleanup add_string_to_array and usage; (bso#10942).
  + dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942).
  + Fix RootDSE search with extended dn control; (bso#10949).
  + Fix 'samba-tool dns serverinfo <server>' for IPv6; (bso#10952).
  + libcli/smb: only force signing of smb2 session setups when binding a new
    session; (bso#10958).
  + s3-smbclient: Return success if we listed the shares; (bso#10960).
  + s3-smbstatus: Fix exit code of profile output; (bso#10961).
  + socket_wrapper: Add missing prototype check for eventfd; (bso#10965).
  + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows
    client does; (bso#10966).
  + vfs_streams_xattr: Check stream type; (bso#10971).
  + s3: smbd: Fix *allocate* calls to follow POSIX error return convention;
    (bso#10982).
  + vfs_fruit: Add support for AAPL; (bso#10983).
  + Fix spoolss IDL response marshalling when returning error without clearing
    info; (bso#10984).
  + dsdb-samldb: Check for extended access rights before we allow changes to
    userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).
  + Fix IPv6 support in CTDB; (bso#10996).
  + ctdb-daemon: Use correct tdb flags when enabling robust mutex support;
    (bso#11000).
  + vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005).
  + s3-util: Fix authentication with long hostnames; (bso#11008).
  + ctdb-build: Fix build without xsltproc; (bso#11014).
  + packaging: Include CTDB man pages in the tarball; (bso#11014).
  + pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords;
    (bso#11016).
  + Make Sharepoint search show user documents; (bso#11022).
  + nss_wrapper: check for nss.h; (bso#11026).
  + Enable mutexes in gencache_notrans.tdb; (bso#11032).
  + tdb_wrap: Make mutexes easier to use; (bso#11032).
  + lib/util: Avoid collision which alread defined consumer DEBUG macro;
    (bso#11033).
  + winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034).
  + s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037).
  + vfs_fruit: Fix base_fsp name conversion; (bso#11039).
  + vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040).
  + Fix authentication using Kerberos (not AD); (bso#11044).
  + net: Fix sam addgroupmem; (bso#11051).
  + vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055);
    (bnc#913238).
  + cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058).
  + utils: Fix 'net time' segfault; (bso#11058).
  + libsmb: Provide authinfo domain for encrypted session referrals;
    (bso#11059).
  + s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066).
  + vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069).
  + vfs/glusterfs: Change xattr key to match gluster key; (bso#11069).
  + vfs_glusterfs: Implement AIO support; (bso#11069).
  + s3-vfs: Fix developer build of vfs_ceph module; (bso#11070).
  + s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer;
    (bso#11077); CVE-2015-0240; (bnc#917376).
  + vfs: Add a brief vfs_ceph manpage; (bso#11088).
  + s3: smbclient: Allinfo leaves the file handle open; (bso#11094).
  + Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain;
    (bso#11097).
  + debug: Set close-on-exec for the main log file FD; (bso#11100).
  + s3: smbd: leases - losen paranoia check. Stat opens can grant leases;
    (bso#11102).
  + s3: smbd: SMB2 close. If a file has delete on close, store the return info
    before deleting; (bso#11104).
  + doc:man:vfs_glusterfs: improve the configuration section; (bso#11117).
  + snprintf: Try to support %j; (bso#11119).
  + ctdb-io: Do not use sys_write to write to client sockets; (bso#11124).
  + doc-xml: Add 'sharesec' reference to 'access based share enum';
    (bso#11127).

-------------------------------------------------------------------
Sun Mar  1 13:32:41 UTC 2015 - lmuelle@suse.com

- Update to 4.2.0rc5.
  + Ensure we don't call talloc_free on an uninitialized pointer;
    CVE-2015-0240; (bso#11077); (bnc#917376).

-------------------------------------------------------------------
Tue Feb 24 16:52:36 UTC 2015 - nopower@suse.com

- Fix usage of freed memory on server exit; (bso#11218); (bnc#919309).

-------------------------------------------------------------------
Tue Feb 24 16:23:16 UTC 2015 - ddiss@suse.com

- Fix tdb_store_flag_to_ntdb() gcc5 build failure.

-------------------------------------------------------------------
Thu Jan 22 14:03:52 UTC 2015 - ddiss@suse.com

- Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238).

-------------------------------------------------------------------
Thu Jan 22 12:40:18 UTC 2015 - lmuelle@suse.com

- Update to 4.1.16.
  + dsdb-samldb: Check for extended access rights before we allow changes to
    userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).

-------------------------------------------------------------------
Tue Jan 20 11:33:34 UTC 2015 - lmuelle@suse.com

- Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.

-------------------------------------------------------------------
Mon Jan 19 17:15:19 UTC 2015 - ddiss@suse.com

- Fix libsmbclient DFS referral handling.
  + Reuse connections derived from DFS referrals; (bso#10123); (fate#316512).
  + Set domain/workgroup based on authentication callback value; (bso#11059).

-------------------------------------------------------------------
Mon Jan 19 12:33:21 UTC 2015 - lmuelle@suse.com

- Update to 4.2.0rc4.
- Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and
  libhttp to the libs package; (boo#913547).
- Rename libpdb packages to libsamba-passdb.
- Drop libsmbsharemodes packages.

-------------------------------------------------------------------
Tue Jan 13 13:28:31 UTC 2015 - mpluskal@suse.com

- Enable avahi support on post-12.2 systems.

-------------------------------------------------------------------
Tue Jan 13 13:01:11 UTC 2015 - lmuelle@suse.com

- Update to 4.1.15.
  + pam_winbind: Fix warn_pwd_expire implementation; (bso#9056).
  + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).
  + Fix profiles tool; (bso#9629).
  + s3-lib: Do not require a password with --use-ccache; (bso#10279).
  + s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control;
    (bso#10949).
  + s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952).
  + s3:smb2_server: Allow reauthentication without signing; (bso#10958).
  + s3-smbclient: Return success if we listed the shares; (bso#10960).
  + s3-smbstatus: Fix exit code of profile output; (bso#10961).
  + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows
    client does; (bso#10966).
  + s3: smbd/modules: Fix *allocate* calls to follow POSIX error return
    convention; (bso#10982).
  + Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute
    'supported_extensions'; (bso#11006).
  + idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo;
    (bso#11006).
  + winbind: Retry LogonControl RPC in ping-dc after session expiration;
    (bso#11034).

-------------------------------------------------------------------
Tue Jan  6 10:33:44 CET 2015 - nopower@suse.de

- yast2-samba-client should be able to specify osName and osVer on
  AD domain join; (bnc#873922).

-------------------------------------------------------------------
Mon Dec  8 12:01:35 UTC 2014 - ddiss@suse.com

- Lookup FSRVP share snums at runtime rather than storing them persistently;
  (bnc#908627).

-------------------------------------------------------------------
Fri Dec  5 13:12:47 UTC 2014 - ddiss@suse.com

- Specify soft dependency for network-online.target in Winbind systemd service
  file; (bnc#889175).

-------------------------------------------------------------------
Thu Dec  4 19:08:11 UTC 2014 - ddiss@suse.com

- Fix spoolss error response marshalling; (bso#10984).

-------------------------------------------------------------------
Tue Dec  2 10:19:26 UTC 2014 - lmuelle@suse.de

- Update to 4.1.14.
  + pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/
    Tools/perl.py back to upstream state; (bso#10472).
  + s4-dns: Add support for BIND 9.10; (bso#10620).
  + nmbd fails to accept "--piddir" option; (bso#10711).
  + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835).
  + S3: source3/smbd/process.c::srv_send_smb() returns true on the error path;
    (bso#10880).
  + vfs_glusterfs: Remove "integer fd" code and store the glfs pointers;
    (bso#10889).
  + s3-nmbd: Fix netbios name truncation; (bso#10896).
  + spoolss: Fix handling of bad EnumJobs levels; (bso#10898).
  + s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set
    STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904).
  + spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905).
  + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920).
  + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921).
  + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).
  + s3-keytab: Fix keytab array NULL termination; (bso#10933).
  + Cleanup add_string_to_array and usage; (bso#10942).

-------------------------------------------------------------------
Fri Nov 28 15:57:23 CET 2014 - nopower@suse.de

- Remove and cleanup shares and registry state associated with
  externally deleted snaphots exposed as shadow copies; (bnc#876312).

-------------------------------------------------------------------
Thu Nov  6 13:41:46 UTC 2014 - lmuelle@suse.com

- Use the upstream tar ball, as signature verification is now able to handle
  compressed archives.

-------------------------------------------------------------------
Wed Nov  5 13:02:57 CET 2014 - nopower@suse.de

- Fix leak when closing file descriptor returned from dirfd; (bso#10918).

-------------------------------------------------------------------
Thu Oct 30 10:29:04 UTC 2014 - ddiss@suse.com

- Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031).
  + Fix handling of bad EnumJobs levels; (bso#10898).

-------------------------------------------------------------------
Tue Oct 28 16:13:45 UTC 2014 - lmuelle@suse.com

- Remove dependency on gpg-offline as signature checking is implemented in the
  source validator.

-------------------------------------------------------------------
Sat Oct 25 13:47:41 UTC 2014 - lmuelle@suse.com

- Update to 4.1.13.
  + s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984).
  + s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984).
  + s3-libads: Add all machine account principals to the keytab; (bso#9985).
  + s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to
    be NULL. Ensure this is safe with modern AD-DCs; (bso#10717).
  + Fix unstrcpy; (bso#10735).
  + pthreadpool: Slightly serialize jobs; (bso#10779).
  + s3: smbd: streams - Ensure share mode validation ignores internal opens
    (op_mid == 0); (bso#10797).
  + s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809).
  + vfs_media_harmony: Fix a crash bug; (bso#10813).
  + docs: Mention incompatibility between kernel oplocks and streams_xattr;
    (bso#10814).
  + nmbd: Send waiting status to systemd; (bso#10816).
  + libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL;
    (bso#10817).
  + nsswitch: Skip groups we were not able to map; (bso#10824).
  + s3-winbindd: Use correct realm for trusted domains in idmap child;
    (bso#10826).
  + s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830).
  + s3: lib: Signal handling - ensure smbrun and change password code save and
    restore existing SIGCHLD handlers; (bso#10831).
  + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837).
  + s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call;
    (bso#10838).
  + s3: smb2cli: Query info return length check was reversed; (bso#10848).
  + registry: Don't leave dangling transactions; (bso#10860).

-------------------------------------------------------------------
Wed Oct 15 10:11:49 UTC 2014 - lmuelle@suse.com

- Update to 4.2.0rc2.

-------------------------------------------------------------------
Wed Oct  8 18:22:21 UTC 2014 - ddiss@suse.com

- Rebase File Server Remote VSS Protocol (FSRVP) server against 4.2.0rc1;
  (fate#313346).

-------------------------------------------------------------------
Wed Oct  8 10:13:03 CEST 2014 - nopower@suse.de

- Backport upstream master fixes for samba-regedit; (bnc#896536).

-------------------------------------------------------------------
Tue Oct  7 12:50:21 UTC 2014 - lmuelle@suse.com

- BuildRequire python-xml on SUSE systems only.

-------------------------------------------------------------------
Sun Oct  5 19:25:20 UTC 2014 - lmuelle@suse.com

- BuildRequire python-xml.
- Exclude unwanted texpect binary and libhttp, libsamba-cluster-support,
  libsamba-debug, and libsocket-blocking shared libs.
- Add vfs_fruit and vfs_worm man pages and ndr_dcerpc, smb2_lease_struct,
  tstream_smbXcli_np, idtree, and idtree_random header files.
- Remove nmblookup and smbclient4 binary and nmblookup4 man page.

-------------------------------------------------------------------
Thu Oct  2 21:14:56 UTC 2014 - lmuelle@suse.com

- Update to 4.2.0rc1.

-------------------------------------------------------------------
Thu Oct  2 16:49:23 UTC 2014 - ddiss@suse.com

- Fix small memory-leak in the background print process; (bnc#899558).

-------------------------------------------------------------------
Fri Sep 26 15:41:38 CEST 2014 - nopower@suse.de

- Modify samba-regedit so it displays correctly (related to ncurses).
  Changed code to use menu sub windows, seems to fix problems with display not
  refreshing; explicitly BuildRequire ncurses-devel; (bnc#896536).

-------------------------------------------------------------------
Thu Sep 25 12:44:48 UTC 2014 - lmuelle@suse.com

- Exclude unwanted libdnsserver_common and libdfs_server_ad shared libs and
  the man page of the unused findsmb script.

-------------------------------------------------------------------
Tue Sep 23 16:55:55 UTC 2014 - ddiss@suse.com

- Skip groups that aren't mapped by idmap_ad; (bso#10824); (bnc#897969).

-------------------------------------------------------------------
Tue Sep 23 12:02:16 UTC 2014 - lmuelle@suse.com

- Update to 4.1.12.
  + s3: winbindd: On new client connect, prune idle or hung connections older
    than "winbind request timeout". Add new parameter "winbind request
    timeout". Please see smb.conf man page for details; (bso#3204);
    (bnc#872912).
  + Fix smbd crashes when filename contains non-ascii character; (bso#10716).
  + s4-rpc: dnsserver: Handle updates of tombstoned dnsNode objects;
    (bso#10749).

  + passdb: Fix NT_STATUS_NO_SUCH_GROUP; (bso#9570).
  + s4:setup/dns_update_list: make use of the new substitution variables;
    (bso#9831).
  + build: Fix configure to honour '--without-dmapi'; (bso#10369).
  + provision: Correctly provision the SOA record minimum TTL; (bso#10466).
  + s3: Enforce a positive allocation_file_size for non-empty files;
    (bso#10543).
  + lib: tevent: make TEVENT_SIG_INCREMENT atomic; (bso#10640).
  + Make "case sensitive = True" option working with "max protocol = SMB2" or
    higher in large directories; (bso#10650).
  + Samba 4 consuming a lot of CPU when re-reading printcap info; (bso#10652).
  + lib: strings: Simplify strcasecmp; (bso#10716).
  + Allow netr_ServerReqChallenge() and netr_ServerAuthenticate3() on different
    connections; (bso#10723).
  + 'net time': Fix usage and core dump; (bso#10728).
  + sys_poll_intr: Fix timeout arithmetic; (bso#10731).
  + s3:idmap: Don't log missing range config if range checking not requested;
    (bso#10737).
  + Fix flapping VFS gpfs offline bit; (bso#10741).
  + s4-rpc: dnsserver: Allow . to be specified for @ record; (bso#10742).
  + s4-rpc: dnsserver: return DNS_RANK_NS_GLUE recors when explicitly asked
    for; (bso#10751).
  + samba: Retain case sensitivity of cifs client; (bso#10755).
  + lib: Remove unused nstrcpy; (bso#10758).
  + Fix a memory leak in cli_set_mntpoint(); (bso#10759).
  + docs: Fix typos in smb.conf (inherit acls); (bso#10761).
  + libcli/security: Add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in
    get_sec_info(); (bso#10773).
  + s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in
    incoming security_information flags in posix_get_nt_acl_common();
    (bso#10773).
  + Don't discard result of checking grouptype; (bso#10777).
  + s3:libsmb: Set a max charge for SMB2 connections; (bso#10778).
  + smbd: Properly initialize mangle_hash; (bso#10782).
  + dosmode: Fix FSCTL_SET_SPARSE request validation; (bso#10787).
  + vfs_dirsort: Fix an off-by-one error that can cause uninitialized memory
    read; (bso#10794).

-------------------------------------------------------------------
Thu Sep 18 16:59:49 UTC 2014 - jmcdonough@suse.com

- Wait for network-online.target to prevent caching of
  pre-network failures; (bnc#889175).

-------------------------------------------------------------------
Thu Sep 18 08:54:38 UTC 2014 - jmcdonough@suse.com

- Use domain name if search by domain SID fails to send SIDHistory
  lookups to correct idmap backend; (bnc#773464).

-------------------------------------------------------------------
Thu Sep 11 17:26:26 UTC 2014 - ddiss@suse.com

- Prune idle or hung connections older than "winbind request timeout";
  (bso#3204); (bnc#872912).

-------------------------------------------------------------------
Thu Aug 28 10:03:21 UTC 2014 - ddiss@suse.com

- fix FSCTL_SET_SPARSE request validation; (bso#10787); (bnc#893774).

-------------------------------------------------------------------
Tue Aug 19 14:07:53 UTC 2014 - lmuelle@suse.com

- Remove pre-11.2 patch which by default uses the smbpasswd passdb backend.

-------------------------------------------------------------------
Wed Aug 13 11:44:31 UTC 2014 - lmuelle@suse.com

- build: disable mmap on s390 systems; (bso#10765); (bnc#886193);
  (bnc#882356).

-------------------------------------------------------------------
Mon Aug 11 11:55:35 UTC 2014 - lmuelle@suse.com

- Create the cups smb backend as sym link pointing to smbspool; (bnc#891220).

-------------------------------------------------------------------
Fri Aug  1 16:34:44 UTC 2014 - ddiss@suse.com

- Fix winbind service parameter usage; (bnc#890005).

-------------------------------------------------------------------
Fri Aug  1 13:47:57 UTC 2014 - lmuelle@suse.com

- lib/param: change the default for "winbind expand groups" to "0";
  (bnc#890008).

-------------------------------------------------------------------
Fri Aug  1 13:42:19 UTC 2014 - lmuelle@suse.com

- Update to 4.1.11.
  + A malicious browser can send packets that may overwrite the heap of the
    target nmbd NetBIOS name services daemon; CVE-2014-3560; (bnc#889429).

-------------------------------------------------------------------
Wed Jul 30 11:39:30 UTC 2014 - ddiss@suse.com

- Fix "net time" segfault; (bso#10728); (bnc#889539).

-------------------------------------------------------------------
Mon Jul 28 10:12:04 UTC 2014 - lmuelle@suse.com

- Update to 4.1.10.
  + net/doc: Make clear that net vampire is for NT4 domains only; (bso#3263).
  + dbcheck: Add check and test for various invalid userParameters values;
    (bso#8077).
  + s4:dsdb/samldb: Don't allow 'userParameters' to be modified over LDAP for
    now; (bso#8077).
  + Simple use case results in "no talloc stackframe around, leaking memory"
    error; (bso#8449).
  + s4:dsdb/repl_meta_data: Make sure objectGUID can't be deleted; (bso#9763).
  + dsdb: Always store and return the userParameters as a array of LE 16-bit
    values; (bso#10130).
  + s4:repl_meta_data: fix array assignment in
    replmd_process_linked_attribute(); (bso#10294).
  + ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory();
    (bso#10469).
  + dbchecker: Verify and fix broken dn values; (bso#10536).
  + dsdb: Rename private_data to rootdse_private_data in rootdse; (bso#10582).
  + s3: libsmbclient: Work around bugs in SLES cifsd and Apple smbx SMB1
    servers; (bso#10587).
  + Fix "PANIC: assert failed at ../source3/smbd/open.c(1582): ret";
    (bso#10593).
  + rid_array used before status checked - segmentation fault due to null
    pointer dereference; (bso#10627).
  + Samba won't start on a machine configured with only IPv4; (bso#10653).
  + msg_channel: Fix a 100% CPU loop; (bso#10663).
  + s3: smbd: Prevent file truncation on an open that fails with share mode
    violation; (bso#10671); (bnc#884056).
  + s3: SMB2: Fix leak of blocking lock records in the database; (bso#10673).
  + samba-tool: Add --site parameter to provision command; (bso#10674).
  + smbstatus: Fix an uninitialized variable; (bso#10680).
  + SMB1 blocking locks can fail notification on unlock, causing client
    timeout; (bso#10684).
  + s3: smbd: Locking, fix off-by one calculation in brl_pending_overlap();
    (bso#10685).
  + 'RW2' smbtorture test fails when -N <numprocs> is set to 2 due to the
    invalid status check in the second client; (bso#10687).
  + wbcCredentialCache fails if challenge_blob is not first; (bso#10692).
  + Backport ldb-1.1.17 + changes from master; (bso#10693).
  + Fix SEGV from improperly formed SUBSTRING/PRESENCE filter; (bso#10693).
  + ldb: Add a env variable to disable RTLD_DEEPBIND; (bso#10693).
  + ldb: Do not build libldb-cmdline when using system ldb; (bso#10693).
  + ldb: Fix 1138330 Dereference null return value, fix CIDs 241329, 240798,
    1034791, 1034792 1034910, 1034910); (bso#10693).
  + ldb: make the successful ldb_transaction_start() message clearer;
    (bso#10693).
  + ldb:pyldb: Add some more helper functions for LdbDn; (bso#10693).
  + ldb: Use of NULL pointer bugfix; (bso#10693).
  + lib/ldb: Fix compiler warnings; (bso#10693).
  + pyldb: Decrement ref counters on py_results and quiet warnings;
    (bso#10693).
  + s4-openldap: Remove use of talloc_reference in ldb_map_outbound.c;
    (bso#10693).
  + dsdb: Return NO_SUCH_OBJECT if a basedn is a deleted object; (bso#10694).
  + s4:dsdb/extended_dn_in: Don't force DSDB_SEARCH_SHOW_RECYCLED; (bso#10694).
  + Backport autobuild/selftest fixes from master; (bso#10696).
  + Backport drs-crackname fixes from master; (bso#10698).
  + smbd: Avoid double-free in get_print_db_byname; (bso#10699).
  + Backport access check related fixes from master; (bso#10700).
  + Backport provision fixes from master; (bso#10703).
  + s3:smb2_read: let smb2_sendfile_send_data() behave like send_file_readX();
    (bso#10706).
  + s3: Fix missing braces in nfs4_acls.c.

-------------------------------------------------------------------
Wed Jul  9 22:59:09 UTC 2014 - ddiss@suse.com

- Reduce printer_list.tdb lock contention during printcap update;
  (bso#10652); (bnc#883870).
  + Only update the printer share inventory when needed.

-------------------------------------------------------------------
Tue Jul  8 12:35:25 UTC 2014 - lmuelle@suse.com

- Add missing newline to debug message in daemon_ready(); (bnc#865627).

-------------------------------------------------------------------
Mon Jul  7 13:59:24 UTC 2014 - lmuelle@suse.com

- BuildRequire systemd-devel, configure --with-systemd, and modify the service
  files accordingly on post-12.2 systems; (bso#10517); (bnc#865627).

-------------------------------------------------------------------
Wed Jun 25 11:52:17 UTC 2014 - ddiss@suse.com

- Prevent file truncation on an open that fails with share mode violation;
  (bso#10671); (bnc#884056).

-------------------------------------------------------------------
Mon Jun 23 09:43:53 UTC 2014 - lmuelle@suse.com

- Update to 4.1.9.
  + Fix nmbd denial of service; CVE-2014-0244; (bnc#880962).
  + Fix segmentation fault in smbd_marshall_dir_entry()'s SMB_FIND_FILE_UNIX
    handler; CVE-2014-3493; (bnc#883758).

-------------------------------------------------------------------
Thu Jun 12 18:09:44 UTC 2014 - lmuelle@suse.com

- BuildRequire krb5-devel, libiniparser-devel, and python-devel in any case.

-------------------------------------------------------------------
Thu Jun 12 17:15:09 UTC 2014 - lmuelle@suse.com

- BuildRequire libxslt and perl-ExtUtils-MakeMaker and BuildIgnore libtevent
  on CentOS, Fedora, and RHEL systems.

-------------------------------------------------------------------
Tue Jun  3 18:36:06 UTC 2014 - lmuelle@suse.com

- Update to 4.1.8.
  + dns: Don't reply to replies; CVE-2014-0239; (bso#10609).
  + Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response; CVE-2014-0178;
    (bso#10549).

  + s3: smb2: Fix 'xcopy /d' with samba shares; (bso#3124).
  + Extra ':' in msg for Waf Cross Compile Build System with Cross-answers
    command; (bso#10151).
  + s3: nmbd: Reset debug settings after reading config file; (bso#10239).
  + Fix empty body in if-statement in continue_domain_open_lookup; (bso#10348).
  + script/autobuild: Make use of '--with-perl-{arch,lib}-install-dir';
    (bso#10472).
  + wafsamba: Fix the installation on FreeBSD; (bso#10472).
  + Use exit_daemon() to communicate status of startup to systemd; (bso#10517).
  + Fix adding NetApps; (bso#10524).
  + s3: lib/util: Fix logic inside set_namearray loops; (bso#10544).
  + s3: lib/util: set_namearray reads across end of namelist; (bso#10544).
  + idmap_autorid: Fix failure in reverse lookup if ID is from domain range
    index #0; (bso#10547).
  + build: Fix ordering problems with lib-provided and internal RPATHs;
    (bso#10548).
  + Fix read of deleted memory in reply_writeclose()'; (bso#10554).
  + lib-util: Rename memdup to smb_memdup and fix all callers; (bso#10556).
  + Fix lock order violation and file lost; (bso#10564).
  + dsdb: Do checks for invalid renames in samldb, before repl_meta_data;
    (bso#10569).
  + Fix wildcard unlink to fail if we get an error rather than trying to
    continue; (bso#10577).
  + byteorder: Do not assume PowerPC is big-endian; (bso#10590).
  + printing: Fix purge of all print jobs; (bso#10612).

-------------------------------------------------------------------
Fri May 23 10:41:11 UTC 2014 - lmuelle@suse.com

- examples/libsmbclient: avoid some compiler warnings; (bso#10624).

-------------------------------------------------------------------
Thu May 22 13:08:13 UTC 2014 - ddiss@suse.com

- Fix printer job purging; (bso#10612); (bnc#879390).

-------------------------------------------------------------------
Sun May 18 12:07:03 UTC 2014 - lmuelle@suse.com

- Update samba-pubkey_6568B7EA.asc which will expire 2016-01-17.

-------------------------------------------------------------------
Mon May  5 11:44:20 UTC 2014 - ddiss@suse.com

- Fix byte-order macros on little endian Power8; (bso#10590); (bnc#871701).

-------------------------------------------------------------------
Fri May  2 15:37:33 UTC 2014 - ddiss@suse.com

- Pass through vfs_btrfs snapshot manipulation requests when
  "btrfs: manipulate snapshots = no" is configured; (bnc#874180).

-------------------------------------------------------------------
Fri Apr 25 08:47:57 UTC 2014 - ddiss@suse.com

- Clone the base share security descriptor when exposing a snapshot share;
  (bnc#874656).

-------------------------------------------------------------------
Thu Apr 24 16:21:04 UTC 2014 - ddiss@suse.com

- Use appropriate HRESULT return codes; (bnc#875046).

-------------------------------------------------------------------
Thu Apr 17 15:44:30 UTC 2014 - lmuelle@suse.com

- Update to 4.1.7.
  + Make "force user" work as expected; (bso#9878).
  + Fix build on AIX with IBM XL C/C++ (gettext detection issues); (bso#9911).
  + Fix problem with server taking too long to respond to a
    MSG_PRINTER_DRVUPGRADE message; (bso#9942).
  + s3-printing: Fix obvious memory leak in printer_list_get_printer();
    (bso#9993).
  + doc: Add "spoolss: architecture" parameter usage; (bso#10188).
  + Make 'smbclient' support DFS shares with SMB2/3; (bso#10200).
  + Make (lib)smbclient work with NetApp; (bso#10230).
  + SessionLogoff on a signed connection with an outstanding notify request
    crashes smbd; (bso#10344).
  + dfs: Always call create_conn_struct with root privileges; (bso#10378).
  + 'net ads search' on high latency networks can return a partial list with
     no error indication; (bso#10387).
  + max xmit > 64kb leads to segmentation fault; (bso#10422).
  + Fix STATUS_NO_MEMORY response from Query File Posix Lock request;
    (bso#10431).
  + Increase max netbios name components; (bso#10439).
  + smbd_server_connection_terminate("CTDB_SRVID_RELEASE_IP") panics from
    within ctdbd_migrate() with invalid lock_order; (bso#10444).
  + Fix 'wbinfo -i' with one-way trust; (bso#10458).
  + samba4 services not binding on IPv6 addresses causing connection delays;
    (bso#10464).
  + s3-vfs: Fix stream_depot vfs module on btrfs; (bso#10467).
  + Don't respond with NXDOMAIN to records that exist with another type;
    (bso#10471).
  + pidl: waf should have an option for the dir to install perl files and do
    not glob; (bso#10472).
  + s3-spoolssd: Don't register spoolssd if epmd is not running; (bso#10474).
  + s3-rpc_server: Fix handling of fragmented rpc requests; (bso#10481).
  + Initial FSRVP rpcclient requests fail with NT_STATUS_PIPE_NOT_AVAILABLE;
    (bso#10484).
  + lsa.idl: Define lsa.ForestTrustCollisionInfo and ForestTrustCollisionRecord
    as public structs; (bso#10504).
  + Make 'smbreadline' build with readline 6.3; (bso#10506).
  + smbd: Correctly add remote users into local groups; (bso#10508).
  + rpcclient FSRVP request UNCs should include a trailing backslash;
    (bso#10521).
  + Cleanup messages.tdb record after unclean smbd shutdown; (bso#10534).
  + s3:rpc_server: Minor refactoring of process_request_pdu().

-------------------------------------------------------------------
Tue Apr 15 15:03:27 UTC 2014 - ddiss@suse.com

- Create a new DBus connection for every vfs_snapper request, to ensure
  correct snapper UID detection; (bnc#866354).

-------------------------------------------------------------------
Tue Apr 15 10:41:04 UTC 2014 - nopower@suse.de

- Fix "Invalid read" in method reply_writeclose; (bso#10554); (bnc#873658).

-------------------------------------------------------------------
Fri Apr 11 12:37:48 UTC 2014 - ddiss@suse.com

- Fix minor compiler warnings in snapshot code-path; (bnc#873177).

-------------------------------------------------------------------
Fri Apr 11 12:21:48 UTC 2014 - lmuelle@suse.com

- Remove references to the obsolete samba-krb-printing package and
  get_printing_ticket binary.

-------------------------------------------------------------------
Fri Apr 11 12:09:23 UTC 2014 - ddiss@suse.com

- Fix malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response; CVE-2014-0178;
  (bso#10549); (bnc#872396).

-------------------------------------------------------------------
Fri Apr 11 11:50:08 UTC 2014 - nopower@suse.de

- User error strings instead of hex codes where possible for FSRVP
  errors; (bnc#866927).

-------------------------------------------------------------------
Tue Apr  1 16:49:05 UTC 2014 - ddiss@suse.com

- Fix remote share shadow copy request UNCs; (bso#10521); (bnc#870957).

-------------------------------------------------------------------
Tue Apr  1 15:20:21 UTC 2014 - lmuelle@suse.com

- Add krb5rcache directory to the winbind package; (bnc#870607).
- Cleanup and consolidate the sysconfig and systemd service files.

-------------------------------------------------------------------
Fri Mar 28 11:45:03 UTC 2014 - ddiss@suse.com

- Extend vfs_snapper man page to cover permissions; (bnc#870570).

-------------------------------------------------------------------
Wed Mar 26 14:36:34 UTC 2014 - ddiss@suse.com

- Fix RPC server handling of fragmented requests; (bso#10481); (bnc#869707).

-------------------------------------------------------------------
Fri Mar 21 18:59:29 UTC 2014 - lmuelle@suse.com

- Default with the cache and lock directory to the same path to have both
  non-persistent and persistent data at one location; (bnc#846586).

-------------------------------------------------------------------
Wed Mar 12 13:57:29 UTC 2014 - lmuelle@suse.com

- Depend only on %version with all manual Provides and Requires; (bnc#844307).

-------------------------------------------------------------------
Tue Mar 11 18:07:47 UTC 2014 - lmuelle@suse.com

- Update to 4.1.6.
  + Password lockout not enforced for SAMR password changes; CVE-2013-4496;
    (bnc#849224).
  + smbcacls can remove a file or directory ACL by mistake; CVE-2013-6442;
    (bnc#855866).

-------------------------------------------------------------------
Tue Mar 11 13:10:59 UTC 2014 - lmuelle@suse.com

- Password lockout not enforced for SAMR password changes;
  CVE-2013-4496; (bnc#849224).

-------------------------------------------------------------------
Tue Mar 11 10:21:46 UTC 2014 - lmuelle@suse.com

- Call update-apparmor-samba-profile via ExecStartPre too; (bnc#867665).

-------------------------------------------------------------------
Mon Mar 10 16:00:03 UTC 2014 - nopower@suse.com

- samba4 smbcalcs --chown | --chgrp dacl regression; CVE-2013-6442;
  (bnc#855866).

-------------------------------------------------------------------
Tue Mar  4 17:20:33 UTC 2014 - ddiss@suse.com

- Retry named pipe open requests on STATUS_PIPE_NOT_AVAILABLE; (bso#10484);
  (bnc#865095).

-------------------------------------------------------------------
Thu Feb 27 15:19:56 UTC 2014 - ddiss@suse.com

- Propagate snapshot enumeration permissions errors to SMB clients;
  (bnc#865641).

-------------------------------------------------------------------
Wed Feb 26 12:48:58 CET 2014 - nopower@suse.de

- Properly handle empty 'requires_membership_of' entries in
  /etc/security/pam_winbind.conf; (bnc#865771).

-------------------------------------------------------------------
Tue Feb 25 13:12:25 UTC 2014 - ddiss@suse.com

- Fix problem with server taking too long to respond to a
  MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748).
- Fix memory leak in printer_list_get_printer(); (bso#9993); (bnc#865561).

-------------------------------------------------------------------
Mon Feb 24 18:44:59 UTC 2014 - ddiss@suse.com

- Fix stream_depot VFS module on Btrfs; (bso#10467); (bnc#865397).

-------------------------------------------------------------------
Fri Feb 21 17:57:57 UTC 2014 - ddiss@suse.com

- Use libarchive to provide improved smbclient tarmode functionality;
  (bso#9667); (bnc#861135).

-------------------------------------------------------------------
Fri Feb 21 16:02:12 UTC 2014 - lmuelle@suse.com

- Depend on %version-%release with all manual Provides and Requires;
  (bnc#844307).

-------------------------------------------------------------------
Fri Feb 21 13:16:01 UTC 2014 - lmuelle@suse.com

- Update to 4.1.5.
  + Fix 100% CPU utilization in winbindd when trying to free memory in
    winbindd_reinit_after_fork; (bso#10358); (bnc#786677).
  + smbd: Fix memory overwrites; (bso#10415).

  + s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done();
    (bso#2191).
  + ntlm_auth sometimes returns the wrong username to mod_ntlm_auth_winbind;
    (bso#10087).
  + s3: smbpasswd: Fix crashes on invalid input; (bso#10320).
  + s3: vfs_dirsort module: Allow dirsort to work when multiple simultaneous
    directories are open; (bso#10406).
  + Add support for Heimdal's unified krb5 and hdb plugin system, cope with
    first element in hdb_method having a different name in different heimdal
    versions and fix INTERNAL ERROR: Signal 11 in the kdc pid; (bso#10418).
  + vfs_btrfs: Fix incorrect zero length server-side copy request handling;
    (bso#10424).
  + s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we
    can't cope with a symlink when lp_posix_pathnames() is true; (bso#10429).
  + smbd: Fix an ancient oplock bug; (bso#10436).
  + Fix crash bug in smb2_notify code; (bso#10442).

-------------------------------------------------------------------
Tue Feb 18 13:04:37 UTC 2014 - lmuelle@suse.com

- Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293).

-------------------------------------------------------------------
Fri Feb 14 00:31:35 UTC 2014 - ddiss@suse.com

- Migrate @GMT token parsing functionality into vfs_snapper; (bnc#863079).
  + Improve vfs_snapper documentation.

-------------------------------------------------------------------
Wed Feb 12 17:50:02 UTC 2014 - ddiss@suse.com

- Fix Winbind 100% CPU utilization caused by domain list corruption;
  (bso#10358); (bnc#786677).

-------------------------------------------------------------------
Sat Feb  8 10:39:25 UTC 2014 - ddiss@suse.com

- Fix memory overwrite in FSCTL_VALIDATE_NEGOTIATE_INFO handler; (bso#10415);
  (bnc#862370).

-------------------------------------------------------------------
Fri Feb  7 16:48:52 UTC 2014 - lmuelle@suse.com

- Streamline the vendor suffix handling and add support for SLE 12.

-------------------------------------------------------------------
Fri Feb  7 16:07:50 UTC 2014 - ddiss@suse.com

- Fix zero length server-side copy request handling; (bso#10424);
  (bnc#862558).

-------------------------------------------------------------------
Tue Feb  4 17:22:52 UTC 2014 - lmuelle@suse.com

- Set the PID directory to /run/samba on post-12.2 systems.

-------------------------------------------------------------------
Tue Feb  4 16:02:45 UTC 2014 - lmuelle@suse.com

- Make use of the tmpfilesdir macro while calling systemd-tmpfiles.

-------------------------------------------------------------------
Tue Jan 28 20:05:30 CET 2014 - nopower@suse.de

- Make winbindd print the interface version when it gets an INTERFACE_VERSION
  request; (bnc#726937).

-------------------------------------------------------------------
Tue Jan 28 15:16:30 UTC 2014 - ddiss@suse.com

- Fix vfs_btrfs build on older platforms with duplicate WRITE_FLUSH
  definitions; (bnc#860832).

-------------------------------------------------------------------
Tue Jan 28 14:34:57 UTC 2014 - ddiss@suse.com

- Check for NULL gensec_security in gensec_security_by_auth_type();
  (bnc#860809).

-------------------------------------------------------------------
Tue Jan 28 01:57:08 UTC 2014 - ddiss@suse.com

- Ensure ndr table initialization; (bnc#860648).

-------------------------------------------------------------------
Fri Jan 24 19:41:59 UTC 2014 - ddiss@suse.com

- Add File Server Remote VSS Protocol (FSRVP) server for SMB share
  shadow-copies; (fate#313346).

-------------------------------------------------------------------
Fri Jan 24 15:17:53 UTC 2014 - lmuelle@suse.com

- s3-dir: Fix the DOS clients against 64-bit smbd's; (bso#2662).
- shadow_copy2: module "Previous Version" not working in Windows 7;
  (bso#10259).
- s3-passdb: Fix string duplication to pointers; (bso#10367).
- vfs/glusterfs: in case atime is not passed, set it to the current atime;
  (bso#10384)

-------------------------------------------------------------------
Fri Jan 24 14:30:45 UTC 2014 - lmuelle@suse.com

- s3: winbindd: Move calling setup_domain_child() into add_trusted_domain();
  (bso#10358); (bnc#786677).

-------------------------------------------------------------------
Mon Jan 20 10:47:54 UTC 2014 - lmuelle@suse.com

- Default sysconfig daemon options to -D; (bso#10388); (bnc#857454).

-------------------------------------------------------------------
Thu Jan 16 19:19:58 UTC 2014 - lmuelle@suse.com

- Add /var/cache/samba to the client file list; (bnc#846586).

-------------------------------------------------------------------
Tue Jan 14 21:57:32 UTC 2014 - lmuelle@suse.com

- Really add the WINBINDDOPTIONS sysconfig variable on install; (bnc#857454).

-------------------------------------------------------------------
Mon Jan 13 13:04:53 UTC 2014 - lmuelle@suse.com

- Correct sysconfig variable names by adding the missing D char; (bnc#857454).

-------------------------------------------------------------------
Fri Jan 10 17:02:40 UTC 2014 - lmuelle@suse.com

- Update to 4.1.4.
  + Fix segfault in smbd; (bso#10284).
  + Fix SMB2 server panic when a smb2 brlock times out; (bso#10311).

-------------------------------------------------------------------
Wed Jan  8 15:36:42 UTC 2014 - lmuelle@suse.com

- Call stop_on_removal from preun and restart_on_update and insserv_cleanup
  from postun on pre-12.3 systems only; (bnc#857454).

-------------------------------------------------------------------
Wed Jan  8 13:53:33 UTC 2014 - adrian@suse.de

- BuildRequire gamin-devel instead of unmaintained fam-devel package on
  post-12.1 systems.

-------------------------------------------------------------------
Mon Jan  6 21:37:37 UTC 2014 - lmuelle@suse.com

- smbd: allow updates on directory write times on open handles; (bso#9870).
- lib/util: use proper include for struct stat; (bso#10276).
- s3:winbindd fix use of uninitialized variables; (bso#10280).
- s3-winbindd: Fix DEBUG statement in winbind_msg_offline(); (bso#10285).
- s3-lib: Fix %G substitution for domain users in smbd; (bso#10286).
- smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a
  path for open; (bso#10297).
- smb2_server processing overhead; (bso#10298).
- ldb: bad if test in ldb_comparison_fold(); (bso#10305).
- Fix AIO with SMB2 and locks; (bso#10310).
- smbd: Fix a panic when a smb2 brlock times out; (bso#10311).
- vfs_glusterfs: Enable per client log file; (bso#10337).

-------------------------------------------------------------------
Mon Jan  6 17:12:55 UTC 2014 - lmuelle@suse.com

- Add /etc/sysconfig/samba to the main and winbind package; (bnc#857454).

-------------------------------------------------------------------
Mon Jan  6 13:09:35 UTC 2014 - lmuelle@suse.com

- Create /var/run/samba with systemd-tmpfiles on post-12.2 systems;
  (bnc#856759).

-------------------------------------------------------------------
Mon Jan  6 10:06:59 UTC 2014 - lmuelle@suse.com

- Fix broken rc{nmb,smb,winbind} sym links which should point to the service
  binary on post-12.2 systems; (bnc#856759).

-------------------------------------------------------------------
Mon Jan  6 07:01:48 UTC 2014 - ddiss@suse.com

- Add Snapper VFS module for snapshot manipulation; (fate#313347).
  + dbus-1-devel required at build time.

-------------------------------------------------------------------
Mon Jan  6 06:59:01 UTC 2014 - ddiss@suse.com

- Add File Server Remote VSS Protocol (FSRVP) client for SMB share
  shadow-copies; (fate#313345).

-------------------------------------------------------------------
Wed Dec 11 12:12:21 UTC 2013 - lmuelle@suse.com

- Do not BuildRequire perl ExtUtils::MakeMaker and Parse::Yapp as they're part
  of the minimum build environment.

-------------------------------------------------------------------
Mon Dec  9 10:48:06 UTC 2013 - lmuelle@suse.com

- Update to 4.1.3.
  + DCE-RPC fragment length field is incorrectly checked; CVE-2013-4408;
    (bnc#844720).
  + pam_winbind login without require_membership_of restrictions;
    CVE-2012-6150; (bnc#853347).

-------------------------------------------------------------------
Fri Dec  6 16:25:59 UTC 2013 - lmuelle@suse.com

- Make use of the full gpg pub key file name including the key ID.

-------------------------------------------------------------------
Thu Dec  5 19:22:47 UTC 2013 - ddiss@suse.com

- Add transparent file compression support; (fate#316266).
  + Implement FSCTL_GET_COMPRESSION and FSCTL_SET_COMPRESSION handlers.
  + Add FILE_ATTRIBUTE_COMPRESSED and FILE_NO_COMPRESSION support.
  + Extend vfs_btrfs VFS module to utilize get/set compression hooks.

-------------------------------------------------------------------
Thu Dec  5 17:03:34 UTC 2013 - ddiss@suse.com

- Add support for FSCTL_SRV_COPYCHUNK_WRITE; (fate#314770).

-------------------------------------------------------------------
Mon Dec  2 15:50:56 UTC 2013 - lmuelle@suse.com

- Remove bogus libsmbclient0 package description and cleanup the libsmbclient
  line from baselibs.conf; (bnc#853021).

-------------------------------------------------------------------
Fri Nov 22 11:11:42 UTC 2013 - lmuelle@suse.com

- BuildRequire systemd on post-12.2 systems.

-------------------------------------------------------------------
Fri Nov 22 10:32:30 UTC 2013 - lmuelle@suse.com

- Update to 4.1.2.
  + s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled; (bso#9091).
  + dfs_server: Use dsdb_search_one to catch 0 results as well as
    NO_SUCH_OBJECT errors; (bso#10052).
  + Missing talloc_free can leak stackframe in error path; (bso#10187).
  + Fix memset used with constant zero length parameter; (bso#10190).
  + s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName';
    (bso#10193).
  + Make offline logon cache updating for cross child domain group membership;
    (bso#10194).
  + nsswitch: Fix short writes in winbind_write_sock; (bso#10195).
  + RW Deny for a specific user is not overriding RW Allow for a group;
    (bso#10196).
  + vfs_glusterfs: Fix excessive debug output from vfs_gluster_open();
    (bso#10224).
  + vfs_glusterfs: Implement proper mashalling/unmarshalling of ACLs;
    (bso#10224).
  + VFS plugin was sending the actual size of the volume instead of the total
    number of block units because of which windows was getting the wrong
    volume capacity; (bso#10224).
  + libcli/smb: Fix smb2cli_ioctl*() against Windows 2008; (bso#10232).
  + xattr: Fix listing EAs on *BSD for non-root users; (bso#10247).
  + Fix the build of vfs_glusterfs; (bso#10253).
  + s3-winbindd: Fix cache_traverse_validate_fn failure for NDR cache entries;
    (bso#10264).
  + util: Remove 32bit macros breaking strict aliasing; (bso#10269).

-------------------------------------------------------------------
Thu Nov 21 17:16:42 UTC 2013 - lmuelle@suse.com

- Let gpg verify execution condition not fail on non SUSE systems.

-------------------------------------------------------------------
Thu Nov 21 14:13:37 UTC 2013 - lmuelle@suse.com

- Add systemd support for post-12.2 systems.

-------------------------------------------------------------------
Tue Nov 19 19:17:40 CET 2013 - nopower@suse.de

- Allow smbcacls to take a '--propagate-inheritance' flag to indicate that
  the add, delete, modify and set operations now support automatic
  propagation of inheritable ACE(s); (FATE#316474).

-------------------------------------------------------------------
Fri Nov 15 18:04:50 UTC 2013 - lmuelle@suse.com

- Unconditionally create the CUPS smb backend sym link pointing to smbspool;
  (bnc#850656).

-------------------------------------------------------------------
Wed Nov 13 15:16:03 UTC 2013 - lmuelle@suse.com

- Update to 4.1.1.
  + ACLs are not checked on opening an alternate data stream on a file or
    directory; CVE-2013-4475; (bso#10229); (bnc#848101).
  + Private key in key.pem world readable; CVE-2013-4476; (bnc#848103).

-------------------------------------------------------------------
Sun Nov 10 18:16:56 UTC 2013 - lmuelle@suse.com

- Private key in key.pem world readable; CVE-2013-4476; (bnc#848103).

-------------------------------------------------------------------
Wed Oct 30 14:11:42 UTC 2013 - lmuelle@suse.com

- ACLs are not checked on opening an alternate data stream on a file or
  directory; CVE-2013-4475; (bso#10229); (bnc#848101).

-------------------------------------------------------------------
Fri Oct 11 08:58:29 UTC 2013 - lmuelle@suse.com

- Update to 4.1.0.
  + pam_winbindd: Support the KEYRING ccache type; (bso#10132).
  + Fix PAC parsing failure; (bso#10178).

-------------------------------------------------------------------
Wed Oct  9 20:41:52 UTC 2013 - lmuelle@suse.com

- Unify the defattr lines in the pidl, python, test and test-devel files
  section by removing the optional directory mode.

-------------------------------------------------------------------
Wed Oct  9 15:30:31 UTC 2013 - lmuelle@suse.com

- Verify source tar ball gpg signature.

-------------------------------------------------------------------
Fri Sep 27 12:30:24 UTC 2013 - lmuelle@suse.com

- Update to 4.1.0rc4.
  + dsdb: Convert the full string from UTF16 to UTF8, including embedded
    NULLs; (bso#8077).
  + python-samba-tool fsmo: Do not give an error on a successful role
    transfer; (bso#9461).
  + dbwrap_ctdb: Treat empty records as non-existing; (bso#10008).
  + Raise the level of a debug when unable to open a printer; (bso#10118).
  + Add "acl allow execute always" parameter; (bso#10134).
  + vfs_shadow_copy2: Display previous versions correctly over SMB2;
    (bso#10137).
  + smbd: Always clean up share modes after hard crash; (bso#10138).
  + Valid utf8 filenames cause "invalid conversion error" messages;
    (bso#10139).
  + libcli/smb: Use SMB1 MID=0 for the initial Negprot; (bso#10144).
  + Samba SMB2 client code reads the wrong short name length in a directory
    listing reply; (bso#10145).
  + libcli/smb: Only check the SMB2 session setup signature if required and
    valid; (bso#10146).
  + Better document potential implications of a globally used "valid users";
    (bso#10147).
  + cli_smb2_get_ea_list_path() failed to close file on exit; (bso#10149).
  + Not all OEM servers support the ALTNAME info level; (bso#10150).
  + Regression causes replication failure with Windows 2008R2 and deletes
    Deleted Objects; (bso#10157).
  + Netbios related samba process consumes 100% CPU; (bso#10158).
  + Fix POSIX ACL mapping when setting DENY ACE's from Windows; (bso#10162).

-------------------------------------------------------------------
Thu Sep 19 22:10:11 UTC 2013 - lmuelle@suse.com

- Require libndr-standard-devel due to gen_ndr/lsa.h from libpdb-devel.

-------------------------------------------------------------------
Mon Sep 16 12:49:02 UTC 2013 - lmuelle@suse.com

- Add libdcerpc0, libdcerpc-atsvc0, libdcerpc-binding0, libdcerpc-samr0,
  libgensec0, libndr0, libndr-krb5pac0, libndr-nbt0, libndr-standard0,
  libpdb0, libregistry0, libsamba-credentials0, libsamba-hostconfig0,
  libsamba-policy0, libsamba-util0, libsamdb0, libsmbclient-raw0, libsmbconf0,
  libsmbldap0, and libtevent-util0 to baselibs.conf.

-------------------------------------------------------------------
Sat Sep 14 17:05:05 UTC 2013 - jengelh@inai.de

- Add or polish the shared library package summaries and descriptions.

-------------------------------------------------------------------
Fri Sep 13 09:24:47 UTC 2013 - lmuelle@suse.com

- Update to 4.1.0rc3.
  + Fix working on site with Read Only Domain Controller; (bso#5917).
  + Add man page for vfs_syncops; (bso#7364).
  + Add man page for vfs_linux_xfs_sgid; (bso#7490).
  + When replicating DNS for bind9_dlz we need to create the server-DNS
    account remotely; (bso#9091).
  + Winbind unable to retrieve user information from AD; (bso#9615).
  + winbind_lookup_names() fails because of NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
    (bso#9899).
  + Build Samba 4.0.x on AIX with IBM XL C/C++; (bso#9911).
  + Add SMB2 and SMB3 support for smbclient; (bso#9974).
  + Add man pages for ntdb tools; (bso#10000).
  + Add man page for samba-regedit tool; (bso#10001).
  + ::1 added to nameserver on join; (bso#10030).
  + Fix memory leak in source3/lib/util.c:1493; (bso#10063).
  + Fix segmentation fault in 'net ads join'; (bso#10073).
  + Fix variable list in vfs_crossrename man page; (bso#10076).
  + s3-winbind: Fix a segfault passing NULL to a fstring argument; (bso#10082).
  + smbd: Fix async echo handler forking; (bso#10086).
  + MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba;
    (bso#10097).
  + Honour output buffer length set by the client for SMB2 GetInfo requests;
    (bso#10106).
  + Fix Winbind crashes on DC with trusted AD domains; (bso#10107).
  + Handle Dropbox (write-only-directory) case correctly in pathname lookup;
    (bso#10114).
  + Masks incorrectly applied to UNIX extension permission changes;
    (bso#10121).

-------------------------------------------------------------------
Thu Sep  5 12:31:09 UTC 2013 - jengelh@inai.de

- Implement shared library packaging guidelines.
- Correct interpackage dependencies; (bso#10129).

-------------------------------------------------------------------
Tue Sep  3 17:30:08 UTC 2013 - lmuelle@suse.com

- Define the source URL differently in the case of a release candidate.

-------------------------------------------------------------------
Sat Aug 31 22:47:49 UTC 2013 - lmuelle@suse.com

- Update to 4.1.0rc2.
  + Add vfs_btrfs module.
  + Add support for server-side copy operations via the
    SMB2 FSCTL_SRV_COPYCHUNK request.

  + Fix replication with --domain-crictical-only to fill in backlinks;
    (bso#9029).
  + Windows 8 Roaming profiles fail; (bso#9678).
  + Fix crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol";
    (bso#9820).
  + Windows error 0x800700FE when copying files with xattr names containing
    ":"; (bso#9992).
  + Do not delete an existing valid credential cache (s3-winbind); (bso#9994).
  + Fix segfault while reading incomplete session info; (bso#10003).
  + Missing integer wrap protection in EA list reading can cause server to
    loop with DOS (CVE-2013-4124); (bso#10010).
  + Fix a 100% loop at shutdown time (smbd); (bso#10013).
  + Fix/improve debug options; (bso#10015).
  + Rename regedit to samba-regedit; (bso#10040).
  + Remove obsolete swat manpage and references; (bso#10041).
  + Fix crashes in socket_get_local_addr(); (bso#10042).
  + Allow to change the default location for Kerberos credential caches;
    (bso#10043).
  + Remove a redundant inlined substitution of ACLs; (bso#10045).
  + nsswitch: Add OPT_KRB5CCNAME to avoid an error message; (bso#10048).
  + dsdb improvements; (bso#10056).
  + Linux kernel oplock breaks can miss signals; (bso#10064).

-------------------------------------------------------------------
Thu Aug 29 12:47:26 UTC 2013 - lmuelle@suse.com

- BuildRequire pyldb-devel.

-------------------------------------------------------------------
Wed Aug 28 14:56:09 UTC 2013 - lmuelle@suse.com

- Add libnetapi0 and samba-libs to baselibs.conf.

-------------------------------------------------------------------
Thu Aug 22 12:01:15 UTC 2013 - lmuelle@suse.de

- Update to 4.0.9.
  + Fix crash of Winbind after "ls -l /usr/local/samba/var/locks/sysvol";
    (bso#9820).
  + s3-lib: Fix segmentation fault while reading incomplete session info;
    (bso#10003).
  + smbd: Fix a 100% loop at shutdown time; (bso#10013).

  + Windows 8 Roaming profiles fail; (bso#9678).
  + Add UPN enumeration to passdb internal API; (bso#9779).
  + smbd: Cleanup disonnected durable handles; (bso#9930).
  + vfs_streams_xattr: Do not attempt to write empty attribute twice;
    (bso#9970).
  + Fix Windows error 0x800700FE when copying files with xattr names
    containing ":"; (bso#9992).
  + s3-winbind: Do not delete an existing valid credential cache; (bso#9994).
  + Fix excessive RID allocation; (bso#10014).
  + Add debugclass for DNS server; (bso#10015).
  + Fix/improve debug options; (bso#10015).
  + Allow to change the default location for Kerberos credential caches;
    (bso#10043).
  + Linux kernel oplock breaks can miss signals; (bso#10064).
  + net ads join: Fix segmentation fault in
    create_local_private_krb5_conf_for_domain; (bso#10073).

-------------------------------------------------------------------
Mon Aug  5 10:56:56 UTC 2013 - lmuelle@suse.com

- Update to 4.0.8.
  + Samba 3.0.x to 4.0.7 are affected by a denial of service attack on
    authenticated or guest connections; CVE-2013-4124; (bnc#829969).

-------------------------------------------------------------------
Mon Jul 22 08:41:07 UTC 2013 - lmuelle@suse.com

- Require krb5 and not the non existing krb5-libs package.

-------------------------------------------------------------------
Wed Jul 17 17:42:23 UTC 2013 - lmuelle@suse.com

- Update to 4.1.0rc1.
  + Directory database replication (AD DC mode)
  + Server-Side Copy Support
  + Btrfs Filesystem Integration

-------------------------------------------------------------------
Fri Jul 12 13:07:11 UTC 2013 - lmuelle@suse.com

- BuildRequire perl ExtUtils::MakeMaker and Parse::Yapp.
- BuildRequire libxslt, libxslt1, or libxslt-tools depending on SUSE version.
- Require perl-base on SUSE systems only.

-------------------------------------------------------------------
Fri Jul 12 10:27:25 UTC 2013 - lmuelle@suse.com

- Adjust group setting of the test-devel subpackage.
- Require perl-base from the pidl subpackage.

-------------------------------------------------------------------
Fri Jul 12 10:11:50 UTC 2013 - lmuelle@suse.com

- Remove libdir/samba/ldb after install if we're building Samba without
  Active Directory Domain Controller support.

-------------------------------------------------------------------
Thu Jul 11 21:31:07 UTC 2013 - lmuelle@suse.com

- Remove unused ccache switch from the spec file.

-------------------------------------------------------------------
Thu Jul 11 20:42:23 UTC 2013 - lmuelle@suse.com

- BuildRequire docbook-xsl-stylesheets and libxslt-tools to build the
  man pages and add them to the package again.

-------------------------------------------------------------------
Thu Jul 11 16:20:32 UTC 2013 - lmuelle@suse.com

- Build from the package from the top level directory; (bnc#794744).
- BuildRequire pytalloc-devel, python-tdb, and python-tevent.
- Also use out of tree builds of talloc, tdb, tevent, and ldb for pre-12.1
  SUSE systems.

-------------------------------------------------------------------
Fri Jul  5 18:48:26 UTC 2013 - lmuelle@suse.com

- Remove the empty data dir from the doc package filelist.
- Explicitly use samba instead of the name macro to define the docbook dir.

-------------------------------------------------------------------
Tue Jul  2 09:49:54 UTC 2013 - lmuelle@suse.com

- Update to 4.0.7.
  + Fix a core dump with invalid lock order while opening/editing
    or copying MS files; (bso#9794).
  + Fix crash bug from search of mail=; (bso#9967).

  + s3-rpc_server: Ensure we are root when starting and using gensec;
    (bso#9465).
  + Add support for MX queries; (bso#9485).
  + dns: Delete dnsNode objects when they are empty; (bso#9559).
  + dns: Support larger queries when asking forwarder; (bso#9632).
  + s3:lib/server_mutex: Open mutex.tdb with CLEAR_IF_FIRST; (bso#9805).
  + Use of wrong RFC2307 primary group field; (bso#9880).
  + Check for system libtevent; (bso#9881).
  + is_printer_published GUID retrieval; (bso#9900).
  + Doc fixes for 4.0; (bso#9906).
  + Build fixes for 4.0 found during autoconf or debian packaging work;
    (bso#9907).
  + build: Add missing new line to replaced python shebang line; (bso#9909).
  + PIE builds not supported; (bso#9910).
  + s4:winbind: Don't leak libnet_context into the main event context;
    (bso#9929).
  + Fix a bug of drvupgrade of smbcontrol; (bso#9941).
  + Check for netbios aliases in ad_get_referrals; (bso#9947).
  + Fix tevent_poll on 32-bit machines (Coverity ID 989236); (bso#9953).
  + docs: Avoid mentioning a possibly misleading option; (bso#9964).
  + Fix build with system Heimdal of samba4kgetcred; (bso#9968).

-------------------------------------------------------------------
Mon Jul  1 17:34:32 UTC 2013 - lmuelle@suse.com

- Use SLE as product prefix for SUSE Linux Enterprise, oS for openSUSE, and
  OBS for any other operating system to define the vendor string while build.

-------------------------------------------------------------------
Fri Jun 28 16:49:31 UTC 2013 - lmuelle@suse.com

- Remove ldapsmb from the main spec file.

-------------------------------------------------------------------
Wed Jun 26 13:55:13 UTC 2013 - lmuelle@suse.com

- Adjust ldapsmb and nmbstatus man page syntax required by a newer pod2man.

-------------------------------------------------------------------
Tue Jun 25 17:03:49 UTC 2013 - lmuelle@suse.com

- Don't bzip2 the main tar ball, use the upstream gziped one instead.

-------------------------------------------------------------------
Sun Jun 23 05:45:26 UTC 2013 - jengelh@inai.de

- Explicitly BuildRequire cyrus-sasl-devel, libattr-devel, and
  libopenssl-devel.

-------------------------------------------------------------------
Wed Jun  5 11:45:41 UTC 2013 - ddiss@suse.com

- Fix libreplace license ambiguity; (bso#8997); (bnc#765270).

-------------------------------------------------------------------
Wed May 22 11:32:46 UTC 2013 - lmuelle@suse.com

- Update to 4.0.6.
  + Fix crash during Win8 sync; (bso#9822).
  + Fix segfault when loging in with wrong password from w2k8r2; (bso#9834).

  + Fix the username map optimization; (bso#9139).
  + Add support for PFC_FLAG_OBJECT_UUID when parsing packets; (bso#9382).
  + SMB2 server doesn't support recvfile; (bso#9412).
  + Fix the build of vfs_notify_fam; (bso#9545).
  + Fix adding case sensitive spn; (bso#9699).
  + Properly handle oplock breaks in compound requests; (bso#9722).
  + Properly handle oplock breaks in compound requests; (bso#9722).
  + Cache name_to_sid/sid_to_name correctly; (bso#9766).
  + Fix 'net ads join' when called via stdin; (bso#9767).
  + Fix segfault for "artificial" conn_structs in vfs_fake_perms; (bso#9775).
  + vfs_dirsort uses non-stackable calls, dirfd(), malloc instead of talloc and
    doesn't cope with directories being modified whilst reading; (bso#9777).
  + Fix panic when running 'smbtorture smb.base'; (bso#9782).
  + Use specified python for runtime installation of Samba; (bso#9785).
  + Change '--with-dmapi' to 'default=auto' to match the autoconf build;
    (bso#9803).
  + wafsamba: Display the default value in help for SAMBA3_ADD_OPTION;
    (bso#9804).
  + wbinfo: Fix segfault in wbinfo_pam_logon; (bso#9807).
  + Package new dbwrap_tool man page; (bso#9809).
  + Old DOS SMB CTEMP request uses a non-VFS function to access
    the filesystem; (bso#9811).
  + Fix 'map untrusted to domain' with NTLMv2; (bso#9817).
  + SMB signing and the async echo responder don't work together; (bso#9824).
  + Fix panic in nt_printer_publish_ads; (bso#9830).
  + talloc use after free in winbind4; (bso#9832).
  + Function called in unix_convert() path can overwrite errno; (bso#9833).
  + Fix NULL pointer dereference in Winbind; (bso#9854).
  + Fix making LIBNDR_PREG_OBJ; (bso#9868).

-------------------------------------------------------------------
Fri Apr 26 15:54:50 UTC 2013 - lmuelle@suse.com

- Remove disabled and anyhow obsoleted net-report and net_rpc_migrate patches.

-------------------------------------------------------------------
Tue Apr  9 10:07:28 UTC 2013 - lmuelle@suse.com

- Update to 4.0.5.
  + Fix large reads/writes from some Linux clients; (bso#9706).
  + Add 'samba-tool dbcheck --reset-well-known-acls'; (bso#9740).
  + Can't delegate adding computers to domain; (bso#9267).

  + Fix GNU ld version detection with old gcc releases; (bso#7825).
  + Never try to map global SAM name; (bso#9039).
  + Certain xattrs cause Windows error 0x800700FF; (bso#9130).
  + Samba returns unexpected error on SMB posix open; (bso#9519).
  + Fix build on AIX; (bso#9557).
  + libnss-winbindd does not provide pass struct for groups mapped with
    ID_TYPE_BOTH and vice versa; (bso#9617).
  + Reauth-capable client fails to access shares on Windows member; (bso#9625).
  + PIDL: Fix parsing linemarkers in preprocessor output; (bso#9636).
  + Rename internal subsystem pdb_ldap to pdb_ldapsam; (bso#9639).
  + Fix the build of vfs_afsacl; (bso#9642).
  + Fix the build with --fake-kaserver; (bso#9643).
  + Fix compile of source3/lib/afs.c; (bso#9644).
  + Make SMB2_GETINFO multi-volume aware; (bso#9646).
  + idmap_autorid: Fix freeing of non-talloced memory; (bso#9653).
  + Work around FreeBSD's getaddrinfo() underscore issue; (bso#9656).
  + 'make test' hangs; (bso#9663).
  + Fix correct linking of libreplace with cmdline-credentials; (bso#9664).
  + Fix filtering of link-local addresses; (bso#9666).
  + Fix crash in 'net rpc join' against a Samba 3.0.33 PDC; (bso#9669).
  + Samba denies owner Read Control when there is a DENY entry while W2K08
    does not; (bso#9674).
  + Fix several resource (fd) leaks; (bso#9683).
  + Fix a memory leak in spoolss rpc server; (bso#9685).
  + Fix a possible buffer overrun in pdb_smbpasswd; (bso#9686).
  + Fix several possible null pointer dereferences; (bso#9687).
  + Make sure that domain joins work correctly when the DC disallows NTLM
    auth; (bso#9689).
  + Backport tevent changes to bring library to version 0.9.18; (bso#9695).
  + Remove incomplete samba_dnsupdate IPv6 link-local address check;
    (bso#9696).
  + DsReplicaGetInfo fails due to sendto() EMSGSIZE error on UNIX
    domain socket; (bso#9697).
  + Fix vfs_catia and update documentation; (bso#9701); (bnc#824833).
  + Fix build on solaris8: Do not force a specific perl on pod2man; (bso#9703).
  + Fix nss_winbind name on FreeBSD; (bso#9704).
  + s4:winbindd: Do not drop the workgroup name in the getgrnam, getgrent and
    getgrgid calls; (bso#9711).
  + Set LD_LIBRARY_PATH in install_with_python.sh; (bso#9717).
  + s4-idmap: Remove requirement that posixAccount or posixGroup be set for
    rfc2307; (bso#9718).
  + Allow forcing an override of an old @MODULES record; (bso#9719).
  + Do not print the admin password during 'samba-tool classicupgrade';
    (bso#9720).
  + Make samba_upgradedns more robust (do not guess addresses when just
    changing roles); (bso#9721).
  + Add a tool to migrate latin1 printing tdbs to registry; (bso#9723).
  + is_encrypted_packet() function incorrectly used inside server; (bso#9724).
  + upgradeprovision and 'samba-tool dbcheck' patches for 4.0.NEXT; (bso#9725).
  + Fix NULL pointer dereference; (bso#9727).
  + DO NOT install samba_upgradeprovision in 4.0.x; (bso#9728).
  + Fix 'smbcontrol close-share'; (bso#9733).
  + Fix Winbind separator in upn to username conversion; (bso#9735).
  + Change to smbd/dir.c code gives significant performance increases on large
    directory listings; (bso#9736).
  + PIDL: Build fixes for hosts without CPP (Solaris 11); (bso#9739).
  + Make sure that we only propogate the INHERITED flag when we are allowed
    to; (bso#9747).
  + Remove unneeded fstat system call from hot read path; (bso#9748).
  + Don't leak the epm_Map policy handle; (bso#9758).
  + Fix incorrect parsing of SMB2 command codes; (bso#9760).

- Update to 4.0.4.
  + Remove forced set of 'create mask' to 0777; CVE-2013-1863; (bnc#809624).

-------------------------------------------------------------------
Thu Mar 14 14:40:51 UTC 2013 - ddiss@suse.com

- Fix periodic printcap cache reloads; (bso#9650); (bnc#807334).

-------------------------------------------------------------------
Tue Feb 26 13:03:46 UTC 2013 - lmuelle@suse.com

- No longer use the cifs- or smbfstab named configuration file on post-12.2
  systems; (bnc#804822); (bnc#821889).

-------------------------------------------------------------------
Mon Feb 25 13:08:58 UTC 2013 - lmuelle@suse.com

- Shift the smbfs init script nfs dependency from Required to Should.

-------------------------------------------------------------------
Mon Feb 11 19:24:27 UTC 2013 - ddiss@suse.com

- Fix SMB1 Session Setup AndX handling with a large krb PAC;
  (bso#9658); (bnc#802031).

-------------------------------------------------------------------
Fri Feb  8 21:06:56 UTC 2013 - lmuelle@suse.com

- Point LD_LIBRARY_PATH to the just-built libraries while calling testparm to
  generate the default share snippets on pre-12.2 systems.

-------------------------------------------------------------------
Fri Feb  8 11:34:33 UTC 2013 - ddiss@suse.com

- Explicitly configure --with-ads.

-------------------------------------------------------------------
Thu Feb  7 15:30:36 UTC 2013 - ddiss@suse.com

- Fix smbclient recursive mget EPERM handling; (bso#9633); (bnc#786350).

-------------------------------------------------------------------
Thu Feb  7 12:28:31 UTC 2013 - lmuelle@suse.com

- Remove superfluous quotation marks while setting the
  SAMBA_VERSION_VENDOR_SUFFIX string.

-------------------------------------------------------------------
Wed Feb  6 14:24:40 UTC 2013 - sjayaraman@suse.de

- Do not restart the smbfs service on pre-11.3 systems during dhcp lease
  renewal when the IP address remains the same; (bnc#800782).

-------------------------------------------------------------------
Tue Feb  5 15:17:40 UTC 2013 - lmuelle@suse.com

- Update to 4.0.3.
  + Fix ACL problem with delegation of privileges and deletion of accounts
    over LDAP interface; add documentation; (bso##8909).
  + check_password_quality: Handle non-ASCII characters properly; (bso##9105).
  + Fix 'smbd' panic triggered by unlink after open; (bso##9571).
  + smbd: Fix memleak in the async echo handler; (bso##9549).

  + defer_open is triggered multiple times on the same request; (bso#9196).
  + Add extra attributes for AD printer publishing; (bso#9378).
  + FSMO seize of naming role fails: NT_STATUS_IO_TIMEOUT; (bso#9461).
  + Downgrade v4 printer driver requests to v3; (bso#9474).
  + samba_upgradeprovision: fix the nTSecurityDescriptor on more containers;
    (bso#9481).
  + s3:smb2_negprot: set the 'remote_proto' value; (bso#9499).
  + waf assumes that pythonX.Y-config is a Python script; (bso#9503).
  + s4:drsuapi: Make sure we report the meta data from the cycle start;
    (bso#9508).
  + wafsamba: Use additional xml catalog file; (bso#9512).
  + samba_dnsupdate: Set KRB5_CONFIG for nsupdate command; (bso#9517).
  + conn->share_access appears not be be reset between users; (bso#9518).
  + Remove superfluous bracket in samba.8.xml; (bso#9528).
  + Fix typo in vfs_tsmsm.8.xml; (bso#9530).
  + terminate the irpc_servers_byname() result with
    server_id_set_disconnected(); (bso#9540).
  + Make use of posix_openpt; (bso#9541).
  + Fix build of vfs_commit and plug in async pwrite support; (bso#9544).
  + Fix aio_suspend detection on FreeBSD; (bso#9546).
  + Correctly detect O_DIRECT; (bso#9548).
  + sigprocmask does not work on FreeBSD to stop further signals in a signal
    handler; (bso#9550).
  + smb.conf(5): Update list of available protocols; (bso#9552).
  + s4-resolve: Fix parsing of IPv6/AAAA in dns_lookup; (bso#9555).
  + Fix compilation of Solaris ACL module; (bso#9564).
  + Adding additional Samba 4.0 DC to W2k8 srv AD domain (in win200 functional
    level) produces dbcheck errors; (bso#9565).
  + Add dbwrap_tool.1 manual page; (bso#9568).
  + Document the command line options in dbwrap_tool(1); (bso#9568).
  + ntlm_auth(1): Fix format and make examples visible; (bso#9569).
  + Fix file corruption during SMB1 read by Mac OSX 10.8.2 clients;
    (bso#9572).
  + Fix a possible null pointer dereference in spoolss; (bso#9574).
  + Duplicate flags defined in the winbindd protocol; (bso#9575).
  + gensec: Allow login without a PAC by default; (bso#9581).
  + smbd: disk_free: sys_popen() failed" message logged in /var/log/message
    many times; (bso#9586).
  + Archive flag is always set on directories; (bso#9587).
  + ACLs are not inherited to directories for DFS shares; (bso#9588).
  + Correct meta data in ldb manpages; (bso#9591).
  + s3-winbind: Fix the build of idmap_ldap; (bso#9595).
  + Linked attribute handling should be by GUID; (bso#9596).
  + Fix timeouts of some IRPC calls; (bso#9598).
  + Use pid,task_id as cluster_id in process_single just like process_prefork;
    (bso#9598).
  + Add 'ldbdump' tool; general code and documentation cleanup; (bso#9609).
  + dsdb: Make secrets_tdb_sync cope with -H secrets.ldb; (bso#9610).

-------------------------------------------------------------------
Thu Jan 31 16:51:30 UTC 2013 - lmuelle@suse.com

- Update to 4.0.2.
  + Address SWAT security issues CVE-2013-0213 and CVE-2013-0214 which both
    don't apply to any SUSE Samba post-3.6.10 as it isn't longer built.
  + Don't build and package static libraries.

-------------------------------------------------------------------
Thu Jan 31 16:14:06 UTC 2013 - lmuelle@suse.com

- Drop separate build-source-timestamp file as it led to a second, incorrect
  Source Timestamp line.

-------------------------------------------------------------------
Wed Jan 23 15:53:50 UTC 2013 - ddiss@suse.com

- Add server-side copy support; (fate#314770).
  + Implement FSCTL_SRV_COPYCHUNK and FSCTL_SRV_REQUEST_RESUME_KEY handlers.
  + Add vfs_btrfs VFS module for optimized Btrfs clone-range ioctl usage.

-------------------------------------------------------------------
Mon Jan 21 22:29:32 UTC 2013 - lmuelle@suse.com

- Add filter against shlib-policy-name-error for /lib*/libnss_wins.so.2.

-------------------------------------------------------------------
Mon Jan 21 11:02:35 UTC 2013 - lmuelle@suse.com

- Disable SWAT during configure and don't package it any longer.

-------------------------------------------------------------------
Fri Jan 18 17:34:55 UTC 2013 - lmuelle@suse.com

- Remove dangling references to Heimdal from the spec file.

-------------------------------------------------------------------
Thu Jan 17 18:07:11 UTC 2013 - lmuelle@suse.com

- Remove /lib/samba prefix from the localstatedir configure option.

-------------------------------------------------------------------
Tue Jan 15 12:12:17 UTC 2013 - lmuelle@suse.com

- Update to 4.0.1.
  + Samba 4.0.0 as an AD DC may provide authenticated users with write access
    to LDAP directory objects; CVE-2013-0172; (bnc#798364).

-------------------------------------------------------------------
Wed Jan  9 21:53:11 UTC 2013 - lmuelle@suse.com

- Add the missing get_printing_ticket binary path while calling the
  set_permissions macro; (bnc#783375).

-------------------------------------------------------------------
Sun Dec 23 14:56:51 UTC 2012 - lmuelle@suse.com

- Use the version macro while definition of the branch macro.

-------------------------------------------------------------------
Wed Dec 19 22:52:28 UTC 2012 - lmuelle@suse.com

- Remove references to no longer used devel macros.

-------------------------------------------------------------------
Tue Dec 11 18:42:04 UTC 2012 - lmuelle@suse.com

- Update to 4.0.0.
  + Honor password complexity settings; (bso#9414).
  + Install SWAT *.msg files with waf; (bso#9415).
  + Fix netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon AES;
    (bso#9438).
  + developer-build: Fix panic when acl_xattr fails with access denied;
    (bso#9456).
  + Fix "map username script" with "security=ads" and Winbind; (bso#9457).
  + Install manpages only if we install the target; (bso#9459).
  + Respond correctly to FILE_STREAM_INFO requests; (bso#9460).
  + Users can not be given write permissions any more by default; (bso#9462).
  + Fix MMC crashes; (bso#9470).
  + Fix SEGV when using second vfs module; (bso#9471).
  + Support FIPS mode when building Samba; (bso#9479).
  + Fix ACL on "cn=partitions,cn=configuration"; (bso#9481).

-------------------------------------------------------------------
Tue Dec 11 11:41:59 UTC 2012 - lmuelle@suse.com

- netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon AES broken;
  (bso#9438).
- s3:auth: fix create_token_from_sid() to not fail in the winbindd case;
  (bso#9457).
- s4:dsdb/acl_read: return the nTSecurityDescriptor attr if the sd_flags
  control is given; (bso#9470).
- Support FIPS mode when building Samba; (bso#9479).
- s4:provision: set the correct nTSecurityDescriptor; (bso#9481).

-------------------------------------------------------------------
Mon Dec 10 22:25:04 UTC 2012 - lmuelle@suse.com

- SEGV when using second vfs module; (bso#9471).

-------------------------------------------------------------------
Mon Dec 10 11:24:52 UTC 2012 - lmuelle@suse.com

- Update to 3.6.10.
  + Respond correctly to FILE_STREAM_INFO requests; (bso#9460).
  + Fix segfault when "default devmode" is disabled; (bso#9433).
  + Fix segfaults in "log level = 10" on Solaris; (bso#9390).

-------------------------------------------------------------------
Sun Dec  9 00:05:32 UTC 2012 - lmuelle@suse.com

- s3:smbd:vfs_acl: fix a PANIC when setting an ACL fails with ACCESS_DENIED;
  (bso#9456).
- Install manpages only if we install the target; (bso#9459).
- Users can not be given write permissions any more by default; (bso#9462).

-------------------------------------------------------------------
Sat Dec  8 18:57:16 UTC 2012 - lmuelle@suse.com

- Fix MD5 detection in the autoconf build; (bso#9037); (bso#9086); (bso#9094);
  (bso#9418).
- Use work around for 'winbind use default domain' only if it is set;
  (bso#9367).
- Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend;
  (bso#9374).
- large read requests cause server to issue malformed reply; (bso#9422).
- s3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(); (bso#9426).
- Fix ncacn_ip_tcp reconnection code for lsa lookups; (bso#9439).
- Allow to force DNS updates using net; (bso#9451).
- Respond correctly to FILE_STREAM_INFO requests; (bso#9460).

-------------------------------------------------------------------
Fri Dec  7 15:48:52 UTC 2012 - lmuelle@suse.com

- Update to 4.0.0rc6.
  See WHATSNEW.txt from the samba-doc package.

-------------------------------------------------------------------
Tue Dec  4 14:29:48 UTC 2012 - lmuelle@suse.com

- On uninstall remove winbind from the pam configuration, invalidate the nscd
  passwd and group cache and only recommend the install of nscd; (bnc#792340).

-------------------------------------------------------------------
Mon Dec  3 16:43:51 UTC 2012 - lmuelle@suse.com

- BuildRequire libnscd-devel once.

-------------------------------------------------------------------
Sun Dec  2 21:47:01 UTC 2012 - lmuelle@suse.com

- Remove obsoleted references to pre-9.4 SUSE systems; (bnc#792294).
- Add SUSE version depending pkg-config requires macro; (bnc#792294).

-------------------------------------------------------------------
Sun Dec  2 15:14:37 UTC 2012 - lmuelle@suse.com

- Define library names and use it instead of libldb1, libnetapi0,
  libsmbclient0, libsmbsharemodes0, libtalloc2, libtdb1, libtevent0, and
  libwbclient0; (bnc#792294).
- Provide and obsolete libsmbsharemodes for post-10.3 SUSE systems.

-------------------------------------------------------------------
Fri Nov 30 18:14:37 UTC 2012 - lmuelle@suse.com

- Don't clutter the spec file diff view; (bnc#783384).

-------------------------------------------------------------------
Wed Nov 28 13:08:20 UTC 2012 - jmcdonough@suse.com

- Fix fd leak causing 100% CPU in winbind on certain dc connection
  failures; (bso#9436); (bnc#786677).

-------------------------------------------------------------------
Tue Nov 27 17:22:58 UTC 2012 - ddiss@suse.com

- Fix spoolss segfault when default devmode is disabled; (bso#9433);
  (bnc#791183).

-------------------------------------------------------------------
Mon Nov 19 17:49:36 UTC 2012 - lmuelle@suse.com

- Update to 4.0.0rc5.
  See WHATSNEW.txt from the samba-doc package.

-------------------------------------------------------------------
Fri Nov 16 18:23:42 UTC 2012 - lmuelle@suse.com

- ACL masks incorrectly applied when setting ACLs; (bso#9236).
- s3-kerberos: also try with AES keys, when decrypting tickets; (bso#9272).
- lib/replace: replace all *printf function if we replace snprintf; (bso#9390).
- lib/addns: don't depend on the order in resp->answers[]; (bso#9402).

-------------------------------------------------------------------
Tue Nov 13 17:26:15 UTC 2012 - lmuelle@suse.com

- s4:torture/smb2: improve the smb2.create.blob tes; (bso#9209).
- lib/krb5_wrap: request enc_types in the correct order; (bso#9272).
- Fix net ads join message for the dns domain; (bso#9326).
- docs-xml: fix use of <smbconfoption> tag; (bso#9345).
- s3-aio_pthread: Optimize aio_pthread_handle_completion; (bso#9359).
- s3:winbind: Failover if netlogon pipe is not available; (bso#9386).

-------------------------------------------------------------------
Thu Nov  1 20:26:19 UTC 2012 - lmuelle@suse.com

- Execute the run_permissions macro on pre-11.4 systems and else the
  set_permission one if available.

-------------------------------------------------------------------
Mon Oct 29 19:48:51 UTC 2012 - lmuelle@suse.com

- Ensure adding the winbind group never can fail.

-------------------------------------------------------------------
Mon Oct 29 16:59:09 UTC 2012 - lmuelle@suse.com

- Create ntadmin group only if it doesn't yet exist.

-------------------------------------------------------------------
Mon Oct 29 12:10:41 UTC 2012 - lmuelle@suse.com

- Update to 3.6.9.
  + When setting a non-default ACL, don't forget to apply masks to
    SMB_ACL_USER and SMB_ACL_GROUP entries; (bso#9236).
  + Winbind can't fetch user or group info from AD via LDAP; (bso#9147).
  + Fix segfault in smbd if user specified ports out for range; (bso#9218).

-------------------------------------------------------------------
Mon Oct 29 12:03:21 UTC 2012 - lmuelle@suse.com

- quota: Don't force the block size to 512; (bso#3272).
- Fix poll replacement to become a msleep replacement; (bso#8107).
- Fix wrong test == syntax in configure; (bso#8146).
- Fix --with(out)-sendfile-support option handling in autoconf; (bso#8344).
- Fix builtin forms order to match Windows again; (bso#8632).
- Fix RAW printing for normal users; (bso#8769); (bnc#790741).
- Initialise ticket to ensure we do not invalid memory; (bso#8788).
- Fix 'net rpc share allowedusers' to work with 2008r2; (bso#8966).
- Fix crash on null pam change pw response; (bso#9013).
- Connection to outbound trusted domain goes offline; (bso#9016).
- Increase debug level for info that the db is empty; (bso#9112).
- 'smbclient' can't connect to a Windows 7 server using NTLMv2; (bso#9117).
- Winbind can't fetch user or group info from AD via LDAP; (bso#9147).
- Open printers with the right access mask; (bso#9154).
- Fix makerpms.sh on RHEL; (bso#9165).
- Remove non-existent option '-Y' from winbindd manpage; (bso#9171).
- Add quota support for gfs2; (bso#9172).
- Make SMB2 compound request create/delete_on_close/close work as Windows;
  (bso#9173).
- Empty SPNEGO packet can cause smbd to crash; (bso#9174).
- pam_winbind: Match more return codes when wbcGetPwnam has failed;
  (bso#9177).
- Fix crash bug in idmap_hash; (bso#9188); (bnc#788159).
- SMB2 Create doesn't return correct MAX ACCESS access mask in blob;
  (bso#9189).
- Fix service control for non-internal services; (bso#9192).
- Don't take 'state->te' as indication for "was_deferred"; (bso#9196).
- Parse of invalid SMB2 create blob can cause smbd crash; (bso#9209).
- Bad ASN.1 NegTokenInit packet can cause invalid free; (bso#9213).
- Fix segfault in smbd if user specified ports out for range; (bso#9218).
- Signing cannot be disabled for SMB2 by design, so fix the documentation
  instead; (bso#9222).
- Fix NT_STATUS_IO_TIMEOUT during slow import of printers into registry;
  (bso#9231).
- When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER
  and SMB_ACL_GROUP entries; (bso#9236).
- lib-addns: ensure that allocated buffer are pre set to 0; (bso#9259).
- Make tdb robust against shrinking tdbs and improper CLEAR_IF_FIRST restart;
  (bso#9268).
- Add support for reloading systemd services; (bso#9280).

-------------------------------------------------------------------
Fri Oct 26 17:40:15 UTC 2012 - lmuelle@suse.com

- Warn via the smbd log if AppArmor and "wide links" are in use; (bnc#783719).

-------------------------------------------------------------------
Wed Sep 26 18:07:49 UTC 2012 - lmuelle@suse.com

- Do not write the build date into the header of the default smb.conf as this
  causses superfluous rebuilds of packages depending on samba; (bnc#781601).

-------------------------------------------------------------------
Wed Sep 26 13:42:41 UTC 2012 - lmuelle@suse.com

- Do not prerequire SuSEconfig.permissions as it's already enough and more
  generic to depend on the permissions package; (bnc#782293).

-------------------------------------------------------------------
Mon Sep 17 12:00:22 UTC 2012 - lmuelle@suse.com

- Update to 3.6.8.
  + Fix crash bug in smbd caused by a blocking lock followed by close;
    (bso#9084).
  + Fix Winbind panic if we couldn't find the domain; (bso#9135).

-------------------------------------------------------------------
Mon Sep 17 11:56:46 UTC 2012 - lmuelle@suse.com

- Backport FSCTL codes and fix segfault in smbstatus from master; (bso#9058).
- Fix bad call to memcpy source3/registry/regfio.c; (bso#9065).
- "Domain Users" incorrectly added as additional group on domain members;
  (bso#9066).
- Use correct RID for "Domain Guests" primary group; (bso#9067).
- Fix crash bug in smbd caused by a blocking lock followed by close;
  (bso#9084).
- Fix smbclient/tarmode panic when connecting to Windows 2000 clients;
  (bso#9088).
- Fix refreshing of Kerberos tickets in Winbind; (bso#9098).
- Fix identification of idle clients in Winbind to avoid crashes and NDR
  parsing errors; (bso#9104).
- Fix compilation with newer MIT Kerberos which hides internal symbols;
  (bso#9111).
- Fix flooding the logs with records we don't find in pcap; (bso#9112).
- Initialize the print backend after we setup winreg; (bso#9122).
- Fix lprng job tracking errors; (bso#9123).
- Fix setting of "inherited" bit on inherited ACE's; (bso#9124).
- Fix Winbind panic if we couldn't find the domain; (bso#9135).
- Make 'smbclient allinfo' show the snapshot list; (bso#9137).
- Fix nfs quota support with Linux nfs4 mounts; (bso#9144).
- Valid open requests can cause smbd assert due to incorrect oplock handling
  on delete requests; (bso#9150).

-------------------------------------------------------------------
Thu Sep 13 05:32:48 MDT 2012 - shargagan@novell.com

- NMB registration for a duplicate workstation fails with registration
  refuse; (bso#9085); (bnc#770056).

-------------------------------------------------------------------
Thu Aug 16 14:18:35 UTC 2012 - lmuelle@suse.com

- Remove backup files caused by running configure in examples/VFS.

-------------------------------------------------------------------
Mon Aug  6 20:41:15 UTC 2012 - lmuelle@suse.com

- Update to 3.6.7.
  + Fix resolving our own "Domain Local" groups; (bso#9052); (bnc#779269).
  + Fix migrating printers while upgrading from 3.5.x; (bso#9026).

-------------------------------------------------------------------
Mon Aug  6 19:40:23 UTC 2012 - lmuelle@suse.com

- Correct documentation of "case sensitive"; (bso#8552).
- Printing fails in function cups_job_submit; (bso#8719).
- Fix kernel oplocks when uid(file) != uid(process); (bso#8974).
- Send correct responses to NT Transact Secondary when no data and no params
  for the Trans2 calls are set; (bso#8989).
- Fix build without ads support; (bso#8996).
- Don't turn negative cache entries into valid idmappings; (bso#9002).
- Fix posix acl on gpfs; (bso#9003).
- Make vfs_gpfs less verbose in get/set_xattr functions; (bso#9022).
- Fix migrating printers while upgrading from 3.5.x; (bso#9026).
- Fix typo in set_re_uid() call when USE_SETRESUID selected in configure;
  (bso#9034).
- Using asynchronous IO with SMB2 can return NT_STATUS_FILE_CLOSED in error
  instead ofNT_STATUS_FILE_LOCK_CONFLICT; (bso#9040).
- Fix resolving our own "Domain Local" groups; (bso#9052); (bnc#779269).
- Fix build against CUPS 1.6; (bso#9055).
- Fix bugs in SMB2 credit handling code; (bso#9057).
- rpcclient: Fix bad call to data_blob_const; (bso#9062).

-------------------------------------------------------------------
Fri Jul 20 23:02:10 UTC 2012 - lmuelle@suse.com

- Create missing doc directories while install.
- Remove no longer existing Manifest file from install.
- Don't creat a link to non existend html man pages for swat.
- Don't call the no longer existing libsmbclient testsuit while build.

-------------------------------------------------------------------
Fri Jul 20 22:08:35 UTC 2012 - lmuelle@suse.com

- Configure with option --mandir instead --with-mandir.
- Remove obsoleted --with-rootsbindir, --with-nmbdsocketdir, and
  --with-swatdir configure options.

-------------------------------------------------------------------
Thu Jul 19 11:12:48 UTC 2012 - lmuelle@suse.com

- Update to 4.0.0beta4.
  See WHATSNEW.txt from the samba-doc package.

-------------------------------------------------------------------
Mon Jul 16 14:35:39 UTC 2012 - lmuelle@suse.com

- BuildRequire gcc, make, and patch; (bnc#771516).

-------------------------------------------------------------------
Wed Jul 11 17:52:50 UTC 2012 - lmuelle@suse.com

- ndr: fix push/pull DATA_BLOB with NDR_NOALIGN; (bso#9026); (bnc#770262).

-------------------------------------------------------------------
Wed Jul 11 14:20:48 UTC 2012 - lmuelle@suse.com

- Fix shell syntax in dhcpcd hook script; (bnc#769957).

-------------------------------------------------------------------
Wed Jun 27 21:22:11 UTC 2012 - lmuelle@suse.com

- Add missing int declaration to the net kdc lookup patch.

-------------------------------------------------------------------
Mon Jun 25 21:42:20 UTC 2012 - lmuelle@suse.com

- Update to 4.0.0beta2.
  See WHATSNEW.txt from the samba-doc package.

-------------------------------------------------------------------
Mon Jun 25 19:46:31 UTC 2012 - lmuelle@suse.com

- Update to 3.6.6.
  + Fix possible memory leaks in the Samba master process; (bso#8970).
  + Fix uninitialized memory read in talloc_free(); (bnc#764577).
  + Fix joining of XP Pro workstations to 3.6 DCs; (bso#8373); (bnc#787983).

-------------------------------------------------------------------
Thu Jun 21 18:05:33 UTC 2012 - lmuelle@suse.com

- resolve_ads() code can return zero addresses and miss valid DC IP addresses;
  (bso#8910).
- Can't join XP Pro workstations to 3.6.1 DC; (bso#8373); (bnc#787983).
- winbind can hang as nbt_getdc() has no timeout; (bso#8953).
- Fix crash bug in dns_create_probe when dns_create_update fails; (bso#8627)
- s3-pid: Catch with pid filename's change when config file is not smb.conf;
  (bso#8714).
- Possible memory leaks in the main Samba process; (bso#8970).
- s3: Fix uninitialized memory read in talloc_free(); (bnc#764577).
- Treat exit_server_cleanly() as a "clean" shutdown; (bso#8971).
- Avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute(); (bso#8988).
- Winzip occasionally can not read files out of an open winzip dialog;
  (bso#8311).
- s3-winbindd: call dump_core_setup after command line option has been parsed;
  (bso#8975).
- Directory group write permission bit is set if unix extensions are enabled;
  (bso#8972).
- s3: remove dependency on automake for "make everything"; (bso#8978).
- sd_has_inheritable_components segfaults on an SD that se_access_check
  accepts; (bso#8811).
- smbclient's tarmode insists on listing excluded directories; (bso#8922).
- Notify code can miss a ChDir; (bso#8998).
- s3:smbd: add a fsp_persistent_id() function; (bso#8995).

-------------------------------------------------------------------
Fri Jun  4 10:11:56 UTC 2012 - lmuelle@suse.com

- Call autogen.sh even on post-12.1 SUSE systems.

-------------------------------------------------------------------
Fri Jun  1 23:01:11 UTC 2012 - lmuelle@suse.com

- Don't call autogen.sh on post-12.1 SUSE and post-14 Fedora systems.
- Recompile all IDL in any case.

-------------------------------------------------------------------
Fri Jun  1 14:18:58 UTC 2012 - lmuelle@suse.com

- BuildIgnore libtalloc and libtdb to prevent a package conflict on Fedora
  systems.

-------------------------------------------------------------------
Thu May 31 15:48:11 UTC 2012 - lmuelle@suse.com

- Install talloc.pc only on pre-12.2 and non SUSE systems.

-------------------------------------------------------------------
Thu May 31 14:07:36 UTC 2012 - lmuelle@suse.com

- BuildRequire libldb-devel, libtalloc-devel, libtdb-devel, and
  libtevent-devel on post-12.1 systems.

-------------------------------------------------------------------
Wed May 30 12:07:39 UTC 2012 - lmuelle@suse.com

- s3: Fix a segfault with debug level 3 on Solaris; (bso#8861).
- s3: wbinfo --lookup-sids "" crashes winbind; (bso#8904).
- smbd crashes when deleting directory and veto files are enabled; (bso#8837).
- winbind_krb5_locator only returns one IP address; (bso#8897).
- Wrong assertion/comparison: Compare value not pointer; (bso#8859).
- Inconsistent (with manpage) command-line switch for "help" in smbtree;
  (bso#8831).
- Fix incorrect debug statement.
- Setting traverse rights fails to enable directory traversal when acl_xattr
  in use; (bso#8857).
- Syslog broken owing to mistyping of debug_settings.syslog; (bso#8877).
- s3/ldap: remove outdated netscape ds 5 schema file; (bso#8869).
- s3-docs: fixes several typos; (bso#7938).
- s3-VFS: Fix building out-of-tree modules; (bso#8822).
- s3-docs: Add hint that setting "profile acls = yes" on normal shares can
  cause trouble; (bso#7930).
- s3-pam_winbind: Fix the build with a newer iniparser library; (bso#8915).
- Avoid null dereference in initialize_password_db(); (bso#8920).
- s3:registry: implement values_need_update and subkeys_need_update in the
  smbconf backend.
- s3:registry:reg_api: fix reg_queryvalue to not fail when values are
  modified while it runs.
- s4:torture:rpc:spoolss: also initialize driverName before checking it in
  test_PrinterData_DsSpooler().
- s3:registry: multiple cleanups, fixes, and optimisations.
- s3:auth/server_info: the primary rid should be in the groups rid array;
  (bso#8798).
- s3-printing: Add new printers to registry; (bso#8554); (bso#8612);
  (bso#8748).
- Fix the overwriting of errno before use in a DEBUG statement and use the
  return value from store_acl_blob_fsp rather than ignoring it; (bso#8945).
- s3-auth: Don't lookup the system user in pdb; (bso#8944).
- s3-passdb: Fix negative SID->uid/gid cache handling; (bso#8952).
- Fix typo in pam_winbindd code; (bso#8957).
- Fix remove_duplicate_addrs2 previously it could leave zero addresses in the
  list; (bso#8910).
- Slow but responsive DC can lock up winbindd; (bso#8943).
- Broken processing of %U with vfs_full_audit when force user is set;
  (bso#8882).

-------------------------------------------------------------------
Mon May 15 11:54:41 UTC 2012 - lmuelle@suse.com

- Disable included build of ldb, talloc, tdb, and tevent on post-12.1 systems.
- BuildRequire libldb1-devel, libtalloc2-devel, libtdb1-devel, and
  libtevent0-devel on post-12.1 systems.

-------------------------------------------------------------------
Wed May  2 13:17:54 UTC 2012 - lmuelle@suse.com

- Add PreReq /etc/init.d/nscd to the winbind package; (bnc#759731).

-------------------------------------------------------------------
Sat Apr 21 20:59:53 UTC 2012 - lmuelle@suse.com

- docs-xml: fix default name resolve order; (bso#7564).
- s3-aio-fork: Fix a segfault in vfs_aio_fork; (bso#8836).
- docs: remove whitespace in example samba.ldif; (bso#8789).
- s3-smbd: move print_backend_init() behind init_system_info(); (bso#8845);
  (bnc#730769).
- s3-docs: Prepend '/' to filename argument; (bso#8826).

-------------------------------------------------------------------
Fri Apr 20 09:51:25 UTC 2012 - lmuelle@suse.com

- Update to 3.6.5.
- Restrict self granting privileges where security=ads for Samba post-3.3.16;
  CVE-2012-2111; (bnc#757576).

-------------------------------------------------------------------
Fri Apr 13 18:18:52 CEST 2012 - ddiss@suse.de

- Remove all precompiled idl output to ensure any pidl changes take effect;
  (bnc#757080).

-------------------------------------------------------------------
Tue Apr 10 16:13:34 UTC 2012 - lmuelle@suse.com

- Update to 3.6.4.
- Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe-
  cution as the "root" user; PIDL based autogenerated code allows overwriting
  beyond of allocated array; CVE-2012-1182; (bso#8815); (bnc#752797).

-------------------------------------------------------------------
Sun Mar 25 21:14:33 UTC 2012 - lmuelle@suse.de

- s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys;
  (bso#8599).
- Correctly handle DENY ACEs when privileges apply; (bso#8797).

-------------------------------------------------------------------
Fri Mar 16 20:26:20 UTC 2012 - lmuelle@suse.de

- s3:smb2_server: fix a logic error, we should sign non guest sessions;
  (bso8749).
- Allow vfs_aio_pthread to build as a static module; (bso#8723).
- s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for
  persistent dbs; (#bso8527).
- s3: segfault in dom_sid_compare(bso#8567).
- Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER;
  (bso#8768).
- s3-winbindd: Close netlogon connection if the status returned by the
  NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771).
- s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599).
- Fix problem when calculating the share security mask, take priviliges into
  account for the connecting user; (bso#8784).

-------------------------------------------------------------------
Thu Mar 15 11:44:55 CET 2012 - ddiss@suse.de

- Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups;
  (bso#8807); (bnc#751454).

-------------------------------------------------------------------
Wed Mar 14 20:00:25 UTC 2012 - lmuelle@suse.de

- Remove obsoleted Authors lines from spec file for post-11.2 systems.

-------------------------------------------------------------------
Mon Feb 27 15:57:07 UTC 2012 - lmuelle@suse.de

- Make ldapsmb build with Fedora 15 and 16; (bso#8783).
- BuildRequire libuuid-devel for post-11.0 and other systems.
- Define missing python macros for non SUSE systems.
- PreReq to fillup_prereq and insserv_prereq only on SUSE systems.
- Always use cifstab instead of smbfstab on non SUSE systems.

-------------------------------------------------------------------
Mon Feb 20 22:17:17 UTC 2012 - lmuelle@suse.de

- Ensure AndX offsets are increasing strictly monotonically in pre-3.4
  versions; CVE-2012-0870; (bnc#747934).

-------------------------------------------------------------------
Fri Feb 17 13:34:23 CET 2012 - ddiss@suse.de

- Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760); (bnc#741854).

-------------------------------------------------------------------
Thu Feb 16 11:00:37 CET 2012 - ddiss@suse.de

- s3-printing: fix crash in printer_list_set_printer(); (bso#8762);
  (bnc#746825).

-------------------------------------------------------------------
Mon Feb  6 13:39:48 UTC 2012 - lmuelle@suse.de

- s3:winbindd fix a return code check; (bso#8406).

-------------------------------------------------------------------
Mon Feb  6 13:36:38 UTC 2012 - lmuelle@suse.de

- s3: Add rmdir operation to streams_depot; (bso#8733).

-------------------------------------------------------------------
Mon Feb  6 13:34:09 UTC 2012 - lmuelle@suse.de

- s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used();
  (bso#8738); CVE-2013-0454; (bnc#811975).

-------------------------------------------------------------------
Mon Feb  6 13:30:53 UTC 2012 - lmuelle@suse.de

- s3:auth: fill the sids array of the info3 in
  wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739).

-------------------------------------------------------------------
Mon Feb  6 13:26:26 UTC 2012 - lmuelle@suse.de

- s3:client: ignore SMBecho errors (the server may not support it);
  (bso#8139).

-------------------------------------------------------------------
Mon Feb  6 13:14:05 UTC 2012 - lmuelle@suse.de

- Be more strict when using PAM_AUTH API from winbind if Kerberos auth is
  enabled and don't unintentionally use a bogus domain name; (bso#8734).

-------------------------------------------------------------------
Mon Feb  6 13:07:57 UTC 2012 - lmuelle@suse.de

- smbclient fails with posix large reads; (bso#8727).

-------------------------------------------------------------------
Thu Feb  2 20:27:25 UTC 2012 - lmuelle@suse.de

- Use the smbfs init script on versions pre-11.3, or cifs in later versions;
  (bnc#744614).

-------------------------------------------------------------------
Mon Jan 30 15:03:43 UTC 2012 - lmuelle@suse.de

- s3: Compile IDL files in autogen, some configure tests need this.

-------------------------------------------------------------------
Mon Jan 30 15:46:17 CET 2012 - fcrozat@suse.com

- Fixes various deadlocks in if-up.d / if-down.d when running under
  systemd; (bnc#732395).

-------------------------------------------------------------------
Sun Jan 29 21:06:24 UTC 2012 - lmuelle@suse.de

- Update to 3.6.3.
  + Fix memory leak in parent smbd on connection; CVE-2012-0817; (bso#8724);
    (bnc#743986).

-------------------------------------------------------------------
Thu Jan 26 14:15:38 UTC 2012 - lmuelle@suse.de

- Use spdx.org compliant license names for all packages.

-------------------------------------------------------------------
Wed Jan 25 20:16:10 UTC 2012 - lmuelle@suse.de

- Update to 3.6.2.
  + Make Winbind receive user/group information (bug #8371).
  + Several SMB2 fixes.
  + Fix a crash bug in the spoolss code.
  + Add new contributing FAQ announcing acceptance of corporate (C).

  + DeletePrinterDriverEx deletes files in use; (bso#4942); (bnc#742504).
  + Fix cli_write_and_x() against OS/2 print shares; (bso#5326).
  + Fix 'smbclient tar' for files greater than 8GB on BE machines; (bso#563);
    (bnc#726145).
  + Remove pointless use_memory_krb5_ccache; (bso#7465).
  + Fix perl path; (bso#8176).
  + Grant credits in async interim responses (SMB2); (bso#8357).
  + Make Winbind receive user/group information; (bso#8371).
  + Fix Windows XP clients crashing smbd process every once in a while;
    (bso#8384); (bnc#731571).
  + Make VFS op "streaminfo" stackable; (bso#8419).
  + Add an allocation pool to idmap_autorid; (bso#8444).
  + Fix SEGFAULT from net registry export on not zero terminated REG_SZ
    values; (bso#8528).
  + Make DSO_EXPORTS_CMD more portable; (bso#8531).
  + readlink() on Linux clients fails if the symlink target is outside of the
    share; (bso#8541).
  + smbclient posix_open command fails to return correct info on open file;
    (bso#8542).
  + winbind_samlogon_retry_loop ignores logon_parameters flags; (bso#8548).
  + Fix setting the machine account password; (bso#8550).
  + Make SMB2 handle compound request headers in the same way as Windows;
    (bso#8560).
  + Password change settings not fully observed; (bso#8561).
  + Fix double free error in talloc; (bso#8562).
  + Fix alignment in the non-extended-security negprot; (bso#8573).
  + Add systemd service files; (bso#8575).
  + Add systemd service files; (bso#8575).
  + smb2_flush: Don't send uninitialized memory; (bso#8579).
  + Enable inotify if sys or kernel inotify is available; (bso#8580).
  + Increase a debug level; (bso#8585).
  + libsmb: Only align unicode pipe_name; (bso#8586).
  + Fix marshalling of samr_ChangePasswordUser3; (bso#8591).
  + Don't limit the number of open dptrs for SMB2; (bso#8592).
  + Fix a crash bug in cldap_socket_recv_dgram(); (bso#8593).
  + Make cldap work over IPv6; (bso#8600).
  + Fix intermittent print job failures caused by character conversion errors;
    (bso#8606).
  + Improve configure.in so it can be used outside the Samba source tree;
    (bso#8607).
  + Winbind: Don't fail on users without a uid; (bso#8608).
  + Ensure we correctly calculate reply credits over all returned SMB2
    replies; (bso#8614).
  + Fix migrate printer code; (bso#8618).
  + Fix crash bug when trying to browse Samba printers; (bso#8623).
  + libsmb: Don't duplicate Kerberos service tickets; (bso#8628).
  + POSIX ACE x permission becomes rx following mapping to and from a DACL;
    (bso#8631).
  + When returning an ACL without SECINFO_DACL requested, we still set
    SEC_DESC_DACL_PRESENT in the type field; (bso#8636).
  + Fix the vfs_commit module; (bso#8639).
  + Add an update function for Winbind cache; (bso#8643).
  + vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries
    on a directory with no stored ACL; (bso#8644).
  + Document the "ignore system acls" option of vfs_acl_xattr and vfs_acl_tdb
    vfs modules; (bso#8652).
  + Fix deleting a symlink if the symlink target is outside of the share;
    (bso#8663).
  + Fix renaming a symlink if the symlink target is outside of the share;
    (bso#8664).
  + Fix NT ACL issue; (bso#8673).
  + Fix buffer overflow issue with AES encryption in samba traffic analyzer;
    (bso#8674).
  + Fix Winbind segfault if we can't map the last user; (bso#8678).
  + recvfile code path using splice() on Linux leaves data in the pipe on
    short write; (bso#8679).
  + Try ctdbd_init_connection() as root; (bso#8684).
  + Packet validation checks can be done before length validation causing
    uninitialized memory read; (bso#8686).
  + Fix typo in 'net memberships' usage; (bso#8687).
  + libads: Fix malloc/talloc mismatch in ads_keytab_verify_ticket();
    (bso#8692).
  + Make DeletePrinterDriverEx remove printer driver files; (bso#8697)
    (bnc#740810).
  + Fix major leak with SMB2 in connections.tdb; (bso#8710).

-------------------------------------------------------------------
Wed Jan 25 19:55:25 UTC 2012 - lmuelle@suse.de

- s3-spoolss: Pass the right pointer type; (bso#4942); (bnc#742504).

-------------------------------------------------------------------
Wed Jan 25 12:56:23 UTC 2012 - lmuelle@suse.de

- Use correct license, LGPLv3+ for libwbclient packages.

-------------------------------------------------------------------
Tue Jan 24 19:46:46 UTC 2012 - lmuelle@suse.de

- When returning an ACL without SECINFO_DACL requested, we still set
  SEC_DESC_DACL_PRESENT in the type field; (bso#8636).

-------------------------------------------------------------------
Tue Jan 24 10:58:38 CET 2012 - ddiss@suse.de

- Fix incorrect types in the full_audit VFS module. Add null terminators to
  audit log enums; (bnc#742885).

-------------------------------------------------------------------
Sun Jan 22 01:38:35 CET 2012 - ddiss@suse.de

- Prefix print$ path on driver file deletion; (bso#8697); (bnc#740810).
- Fix printer_driver_files_in_use() call ordering; (bso#4942); (bnc#742504).

-------------------------------------------------------------------
Sat Jan 21 21:23:08 UTC 2012 - lmuelle@suse.de

- Buffer overflow issue with AES encryption in samba traffic analyzer;
  (bso#8674).
- NT ACL issue; (bso#8673).
- Deleting a symlink fails if the symlink target is outside of the share;
  (bso#8663).
- connections.tdb - major leak with SMB2; (bso#8710).

-------------------------------------------------------------------
Wed Jan 18 20:55:14 UTC 2012 - lmuelle@suse.de

- Renaming a symlink fails if the symlink target is outside of the share;
  (bso#8664).

-------------------------------------------------------------------
Tue Jan 17 12:04:12 UTC 2012 - lmuelle@suse.de

- Intermittent print job failures caused by character conversion errors;
  (bso#8606).
- ads_keytab_verify_ticket mixes talloc allocation with malloc free;
  (bso#8692).
- libcli/cldap: fix a crash bug in cldap_socket_recv_dgram(); (bso#8593).
- s3:lib/ctdbd_conn: try ctdbd_init_connection() as root; (bso#8684).
- s3-printing: fix migrate printer code; (bso#8618).
- Packet validation checks can be done before length validation causing
  uninitialized memory read; (bso#8686).

-------------------------------------------------------------------
Mon Jan 16 16:41:18 UTC 2012 - lmuelle@suse.de

- net memberships usage info was wrong; (bso#8687).
- s3-libsmb: Don't duplicate kerberos service tickets; (bso#8628).
- Recvfile code path using splice() on Linux leaves data in the pipe on short
  write; (bso#8679).
- s3-winbind: Fix segfault if we can't map the last user; (bso#8678).
- vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on
  a directory with no stored ACL; (bso#8644).
- s3/doc: document the ignore system acls option of vfs_acl_xattr and
  vfs_acl_tdb; (bso#8652).
- Winbind can't receive any user/group information; (bso#8371).
- s3-winbind: Add an update function for winbind cache; (bso#8643).
- s3: Attempt to fix the vfs_commit module.
- POSIX ACE x permission becomes rx following mapping to and from a DACL;
  (#bso#8631).
- s3:libsmb: only align unicode pipe_name; (bso#8586).
- s3-winbind: Don't fail on users without a uid; (bso#8608).
- Crash when trying to browse samba printers; (bso#8623).
- talloc: double free error; (bso#8562).
- cldap doesn't work over ipv6; (bso#8600).
- s3:libsmb: fix cli_write_and_x() against OS/2 print shares; (bso#5326).
- SMB2: not granting credits for all requests in a compound request;
  (bso#8614).
- smb2_flush sends uninitialized memory; (bso#8579).
- Password change settings not fully observed; (bso#8561).
- s3:smb2_server: grant credits in async interim responses; (bso#8357).
- s3:smbd: don't limit the number of open dptrs for smb2; (bso#8592).
- samr_ChangePasswordUser3 IDL incorrect; (bso#8591).
- idmap_autorid does not have allocation pool; (bso#8444).
- Add systemd service files.
- s3:libsmb: the workgroup in the non-extended-security negprot is not
  aligned; (bso#8573).
- s3-build: Fix inotify detection; (bso#8580).
- SMB2 doesn't handle compound request headers in the same way as Windows;
  (#bso8560).
- Disconnecting clients swamp the logs; (bso#8585).
- s3-netlogon: Fix setting the machinge account password; (bso#8550).
- winbind_samlogon_retry_loop ignores logon_parameters flags; (#bso8548).
- smbclient posix_open command fails to return correct info on open file;
  (bso#8542).
- readlink() on Linux clients fails if the symlink target is outside of the
  share; (bso#8541).
- s3-netapi: remove pointless use_memory_krb5_ccache; (bso#7465).
- s3:Makefile: make DSO_EXPORTS_CMD more portable; (bso#8531).
- s3:registry: fix the test for a REG_SZ blob possibly being a zero terminated
  ucs2 string; (bso#8528).
- Make VFS op "streaminfo" stackable; (bso#8419).

-------------------------------------------------------------------
Tue Jan  3 12:04:48 CET 2012 - ddiss@suse.de

- Fix incorrect perfcount array length calculations; (bnc#739258).

-------------------------------------------------------------------
Wed Dec 21 12:59:18 UTC 2011 - coolo@suse.com

- BuildRequire autoconf to avoid implicit dependency for post-11.4 systems.

-------------------------------------------------------------------
Wed Dec 21 10:31:47 UTC 2011 - coolo@suse.com

- Remove call to suse_update_config macro for post-11.4 systems.

-------------------------------------------------------------------
Mon Dec 19 23:57:12 UTC 2011 - lmuelle@suse.de

- Use samba.org for the ldapsmb source location.

-------------------------------------------------------------------
Wed Dec  7 03:53:18 MST 2011 - shargagan@novell.com

- Fixing libsmbsharemode dependency on ldap and krb5 libs in Makefile;
  (bnc #729516).

-------------------------------------------------------------------
Thu Nov 25 18:57:04 CET 2011 - ddiss@suse.de

- Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES;
  (bso#8631); (bnc#732572).

-------------------------------------------------------------------
Fri Nov 25 12:10:25 UTC 2011 - lmuelle@suse.de

- Add ldap to Should-Start and Stop of the smb init script; (bnc#730046).

-------------------------------------------------------------------
Sun Nov 20 00:22:14 CET 2011 - ddiss@suse.de

- Fix smbd srv_spoolss_replycloseprinter() segfault; (bso#8384); (bnc#731571).

-------------------------------------------------------------------
Fri Nov  4 12:21:56 CET 2011 - ddiss@suse.de

- Fix pam_winbind.so segfault in pam_sm_authenticate(); (bso#8564).

-------------------------------------------------------------------
Tue Nov  1 23:11:41 CET 2011 - ddiss@suse.de

- Fix smbclient >8GB tars on big endian machines; (bso#563); (bnc#726145).

-------------------------------------------------------------------
Mon Oct 31 18:29:48 CET 2011 - ddiss@suse.de

- Fix typo in net ads join output; (bnc#713135).

-------------------------------------------------------------------
Thu Oct 27 20:00:16 UTC 2011 - lmuelle@suse.de

- Ignore a potentially missing AppArmor snippet helper script; (bnc#725256).

-------------------------------------------------------------------
Thu Oct 20 20:33:56 UTC 2011 - lmuelle@suse.de

- Update to 3.6.1.
  + Fix smbd crashes triggered by Windows XP clients; (bso#8384).
  + Fix a Winbind race leading to 100% CPU load; (bso#8409).
  + Several SMB2 fixes.
  + The VFS ACL modules are no longer experimental but production-ready.

  + Fix 'net ads join -k' when KRB5CCNAME is not set; (bso#7465).
  + smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509).
  + Return error of cli_push when 'put - /some/file' is used; (bso#7551).
  + Fix usage of cli_errstr(); (bso#7864).
  + Fix 'widelinks' regression; (bso#8229).
  + Empty notify servername; (bso#8236).
  + Add man vfs_aio_fork; (bso#8256).
  + smb2: smbd logs "Invalid SMB packet: first request: 0x0008" and crashes;
    (bso#8334).
  + Add a fallback for missing open&x support in MAC OS/X Lion; (bso#8338).
  + While migrating forms, don't fail if the form already exists; (bso#8351).
  + OS/2 sends an unexpected write&x/read&x chain; (bso#8360).
  + Fix build of vfs_prealloc on SLES8; (bso#8363).
  + Fix the build of gpfs.c on RHEL 6.0 with gpfs 3.4.0-4; (bso#8364).
  + Fix the fallback to the deprecated spelling idmap:script; (bso#8368).
  + Fix vfs_chown_fsp; (bso#8370).
  + Fix smbd crashes triggered by Windows XP clients; (bso#8384).
  + Fix smbclient access to NT4 shares; (bso#8385).
  + Optimize serverid_exists() for Solaris; (bso#8395).
  + registry/reg_format.c must include includes.h; (bso#8401).
  + SMB2 server can return requests out-of-order when processing a compound
    request; (bso#8407).
  + Fix a Winbind race leading to 100% CPU load; (bso#8409).
  + Fix "saving as" of MS Office 2007 (Word) documents on Samba shares with
    SMB2; (bso#8412).
  + Fix 'getent group' if trusted domains are not reachable; (bso#8420).
  + Fix infinite loop in ACL module code; (bso#8422).
  + Fix wrong reply to DHnC (durable handle reconnect); (bso#8428).
  + Compound SMB2 requests on an IPC connection can corrupt the reply stream;
    (bso#8429).
  + Fix segfault in iconv.c; (bso#8433).
  + NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames;
    (bso#8442).
  + Be smarter about setting default permissions when a ACL_USER_OBJ isn't
    given; (bso#8443).
  + Check the wct of the incoming SMBnegprot responses; (bso#8452).
  + Fix smbclient segfaults when dialect option -m is used for legacy
    dialects; (bso#8453).
  + Fix uninitialized memory problem in group_sids_to_info3; (bso#8455).
  + Samba PDC is looking up only primary user group; (bso#8455).
  + IE9 on Windows 7 cannot download files to samba 3.5.11 share; (bso#8458).
  + smb2_find uses a hard coded max reply size of 0x10000 instead of
    smb2_max_trans; (bso#8473).
  + SMB2 create doesn't cope with an Apple client using NULL blob in create;
    (bso#8474).
  + Don't call smbd_terminate_connection in smb2_validate_message_id();
    (bso#8476).
  + Samba asserts when SMB2 client breaks the crediting rules; (bso#8476).
  + Map to guest can return uninitialized blob of data; (bso#8477).
  + acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480).
  + DFS breaks zip file extracting unless "follow symlinks = no" set;
   (bso#8493).
  + Remove "experimental" label on VFS ACL modules; (bso#8494).
  + SMB2_OP_CANCEL requests don't have to be signed; (bso#8503).
  + smbd doesn't correctly honor the "force create mode" bits from a cifsfs
    create; (bso#8507).
  + Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER;
    (bso#8509).
  + Disallow "." in can_set_delete_on_close(); (bso#8515).
  + SMB2 create call returns incorrect file allocation size; (bso#8518).
  + Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements;
    (bso#8520).
  + Winbind cache timeout expiry test was reversed; (bso#8521).

-------------------------------------------------------------------
Tue Oct 18 21:27:31 UTC 2011 - lmuelle@suse.de

- s3/doc: add man page for aio_fork vfs module.

-------------------------------------------------------------------
Tue Oct 18 21:23:57 UTC 2011 - lmuelle@suse.de

- Fix uninitialized memory problem in group_sids_to_info3; (bso#8455).

-------------------------------------------------------------------
Tue Oct 18 21:11:37 UTC 2011 - lmuelle@suse.de

- s3: Samba PDC is looking up only primary user group; (bso#8455).

-------------------------------------------------------------------
Tue Oct 18 18:33:34 UTC 2011 - lmuelle@suse.de

- Add script to create or update an AppArmor sniplet with permissions for all
  Samba shares; (bnc#688040).

-------------------------------------------------------------------
Tue Oct 18 19:34:00 CEST 2011 - jmcdonough@suse.de

- Add "ldapsam:login cache" parameter to allow explicit disabling
  of the login cache; (bnc#723261).

-------------------------------------------------------------------
Fri Oct 14 14:00:57 CEST 2011 - ddiss@suse.de

- Retain the smbd startproc return value for correct startup status reporting.
  unset was incorrectly being called prior to rc_status; (bnc#723724).

-------------------------------------------------------------------
Fri Oct 14 11:46:53 CEST 2011 - ddiss@suse.de

- Prevent deadlock in systemd triggered by if-down.d handler on shutdown;
  (bnc#721598).

-------------------------------------------------------------------
Thu Oct 13 19:44:22 UTC 2011 - lmuelle@suse.de

- smb2_find uses a hard coded max reply size of 0x10000 instead of
  smb2_max_trans; changed defaults and documentation (bso8473).

-------------------------------------------------------------------
Thu Oct 13 12:13:27 UTC 2011 - lmuelle@suse.de

- Empty CIFS share can be blocked for other clients by deleting it via empty
  path (DELETE_PENDING until the last client); (bso#8515).

-------------------------------------------------------------------
Wed Oct 12 19:48:02 UTC 2011 - lmuelle@suse.de

- winbindd cache timeout expiry test was reversed; (bso#8521).

-------------------------------------------------------------------
Wed Oct 12 19:40:16 UTC 2011 - lmuelle@suse.de

- Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements; (bso#8520).

-------------------------------------------------------------------
Wed Oct 12 16:33:39 UTC 2011 - lmuelle@suse.de

- s3:smb2_create: fix allocation size return value when opening existing
  files; (bso#8518).

-------------------------------------------------------------------
Wed Oct 12 16:28:41 UTC 2011 - lmuelle@suse.de

- SMB2 create doesn't cope with an Apple client using NULL blob in create;
  (bso#8474).

-------------------------------------------------------------------
Wed Oct 12 16:21:50 UTC 2011 - lmuelle@suse.de

- NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames;
  (bso#8442).

-------------------------------------------------------------------
Wed Oct 12 16:13:58 UTC 2011 - lmuelle@suse.de

- s3-docs: Fix bug (bso#7908) and typo.

-------------------------------------------------------------------
Mon Oct 10 15:00:19 UTC 2011 - lmuelle@suse.de

- Return error of cli_push when 'put - /some/file' is used; (bso#7551).

-------------------------------------------------------------------
Mon Oct 10 14:57:48 UTC 2011 - lmuelle@suse.de

- Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER; (bso#8509).

-------------------------------------------------------------------
Mon Oct 10 14:53:48 UTC 2011 - lmuelle@suse.de

- smbd doesn't correctly honor the "force create mode" bits from a cifsfs
  create; (bso#8507).

-------------------------------------------------------------------
Mon Oct 10 14:49:21 UTC 2011 - lmuelle@suse.de

- Default user entry is set to minimal permissions on incoming ACL change with
  no user specified; (bso#8443).

-------------------------------------------------------------------
Mon Oct 10 14:42:10 UTC 2011 - lmuelle@suse.de

- smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509).

-------------------------------------------------------------------
Mon Oct 10 14:36:05 UTC 2011 - lmuelle@suse.de

- Handle the SECINFO_LABEL flag in the same was as Win2k3; enable Microsoft
  Internet Explorer 9 on Windows 7 to download files; (bso#8458).

-------------------------------------------------------------------
Mon Oct 10 14:31:05 UTC 2011 - lmuelle@suse.de

- DFS breaks zip file extracting unless "follow symlinks = no" set;
  (bso#8493).

-------------------------------------------------------------------
Mon Oct 10 14:28:08 UTC 2011 - lmuelle@suse.de

- s3-docs: Fix typos.

-------------------------------------------------------------------
Mon Oct 10 14:24:55 UTC 2011 - lmuelle@suse.de

- s3:smb2_server: SMB2_OP_CANCEL requests don't have to be signed; (bso#8503).

-------------------------------------------------------------------
Mon Oct 10 14:18:42 UTC 2011 - lmuelle@suse.de

- Remove "experimental" label on VFS ACL modules; (bso#8494).

-------------------------------------------------------------------
Mon Oct 10 14:07:40 UTC 2011 - lmuelle@suse.de

- acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480).

-------------------------------------------------------------------
Mon Oct 10 13:59:43 UTC 2011 - lmuelle@suse.de

- s3-smbd: asserts when SMB2 client breaks the crediting rules; (bso#8476).

-------------------------------------------------------------------
Mon Oct 10 13:55:35 UTC 2011 - lmuelle@suse.de

- s3-libnet: allow to use default krb5 ccache in libnet_Join/libnet_Unjoin;
  (bso#7465).

-------------------------------------------------------------------
Mon Oct 10 13:52:16 UTC 2011 - lmuelle@suse.de

- smb2_find uses a hard coded max reply size of 0x10000 instead of
  smb2_max_trans; (bso#8473).

-------------------------------------------------------------------
Mon Oct 10 13:49:45 UTC 2011 - lmuelle@suse.de

- s3-netapi: allow to use default krb5 credential cache for libnetapi users.

-------------------------------------------------------------------
Mon Oct 10 13:43:47 UTC 2011 - lmuelle@suse.de

- s3-docs: document -k switch in net manpage.

-------------------------------------------------------------------
Mon Oct 10 13:35:58 UTC 2011 - lmuelle@suse.de

- Map to guest can return uninitialized blob of data; (bso#8477).

-------------------------------------------------------------------
Mon Oct 10 13:32:39 UTC 2011 - lmuelle@suse.de

- s3-registry: registry/reg_format.c must include includes.h; (bso#8401).

-------------------------------------------------------------------
Mon Oct 10 13:29:19 UTC 2011 - lmuelle@suse.de

- smbclient segfaults when option -m is used for legacy dialects; (bso#8453).

-------------------------------------------------------------------
Mon Oct 10 13:24:11 UTC 2011 - lmuelle@suse.de

- Fix 'widelinks' regression intro'd in 3.2; (bso#8229).

-------------------------------------------------------------------
Mon Oct 10 13:20:41 UTC 2011 - lmuelle@suse.de

- Compound SMB2 requests on an IPC connection can corrupt the reply stream;
  (bso#8429).

-------------------------------------------------------------------
Mon Oct 10 13:11:08 UTC 2011 - lmuelle@suse.de

- s3-spoolss: Fix bug forms migration; (bso#8351).

-------------------------------------------------------------------
Mon Oct 10 13:04:02 UTC 2011 - lmuelle@suse.de

- s3:libsmb: check the wct of the incoming SMBnegprot responses; (bso#8452).

-------------------------------------------------------------------
Mon Oct 10 12:58:36 UTC 2011 - lmuelle@suse.de

- s3: Do not fork the echo handler for smb2; (bso#8334).

-------------------------------------------------------------------
Mon Oct 10 12:54:11 UTC 2011 - lmuelle@suse.de

- s3-spoolss: Fix bug empty notify servername; (bso#8236).

-------------------------------------------------------------------
Mon Oct 10 12:50:26 UTC 2011 - lmuelle@suse.de

- SMB2 server can return requests out-of-order when processing a compound
  request; (bso#8407).

-------------------------------------------------------------------
Fri Oct  7 10:40:49 UTC 2011 - lmuelle@suse.de

- Remove smb child crash fix.  The issue had been fixed upstream differently.

-------------------------------------------------------------------
Sun Oct  2 16:23:19 UTC 2011 - lmuelle@suse.de

- BuildRequire ctdb-devel version greater than 1.0.105 for post-10.0 systems.

-------------------------------------------------------------------
Tue Sep 27 17:56:52 CEST 2011 - hhetter@suse.de

- Fix samba duplicates file content on appending. Move posix case semantics
  out from under the VFS; (bso#6898); (bnc#681208).

-------------------------------------------------------------------
Wed Sep 21 22:09:00 CEST 2011 - jmcdonough@suse.de

- Make winbind child reconnect when remote end has closed, fix
  failing sudo; (bso#7295); (bnc#569721).

-------------------------------------------------------------------
Fri Sep  9 13:08:58 UTC 2011 - lmuelle@suse.de

- Spec file cleanup as suggested by the spec-cleaner tool.
  + Make all BuildRequires, PreReq, and Provides a separate line.
  + Use %{buildroot} instead of ${RPM_BUILD_ROOT}.
  + Use straight commands instead of macros (make, install).
  + Use -p in post and postun if we only call one command.
  + Use %{_localstatedir} instead of %{_var} in the filelist.
  + Remove superfluous AutoReqProv on lines.

-------------------------------------------------------------------
Thu Sep  8 19:29:36 UTC 2011 - lmuelle@suse.de

- Remove %release from all Provides.

-------------------------------------------------------------------
Thu Sep  1 20:54:52 UTC 2011 - lmuelle@suse.de

- Fix segfault in iconv.c which caused a null pointer dereference; (bso#8433).

-------------------------------------------------------------------
Wed Aug 31 16:10:03 UTC 2011 - lmuelle@suse.de

- Use /var/run for the cifs state file in the init script too; (bnc#710304).

-------------------------------------------------------------------
Tue Aug 30 21:38:12 UTC 2011 - lmuelle@suse.de

- Microsoft Word from Microsoft Office 2007 fails to save as on a share with
  SMB2; (bso#8412).

-------------------------------------------------------------------
Tue Aug 30 21:29:07 UTC 2011 - lmuelle@suse.de

- Use sys_write and sys_read in fork_domain_child to fix a winbind race
  leading to 100% CPU usage; (bso#8409).

-------------------------------------------------------------------
Tue Aug 30 18:41:20 UTC 2011 - lmuelle@suse.de

- Fix wrong reply to smb2 durable handle reconnect (DHnC) request; (bso#8428).

-------------------------------------------------------------------
Tue Aug 30 18:31:29 UTC 2011 - lmuelle@suse.de

- Fix infinite loop in ACL module code; (bso#8422).

-------------------------------------------------------------------
Mon Aug 29 19:28:54 UTC 2011 - lmuelle@suse.de

- Fix getent group if trusted domains are not reachable; (bso#8420).

-------------------------------------------------------------------
Mon Aug 29 16:51:58 UTC 2011 - lmuelle@suse.de

- smbclient can't access a NT4 share since 3.6.0; (bso#8385).

-------------------------------------------------------------------
Sat Aug 27 19:38:01 UTC 2011 - lmuelle@suse.de

- Optimize serverid_exists() for Solaris; (bso#8395).

-------------------------------------------------------------------
Sat Aug 27 19:29:37 UTC 2011 - lmuelle@suse.de

- talloc:
  + check block count after references test.
  + added test suite for talloc_free_children().
  + license info erratum in the manpage.
  + fix typos and better differentiation between versions 1 and 2.
  + preserve context name on talloc_free_children().
  + ensure the sibling linked list remains valid during a free.

-------------------------------------------------------------------
Sat Aug 27 18:50:21 UTC 2011 - lmuelle@suse.de

- vfs_chown_fsp returned in the wrong directory; (bso#8370).

-------------------------------------------------------------------
Sat Aug 27 18:46:40 UTC 2011 - lmuelle@suse.de

- Remove irritating "." targets when recent system libs exist; (bso#8369).

-------------------------------------------------------------------
Sat Aug 27 18:39:50 UTC 2011 - lmuelle@suse.de

- Correctly initialize "idmap config * : script" with NULL; (bso#8368).

-------------------------------------------------------------------
Sat Aug 27 18:31:11 UTC 2011 - lmuelle@suse.de

- Add missing include to suppress compiler warnings; (bso#8365).

-------------------------------------------------------------------
Sat Aug 27 18:21:54 UTC 2011 - lmuelle@suse.de

- Point the chain offset beyond the current request; (bso#8360).

-------------------------------------------------------------------
Sat Aug 27 18:11:27 UTC 2011 - lmuelle@suse.de

- Fix gpfs vfs module build; (bso#8364).

-------------------------------------------------------------------
Sat Aug 27 18:05:29 UTC 2011 - lmuelle@suse.de

- Make vfs_prealloc even build on older systems; (bso#8363).

-------------------------------------------------------------------
Sat Aug 27 17:56:13 UTC 2011 - lmuelle@suse.de

- Do central cli_set_error and return the actual NTSTATUS; (bso#7864).

-------------------------------------------------------------------
Sat Aug 27 17:42:48 UTC 2011 - lmuelle@suse.de

- Add a fallback for missing open&x support in OS/X Lion; (bso#8338).

-------------------------------------------------------------------
Tue Aug  9 12:29:16 UTC 2011 - lmuelle@suse.de

- Update to 3.6.0.
  + BUG 7462: Make SA_RESETHAND conditional on its existance.
  + BUG 8303: db_ctdb_send_schedule_for_deletion() is not defined.
  + BUG 8324: smbclient cannot list directories from a big-endian machine.
  + BUG 8326: WinXP cannot join a Samba3 domain with a 'even' hostname.
  + BUG 8327: Fix the reload of the configuration, also reload activated
    registry shares.
  + BUG 8328: Cleanup of idmap_tdb2 code.
  + BUG 8330: Fix NFSv4 ACL merging logic.
  + BUG 8335: File copy aborts with smb2_validate_message_id: bad message_id.
  + BUG 8341: Fix segfault in libsmbclient.
  + BUG 8343: Fix SMB2 crash reading with aio_fork beyond the end of file.
  + BUG 8347: Fix regression for HP-UX, AIX and OSF.
  + BUG 8357: Make sure we grant credits on async read/write operations.
  + BUG 8358: Fix a bug in run_poll_events().
  + BUG 8362: Fix build issue on old glibc systems.

-------------------------------------------------------------------
Mon Aug  8 15:03:53 UTC 2011 - lmuelle@suse.de

- Remove references to disabled vscan build.

-------------------------------------------------------------------
Thu Aug  4 17:12:25 UTC 2011 - lmuelle@suse.de

- Add missing define, includes, and initialization to get_printing_ticket.

-------------------------------------------------------------------
Thu Aug  4 10:40:57 UTC 2011 - lmuelle@suse.de

- Use /var/run for the cifs state file; (bnc#710304).

-------------------------------------------------------------------
Mon Aug  1 21:28:25 UTC 2011 - lmuelle@suse.de

- Fix #ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION issue; (bso#8303).

-------------------------------------------------------------------
Mon Aug  1 21:24:37 UTC 2011 - lmuelle@suse.de

- File copy aborts with smb2_validate_message_id: bad message_id; (bso#8335).

-------------------------------------------------------------------
Sun Jul 31 14:26:37 UTC 2011 - lmuelle@suse.de

- Fix reload of the configuration and also reload activated registry shares;
  (bso#8327).

-------------------------------------------------------------------
Sun Jul 31 14:22:21 UTC 2011 - lmuelle@suse.de

- WinXP cannot join a Samba3 domain with a 'even' hostname; (bso#8326).

-------------------------------------------------------------------
Thu Jul 28 13:09:58 UTC 2011 - lmuelle@suse.de

- smbclient cannot list directories from a big-endian machine; (bso#8324).

-------------------------------------------------------------------
Wed Jul 27 01:40:00 UTC 2011 - lmuelle@suse.de

- Update to 3.6.0rc3.
  + BUG 7841: Explicitly pass domain_sid to wbint_LookupRids().
  + BUG 7888: Deal with buggy 3.0 based PDCs.
  + BUG 8083: Fix "inherit owner = yes" with vfs_acl_xattr or vfs_acl_tdb
    module.
  + BUG 8102: Do not allow to change file ACLs from normal domusers.
  + BUG 8102: Do not allow to change file ACLs from normal domusers.
  + BUG 8193: Add new command 'enumerate_recursive'.
  + BUG 8195: Make rpc client code working against NT4 servers.
  + BUG 8211: Fix "inherit owner = yes" when "inherit permissions = yes" is
    set.
  + BUG 8213: Fixes in idmap_autorid.
  + BUG 8214: Fix smbd crash on printer driver upgrade.
  + BUG 8215: Fix Winbind unix username lookup.
  + BUG 8216: Make Winbind returning correct results with 'sids2xids'.
  + BUG 8217: Do not stat-check the share path in 'net conf addshare'.
  + BUG 8219: Fix SMB Panic from Windows 7 client.
  + BUG 8224: Fix the build on FreeBSD.
  + BUG 8226: Use c99 initializers which are supported by old gcc 2.95
    compilers.
  + BUG 8230: Move .nmbd socket directory to non-hidden name PREFIX/var/nmbd.
  + BUG 8231: Fix crash bug in 'net cache get'.
  + BUG 8235: Fix smbd crash on startup caused by migrate_printer().
  + BUG 8240: Fix Valgrind warnings in winreg/spoolss code.
  + BUG 8244: Fix copying files larger than 2 GB to a Samba share.
  + BUG 8247: Fix Coverity ID 2582: FORWARD_NULL.
  + BUG 8253: Fix Winbind panic if verify_idpool() fails.
  + BUG 8254: Fix "acl check permissions = no".
  + BUG 8260: Fix DCERPC responses with fragments larger than 1024 bytes.
  + BUG 8262: Fix build of vfs_commit.
  + BUG 8263: Fix build with --with-fake-kaserver or --with-vfs-afsacl.
  + BUG 8264: Fix Valgrind bugs in svcctl.
  + BUG 8276: Close all sockets attached to a subnet in close_subnet().
  + BUG 8278: Fix smbd panic when CTDB is unhealthy.
  + BUG 8281: Fix build of examples/VFS/*.
  + BUG 8286: Fix smbd crash on premature end of smb2 conn.
  + BUG 8292: Fix a major architectural flaw in the SMB2 server code.
  + BUG 8293: Fix log file rotating in SMB2.
  + BUG 8304: Fix uninitialized variable in error path.
  + BUG 8305: Fix segfault in nmbd when using 'smbtree ...'..
  + BUG 8307: brl_close_fnum does not call SMB_VFS_BRL_UNLOCK_WINDOWS on all
    locks.
  + BUG 8310: toupper_ascii() is broken on big-endian systems.
  + BUG 8314: Fix smbd crash with unknown user.

  + Mark 'time offset' parameter as deprecated.

-------------------------------------------------------------------
Tue Jul 26 23:57:01 UTC 2011 - lmuelle@suse.de

- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are
  affected by a cross-site scripting vulnerability; CVE-2011-2694; (bso#8289);
  (bnc#708503).

-------------------------------------------------------------------
Tue Jul 26 20:44:01 UTC 2011 - lmuelle@suse.de

- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are
  affected by a cross-site request forgery; CVE-2011-2522; (bso#8290);
  (bnc#705241).

-------------------------------------------------------------------
Mon Jul 25 07:35:04 MDT 2011 - shargagan@novell.com

- Fixed the DFS referral response for msdfs root; (bnc#703655).

-------------------------------------------------------------------
Wed Jul 20 11:05:27 CEST 2011 - ddiss@suse.de

- Fix CUPS print job IDs; (bso#7288); (bnc#701257).

-------------------------------------------------------------------
Thu Jul 14 10:26:22 UTC 2011 - lmuelle@suse.de

- Make use of the actual library version as part of the package name on
  post-11.3 systems only.

-------------------------------------------------------------------
Mon Jul 11 21:01:00 CEST 2011 - jmcdonough@suse.de

- Fix winbind internal error; (bso#7636); (bnc#659424).

-------------------------------------------------------------------
Mon Jul 11 16:21:23 CEST 2011 - ddiss@suse.de

- Improve ctdb vacuuming performance with use of SCHEDULE_FOR_DELETION;
  (bnc#705170).

-------------------------------------------------------------------
Mon Jun 20 17:28:46 CEST 2011 - ddiss@suse.de

- Specify nmbdsocketdir at configure time; (bnc#700953).

-------------------------------------------------------------------
Thu Jun  9 14:58:08 UTC 2011 - lmuelle@suse.de

- Build the tdb, talloc, and tevent libraries ahead of anything else.

-------------------------------------------------------------------
Tue Jun  7 21:02:45 UTC 2011 - jmcdonough@suse.de

- Update to 3.6.0rc2.
  + BUG 6911: Fix Kerberos authentication from Vista to Samba.
  + BUG 8166: Don't lockout users when offline.
  + BUG 8200: Add support for multiple writeable ldap idmap domains.
  + BUG 8148: Default to protocol version 2 for SMB Traffic Analyzer.

  + BUG 7054: Fix X account flag when "pwdlastset" is "0".
  + BUG 8144: Fix setting timestamp when touching files with CIFS clients.
  + BUG 8153: Fix setting up getaddrinfo on IPv6-only machines.
  + BUG 8156: Fix 'net ads join' using the user's Kerberos ticket.
  + BUG 8157: Fix parsing a cups printcap file.
  + BUG 8175: Fix smbd deadlock.
  + BUG 8189: Support shadow copy display over SMB2.
  + BUG 8197: Winbind does not properly detect when a DC connection is dead.
  + BUG 8203: Winbind needs to reset the DC connection if an RPC times out.

-------------------------------------------------------------------
Mon Jun 06 10:30:00 CEST 2011 - mrsb@novell.com

- Make cupsaddsmb fill printers location; (bso#8132); (bnc#698209).

-------------------------------------------------------------------
Fri Jun 03 21:19:00 CEST 2011 - lpechacek@suse.cz

- Add "winbind max clients" parameter to remove 200-client
  limit; (bnc#697461).

-------------------------------------------------------------------
Fri Jun 03 20:40:00 CEST 2011 - jmcdonough@suse.de

- Disable logon cache for password lockout consistency when
  running in a cluster; (bnc#694836).

-------------------------------------------------------------------
Fri May 27 04:46:48 CEST 2011 - jmcdonough@suse.de

- Fix logon of AD users with many group memberships; (bso#6911);
  (bnc#657026).

-------------------------------------------------------------------
Wed May 25 14:23:54 CEST 2011 - jmcdonough@suse.de

- Don't lockout users while offline; (bso#8166); (bnc#692607).

-------------------------------------------------------------------
Mon May 23 18:15:17 UTC 2011 - lmuelle@suse.de

- Update to 3.6.0rc1.
  + BUG 8111: CIFS VFS: Fix unexpected error on SMB posix open.
  + BUG 8112: POSIX extension opens of a directory are denied with EISDIR.
  + BUG 8132: Fix filling printers location field when using cups.

  + Remove fstrings from client struct.
  + BUGFIX when converting from safe_strcpy to strlcpy.
  + Fix off-by-one calculations with strlcpy.
  + Ensure we always write the correct incoming mid into the share mode table
    entries.
  + Fix the SMB2 oplock showstopper.
  + Convert user-specified domain to uppercase in libsmb.
  + Fix Coverity CID #2302: FORWARD_NULL.
  + Fix cups_pull_comment_location().
  + Fix double free of cups request.
  + Make cups_pull_comment_location() work again.
  + Fix potential crash bug in display_print_driver3().
  + Properly clean up in pthreadpool_init in case of failure.
  + Make plaintext session setup async.
  + Reduce fd load in Winbind children.
  + Avoid a potential 100% CPU loop in Winbind.
  + Tune broadcast namequeries for unique names.
  + Properly deal with exited winbind children.
  + Fix dup_smb2_vec3.
  + Fix return check in nss_wins.

-------------------------------------------------------------------
Tue May 17 05:17:59 MDT 2011 - shargagan@novell.com

- Fix to renew the kerberos ticket in samba after expiry; (bnc#669949).

-------------------------------------------------------------------
Mon May 16 10:23:54 CEST 2011 - ddiss@suse.de

- Fix a 100% CPU loop when ctdbd dies during a traverse; (bnc#693945).

-------------------------------------------------------------------
Thu May  5 15:51:22 UTC 2011 - lmuelle@suse.de

- Make dhcpcd hook BOOTPROTO check cover dhcp6 too; (bnc#691969).

-------------------------------------------------------------------
Thu May  5 03:00:01 MDT 2011 - shargagan@novell.com

- Handling of large (> 256 bytes) ntlmv2 blobs in winbind; (bnc#529946).

-------------------------------------------------------------------
Sat Apr 30 19:38:49 UTC 2011 - lmuelle@suse.de

- Package static libraries with 0644 permissions.

-------------------------------------------------------------------
Sat Apr 30 19:15:27 UTC 2011 - lmuelle@suse.de

- Add Requires libtalloc-devel to libldb-devel and libtevent-devel.

-------------------------------------------------------------------
Sat Apr 30 18:48:57 UTC 2011 - lmuelle@suse.de

- Rename libldb0 to libldb1 as 1 is the current major version of the library.
- Add libldb1 and libtevent0 to baselibs.conf.

-------------------------------------------------------------------
Fri Apr 29 14:36:29 UTC 2011 - lmuelle@suse.de

- Don't call the suse_update_config macro before building lib ldb and tevent.

-------------------------------------------------------------------
Thu Apr 29 13:28:42 UTC 2011 - lmuelle@suse.de

- Update to 3.6.0pre3.
  + Listen on IPv6 addresses with IPV6_ONLY; (bso#7383).
  + Fix wrong output in 'smbget'; (bso#8066).
  + "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or
     vfs_acl_tdb module; (bso#8083).
  + rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs are null;
    (bso#8088).
  + setpwent() actually does endpwent() and vice versa on FreeBSD; (bso#8099).
  + Fix the build of 'smbget' on HP NonStop; (bso#8106).

  + Fix build of tdb2.
  + Correctly detect and deny symlinks anywhere in a path (not just the last
    component) if "follow symlinks = no".
  + Fix timeout in rpc_pipe_open_tcp_port().
  + Fix the build of "--with-profiling-data".
  + Fix Coverity IDs 986, 1340, 2047, 2299, 2307, 2325, 2335, 2336, 2470,
    2471, 2478.
  + nsswitch: Add 'wbinfo --lookup-sids'.
  + nsswitch: Add 'wbinfo --sids-to-unix-ids'.
  + Fix smbd with the async echo responder.
  + Fix the build of vfs_gpfs.c.
  + Add a 10-second timeout for the 445 or netbios connection to a DC.
  + Many pthreadpool fixes.
  + Fix transaction recovery area for converted tdbs.

-------------------------------------------------------------------
Thu Apr 28 21:43:14 UTC 2011 - lmuelle@suse.de

- Add PreReq permissions to the krb-printing package.

-------------------------------------------------------------------
Thu Apr 28 21:39:04 UTC 2011 - lmuelle@suse.de

- Remove _libdir ldb and tevent from file list.
- Explicitly state not to bundle talloc or tdb while ldb and tevent build.

-------------------------------------------------------------------
Thu Apr 21 21:12:31 UTC 2011 - lmuelle@suse.de

- Always use the actual library version as part of the package name.
- Exclude shared python modules.

-------------------------------------------------------------------
Thu Apr 21 11:45:59 CEST 2011 - ddiss@suse.de

- Fix printing from Windows 7 clients; (bso#7567); (bnc#687535).

-------------------------------------------------------------------
Thu Apr 21 10:49:04 CEST 2011 - ddiss@suse.de

- Update pidl and always compile IDL at build time; (bnc#688810).

-------------------------------------------------------------------
Thu Apr 14 18:21:56 UTC 2011 - lmuelle@suse.de

- Update to 3.6.0pre2.
  + ID Mapping changes.
  + Implement SMB2 support.
  + Add an Endpoint Mapper daemon.

  + Make "rlimit_max below minimum Windows limit" notification less scary;
    (bso#6837).
  + Quota only shown when logged as root; (bso#7080).
  + Fix printing from Windows 7; (bso#7567).
  + Retry DNS updates when connection to one nameserver has failed; (bso#7690).
  + Unlink may unlink wrong file when hardlinks are involved; (bso#7863).
  + Fix 'nmbd --port'; (bso#7875).
  + cmd_spoolss_deletedriver() returned without checking all architectures;
    (bso#7880).
  + Don't return "-1" on success in 'net rpc vampire keytab'; (bso#7899).
  + Fix cups pcap reload with no printers; (bso#7915).
  + Fix bug in chain_reply; (bso#7917).
  + Fix problems with "kernel oplocks" option set to "no"; (bso#7928).
  + Fall back for utimes calls; (bso#7940).
  + Catch lookup_names/sids schannel errors over ncacn_ip_tcp; (bso#7944).
  + Let winbind try to use samlogon validation level 6; (bso#7945).
  + Sgid bit lost on folder rename; (bso#7996).
  + Fix getting username in 'net rap session'; (bso#8009).
  + Fix inode generation so nautilus can count total dir size correctly;
    (bso#8010).
  + Use jenkins hash for str_checksum; (bso#8010).
  + Add explicit configure option whether or not to enable dmapi support;
    (bso#8033).
  + Fix smbclient segfault with Cyrillic netbios names; (bso#8040).
  + Fix file creation on OS/X; (bso#8042).

  + Add "--option" to 'testparm'.
  + Fix crash bug on smbd shutdown when using FOPENDIR().
  + Ensure we don't return an incorrect access mask.
  + Fix bug against the new Mac client.
  + Fix leak in error path.
  + Fix error where Windows client spoolss returns WERR_INVALID_DATA.
  + Fix a segfault in the krb5 locator plugin.
  + Enable sharesec for registry shares.
  + Fix memory leak in "security=share" and "force user".
  + Add "net idmap check", a check and repair tool for the
    id mapping database.
  + Add new 'net idmap delete' command.
  + Fix segfault on missing input file in 'net idmap restore'.
  + Fix 'net usersidlist' not to skip every other user.
  + Fix potential crash bug in spoolss_PrinterEnumValues push path.
  + Internal restructuring.
  + Don't wipe out all printer drivers when only one should be deleted.
  + Fix winbindd_dual_pam_auth_samlogon() for NT4 domains.
  + Fix memory leak in print_cups.c.
  + Remove duplicate cups response processing code.
  + Follow force user/group for driver IO.
  + Initiate pcap reload from parent smbd.
  + Reload shares after pcap cache fill.
  + Fix numerous Coverity IDs (2041 and others).
  + Fix a memory leak in check_sam_security_info3.
  + Fix a segfault in the nss wrapper when libnss_winbind.so is not loadable.
  + Make "net sam list [users|workstations]" list only the right things.
  + Fix a potential memleak in secrets_fetch_trusted_domain_password.
  + Use the right credentials in check_netlogond_security.
  + Add support for AF_NETLINK addr notifications.
  + Fork multiple Winbind children per domain.
  + Fix a deadlock between smbd and ctdbd.
  + Add 'wbinfo --dc-info'.
  + Make "nmbd socket dir" configurable.
  + Fixed valgrind errors.
  + Fix a memleak in receive_getdc_response.
  + Don't grant SEC_STD_DELETE always to the owner of a file.
  + Fix segfaults on addrchange errors in Winbind.
  + Allow machine accounts as members in groupdb.
  + Add IPv6 support for the endpoint mapper.
  + Free unused memory in the rpc server.
  + Fix possible segfaults in svcctl server.
  + Fix possible segfault with client_id in rpc server.
  + Add a 'svcctl shutdown' function to rpc server.
  + Fix a resource leak in net_afs.
  + Fix a resource leak in smbta-util.
  + Fix possible resource leak in net_usershare.
  + Fix possible resource leak in 'smbget'.
  + Fix possible resource leak in 'smbfilter'.
  + Fix a possible null pointer dereference in smbd.
  + Ensure we send the direct levelII oplock break to the correct fid.
  + Fix private libdir and codepages paths.
- Add RFC 3454 to the vendor files.

-------------------------------------------------------------------
Thu Apr  7 21:38:00 CET 2011 - jmcdonough@suse.de

- Fix idmap_tdb for big-endian systems such as ppc and s390;
  (bso#6901); (bnc#675978).

-------------------------------------------------------------------
Thu Mar 24 16:37:34 CET 2011 - ddiss@suse.de

- Fix smbclient -M NT_STATUS_PIPE_BROKEN failure; (bso#7635); (bnc#681913).

-------------------------------------------------------------------
Fri Mar 18 15:53:07 UTC 2011 - lmuelle@suse.de

- Replace jobs by _smp_mflags macro while calling make on post-11.4 systems.

-------------------------------------------------------------------
Thu Mar 17 10:24:31 CET 2011 - ddiss@suse.de

- Don't crash when publishing a single printer; (bnc#643119).

-------------------------------------------------------------------
Wed Mar  9 19:15:34 CET 2011 - ddiss@suse.de

- Carry error status in printer list IPC message, do not refresh printers if
  cups is unavailable; (bso#7994); (bnc#675478).

-------------------------------------------------------------------
Wed Mar  9 10:46:20 UTC 2011 - lmuelle@suse.de

- Define the libwbclient packages ahead of packages with a different version.

-------------------------------------------------------------------
Wed Mar  9 00:48:12 UTC 2011 - jengelh@medozas.de

- Use %_smp_mflags for parallel building.

-------------------------------------------------------------------
Mon Mar  7 12:17:06 UTC 2011 - lmuelle@suse.de

- Update to 3.5.8.
  + Fix Winbind crash bug when no DC is available; (bso#7730).
  + Fix finding users on domain members; (bso#7743).
  + Fix memory leaks in Winbind; (bso#7879).
  + Fix printing with Windows 7 clients; (bso#7567).

  + Fix 'testparm' return code when EOF in encountered in param name;
    (bso#3185).
  + Make "rlimit_max below minimum Windows limit" notification less scary;
    (bso#6837).
  + Fix "Your Password expires today" message for users of trusted domains;
    (bso#7066).
  + Fix maintaining of users' groups via UsrMgr; (bso#7262).
  + Fix 'net ads dns register' in Windows 2008 R2 domains; (bso#7356).
  + Raise debug level for "reduce_name: couldn't get realpath" messages;
    (bso#7409).
  + Fix updating the time on close in vfs_gpfs; (bso#7498).
  + Fix "log=>ndr_pull_error" in 'wbinfo -u' and 'wbinfo -g'; (bso#7594).
  + Handle Windows 9x adddriver calls without config file; (bso#7641).
  + Fix scalability problem with hundreds of printers; (bso#7656).
  + Fix memory leak in the netapi routines; (bso#7665).
  + Store unmodified copies of security descriptors in acl_xattr and acl_tdb
    modules; (bso#7716).
  + Fix incorrect unix mode_t caused by invalid client DOS attributes on
    create; (bso#7733).
  + Apply appropriate create masks when creating files with "inherit ACLs" set
    to true; (bso#7734).
  + Fix "dfree cache time" parameter; (bso#7744).
  + Fix a getgrent crash with many groups; (bso#7774).
  + Fix requesting lookups for BUILTIN sids; (bso#7777).
  + Fix smbd crash caused by expand_msdfs; (bso#7779).
  + Fix atime limit; (bso#7785).
  + vfs_scannedonly: Switch from mtime to ctime which is more reliable;
    (bso#7789).
  + Fix copying files from a SMB share using Gnome vfs and SMB signing;
    (bso#7791).
  + Make Winbind recover from a signing error; (bso#7800).
  + ACL inheritance cannot be disabled in vfs_acl_xattr/vfs_acl_tdb;
    (bso#7812).
  + Fix "force group" with ntlmssp guest session setup; (bso#7817).
  + vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on;
    (bso#7835).
  + Make WINBINDD_LOOKUPRIDS asking the right domain; (bso#7841).
  + Make WINBINDD_LOOKUPRIDS returning the domain name; (bso#7842).
  + Expand the local SAMs aliases; (bso#7843).
  + ntlm_auth: Support clients which offer a spnego mechs we don't support;
    (bso#7855).
  + Fix 'net ads dns register' in cluster setups; (bso#7871).
  + Fix 'nmbd --port'; (bso#7875).
  + Make 'rpcclient deldriver' delete drivers for all architectures;
    (bso#7880).
  + Fix flaky Winbind against Windows 2008; (bso#7881).
  + Fix SMB session setups with Kerberos against some closed source SMB
    servers; (bso#7883).
  + Fix stale lock in open_file_fchmod(); (bso#7892).
  + Fix sporadic Winbind panic in rpc query_user_list; (bso#7894).
  + Don't set SAMR_FIELD_FULL_NAME if we just want to set the account name;
    (bso#7896).
  + Don't return "-1" on success in 'net rpc vampire keytab'; (bso#7899).
  + Fix connections from WinCE; (bso#7917).
  + Fix opening MS Powerpoint files; (bso#7940).
  + Fix endless loops caused by inotify; (bso#7942).
  + Catch lookup_names/sids schannel errors over ncacn_ip_tcp; (bso#7944).
  + Let Winbind try to use samlogon validation level 6; (bso#7945).
  + Revalidate the pathname once re-constructed from a root fsp; (bso#7950).

-------------------------------------------------------------------
Fri Mar  4 20:12:24 UTC 2011 - lmuelle@suse.de

- Require a particular library version even if the major version is part of
  the package name.  Using the same major version does not guarantee forward
  compatibility.

-------------------------------------------------------------------
Fri Mar  4 16:30:46 CET 2011 - ddiss@suse.de

- Fix a fd-leak in libwbclient at dlclose-time; (bso#7684); (bnc#668773).

-------------------------------------------------------------------
Mon Feb 28 14:36:49 UTC 2011 - lmuelle@suse.de

- Update to 3.5.7
  + Protect against possible denial of service caused by memory corruption;
    CVE-2011-0719; (bso#7949); (bnc#670431).

-------------------------------------------------------------------
Wed Feb 23 11:20:14 UTC 2011 - lmuelle@suse.de

- Disable separate build of samba-doc for post-11.1 systems.

-------------------------------------------------------------------
Tue Feb 22 01:07:50 UTC 2011 - lmuelle@suse.de

- Protect against possible denial of service caused by memory corruption;
  CVE-2011-0719; (bso#7949); (bnc#670431).

-------------------------------------------------------------------
Thu Feb 17 13:25:08 CET 2011 - ddiss@suse.de

- Increase the log level for missing PIDs on SIGCHLD, printcap child processes
  are not added to the children PID list; (bnc#666460).

-------------------------------------------------------------------
Thu Feb 10 17:09:42 UTC 2011 - lmuelle@suse.de

- Do not require a particular library version if the major version is part of
  the package name.

-------------------------------------------------------------------
Wed Feb  9 23:14:03 UTC 2011 - lmuelle@suse.de

- Use the actual version numbers of the ldb, talloc, tdb, and tevent libraries
  on post-11.3 systems.

-------------------------------------------------------------------
Sun Jan 23 20:12:00 CET 2011 - ddiss@suse.de

- Abide by print$ share 'force user' & 'force group' settings when handling
  AddprinterDriver and DeletePrinterDriver requests; (bso#7921); (bnc#653353).

-------------------------------------------------------------------
Tue Jan 18 11:04:02 CET 2011 - ddiss@suse.de

- Remove pcap_cache_loaded asserts from (re)load_printers. pcap_cache_loaded()
  returns false if the pcap cache contains no printer entries. correct call
  ordering is already enforced. (bso#7836); (bnc#625936).

-------------------------------------------------------------------
Fri Jan 14 15:22:51 CET 2011 - lmuelle@suse.de

- No longer force activation of the cifs service on post-11.3 systems.
- Add X-UnitedLinux-Default-Enabled to the cifs init script on pre-11.4
  systems.
- Move the cifs init script nfs dependencies from Required to Should.

-------------------------------------------------------------------
Tue Jan  4 16:26:37 UTC 2011 - lmuelle@suse.de

- Recommend to install samba-krb-printing from samba-winbind on post-10.3
  systems; (bnc#661845).

-------------------------------------------------------------------
Thu Dec 30 12:52:39 CET 2010 - ddiss@suse.de

- Fix error paths in cups_async_callback(), an empty cups printer list should
  not be treated as an error; (bnc#661842).

-------------------------------------------------------------------
Tue Dec 21 16:31:15 CET 2010 - ddiss@suse.de

- Abide by printcap cache time, reload parent smbd pcap cache on expiry;
  (bso#7836); (bnc#625936).

-------------------------------------------------------------------
Fri Dec 17 20:01:38 CET 2010 - ddiss@suse.de

- Fix race in cups async printer services reload; (bso#7836); (bnc#625936).

-------------------------------------------------------------------
Mon Dec 13 00:54:03 CET 2010 - ro@suse.de

- Don't tweak with baselibs.conf during %post if not present; (bnc#652620).

-------------------------------------------------------------------
Thu Dec  9 13:31:15 UTC 2010 - lmuelle@suse.de

- Don't make use of baselibs.conf on SUSE Linux Enterprise 10; (bnc#652620).

-------------------------------------------------------------------
Tue Dec  7 16:48:25 UTC 2010 - lmuelle@suse.de

- Don't use --tmpdir as this option isn't known by mktemp of SUSE Linux
  Enterprise 10; (bnc#652620).

-------------------------------------------------------------------
Sun Dec  5 22:28:35 UTC 2010 - lars@samba.org

- vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on;
  (bso#7835).

-------------------------------------------------------------------
Fri Dec  3 11:47:07 UTC 2010 - lmuelle@suse.de

- Replace Requires samba-client by samba-gplv3-client in the gplv3 packages;
  (bnc#652620).

-------------------------------------------------------------------
Tue Nov 30 13:55:27 CET 2010 - ddiss@suse.de

- Fix Dolphin SMB share IO with SMB signing enabled; (bso#7791); (bnc#656112).

-------------------------------------------------------------------
Tue Nov 30 12:45:44 UTC 2010 - lmuelle@suse.de

- Add Conflicts to the samba-gplv3 main, client, doc, krb-printing, winbind,
  client-gplv2, and doc-gplv2 packages; (bnc#652620).

-------------------------------------------------------------------
Fri Nov 26 21:13:10 UTC 2010 - lmuelle@suse.de

- Add Provides samba-client-gplv2 and samba-doc-gplv2 to pre-3.2 versions;
  (bnc#652620).

-------------------------------------------------------------------
Fri Nov 26 19:56:23 UTC 2010 - lmuelle@suse.de

- Obsolete samba-client-gplv2 and samba-doc-gplv2; (bnc#652620).

-------------------------------------------------------------------
Thu Nov 25 17:29:24 UTC 2010 - lmuelle@suse.de

- Remove Provides samba-client:/usr/sbin/winbindd from the samba-gplv3-winbind
  package to avoide an accidental install trigger; (bnc#652620).

-------------------------------------------------------------------
Thu Nov 25 15:06:44 UTC 2010 - lmuelle@suse.de

- Add Provides samba-client to the samba-gplv3-client package; (bnc#652620).

-------------------------------------------------------------------
Wed Nov 24 10:24:21 UTC 2010 - lmuelle@suse.de

- Remove all Obsoletes from the samba-gplv3 packages and only keep the
  Provides samba; (bnc#652620).

-------------------------------------------------------------------
Sat Nov 20 08:31:14 UTC 2010 - lmuelle@suse.de

- Add fitting Conflicts to all samba-gplv3 packages; (bnc#652620).

-------------------------------------------------------------------
Fri Nov 19 19:18:17 CEST 2010 - jmcdonough@suse.de

- Reduce unnecessary ldap round trips and eliminate invalid DN
  messages; (bnc#654719).

-------------------------------------------------------------------
Fri Nov 12 12:59:23 UTC 2010 - lmuelle@suse.de

- Exclude cifs-mount and ldapsmb from the samba-gplv3 build of SUSE Linux
  Enterprise 10 SP 3 and 4.

-------------------------------------------------------------------
Thu Nov 11 12:36:36 UTC 2010 - lmuelle@suse.de

- Add the _build_arch at the end of the vendor version suffix.

-------------------------------------------------------------------
Thu Oct 28 15:06:20 UTC 2010 - lmuelle@suse.de

- Provide and Obsolete samba-gplv3 to replace potentially installed packages.

-------------------------------------------------------------------
Fri Oct 15 12:23:53 UTC 2010 - lmuelle@suse.de

- Change package base name to samba-gplv3 for SUSE Linux Enterprise 10 SP 4.
- Do not package libsmbclient and libsmbsharemodes.

-------------------------------------------------------------------
Sat Oct 10 13:24:17 CEST 2010 - jmcdonough@suse.de

- Update to 3.5.6
  + Fix auto printers with registry config; (bso#7280); (bnc#617153).
  + Fix SPNEGO auth when contacting Win7 system using Microsoft Live
    Sign-in Assistant; (bso#7577).
  + Fix 'net idmap restore' setting HWM to avoid duplicates; (bso#7578).
  + Fix "admin users" when using vfs_acl_xattr; (bso#7581).
  + Fix using cached credentials in ntlm_auth; (bso#7589).
  + Fix Winbind offline login; (bso#7590).
  + Fix Winbind internal error; (bso#7636).
  + Fix mknod/mkfifo failing with "No such file or directory"; (bso#7651).
  + Fix smbd changing mode of files on rename; (bso#7693).
  + Fix crash bug with invalid SPNEGO token; (bso#7694).
  + Fix smbd panic on invalid NetBIOS session request; (bso#7698).
  + Fix smbd crash caused by "%D" in "printer admin"; (bso#7541).
  + Fix 'smbclient -M'; (bso#7635).
  + Fix scalability problem with hundreds of printers; (bso#7656).
  + Fix crash bug in rpcclient; (bso#7688).
  + Fix file corruption when setting Samba "write wache wize"; (bso#7715).

-------------------------------------------------------------------
Thu Oct  7 16:21:40 UTC 2010 - lmuelle@suse.de

- Let startproc wait for nmb, smb and winbind pid files getting created on
  post-11.1 systems; (bnc#520036).

-------------------------------------------------------------------
Thu Oct  7 14:22:57 CEST 2010 - hhetter@suse.de

- Include the reviewed french translation for pam_winbind; (bnc#499233).

-------------------------------------------------------------------
Fri Sep 24 01:40:30 CEST 2010 - ddiss@suse.de

- Fix smbd crash with CUPS printers and no [printers] share defined;
  (bso#7297); (bnc#637755).

-------------------------------------------------------------------
Tue Sep 21 01:18:17 CEST 2010 - jmcdonough@suse.de

- Fix printing from 64-bit windows clients; (bso#6888); (bnc#640870).

-------------------------------------------------------------------
Sun Sep 12 15:54:14 UTC 2010 - coolo@novell.com

- Fix baselibs.conf for libtalloc.

-------------------------------------------------------------------
Wed Sep  8 12:09:39 UTC 2010 - lmuelle@suse.de

- Fix buffer overflow in sid_parse() to correctly check the input lengths when
  reading a binary representation of a Windows Security ID (SID);
  CVE-2010-3069; (bso#7669); (bnc#637218).

-------------------------------------------------------------------
Mon Aug 30 22:11:20 CEST 2010 - jmcdonough@suse.de

- Use cached ntlm password in libsmbclient.  Prevent lockouts
  when kerberos tickets are lost; (bnc#602418); (bnc#606304).

-------------------------------------------------------------------
Thu Aug 26 11:08:42 UTC 2010 - gber@opensuse.org

- Add a dependency on nfs to the smbfs/ cifs init scripts as they require the
  en_US locale and /usr might be on NFS.

-------------------------------------------------------------------
Mon Aug 23 17:00:20 CEST 2010 - jmcdonough@suse.de

- Complete fix for trusts with Windows 2008R2 DCs.

-------------------------------------------------------------------
Fri Aug 20 13:48:22 UTC 2010 - jmcdonough@suse.de

- Fix authentication dialogs when connecting to older systems;
  (bnc#632055).

-------------------------------------------------------------------
Thu Aug 19 21:53:30 UTC 2010 - lmuelle@suse.de

- Adjust position of conditional ldapsmb %package and %files definition.

-------------------------------------------------------------------
Thu Aug 19 20:21:50 UTC 2010 - lmuelle@suse.de

- Create the /var/run/samba directory on the fly and package it as %ghost.

-------------------------------------------------------------------
Thu Aug 19 19:55:37 CEST 2010 - jmcdonough@suse.de

- Fix preexec scripts; (bso#7104); (bnc#632852).

-------------------------------------------------------------------
Thu Aug 19 15:22:28 UTC 2010 - lmuelle@suse.de

- Add missing netapi, smbclient, smbsharemodes, talloc, tevent, and wbclient
  pkgconfig files and BuildRequire pkgconfig; (bnc#632770).

-------------------------------------------------------------------
Tue Aug 17 21:17:34 UTC 2010 - lmuelle@suse.de

- BuildRequire python-devel for post-9.3 systems.

-------------------------------------------------------------------
Tue Aug 17 20:36:10 UTC 2010 - lmuelle@suse.de

- Only create precompiled headers for post-10.2 systems.
- Remove mkinitrd scriptlets.

-------------------------------------------------------------------
Tue Aug 17 15:20:00 UTC 2010 - lmuelle@suse.de

- Add vfs_crossrename man page.
- Call make basic and remove conditional proto target.
- Increase libtevent version to 0.9.9.
- Remove wbc_async header from the file list.
- Remove remaining cifs-mount pieces from the spec file.

-------------------------------------------------------------------
Mon Aug 16 16:58:02 UTC 2010 - jmcdonough@suse.de

- Fix printers not auto loading with registry config; (bso#7280);
  (bnc#617153).

-------------------------------------------------------------------
Sun Aug 15 18:20:41 UTC 2010 - lmuelle@suse.de

- Update to 3.6.0pre1.
  + SMB2 support is fully functional despite managing quota using the
    Microsoft management tools.
  + Internal Winbind passdb changes to use samr and lsa rpc pipe to get local
    user and group information.
  + The spoolss and the old RAP printing code have been completely overhauled
    and refactored.
  + The SMB Traffic Analyzer (SMBTA) VFS module got added.

-------------------------------------------------------------------
Sun Aug 15 12:36:41 UTC 2010 - lmuelle@suse.de

- Intilize workgroup of nmblookup as empty string.

-------------------------------------------------------------------
Thu Aug 12 22:06:35 UTC 2010 - jmcdonough@suse.de

- Fix net ads join when using parent domain users; (bso#6364);
  (bnc#630812).

-------------------------------------------------------------------
Wed Jul 28 15:08:09 CEST 2010 - sjayaraman@suse.de

- cifs: do not restart during dhcp lease renewal when IPaddress remains
  the same; (bnc#573246).

-------------------------------------------------------------------
Mon Jul  5 19:31:55 UTC 2010 - lmuelle@suse.de

- Fix "Too many open files" when trying to access large number of files;
  (bso#6837); (bnc#619787).

-------------------------------------------------------------------
Wed Jun 23 12:01:20 UTC 2010 - lmuelle@suse.de

- Update to 3.5.4.
  + Fix smbd crash when sambaLMPassword and sambaNTPassword entries missing
    from ldap (bug #7448).
  + Fix init_sam_from_ldap storing group in sid2uid cache (bug #7507).

  + Allow previous password to be stored and use it to check tickets;
    (bso#7099).
  + Make ea data checks identical for trans2open and trans2mkdir; (bso#7188).
  + Fix editing users' groups via UsrMgr; (bso#7262).
  + Fix Winbind over IPv6; (bso#7341).
  + Samba sends "raw" inode number as uniqueid with unix extensions;
    (bso#7410).
  + Fix printing large formats; (bso#7423).
  + Fix spnego returning incorrect mechListMIC string; (bso#7449).
  + Fix some crash bugs and missing error codes in AddDriver paths;
    (bso#7459).
  + Fix crash bug in _samr_QueryUserInfo{2} level 18; (bso#7479).
  + Fix 'not a string literal' warning in netdomjoin-gui; (bso#7500).
  + Fix calculation of st_blocks in vfs_streams_xattr; (bso#7503).
  + Fix numerous build issues; (bso#7504).
  + Fix session setup from linux kernel cifs clients with "sec=ntlmv2";
    (bso#7517).

-------------------------------------------------------------------
Mon Jun 21 19:52:13 UTC 2010 - lmuelle@suse.de

- Remove all provides and obsoletes samba3 from the spec file.  Packages with
  this base name have not been offered as part of a product.

-------------------------------------------------------------------
Fri Jun 11 09:13:09 UTC 2010 - lmuelle@suse.de

- Fix a NULL pointer dereference in smbd of the 3.4 code base;
  CVE-2010-1635; (bso#7229); (bnc#605935).

-------------------------------------------------------------------
Tue Jun  8 14:38:18 UTC 2010 - lmuelle@suse.de

- Address possible buffer overrun in chain_reply code of pre-3.4 versions;
  CVE-2010-2063; (bso#7494); (bnc#611927).

-------------------------------------------------------------------
Mon Jun  7 17:43:35 CEST 2010 - hhetter@suse.de

- Update of the SMB Traffic Analyzer v2 VFS module

-------------------------------------------------------------------
Fri May 28 23:05:10 CEST 2010 - jmcdonough@suse.de

- Fix trusts with Windows 2008R2 DCs; (bnc#613459); (bnc#599873);
  (bnc#592198); (bso#6697).

-------------------------------------------------------------------
Wed May 19 12:18:29 UTC 2010 - lmuelle@suse.de

- Update to 3.5.3.
  + Fix MS-DFS functionality; (bso#7339).
  + Fix a Winbind crash when scanning trusts; (bso#7389).
  + Fix problems with SIGCHLD handling in Winbind; (bso#7317).

  + Add replacement for IPV6_V6ONLY on linux systems with broken headers;
    (bso#7196).
  + Fix cups encryption setting; (bso#7263).
  + Fix exporting printers via 'cupsaddsmb' command; (bso#7277).
  + Fix SMB job IDs in CUPS job names; (bso#7288).
  + Fix segfault in mount.cifs; (bso#7315).
  + Make TIME_T_MAX defines consistent; (bso#7352).
  + Re-fix a bug with smbd serving a windows terminal server; (bso#7357).
  + Display an error on 'net conf import' failures; (bso#7378).
  + Fix bitmap leak in dptr_Close; (bso#7384).
  + Fix rename problems with full_audit VFS module; (bso#7398).
  + Fix setting of passwords via 'net rpc user password' command; (bso#7417).
  + Fix 'net rpc printer list' command; (bso#7418).
  + Rename mod_name to module_name; (bso#7421).
- Fix unnecessary traversing winbindd_cache.tdb in SIGHUP handler.
- Added EN ISO 216, A0 and A1 to builtin forms; (bso#7423).
- Winbind not working over IPv6; (bso#7341).

-------------------------------------------------------------------
Tue May 18 22:54:35 CEST 2010 - jmcdonough@suse.de

- Honor "interfaces" list in net ad dns register; (bnc#606947).

-------------------------------------------------------------------
Tue May 18 09:54:15 UTC 2010 - lmuelle@suse.de

- Exclude the RPM release from the vendor tag for openSUSE Factory;
  (bnc#604049).

-------------------------------------------------------------------
Thu Apr 29 10:24:54 UTC 2010 - lmuelle@suse.de

- Enable the build of the idmap tdb2 module; (bnc#600822).

-------------------------------------------------------------------
Sun Apr 25 19:14:03 UTC 2010 - lars@samba.org

- BuildRequire keyutils-libs-devel for Fedora and post-RHEL4.

-------------------------------------------------------------------
Sun Apr 25 19:00:56 UTC 2010 - lars@samba.org

- BuildRequire pkg-config for post-10.2 systems and else pkgconfig.

-------------------------------------------------------------------
Wed Apr 21 11:11:23 UTC 2010 - jmcdonough@suse.de

- Add "net conf import" error messages; (bso#7378, bnc#598189).

-------------------------------------------------------------------
Wed Apr 21 11:22:49 CEST 2010 - jsmeix@suse.de

- Define cups_lib_dir %{_prefix}/lib/cups for post-11.2 systems; (bnc#575544).

-------------------------------------------------------------------
Wed Apr  7 12:08:54 UTC 2010 - lmuelle@suse.de

- Update to 3.5.2.
  + Fix smbd segfaults in _netr_SamLogon for clients sending null domain;
    (bso#7237).
  + Fix smbd segfaults in "waiting for connections" message; (bso#7251).
  + Fix an uninitialized variable read in smbd; (bso#7254); (bnc#605935);
    CVE-2010-1642.
  + Fix a memleak in Winbind; (bso#7278).
  + Fix Winbind reconnection to it's own domain; (bso#7295).

  + Fix segfault if hide files or veto files has no ".AppleDouble";
    (bso#1206).
  + Fix parsing of the gecos field; (bso#5198).
  + Fix several printing issues; (bso#6727).
  + Fix valgrind warning; (bso#6814).
  + Fix race condition in mount.cifs that allows user to replace mountpoint
    with a symlink; (bso#6853).
  + Fix bug in vfs_scannedonly rmdir implementation; (bso#7075).
  + Fix handling of bad server data returns in client rpc_transport;
    (bso#7159).
  + Never mark external domains as internal in Winbind; (bso#7170).
  + Fix access by multi-threaded applications; (bso#7202).
  + Fix 'net share' command; (bso#7203).
  + Fix DN parsing name was always null; (bso#7204).
  + Signals are processed twice in child; (bso#7206).
  + Fix returning of group members with 'getent group'; (bso#7212).
  + Fix the build of net_afs.c with --fake-kaserver=yes; (bso#7216).
  + Make Winbind logs more verbose for troubleshooting; (bso#7225).
  + Fix a NULL pointer dereference in smbd; CVE-2010-1635; (bso#7229);
    (bnc#605935).
  + Fix automatic building of vfs_tsmsm if gpfs and dmapi are present;
    (bso#7231).
  + Fix race conditions in CTDB persistent transactions; (bso#7232).
  + Symlink delete fails but incorrectly reports success to client;
    (bso#7234).
  + Fix "printer admin" functionality; (bso#7255).
  + Fix value-needed calculation in_spoolss_EnumPrinterData(); (bso#7256).
  + Fix _winreg_QueryValue crash bugs and implement Windows behavior;
    (bso#7258).
  + Fix job management commands for CUPS queues; (bso#7269).
  + Fix smbd segfault if using vfs_acl_tdb; (bso#7283).
  + Fix core dump in 'ntlm_auth' with "gss-spnego" helper; (bso#7290).
  + Fix smbd crashes with CUPS printers and no [printers] share defined;
    (bso#7297).
  + Fix DOS attribute inconsistency with MS Office; (bso#7310).
  + Many disconnecting clients render clustered Samba unusuable for some time;
    (bso#7312).
  + Make 'net conf addshare' atomic; (bso#7313).
  + Eliminate race condition in creating/scanning sorted subkeys in the
    registry backend; (bso#7314).
  + Winbind possibly segfaults when trying a trusted domain without inbound
    trust; (bso#7316).

-------------------------------------------------------------------
Tue Apr  6 22:21:43 CEST 2010 - hhetter@suse.de

- Add SMB Traffic Analyzer v2 VFS module.

-------------------------------------------------------------------
Tue Mar 30 20:44:27 UTC 2010 - lmuelle@suse.de

- Document "wide links" defaults to "no" in the smb.conf man page for versions
  pre-3.4.6; (bnc#577868).

-------------------------------------------------------------------
Fri Mar 26 02:05:12 UTC 2010 - jmcdonough@suse.de

- Fix workgroup enumeration, for client printer and file share
  selection; (bso#6880); (bnc#586215).

-------------------------------------------------------------------
Tue Mar 23 14:57:00 UTC 2010 - jmcdonough@suse.de

- Fix tdb validation for offline auth; (bnc#587014).

-------------------------------------------------------------------
Mon Mar 22 16:12:05 UTC 2010 - lmuelle@suse.de

- Fix "printer admin" functionality; (bso#7255).

-------------------------------------------------------------------
Mon Mar 22 15:55:51 UTC 2010 - lmuelle@suse.de

- An uninitialized variable read could cause an smbd crash; (bso#7254);
  (bnc#605935); CVE-2010-1642.

-------------------------------------------------------------------
Mon Mar 22 15:42:58 UTC 2010 - lmuelle@suse.de

- Ensure to have a valid talloc stackframe; (bso#7251).

-------------------------------------------------------------------
Mon Mar 22 15:17:56 UTC 2010 - lmuelle@suse.de

- _netr_SamLogon segfaults for clients sending NULL domain; (bso#7237).

-------------------------------------------------------------------
Thu Mar 18 15:57:15 UTC 2010 - lmuelle@suse.de

- Merge missing pam_winbind message translations; (bnc#499233).

-------------------------------------------------------------------
Sun Mar 14 21:08:44 UTC 2010 - lmuelle@suse.de

- Remove cifs-mount subpackage for post-11.2 systems as the tools are now part
  of the independent cifs-utils package.

-------------------------------------------------------------------
Thu Mar 11 19:18:00 CEST 2010 - jmcdonough@suse.de

- Fix join of Windows 2008 domains; (bnc#567013).

-------------------------------------------------------------------
Mon Mar  8 21:03:25 UTC 2010 - lmuelle@suse.de

- Update to 3.5.1 and 3.4.7.
  + Fix security flaw on Linux platforms if built with libcap support allowing
    file system access even when permissions should have denied it;
    CVE-2010-0728; (bso#7222); (bnc#586683).

-------------------------------------------------------------------
Mon Mar  8 09:12:07 UTC 2010 - rhafer@novell.com

- Fixed libldb.so link in libldb-devel.

-------------------------------------------------------------------
Fri Mar  5 15:47:25 UTC 2010 - hhetter@novell.com

- Fix argc handling in net_share, making the command "net share"
  work again; (bso#7203); (bnc#584253).

-------------------------------------------------------------------
Mon Mar  1 16:22:52 CET 2010 - lmuelle@suse.de

- Update to 3.5.0.
  + Fix duplicate sam and unix accounts; (bso#7145).
  + Keep the the correct negotiate_flags on the cli->dc structure; (bso#7160).
  + Avoid calling cli_alloc_mid twice in cli_smb_req_iov_send; (bso#7166).
  + Fix 'net ads dns' usage calls; (bso#7181).
  + Fix uninitialized variable in wkssvc_enumerateusers; (bso#7182).

-------------------------------------------------------------------
Wed Feb 24 14:55:27 CET 2010 - lmuelle@suse.de

- Update to 3.4.6.
  + Change parameter "wide links" to default to "no"; it's also incompatible
    with "unix extensions"; (bso#7104); (bnc#577868).
  + Fix printing with 64 bit clients (bso#6888).
  + Fix core dump on 64 bit Linux (bso#7063).
  + Fix failing of smbd to respond to a read or a write caused by Linux
    asynchronous IO (aio) (bso#7067).
  + Fix string buffer overflow causing heap corruption in smbd (bso#7096).

  + Fix bogus ip address in SWAT; (bso#5885).
  + Fix vfs_full_audit; (bso#6557).
  + Use the first "uid" value; (bso#6157).
  + Fix large paged search with DirX LDAP servers; (bso#6981).
  + Fix crash bug in 'cifs.upcall'; (bso#6868).
  + Add cross option to samba_cv_linux_getgrouplist_ok; (bso#7047).
  + Fix DFS on AIX (maybe others); (bso#7052).
  + Fix pdb_search crash as non-root user; (bso#7068).
  + Fix unlocking of accounts from ldap; (bso#7072).
  + Fix vfs_expand_msdfs; (bso#7081).
  + Fix results of 'smbclient -L' with a large browse list; (bso#7098).
  + Normalize "Changing password for" msg IDs and STRs; (bso#7102).
  + Fix malformed require_membership_of_sid; (bso#7106).
  + Fix reading of large browselist; (bso#7122).
  + "mangling method = hash" can crash storing a name containing a '.';
    (bso#7154).
  + Valgrind Conditional jump or move depends on uninitialised value(s) error
    when "mangling method = hash"; (bso#7155).
  + Fix listing of printjobs in Windows 7; (bso#7130).
  + Spoolss getprinterdriver2 level 101 marshalling is bad; (bso#7136).

  + Make idmap cache persistent for "ldapsam:trusted".
  + Also fill the memcache with sid<->id mappings in ldapsam_sid_to_id() not
    only the persistent idmap cache.
  + Shortcut uid_to_sid when "ldapsam:trusted = yes".
  + Make pdb_copy_sam_account also copy the group sid.
  + Shortcut gid_to_sid when "ldapsam:trusted = yes".
  + Speed up pdb_get_group_sid().
  + Try to build the full unix_pw structure with ldapsam:trusted support.
  + Optimize ldapsam_alias_memberships() and cache ldap searches.

-------------------------------------------------------------------
Fri Feb 19 16:27:03 CET 2010 - lmuelle@suse.de

- Update to 3.5.0rc3.
  + Change parameter "wide links" to default to "no"; it's also incompatible
    with "unix extensions"; (bso#7104); (bnc#577868).

  + Fix vfs_full_audit; (bso#6557).
  + Fix crash bug in 'cifs.upcall'; (bso#6868).
  + Fix duplicate initializer in the rmdir module; (bso#6876).
  + Fix printing with 64 bit clients; (bso#6888).
  + Add cross option to samba_cv_linux_getgrouplist_ok; (bso#7047).
  + Fix core dump on Ubuntu 8.04 64 bit; (bso#7063).
  + Fix failing of smbd to respond to a read or a write caused by Linux
    asynchronous IO (aio); (bso#7067).
  + Fix 'smbget' error status; (bso#7069).
  + Fix build of 'smbfilter'; (bso#7071).
  + Fix unlocking of accounts from ldap; (bso#7072).
  + Cliconnect gets realm wrong with trusted domains; (bso#7079).
  + Fix vfs_expand_msdfs; (bso#7081).
  + Fix storing of create time on directories in an EA in new create time
    code; (bso#7084).
  + Fix an early release of the global lock that can cause data corruption in
    libtdb; (bso#7085).
  + Fix string buffer overflow causing heap corruption in smbd; (bso#7096).
  + Fix results of 'smbclient -L' with a large browse list; (bso#7098).
  + Normalize "Changing password for" msg IDs and STRs; (bso#7102).
  + Fix malformed require_membership_of_sid; (bso#7106).
  + Add pdb_ldap performance fixes; (bso#7116).
  + Change ldap filter to what really was intended; (bso#7116).
  + Add new "nmbd bind explicit broadcast" parameter; (bso#7118).
  + Fix nmbd problems with socket address; (bso#7118).
  + Support large browselist; (bso#7119).
  + Fix reading of large browselist; (bso#7122).
  + Fix listing of printjobs in  Windows 7; (bso#7130).
  + Owner of file not available with Kerberos; (bso#7139).
  + Fix IPv4/IPv6 problems; (bso#7140).
  + Fix get_acl_blob in the acl_tdb VFS module; (bso#7148).
  + "mangling method = hash" can crash storing a name containing a '.';
    (bso#7154).
  + Valgrind Conditional jump or move depends on uninitialised value(s) error
    when "mangling method = hash"; (bso#7155).

  + Fix some wrong newlines in de translation strings.

-------------------------------------------------------------------
Tue Feb  9 22:10:44 UTC 2010 - lmuelle@suse.de

- Take extra care that a mount point of mount.cifs isn't changed during mount
  and don't allow it to be run as setuid root program; CVE-2010-0787;
  (bso#6853); (bnc#550002).

-------------------------------------------------------------------
Tue Feb  9 17:10:55 UTC 2010 - lmuelle@suse.de

- Check in mount.cifs for invalid characters in device name and mountpoint;
  CVE-2010-0547; (brc#562156); (bnc#577925).

-------------------------------------------------------------------
Tue Feb  9 05:00:08 CET 2010 - boyang@suse.de

- Don't invalidate cache for uninitialized domains; (bnc#538923).

-------------------------------------------------------------------
Tue Feb  9 04:59:09 CET 2010 - boyang@suse.de

- Signals are processed twice in child; (bnc#538923).

-------------------------------------------------------------------
Mon Feb  8 18:51:27 CET 2010 - jmcdonough@suse.de

- Allow forced pw change even with min pw age; (bnc#561894).

-------------------------------------------------------------------
Mon Feb  8 11:44:54 UTC 2010 - lmuelle@suse.de

- Change parameter "wide links" to default to "no"; it's also incompatible
  with "unix extensions"; CVE-2010-0926; (bso#7104); (bnc#577868).

-------------------------------------------------------------------
Sun Feb  7 08:35:14 CET 2010 - boyang@suse.de

- Fix enumerate domain local groups for primary domain; (bnc#573813).

-------------------------------------------------------------------
Sun Feb  7 07:48:06 CET 2010 - boyang@suse.de

- Fix malformed require_membership_of_sid; (bnc#525123); (bso#7106).

-------------------------------------------------------------------
Fri Feb  5 17:12:24 UTC 2010 - lmuelle@suse.de

- Normalize "Changing password for" msg IDs and STRs; (bnc#499233).

-------------------------------------------------------------------
Thu Feb  4 16:58:53 UTC 2010 - rhafer@novell.com

- Build libtevent and libldb and put them into separate subpackages.

-------------------------------------------------------------------
Tue Jan 26 17:12:50 CET 2010 - lmuelle@suse.de

- Update to 3.5.0rc2.
  + The Using Samba HTML book has been removed.
  + 'net', 'smbclient' and libsmbclient can use logon credentials cached by
    Winbind; (bso#7062).
  + New vfs_scannedonly module has been added; (bso#7028).

  + Check password history before increasing "badPasswordCount"; (bso#4347).
  + Fix changing of ACLs on writable file with "dos filemode=yes"; (bso#5202).
  + Restore Samba 3.0.x behavior and use the first "uid" value in pdb_ldap;
    (bso#6157).
  + Fix deletion of an object whose parent folder does not have delete rights
    fails even if the delete right is set on the object in vfs_acl_xattr and
    vfs_acl_tdb; (bso#6876).
  + Fix large paged search with DirX LDAP servers; (bso#6981).
  + Fix a segfault in winbindd_dual_ccache_ntlm_auth(); (bso#7027).
  + Disable sanity check in NetShareEnum for better compatibility with
    Windows; (bso#7029).
  + Fix SMBrmdir error message when deleting a directory fails; (bso#7033).
  + Fix segfault in vfs_cap; (bso#7034).
  + Fix 'net rpc getsid' in hardened Windows environments; (bso#7036).
  + Fix a Winbind segfault in "trusted_domains"; (bso#7037).
  + Complete and improve some German translation of 'net'; (bso#7039).
  + Fix compile error with WITH_DNS_UPDATE. Update .po files; (bso#7039).
  + Fix crash bug in libsmbclient; (bso#7043).
  + Fix bad (non memory copying) interfaces in smbc_setXXXX calls; (bso#7045).
  + Fix libsmbclient crash against OpenSolaris CIFS server; (bso#7046).

  + Lock down some srvsvc calls according to what w2k3 seems to do.

-------------------------------------------------------------------
Tue Jan 19 12:05:43 CET 2010 - lmuelle@suse.de

- Update to 3.4.5.
  + Fix memory leak in smbd (bug #7020).
  + Fix changing of ACLs on writable files with "dos filemode=yes"
    (bug #5202).

  + BUG 6642: Fix opening the quota magic file.
  + BUG 6919: Fix remote quota management.
  + BUG 7034: Fix internal error caused by vfs_cap.
  + BUG 7036: Fix 'net rpc getsid' in hardened Windows environments.
  + BUG 7043: Fix crash bug in "SMBC_parse_path".
  + BUG 7045: Fix bad (non memory copying) interfaces in smbc_setXXXX calls.
  + BUG 7046: Fix a crash in libsmbclient used against the OpenSolaris CIFS
    server.

-------------------------------------------------------------------
Tue Jan 12 22:55:44 UTC 2010 - lmuelle@suse.de

- Free unused memory after a packet got processed; (bso#7020).

-------------------------------------------------------------------
Fri Jan  8 04:56:21 CET 2010 - boyang@suse.de

- Add timeout to rpc call to prevent infinite loop when network is
  down; (bnc#538923).

-------------------------------------------------------------------
Thu Jan  7 12:14:19 UTC 2010 - lmuelle@suse.de

- Update to 3.5.0rc1.
  + BUG 6837: Fix "Too many open files" when trying to access large number of
    files with Windows 7; (bnc#619787).
  + BUG 6939: Fix long filenames when "mangling method" is set to "hash".
  + BUG 6991: Create symbol links to shared libraries.
  + BUG 6992: make test for getgrouplist cacheable.
  + BUG 7014: Fix Winbind crash when retrieving empty group members.
  + BUG 7020: Fix smbd using 2G memory.

  + Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned
    attributes by protocol level.
  + Vector correctly through reply_openerror() (which uses the same logic).
  + Fix bugs with the full Windows ACL support.
  + Add a few missing gettext calls to the 'net' command.
  + Fix up a share type translation and translate some more strings in 'net'.
  + Allow to call "pdbedit -N description -u user" without specifiyng "-r".
  + Add spoolss_DriverInfo7.
  + Fix rpcclient after setprinter IDL fixes.
  + Use generated krb5.conf in 'net ads testjoin'.
  + Add some German translations for the 'net' command.
  + Update mount.cifs man page with nounix option.
  + Fix _samr_GetAliasMembership for results with 0 rids.
  + Fix an error case in cli_negprot.
  + Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc.
  + Restore correct timeouts for SMB requests.
  + Fix a 64-bit error in libsmb.
  + Replace IS_DOMAIN_OFFLINE by a function in Winbind.
  + Simplify/cleanup Winbind code.
  + Fix write behind memory block in libtalloc.
  + Fix result check for getaddrinfo().
  + Add tsocket_address_bsd_sockaddr() and tsocket_address_bsd_from_sockaddr()
    to tsocket.
  + Always set tdb->tracefd to -1 to be safe on goto fail in libtdb.
  + Add TDB_DISALLOW_NESTING and make TDB_ALLOW_NESTING the default behavior.
  + Fix standalone 'make installdocs'.
  + Output %p as unsigned in snprintf replacement.
  + New attempt at TDB transaction nesting allow/disallow.
  + Remove swig stuff from libtdb.
  + Reset tdb->fd to -1 in tdb_close() in libtdb.
  + Change the way mksysms work in libtalloc.
  + Also build and install tdb manpages from standalone tdb.
  + Fix infinite loop in NCACN_IP_TCP as there is no timeout.
  + Make winbindd_cache.c aware of domain offline to avoid unnecessary backend
    query.
  + List trusted domains from wcache when domain is offline.

-------------------------------------------------------------------
Thu Jan  7 11:21:35 UTC 2010 - lmuelle@suse.de

- Update to 3.4.4.
  + Fix interdomain trust relationships with Win2008R2 (bug #6697).
  + Fix Winbind crashes when queried from nss (bug #6889).
  + Fix Winbind crash when retrieving empty group members (bug #7014).
  + Fix "UID range full" error in Winbind (bug #6901).
  + Fix multiple LDAP servers in "idmap backend" and "idmap alloc
    backend" (bug #6910).

  + BUG 4832: Fix iconv checks.
  + BUG 6338: Do not always display "none" in 'net rpc trustdom list'.
  + BUG 6851: Add pdbedit --kickoff-time/-K to set the user's kickoff time.
  + BUG 6828: Fix infinite timeout when byte lock held outside of samba.
  + BUG 6837: Fix "Too many open files" message when trying to access a large
    number of files with Windows 7; (bnc#619787).
  + BUG 6841: Fix "map acl inherit = yes".
  + BUG 6850: Fix shadow copy display on Windows 7.
  + BUG 6867: Fix listing of directories with a lot of files.
  + BUG 6868: Support building with Heimdal we well as with MIT.
  + BUG 6875: Fix DOS attributes on OS/2 clients.
  + BUG 6880: Fix listing of workgroup servers in libsmbclient.
  + BUG 6898: Samba duplicates file content on appending.
  + BUG 6918: Fix krb5 build problem on Ubuntu karmic.
  + BUG 6929: Fix build with recent heimdal.
  + BUG 6939: Fix long filenames with "mangling method = hash".
  + BUG 6967: Fix 'net ads join' with OU.
  + BUG 6981: Fix paged search with DirX LDAP server.
  + BUG 6982: Remove erroneous out of memory error path in lookup_sid.
  + BUG 6997: Fix _samr_GetAliasMembership for results with 0 rids.
  + BUG 7005: Fix "mangle method = hash" truncates files with dot "."
    character.

  + Fix the build of the winbind krb5 locator plugin.
  + Fix enumprinter key client and server.

-------------------------------------------------------------------
Wed Jan  6 17:17:58 UTC 2010 - lmuelle@suse.de

- Readjust the _libdir/cups/backend/smb sym link only on uninstall of the
  samba-krb-printing package; (bnc#568603).

-------------------------------------------------------------------
Fri Jan  1 20:04:09 UTC 2010 - lars@samba.org

- Add BuildRequires to fam-devel; (bnc#564260).

-------------------------------------------------------------------
Wed Dec 30 22:04:19 CET 2009 - jmcdonough@suse.de

- Prevent winbind crash; (bso#7014); (bnc#566119).

-------------------------------------------------------------------
Mon Dec 21 20:16:21 CET 2009 - sjayaraman@suse.de

- Fix processing of open modes in POSIX open; (bnc#530683).

-------------------------------------------------------------------
Thu Dec 17 22:26:17 CET 2009 - jengelh@medozas.de

- Add baselibs.conf as a source.

-------------------------------------------------------------------
Tue Dec 15 16:47:48 UTC 2009 - lmuelle@suse.de

- Update to 3.5.0pre2.
  + BUG 2350: Add LDAP Alias Dereferencing support.
  + BUG 6288: SWAT adds a second share when changing parameters of an existing
    share.
  + BUG 6435: Fix minor memory corruption.
  + BUG 6710: Only install the cifs.upcall man page if CIFSUPCALL_PROGS was
    set while configure.
  + BUG 6802: A created folder does not properly inherit permissions from
    parent in vfs_acl_xattr.
  + BUG 6837: "Too many open files" when trying to access large number of
    files from Windows 7; (bnc#619787).
  + BUG 6860: Fix shared library build on QNX.
  + BUG 6879: Fix crash in Winbind.
  + BUG 6929: Fix build with recent heimdal.
  + BUG 6938 : No hook exists to check creation rights when using acl_xattr
    module.
  + BUG 6967: Prevent glibc error on 'net ads join'.

  + Fix vfs_acl_xattr which was failing to call the NEXT connect function.
  + Restructure the ACL code.
  + Refactor reply_rmdir to use handle based code.
  + Fix the build when no external talloc and tdb are installed.
  + Fix detection of CTDB headers on systems without system-libtalloc.
  + Fix several printing issues.
  + Fix the build on Mac OS X 10.6.2.
  + Fix net and rpcclient after setprinterdataex changes.
  + Add full support for level 8 printer drivers.
  + Add more spoolss architectures to IDL.
  + Fix enumprinter key client and server.
  + Fix crash in EnumPrinterDataEx.
  + Prefer posix_fallocate for doing "strict allocate".
  + Restore "fake directory create times" as a share parameter.
  + Fix explicit stat64 support.
  + Add support for NetWkstaGetInfo 101 and 102.
  + Add rpcclient wkssvc_enumerateusers.
  + De-deprecate "write cache size" to prevent its removal without a proper
    alternative.
  + Allow more than 1000 users in BUILTIN\Users.
  + Complete support for NetWkstaGetInfo/NetWkstaEnumUsers.
  + Fix the build of the example VFS modules.
  + Fix crash in free_file_list().
  + Give the user a chance to change password when password will expire soon.

-------------------------------------------------------------------
Wed Dec  9 20:44:21 UTC 2009 - lmuelle@suse.de

- Store the smbfs service state if enabled and restore it for cifs while
  upgrade on post-11.2 systems.

-------------------------------------------------------------------
Wed Dec  9 16:43:45 UTC 2009 - lmuelle@suse.de

- Prevent cifstab from being overwritten while upgrade on post-11.2 systems.

-------------------------------------------------------------------
Wed Dec  9 07:44:59 CET 2009 - boyang@suse.de

- Give the user a chance to change password when password will expire soon;
  (FATE#302414).

-------------------------------------------------------------------
Tue Dec  8 18:19:33 UTC 2009 - lmuelle@suse.de

- Rename smbfs init script to cifs for post-11.2 systems.

-------------------------------------------------------------------
Tue Dec  8 19:53:12 CEST 2009 - jmcdonough@suse.de

- Allow Windows 7 to connection to samba domain controllers and
  member servers; (bnc#551811); (bso#6099); (bso#6100); (bso#6680).

-------------------------------------------------------------------
Fri Dec  4 18:59:22 CET 2009 - jmcdonough@suse.de

- Error on joining windows domain (invalid pointer); (bso#6967);
  (bnc#553622).

-------------------------------------------------------------------
Thu Dec  3 11:47:02 CET 2009 - lmuelle@suse.de

- Add PreReq /usr/sbin/groupadd to the winbind package; (bnc#559165).
- Simplify the winbind package %pre script and suppress stdout only.

-------------------------------------------------------------------
Thu Nov 26 19:53:13 CET 2009 - lmuelle@suse.de

- Update to 3.5.0pre1
  + Add support for full Windows timestamp resolution.
  + Experimental implementation of SMB2.
  + Add encryption support for connections to a CUPS server.
  + Major windbind asynchronous refactoring.
- Remove using_samba from the doc package.
- Increase major version of libtalloc to 2.

-------------------------------------------------------------------
Thu Nov 19 03:57:41 CET 2009 - boyang@suse.de

- Fix kerberos refresh chain; (bnc#546162); (bso#6872).

-------------------------------------------------------------------
Fri Nov  6 19:55:27 CET 2009 - lmuelle@suse.de

- Hardlink duplicate files on post-11.1 systems.

-------------------------------------------------------------------
Fri Nov  6 18:08:17 CET 2009 - lmuelle@suse.de

- Add BuildArch noarch to samba-doc on post-11.1 systems.

-------------------------------------------------------------------
Tue Nov  3 03:10:47 CET 2009 - boyang@suse.de

- Use full 16byte session key in make_user_info_netlogon_interactive();
  (bnc#551811).

-------------------------------------------------------------------
Thu Oct 29 14:22:08 CET 2009 - lmuelle@suse.de

- Update to 3.4.3.
  + Fix trust relationships to windows 2008 (2008 r2) (bug #6711).
  + Fix file corruption using smbclient with NT4 server (bug #6606).
  + Fix Windows 7 share access (which defaults to NTLMv2) (bug #6680).

  + BUG 4675: mount.cifs: Do not attempt to update /etc/mtab if it is a
    symbolic link.
  + BUG 6529: Offline files conflict with Vista and Office 2003.
  + BUG 6532: Fix domain enumeration if master browser has space in name.
  + BUG 6606: Fix file corruption using smbclient with NT4 server.
  + BUG 6690: Fix wrong error check in profile.
  + BUG 6703: Allow smbstatus as non-root.
  + BUG 6704: Fix syntax error in avahi configure test.
  + BUG 6707: Fix an occasional segfault in config file parsing.
  + BUG 6710: Adjust regex to match variable names including underscores.
  + BUG 6711: Fix trust relationships to windows 2008 (2008 r2).
  + BUG 6726: SIVAL should have been an SVAL.
  + BUG 6728: BSD needs sys/sysctl.h included to build properly.
  + BUG 6731: Fix reading beyond the end of a named stream in xattr_streams.
  + BUG 6735: Don't overwrite password in pam_winbind, subsequent pam modules
    might use the old password and new password.
  + BUG 6764: Fix timeval calculation.
  + BUG 6765: Add a "hidden" parameter "share:fake_fscaps".
  + BUG 6769: Fix symlink unlink.
  + BUG 6772: Allow outstanding_aio_calls to be decremented.
  + BUG 6774: smbd crashes if "aio write behind" is set.
  + BUG 6776: Fix core dump caused by running overlapping Byte Lock test.
  + BUG 6781: Fix renaming subfolders in Explorer view.
  + BUG 6791: Fix linking order in cifs.upcall.
  + BUG 6793: Fix Winbind crash with "INTERNAL ERROR: Signal 6".
  + BUG 6793: Fix segfault in winbindd_pam_auth.
  + BUG 6796: Deleting an event context on shutdown can cause smbd to crash.
  + BUG 6797: Fix a memleak in libwbclient.
  + BUG 6804: Fix hpux compiler issue.
  + BUG 6805: Correctly handle aio_error() and errno.
  + BUG 6807: Fix a segfault in "net rpc trustdom list" for long domain names.
  + BUG 6810: Add support for finding alternate credcaches to cifs.upcall.
  + BUG 6811: Fix reference to freed memory in pam_winbind.
  + BUG 6815: Fix Windows 2008 R2 SPNEGO negTokenTarg parsing failure.
  + BUG 6824: Fix avahi activation.
  + BUG 6826: Don't fail authentication when one or some group of
    require-membership-of is invalid.
  + BUG 6828: Fix infinite timeout when byte lock held outside of Samba.
  + BUG 6829: Fix displaying of multibyte characters in smbclient.
  + BUG 6840: Fix crash in pam_winbind.

  + Fix an uninitialized variable.
  + Only ever handle one event after a select call.
  + Conditional install of the cifs.upcall man page.
  + Fix warning occuring when building the manpages.

-------------------------------------------------------------------
Fri Oct 23 10:50:50 CEST 2009 - lmuelle@suse.de

- Let smbclient show special characters properly; (bso#6829); (bnc#544204).

-------------------------------------------------------------------
Fri Oct 23 05:07:37 CEST 2009 - boyang@suse.de

- Don't fail authentication when one or some group of require-membership-of
  is invalid; (bnc#525123); (bso#6826).

-------------------------------------------------------------------
Fri Oct 16 10:31:53 CEST 2009 - jmcdonough@suse.de

- Allow winbind to ignore certain domains; (bnc#539506).

-------------------------------------------------------------------
Thu Oct  8 21:54:16 CEST 2009 - lmuelle@suse.de

- Update to 3.4.2.
  + Fix unresolved home path; CVE-2009-2813; (bso#6763); (bnc#539517).
  + Fix potential denial of service; CVE-2009-2906; (bso#6768); (bnc#543115).
  + Fix potential mount.cifs password leaks; CVE-2009-2948; (bnc#542150).

-------------------------------------------------------------------
Wed Sep 30 12:56:02 CEST 2009 - jmcdonough@suse.de

- Fix potential denial of service; CVE-2009-2906; (bnc#543115).

-------------------------------------------------------------------
Fri Sep 25 18:57:30 CEST 2009 - jmcdonough@suse.de

- Fix potential mount.cifs password leaks; CVE-2009-2948; (bnc#542150).

-------------------------------------------------------------------
Wed Sep 23 21:56:35 CEST 2009 - jmcdonough@suse.de

- Fix unresolved home path; CVE-2009-2813; (bnc#539517).

-------------------------------------------------------------------
Mon Sep 21 11:56:54 CEST 2009 - boyang@suse.de

- Don't overwrite password in pam_winbind; (bnc#515444).

-------------------------------------------------------------------
Mon Sep 14 12:56:58 UTC 2009 - chris@computersalat.de

- mods for winbind (when used with squid - ntlm_auth)
  o winbind adds group 'winbind'
  o permission 0750,root,winbind LOCKDIR/winbindd_privileged

-------------------------------------------------------------------
Thu Sep 10 22:19:57 CEST 2009 - lmuelle@suse.de

- Merge two fixes from 3.2.8 and 3.3.1.
  + Adjust regex to match variable names including underscores.
  + Conditional install of the cifs.upcall man page.

-------------------------------------------------------------------
Thu Sep 10 00:36:36 CEST 2009 - lmuelle@suse.de

- Remove supplements from baselibs.conf while %clean for pre-11.1 systems;
  (bnc#520579).

-------------------------------------------------------------------
Wed Sep  9 17:26:58 CEST 2009 - lmuelle@suse.de

- Update to 3.4.1.
  + Fix authentication on member servers without Winbind (bug #6650).
  + Nautilus fails to copy files from an SMB share (bug #6649).
  + Fix connections of Win98 clients (bug #6551).
  + Fix interdomain trusts with Windows 2008 R2 DCs (bug #6697).
  + Fix Winbind authentication issue (bug #6646).

  + BUG 5879: Update LDAP schema for Netscape DS 5.
  + BUG 5886: Fix password change propagation with ldapsam.
  + BUG 6105: Make linking of cifs.upcall and rpcclient --as-needed safe.
  + BUG 6222: Default to DRSUAPI replication for net rpc vampire keytab.
  + BUG 6437: Make open_udp_socket() IPv6 clean.
  + BUG 6496: MS-DFS cannot follow multibyte char link name in libsmbclient.
  + BUG 6506: Smbd server doesn't set EAs when a file is overwritten in
    NT_TRANSACT_CREATE.
  + BUG 6532: Fix the build with external talloc.
  + BUG 6538: Cancel all locks that are made before the first failure.
  + BUG 6560: Fix lookupname.
  + BUG 6564: SetPrinter fails (panics) as non root.
  + BUG 6568: Fix _spoolss_GetPrintProcessorDirectory() implementation.
  + BUG 6585: Fix unqualified "net join".
  + BUG 6593: Correctly implement SMB_INFO_STANDARD setfileinfo.
  + BUG 6601: Avoid global fd limits.
  + BUG 6607: Fix crash bug in spoolss_addprinterex_level_2.
  + BUG 6611: Fix a valgrind error in chain_reply.
  + BUG 6615: Fix browsing of DFS when using kerberos in libsmbclient.
  + BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds.
  + BUG 6650: Fix authentication on member servers without Winbind.
  + BUG 6651: Fix smbd SIGSEGV when breaking oplocks.
  + BUG 6655: Fix 'smbcontrol smbd ping'.
  + BUG 6620: Fix a bug in renames of directories.
  + BUG 6664: Fix truncation of the session key.
  + BUG 6673: Fix 'smbpasswd' with "unix password sync = yes".
  + BUG 6680: Fix authentication failure from Windows 7 when domain joined.
  + BUG 6688: Fix crash in 'net usershare list'.
  + BUG 6693: Check we read off the complete event from inotify.
  + BUG 6700: Use dns domain name when needing to guess server principal.

-------------------------------------------------------------------
Thu Aug 13 03:52:07 CEST 2009 - boyang@suse.de

- Update to 3.2.14.
  + Fix SAMR access checks (e.g. bugs #6089 and #6112).
  + Fix 'force user' (bug #6291).
  + Improve Win7 support (bug #6099).
  + Fix posix ACLs when setting an ACL without explicit ACE for the
    owner (bug #2346).

  + BUG 6387: Fix Winbind crash when multiple IDmappings exist in the
    LDAP directory.
  + BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache().
  + BUG 6089: Fix SAMR access checks.
  + BUG 6112: Fix SAMR access checks.
  + BUG 6279: Fix Winbind crash.
  + BUG 6291: Fix 'force user'.
  + BUG 6099: Try to fix domain join of Win7 Beta.
  + BUG 6386: Groupdb mapping fix.
  + BUG 6421: Fix POSIX read-only open on read-only shares.
  + BUG 6476: Fix more smbd-zombies in memory.
  + BUG 6488: acl_group_override() call in posix acls references an
    uninitialized variable.
  + BUG 6504: Fix SAMR server for Winbind access.
  + BUG 6520: Fix time stamps.
  + BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit.
  + BUG 6340: Don't segfault when cleartext trustdom pwd could not be
    retrieved.
  + BUG 6372: Fix usermanager only displaying 1024 groups and aliases.
  + BUG 6465: Fix enum_aliasmem in ldb branch.
  + BUG 6484: Fix searching for users while adding them to groups via
    Windows usermanager.
  + BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the
    owner.
  + BUG 6526: Let parent_dirname() correctly return toplevel filenames.
  + BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds.
  + BUG 5798: Preserve CFLAGS info in configure.
  + BUG 6382: Case insensitive access to DFS links broken.
  + BUG 6481: Don't require "Modify property" perms to unjoin.
  + BUG 6628: 'smbpasswd -a' uses algorithmic rid base with
    'passdb backend = tdbsam'.
  + BUG 6560: Lookupname failed, cannot find domain when attempt to change
    password.

  + Prevent creation of keys containing the '/' character.
  + Fix join of Windows 7 RC to a Samba3 DC.
  + Fix bug in processing of open modes in POSIX open.
  + Fix the negotiate flags.
  + Protect netlogon_creds_server_step() against NULL creds.
  + Also handle DirX return codes.
  + Fix a crash bug if we timeout in net rpc trustdom list.
  + Add '--request-timeout' option to 'net'.
  + Fix a race condition in Winbind leading to a panic.
  + Add workaround for MS KB932762.
  + 5945: Fix out of memory error with Winbind idmap.
  + Avoid duplicate ACEs.
  + Fix profile ACLs in some corner cases.
  + Zero an uninitialized array.

-------------------------------------------------------------------
Wed Aug 12 05:07:06 CEST 2009 - boyang@suse.de

- Unable to browse DFS when using kerberos in libsmbclient; (bnc#528271);
  (bso#6615).

-------------------------------------------------------------------
Mon Aug 10 03:53:53 CEST 2009 - boyang@suse.de

- check in .po files for pam_winbind; (bnc#499233); (bso#6602).

-------------------------------------------------------------------
Thu Aug  6 16:24:23 CEST 2009 - hhetter@suse.de

- Add ntp and network-remotefs as Should-Start dependency to the winbind init
  script; (bnc#515629).

-------------------------------------------------------------------
Thu Aug  6 14:40:21 CEST 2009 - lmuelle@suse.de

- Update to 3.0.36.
  + Fix Winbind crash on 'getent group' (bug #5906).
  + Excel save operation corrupts file ACLs (bug #4308).
  + Prevent segmentation fault on joining a very long domain name.

  + BUG 4308: Excel save operation corrupts file ACLs.
  + BUG 4370: Clean-up entries in /etc/mtab after unmount.
  + BUG 4640: Fix guest mounts in mount-cifs.
  + BUG 5906: Fix Winbind crash on 'getent group'.
  + BUG 6066: netinet/ip.h present but cannot be compiled on Solaris.
  + BUG 6099: In order to allow Win7 to connect to a Samba NT style.
  + BUG 6279: Fix Winbind crash.
    PDC we set the flags before we know if it's an error or not.
  + BUG 6085: Fix build of vfs_default.
  + BUG 6098: When the DNS server is invalid, the ads_find_dc() does not work
    correctly.

  + Fix logic error in try_chown.
  + Correctly use chroot().
  + Fix bug in processing of open modes in POSIX open.
  + Don't install the cifs.upcall binary twice.
  + Fix mount.cifs handling of -V option.
  + Prevent segmentation fault on joining a very long domain name.
  + Don't try and delete a default ACL from a file.
  + Add workaround for MS KB932762.
  + Add fakemount (-f) and nomtab (-n) flags to mount.cifs.
  + Fix a crash during name resolution when log level >= 10
    and libc segfaults if printf is passed NULL for a "%s" arg.

-------------------------------------------------------------------
Sat Aug  1 18:39:53 CEST 2009 - lmuelle@suse.de

- Use a conditional suse_version macro in front of the SUSE_ASNEEDED export.

-------------------------------------------------------------------
Mon Jul 27 13:45:04 CEST 2009 - boyang@suse.de

- lookupname failed, cannot find domain when attempt to change password;
  (bnc#520645); (bso#6560).

-------------------------------------------------------------------
Thu Jul 16 16:09:48 CEST 2009 - lmuelle@suse.de

- Don't link with --as-needed flag on post-11.1 systems.

-------------------------------------------------------------------
Tue Jul 14 23:50:08 CEST 2009 - lmuelle@suse.de

- Stop the smbfs service if an interface goes down; (bnc#517768).

-------------------------------------------------------------------
Wed Jul  8 19:45:21 CEST 2009 - lmuelle@suse.de

- Disable build of static libraries on post-11.1 systems; (bnc#509945).

-------------------------------------------------------------------
Wed Jul  8 15:35:20 CEST 2009 - jmcdonough@suse.de

- Fix missing zlibs for cifs.upcall and test_shlibs.

-------------------------------------------------------------------
Fri Jul  3 17:21:17 CEST 2009 - lmuelle@suse.de

- Update to 3.4.0.
  + BUG 6431: Local groups from 3.0 setups no longer found.
  + BUG 6459: Fix build of pam_smbpass on some distributions.
  + BUG 6481: 'net ads leave' needs to try account deletion, NetUnjoinDomain
    not.
  + BUG 6497: Fix calling of 'test' in configure.
  + BUG 6498: Add workaround for MS KB932762.
  + BUG 6499: Fix building of pam_smbpass.
  + BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache().
  + BUG 6512: Fix support for enumerating user forms.
  + BUG 6514: Improve error message in 'net' when smb.conf is not available.
  + BUG 6520: Fix time stamps when "unix extensions = yes".
  + BUG 6521: Fix building tevent_ntstatus without config.h.
  + BUG 6526: Fix notifies in the share root directory.
  + BUG 6531: Fix pid file name.

-------------------------------------------------------------------
Thu Jul  2 13:04:53 CEST 2009 - lmuelle@suse.de

- Package /etc/samba/smbpasswd as %ghost on post-11.1 systems.

-------------------------------------------------------------------
Tue Jun 30 13:26:32 CEST 2009 - jmcdonough@suse.de

- Fix net ads leave; (bnc#511695).

-------------------------------------------------------------------
Thu Jun 25 12:25:33 CEST 2009 - sbrabec@suse.cz

- Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164).
- Supplement glibc-32bit/glibc-64bit in baselibs.conf (bnc#354164).

-------------------------------------------------------------------
Wed Jun 24 17:11:15 CEST 2009 - lmuelle@suse.de

- Update to 3.2.13, 3.3.6.
  + In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with
    file names treat user input as a format string to asprintf.  With a
    maliciously crafted file name smbclient can be made to execute code
    triggered by the server; CVE-2009-1886; (bnc#513360); (bso#6478).

-------------------------------------------------------------------
Wed Jun 24 16:01:42 CEST 2009 - lmuelle@suse.de

- Update to 3.0.35.
  + In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
    data value can potentially affect access control when "dos filemode"
    is set to "yes"; CVE-2009-1888; (bnc#515479).

-------------------------------------------------------------------
Tue Jun 23 12:32:18 CEST 2009 - jmcdonough@suse.de

- Uninitialized read of a data value; CVE-2009-1888 (bnc#515479).

-------------------------------------------------------------------
Fri Jun 19 12:01:52 CEST 2009 - lmuelle@suse.de

- Update to 3.4.0rc1.
  + BUG 4699: Remove pidfile on clean shutdown.
  + BUG 5456: Fix "net ads testjoin".
  + BUG 6081: Make it possible to change machine account sids.
  + BUG 6253: Use correct value for password expiry calculation in
    pam_winbind.
  + BUG 6297: Owner of sticky directory cannot delete files created by others.
  + BUG 6305: Correctly prompt for a password when a username was given.
  + BUG 6328: Add support for multiple rights to
    "net sam rights grant/revoke".
  + BUG 6333: Consolidate create/delete account paths in pdbedit.
  + BUG 6449: 'net rap user add' crashes without -C option.
  + BUG 6451: net/libnetapi user rename using wrong access bits.
  + BUG 6458: Fix uninitialized variable in local_password_change().
  + BUG 6465: Fix enumeration of empty aliases.
  + BUG 6476: Fix smbd-zombies in memory when using [x]inetd.
  + BUG 6487: Add missing DFS call in trans2 mkdir call.
  + BUG 6488: acl_group_override() call in posix acls references an
    uninitialized variable.

  + Improve pam_winbind documentation.
- Install a vendor copy of samba-common.dhcp as dhcpcd-hook-samba-functions.

-------------------------------------------------------------------
Thu Jun 18 16:29:34 CEST 2009 - boyang@suse.de

- Samba 3.2.0 - 3.2.12 smbclient commands dealing with file names treat user
  input as a format string to asprintf; CVE-2009-1886; (bnc#513360).

-------------------------------------------------------------------
Wed Jun 17 18:11:46 CEST 2009 - boyang@suse.de

- Fix a bad memleak in vfs_full_audit; (bnc#510035).

-------------------------------------------------------------------
Mon Jun 16 16:51:38 CEST 2009 - lmuelle@suse.de

- Update to 3.3.5.
  + Fix SAMR and LSA checks (bug #6089, #6289)
  + Fix posix acls when setting an ACL without explicit ACE for the
    owner (bug #2346).
  + Fix joining of Win7 into Samba domain (bug #6099).
  + Fix joining of Win2000 SP4 clients (bug #6301).

  + BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the
    owner.
  + BUG 5832: Fix build on RHEL when ccache is not available.
  + BUG 5853: Add keyutils-devel to build requires to fix build on RHEL.
  + BUG 5897: Fix shutdown script example in the smb.conf manpage.
  + BUG 6089: Revert the extra SAMR and LSA checks.
  + BUG 6099: Fix joining of Win7 into Samba domain.
  + BUG 6157: Fix handling of multi-value attribute "uid".
  + BUG 6289: Revert the extra SAMR and LSA checks.
  + BUG 6297: Owner of sticky directory cannot delete files created by others.
  + BUG 6301: Fix joining of Win2000 SP4 clients.
  + BUG 6309: Support remote unjoining of Windows 2003 or greater.
  + BUG 6315: smbd crashes doing vfs_full_audit on IPC$ close event.
  + BUG 6320: Handle registry config source in file_list.
  + BUG 6330: Fix DFS on AIX.
  + BUG 6336: Fix 'net groupmap set' segfault.
  + BUG 6361: Make --rcfile work in smbget.
  + BUG 6365: Re-Add the "dropbox" functionality with -wx rights on a
    directory.
  + BUG 6372: Fix usermanager only displaying 1024 groups and aliases.
  + BUG 6382: Fix case insensitive access to DFS links.
  + BUG 6415: Filter out of range mappings in default idmap config in
    idmap_tdb.
  + BUG 6416: Filter out of range mappings in default idmap config in
    idmap_tdb2.
  + BUG 6417: Filter out of range mappings in default idmap config in
    idmap_ldap.
  + BUG 6441: Fix the compile with --enable-dnssd.
  + BUG 6449: 'net rap user add' crashes without -C option.
  + BUG 6465: Fix enumeration of empty aliases (ldb backend).

  + Prevent infinite include nesting.
  + Mark registry shares without path unavailable.
  + Also handle DirX return codes.
  + Fix Coverity ID 897.
  + Do not crash in ctdbd_traverse if ctdbd is not around.
  + Fix a race condition in winbind leading to a panic.
  + Some man pam_winbind improvements.
  + Zero an uninitialized array.

-------------------------------------------------------------------
Mon Jun 16 14:42:33 CEST 2009 - lmuelle@suse.de

- Update to 3.2.12.
  + Fix SAMR and LSA checks (bug #6089, #6289)
  + Fix posix acls when setting an ACL without explicit ACE for the
    owner (bug #2346).
  + Fix "force user" (bug #6291).
  + Fix Winbind crash (bug #6279).
  + Fix joining of Win7 into Samba domain (bug #6099).

  + BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the
    owner.
  + BUG 5798: CFLAGS info lost in configure.
  + BUG 5832: Fix build on RHEL when ccache is not available.
  + BUG 5835: Add keyutils-devel to build requires.
  + BUG 5945: Fix out of memory error with Winbind idmap.
  + BUG 6089: Revert the extra SAMR and LSA checks.
  + BUG 6099: Fix joining of Win7 into Samba domain.
  + BUG 6279: Fix Winbind crash.
  + BUG 6289: Revert the extra SAMR and LSA checks.
  + BUG 6291: Fix "force user".
  + BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit.
  + BUG 6372: Fix usermanager only displaying 1024 groups and aliases.
  + BUG 6386: Groupdb mapping fix.
  + BUG 6382: Fix case insensitive access to DFS links.
  + BUG 6465: Fix enumeration of empty aliases (ldb backend).

  + Prevent creation of keys containing the '/' character.
  + Fix bug in processing of open modes in POSIX open.
  + Protect netlogon_creds_server_step() against NULL creds.
  + Also handle DirX return codes.
  + Fix a race condition in winbind leading to a panic.
  + Fix a crash bug if we timeout in net rpc trustdom list.
  + Fix profile acls in some corner cases.

-------------------------------------------------------------------
Fri Jun 12 23:03:54 CEST 2009 - lmuelle@suse.de

- Default with passdb backend to smbpasswd for SUSE products older than 11.2.

-------------------------------------------------------------------
Fri Jun 12 15:47:51 CEST 2009 - lmuelle@suse.de

- Explicitly use 'tdbsam' as passdb backend in the default smb.conf file.

-------------------------------------------------------------------
Mon Jun  8 23:18:02 CEST 2009 - lmuelle@suse.de

- Update to 3.4.0pre2.
  + The default passdb backend has been changed to 'tdbsam'!
  + Samba4 and Samba3 sources are included in the tarball.
  + Changed the way smbd handles untrusted domain names given during user
    authentication.
  + Various fixes including printer change notificiation for Samba spoolss
    print servers.
  + The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog
    and spoolss) were replaced by autogenerated code based on PIDL.
  + Samba3 and Samba4 do now share a common tevent library.
  + The code has been cleaned up and the major basic interfaces are shared
    with Samba4 now.
  + An asynchronous API has been added.
  + Made parameter syntax of the net command more consistent.

  + BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the
    owner.
  + BUG 4271: testparm should not print includes.
  + BUG 4831: Don't call openlog() or closelog() from pam_smbpass.
  + BUG 5681: Do not limit the number of network interfaces.
  + BUG 5859: Fix renaming of samr objects failed due to samr setuserinfo
    access checks.
  + BUG 6099: Fix NETLOGON credential chain.
  + BUG 6136: New AFS syscall conventions.
  + BUG 6157: Fix handling of multi-value attribute "uid".
  + BUG 6253: Use correct value for password expiry calculation.
  + BUG 6291: Fix 'force user'.
  + BUG 6292: Update config.guess from gnu.org.
  + BUG 6302: Give the VFS a chance to read from 0-byte files.
  + BUG 6309: Support remote unjoining of Windows 2003 or greater.
  + BUG 6313: ldapsam_update_sam_account() crashes while doing talloc_free on
    malloced memory.
  + BUG 6315: Fix smbd crashes when doing vfs_full_audit on IPC$ close event.
  + BUG 6320: Handle registry config source in file_list.
  + BUG 6330: Fix DFS on AIX.
  + BUG 6336: Fix segfault in 'net groupmap set'.
  + BUG 6340: Don't segfault when cleartext trustdom pwd could not be
    retrieved.
  + BUG 6357: Use Samba default command line arguments in 'net'.
  + BUG 6359: smbclient -L does not list workgroup for hosts with both IPv4
    and IPv6 addresses
  + BUG 6361: Make --rcfile work in smbget.
  + BUG 6371: Unsuccessful 'net conf setparm' leaves empty share.
  + BUG 6372: usermanager only displaying 1024 groups and aliases.
  + BUG 6387: Fix a crash bug in idmap_ldap_unixids_to_sids.
  + BUG 6415: Filter out of range mappings in default idmap config
    (idmap_tdb).
  + BUG 6416: Filter out of range mappings in default idmap config
    (idmap_tdb2).
  + BUG 6417: Filter out of range mappings in default idmap config
    (idmap_ldap).

  + Change the way smbd handles untrusted domain names given during user
    authentication.
  + Replace the hand-marshalled DCE/RPC services ntsvcs, svcctl, eventlog and
    spoolss by autogenerated code based on PIDL.
  + Fix several printing issues and improve support for printer change
    notificiations.
  + Add 'net eventlog'.
  + Add asynchronous API.
  + Make Samba3 and Samba4 share a tevent library.
  + Add two new parameters to control how we verify kerberos tickets.
  + Add 'net rpc service' subcommands 'create' and 'delete'.
  + Fix the core of the SAMR access functions.
  + Fix SAMR server for winbindd access.
  + Add dbwrap_tool - a tdb tool that is CTDB-aware.
  + Hide "config backend" from swat.
  + Fix linking with --disable-shared-libs.
  + Fix issue with missing entries when enumerating directories.
  + Map NULL domains to our global sam name.
  + Fix driver upload for Xerox 4110 PS printer driver.
  + Add "net dom renamecomputer" to rename machines in a domain.
  + Inspect the correct computername string before enabling/disabling the
    change button in netdomjoin-gui.
  + Fix join prompt dialog test in netdomjoin-gui.
  + Only gray out labels when not root and not connecting to remote
    machines (netdomjoin-gui).
  + Allow to switch between workgroups/domains with the same name
    (netdomjoin-gui).
  + Add NetShutdownInit and NetShutdownAbort.
  + Fix samr access checks.
  + Add a security model to LSA.
  + Also handle DirX return codes.
  + Do not crash in ctdbd_traverse if ctdbd is not around.
  + Fix Coverity ID 897.
  + Fix a race condition in vfs_aio_fork with gpfs share modes.
  + Fix bug disclosed by lock8 torture test.
  + Fix a race condition in winbind leading to a panic.
  + Detect tight loop in tdb_find().
  + Fix chained sesssetupAndX/tconn messages.
  + Fix strict locking with chained reads.
  + Fix two bugs in sendfile.
  + Fix memory leak.
  + Fix file descriptor leak.
  + Fallback to the legacy sid_to_(uid|gid) instead of returning NULL.
  + Always allocate memory in dptr_ReadDirName.
  + Fix 'net' crash during domain join.
  + Zero an uninitialized array.
  + Allow child processes to exit gracefully if we are out of fds.

-------------------------------------------------------------------
Thu Jun  4 18:54:34 CEST 2009 - sjayaraman@suse.de

- Enable cifs.upcall on versions newer than SUSE 10.0.

-------------------------------------------------------------------
Thu Jun  4 18:43:13 CEST 2009 - sjayaraman@suse.de

- Add BuildRequires to keyutils-devel.

-------------------------------------------------------------------
Thu Jun  4 18:14:40 CEST 2009 - sjayaraman@suse.de

- Remove redundant Requires to keyutils-libs for cifs-mount.

-------------------------------------------------------------------
Wed May 27 22:26:15 CEST 2009 - jmcdonough@suse.de

- Detect tight loop in tdb_find(); (bnc#450974).

-------------------------------------------------------------------
Mon May 18 18:03:00 CEST 2009 - jmcdonough@suse.de

- Fix lp printing with kerberos; (bnc#476913).

-------------------------------------------------------------------
Sat May  9 20:19:51 CEST 2009 - lmuelle@suse.de

- Add BuildRequires to ctdb-devel for systems newer than SUSE 10.0 and all
  other build targets.

-------------------------------------------------------------------
Thu Apr 30 15:47:13 CEST 2009 - lmuelle@suse.de

- Update to 3.4.0pre1.
  + Samba4 and Samba3 sources are included in the tarball
  + Changed the way smbd handles untrusted domain names given during user
    authentication.
  + Various fixes including printer change notificiation for Samba spoolss
    print servers.
  + The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog
    and spoolss) were replaced by autogenerated code based on PIDL.
  + Samba3 and Samba4 do now share a common tevent library.
  + The code has been cleaned up and the major basic interfaces are shared
    with Samba4 now.
  + An asynchronous API has been added.

  + Change the way smbd handles untrusted domain names given during user
    authentication.
  + Replace the hand-marshalled DCE/RPC services ntsvcs, svcctl, eventlog and
    spoolss by autogenerated code based on PIDL.
  + Fix several printing issues and improve support for printer change
    notificiations.
  + Add 'net eventlog'.
  + Add asynchronous API.
  + Make Samba3 and Samba4 share a tevent library.
  + Add two new parameters to control how we verify kerberos tickets.
  + Add 'net rpc service' subcommands 'create' and 'delete'.
  + Make merged build possible.
  + Move common libraries to the shared lib/ directory.

-------------------------------------------------------------------
Thu Apr 30 15:15:41 CEST 2009 - lmuelle@suse.de

- Update to 3.3.4.
  + Fix domain logins for WinXP clients pre SP3 (bug #6263).
  + Fix samr_OpenDomain access checks (bug #6089).
  + Fix usrmgr.exe creating a user (bug #6243).

  + BUG 6089: Fix samr_OpenDomain access checks.
  + BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with
    "msdfs root" set to "yes".
  + BUG 6279: Fix Winbind crash.
  + BUG 5329: Add "net rpc service delete/create".
  + BUG 6238: Make sure wbcLogoffUserParams are properly initialized before
    freed.
  + BUG 6263: Fix domain logins for WinXP clients pre SP3.
  + BUG 6286: Call init function for builtin idmap modules before probing for
    them as shared modules.
  + BUG 6243: Fix usrmgr.exe creating a user.

  + net conf: Save share name as given, not as lower case only.
  + Prevent creation of registry keys containing the '/' character.
  + Allow pdbedit to change a user rid/sid.
  + When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid.
  + Don't access a freed structure when logging off and re-using a vuid.
  + Try to to fix password_expired flag handling.
  + Make sure to grey out change fields in the netdomjoin-gui when not
    running as root.
  + Don't look up local user for remote changes, even when root.
  + Use procid_str in debug messages for better cluster-debuggability.
  + Use cluster-aware procid_is_me instead of comparing pids.
  + Fix smbd crash for close_on_completion.
  + Fix a memleak in an unlikely error path in change_notify_create().
  + Do not use the file system GET_REAL_FILENAME for mangled names.
  + Fix a crash bug if we timeout in net rpc trustdom list.
  + Add '--request-timeout' option to net.
  + In net_conf_import, start a transaction when importing a single share.
  + Fix writing of roaming profiles with "profile acls" set to "yes".

-------------------------------------------------------------------
Fri Apr 17 21:36:47 CEST 2009 - lmuelle@suse.de

- Update to 3.2.11.
  + Fix domain logins for WinXP clients pre SP3 (bug #6263).
  + Fix samr_OpenDomain access checks (bug #6089).
  + Fix smbd crash for close_on_completion.

  + BUG 6089: Fix samr_OpenDomain access checks.
  + BUG 6205: Correct sample smb.conf share configuration.
  + BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with
    "msdfs root" set to "yes".
  + BUG 6263: Fix domain logins for WinXP clients pre SP3.

  + Allow pdbedit to change a user rid/sid.
  + When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid.
  + Fix resume command typo for "printing = vlp".
  + Fix smbd crash for close_on_completion.
  + Fix a memleak in an unlikely error path in change_notify_create().
  + Don't look up local user for remote changes, even when root.

-------------------------------------------------------------------
Fri Apr 17 10:34:29 CEST 2009 - jmcdonough@suse.de

- Don't lookup local user for remote password changes; (bnc#493507).

-------------------------------------------------------------------
Thu Apr  2 22:14:03 CEST 2009 - lmuelle@suse.de

- Update to 3.3.3.
  + Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb
    correctly (bug #6195).
  + Fix serving of files with colons to CIFS/VFS client (bug #6196).
  + Fix "map readonly" (bug #6186).
  + BUG 6195: Don't let smbd child processes panic.
  + Add backend_requires_messaging() method to libsmbconf.
  + Add methods is_writeable() and wrapper smbconf_is_writeable() to libsmbconf.
  + Fall back to file backend when no valid backend was found.
  + Fix a memleak in dbwrap_rbt.
  + Provide transaction_start|commit|cancel fns for the registry tdb.
  + Speed up "net conf drop".
  + Speed up "net conf import".
  + Add transactions to the libsmbconf API.
  + Reduce memory usage of "net conf import".
  + Registry cleanup.
  + Fix handling of SAMBA_VERSION_VENDOR_PATCH.
  + Fix build of pam_winbind.so with static linking.
  + Tidy up some convert_string_internal error cases.
  + BUG 6224: nmbd waits 5 minutes at startup before checking if it needs to
    run elections.
  + Allow DFS client paths to work when POSIX pathnames have been selected.
  + Try and fix the build farm RAW-STREAMS errors.
  + Ensure files starting with multiple dots are hidden.
  + BUG 6102: NetQueryDisplayInformation could return wrong information.
  + BUG 6193: Avoid messing with sync_context in libnet_samsync_delta().
  + Fix notify_printer_status_byname.
  + Fix Coverity IDs 722, 762, 774, 775, 776.
  + Fix build on old Heimdal based systems.
  + Fix compile warning.
  + Use parentheses in if condition to make negation clear.
  + Add dirsort module.
  + BUG 6147: Fix detection of the GNU ld version.
  + BUG 6097: Fix smbd segfault.
  + BUG 6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped
    members.
  + BUG 6139: Add missing whitespace in mount.cifs error message.
  + Fix a malloc/talloc mismatch when cli_initialise() fails.
  + Fix a valgrind error.
  + Speed up "net conf list".
  + Add sorted subkey cache.
  + Use StrCaseCmp in the dirsort module.
  + Document the dirsort module.
  + Disable dns_sd by default.
  + Add avahi detection to configure.
  + Add event avahi binding.
  + Use avahi to register _smb._tcp in smbd.
  + Fix two memleaks in the encryption code.
  + Fix a scary "fill_share_mode_lock failed" message.
  + BUG 6228: Fix SMBC_open_ctx failure due to path resolve failure doesn't set
    errno.
  + Don't use reserved words in smbconftort.
  + Fix smb signing for fragmented trans/trans2/nttrans requests.
  + Parse_packet can return NULL which is then dereferenced in
    match_mailslot_name.
  + Format the header check for netinet/ip.h more nicely.
  + Missing break in conversion function prevents tdb password database
    update.

-------------------------------------------------------------------
Wed Apr  1 16:04:11 CEST 2009 - jmcdonough@suse.de

- Update to 3.2.10.
  + BUG #6195: Don't let smbd child processes panic.

-------------------------------------------------------------------
Wed Apr  1 13:03:44 CEST 2009 - jmcdonough@suse.de

- BUG 6195: Fix crash on passdb conversion.

-------------------------------------------------------------------
Tue Mar 31 15:06:03 CET 2009 - jmcdonough@suse.de

- Update to 3.2.9.
  + BUG 5920: The length of the memcpy was calculated wrong.
  + BUG 6097: Fix smbd segfault.
  + BUG 6098: Fix ads_find_dc() with "security = domain" when the DNS
              server is invalid.
  + BUG 6099: Samba returns incurrate capabilities list.
  + BUG 6100: Implement _netr_LogonGetCapabilities() with
              NT_STATUS_NOT_IMPLEMENTED.
  + BUG 6102: NetQueryDisplayInformation could return wrong information.
  + BUG 6130: Fix crash in winbindd_rpc lookup_groupmem() on unmapped
              members.
  + BUG 6133: Cannot delete non-ACL files on NFSv4 ACL filesystem.
  + BUG 6161: smbclient corrupts source path in tar mode.
  + BUG 6193: Avoid messing with sync_context in fetch_database_to_ldif().
  + BUG 6196: Unable to serve files with colons to Linux CIFS/VFS client.
  + BUG 6224: nmbd waits 5 minutes before checking to run elections.
  + BUG 6228: Fix SMBC_open_ctx failure when path failure doesn't set errno.
  + Numerous Coverity fixes
  + Fix double free caused by incorrect talloc_steal usage.
  + Backport delete semantics of alternate data streams on a file truncate.
  + Allow set attributes on a stream fnum to redirect to the base filename.
  + Fix use of streams modules with CIFSFS client.
  + Fix more POSIX path lstat calls.
  + Allow DFS client paths to work with POSIX pathnames.
  + Ensure files starting with multiple dots are hidden.
  + Fix guest auth when Winbind is running.
  + Fix memleak in get_remote_printer_publishing_data().
  + cifs mount fix for handling -V parameter.
  + Fix guest mounts.
  + Clean-up entries in /etc/mtab after unmount.
  + Add fakemount (-f) and nomtab (-n) flags to mount.cifs.
  + Enable total anonymization in vfs_smb_traffic_analyzer.
  + Don't try and delete a default ACL from a file.
  + Fix remotely adding a share via MMC.
  + Fix resume handle for _samr_EnumDomainGroups.
  + Fix a buffer handling bug when adding lots of registry keys.
  + Fix a O(n^2) algorithm in regdb_fetch_keys().
  + Fix a valgrind error / segfault in dns_register_smbd().
  + Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog.
  + Fix a malloc/talloc mismatch when cli_initialise() fails.
  + Fix two memleaks in the encryption code.
  + Fix "fill_share_mode_lock failed" message.
  + Add S-1-22-X-Y sids to the local token.
  + Fix smb signing for fragmented trans/trans2/nttrans requests.
  + Don't miss an absolute pathname as a kerberos keytab path.
  + Have nmbd check all available interfaces for WINS before failing.
  + Initialize the id_map status in idmap_ldap to avoid surprise.

-------------------------------------------------------------------
Sun Mar 15 12:48:28 CET 2009 - lmuelle@suse.de

- Obsolete change from 2008-03-05 by removing the needless examples cleanup.

-------------------------------------------------------------------
Sat Mar 14 12:17:03 CET 2009 - lmuelle@suse.de

- Update to 3.3.2.
  + Fix "force group" (bug #6155).
  + Fix saving of files on Samba share using MS Office 2007 (bug #6160).
  + Fix guest authentication in setups with "security = share" and "guest ok =
    yes" when Winbind is running.
  + Fix corruptions of source path in tar mode of smbclient (bug #6161).
  + BUG 6082: Fix renaming and deleting of directories using Windows clients.
  + BUG 6154: Make ZFS honor admin users.
  + BUG 6155: Fix "force group".
  + BUG 6160: Fix saving of files on Samba share using MS Office 2007.
  + BUG 6161: Fix corruptions of source path in tar mode of smbclient.
  + Fix some NetBSD warnings.
  + Fix bug in processing of open modes in POSIX open.
  + Fix use of streams modules with CIFSFS client.
  + Ensure ACL modules work with POSIX paths.
  + Use fsp->posix_open in preference if we have it.
  + Fix more POSIX path lstat calls.
  + Fix a bug in message handling for the change notify code.
  + Fix guest authentication in setups with "security = share" and "guest ok =
    yes" when Winbind is running.
  + BUG 4640: Fix guest mounts in mount.cifs.
  + Fix displaying the version string properly when no other parameters passed
    in in mount.cifs.
  + Prefer gssapi header files from subdirectory.
  + BUG 6176: winbindd -n should disable the winbind idmap cache.
  + Add a vfs_preopen module to hide fs latencies.
  + Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog.
  + Fix a valgrind error / segfault in dns_register_smbd().
  + Fix build on SLES8.
  + Decremented by 1 for ntcancel requests.
  + Fix creation of core files.
  + Fix first mapping of uids/gids in Winbind.
  + Initialize the id_map status in idmap_ldap to avoid surprise.
  + Fix initialization of idmap status.

-------------------------------------------------------------------
Tue Mar 10 15:07:29 CET 2009 - lmuelle@suse.de

- Only call '%find_lang pam_winbind' in the samba spec file, not samba-doc.

-------------------------------------------------------------------
Thu Mar  5 16:07:10 CET 2009 - ro@suse.de

- Ignore return value from subshell to fix build.

-------------------------------------------------------------------
Wed Feb 25 09:24:25 CET 2009 - boyang@suse.de

- Make libsmbclient work with DFS, backported from 3.3; (bnc#475995).

-------------------------------------------------------------------
Tue Feb 24 16:43:02 CET 2009 - lmuelle@suse.de

- Update to 3.3.1.
  + Fix net ads join when "ldap ssl = start tls" (bug #6073).
  + Fix renaming/deleting of files using Windows clients (bug #6082).
  + Fix renaming/deleting a "not matching/resolving" symlink (bug #6090).
  + Fix remotely adding a share via the Windows MMC.
  + BUG 6082: Fix renaming/deleting of files using Windows clients.
  + BUG 6069: Fix build with too many arguments.
  + BUG 6090: Fix renaming/deleting a "not matching/resolving" symlink.
  + BUG 6099: Try to fix domain join of Win7 Beta.
  + BUG 6117: Fix core dump of pdbedit -a.
  + BUG 6133: Fix deletion of non-ACL files on Solaris/ZFS/NFSv4 ACL
    filesystem.
  + Fix Coverity IDs 115, 116, 117, 602.
  + Fix warning (bad handler prototype).
  + Unify the detection of the timespec code in configure.in, and the
    application of it in time.c.
  + Correctly use chroot().
  + Parameterize in local.h the MAX_RPC_DATA_SIZE, and ensure that "offered"
    read from the rpc packet in spoolss is under that size.
  + Backport the semantics of when to delete alternate data streams on a file
    truncate.
  + Fix printf warnings.
  + BUG 6073: Prevent ads_connect() from using SSL unless explicitly
    requested.
  + Fix 'getent passwd' to allocate new uids.
  + Fix 'getent group' to allocate new gids.
  + Remove check for sharename being a username in 'net conf addshare'.
  + Fix Coverity ID 848.
  + Remove unused ENUM_HND from 'net'.
  + Fix getform command asprintf return code in rpcclient.
  + Fix memleak in get_remote_printer_publishing_data().
  + Remove duplicate prototypes for generated rpc server functions.
  + Enable total anonymization in vfs_smb_traffic_analyzer.
  + Fix build with external dns_sd libraries.
  + Fix configure check "sub-second timestamps without struct timespec".
  + Use correct BSD evironment variable.
  + Don't try and delete a default ACL from a file.
  + BUG 5798: CFLAGS info lost in configure.
  + Fix Coverity IDs 740, 742, 744, 745, 876, 879, 880.
  + Fix remotely adding a share via the Windows MMC.
  + Avoid valgrind errors.
  + Fix 'net rpc join' for users with the SeMachineAccountPrivilege.
  + Fix resume handle for _samr_EnumDomainGroups.
  + Fix a buffer handling bug when adding lots of registry keys.
  + Fix a O(n^2) algorithm in regdb_fetch_keys().
  + Initialize rc to 0 in main in mount.cifs.
  + BUG 6069: Add a fstatvfs function for libsmbclient.
  + Eliminate compiler warnings.
  + Don't miss an absolute pathname as a kerberos keytab path.
  + BUG 6100: Implement _netr_LogonGetCapabilities() with
    NT_STATUS_NOT_IMPLEMENTED.
  + Make Samba work with older ctdb versions.
  + Add S-1-22-X-Y sids to the local token.
  + Conditional install of the cifs.upcall man page.
  + Adjust regex to match variable names including underscores.
  + BUG 4370: Clean-up entries in /etc/mtab after unmount.
  + Add fakemount (-f) and nomtab (-n) flags to mount.cifs.
  + Fix a crash during name resolution.
  + Fix "assignment discards qualifiers from pointer target type" warnings.
  + Fix SMB_VFS_RECVFILE/SENDFILE macros.
  + Change "ldap ssl:ads" parameter to "ldap ssl ads".
  + Add manpages for vfs_acl_xattr and vfs_acl_tdb.
  + Fix double free caused by incorrect talloc_steal usage.
  + Build ldbrename.
  + Make nmbd check all available interfaces for WINS before failing.
  + Fix compilation of vfs_default on systems that do not support utimes().
  + BUG 5920: Fix the calculation of the memcpy length.
  + BUG 6098: Fix ads_find_dc() in setups with "security = domain".
  + Make libsmbclient work with DFS.

-------------------------------------------------------------------
Mon Feb 23 17:29:02 CET 2009 - hhetter@suse.de

- Define init_samba_module in all samba-vscan modules; (bnc#469218).

-------------------------------------------------------------------
Sat Feb 21 15:30:41 CET 2009 - lmuelle@suse.de

- Add GPLv3 header to all init scripts; (bnc#459766).

-------------------------------------------------------------------
Tue Feb 10 07:17:07 CET 2009 - boyang@suse.de

- Backport of the clean event context after fork and krb5 refresh chain
  fixes; (bnc#415026).

-------------------------------------------------------------------
Mon Feb  9 15:53:40 CET 2009 - jmcdonough@suse.de

- Revert accidental partial strict allocate upstream commit

-------------------------------------------------------------------
Sun Feb  8 12:59:50 CET 2009 - jmcdonough@suse.de

- Update to 3.2.8.
  + Fix and streamline join and DC detection
  + BUG 4308: Excel save operation corrupts file ACLs.
  + BUG 5933: Fix incrementing/decrementing num_validated_vuids.
  + BUG 5953: Fix smbclient crashes.
  + BUG 5953: Make cli_send_smb_direct_writeX use writev.
  + BUG 5965: Fix creation of the first share using SWAT.
  + BUG 5969: Optimize smbclient put command.
  + BUG 5979: Fix level 2 oplocks.
  + BUG 5980: Fix race condition when granting level2 oplocks
  + BUG 5986: Fix renaming of streams.
  + BUG 5990: Strict allocate should be checked before ftruncate.
  + BUG 6000: Avoid bashism in perfcount.init.
  + BUG 6009: Setting "min receivefile size = 1" breaks writes.
  + BUG 6014: mget shouldn't segfault without arguments.
  + BUG 6016: Alternate Data Streams / Extended Attributes seem to conflict.
  + BUG 6017: Fix magic scripts.
  + BUG 6021: smbclient du command does not recuse properly.
  + BUG 6030: Add missing <th> header in Status page.
  + BUG 6035: Fix possible race between fcntl F_SETLKW and alarm delivery.
  + BUG 6040: Calling Samba print server with an aliased DNS-name fails.
  + BUG 6058: Use 'make distclean' instead of 'make clean' in build_docs.
  + Fix "allow trusted domain" so it disables trusted domains.
  + Fix error code when smbclient puts a file over an existing directory.
  + Don't return 0 on error in smbcacls - bad for scripts.
  + Determine case sensitivity based on file system attributes.
  + Add vfs_fileid manpage.
  + Adjust regex to match variable names including underscores.
  + Fix stream marshalling to return the correct streaminfo status.
  + Fix a delete on close divergence from Windows.
  + Allow renames of streams via NTRENAME and fix stream error codes.
  + Fix a segfault if ? is there but the options are NULL.
  + Avoid flooding of syslog with failing pam_putenv messages.
  + Document default of the printing config variable.
  + Change default value for "ldap ssl" to "start tls".
  + Check if Unix account exists before asking for the password in smbpasswd.
  + Add manpage for vfs_shadow_copy2.
  + Clean event context after child is forked.
  + Refresh sequence number as soon as possible.
  + Don't set child->requests to NULL in parent after fork.
  + Clean event context after fork and fix krb5 refresh chain.
  + Fix null pointer refrence in event context.
  + Don't send message to any other child in child process.
  + Fix bug in get_dc_name_via_netlogon(), null pointer refrence.

-------------------------------------------------------------------
Tue Feb  3 22:08:03 CET 2009 - jmcdonough@suse.de

- Backport 3.2.8 fixes.
  + cups leaks and crashes
  + various winbind child handling fixes
  + join fixes
  + ACL fixes for Excel
  + allow usrmgr with non-root

-------------------------------------------------------------------
Mon Feb  2 22:31:32 CET 2009 - lmuelle@suse.de

- Replace cifs.upcall Makefile patches by the upstream version.

-------------------------------------------------------------------
Wed Jan 28 22:17:33 CET 2009 - lmuelle@suse.de

- Only add ccache to BuildRequires if it is used.

-------------------------------------------------------------------
Tue Jan 27 22:41:19 CET 2009 - lmuelle@suse.de

- Update to 3.3.0.
  + The passdb tdbsam version has been raised.
  + Splitting of library directory into library directory and separate modules
    directory.
  + The default value of "ldap ssl" has been changed to "start tls".
  + Extended Cluster support.
  + New experimental VFS modules "vfs_acl_xattr" and "vfs_acl_tdb" to store
    NTFS ACLs on Samba file servers.
  + Simplified idmap configuration.
  + New idmap backends "adex" and "hash".
  + Added new parameter "winbind reconnect delay".
  + Added support for user and group aliasing.
  + Added support for multiple domains to idmap_ad.
  + The destination "all" of smbcontrol does now affect all running daemons
    including nmbd and winbindd.
  + New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands.
  + The 'net' utility can now use kerberos for joining and authentication.
  + The 'wbinfo' utility can now add, modify and remove identity mapping
    entries.
  + NetApi library implements various new calls for User- and Group Account
    Management.
  + libsmbclient does now determine case sensitivity based on file system
    attributes.

-------------------------------------------------------------------
Fri Jan 23 16:32:16 CET 2009 - anschneider@suse.de

- Replace all chkconfig calls with rc_active calls to improve performance
  during boot.

-------------------------------------------------------------------
Fri Jan 23 14:01:29 CET 2009 - anschneider@suse.de

- Add SuSEfirewall2 service config file to allow samba browsing on
  post-10.2 systems; (bnc#460902).

-------------------------------------------------------------------
Tue Jan 20 20:57:38 CET 2009 - lmuelle@suse.de

- Update to 3.0.34.
  + Fix update of machine account passwords.
  + Fix SMB signing issue on Windows Vista with MS Hotfix KB955302.
  + Fix Winbind crashes.
  + Correctly detect if the current dc is the closest one.
  + Add saf_join_store() function to memorize the dc used at join time.  This
    avoids problems caused by replication delays shortly after domain joins.
  + Fix write list in setups using "security = share".

-------------------------------------------------------------------
Wed Jan  7 12:34:56 CET 2009 - olh@suse.de

- Obsolete old -XXbit packages; (bnc#437293).

-------------------------------------------------------------------
Mon Jan  5 13:27:03 CET 2009 - lmuelle@suse.de

- Update to 3.2.7.
  + Samba 3.2.0 to 3.2.6 can potentially give root filesystem access
    to older versions of smbclient; CVE-2009-0022; (bnc#460764).

-------------------------------------------------------------------
Sat Dec 27 13:27:24 CET 2008 - jmcdonough@suse.de

- Samba 3.2.0 to 3.2.6 can potentially give root filesystem access
  to older versions of smbclient; CVE-2009-0022; (bnc#460764).

-------------------------------------------------------------------
Thu Dec 25 07:59:49 CET 2008 - boyang@suse.de

- Fix nmbstatus dipslay when workgroup parameter is given; (bnc#459785).

-------------------------------------------------------------------
Thu Dec 25 07:36:24 CET 2008 - boyang@suse.de

- Fix Mounting failure when there is white spaces in service; (bnc#460793).

-------------------------------------------------------------------
Mon Dec 15 16:56:26 CET 2008 - anschneider@suse.de

- Update to 3.3.0rc2.
 + Splitting of library directory into library directory and separate
   modules directory.
 + Extended Cluster support.
 + Simplified idmap configuration.
 + New idmap backends "adex" and "hash".
 + Added new parameter "winbind reconnect delay".
 + Added support for user and group aliasing.
 + Added support for multiple domains to idmap_ad.
 + The destination "all" of smbcontrol does now affect all running
   daemons including nmbd and winbindd.
 + New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands.
 + The 'net' utility can now use kerberos for joining and authentication.
 + The 'wbinfo' utility can now add, modify and remove identity mapping entries.
 + NetApi library implements various new calls for User- and Group
   Account Management.

-------------------------------------------------------------------
Fri Dec 12 17:49:48 CET 2008 - lmuelle@suse.de

- Fix all remaining conditional macro calls; (bnc#456469).

-------------------------------------------------------------------
Fri Dec 12 15:50:33 CET 2008 - anschneider@suse.de

- Add IPv6 support for mount.cifs.

-------------------------------------------------------------------
Wed Dec 10 23:14:12 CET 2008 - lmuelle@suse.de

- Update to 3.2.6.
  + Fix potential segfault in vfs_tsmsm.
  + Don't list the domain twice when expanding internal aliases.
  + Fix the output of "getent group" when "winbind use default domain = yes"
    with "security = ads".
  + Add domain prefix to username in lookup_groupmem().
  + Prevent negative GM/ cache entries due to broken connections.
  + Fix crash in sync_eventlog_params().
  + Fix timeouts when calling 'getgrent'.
  + BUG 1254: Fix "write list" in setups using "security = share".
  + BUG 5080: Fix access to cups-printers with cups 1.3.4.
  + BUG 5737: Fix Winbind crash in an unusual failure mode; (bnc#416598).
  + BUG 5783: Fix FindFirst where search pattern equals the mangled filename.
  + BUG 5790: Fix returning of STATUS_OBJECT_NAME_NOT_FOUND on set file
    disposition.
  + BUG 5797: Fix moving of readonly files.
  + BUG 5814: Fix Winbind crash bug while doing "rescan_trusted_domain".
  + BUG 5818: Sort ACEs in smbcacl output properly and honor inheritance.
  + BUG 5825: Fix account locking with LDAP backend.
  + BUG 5826: Fix truncated filenames when accessing old servers.
  + BUG 5889: Fix "delete veto files = no".
  + BUG 5891: Fix smbd crash when viewing the eventlog exported by "eventlog
    list".
  + BUG 5900: Fix vfs_readonly.
  + BUG 5903: Fix vfs_streams_xattr breaking contents of files.
  + BUG 5904: Fix libnss_wins causing SIGABRT while servicing getaddrinfo()
    request.
  + BUG 5914: Fix build failure: redefinition of struct name_list.
  + BUG 5937: Fix filenames with "*" char hiding other files.
  + BUG 5953: Fix smbclient crashes.
  + Fix rename_open_files.
  + Restructure VFS SMB traffic analyzer VFS module.
  + Correctly fix smbclient to terminate on eof from server.
  + Unify access checks for lsa server functions.
  + Remove the requirement for ldap call made as root.
  + Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles.
  + Fix net rpc vampire, based on an *amazing* piece of debugging work by
    "Cooper S. Blake" <the_analogkid@yahoo.com>.
  + Fix Coverity IDs 456, 574, 592, 606 and 607.
  + Fix net rpc vampire.
  + Use the same prerequisite for DDNS update as Windows XP.
  + Make "lwinet ads dns register" honor the "interfaces" parameter.
  + Fix extended DN parse error when AD object does not have a SID.
  + BUG 5888: Fix PNP_GetHwProfInfo().
  + BUG 5957: Do not abort rename process on valid rename script.
  + BUG 5898: Fix 'net rpc shutdown'.
  + Fix duplicate installation of cifs.upcall.
  + Fix _srvsvc_NetShareAdd segfault.
  + Ensure consistency when reporting password complexity.
  + Fix _lsa_GetUserName.
  + Fix access check in _samr_QuerySecurity().
  + _samr_DeleteUser needs to wipe out the user_handle on success.
  + NetGroupEnum_r needs to handle servers with no groups.
  + Search for gpfs functions in both libgpfs_gpl.so an libgpfs.so.
  + BUG 5908: Fix internal change notify on shared directory.
  + BUG 5135 and 5446: Prevent calling POSIX ACL vfs methods on zfs share.
  + BUG 5929: Fix building of vfs_prealloc with option --with-cluster-support
    and GPFS.
  + Add new VFS module to analyze SMB traffic
  + BUG 5928: Fix 'testparm --version'.
  + Have uppercase_string return success on NULL pointer in mount.cifs.
  + Make mount.cifs return codes match the return codes for /bin/mount.
  + Use lock/unlock_mtab scheme from util-linux-ng mount prog in mount.cifs.
  + BUG 5778: Check if strlcpy and strlcat are already defined.
  + BUG 5840: Fix segfault in "rpcclient lsaaddacctrights".
  + BUG 5860: Fix nasty error message for overlong strings in safe_strcpy.
  + Fix a potential NULL deref in found by the IBM Checker.
  + Fix an uninitialized variable found by the IBM Checker.
  + Fix an unlikely memleak found by the IBM Checker.
  + Fix some missing error handlings.
  + Add workaround for domain joins using a netbios name which is different
    from the hostname.
  + Fix crash bug when freeing a non-malloc'ed buffer if the client sends a
    non-encrypted packet with the crypto state set.
  + Fix trans2findfirst for the large directory optimization.
  + Fix checking for presence of cups-devel and correct cups-devel test for
    HAVE_IPRINT.
  + BUG 5805: Don't close stdout when calling setup_logging multiple times.
  + Fix setting of trust password using 'net rpc trustdom add'.
  + Fix several issues in vfs_streams_xattr and vfs_stream_depot.
  + Return an error instead of crashing when no realm is given (trigerred by
    "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't exist) and
    "disable netbios = yes").
  + Fix the new vfs_smb_traffic_analyzer build for static links.
  + BUG 5901: Fix default for streams_depot location.
  + Fix several build warnings.
  + Delete the krb5 ccname variable from the PAM environment if set.
  + Fix circular dependency error with autoconf 2.6.3.
  + Add @CIFSUPCALL_PROGS@ to "all" target so cifs.upcall gets built at
    compile time rather than install time.
  + BUG 5906: Fix Winbind crash when calling 'getent group'.
  + Fix logging to syslog.
  + Allow SYSLOG_FACILITY to be modified with a new configure option called
    --with-syslog-facility.
  + BUG 5909: Fix MS-DFS on Vista clients.
  + BUG 5944: Fix starting of nmbd with "socket address" set to "".
  + Fix segfault on startup with trusted domains.
  + Re-add "winbind:ignore domains" parameter.
  + Avoid freeing fsp twice when opening new_file fails (Debian #431696).

-------------------------------------------------------------------
Wed Dec 10 19:24:29 CET 2008 - anschneider@suse.de

- Fix the conditional macro to start smbfs by default; (bnc#456469).

-------------------------------------------------------------------
Wed Dec  3 16:07:17 CET 2008 - anschneider@suse.de

- Readd libsmbclient to baselibs.conf for pre 11.0 distributions.

-------------------------------------------------------------------
Wed Dec  3 12:17:40 CET 2008 - anschneider@suse.de

- Use %__install macro to install files with the right permissions
  instead of cp.

-------------------------------------------------------------------
Mon Dec  1 10:37:03 CET 2008 - anschneider@suse.de

- Update to 3.3.0rc1.
 + Splitting of library directory into library directory and separate
   modules directory.
 + Extended Cluster support.
 + Simplified idmap configuration.
 + New idmap backends "adex" and "hash".
 + Added new parameter "winbind reconnect delay".
 + Added support for user and group aliasing.
 + The destination "all" of smbcontrol does now affect all running
   daemons including nmbd and winbindd.
 + New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands.
 + The 'net' utility can now use kerberos for joining and authentication.
 + The 'wbinfo' utility can now add, modify and remove identity mapping
   entries.
 + NetApi library implements various new calls for User- and Group
   Account Management.

- Added German translation for pam_winbind.

-------------------------------------------------------------------
Mon Dec  1 09:12:45 CET 2008 - boyang@suse.de

- Remove patch for bnc#336854, which doesn't exist in 3.2.x or higher.

-------------------------------------------------------------------
Mon Dec  1 00:32:20 CET 2008 - lmuelle@suse.de

- Use %{NET_CFGDIR} define instead of a fixed path to the network conf.

-------------------------------------------------------------------
Sat Nov 29 13:51:57 CET 2008 - lmuelle@suse.de

- Update to 3.2.5.
  + Samba 3.0.29 to 3.2.4 can potentially leak arbitrary memory contents to
    malicious clients; CVE-2008-4314; (bnc#446971).

-------------------------------------------------------------------
Thu Nov 27 14:15:19 CET 2008 - ro@suse.de

- Update baselibs.conf.

-------------------------------------------------------------------
Thu Nov 27 12:06:30 CET 2008 - anschneider@suse.de

- Fix circular dependency error with autoconf 2.6.3.

-------------------------------------------------------------------
Thu Nov 27 11:48:28 CET 2008 - anschneider@suse.de

- Fix the dhcp hook script and support CODE11; (bnc#442335).

-------------------------------------------------------------------
Thu Nov 27 11:39:36 CET 2008 - anschneider@suse.de

- Fix perl v5.10 warnings in nmbstatus; (bnc#448225).

-------------------------------------------------------------------
Wed Nov 26 11:19:52 CET 2008 - sjayaraman@suse.de

- Include the missing spec file change mentioned the previous commit.

-------------------------------------------------------------------
Tue Nov 25 12:31:24 CET 2008 - sjayaraman@suse.de

- Make cifs-mount depend on keyutils, keyutils-libs packages as they
  are required to support dfs and kerberos; (bnc#432494).

-------------------------------------------------------------------
Thu Nov 20 15:45:11 CET 2008 - lmuelle@suse.de

- Fix the offset checks in the trans routines; CVE-2008-4314; (bnc#446971).

-------------------------------------------------------------------
Thu Nov 20 11:54:58 CET 2008 - hhetter@suse.de

- Change the runlevel description for winbindd to use
  "Microsoft Windows" instead of "NT"; (bnc#446154).

-------------------------------------------------------------------
Tue Nov 11 05:50:49 CET 2008 - boyang@suse.de

- Directory/Filenames get truncated when 3.2.0 client acesses old server;
  (bnc#432471).

-------------------------------------------------------------------
Thu Nov  6 11:23:59 CET 2008 - anschneider@suse.de

- Add SuSEfirewall2 services config file to open Netbios and Samba ports on
  post-10.2 systems; (bnc#247344).

-------------------------------------------------------------------
Wed Oct 29 11:19:08 CET 2008 - anschneider@suse.de

- Remove unrecognized configure options.

-------------------------------------------------------------------
Fri Oct 24 13:18:53 CEST 2008 - anschneider@suse.de

- Fix the pam_winbind build.

-------------------------------------------------------------------
Tue Oct 21 16:32:56 CEST 2008 - anschneider@suse.de

- Delete the krb5 ccname variable from the PAM environment if set.

-------------------------------------------------------------------
Thu Oct 16 14:49:16 CEST 2008 - anschneider@suse.de

- Move the nss_info modules to the samba-winbind package.

-------------------------------------------------------------------
Thu Oct 16 13:40:25 CEST 2008 - anschneider@suse.de

- Activate the idmap backends "adex" and "hash".

-------------------------------------------------------------------
Thu Oct 16 11:40:17 CEST 2008 - anschneider@suse.de

- Add version branding for CODE 11.

-------------------------------------------------------------------
Wed Oct 15 17:24:25 CEST 2008 - anschneider@suse.de

- Restart smbfs even with the traditional network setup; (bnc#425058).

-------------------------------------------------------------------
Fri Oct  3 16:48:31 CEST 2008 - lmuelle@suse.de

- Only call the stop_on_removal, restart_on_update, or insserv_cleanup macro
  if available.

-------------------------------------------------------------------
Fri Oct  3 15:12:23 CEST 2008 - lmuelle@suse.de

- Only call the fillup_and_insserv or fillup_only macro if available.

-------------------------------------------------------------------
Fri Oct  3 12:42:13 CEST 2008 - lmuelle@suse.de

- Use package names instead of macros for cp, mkdir, mv, rm, and grep or
  instead of the full path to the binary for ln, find and xargs.

-------------------------------------------------------------------
Fri Oct  3 01:28:07 CEST 2008 - lmuelle@suse.de

- Introduce NET_CFGDIR to fit the needs for a differing location of the
  network configuration per vendor.

-------------------------------------------------------------------
Fri Oct  3 00:59:49 CEST 2008 - lmuelle@suse.de

- Use path macros for cp, mkdir, mv, rm, and grep.

-------------------------------------------------------------------
Thu Oct  2 21:30:06 CEST 2008 - lmuelle@suse.de

- Only use SUSE rpm macros and SuSEconfig.permissions if available.

-------------------------------------------------------------------
Thu Oct  2 18:03:21 CEST 2008 - lmuelle@suse.de

- Update to 3.3.0pre2.
  + BUG 5729: Explicitly allow "-valid".
  + BUG 5737: Fix winbindd crash in an unusual failure mode; (bnc#416598).
  + BUG 5751: Fix showing of ACLs on DFS in (lib)smbclient.
  + BUG 5762: Fix opening of mangled directory name (resulted 'is a stream
    name').
  + BUG 5783: Fix FindFirst where search pattern == mangled filename.
  + BUG 5790: Fix returning of STATUS_OBJECT_NAME_NOT_FOUND on set file
    disposition.
  + BUG 5797: Fix moving of readonly files.
  + Fix crashes when looking up a non-existant uid.
  + Fix getting/setting of NT ACLs on a file.
  + Fix the wcache_invalidate_samlogon calls.
  + Clarify usage of "force create mode".
  + Get smbd to look (read-only) into the winbindd cache for uid/gid <--> sid
    mappings.
  + Write times code update.
  + Add experimental version of VFS module acl_xattr.
  + Fix rename_open_files.
  + Make SMB traffic analyzer VFS module more efficient.
  + Fix segfault when calling nss_get_info() with a NULL ads structure.
  + Add support for name aliasing in Winbind.
  + Add the idmap/nss-info provider from Likewise Open.
  + Allow an admin to define the "uid" attribute for a RFC2307 user object in
    AD to be the username alias.
  + Add new idmap backend "adex" to support RFC2307 enabled AD forests.
  + Add new idmap backend "hash".
  + Fix build warnings.
  + Cleanup of DC enumeration in get_dcs().
  + BUG 5710: Fix changing of machine account passwords.
  + BUG 5784: Fix pam_winbind build issue on Solaris.
  + Fix invalid sid copy (hit when enumerating sibling domains) in Winbind.
  + Fix double installation of cifs.upcall.
  + Add change-user-password command to wbinfo.
  + Fix segfault in _srvsvc_NetShareAdd.
  + BUG 5736: Fix Winbind crash bug with trusted domains.
  + Correct the netsamlogon_clear_cached_user function.
  + Add new VFS module to analyze SMB traffic to record write and read
    operations on the Samba server.
  + Fix build warnings in cifs.upcall.
  + BUG 5707: Do proper error handling if the socket is closed.
  + BUG 5778: Don't define 'strlcat' and 'strlcpy' if it's already defined.
  + Fix Coverity IDs 587 and 589.
  + Increase the default positive idmap cache time to a week.
  + Fix calculation of useable_space for trans2 and nttrans replies.
  + Add mapping of generic bits when setting an NFSv4 ACL.
  + Some write time fixes.
  + Add new parameter "cups connection timeout".
  + Fix enumeration of nested group memberships in Winbind.  This affected
    only setups using "security = ads".
  + Fix cut and paste error in quota code.
  + Fix display of POSIX ACLs.
  + Fix permissions of group_mapping.ldb (CVE-2008-3789); (bnc#420634).
  + Avoid a race condition in glibc between AIO and setresuid().
  + Add missing become root for AIO operations.
  + Fix an errno handling bug that could lead to an infinite loop.
  + Fix logic of tsmsm_sendfile().
  + Fix handling of arbitrary new PAC types.
  + Fix segfault on startup with trusted domains.
  + Fix segfault on the CTDB destructor code.
  + Re-add "winbind:ignore domains".
  + BUG 5609: Remove configure option "--with-libdir" and add
    "--with-modulesdir".
  + Extend "net rpc vampire keytab" to support differential replication and
    storing of kerberos keys.
  + Rework internal logic of registry tdb code.
  + Freeze autogenerated prototype headers (good bye "make proto").
  + Add new "winbind reconnect delay" parameter.
  + Make the change to smbcontrol for "all" to mean broadcast, and "smbd" to
    mean the main smb daemon.
  + Allow an admin to define the "uid" attribute for a RFC2307 user object in
    AD to be the username alias.
  + Add "net rpc vampire keytab" and "net rpc vampire ldif".
  + Rework of the Winbind idmap backend.

-------------------------------------------------------------------
Wed Oct  1 22:30:49 CEST 2008 - lmuelle@suse.de

- Define PAM_AUTHTOK_RECOVERY_ERR when not available on older Linux products.

-------------------------------------------------------------------
Mon Sep 29 16:09:11 CEST 2008 - lmuelle@suse.de

- Adopt samba-vscan to build after the change to the bool type define.

-------------------------------------------------------------------
Mon Sep 22 15:13:40 CEST 2008 - lmuelle@suse.de

- Build cifs.upcall for CentOS 5, Fedora 8 and RHEL 5 and newer too.

-------------------------------------------------------------------
Sat Sep 20 14:53:45 CEST 2008 - lmuelle@suse.de

- Call mkinitrd_setup during %post and %postun for post-9.2 systems only.

-------------------------------------------------------------------
Thu Sep 18 14:17:24 CEST 2008 - anschneider@suse.de

- Create a link to the html manpages so that they can be accesses in swat;
  (bnc#426182).

-------------------------------------------------------------------
Tue Sep  9 17:46:28 CEST 2008 - jmcdonough@suse.de

- "Password last set" timestamp update from admin pw change; (bnc#420407).

-------------------------------------------------------------------
Wed Sep  3 11:09:34 CEST 2008 - hare@suse.de

- Call mkinitrd_setup during %post and %postun for package cifs-mount;
  (bnc#413709).

-------------------------------------------------------------------
Wed Aug 27 23:29:09 CEST 2008 - lmuelle@suse.de

- Update to 3.3.0pre1.
  + Splitting of library directory into library directory and separate modules
    directory.
  + Extended Cluster support.
  + Simplyfied idmap configuration.
  + Added new parameter "winbind reconnect delay".
  + The destination "all" of smbcontrol does now affect all running daemons
    including nmbd and winbindd.
  + New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands.

-------------------------------------------------------------------
Wed Aug 27 18:33:40 CEST 2008 - lmuelle@suse.de

- Update to 3.2.3.
  + Force the permissions on group_mapping.ldb to 0600; CVE-2008-3789;
    (bnc#420634).

-------------------------------------------------------------------
Tue Aug 19 14:55:16 CEST 2008 - lmuelle@suse.de

- Update to 3.2.2.
  + BUG 5592: Fix creation and installation of shared libraries.
  + Fix replacement of random seed generator.
  + Fix a race condition in idmap_tdb2_allocate_id().
  + Fix unix_convert() for "*" after changing map_nt_error_from_unix().
  + Make sure to always set errno on error path in OpenDir.
  + BUG 5675: Fix smbspool program assuming Kerberos authentication by
    mistake.
  + BUG 5686: Fix segfaults in libsmbclient.
  + BUG 5692: Fix coredump in full_audit.so.
  + BUG 5696: Fix "force group" in setups using Winbind.
  + Rename cifs.spnego to cifs.upcall.
  + Fix segfault in cifs.upcall when it is called without any arguments.
  + Fix coverity ID 594 (resource leak on error path).
  + Fix assigning of primary group memberships when authenticating via
    Winbind.
  + BUG #5617: Fix freezing Windows Explorer on WinXP while browsing Samba
    shares.
  + Include stdlib.h to get a prototype for free().
  + Solve an IBM XL C/C++ compiler error encountered in get_exit_code()
    auth_errors array initialization in client/smbspool.c.
  + Use NGROUPS_MAX instead of 32 for the max group value in
    rep_initgroups().
  + Add add c++ guard to netapi.
  + Fix compile warning in cifs.upcall.
  + Add "dns_resolver" key type to cifs.upcall.
  + BUG 5688: Fix orphaned LPQ processes if socket address is invalid.
  + BUG 5684: Fix removal of dead records in tdb files.
  + Fix coverity IDs 595, 596.
  + Fix smb_len calculation for chained requests.
  + Fix output of test status.
  + Fix smbclient connections to older servers.
  + Fix a fd leak when trying to regain contact to a domain controller in
    Winbind.
  + Fix permissions on ctdb databases.
  + Fix passing back success when a function had in fact failed in two
    places.
- Add --enable-static to the configure options to get the statical libraries
  installed by the install Makefile target.
- Add --with-cifsupcall to build the cifs.upcall binary for post 10.2 systems.

-------------------------------------------------------------------
Thu Aug 14 14:53:28 CEST 2008 - lmuelle@suse.de

- Set Required- and Should-Stop in the init info part of all init scripts.

-------------------------------------------------------------------
Thu Aug 14 03:15:25 CEST 2008 - jmcdonough@suse.de

- Fix libsmbclient to older servers; (bnc#402776).

-------------------------------------------------------------------
Tue Aug  5 22:03:11 CEST 2008 - lmuelle@suse.de

- Update to 3.2.1.
  + BUG 5594: Fix "make test" by adding and using a new testparm switch
    "--skip-logic-checks".
  + Fix creation of libaddns.a, libsmbclient.a and libsharemodes.a.
  + Update the section about net conf in the net(8) manpage.
  + Improve processing of registry shares.
  + Fix listing of registry shares with testparm.
  + Fix several build issues.
  + BUG 5578: Fix error from strlcat.
  + BUG 5613: Fix flushing of smb.conf when creating a new share using SWAT.
  + Ensure consistent use of pdb_get_nt_passwd instead of
    pdb_get_lanman_passwd.
  + Remove worrying warning message when safe_strcpy tries to copy a pseaudo
    interface name that's too long.
  + Canonicalize servername in the printer functions to remove leading '\\'
    characters.
  + Fix option processing in smbcacls - add POPT_COMMON_CONNECTION.
  + Fix bug creating files using DOS clients with mixed case files.
  + Fix uninitialized variable.
  + BUG 5616: Fix session keys also in rpccli_netr_LogonSamLogonEx wrapper.
  + BUG 5570: Fix bogus error message during AD domain join.
  + Fix trusted domain handling in Winbindd.
  + Fix build warning.
  + BUG 5202: Fix setting of ACEs for users/groups with write access in setups
    with 'dos filemode = yes'.
  + Re-activate 'acl group control' parameter and make it only apply to owning
    group.
  + Make ntimes function more like POSIX and allow NULL arg.
  + BUG 5512: Fix alignment problems on sparc.
  + BUG 5616: Fix share connections in setups with
    "server signing = mandatory" or SMB signing set on the client side.
  + Fix a race condition in Winbind leading to a crash.
  + Fix a segfault in base64_encode_data_blob.
  + Fix some uninitialized variable references via ndr_print.
  + Fix error message if trying to join with a non-privileged user.
  + Fix setups using "include = registry" without [global] settings in the
    registry.
  + Fix "net sam rights" on domain member servers.
  + Add documentation for the vfs streams modules.
  + Cleanup some duplicate code by passing the password to the wbinfo_auth*
    functions.
  + Allow SID with 0 in subauthority to be converted properly.
  + Set sin[6]_family instead of ss_family in in[6]_addr_to_sockaddr_storage.
  + Fix realpath() check so that it doesn't generate a core() when it fails.
  + Fix overwriting of winbind logfiles.
  + Fix "vfs_full_audit.c: name table not in sync with vfs.h" panic.
  + Add broadcasting of the debug message to all winbindd children.
  + BUG 5635: Fix updating of printer queues.
  + Release still reachable memory if the smbclient context is freed.
  + Remove trailing withespace from wbinfo -m which breaks gdm auth.
  + BUG 5540: Fix "set primary group script" user option substitution.
  + Fix regression in Winbindd offline mode.
  + Allow authentication and memory credential refresh after password
    change from gdm/xdm.
  + Allow %u parameters for print job username.

-------------------------------------------------------------------
Tue Jul 29 09:59:36 CEST 2008 - anschneider@suse.de

- Fix a race condition in winbind leading to a crash; (bnc#406623).

-------------------------------------------------------------------
Mon Jul 28 17:00:42 CEST 2008 - anschneider@suse.de

- Use the configure option to enable debugging. This fixes the creation
  of the debuginfo and debugsource package.

-------------------------------------------------------------------
Sun Jul 27 08:53:56 CEST 2008 - anschneider@suse.de

- Fix emptying the printing queue; (bnc#411493).

-------------------------------------------------------------------
Fri Jul 25 09:22:13 CEST 2008 - anschneider@suse.de

- Remove trailing withespace from wbinfo -m which breaks gdm auth.

-------------------------------------------------------------------
Thu Jul 24 15:13:15 CEST 2008 - anschneider@suse.de

- Add a recommendation to the samba and samba-winbind package to install
  logrotate for openSUSE 11.0 and later.

-------------------------------------------------------------------
Wed Jul 23 16:27:57 CEST 2008 - hare@suse.de

- Include mkinitrd scriptlets.

-------------------------------------------------------------------
Mon Jul 21 08:37:01 CEST 2008 - boyang@suse.de

- Allow %u parameters for print job username - use advanced sub; (bnc#374389).

-------------------------------------------------------------------
Thu Jul 17 18:10:03 CEST 2008 - lmuelle@suse.de

- Update to 3.0.31.
  + BUG 5504: Fix SIGTERM handling in Winbind children so that they do not
    remove the unix domain socket used to field client requests.
  + Split the winbindd_passdb backend into a 'builtin' and a 'sam' backend.
  + When allocating client buffers for large read/write - make sure we take
    account of the large read/write SMB headers as well as the buffer space.
  + Memory leak fixes in DC location code.
  + BUG 5533: Winbindd fails to cope correctly with a workgroup name
    containing a '.'
  + BUG 5555: Don't return NT_STATUS_PASSWORD_MUST_CHANGE error on machine
    account logon.
  + BUG 5551: smbd recursing back into winbindd from a winbindd call.
  + Fix usage message for "net rpc trustdom add".
  + Ensure consistent use of pdb_get_nt_passwd instead of pdb_get_lanman_passwd.
  + BUG 5578: Bad (non-Samba) use of strlcat gives error.
  + Canonicalize servername in the printer functions to remove leading '\\'
    characters.
  + Documentation build fixes.
  + [DOCS] Fix use of smbconfoption in samba.entities.
  + Return NULL in sitename_fetch() if gencache_init() fails.
  + Use machine account and machine password from our domain when contacting
    trusted domains.
  + SPNEGO SPN fix when contacting trusted domains.
  + BUG 5285: Fix libcap header mismatch.
  + Fix joining NT4 domains.
  + Don't let winbind getgroups crash when we have no gids in the token.
  + Fallback to level 24 pwd set while joining.
  + Fix joining w2k domains in "security = ads".
  + Fix pam_sm_chauthtok for storing modified cached creds.
  + BUG 5202: Re-activate "acl group control" parameter and make it only apply
    to owning group.
  + BUG 5531: Fix conversion of ns units when converting from nttime to
    timespec.
  + BUG 4974: Map NT_STATUS_OBJECT_PATH_NOT_FOUND to ENOENT in libsmbclient.
  + Fix a segfault in base64_encode_data_blob.
  + AIX build fixes.
  + ENODATA is not defined in freeBSD 4.6.2.
  + Don't reset password last set time just because the expired flag is set to
    0.
  + Fix usage message for 'net idmap dump'.
  + Miscellaneous man page fixes.
  + BUG 4203: Samba3-HOWTO: Add improvements/fixes submitted by Pete Boyd.
  + Fixes to man pages.
  + Add tdb file documentation.
  + Ensure that winbindd trusted domain children keep primary domain online
    status up to date.
  + Update cached creds during password change.
  + Ensure that Winbind always uses set_domain_offline() to mark a domain
    offline.
  + Allow authentication and memory credential refresh after password change
    from gdm/xdm.
  + Memory leak fixes.

-------------------------------------------------------------------
Tue Jul  8 08:14:38 CEST 2008 - boyang@suse.de

- Allow authentication and memory credential refresh after password change
  from gdm/xdm; [bnc#395578].

-------------------------------------------------------------------
Fri Jul  4 16:22:17 CEST 2008 - lmuelle@suse.de

- Add SMB_VFS_OP_RECVFILE to vfs_op_names to get it in sync with vfs.h.

-------------------------------------------------------------------
Wed Jul  2 21:31:38 CEST 2008 - lmuelle@suse.de

- Call the libsmbclient testsuite from the %check instead of the %build
  script.

-------------------------------------------------------------------
Wed Jul  2 10:44:21 CEST 2008 - boyang@suse.de

- Use machine account and machine password from our domain when
  contacting trusted domains; [bnc#404667].

-------------------------------------------------------------------
Tue Jul  1 22:02:31 CEST 2008 - anschneider@suse.de

- Add a %check section move the test of the PAM modules to this section
  and add more tests.

-------------------------------------------------------------------
Tue Jul  1 14:51:04 CEST 2008 - anschneider@suse.de

- Add a recommendation to the samba and samba-winbind package to install
  cron for openSUSE 11.0 and later.

-------------------------------------------------------------------
Tue Jul  1 14:06:17 CEST 2008 - anschneider@suse.de

- Use a variable for syslog and add missing $remote_fs dependency for
  Require-Start in the init information of the init scripts.

-------------------------------------------------------------------
Tue Jul  1 11:34:57 CEST 2008 - lmuelle@suse.de

- Update to 3.2.0.
  + Support for establishing interdomain trust relationships with Windows
    2008.
  + All changes from the pre and rc releases as noted in here earlier.

-------------------------------------------------------------------
Tue Jul  1 11:28:40 CEST 2008 - lmuelle@suse.de

- Move header files from the devel sub package to lib*-devel.

-------------------------------------------------------------------
Mon Jun 30 16:53:35 CEST 2008 - schwab@suse.de

- Work around bad use of autoconf interna.

-------------------------------------------------------------------
Mon Jun 30 14:41:41 CEST 2008 - anschneider@suse.de

- Build Samba with debug symbols to get working debuginfo packages.

-------------------------------------------------------------------
Thu Jun 26 21:08:35 CEST 2008 - lmuelle@suse.de

- Add /etc/openldap to the file list and not only the schema directory.

-------------------------------------------------------------------
Wed Jun 25 10:34:09 CEST 2008 - anschneider@suse.de

- Improve samba-winbindd and dhcpcd-hook-samba interface scripts for faster
  booting; [fate#304967], [fate#304965].

-------------------------------------------------------------------
Wed Jun 18 15:21:38 CEST 2008 - anschneider@suse.de

- Move sysconfig variable DHCLIENT_MODIFY_SMB_CONF from Other to
 'Network/DHCP/DHCP client'; [bnc#400467].

-------------------------------------------------------------------
Wed Jun 11 11:39:46 CEST 2008 - boyang@suse.de

- pam_winbind: Update cached creds during password change; [bnc#395578].

-------------------------------------------------------------------
Tue Jun 10 12:14:47 CEST 2008 - lmuelle@suse.de

- Update to 3.2.0rc2.
  + BUG 5504: Fix behaviour of winbindd children receiving a SIGTERM.
  + BUG 5489: Split the winbindd_passdb backend into a 'builtin' and a 'sam'.
  + Make sure we take account of the large read/write SMB headers as well as
    the buffer space when allocating cli buffers for large read/write.
  + Fix tag as a goto target we were not reinitializing the array counts.
  + BUG 5451: Fix for using the correct machine domain when looking up trust
    credentials in our tdb.
  + Fix spnego SPN when contacting trusted domains.
  + BUG 5285: Fix libcap header mismatch.
  + Fix pam_sm_chauthtok for storing modified cached creds.
  + Fix joining issue in setups with "config backend = registry".
  + BUG 4544: Add new parameter 'ldap connection timeout' to prevent waiting
    for TCP connection timeouts if no LDAP server is available.
  + BUG 5502: Fix security=server.
  + Fix coverity IDs 552, 553, 570, 571, 572.
  + Shrink ldbtools.
  + Fix reset of password last set time just because the expired flag is set
    to 0.
  + Remove support for symbol versioning in shared libraries.
  + Fix autogen for autoconf 2.62.
  + BUG 5515: Fix empty input fields in SWAT.
  + BUG 5516: Fix saving of the config file in SWAT.
  + Fix winbindd trusted domain child not keeping primary domain online status
    up to date.

-------------------------------------------------------------------
Tue Jun 10 10:21:57 CEST 2008 - boyang@suse.de

- pam_winbind: fix pam_sm_chauthtok for storing modified cached creds;
  [bnc#395578].

-------------------------------------------------------------------
Mon Jun  9 21:08:17 CEST 2008 - jmcdonough@suse.de

- Don't reset "password last set time" when unlocking an autolocked
  account; [bnc#382111].

-------------------------------------------------------------------
Fri Jun  6 22:40:38 CEST 2008 - jmcdonough@suse.de

- Fix winbind sigterm handling and make init script send sighup to
  all child winbind processes; [bnc#382027].

-------------------------------------------------------------------
Thu Jun  5 12:01:51 CEST 2008 - boyang@suse.de

- Fix bug with winbindd trusted domain child not keeping primary domain
  online status up to date, merge to trunk from reversion 1801; [bnc#373560].

-------------------------------------------------------------------
Fri May 30 22:38:05 CEST 2008 - jmcdonough@suse.de

- Make winbind children reopen logs on SIGHUP; [bnc#382027].

-------------------------------------------------------------------
Fri May 30 19:18:17 CEST 2008 - lmuelle@suse.de

- Set only CONFIGDIR and LIBDIR while make everything and install.  No longer
  set CONFIGFILE, DRIVERFILE, LMHOSTSFILE, and SMB_PASSWD_FILE; [bnc#395877].

-------------------------------------------------------------------
Wed May 28 17:49:51 CEST 2008 - lmuelle@suse.de

- Update to 3.0.30.
  + Fix for CVE-2008-1105.
  + Remove man pages for ldb tools not included in Samba 3.0.

-------------------------------------------------------------------
Wed May 28 16:15:43 CEST 2008 - lmuelle@suse.de

- Fix vulnerability that allows for the execution of arbitrary code in smbd;
  CVE-2008-1105; SA30228; [#391168].

-------------------------------------------------------------------
Tue May 27 11:07:45 CEST 2008 - coolo@suse.de

- Follow the rename of libtdb0 in baselibs.conf.

-------------------------------------------------------------------
Fri May 23 17:34:31 CEST 2008 - lmuelle@suse.de

- Rename sub package libtdb0 to libtdb1.

-------------------------------------------------------------------
Fri May 23 16:58:44 CEST 2008 - lmuelle@suse.de

- Update to 3.2.0rc1.
  + Move the posix pending close functionality down into the VFS layer.
  + Fix activation of registry globals in loadparm.
  + BUG 5452: Fix smbclient put.
  + BUG 5434: Ensure the loaded password doesn't contain the '\n' at the end.
  + BUG 5456: Fix missing echo if we ^C at the prompt.
  + BUG 5464: Fix timeout in winbindd.
  + Fix returning a directory value for a QPATHINFO on a msdfs link with a
    non-dfs path.
  + Use more error-prone form of testing dm_destroy_session() return code.
  + BUG 5453: Fix winbindd and smbd crash when dsgetdcname is used.
  + BUG 5465: Fix joining with createcomputer=ou1/ou2/ou3.
  + BUG 5461: Fix issue with Citrix on Samba DCs with more than 900 groups.
  + Fix wins null pointer crash in nss_wins module.
  + Fix lm session key length in _netr_LogonSamLogon.
  + Add -f switch for DsGetDCName() example and be more verbose on output.
  + BUG 5429: Clarify log msgs re: failure to create
    BUILTIN\{Administrators,Users}
  + Fix the DNS Update option of "net ads join".
  + BUG 5184: Add Missing HAVE_UPDWTMPX check before using updwtmpx().
  + Recognize and allow longer UA keys in winbindd_cache.
  + BUG 5436: Fix signing problem in the client with transs requests.
  + Fix a valgrind bug in the new [ug]id2sid cache.
  + Fix Coverity IDs 565 and 222.
  + Fix dfs_Enum: In form_junctions, correctly check for malloc failure.
  + Add support for symbol versioning in shared libraries (can be disabled with
    --disable-sysmbol-versioning).
  + Add new function wbcLibraryDetails() to libwbclient.
  + Cleanup size_t return values in convert_string_allocate.
  + Fix Kerberos support for CUPS 1.3 in smbspool.
  + Fix printing with Vista.
  + Fix deletion of files when they're in use by other drivers.

-------------------------------------------------------------------
Fri May 23 11:34:27 CEST 2008 - lmuelle@suse.de

- Update to 3.0.29.
  + Fix a crash in tdb_wrap_log().
  + BUG 5267: Fix for nmbd termination problems when no interfaces found.
  + BUG 5326: OS/2 servers give strange "high word" replies for print jobs.
  + Remove MS-DFS check that required the target host be ourself.
  + BUG 5372: Fix high CPU usage of cupsd on large print servers by using more
    efficient CUPS queries in smbd.
  + BUG 5095: Fix the enforcement of the "Manage Documents" access right.
  + BUG 5460: Fix MS-DFS referral problem in server code.
  + Fix bug in Winbind that caused the parent to ignore dead children.
  + BUG 4235: Improve compliance to the Squid helper protocol.  Original patch
    from Pawel Worach <pawel.worach@gmail.com>.
  + Prevent cycle in Wibind's list of children when reaping dead processes.
  + BUG 5419: Fix memory leak in ads_do_search_all_args() (merge from v3-2).
  + Fix winbind NETLOGON credential chain on a samba dc for w2k8 trusts.
  + Fix client connections and negotiation with Windows 2008 DCs in member
    server code.
  + Add NT_STATUS_DOWNGRADE_DETECTED error code (merge from v3-2).
  + BUG 5430: Fix pam_winbind.so on Solaris (requires -lsocket).
  + Re-add samr getdispinfoindex parsing which got lost in the glue commit.
  + BUG 5461: Implement a very basic _samr_GetDisplayEnumerationIndex().
    Corrects interop problem between Citrix PM and a Samba DC.
  + BUG 3840: Fix smbclient connecting to NetApp filers when using whitespace
    in the user's password.
  + BUG 4901: Fix behavior of "ldap passwd sync = only".
  + BUG 5317: Fix debug output from domain_client_validate().
  + BUG 5338: Fix format string bug in rpcclient.
  + Ensure that "wbinfo -a trusted\\user%password" works correctly on a Samba
    DC with trusts.
  + BUG 5336: Fix SetUsetrInfo(level 25) to update the pwdLastSet attribute.
  + BUG 5350: Fallback to anonymous sessions if not trust password could be
    obtained on Samba DCs and member servers.
  + Fix signing problem in the client with trans requests.
  + Enable winbind child processes to do something with signals, in particular
    closing and reopening logs on SIGHUP.
  + Add implementation of machine-authenticated connection to netlogon pipe
    used when connecting to win2k and newer domain controllers.
  + Fix trusted users on a DC that uses the old idmap syntax.
  + Only have Winbind cache domain password policies that were successfully
    retrieved.
  + Fix alignment bug when marshalling printer data replies.
  + Fix DeleteDriverDriverEx() checks to prevent removing in use files.

-------------------------------------------------------------------
Sat May 17 23:58:01 CEST 2008 - lmuelle@suse.de

- Expand baselibs.conf to match pre SUSE 11.0 products.

-------------------------------------------------------------------
Fri May 16 16:10:14 CEST 2008 - lmuelle@suse.de

- Remove obsoletes and provides <package>3 for all packages and systems.

-------------------------------------------------------------------
Fri May 16 14:55:02 CEST 2008 - lmuelle@suse.de

- Cleanup the use of the suse_version macro to achieve consistent defaults.

-------------------------------------------------------------------
Fri May 16 13:28:53 CEST 2008 - lmuelle@suse.de

- Set CODEPAGEDIR while make to fit the install location.

-------------------------------------------------------------------
Fri May 16 13:20:11 CEST 2008 - hhetter@suse.de

- Prevent errors during the cache validation when ua keys reach a size larger
  than 1024; [bnc#372558].

-------------------------------------------------------------------
Thu May 15 00:16:13 CEST 2008 - lmuelle@suse.de

- Package man page files independent of the used compression method (gz,lzma).

-------------------------------------------------------------------
Wed May 14 18:08:26 CEST 2008 - lmuelle@suse.de

- Rewrite spec file to build packages for Fedora, Redhat, CentOS, and Mandriva
  in the OBS too.

-------------------------------------------------------------------
Wed May 14 17:27:52 CEST 2008 - anschneider@suse.de

- Add a script to restart smbfs if NetworkMangaer gets an IP address;
  [bnc#373075].

-------------------------------------------------------------------
Tue May 13 17:30:00 CEST 2008 - lmuelle@suse.de

- Remove all references to the obsoleted samba-pdb package.

-------------------------------------------------------------------
Fri May  9 18:19:17 CEST 2008 - lmuelle@suse.de

- Compose the BuildRequires in a more flexible way to fit the openSUSE build
  service (OBS) requirements to support different operating system targets.

-------------------------------------------------------------------
Mon Apr 28 16:55:00 CEST 2008 - lmuelle@suse.de

- Use _libdir macro instead of a local define of LIBDIR.

-------------------------------------------------------------------
Mon Apr 28 15:10:24 CEST 2008 - lmuelle@suse.de

- Remove PreReq /sbin/ldconfig from the libtdb-devel package.

-------------------------------------------------------------------
Sat Apr 26 18:03:06 CEST 2008 - lmuelle@suse.de

- Install the shared libraries with the same name as used as soname.

-------------------------------------------------------------------
Fri Apr 25 21:46:25 CEST 2008 - lmuelle@suse.de

- Update to 3.2.0pre3.
  + Use of IDL generated parsing layer for several DCE/RPC interfaces.
  + Removal of the 1024 byte limit on pathnames and 256 byte limit on filename
    components to honor the MAX_PATH setting from the host OS.
  + Introduction of a registry based configuration system.
  + Improved CIFS Unix Extensions support.
  + Experimental support for file serving clusters.
  + Support for IPv6 in the server, and client tools and libraries.
  + Support for storing alternate data streams in xattrs.
  + Encrypted SMB transport in client tools and libraries, and server.
  + Support for Vista clients authenticating via Kerberos.
  + Full support for Windows 2003 cross-forest, transitive trusts and one-way
    domain trusts.
  + Support for userPrincipalName logons via pam_winbind and NSS lookups.
  + Expansion of nested domain groups via NSS calls.
  + Support for Active Directory LDAP Signing policy.
  + New LGPL Winbind client library (libwbclient.so).
  + New NetApi library for domain join related queries (libnetapi.so) and
    example GTK+ Domain join gui.
  + New client and server support for remotely joining and unjoining Domains.
  + Support for joining into Windows 2008 domains.
  + New ldb backend for local group mapping tables
  + Raised level of security defaults for authentication operations.
  + Inclusion of an HTML version of the 3rd edition of "Using Samba" from
    O'Reilly Publishing.

-------------------------------------------------------------------
Fri Apr 25 16:28:44 CEST 2008 - lmuelle@suse.de

- Add libtalloc1, libtdb0, and libwbclient0 to baselibs.conf.

-------------------------------------------------------------------
Fri Apr 25 14:35:11 CEST 2008 - lmuelle@suse.de

- Remove obsoletes and provides samba3 for post 10.3 systems.

-------------------------------------------------------------------
Fri Apr 25 14:09:56 CEST 2008 - lmuelle@suse.de

- Let libsmbsharemodes-devel require libsmbsharemodes0 for post 10.3 systems.

-------------------------------------------------------------------
Wed Apr 23 13:30:26 CEST 2008 - lmuelle@suse.de

- Rename the libsmbsharemodes package to libsmbsharemodes0 to follow the
  shared library packaging policy for post 10.3 systems.

-------------------------------------------------------------------
Tue Apr 22 15:47:56 CEST 2008 - jmcdonough@suse.de

- Update kdc dns-only lookup patch to IPv6.

-------------------------------------------------------------------
Thu Apr 17 12:18:03 CEST 2008 - lmuelle@suse.de

- Move mount.cifs and umount.cifs from /sbin/ to /usr/sbin/ and create sym
  links in /sbin/; [bnc#380693].

-------------------------------------------------------------------
Thu Apr 17 11:30:17 CEST 2008 - anschneider@suse.de

- Enable the build of vfs_cacheprime and vfs_readahead modules.

-------------------------------------------------------------------
Mon Apr 14 23:14:07 CEST 2008 - lmuelle@suse.de

- Update to 3.2.0pre2.
  + Add library for access to the registry configuration data.
  + BUG 5023: Separate NFS4 and POSIX ACL code in file access checks.
  + BUG 4308: Fix Excel save operation ACL bug.
  + BUG 4801: Correctly implement LSA lookup levels for LookupNames.
  + Add new option "debug class" to control printing of the debug class.
  + Enable building of the zfsacl and notify_fam vfs modules.
  + BUG 5083: Fix memleak in solarisacl module.
  + BUG 5063: Fix build on RHEL5.
  + New smb.conf parameter "config backend = registry" to enable registry only
    configuration.
  + Added support for IPv6 client and server connections.
  + Remove unused utilities: smbctool and rpctorture.
  + Fix service principal detection to match Windows Vista
      (based on work from Andreas Schneider).
  + Encrypted SMB transport in client tools and libraries, and server.
  + Added support for an SMB_CONF_PATH environment variable containing the
    path to smb.conf.
  + Various fixes to ntlm_auth.
  + Correctly handle mixed-case hostnames in NTLMv2 authentication.
  + Add Winbind client library.
  + Enhance client and server remote registry access.
  + Add client calls for remotely joining a computer to a domain (including
    calls from "net dom" command).
  + Add libnetapi.so library for joining domains including sample GTK+ app.
  + Fixes for Vista SP1 Kerberos authdata handling to only pickup the PAC.
  + Various fixes for DsGetDcName and conversion to IDL based structures.
  + Add ads_get_joinable_ous() to libads to get list of joinable ous.
  + Add get_logon_hours_from_pdb() to comply with new IDL based structures.
  + Migration of the entire client and server DCE/RPC code to IDL based
    structures and autogenerated code for DSSETUP, LSA, SAMR and NETLOGON.
  + Started migration of client and server DCE/RPC code to IDL based
    structures and autogenerated code for NTSSVC, SVCCTL and EVENTLOG.
  + Use IDL and autogenerated code for samlogoncache and Kerberos PAC
    handling.
  + Add remote join/unjoin server-side implementation.
  + Import the Linux red-black tree implementation.
  + Support for storing xattrs in tdb files.
  + Support for storing alternate data streams in xattrs.
  + Implement a generic in-memory cache based on rb-trees.
  + Speed up the smbclient "get" command.
  + Add the aio_fork module.
  + Modified libsmbclient API for more easily maintaining ABI compatibility
    while adding new features to libsmbclient.
  + Refactor Winbind internal parent-child interface tables to achieve better
    unit testing support.
  + Networking fixes to the libreplace library.
  + Add support for DNS Service Discovery.  Based on work from Rishi
    Srivatsavai <rishisv@gmail.com>.
  + Don't restart winbind if a corrupted tdb is found during initialization.
  + Add share parameter "administrative share".
  + Improve error messages of net subcommands.
  + Add 'net rap file user'.
  + Change LDAP search filter to find machine accounts which are not located
    in the user suffix.
  + Remove smbmount.
  + BUG 5073: Allow "delete readonly = yes" to correctly override deletion of
    a file.
  + Register the smb service with mDNS if mDNS is supported.
  + Add smbclient support for basic mDNS browsing.
  + Fix padding between Winbind 32bit/64bit client library in the request/
    response structures.
  + Added a syncops VFS module for file systems which do not guarantee
    meta-data operations are immediately committed to disk in stable form.
  + Additional portability support for building shared libraries.
  + Get Samba version or capability information from Windows user space.
- Add new sub packages libnetapi0, libnetapi-devel, libtalloc1,
  libtalloc-devel, libtdb0, libtdb-devel, libwbclient0, libwbclient-devel.

-------------------------------------------------------------------
Mon Apr 14 15:29:54 CEST 2008 - anschneider@suse.de

- Fix build with glibc 2.8.

-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de

- Added baselibs.conf file to build xxbit packages for multilib support for
  post 10.3 systems.

-------------------------------------------------------------------
Thu Apr 10 09:40:52 CEST 2008 - boyang@suse.de

- Only cache password policy results that worked, otherwise we cannot login
  until the cache expires even if a connection to a DC has been restored;
  [bnc#373552].

-------------------------------------------------------------------
Tue Apr  1 16:21:16 CEST 2008 - mkoenig@suse.de

- Remove dir /usr/share/omc/svcinfo.d as it is provided now by filesystem.

-------------------------------------------------------------------
Tue Mar 11 14:45:11 CET 2008 - lmuelle@suse.de

- Prevent tdb lock call getting interrupted by sig alarm; [bnc#364200].

-------------------------------------------------------------------
Mon Mar 10 10:49:16 CET 2008 - lmuelle@suse.de

- Update to 3.0.28a.
  + Failure to join Windows 2008 domains.
  + Windows Vista (including SP1 RC) interop issues.

-------------------------------------------------------------------
Tue Mar  4 13:46:45 CET 2008 - lmuelle@suse.de

- Rename the libsmbclient package to libsmbclient0 to follow the shared
  library packaging policy and remove provides libsmbclient3 for post 10.3
  systems.

-------------------------------------------------------------------
Fri Feb 22 17:14:27 CET 2008 - anschneider@suse.de

- Add variable to define if a share should be an administrative share;
  [bnc#358841].

-------------------------------------------------------------------
Mon Feb 18 11:56:47 MST 2008 - jjaimon@novell.com

- Fix patch errors with dcerpc and idmap_global; [bnc#280452].

-------------------------------------------------------------------
Thu Feb  7 16:05:10 CET 2008 - jmcd@suse.de

- Fix safe_strcpy error caused by duplicate domain name fix;
  [bnc#356025].

-------------------------------------------------------------------
Thu Feb  7 10:57:27 CET 2008 - anschneider@suse.de

- Fix two memleaks if num_validated_vuids exceeds its maximum;
  [bnc#349581].

-------------------------------------------------------------------
Fri Jan 25 21:42:11 CET 2008 - jmcdonough@suse.de

- Fix ACL inheritance; [bnc#351570].

-------------------------------------------------------------------
Wed Jan 23 15:53:03 CET 2008 - anschneider@suse.de

- Fix a gcc 4.3 buffer overflow warning.

-------------------------------------------------------------------
Wed Jan  9 04:30:56 CET 2008 - boyang@novell.com

- Remove duplicate domain name prepend when user SID is in winbindd cache;
  [#336854].

-------------------------------------------------------------------
Tue Jan  8 10:26:31 CET 2008 - anschneider@suse.de

- Prevent winbindd from segfaulting due to corrupted cache tdb on flushing
  caches; [#340332].

-------------------------------------------------------------------
Thu Dec 20 16:32:32 CET 2007 - anschneider@suse.de

- Fix kerberos authentication with Vista; [#350032].

-------------------------------------------------------------------
Wed Dec 12 13:59:11 CET 2007 - jmcdonough@suse.de

- Update to 3.0.28.
  + Fix send_mailslot overflow: CVE-2007-6015; [#343702].

-------------------------------------------------------------------
Wed Nov 28 22:00:57 CET 2007 - jmcdonough@suse.de

- Additional cases and problems caused by fix for CVE-2007-4572;
  [#337823].

-------------------------------------------------------------------
Mon Nov 26 16:56:13 CET 2007 - jmcdonough@suse.de

- Fix send_mailslot overflow: CVE-2007-6015; [#343702].

-------------------------------------------------------------------
Fri Nov 23 10:42:22 CET 2007 - hhetter@suse.de

- Added default printing system information to README.vendor;
  [#113759].

-------------------------------------------------------------------
Fri Nov 16 19:33:23 CET 2007 - lmuelle@suse.de

- Add missing define of AI_ADDRCONFIG for systems with older glibc versions.

-------------------------------------------------------------------
Thu Nov 15 19:49:53 CET 2007 - lmuelle@suse.de

- Update to 3.0.27.
  + Stack buffer overflow in nmbd's logon request processing; CVE-2007-4572;
    [#326261].
  + Remote code execution in Samba's WINS server daemon (nmbd) whe
    processing name registration followed name query requests; CVE-2007-5398;
    [#337823].

-------------------------------------------------------------------
Thu Nov 15 14:36:34 CET 2007 - anschneider@suse.de

- Change the spec file to get debug packages again.

-------------------------------------------------------------------
Wed Nov 14 15:24:48 CET 2007 - jmcdonough@suse.de

- Additional case for overflow: CVE-2007-4572; [#326261].

-------------------------------------------------------------------
Thu Nov  8 18:07:07 CET 2007 - jmcdonough@suse.de

- Fix process_logon_packet overflow; CVE-2007-4572; [#326261].

-------------------------------------------------------------------
Wed Nov  7 16:53:08 CET 2007 - jmcdonough@suse.de

- Fix reply_netbios_packet vulnerability; CVE-2007-5398; [#337823].

-------------------------------------------------------------------
Tue Oct 30 14:34:56 CET 2007 - jmcdonough@suse.de

- Fix missing getpwent mutex unlock; [#329796], [#331754], [#336854].

-------------------------------------------------------------------
Tue Oct 30 01:10:15 CET 2007 - jmcdonough@suse.de

- Fix the alignment of 32 and 64-bit winbind requests; [#331754].

-------------------------------------------------------------------
Fri Oct 12 11:23:47 CEST 2007 - lmuelle@suse.de

- Add dmapi-devel and xfsprogs-devel to the BuildRequires for post 10.0
  systems; [#289599], fate [#302668].

-------------------------------------------------------------------
Tue Oct  9 14:41:10 CEST 2007 - anschneider@suse.de

- Fix possible segfault in winbind which could be caused by uninitialized
  variables; [#253862c223].

-------------------------------------------------------------------
Fri Oct  5 17:36:28 CEST 2007 - jmcdonough@suse.de

- Use FQDN in KDC DNS lookup; [#295284].

-------------------------------------------------------------------
Thu Oct  4 00:59:14 CEST 2007 - lmuelle@suse.de

- Update to 3.2.0pre1.
  + Use of IDL generated parsing layer for several DCE/RPC interfaces.
  + Removal of the 1024 byte limit on pathnames and 256 byte limit on filename
    components to honor the MAX_PATH setting from the host OS.
  + Introduction of a registry based configuration system.
  + Improved CIFS Unix Extensions support.
  + Experimental support for file serving clusters.
  + Full support for Windows 2003 cross-forest, transitive trusts and one-way
    domain trusts
  + Support for userPrincipalName logons via pam_winbind and NSS lookups.
  + Support in pam_winbind for logging on using the userPrincipalName.
  + Expansion of nested domain groups via NSS calls.
  + Support for Active Directory LDAP Signing policy.
  + New ldb backend for local group mapping tables
  + Raised level of security defaults for authentication operations.
  + Inclusion of an HTLM version of the 3rd edition of "Using Samba" from
    O'Reilly Publishing.
- Update samba-vscan to 0.3.6c-beta5.
- Disable dcerpc-funnel and idmap_ad-Global_Catalog as both currently don't
  apply to Samba 3.2.

-------------------------------------------------------------------
Wed Oct  3 23:42:42 CEST 2007 - jmcdonough@suse.de

- Make nss_winbind thread-safe; [#293907, #329796].

-------------------------------------------------------------------
Wed Oct  3 17:09:11 CEST 2007 - jmcdonough@suse.de

- Perform KDC lookup using DNS only; [#295284].

-------------------------------------------------------------------
Thu Sep 27 00:35:42 CEST 2007 - anschneider@suse.de

- Handle smb child crash; [#294895].

-------------------------------------------------------------------
Wed Sep 26 01:59:41 CEST 2007 - lmuelle@suse.de

- Add a global lock inside nss_winbind as workaround; [#293907].

-------------------------------------------------------------------
Thu Sep 20 22:46:09 CEST 2007 - lmuelle@suse.de

- Merge ranged retrieval optimization to winbindd.

-------------------------------------------------------------------
Wed Sep 19 20:55:15 CEST 2007 - lmuelle@suse.de

- Update to 3.0.26a.
  + Memory leaks in Winbind's IDMap manager.
- Update to 3.0.26.
  + Incorrect primary group assignment for domain users using the rfc2307 or
    sfu winbind nss info plugin; CVE-2007-4138; [#307623].

-------------------------------------------------------------------
Fri Sep  7 15:32:13 CEST 2007 - lmuelle@suse.de

- Fix two memleaks in idmap_cache.c; bso [#4917].
- Correct failure of libsmbclient against a version of Windows.
- Make read_sock return the total number of bytes read instead.
- Fix error in enum_dom_groups.
- Fix logic error in timeout of blocking lock processing.
- Add parameter "directory name cache size".
- Fix use of pwrite in tdb code.

-------------------------------------------------------------------
Thu Aug 30 15:08:06 CEST 2007 - lmuelle@suse.de

- Also ensure to initialize ip_srv_site and count_site even if we are not on
  site; [#230963#c124].
- Use an off site DC if we're not online and talking to the KDC of our domain;
  [#230963#c106].

-------------------------------------------------------------------
Wed Aug 22 17:40:45 CEST 2007 - anschneider@suse.de

- Fix a bug where samba writes the wrong default value of max_passwd_expire to
  an LDAP server; [#298469].

-------------------------------------------------------------------
Tue Aug 21 16:50:03 CEST 2007 - lmuelle@suse.de

- Fix if statements where we still expected cli_connect() to return BOOL.

-------------------------------------------------------------------
Tue Aug 21 12:36:12 CEST 2007 - lmuelle@suse.de

- Update to 3.0.25c.
  + File sharing with Widows 9x clients.
  + Winbind running out of file descriptors due to stalled child processes.
  + MS-DFS inter-operability issues.

-------------------------------------------------------------------
Tue Jul 24 10:47:35 CEST 2007 - anschneider@suse.de

- Update the cache tdb validation patch which improves the backup handling
  trying to end up with a useable cache tdb. This applies mostly to the
  situation that disk space is short; [#256166c82].

-------------------------------------------------------------------
Thu Jul 19 10:15:23 CEST 2007 - anschneider@suse.de

- Update the cache tdb validation patch to support backup and corrupted
  file handling; [#256166c77].

-------------------------------------------------------------------
Wed Jul 11 09:48:36 CEST 2007 - anschneider@suse.de

- Fix a bug that causes smbd to 'hang' intermittently; [#289599].

-------------------------------------------------------------------
Tue Jul 10 19:03:25 CEST 2007 - lmuelle@suse.de

- Fix event based krb5 ticket refreshing in winbindd.

-------------------------------------------------------------------
Fri Jul  6 19:31:25 CEST 2007 - lmuelle@suse.de

- Limit the LDAP expression in lookup_usergroups_member() to security groups;
  [253862c209].

-------------------------------------------------------------------
Fri Jul  6 10:20:29 CEST 2007 - lmuelle@suse.de

- Don't reset the num_names counter in lookup_groupmem(); [253862c198].

-------------------------------------------------------------------
Wed Jul  4 16:37:34 CEST 2007 - anschneider@suse.de

- Make the days before the password expiry warning appears configurable in
  pam_winbind.conf; [#287871].

-------------------------------------------------------------------
Tue Jul  3 13:32:31 CEST 2007 - schwab@suse.de

- Don't link shared libraries of vscan with -pie.

-------------------------------------------------------------------
Fri Jun 29 14:01:47 CEST 2007 - lmuelle@suse.de

- Increase LOOKUP_SIDS_HUNK_SIZE for rpccli_lsa_lookup_sids_all() from 1000 to
  20480; [#253862c175].

-------------------------------------------------------------------
Wed Jun 27 16:21:43 CEST 2007 - lmuelle@suse.de

- Update to 3.0.25b.
  + Offline caching of files with Windows XP/Vista clients.
  + Improper cleanup of expired or invalid byte range locks on files.
  + Crashes is idmap_ldap and idmap_rid.

-------------------------------------------------------------------
Sat Jun 23 19:43:15 CEST 2007 - lmuelle@suse.de

- Fix reply when no dfs share is configured.
- Fix the DFS code to work with Vista clients; [#286937].

-------------------------------------------------------------------
Fri Jun 22 16:57:31 CEST 2007 - lmuelle@suse.de

- Migrate old if-up/down scripts to new names on update; [#283706, #285187].

-------------------------------------------------------------------
Tue Jun 19 16:03:55 CEST 2007 - anschneider@suse.de

- Introduced prefix numbering of if-up/down scripts that they get executed in
  the right order; [#283706, #285187].

-------------------------------------------------------------------
Tue Jun 19 13:40:39 CEST 2007 - anschneider@suse.de

- Restart nscd on winbind update to load the new libnss_winbind.so.2 library.
  This will not resolve every problem with nss modules; [#174589c88].

-------------------------------------------------------------------
Mon Jun 18 15:43:31 CEST 2007 - anschneider@suse.de

- Fix winbind segfaults with idmap_rid; bso [#4624].

-------------------------------------------------------------------
Thu Jun  7 19:43:52 CEST 2007 - lmuelle@suse.de

- Add missed 'c' character to the list of valid ones in escape_shell_string();
  [#273611].

-------------------------------------------------------------------
Fri Jun  1 19:16:30 CEST 2007 - lmuelle@suse.de

- Let lookup_groupmem() only resolve not yet cached SIDs; [#253862c106].

-------------------------------------------------------------------
Thu May 31 08:28:53 CEST 2007 - lmuelle@suse.de

- Remove superfluous requires to samba from the devel package.

-------------------------------------------------------------------
Wed May 30 18:29:23 CEST 2007 - lmuelle@suse.de

- Ensure the returned structure size from _samr_query_dispinfo() is smaller
  than the total size; [#203833].

-------------------------------------------------------------------
Sat May 26 16:39:00 CEST 2007 - lmuelle@suse.de

- Remove 'unset CONFIGURE_OPTIONS' in front of the configure call to vscan.
- Install header files with 0644 instead of 0755 permissions.
- Enable build of the python package.

-------------------------------------------------------------------
Fri May 25 13:36:38 CEST 2007 - anschneider@suse.de

- Branch a samba-devel package for post 10.2 systems.
- Install .a library files with 0644 instead of 0755 permissions.

-------------------------------------------------------------------
Fri May 25 10:19:18 CEST 2007 - lmuelle@suse.de

- Update to 3.0.25a.
  + Missing supplementary Unix group membership when using "force·group".
  + Premature expiration of domain user passwords when using a·Samba domain
    controller.
  + Failure to open the Windows object picker against a server configured to
    use "security = domain".
  + Authentication failures when using security = server.

-------------------------------------------------------------------
Thu May 24 19:41:34 CEST 2007 - lmuelle@suse.de

- Add %dir /usr/share/samba to the client package.
- Remove samba-classic{,-client}, samba-ldap{,-client}, sambaxp{,-client}, and
  smbclnt from Provides and Obsoletes of the main or client package.

-------------------------------------------------------------------
Thu May 24 10:41:37 CEST 2007 - stbinner@suse.de

- Add /sbin/ldconfig to %post and %postun of libsmbsharemode.

-------------------------------------------------------------------
Wed May 23 19:02:26 CEST 2007 - lmuelle@suse.de

- Update samba-vscan to 0.3.6c-beta4.

-------------------------------------------------------------------
Wed May 23 11:45:31 CEST 2007 - anschneider@suse.de

- In some cases PRS_ALLOC_MEM was called with zero count; [#273613];
  bso [#4637].

-------------------------------------------------------------------
Wed May 23 10:08:00 CEST 2007 - hhetter@suse.de

- Enhance the patch to the ads version of lookup_groupmem(); [#253862c89].

-------------------------------------------------------------------
Mon May 21 20:13:57 CEST 2007 - lmuelle@suse.de

- Don't use current_user to prep the security ctx in change_to_user();
  [#273613].

-------------------------------------------------------------------
Mon May 21 11:51:23 CEST 2007 - lmuelle@suse.de

- Prevent winbindd segfaulting due to corrupted cache tdb; [#256166].

-------------------------------------------------------------------
Sat May 19 13:31:34 CEST 2007 - lmuelle@suse.de

- Use WORKGROUP instead of TUX-NET as default workgroup setting in smb.conf.

-------------------------------------------------------------------
Fri May 18 09:50:26 CEST 2007 - lmuelle@suse.de

- No longer check in the pre package scripts if swat or winbindd of version
  2.2 are updated; [#273160].

-------------------------------------------------------------------
Mon May 14 13:55:15 CEST 2007 - lmuelle@suse.de

- Update to 3.0.25.
  + Significant improvements in the winbind off-line logon support.
  + Support for secure DDNS updates as part of the 'net ads join'·process.
  + Rewritten IdMap interface which allows for TTL based caching and·per
    domain backends.
  + New plug-in interface for the "winbind nss info" parameter.
  + New file change notify subsystem which is able to make use of·inotify on
    Linux.
  + Support for passing Windows security descriptors to a VFS·plug-in allowing
    for multiple Unix ACL implements to running side·by side on the Same
    server.
  + Improved compatibility with Windows Vista clients including·improved read
    performance with Linux servers.
  + Man pages for IdMap and VFS plug-ins.
  + Security Fixes CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447.
- Disable build of the python package.

-------------------------------------------------------------------
Fri May 11 11:57:55 CEST 2007 - lmuelle@suse.de

- Fix heap overflows to prevent remote code execution; CVE-2007-2446;
  [#273613].
- Fix remote command injection vulnerability; CVE-2007-2447; [#273611].

-------------------------------------------------------------------
Tue May  8 21:07:43 CEST 2007 - lmuelle@suse.de

- Remove obsolete samba-pdb package and required packages from BuildRequires
  for post 10.2 systems.

-------------------------------------------------------------------
Mon May  7 14:54:35 CEST 2007 - lmuelle@suse.de

- Remove X-UnitedLinux- prefix from init scripts for post 9.0 systems.

-------------------------------------------------------------------
Mon May  7 13:17:27 CEST 2007 - lmuelle@suse.de

- Remove requires on release from devel packages.

-------------------------------------------------------------------
Thu May  3 12:55:55 CEST 2007 - lmuelle@suse.de

- Reduces the number of queries made to the DC in the ads version of
  lookup_groupmem(); [#253862].

-------------------------------------------------------------------
Thu May  3 11:43:57 CEST 2007 - lmuelle@suse.de

- Allow winbindd to take local shortcut on secondary DCs in case dce funnel
  directory is set; [#266853].

-------------------------------------------------------------------
Wed May  2 19:41:04 CEST 2007 - lmuelle@suse.de

- Really remove Should-Start smb in smbfs init script; [#242918].

-------------------------------------------------------------------
Wed Apr 25 23:33:27 CEST 2007 - lmuelle@suse.de

- Disable 'msdfs root' by default again; [#268004].

-------------------------------------------------------------------
Fri Apr 20 23:50:15 CEST 2007 - lmuelle@suse.de

- Build libsmbsharemodes and create libsmbsharemodes and corresponding devel
  package; [#264623].

-------------------------------------------------------------------
Fri Apr 20 12:05:01 CEST 2007 - lmuelle@suse.de

- Let idmap_ad search in the Global Catalog in case dce funnel directory is
  set; [#266049].

-------------------------------------------------------------------
Tue Apr 17 22:02:11 CEST 2007 - lmuelle@suse.de

- Allow share names with a lengths greater than 32 chars; bso [#4512].

-------------------------------------------------------------------
Tue Apr 17 21:01:05 CEST 2007 - lmuelle@suse.de

- Check the euid and call become_root() to get write access to dump a core.

-------------------------------------------------------------------
Tue Apr 17 13:12:50 CEST 2007 - lmuelle@suse.de

- Add pwdutils BuildRequires for post 10.2 systems.

-------------------------------------------------------------------
Mon Apr 16 19:30:38 CEST 2007 - lmuelle@suse.de

- Do not restart winbindd under any if-up circumstances; [#227942].

-------------------------------------------------------------------
Fri Apr 13 14:49:00 CEST 2007 - lmuelle@suse.de

- Replace unneeded become_root_uid_only() by refactored become_root();
  CVE-2007-2444; [#262090].

-------------------------------------------------------------------
Tue Apr  3 17:02:19 CEST 2007 - lmuelle@suse.de

- Add repository version and branch to the spec file via
  build-source-timestamp mechanism.

-------------------------------------------------------------------
Tue Apr  3 11:33:11 CEST 2007 - lmuelle@suse.de

- Allow applications to set the share mode while opening a file using
  libsmbclient; bso [#3684]; [#203737].

-------------------------------------------------------------------
Thu Mar 29 14:36:13 CEST 2007 - lmuelle@suse.de

- Fix for fd leak on error path in winbindd; bso [#3204], [#258737].

-------------------------------------------------------------------
Mon Mar 26 15:02:45 CEST 2007 - rguenther@suse.de

- Add gdbm-devel BuildRequires for post 10.2 systems.

-------------------------------------------------------------------
Mon Mar 26 14:04:50 CEST 2007 - lmuelle@suse.de

- Remove setlocale(LC_ALL, "C") calls; bso [#2926], [#247728].

-------------------------------------------------------------------
Sat Mar 17 23:34:52 CET 2007 - lmuelle@suse.de

- Fix segfault and memleak in wb_lookup_rids(); bso [#4434].

-------------------------------------------------------------------
Mon Mar  5 16:06:04 CET 2007 - lmuelle@suse.de

- Fixes a known bottleneck under very high load situations; [#247984].

-------------------------------------------------------------------
Mon Feb 26 12:32:20 CET 2007 - gd@suse.de

- Avoid passdb builtin group membership calls in the DCERPC funnel patch;
  [#248556].

-------------------------------------------------------------------
Fri Feb 23 11:37:06 CET 2007 - lmuelle@suse.de

- Allow pre 3.0.23 multi passdb backend configurations to work with
  post 3.0.22 by using the first backend only; [#245167].

-------------------------------------------------------------------
Thu Feb 22 15:05:48 CET 2007 - gd@suse.de

- Prevent nscd crash in NSS winbind initgroups(); [#237719].
- Fix pam_winbind cached login for samba/NT4 domains; bso [#4225].
- Various pam_winbind fixes; bso [#4094, #4288].
- Fix DCERPC funnel patch; [#245278].
- Fix vista and share level security.
- Fix vista variable expansion; bso [#4093].
- Fix vista DFS support; bso [#4356].
- Fix vista backup tool; bso [#4361].
- Fix vista deletion on shares; bso [#4188].
- Fix vista spoolss problems.

-------------------------------------------------------------------
Tue Feb 13 10:59:39 CET 2007 - gd@suse.de

- Fix crash bug in rpc_pipe_bind(); [#244892].

-------------------------------------------------------------------
Fri Feb  9 20:30:34 CET 2007 - lmuelle@suse.de

- Enable DCERPC funnel patch.

-------------------------------------------------------------------
Fri Feb  9 11:50:29 CET 2007 - gd@suse.de

- Fix accumulation of expired LDAP connections when winbind in ads mode;
  bso [#4009].

-------------------------------------------------------------------
Wed Feb  7 10:34:06 CET 2007 - gd@suse.de

- Fix all lp_dce_funnel_directory() callers; [#242833].

-------------------------------------------------------------------
Wed Feb  7 09:44:46 CET 2007 - lmuelle@suse.de

- Disable broken DCERPC funnel patch; [#242833].

-------------------------------------------------------------------
Mon Feb  5 12:45:24 CET 2007 - lmuelle@suse.de

- Update to 3.0.24.
  + Potential Denial of Service bug in smbd; CVE-2007-0452; [#240265].

-------------------------------------------------------------------
Thu Feb  1 20:37:35 CET 2007 - lmuelle@suse.de

- Fix logic error in the deferred open code; CVE-2007-0452; [#240265].

-------------------------------------------------------------------
Thu Feb  1 15:31:03 CET 2007 - gd@suse.de

- Avoid winbind event handler for internal domains.

-------------------------------------------------------------------
Tue Jan 30 17:59:15 CET 2007 - gd@suse.de

- Fix smbcontrol winbind offline; [#223418].
- Fail on offline pwd change attempts; [#223501].
- Register check_dom_handler when coming from offline mode.
- Fix pam_winbind passwd changes in online mode.
- Call set_domain_online in init_domain_list().
- Winbind cleanup after failure and fix crash bug.
- Don't register check domain handler for all trusts.
- Add separate logfile for dc-connect wb child.
- Only write custom krb5 conf for own domain.
- Move check domain handler to fork_domain_child.

-------------------------------------------------------------------
Fri Jan 26 11:46:05 CET 2007 - gd@suse.de

- Fix pam_winbind text string typo; [#238496].
- Support sites without DCs (automatic site coverage); [#219793].
- Fix invalid krb5 cred cache deletion; [#227782].
- Fix invalid warning in the PAM session close;
- Fix DC queries for all DCs; [#230963].
- Fix sitename usage depending on realm; [#195354].

-------------------------------------------------------------------
Wed Jan 24 18:36:30 CET 2007 - gd@suse.de

- Add DCERPC funnel patch; fate [#300768].

-------------------------------------------------------------------
Mon Jan 22 14:25:21 CET 2007 - gd@suse.de

- Fix pam password change with w2k DCs; [#237281].

-------------------------------------------------------------------
Thu Jan 18 18:20:28 CET 2007 - lmuelle@suse.de

- Check from the init script for SAMBA_<daemonname>_ENV variable expected to
  be set in /etc/sysconfig/samba to export a particular environment variable
  before starting a daemon.  See section 'Setup a particular environment for
  a Samba daemon' from the README file how this feature is to use.

-------------------------------------------------------------------
Mon Jan 15 11:24:31 CET 2007 - lmuelle@suse.de

- Remove %config tag from /usr/share/omc/svcinfo.d/*.xml files.

-------------------------------------------------------------------
Thu Jan 11 17:36:13 CET 2007 - gd@suse.de

- Fix pam_winbind grace offline logins; [#223501].
- Fix password expiry message; [#231583].

-------------------------------------------------------------------
Thu Jan 11 15:36:42 CET 2007 - lmuelle@suse.de

- Move XML service description documents; fate [#301712].

-------------------------------------------------------------------
Wed Jan 10 11:09:29 CET 2007 - lmuelle@suse.de

- Disable smbmnt, smbmount, and smbumount for systems newer than 10.1.

-------------------------------------------------------------------
Tue Jan  9 16:26:58 CET 2007 - lmuelle@suse.de

- Add XML service description documents; fate [#301712].

-------------------------------------------------------------------
Thu Jan  4 11:25:55 CET 2007 - lmuelle@suse.de

- Move tdb utils to the client package.

-------------------------------------------------------------------
Thu Dec 14 03:34:11 CET 2006 - jeallison@novell.com

- Fix crash caused by deleting a message dispatch
  handler from inside the handler itself; [#221709].

-------------------------------------------------------------------
Fri Dec  8 21:17:59 CET 2006 - jeallison@novell.com

- Fix delays in winbindd access when on a non-home
  network; [#222595].

-------------------------------------------------------------------
Thu Nov 23 00:49:55 CET 2006 - jeallison@novell.com

- Fix client-side smb signing; [#222951].
- Fix imcomplete merge for firefox NTLM handling; [#198255].

-------------------------------------------------------------------
Mon Nov 20 20:32:26 CET 2006 - lmuelle@suse.de

- Add IA64 and x64 printer drivers directory.

-------------------------------------------------------------------
Thu Nov 16 17:44:22 CET 2006 - lmuelle@suse.de

- Update to 3.0.23d.
  + Stability fixes for winbindd.

-------------------------------------------------------------------
Fri Nov  3 10:37:45 CET 2006 - gd@suse.de

- Fix ldapsmb group and unicode issues; [#143417, #216606].
- Fix net ads account management; [#217046].
- Fix libnscd usage in passdb; [#217363].
- Add the "mega patch"
  + Add site support for winbind; [#195354], fate [#300909].
  + Add site support for net; [#211281], fate [#300909].
  + Fix winbind krb5 ticket handling from offline; [#178028].
  + Fix "net ads leave"; [#196771].
  + Fix winbind username case handling; [#184902].
  + Fix winbind name canonicalisation; [#210174].
  + Fix winbind online/offline handling; [#196859].
  + Add NTLM cached credential handling for firefox; [#198255],
    fate [#300973].
  + Fix winbind groupmembership handling; [#211324].
  + Fix winbind site-support handling on reconnect; [#195354].
  + Fix winbind child initialization and online/offline handling;
    [#196859].
  + Fix winbind cached credential storage; [#185053].
  + Fix winbind long login delays; [#184450].
  + Fix winbind crash for new AD user; [#208454].

-------------------------------------------------------------------
Thu Oct 26 16:29:03 CEST 2006 - gd@suse.de

- Fix pam_winbind overriding syslog settings; [#201756].
- Fix profilepath pam_set_data for other PAM modules; [#215707].

-------------------------------------------------------------------
Mon Oct 23 18:12:39 CEST 2006 - gd@suse.de

- Fix timeout handling for winbindd (samr, netlogon).
- Fix gencache access; [#209409, #211281].
- Fix libsmbclient accessing NetApp; bso [#4018].
- Fix error handling in ads printer code; [#209409].
- Fix passwd pam segfault; [#211719].
- Fix crash in winbind async child.
- Fix winbind failure mode for trusted domains.

-------------------------------------------------------------------
Fri Oct 20 09:52:55 CEST 2006 - jeallison@novell.com

- Add realm to username if missing in net ads join; [#211706].

-------------------------------------------------------------------
Thu Oct 19 22:35:17 CEST 2006 - lmuelle@suse.de

- Move the LOCKDIR to the client sub package.

-------------------------------------------------------------------
Thu Oct 12 16:56:17 CEST 2006 - lmuelle@suse.de

- Activate the libaddns.

-------------------------------------------------------------------
Thu Sep 28 23:25:57 CEST 2006 - lmuelle@suse.de

- Add version of the package subversion to Samba vendor version suffix.

-------------------------------------------------------------------
Fri Sep  1 14:29:17 CEST 2006 - lmuelle@suse.de

- Update to 3.0.23c.
  + Authentication failures in pam_winbind when the AD domain
    policy is set to not expire passwords.
  + Authorization failures when using smb.conf options such
    as "valid users" with the smbpasswd passdb backend.

-------------------------------------------------------------------
Thu Aug 24 19:59:00 CEST 2006 - jeallison@novell.com

- Fix time value reporting in libsmbclient; [#195285].

-------------------------------------------------------------------
Tue Aug 15 10:10:25 CEST 2006 - ro@suse.de

- Remove update-messages.

-------------------------------------------------------------------
Tue Aug  8 22:30:40 CEST 2006 - jeallison@novell.com

- Store and restore NT hashes as string compatible values; [#185053].

-------------------------------------------------------------------
Tue Aug  8 19:59:44 CEST 2006 - jeallison@novell.com

- Added winbindd null sid fix; [#185053].

-------------------------------------------------------------------
Tue Aug  8 15:53:23 CEST 2006 - lmuelle@suse.de

- Update to 3.0.23b.
  + Ambiguity with unqualified names in smb.conf parameters
    such as "force user" and "valid users".
  + Errors in 'net ads join' caused by bad IP address in the list
    of domain controllers.
  + SMB signing errors in the client and server code.
  + Domain join failures when using smbpasswd on a Samba PDC.

-------------------------------------------------------------------
Wed Jul 26 10:51:41 CEST 2006 - lmuelle@suse.de

- Fix from Alison Winters of SGI to build even if make_vscan is 0.

-------------------------------------------------------------------
Sat Jul 22 12:05:33 CEST 2006 - lmuelle@suse.de

- Update to 3.0.23a.
  + Failure to strip the domain name from groups when 'winbind
    use default domain = yes'
  + Bad token creation of local users on member servers not
    running winbindd.
  + Failure to add users or groups to ACLs using the Windows
    object picker.
  + Failure in file serving code when 'kernel oplocks = yes'.
  + New "createupn" option to "net ads join"
  + Rewritten Kerberos keytab generation when 'use kerberos
    keytab = yes'

-------------------------------------------------------------------
Tue Jul 18 13:27:26 CEST 2006 - lmuelle@suse.de

- Replace vendor-files/tools/dlopen.sh by test_pam_modules make rule.

-------------------------------------------------------------------
Tue Jul 18 12:48:15 CEST 2006 - lmuelle@suse.de

- Fix pam config file parsing in pam_winbind; bso [#3916].

-------------------------------------------------------------------
Mon Jul 10 22:46:04 CEST 2006 - lmuelle@suse.de

- Update to 3.0.23.
  + Improved 'make test'
  + New offline mode in winbindd.
  + New Kerberos support for pam_winbind.so.
  + New handling of unmapped users and groups.
  + New non-root share management tools.
  + Improved support for local and BUILTIN groups.

-------------------------------------------------------------------
Fri Jul  7 18:10:40 CEST 2006 - gd@suse.de

- Prevent potential crash in winbindd's credential cache handling;
  [#184450].

-------------------------------------------------------------------
Thu Jul  6 12:08:51 CEST 2006 - lmuelle@suse.de

- Fix memory exhaustion DoS; CVE-2006-3403; [#190468].

-------------------------------------------------------------------
Sun Jul  2 02:24:22 CEST 2006 - jeallison@novell.com

- Fix the munlock call, samba.org svn rev r16755 from Volker.

-------------------------------------------------------------------
Sat Jul  1 01:45:26 CEST 2006 - jeallison@novell.com

- Change the kerberos principal for LDAP authentication to
  netbios-name$@realm from host/name@realm; [#184450].

-------------------------------------------------------------------
Tue Jun 27 15:55:57 CEST 2006 - lmuelle@suse.de

- Ensure to link all required libraries to libnss_wins; [#184306].

-------------------------------------------------------------------
Sat Jun 24 19:46:24 CEST 2006 - lmuelle@suse.de

- Update to 3.0.23rc3.
  + Warnings from the Klocwork code analyzer.
  + Various portability bugs on AIX, Solaris, and True64.
  + Authorization problems when managing services.
  + Problems joining Windows clients to a Samba/LDAP domain.

-------------------------------------------------------------------
Wed Jun 21 02:36:07 CEST 2006 - jeallison@novell.com

- Change log level of debug message to avaoid flodded nmbd log; [#157623].

-------------------------------------------------------------------
Mon Jun 19 16:14:25 CEST 2006 - lmuelle@suse.de

- Add 'usershare allow guests = Yes' to the default config; [#144787].

-------------------------------------------------------------------
Fri Jun 16 12:52:10 CEST 2006 - schwab@suse.de

- Fix syntax error in configure script.

-------------------------------------------------------------------
Fri Jun 16 00:44:45 CEST 2006 - gd@suse.de

- Add CHANGEPW kpasswd fallback to TCP; [#184945].

-------------------------------------------------------------------
Tue Jun 13 21:46:28 CEST 2006 - lmuelle@suse.de

- Update to 3.0.23rc2.
  + Winbindd & Samba PDC integration issues.
  + Join problems from Windows clients in a Samba domain.
  + Winbind & AD trust failures.

-------------------------------------------------------------------
Fri Jun  9 16:17:33 CEST 2006 - lmuelle@suse.de

- Remove VFS examples; [#182117].

-------------------------------------------------------------------
Fri Jun  9 15:31:12 CEST 2006 - gd@suse.de

- Honour 'sn' attribute for eDir; [#176799].

-------------------------------------------------------------------
Thu Jun  8 12:05:30 CEST 2006 - lmuelle@suse.de

- Adapt smbclient fix to smbtree to enable long share names; [#175999].
- Make smbclient -L use RPC to list shares, fall back to RAP; [#171311].

-------------------------------------------------------------------
Wed Jun  7 16:23:26 CEST 2006 - gd@suse.de

- Re-add in-forest domain trusts; [bso #3823].

-------------------------------------------------------------------
Thu Jun  1 16:09:32 CEST 2006 - lmuelle@suse.de

- Remove SO_SNDBUF and SO_RCVBUF from socket options example; [#165723].

-------------------------------------------------------------------
Wed May 31 19:51:49 CEST 2006 - gd@suse.de

- Add wbinfo --own-domain; [#167344].
- Fix usability of pam_winbind on a Samba PDC; [bso #3800].

-------------------------------------------------------------------
Tue May 30 12:28:17 CEST 2006 - lmuelle@suse.de

- Remove intrusive affinity patches for winbindd.

-------------------------------------------------------------------
Sun May 28 01:08:59 CEST 2006 - jeallison@novell.com

- Merge Volker's winbindd crash fix for half-opened connections
  in winbindd_cm.c (sessionsetup succeeded but tconX failed).

-------------------------------------------------------------------
Thu May 25 19:05:14 CEST 2006 - lmuelle@suse.de

- Update to 3.0.23rc1.
  + Winbind IDMAP integration with RFC2307 schema objects supported by Windows
    2003 R2.
  + Rewritten 'net ads join' to mimic Windows XP without requiring
    administrative rights to join a domain.

-------------------------------------------------------------------
Mon May 22 20:14:38 CEST 2006 - lmuelle@suse.de

- Optimize lookup of user's group memberships via ExtendedDn LDAP control;
  [#168100].
- Restart winbind if the hostname is modified by the DHCP client; [#169260].
- Set the groups membership first whilst we're still root and use execve()
  instead of execv() in get_printing_ticket; [#177114].
- Add samba-krb-printing sub package with get_printing_ticket wrapper binary;
  [#149698].

-------------------------------------------------------------------
Tue May 16 16:37:07 CEST 2006 - gd@suse.de

- Prevent passwords beeing swapped to disc; [#174834].
- Remove length limit from winbind cache cleanup function; [#175737].
- Fix NDS_ldapsam memory leak.
- Only add password to linked list when necessary.
- Don't try cached credentials when changing passwords.
- Cleanup winbind linked list of credential caches.
- Use the index objectCategory attribute in AD LDAP requests.
- Adjust AD time difference when validating tickets.
- Add password change warning for passwords beeing too young.
- Remove experimental Heimdal KCM support.

-------------------------------------------------------------------
Mon May  8 17:37:28 CEST 2006 - lmuelle@suse.de

- Added "usershare allow guests" global parameter; [#144787].

-------------------------------------------------------------------
Thu May  4 19:52:01 CEST 2006 - gd@suse.de

- Return domain name in samrquerydominfo 5; [#172756].

-------------------------------------------------------------------
Tue May  2 11:58:34 CEST 2006 - gd@suse.de

- Fix unauthorized access when logging in with pam_winbind; [#156385].

-------------------------------------------------------------------
Thu Apr 27 17:40:34 CEST 2006 - lmuelle@suse.de

- Don't ever set O_SYNC on open unless "strict sync = yes"; [#165431].

-------------------------------------------------------------------
Mon Apr 24 12:23:29 CEST 2006 - gd@suse.de

- Correct fix to exit from "net" with an inproper configuration; [#163227],
  [#182749].
- Robustness fixes for winbind; [#167952].
- Fix build of own iniparser copy.

-------------------------------------------------------------------
Sun Apr 23 23:11:47 CEST 2006 - lmuelle@suse.de

- Update to 3.0.23pre1.

-------------------------------------------------------------------
Sat Apr 15 20:24:12 CEST 2006 - lmuelle@suse.de

- Exit from the net command with an error if Samba is not configured for the
  required role; [#163227].
- Add portability issue fixes between 32-bit winbind clients and a 64-bit
  winbindd server.
- Install pam_winbind.conf to /etc/security and add it with %config(noreplace)
  to the samba-winbind sub package.
- Add fix to the vscan antivir module to circumvent longer startup times of
  the antivir scanner process.

-------------------------------------------------------------------
Wed Apr 12 19:45:57 CEST 2006 - gd@suse.de

- Use iniparser for pam_winbind.

-------------------------------------------------------------------
Mon Apr  3 12:09:28 CEST 2006 - lmuelle@suse.de

- Allow testparm to dump a paramatrical option.
- Update to 3.0.22; CVE-2006-1059; [#161778].

-------------------------------------------------------------------
Fri Mar 31 13:20:05 CEST 2006 - gd@suse.de

- Don't assume account objectclass for eDir; [#160169].

-------------------------------------------------------------------
Wed Mar 29 11:50:36 CEST 2006 - gd@suse.de

- Only send CLDAP request to an connect AD DC; [#159684].
- Invalidate krb5 credential cache when pam_auth has failed; [#161018].

-------------------------------------------------------------------
Tue Mar 28 14:26:43 CEST 2006 - lmuelle@suse.de

- Enhance comment for the 'cups options = raw' line; [#160720].

-------------------------------------------------------------------
Thu Mar 23 14:30:15 CET 2006 - gd@suse.de

- Align pam_winbind patch with upstream version.

-------------------------------------------------------------------
Tue Mar 21 10:47:16 PST 2006 - jeallison@novell.com

- Fix oplock logic bug under heavy load; [#159626].

-------------------------------------------------------------------
Mon Mar 20 16:25:53 CET 2006 - gd@suse.de

- Flush nscd cache also on winbindd startup; [#137793].
- Remove paranoia check for empty acct_flags to support NT4 and older Samba 3
  DCs; [#149477].
- Skip superfluous keytab-iteration; [#154951].
- Avoid fallback to samlogon after password failure; [#158717].
- Fix empty domain name in NSS calls; [#154954].

-------------------------------------------------------------------
Wed Mar 15 19:02:18 CET 2006 - lmuelle@suse.de

- Call make proto instead of pch for pre 10.0 systems.
- Use 0750 as default permissions for /var/log/samba as the log files are
  created with 0644.
- Add libnscd-devel to BuildRequires for post 9.1 systems.

-------------------------------------------------------------------
Tue Mar 14 11:57:10 PST 2006 - jeallison@novell.com

- Fix Coverity bug missing return on error case in usershare code.
  Samba.org svn rev 14019.

-------------------------------------------------------------------
Mon Mar 13 17:39:54 CET 2006 - gd@suse.de

- Correctly flush nscd caches when winbindd comes (back) online; [#137793].
- Fix ldapsmb handling of quoted strings in smb.conf; [#153756].

-------------------------------------------------------------------
Thu Mar  9 10:14:19 CET 2006 - gd@suse.de

- Fix LDAP replication sleep handling for search requests; [#118378].

-------------------------------------------------------------------
Tue Mar  7 16:41:51 CET 2006 - lmuelle@suse.de

- Use dlopen.sh to test that every module we just built can actually be loaded
  by a minimal PAM-aware application.
- Link pam_smbpass with the required object files; bso [#3565].

-------------------------------------------------------------------
Wed Mar  1 09:53:00 CET 2006 - lmuelle@suse.de

- Fix case where a non existing tdb let smbpasswd -a core dump.
- Use make everything only to build the same result.
- Call proto_exists before we create the precompiled headers (pch).
- Set LC_ALL, LC_CTYPE, and LANG from /etc/sysconfig/language before we start
  smbd and unset it afterwards; [#105322].
- Fix message handling with smbcontrol; [#153699].
- Build and install mount.cifs and umount.cifs as part of the main Makefile.
- Define 'symbols' heimdal if we build on a system older than 9.1.  Else the
  heimdal specific patches are not applied.
- Start nmbd in /etc/sysconfig/network/scripts/samba-winbindd if the service
  is enabled before we switch winbindd online.

-------------------------------------------------------------------
Fri Feb 24 23:48:08 CET 2006 - lmuelle@suse.de

- Only use absolute paths for the targets of sym links.
- Add a comment to the smbusers file that we are not using it in our default
  configuration; [#153370].
- Update to final 3.0.21c.
- Properly shutdown winbindd with invalid configuration; [#153074].
- Never overwrite the acct_flags in rpccli_netlogon_sam_network_logon;
  [#149477].
- Fix usage of DESTDIR while calling make install; bso [#3282].
- Allow to rename workstations in a Samba Domain; [#140877], bso [#2331].
- Honour workgroup when parsing smb-uris correctly; [#152821].
- Simplify fillup_and_insserv call in the %post of the client package for post
  10.0 systems.
- Fix net usershare info core dump; [#150870].
- Reorder Prereq lines and add missing binaries.
- Run /sbin/ldconfig from %post and %postun if the package contains a lib;
  also replace any %run_ldconfig by /sbin/ldconfig; add PreReq /sbin/ldconfig.

-------------------------------------------------------------------
Mon Feb 20 17:31:12 CET 2006 - lmuelle@suse.de

- Update to 3.0.21c from svn.Samba.org SAMBA_3_0_RELEASE tree.

-------------------------------------------------------------------
Thu Feb 16 23:06:07 CET 2006 - lmuelle@suse.de

- Replace swat-welcome.diff by the upstream version; [#63160], bso [#2278].
- Replace pdbedit-pw-stdin.diff by the upstream version; bso [#1386].
- Add winbind offline config template; fate [#300457].
- Enhance return codes of net usershare; [#150870].
- Don't let lp_load() overwrite configuration settings; [#149682].
- Fix winbindd getpwnam behaviour for pam_winbind; [#149021].
- Replace nss-soname.diff by the upstream version; bso [#3381].
- Move libnss_wins into the client package.
- Fix pam_winbind Kerberos/NTLM fallback; [#149477].
- Update eDirectory LDAP schema for account policies; [#149470].
- Fix login password expiry handling in pam_winbind; [#149462].

-------------------------------------------------------------------
Tue Feb 14 17:53:11 CET 2006 - gd@suse.de

- Send correct workstation name to prevent NT_STATUS_INVALID_WORKSTATION
  beeing returned in samlogon; [#148645], [#161051].

-------------------------------------------------------------------
Wed Feb  8 10:42:34 CET 2006 - aj@suse.de

- Remove openafs requirement.

-------------------------------------------------------------------
Tue Feb  7 00:39:26 CET 2006 - lmuelle@suse.de

- Add Requires kerberos devel package to libsmbclient-devel; [#148579].
- Add Requires of the main lib packages to the libsmbclient and libmsrps devel
  packages.
- Add missing documentation to testparm man page..

-------------------------------------------------------------------
Mon Feb  6 17:34:54 CET 2006 - lmuelle@suse.de

- Remove /var/spool/samba from the filelist.
- No longer ignore NetworkManager controlled interfaces in dhcpcd-hook-samba.
- No longer call netbios_setup() if we source dhcpcd-hook-samba-functions.

-------------------------------------------------------------------
Thu Feb  2 23:35:40 CET 2006 - lmuelle@suse.de

- Add missing \ to the dhcpcd-hook-samba-functions.
- Change password character to '*' in NSS replies.
- Fix online/offline message handling for winbindd.
- Only do anything while calling the helper script samba-winbindd if "winbind
  offline logon" is "Yes".
- Starting nmbd with helper script samba-winbindd if we are going online and
  service nmb is activated.
- Package network interface scripts as %ghost and only create the sym links on
  the initial install.
- Update to final 3.0.21b.
- Always use a local copy of guards (patches/tools/guards) instead of
  depending to the quilt package at build time.
- Install any section of the default smb.conf as separate file packaged in
  /usr/share/samba/templates/default-* into the client package.
- Append product version string to SAMBA_VERSION_VENDOR_SUFFIX.
- Add new feature to allow winbindd online offline state to be controlled by
  smbcontrol; [#147249].
- Add -k switch to tdbdump to dump the data of a single key; [#133453].

-------------------------------------------------------------------
Thu Jan 26 12:47:35 CET 2006 - lmuelle@suse.de

- Add --all-domains switch to wbinfo.
- Update to 3.0.21b from svn.Samba.org SAMBA_3_0_RELEASE tree.
- Add script to trigger winbindd on- or offline mode.
- By default only allow to share directories owned by the user; [#144787].
- Add more verbose error message if usershares aren't activated; [#145299].
- Remove /var/lib/samba/usershares/ from the filelist; [#144013].

-------------------------------------------------------------------
Wed Jan 25 21:41:18 CET 2006 - mls@suse.de

- converted neededforbuild to BuildRequires

-------------------------------------------------------------------
Fri Jan 20 21:35:08 CET 2006 - lmuelle@suse.de

- Add %w macro to be replaced by the winbind separator.
- Add a desktop smb.conf as template to the client package.
- Run SuSEconfig --module permissions if the package is not installed with
  YaST and we have a /etc/permissions.d/samba-usershares file.
- Add /etc/permissions.d/samba-usershares as %ghost to the filelist.
- Set %verify(not group mode), root:users and 01700 as default for the default
  usershare path, /var/lib/samba/usershares/.
- It turns out krb5_kt_get_entry() on MIT does an implicit open/read/close and
  blows away an open keytab handle - so make sure we use a new handle;  bso
  [#3421].
- Ensure net usershare add uses an absolute path; [#143777].
- Use stderr for error messages of the net command.
- Ensure to rewind rem_backend if we have to workaround an old configuration.
  Else winbindd might seg fault.
- Fix crash bug in the idmap winbindd child.
- Add PAM conversation for disallowed password change.

-------------------------------------------------------------------
Sat Jan 14 23:34:19 CET 2006 - lmuelle@suse.de

- Remove idmap_ prefix from any idmap backend config setting; bso [#3264].
- Add net usershare command to manipulate user shares from trunk of samba.org.
- Align suse/samba3-pam_winbind patch with trunk of samba.org.
- Fix segfault in "net rpc vampire|samdump"; bso [#3390].

-------------------------------------------------------------------
Mon Jan  9 17:05:56 CET 2006 - jeallison@novell.com

- Don't assume owning sticky bit directory means write access allowed;
  bso [#3348].

-------------------------------------------------------------------
Wed Jan  4 18:43:37 CET 2006 - lmuelle@suse.de

- Create the precompiled headers with exactly the same flags as the
  binaries.
- Allow to rename machine accounts.  Fixed crash against eDirectory;
  [#140877].

-------------------------------------------------------------------
Tue Jan  3 18:11:26 CET 2006 - lmuelle@suse.de

- Add 'winbind refresh tickets' parameter; [#140962].

-------------------------------------------------------------------
Sun Jan  1 21:44:35 CET 2006 - lmuelle@suse.de

- Update to 3.0.21a; bso [#3349].

-------------------------------------------------------------------
Wed Dec 21 09:00:41 CET 2005 - lmuelle@suse.de

- Update to 3.0.21.

-------------------------------------------------------------------
Mon Dec 19 19:44:12 CET 2005 - gd@suse.de

- Add extended pam_winbind work from trunk.

-------------------------------------------------------------------
Wed Dec 14 22:47:51 CET 2005 - lmuelle@suse.de

- Return NT_STATUS_ACCOUNT_DISABLED if eDirectory returns
  LDAP_UNWILLING_TO_PERFORM; [#138491].

-------------------------------------------------------------------
Sun Dec  4 19:05:42 CET 2005 - lmuelle@suse.de

- Package libmsrpc files separate.
- Revert libsmbclient package renaming.
- Update to 3.0.21rc2.

-------------------------------------------------------------------
Tue Nov 29 21:05:43 CET 2005 - lmuelle@suse.de

- Ensure to be root while calling pdb_search_destroy(); else we don't have
  enough permissions to do the last paged LDAP search.

-------------------------------------------------------------------
Wed Nov 23 23:32:35 CET 2005 - lmuelle@suse.de

- Store "sambaLogonHours" in GMT and display them in localtime; bso [#3187]
- Update to ldapsmb 1.34.
- Cache the results more agressivly to stop multiple LDAP searches; bnc
  [#134082].
- Allow anonymous printing to Microsoft Windows 2000 and XP systems via
  unauthenticated ntlmssp session setup, bnc [#106335].

-------------------------------------------------------------------
Mon Nov 21 16:01:18 CET 2005 - lmuelle@suse.de

- Improve performance when enumerating users from a LDAP database; bnc
  [#134082].

-------------------------------------------------------------------
Fri Nov 18 16:02:15 CET 2005 - lmuelle@suse.de

- Add fix for quota on ext[23], reiserfs.

-------------------------------------------------------------------
Thu Nov 17 19:26:22 CET 2005 - lmuelle@suse.de

- Create a separate Samba documentation package to build it as noarch for post
  10.0 systems.

-------------------------------------------------------------------
Sun Nov 13 20:07:00 CET 2005 - lmuelle@suse.de

- Update to 3.0.21rc1.

-------------------------------------------------------------------
Wed Nov  9 13:18:28 CET 2005 - lmuelle@suse.de

- Add samba.org post 3.0.20b fixes.
  + Ensure printjob deletion.
  + Fix setting of quotas on Linux.
  + Clear request structure before used by wbinfo; bso [#3201].
  + Added new parameter 'map readonly = [yes|no|permissions]'; bnc [#134188].
  + Fix acl evaluation bug.
  + Don't count open pipes in the num_files_open on a connection.

-------------------------------------------------------------------
Fri Oct 28 14:33:57 CEST 2005 - lmuelle@suse.de

- Speed up load of the configuration file with a large number of share
  definitions; bnc [#129341], bso [#1117].

-------------------------------------------------------------------
Sun Oct 16 19:06:28 CEST 2005 - lmuelle@suse.de

- Update patch for mount.cifs to work with named uid/ gid; [#120601].

-------------------------------------------------------------------
Fri Oct 14 12:47:15 CEST 2005 - lmuelle@suse.de

- Use upstream fix to supress LDAP build warnings with OpenLDAP 2.3.7 or
  higher and to build with openssl 0.9.8a or higher.
- Allow mount.cifs also to work with uid/ gid names; [#120601].

-------------------------------------------------------------------
Thu Oct 13 20:33:18 CEST 2005 - lmuelle@suse.de

- Disable smbwrapper support for all architectures.
- Update to 3.0.20b
  + winbindd crash with alt_names; bso [#3068]
  + denied write on a share in read/write mode; bso [#3088]
  + read-only share files are always seen as read-only
  + quota support; bso [#3070]

-------------------------------------------------------------------
Sun Oct  9 02:37:26 CEST 2005 - schwab@suse.de

- Make syscall wrapper stuff compilable.

-------------------------------------------------------------------
Sat Oct  1 01:15:31 CEST 2005 - lmuelle@suse.de

- Update to 3.0.20a.

-------------------------------------------------------------------
Mon Sep 26 15:57:20 CEST 2005 - ro@suse.de

- fix some implicit function declarations in getdate.

-------------------------------------------------------------------
Mon Sep 19 19:31:53 CEST 2005 - lmuelle@suse.de

- Add iprint support; [#113346].
- Update to samba-vscan 0.3.6b.
- Add more samba.org post 3.0.20 fixes.
  + RegCreateKeyEx() Failures
  + Usrmgr.exe and Groups
  + net rpc shutdown
  + DOS applications
- Disable build of smbwrapper for ia64.

-------------------------------------------------------------------
Mon Sep 12 10:09:13 CEST 2005 - gd@suse.de

- Fix x86_64 crash bugs
  + security descriptor upgrade in print tdbs [#106751, samba.org #3084]
  + winbindd resolving group membership [samba.org #3082]

-------------------------------------------------------------------
Mon Aug 29 17:57:09 CEST 2005 - lmuelle@suse.de

- Add samba.org post 3.0.20 fixes.
  + Fix password history for eDirectory
  + fix enumerated group name
  + other minor fixes

-------------------------------------------------------------------
Sat Aug 20 15:47:23 CEST 2005 - lmuelle@suse.de

- Update to 3.0.20.

-------------------------------------------------------------------
Thu Aug 18 14:55:14 CEST 2005 - lmuelle@suse.de

- Fix assembling of the filepath in vscan-icap; [#105582].
- Fix typo in vscan-mcdaemon; [#102372].

-------------------------------------------------------------------
Wed Aug 10 00:46:28 CEST 2005 - lmuelle@suse.de

- Update to 3.0.20rc2.

-------------------------------------------------------------------
Tue Aug  9 14:22:41 CEST 2005 - lmuelle@suse.de

- Enable vscan filetype support for post 9.0 systems as SLES 9 SP 2 provides
  a file package built with -fPIC; [#102372].

-------------------------------------------------------------------
Wed Aug  3 23:46:14 CEST 2005 - lmuelle@suse.de

- Update to ldapsmb 1.33.
- Create precompiled headers on post 9.3 systems.

-------------------------------------------------------------------
Fri Jul 29 23:26:36 CEST 2005 - lmuelle@suse.de

- Update to 3.0.20rc1.
- Fail build if a patch doesn't apply.

-------------------------------------------------------------------
Wed Jul 20 14:42:38 CEST 2005 - lmuelle@suse.de

- Use guards of the quilt package to apply all patches.
- Add shared module idmap_ad.
- Update to ldapsmb 1.32.

-------------------------------------------------------------------
Wed Jul 13 17:46:16 CEST 2005 - lmuelle@suse.de

- Update to 3.0.20pre2.

-------------------------------------------------------------------
Wed Jun 29 00:42:00 CEST 2005 - lmuelle@suse.de

- Update to 3.0.20pre1.

-------------------------------------------------------------------
Mon Jun 20 17:46:55 CEST 2005 - lmuelle@suse.de

- Add more post 3.0.14a fixes; bugzilla.Samba.org [#2729, #2698].
- Add hint to documentation about the permissions of umount.cifs; [#85813].

-------------------------------------------------------------------
Tue May 10 15:15:02 CEST 2005 - lmuelle@suse.de

- Add more post 3.0.14a fixes.
- Update umount.cifs to the current version.

-------------------------------------------------------------------
Tue Apr 26 14:09:12 CEST 2005 - lmuelle@suse.de

- Add umount.cifs binary.

-------------------------------------------------------------------
Fri Apr 22 19:34:05 CEST 2005 - lmuelle@suse.de

- Fix potential buffer overflow in torture.
- Change Requires ... = %{version} to >= ... %{version} to allow installation
  of an subpackage from the original media after a version update was
  available and installed by online update.  Kept Requires samba = %{version}
  for samba-vscan [#80230].

-------------------------------------------------------------------
Wed Apr 20 16:16:07 CEST 2005 - lmuelle@suse.de

- Add missing /usr/sbin/groupadd to PreReq of the main package.

-------------------------------------------------------------------
Tue Apr 19 15:31:46 CEST 2005 - lmuelle@suse.de

- Remove 'dos filetimes = Yes' from smb.conf as it now is the default.

-------------------------------------------------------------------
Tue Apr 19 02:14:07 CEST 2005 - ro@suse.de

- try to make testsuite build with gcc-4

-------------------------------------------------------------------
Fri Apr 15 16:57:38 CEST 2005 - lmuelle@suse.de

- Update to version 3.0.14a.
- Fix net share migrate and report in the case of the top level share
  directory ACL.

-------------------------------------------------------------------
Tue Apr 12 17:50:55 CEST 2005 - lmuelle@suse.de

- Update to version 3.0.14.

-------------------------------------------------------------------
Fri Apr  8 18:47:22 CEST 2005 - lmuelle@suse.de

- Update samba-vscan to version 0.3.6.
- Set 'dos filetimes = Yes' in smb.conf for all shares where other users than
  the owning user might have write access to Microsoft Excel files.

-------------------------------------------------------------------
Thu Mar 24 17:18:24 CET 2005 - lmuelle@suse.de

- Update to version 3.0.13; fix Samba to POSIX draft ACL mapping [#74373];
  bugzilla.Samba.org [#2521].

-------------------------------------------------------------------
Mon Mar 21 19:13:45 CET 2005 - lmuelle@suse.de

- Fix copy/delete files from Microsoft Windows 98 explorer; [#74102];
  bugzilla.Samba.org [#2501].

-------------------------------------------------------------------
Fri Mar 18 19:04:51 CET 2005 - lmuelle@suse.de

- Update to version 3.0.12.

-------------------------------------------------------------------
Sun Mar 13 23:02:51 CET 2005 - lmuelle@suse.de

- Ensure to package smbfstab with limited access permissions.
- Add additional Provides and Obsoletes and add %version-%release to the
  Provides tags.

-------------------------------------------------------------------
Fri Feb 25 14:44:59 CET 2005 - lmuelle@suse.de

- Disable com_err patch for post 9.2 products.
- Use NO_BRP_STRIP_DEBUG="true" in the %install section if make_devel is set.
- Call mkversion.sh to add VENDOR_SUFFIX to version.h

-------------------------------------------------------------------
Mon Feb  7 01:37:46 CET 2005 - ro@suse.de

- use kerberos-devel-packages in neededforbuild (again)

-------------------------------------------------------------------
Fri Feb  4 20:07:40 CET 2005 - lmuelle@suse.de

- Update to 3.0.11.
- Create extra package, cifs-mount for the mount.cifs for post 9.2 products;
  [#45324].
- Replace SWAT welcome.html sym link post and pre script workaround by a SWAT
  fix; [#48160]; bugzilla.Samba.org [#2278].

-------------------------------------------------------------------
Fri Jan 21 20:46:37 CET 2005 - lmuelle@suse.de

- Enusre to free memory used for response and language in the print_cups code;
  [#49999]; bugzilla.Samba.org [#2270].

-------------------------------------------------------------------
Thu Jan 20 10:45:00 CET 2005 - lmuelle@suse.de

- Fix order of evaluation in the bitmap code; Samba.org svn revision 4120;
  [#49476,#49514,#49947].

-------------------------------------------------------------------
Fri Jan 14 15:52:18 CET 2005 - ro@suse.de

- fix typo in specfile

-------------------------------------------------------------------
Wed Dec 22 21:57:28 CET 2004 - lmuelle@suse.de

- Fix open_any_socket_out on request of Volker Lendecke; bugzilla.Samba.org
  [#2180]; [#49480].

-------------------------------------------------------------------
Thu Dec 16 14:25:41 CET 2004 - lmuelle@suse.de

- Update to version 3.0.10; CAN-2004-1154; [#49119].

-------------------------------------------------------------------
Wed Dec 15 14:16:48 CET 2004 - lmuelle@suse.de

- Set IDMAP_RID_SUPPORT_TRUSTED_DOMAINS to 1 in sam/idmap_rid.c and add
  Samba.org svn revision 4216; [#49250].
- Disable none working pdf share; [#49221].
- Don't remove statically defined printers in remove_stale_printers();
  bugzilla.Samba.org [#2091]; [#49221].

-------------------------------------------------------------------
Tue Dec 14 07:54:45 CET 2004 - lmuelle@suse.de

- Add more changes from Vince Brimhall <vbrimhall at Novell dot com> to the
  eDirectory integration patches; [#48821].

-------------------------------------------------------------------
Mon Dec 13 20:30:28 CET 2004 - lmuelle@suse.de

- Fix remote exploitation of an integer overflow vulnerability in the smbd
  daemon; will be addressed in 3.0.10 upstream; CAN-2004-1154; [#49119].
- Add workaround for samba-vscan if TMPDIR env is set; [#49041].
- Add more changes from Vince Brimhall <vbrimhall at Novell dot com> to the
  eDirectory integration patches; rename the passdb backend file to pdb_nds;
  [#48821].
- Remove patch to avoid inclusion of linux/audit.h as it - even for post 9.1
  products - is superfluous; bugzilla.Samba.org [#2061].

-------------------------------------------------------------------
Tue Nov 30 14:25:44 CET 2004 - lmuelle@suse.de

- Add -O to CFLAGS only for pre 9.2 products; [#44167], bugzilla.Samba.org
  [#1631].
- Ensure to include /usr/lib/cups/backend only in post 9.0 products.

-------------------------------------------------------------------
Fri Nov 19 15:42:02 CET 2004 - lmuelle@suse.de

- Only avoid inclusion of linux/audit.h for post 9.1 products.
- Fix also max fd count for the select() call in nmbd and wrepld.
- Add more post 3.0.9 fixes.

-------------------------------------------------------------------
Fri Nov 19 01:00:09 CET 2004 - lmuelle@suse.de

- Add missing ldapsmb man page.
- Add AntiVir module to samba-vscan.
- Fix fixed PID file name if multiple Samba daemons are used; [#48237].
- Add fixes to nds_ldap.c and nds-pdb_ldap.c.diff from Vince Brimhall
  <vbrimhall at Novell dot com>.
- Use common* PAM configuration only for post 9.2 products.
- Update to version 3.0.9.

-------------------------------------------------------------------
Mon Nov 15 15:54:23 CET 2004 - lmuelle@suse.de

- Add max fd count for select call in smbd/server.c.

-------------------------------------------------------------------
Mon Nov 15 14:55:25 CET 2004 - kukuk@suse.de

- Use common-* PAM configuration.

-------------------------------------------------------------------
Fri Nov 12 22:59:31 CET 2004 - lmuelle@suse.de

- Remove check for uid and gib mapping from winbind init script as winbind
  nowadays works fine as a proxy only.
- Add -t 10 to all killproc calls in the init scripts; [#47227].
- Fix output of smbstatus to make the man page; fix -L, -p, & -S and the -u
  <username> functionality.
- Move doc subpackage %preun to %postun and change sym link only if first arg
  is less than 1 as only this situation is a deinstallation case.

-------------------------------------------------------------------
Thu Nov 11 23:30:03 CET 2004 - lmuelle@suse.de

- Fix seg fault in lanman printing code.
- Fix testparm reporting for the passwd program string.
- Add welcome.html also as %ghost to the samba-doc package and remove rm from
  %preun as this breaks the uninstall of samba-doc; [#48160].
- Protect all welcome-* files in the %pre section of samba-doc to not get
  deleteted.  welcome-en-no-samba-doc.html of the samba package was accidently
  removed.

-------------------------------------------------------------------
Thu Nov 11 01:47:06 CET 2004 - lmuelle@suse.de

- Update Samba docs to version 3.0.8; [#48137].
- Use a 32 instead of a 64 byte case-exact string in the samba-nds.schema
  for the sambaPasswordHistory object; [#48134].
- Use samba-nds.schema of examples/LDAP/samba-nds.schema as it is now part of
  the main line and mark it as %config in the filelist.
- Remove admin from default smbusers mapping file; [#48111].
- Add post 3.0.8 fixes.
- Remove rest of old net RPC printer migration patch as the problem is solved
  different in 3.0.8.
- Fix undefined reference to `secrets_*' in libsmbclient; [#48082].
- Enable testsuite for libsmbclient.
- Fix domain/ workgroup bug for multibyte names in nmbstatus; [#38309].
- Remove superfluous rm in the preun of the samba package.

-------------------------------------------------------------------
Mon Nov  8 19:00:58 CET 2004 - lmuelle@suse.de

- Update to version 3.0.8; CAN-2004-0930; [#48019].
- Fix roundup problem for non-Windows clients; CAN-2004-0882 [#46203].
- Use upstream version of the HTML index file; [#48041].

-------------------------------------------------------------------
Wed Nov  3 13:26:12 CET 2004 - lmuelle@suse.de

- Add samba-nds.schema to /usr/share/samba/LDAP, [#47894].

-------------------------------------------------------------------
Tue Nov  2 19:44:37 CET 2004 - lmuelle@suse.de

- Remove incomplete account expiry feature.
- Remove broken clockskew fix on request of the author.

-------------------------------------------------------------------
Thu Oct 28 16:47:23 CEST 2004 - lmuelle@suse.de

- Add printername and queue update patch, bugzilla.Samba.org [#1519].
- Add account and password expire feature mainly for migration.
- Add bad password count and logon count while migration.
- Use define for common %setup options and set it to -q.
- Fix several serious compiler warnings in smbd/lanman.c.

-------------------------------------------------------------------
Fri Oct 22 12:05:38 CEST 2004 - adrian@suse.de

- make it possible to build the package as user

-------------------------------------------------------------------
Thu Oct 21 14:35:45 CEST 2004 - mc@suse.de

- disable samba3-account_pol_ldap.diff; breaks libsmbclient

-------------------------------------------------------------------
Tue Oct 19 22:10:16 CEST 2004 - lmuelle@suse.de

- Add showacls option to smbclient.

-------------------------------------------------------------------
Mon Oct 18 11:00:26 CEST 2004 - mc@suse.de

- Update pdb_ldap.c.diff from Vince Brimhall <vbrimhall at Novell dot com>.

-------------------------------------------------------------------
Fri Oct 15 16:08:02 CEST 2004 - lmuelle@suse.de

- Update eDirectory patch from Vince Brimhall <vbrimhall at Novell dot com>.

-------------------------------------------------------------------
Thu Oct 14 14:22:13 CEST 2004 - lmuelle@suse.de

- Add information to the default smb.conf that the full version is only
  available if samba-doc is installed, [#43953].
- Move samba.reg to the vendor-files tar ball.
- Use $syslog for Required-Start in the smbfs init script, [#37618].
- Add eDirectory patch from Vince Brimhall <vbrimhall at Novell dot com>.
- Add alias migration code from Volker Lendecke <vl at Sernet do DE>.
- Add account policy migration to LDAP code from Guenther Deschner <gd at
  Samba dot org>.

-------------------------------------------------------------------
Mon Oct 11 14:55:57 CEST 2004 - lmuelle@suse.de

- Fix recursive ls in smbclient.  Fix by Josef Zlomek.

-------------------------------------------------------------------
Wed Oct  6 17:33:00 CEST 2004 - lmuelle@suse.de

- Fix job check of smbfs init script.
- Use 0754 permissions for all init scripts.

-------------------------------------------------------------------
Thu Sep 23 12:45:01 CEST 2004 - lmuelle@suse.de

- Fix smbfs init script for case where we wait for mount or umount to succeed,
  [#45778].

-------------------------------------------------------------------
Tue Sep 21 18:48:13 CEST 2004 - lmuelle@suse.de

- User 0775 and root:ntadmin for drivers and 0770 and root:users for profiles
  directory as with the Samba 2.2 packages.
- Add groupadd ntadmin to %pre of the main package, [#45719].
- Modify NetBIOS Datagram Distributor extensions patch to protect records
  which are marked as permanent.

-------------------------------------------------------------------
Thu Sep 16 11:06:57 CEST 2004 - lmuelle@suse.de

- Enable krb5_cc_close() in libsmb/clikrb5 to avoid memleak of winbindd.
- Remove obsolet part from vendor README.
- Call mount only one time in the smbfs init script.
- Add additional information to the samba-vscan INSTALL file.

-------------------------------------------------------------------
Mon Sep 13 19:31:19 CEST 2004 - lmuelle@suse.de

- Update to version 3.0.7, CAN-2004-0807, CAN-2004-0808, [#44883].
- Restructure vendor-files tar ball.
- Use -dPARANOIDSAFER as option to gs in smbprngenpdf.
- Move all 'inherit permissions' to 'inherit acls' in the default smb.conf.
- Enhance libtool --mode patch for examples/pdb/ as suggested by Andreas
  Schwab <schwab at suse dot de>.
- Add %{?jobs:-j%jobs} to most make calls as suggested by Stephan Kulow <coolo
  at suse dot de>

-------------------------------------------------------------------
Fri Sep  3 15:32:26 CEST 2004 - lmuelle@suse.de

- Remove letters from the version string of autoconf and autoheader.
- Add --mode=MODE to libtool calls.
- Add logrotate settings for nmbd and smbd only on systems newer than 8.1.

-------------------------------------------------------------------
Wed Sep  1 22:23:23 CEST 2004 - lmuelle@suse.de

- Disable filetype support in vscan for version older than 9.2 where file was
  built without -fPIC.
- Use new update message mechanism, [#44359].
- Disable profile information gathering.  This is the Samba default.
- Check in %pre of the doc package if there are still directories and files in
  swat/help and remove them to allow cpio to create sym links here, [#44564].
- Check in dhcpcd-hook-samba if the interface is configured for BOOTPROTO
  dhcp and exit gracefully if not.

-------------------------------------------------------------------
Fri Aug 27 18:44:38 CEST 2004 - lmuelle@suse.de

- Fix check for DHCLIENT_MODIFY_SMB_CONF, add copyright to and remove 'set -e'
  from dhcpcd-hook script.
- Remove swat/help/* and replace it with sym links to the samba-doc package.
- Add VENDOR suffix to mount.cifs.
- Add NetBIOS Datagram Distributor extensions provided by Brian Landy <landy
  at alumni dot caltech dot edu>.  See http://www.landy.cx/ or the comments in
  the patch.
- Add more post 3.0.6 fixes.

-------------------------------------------------------------------
Thu Aug 26 11:24:55 CEST 2004 - lmuelle@suse.de

- Use try-restart in nmb init script when called with force-reload.
- Add DHCP support for wins server and netbios scope setting.

-------------------------------------------------------------------
Tue Aug 24 15:34:00 CEST 2004 - lmuelle@suse.de

- Update to version 3.0.6, [#43737, #43773].
- Update samba-vscan to version 0.3.5, [#43853].
- Update net RPC printer migrate patch from Günther Deschner.
- Add several post 3.0.6 fixes.
- Use -O instead of default -O2 for CFLAGS to avoid potential miscompilation,
  [#44167]; bugzilla.Samba.org [#1631].

-------------------------------------------------------------------
Tue Jul 22 16:12:16 CEST 2004 - lmuelle@suse.de

- Update to version 3.0.5.  CAN-2004-0600 and CAN-2004-0686.
- Add net RPC printer migrate patch from Günther Deschner.
- Add RPM release to the vendor suffix in the version header file.

-------------------------------------------------------------------
Tue Jun 22 11:37:47 CEST 2004 - lmuelle@suse.de

- Fix premature optimization in unix_convert() [#42332]; bugzilla.Samba.org
  [#1345].

-------------------------------------------------------------------
Wed Jun 16 14:21:56 CEST 2004 - lmuelle@suse.de

- Convert spec file to UTF-8 to produce mail with content type UTF-8 if we
  create one in the %pre or %post section.

-------------------------------------------------------------------
Tue Jun 15 18:23:18 CEST 2004 - lmuelle@suse.de

- Create a mail if we update from Samba 2.2 and used LDAP as SAM before
  [#42055].
- Move /var/log/samba and /var/run/samba to the client package [#42018].

-------------------------------------------------------------------
Fri Jun 11 17:21:18 CEST 2004 - lmuelle@suse.de

- Ensure that we always use tdb_open_log() instead of tdb_open_ex() [#41929].
- Fix afs syscall patch.  Already tested and added upstream.
- Add some information about the commented example configuration file to the
  README.
- Add an inative [netlogon] share to the example configuration.

-------------------------------------------------------------------
Wed Jun  2 11:33:30 CEST 2004 - ro@suse.de

- avoid inclusion of linux/audit.h

-------------------------------------------------------------------
Tue Jun  1 16:31:17 CEST 2004 - lmuelle@suse.de

- Add CIFS support to smbfs init script [#41486].
- Use stderr for important messages in the init scripts.
- Remove empty Samba named configuration.
- Add hu translation to Samba.desktop file.

-------------------------------------------------------------------
Mon May 31 20:48:32 CEST 2004 - lmuelle@suse.de

- Move smb.conf existence test in all init scripts to the start case [#41430].
- Add WHATSNEW and README to the htmldocs file.
- Use samba.css in htmldocs.html and manpages.html.
- Add X-DOC-* lines to enable search index creation and some translations to
  the Samba.desktop file.

-------------------------------------------------------------------
Sun May 30 22:24:03 CEST 2004 - lmuelle@suse.de

- Remove backtrace file from vendor-files as our version it's now in upstream.
- Add Samba.desktop file for SuSEhelp system to the doc package.
- Move smbpasswd, smbcontrol binaries and man pages to the client package.
- Move README to the client package.
- Add additional information to the README.

-------------------------------------------------------------------
Sun May 30 02:20:23 CEST 2004 - lmuelle@suse.de

- Split winbind and wrepl logrotate from main package [#41433].
- Skip test for smb.conf file in case of stop in nmb, smb, winbind, and wrepl
  init scripts [#41430].
- Move sym link /usr/share/samba/swat/using_samba to the doc package [#41429].
- Return always with success from smbfs init script in case of stop [#41428].
- Don't add /etc/samba/*.tdb files to file list.
- Enable patch to build examples-vfs with -fPIC for all architectures.

-------------------------------------------------------------------
Fri May 28 15:15:39 CEST 2004 - lmuelle@suse.de

- Add profiles share with setting to suppress popup of a desktop.ini file to
  the default smb.conf.

-------------------------------------------------------------------
Thu May 27 17:56:41 CEST 2004 - lmuelle@suse.de

- Enable logon drive, path, and home in the way Standard Server 8 does and add
  'username map' setting to default smb.conf.
- Use /var/log/samba/ as a secure directory for the smb-print script [#36676].
- Readd -t|--password-from-stdin option to pdbedit [#41182];
  bugzilla.Samba.org [#1386].
- Fix winbind in case schannel verifier does not include the nonce [#41100];
  bugzilla.Samba.org [#1315].
- Fix 'write list' option in case of security is better than share [#41101];
  bugzilla.Samba.org [#1319].
- Touch smbd pid file in the init script while reload if the daemon runs.
  This allows probe to return a value not equal reload.
- Add upstream changes to the 'printcap cache time' feature.  Thie requires to
  set 'printcap cache time = 750' in our default smb.conf as the upstream
  default is 0 which disables the feature.

-------------------------------------------------------------------
Wed May 19 02:33:44 CEST 2004 - ro@suse.de

- fix some gcc warnings (py_spoolss_drivers.c: argument sequence)

-------------------------------------------------------------------
Thu May 13 16:14:14 CEST 2004 - lmuelle@suse.de

- Add patch to fix clock skew of winbind in ADS security.  For details see
  bugzilla.Samba.org [#1208].
- Add patch to fix printing to the IP address of the server.
- Remove TDB files from below /var/lib/samba/ from filelist.
- Update to version 3.0.4.  Fix password change broken by Microsoft hotfix
  MS04-011 [#40087].
- Add libsmbclient fix from Stephan Kulow <coolo at suse dot de>.  For details
  see bugzilla.samba.org [#429].
- Add 'printcap cache time' option to remove stale and add new printers
  [#21846].  See also bugzilla.Samba.org [#1259].  By this we no longer have
  to wait for the CUPS dameon in the init script.
- Disable 'interfaces' and 'bind interfaces only' by default [#39491].
- Use right path to smb.conf in smbpasswd file and add some hints.

-------------------------------------------------------------------
Thu Apr 29 23:41:20 CEST 2004 - lmuelle@suse.de

- Add quotactl support patch from Stefan Metzmacher <metze at samba dot org>
  [#39666]
- Replace suse_ver macro by real version string.

-------------------------------------------------------------------
Thu Apr 29 17:58:34 CEST 2004 - lmuelle@suse.de

- Update to version 3.0.3.
- Adopt missing patches from 2.2.8a.
- Move LDAP schema to samba-client package.
- Add prerequires to samba package.
- Add missing stop_on_removal macros
- Add /var/lib/samba/browse.dat to the file list.
- Add /var/lib/samba/printing directory to the file list.
- Remove printingCupsOptions and expired_service_tickets diff; use upstream
  version instead; they are now part of the printingAndManyOtherFixes diff.
- Enhance waiting for cupsd function in the smb init script
  * only check with lpstat every two seconds
  * remember start time in seconds and calculate the waiting time in relation
    to this; this is important if a configured CUPS server is unreachable.
    In this case we now really wait only 30 seconds and not 30 times of the
    lpstat timeout.
  * Thanks to Bjoern Jacke <bjoern at j3e dot de> for the patch.

-------------------------------------------------------------------
Mon Apr 19 18:03:36 CEST 2004 - lmuelle@suse.de

- fix ldapsmb script
- add expired service tickets patch from Guenther Deschner <gd at suse dot de>

-------------------------------------------------------------------
Thu Apr 15 14:24:39 CEST 2004 - lmuelle@suse.de

- add 'cups options = raw' to the default smb.conf, [#28176]
- fix typo and use signal USR2 in write-status case of init script

-------------------------------------------------------------------
Mon Apr  5 19:01:16 CEST 2004 - lmuelle@suse.de

- add patch from Alexander Bokovoy <ab@samba.org> to fix smbmount, [#37871]
- only create notify message on first installation

-------------------------------------------------------------------
Sat Apr  3 18:21:45 CEST 2004 - lmuelle@suse.de

- readd /var/lock/samba/{drivers,netlogon,profiles}
- add more TDB files as %ghost %config(noreplace) to the file list
- enhance default configuration file, [#38024]

-------------------------------------------------------------------
Wed Mar 31 14:11:46 CEST 2004 - lmuelle@suse.de

- add restart_on_update macros for nmb, smb and winbind
- fix path to smb-print.log, [#36676]
- move smbpasswd, pdbedit and testparm binaries and man pages to the client
  package
- add cracklib-devel to BuildRequires
- add several TDB files as %ghost %config(noreplace) to the file list
- add backtrace script to examples/scripts
- fix smbadduser paths
- move /etc/xinetd.d/samba to /etc/xinetd.d/swat

-------------------------------------------------------------------
Mon Mar 22 21:21:47 CET 2004 - lmuelle@suse.de

- add 'printing cups options' feature; this allows us to print with option
  'raw' without enabeling raw printing in the cups.conf, [#20218]
- add big patch collected from the CVS; [#36602]
- add sambaxp and sambaxp-client to the provides and obsoletes tag
- spec file cleanup

-------------------------------------------------------------------
Tue Feb 24 23:38:57 CET 2004 - gd@suse.de

- readd nmbstatus, mkntpwd, ldap-schema and cups-smb-backend

-------------------------------------------------------------------
Sun Feb 22 20:38:46 CET 2004 - gd@suse.de

- disable build of utils-package

-------------------------------------------------------------------
Wed Feb 18 17:42:34 CET 2004 - gd@suse.de

- update to 3.0.2a
- removed last references of docbook package
- moved cifsmount into client package
- added pgsql-backend
- cleaned up neededforbuild
- build as root
- fixed dependencies
- smb init-script should check for defaults
- winbind init-script should warn for required params

-------------------------------------------------------------------
Wed Feb 18 11:21:55 CET 2004 - coolo@suse.de

- readding my fix for libsmbclient. without it surfing windows
  networks is pure luck ;(

-------------------------------------------------------------------
Mon Feb 16 22:19:18 CET 2004 - adrian@suse.de

- register samba and swat via slp.reg.d

-------------------------------------------------------------------
Wed Feb 11 09:52:31 CET 2004 - kukuk@suse.de

- Remove self Conflicts

-------------------------------------------------------------------
Sun Feb  1 17:49:13 CET 2004 - gd@suse.de

- update to 3.0.2rc2

-------------------------------------------------------------------
Sun Jan 25 17:58:49 CET 2004 - adrian@suse.de

- rename package back to "samba"
- fix build
- add %defattr
- clean up Provides/Obsoletes
- add Provides/Obsoletes for libsmbclient3

-------------------------------------------------------------------
Sun Jan 25 14:20:44 CET 2004 - gd@suse.de

- removed extra docbook-package

-------------------------------------------------------------------
Sun Jan 25 01:58:23 CET 2004 - gd@suse.de

- initial package of samba3. based on the work of Lars Mueller
  <lmuelle-at-suse.de>.

-------------------------------------------------------------------
Sun Jan 18 21:00:42 CET 2004 - meissner@suse.de

- Added -fPIC to libmksd build.

-------------------------------------------------------------------
Fri Jan 16 00:44:38 CET 2004 - kukuk@suse.de

- added pam-devel to neededforbuild

-------------------------------------------------------------------
Fri Oct 17 22:10:19 CEST 2003 - kukuk@suse.de

- Remove unused des from neededforbuild

-------------------------------------------------------------------
Mon Sep 15 08:37:41 CEST 2003 - kukuk@suse.de

- Add requires to libsmbclient-devel [Bug #30718]

-------------------------------------------------------------------
Fri Sep  5 09:22:03 CEST 2003 - kukuk@suse.de

- Move /var/log/samba and /var/run/samba to samba-client [#30027]

-------------------------------------------------------------------
Thu Aug 28 23:46:18 CEST 2003 - lmuelle@suse.de

- call sbin/SuSEconfig --module samba and not directly the script in the %post
  section

-------------------------------------------------------------------
Tue Aug 26 15:12:36 CEST 2003 - lmuelle@suse.de

- add patch from Ademar de Souza Reis Jr. <ademar at conectiva dot com dot br>
  for smbclient to get a working -TI option, #27353

-------------------------------------------------------------------
Thu Aug 21 15:50:33 CEST 2003 - lmuelle@suse.de

- add nss-soname patch from Andreas Schwab, #28248
- add stop_on_removal and restart_on_update macros to preun and postun section

-------------------------------------------------------------------
Tue Jul 29 16:37:45 CEST 2003 - lmuelle@suse.de

- point getSambaOptions to the right location of the source file
- fix handling of uninitialized variable in nmbstatus

-------------------------------------------------------------------
Mon Jul 28 16:34:16 CEST 2003 - lmuelle@suse.de

- add Urban Widmark <urban at teststation dot com> patches for smbmount; this
  includes LFS, unicode, escape character, and 32 bit uid suppprt, #18472
- add nmbstatus utility
- add schannel feature from Volker Lendecke <Volker.Lendecke at SerNet dot DE>
- move winbind init script and rc sysm link to the client package
- remove superfluous linkvfs patch
- activate root = administrator admin in smbusers by default
- add smbprngenpdf
- add configure option --with-sendfile-support
- autocreate samba.opts.ini while build

-------------------------------------------------------------------
Mon Jun 23 12:01:44 CEST 2003 - lmuelle@suse.de

- add /usr/lib/cups/backend/smb to the samba-client package
- unify init scripts; add one space at the end to all echos

-------------------------------------------------------------------
Wed Jun  4 21:17:26 CEST 2003 - lmuelle@suse.de

- fix pointer cast on 64bit big endian architecture in winbind_nss.c, #27220
- add new sysconfig tags

-------------------------------------------------------------------
Wed May 14 12:04:01 CEST 2003 - ro@suse.de

- run autoreconf / fix build with latest libtool

-------------------------------------------------------------------
Thu May  8 12:29:46 CEST 2003 - lmuelle@suse.de

- remove %ghost from sym linked files

-------------------------------------------------------------------
Mon Apr 28 14:41:03 CEST 2003 - lmuelle@suse.de

- cleanup %post script part which takes care of old configuration location

-------------------------------------------------------------------
Sun Apr 20 15:25:06 CEST 2003 - lmuelle@suse.de

- remove tdbtorture from package on request of the Samba team
- update to version 2.2.8a

-------------------------------------------------------------------
Mon Mar 17 13:09:41 CET 2003 - lmuelle@suse.de

- readd map to guest = Bad User to smb.conf

-------------------------------------------------------------------
Fri Mar 14 19:10:54 CET 2003 - lmuelle@suse.de

- move samba LDAP schema to the client package
- add product suffix to README and smb.conf files of documentation
- mark sym links from /var/lib/samba/bin/ as %ghost

-------------------------------------------------------------------
Thu Mar 13 17:59:08 CET 2003 - lmuelle@suse.de

- add security patch for the client side, #25140
- remove check for existence of sysconfig and smb.conf from smbfs init script

-------------------------------------------------------------------
Wed Mar 12 17:11:34 CET 2003 - lmuelle@suse.de

- add security patch from SuSE Security Team, #25140
- cleanup init scripts try-restart part

-------------------------------------------------------------------
Mon Mar 10 18:15:03 CET 2003 - lmuelle@suse.de

- add fix to samba-nds.schema provided by Jochen Schaefer <jschaef@SuSE.de>
- add fixes for winbind caching and uid handling , smbpasswd, smbd and TDB
  handling

-------------------------------------------------------------------
Sun Mar  9 09:01:10 CET 2003 - kukuk@suse.de

- Use getent in smbadduser

-------------------------------------------------------------------
Fri Mar  7 01:46:40 CET 2003 - ro@suse.de

- remove mminimal-toc from CFLAGS (ppc64)

-------------------------------------------------------------------
Thu Mar  6 17:24:21 CET 2003 - kukuk@suse.de

- Add xinetd config file [Bug #24682]

-------------------------------------------------------------------
Thu Mar  6 16:50:01 CET 2003 - kukuk@suse.de

- Remove cyrus-sasl from neededforbuild

-------------------------------------------------------------------
Mon Mar  3 16:48:44 CET 2003 - lmuelle@suse.de

- add header files to samba package for squid, #24235
- remove rc_reset from status part of nmb init script

-------------------------------------------------------------------
Mon Feb 24 18:07:28 CET 2003 - lmuelle@suse.de

- update samba-vscan to version 0.3.2a

-------------------------------------------------------------------
Tue Feb 18 13:15:56 CET 2003 - lmuelle@suse.de

- add separate binaries to PreReq
- add /bin/grep to PreReq of the client package
- move README to client package and inform about the new doc package, #23838
- fix %post in case of update
- fix nmb init script, #23854

-------------------------------------------------------------------
Mon Feb 17 22:57:22 CET 2003 - lmuelle@suse.de

- add appropriate suffix to example smb.conf of documentation
- add example to auto mount or umount CD drive to smb.conf
- add -s ${SMB_CONF} to all startproc calls in init scripts

-------------------------------------------------------------------
Fri Feb 14 19:46:23 CET 2003 - lmuelle@suse.de

- call SuSEconfig -module samba if packages with binaries are installed via rpm
- only insserv nmb depending on an active smb service, if we update from a
  version before SuSE Linux 8.1
- add meta data to sysconfig file
- add appropriate suffix to README
- update samba-vscan to version 0.3.2
- split libsmbclient and libsmbclient-devel package from samba-client
- add msdfsproxy and ldaprebind patches from Guenther Deschner <gd@suse.de>

-------------------------------------------------------------------
Wed Jan 29 15:17:55 CET 2003 - kukuk@suse.de

- Remove samba-doc requires from samba-client

-------------------------------------------------------------------
Wed Jan 15 20:50:31 CET 2003 - ro@suse.de

- use fPIC in samba-vscan

-------------------------------------------------------------------
Wed Jan 15 18:26:45 CET 2003 - ro@suse.de

- use sasl2

-------------------------------------------------------------------
Wed Jan 15 12:56:26 CET 2003 - ro@suse.de

- added logrotate config
- added patch to work around glibc defining st_atime as macro

-------------------------------------------------------------------
Fri Dec 13 15:27:29 CET 2002 - ro@suse.de

- updated neededforbuild

-------------------------------------------------------------------
Thu Dec 12 13:49:34 CET 2002 - lmuelle@suse.de

- update samba to version 2.2.7a
- update samba-vscan to version 0.3.1
- move tdb tools to client package
- move smbldap-tools from examples/LDAP to a new package
- move samba.schema to /etc/openldap/schema

-------------------------------------------------------------------
Fri Nov 22 16:31:29 CET 2002 - lmuelle@suse.de

- fix some broken literals in samba-svan and nettime
- split documentation to samba-doc subpackage
- move provides smbfs to samba-client package

-------------------------------------------------------------------
Wed Nov 20 09:21:15 CET 2002 - lmuelle@suse.de

- update samba to version 2.2.7; this includes the security fix for the
  broken password length handling
- update samba-vscan to version 0.3.0
- remove superfluous aclocal, autoconf and libtoolize calls

-------------------------------------------------------------------
Fri Nov  8 16:57:22 CET 2002 - lmuelle@suse.de

- use rc_exit, not exit at the end of the smbfs init script, #21641

-------------------------------------------------------------------
Wed Nov  6 18:59:52 CET 2002 - lmuelle@suse.de

- remove check and Required-Start for nmb in smbfs init script, #20793
  move nmb from Required-Start to X-UnitedLinux-Should-Start
  add section about smbfs and nmb service to README.SuSE
- add fix for s390 interface handling, #15717

-------------------------------------------------------------------
Tue Nov  5 21:26:46 CET 2002 - lmuelle@suse.de

- add security fix for wrong passwd len handling

-------------------------------------------------------------------
Sat Oct 19 01:18:12 CEST 2002 - lmuelle@suse.de

- update to version 2.2.6

-------------------------------------------------------------------
Thu Oct 17 20:10:10 CEST 2002 - lmuelle@suse.de

- generate version suffix UL or SuSE as required from Samba team

-------------------------------------------------------------------
Wed Oct 16 18:21:57 CEST 2002 - lmuelle@suse.de

- add improved ACL mapping patch, #19494
- remove check_nmbd and rc_reset from smb init script status part, #20921
- also remove check_nmbd from winbind and smbfs init scripts

-------------------------------------------------------------------
Tue Oct  8 12:49:56 CEST 2002 - lmuelle@suse.de

- add improved ACL mapping patch, #19494
- set syslog = 0, log level = 1 in smb.conf, #20411
- switch to RFC 3330 conform example IP addresses in smb.conf
- remove character set and client code page from smb.conf, #20378

-------------------------------------------------------------------
Thu Sep 26 11:51:43 CEST 2002 - ro@suse.de

- remove hang in smbfs init script (#20204)

-------------------------------------------------------------------
Wed Sep 25 19:47:26 CEST 2002 - agruen@suse.de

- WinNT compatibility fix in the improved ACL mapping

-------------------------------------------------------------------
Mon Sep 23 23:39:11 CEST 2002 - lmuelle@suse.de

- add ACL mapping fixes from Andreas Gruenbacher <agruen@suse.de>
- put SAM related binaries in extra subdirectories
- set TMPDIR to /var/tmp in smb init script
- create classic and ldap sudirectories for the binaries to get usual
  process names
- remove runlevel 2 from Default-Start of smbfs; add nmb to Required-Start
- warn if nmbd is not running while start of smb, smbfs and winbind
- drop rcsamba

-------------------------------------------------------------------
Thu Sep 12 16:41:38 CEST 2002 - lmuelle@suse.de

- add missing user information if nmbd is reloaded
- add root to write list of print$ in default smb.conf

-------------------------------------------------------------------
Thu Sep 12 01:01:55 CEST 2002 - lmuelle@suse.de

- add check for ready cupsd if CUPS is active and Samba using CUPS as
  printing system
- remove ACL fixes, #19494

-------------------------------------------------------------------
Wed Sep 11 06:15:38 CEST 2002 - lmuelle@suse.de

- add winbind to X-UnitedLinux-Should-Start of smb init script

-------------------------------------------------------------------
Tue Sep 10 20:33:49 CEST 2002 - lmuelle@suse.de

- intergrate ACL fixes from Andreas Gruenbacher <agruen@suse.de>
- split smb in two (smb and nmb) init scripts
- fix Required-Start of smb and winbind init script
- include most parts of two mostly printing related pre 2.2.6 patches

-------------------------------------------------------------------
Mon Sep  9 10:24:19 CEST 2002 - lmuelle@suse.de

- check existence of brlock and locking tdb, #18978
- include tdbdump, tdbtest, tdbtool, tdbtorture
- change smb and winbind init script, #18784

-------------------------------------------------------------------
Tue Sep  3 00:18:11 CEST 2002 - lmuelle@suse.de

- let SuSEconfig.samba use correct lib subdirectory, #18730
- include printing patch for 2.2.5 from Samba team
- let smb and winbind init script also recognize daemons started before
  an update of the package; workaround for #18784
- include netttime program, #6508

-------------------------------------------------------------------
Fri Aug 30 08:15:55 CEST 2002 - lmuelle@suse.de

- replace wrong, left variable in %post of samba by filename

-------------------------------------------------------------------
Wed Aug 28 15:43:52 CEST 2002 - lmuelle@suse.de

- make reload of smbfs init script equal to restart
- remove Should-Start smb in smbfs init script
- create ntadmin group in %pre of samba
- adjust permission and ownership of /var/lib/samba/drivers

-------------------------------------------------------------------
Wed Aug 21 15:31:57 CEST 2002 - lmuelle@suse.de

- fix start of smbfs init script; introduce /etc/samba/smbfstab, #7146
- reinclude lost pdbedit and man page, now part of the client package
- move cupsd to Should-Start in smb, also smb and remove $remote_fs from
  Required-Start in smbfs init script
- rename sysconfig.samba-samba-client to sysconfig.samba-client and use
  fillup_only with -ans due to usage in a subpackage
- force LDAP protocol version 3 during connection establishment

-------------------------------------------------------------------
Tue Aug 20 11:08:57 CEST 2002 - lmuelle@suse.de

- add missing PreReq to samba and samba-client, #17979, #17980
- fix status of smbfs init script, #9092

-------------------------------------------------------------------
Tue Aug 20 00:01:19 CEST 2002 - lmuelle@suse.de

- fix path to temp file in %post of samba
- fix %post of samba-client, rename sysconfig.samba to
  sysconfig.samba-samba-client

-------------------------------------------------------------------
Mon Aug 19 18:54:15 CEST 2002 - lmuelle@suse.de

- drop the split in classic and ldap version; introduce etc/sysconfig/samba
  and SuSEconfig.samba instead to get the appropriate binaries, #17691

-------------------------------------------------------------------
Fri Jul 26 14:36:02 CEST 2002 - gd@suse.de

- fixed /usr/share/samba in %files
- moved libsmbclient libraries to samba-client

-------------------------------------------------------------------
Fri Jul 19 11:27:04 CEST 2002 - gd@suse.de

- added rediffed start_tls-fix from cvs
- enabled challenge-response-auth for winbind
- removed all references to rc.config
- made cups default printing system for SuSE Linux 8.1

-------------------------------------------------------------------
Thu Jul 18 17:26:51 MEST 2002 - link@suse.de

- updated to samba-vscan-0.2.5d
  -- bugfix for F-Prot Daemon and ScannerDaemon
  -- added a sanity check for "grepping" the virus name from
     the output of ScannerDaemon and F-Prot Daemon
  -- init message has been changed when module is loaded
  -- added Makefile fix for x86-64 by Ulricht Hecht

-------------------------------------------------------------------
Tue Jul 16 17:32:16 CEST 2002 - uli@suse.de

- link PIC objects into examples/VFS stuff (fixes x86-64)

-------------------------------------------------------------------
Tue Jul 16 12:05:38 CEST 2002 - kukuk@suse.de

- Don't use macros for Version:

-------------------------------------------------------------------
Mon Jul 15 17:52:01 CEST 2002 - gd@suse.de

- update to version 2.2.5 (mainly done by Lars Mueller <lmuelle@suse.de>)
- added samba-vscan 0.2.5a as subpackage
- link against acl and attr library
- added winbind-init script, rewrote smb-init script
- updates, clean-ups in smb.conf and more examples
- added patch for pdbedit to handle script based LDAP account creation
  and make deletion of only SAM LDAP entries possible and added a -b option
  for pdbedit to allow stdin password changes (patch by lmuelle@suse.de)
- fixed smbadduser script patch (bug #15562)
- split the samba-package into a classic and a ldap-version:
  thus you need in either case samba/samba-client, then you choose
  between samba-classic/samba-classic-client for the common smbpasswd-backend
  or samba-ldap/samba-ldap-client to support the ldapsam-backend.
- added README.SuSE
- added link to make using_samba accessible from swat
- no sgid for printer-drivers-dir

-------------------------------------------------------------------
Fri Jun 14 16:40:23 CEST 2002 - meissner@suse.de

- rerun auto* tools, use -mminimal-toc on ppc64.

-------------------------------------------------------------------
Fri Mar  8 13:28:15 CET 2002 - kukuk@suse.de

- Add libsmbclient.so.0 and /usr/share/samba to filelist

-------------------------------------------------------------------
Thu Feb 14 12:41:17 CET 2002 - adrian@suse.de

- install needed header file for libsmbclient.so

-------------------------------------------------------------------
Sun Feb 10 09:08:56 CET 2002 - kukuk@suse.de

- Don't test for -fpic if PICFLAG is already set

-------------------------------------------------------------------
Thu Feb  7 14:58:28 CET 2002 - lmuelle@suse.de

- Update to 2.2.3a, minor bugfix release

-------------------------------------------------------------------
Thu Feb  7 04:15:08 CET 2002 - lmuelle@suse.de

- Update to 2.2.3
- Fix smbsh library search path
- Removed 'kernel oplocks = No' from smb.conf; default is yes
- Include pam_smbpass, syslog, utmp, and winbind support
- Include libsmbclient
- Include findsmb

-------------------------------------------------------------------
Tue Jan  8 19:59:18 CET 2002 - egmont@suselinux.hu

- Cosmetical changes in init scripts

-------------------------------------------------------------------
Thu Dec 20 14:09:00 CET 2001 - ro@suse.de

- removed START_SMB and added insserv_macros

-------------------------------------------------------------------
Sun Sep 23 01:40:36 CEST 2001 - lmuelle@suse.de

 - Shorten output and tunig of old configuration files handling
 - Include SID and secrets files to old configuration files handling
 - Move netlogon and profiles directories to /var/lib/samba
 - Move smbpasswd binary and man page to samba-client package
 - Introduce additional sym link from /etc/init.d/smb to rcsamba due to
   too many typos and cleaner systematic
 - Add character set = ISO8859-15 and client code page = 850 to smb.conf
   in the global section to enable correct UNIX <-> DOS character
   mapping for west European languages
 - Change create mask of home section to 0640, directory mask to 0750;
   change create mask of printers section to 0600 in smb.conf
 - Move path of printers section to /var/tmp

-------------------------------------------------------------------
Fri Aug 24 15:43:24 CEST 2001 - lmuelle@suse.de

- Move all configuration files to /etc/samba
- Move data bases to /var/lib/samba; important, cause boot script
  cleans up /var/lock/samba
- Move pid files to /var/run/samba
- Link against cups library
- Use build root
- Rename subpackage smbclnt to samba-client
- Move /usr/share/doc/packages/samba to package samba-client
- Move /usr/lib/samba/scripts to /usr/share/samba/scripts
- Move /usr/lib/samba/codepages to /usr/share/samba/codepages
- Move /usr/lib/samba/swat to /usr/share/samba/swat
- Move /usr/lib/samba/VFS/* to /usr/lib/samba
- Remove smb.conf from package samba, kept in samba-client
- Remove redundant html documentation of man pages
- Remove superfluous install and uninstall scripts
- Add example configuration file /etc/samba/smbusers
- Update to 2.2.1a: fixes bug with too strict name handling while adding
  a machine into a domain
- Update to 2.2.1: add pam password changing and pam restrictions code;
  printer driver management improvements (delete driver); fix for Samba
  running on top of Linux VFAT ftruncate bug

-------------------------------------------------------------------
Tue Aug 14 18:06:21 CEST 2001 - ro@suse.de

- Don't use absolute paths to PAM modules in PAM config files

-------------------------------------------------------------------
Wed Jun 27 01:42:19 CEST 2001 - ro@suse.de

- re-added the libtoolize to make it build

-------------------------------------------------------------------
Tue Jun 26 03:06:56 CEST 2001 - lmuelle@suse.de

- Update to 2.2.0a fixes remote file create/ append bug. This may
  only happen by '%m' macro usage for the 'log file' command.
- spec and dif cleanup
- Include VFS module support.

-------------------------------------------------------------------
Wed Jun 13 18:00:09 CEST 2001 - ro@suse.de

- fix to build with new autoconf

-------------------------------------------------------------------
Wed May 30 02:16:00 CEST 2001 - ro@suse.de

- config-dist.sh: accept any kernel version on s390

-------------------------------------------------------------------
Thu May 10 16:40:17 CEST 2001 - bodammer@suse.de

- initscript fix: don't start smbd in runlevel 2 [bug #8046]
- some additional files included to doc (COPYING, README, ..)

-------------------------------------------------------------------
Wed May  9 11:42:01 CEST 2001 - uli@suse.de

- bzipped tarball

-------------------------------------------------------------------
Tue May  8 19:03:56 CEST 2001 - schwab@suse.de

- Don't use _syscallX.

-------------------------------------------------------------------
Mon Apr 30 16:08:24 CEST 2001 - ro@suse.de

- added config-dist.sh to build only on 2.4 machines
  (samba configure seems braindead enough to check
   the running kernel)

-------------------------------------------------------------------
Mon Apr 30 15:26:49 CEST 2001 - ro@suse.de

- removed kerberos support: does not work as expected

-------------------------------------------------------------------
Tue Apr 24 16:51:21 CEST 2001 - lemsi@suse.de

- for 7.2 we have added some kerbereos 5 support

-------------------------------------------------------------------
Tue Apr 24 15:55:42 CEST 2001 - lemsi@suse.de

- new version samba 2.2
- new spec file with more functions for configure
- libnss_winbind.so support for /etc/nsswich.conf

-------------------------------------------------------------------
Wed Apr 18 18:46:49 CEST 2001 - lemsi@suse.de

- new security fixes and version 2.0.8 for 6.3, 6.4, 7.0, 7.1

-------------------------------------------------------------------
Tue Apr 17 15:26:43 CEST 2001 - lemsi@suse.de

- new rcsmb script
- include security fixes

-------------------------------------------------------------------
Fri Mar  9 02:38:30 CET 2001 - ro@suse.de

- don't mess with os_install_post

-------------------------------------------------------------------
Fri Feb 23 00:10:25 CET 2001 - ro@suse.de

- added readline/readline-devel to neededforbuild (split from bash)

-------------------------------------------------------------------
Wed Feb  7 16:18:05 CET 2001 - schwab@suse.de

- Fix LFS support in client.

-------------------------------------------------------------------
Mon Feb  5 19:25:29 CET 2001 - schwab@suse.de

- Compile with -D_GNU_SOURCE and -D_LARGEFILE64_SOURCE to get missing
  declarations.
- Include <sys/types.h> when checking for ino64_t.
- Include <crypt.h> for crypt declaration.

-------------------------------------------------------------------
Wed Jan 31 11:23:29 CET 2001 - lemsi@suse.de

- added codepages in smbclnt-subpackage
- changed german coments to english coments

-------------------------------------------------------------------
Wed Jan  3 10:52:49 CET 2001 - lemsi@suse.de

- changed in the share section the path /cd to /cdrom
- added smb.conf to the smbclnt-subpackage

-------------------------------------------------------------------
Tue Nov 28 11:07:35 CET 2000 - kukuk@suse.de

- Fix init scripts and move them to /etc/init.d
- Fix post/postun section for subpackages

-------------------------------------------------------------------
Fri Nov 24 20:33:06 CET 2000 - bodammer@suse.de

- rcscript update

-------------------------------------------------------------------
Mon Aug 28 09:33:13 CEST 2000 - choeger@suse.de

- changed $* to "$@" in mount.smbfs to make it also
  possible to mount shares with spaces

-------------------------------------------------------------------
Mon Jul 31 11:01:30 CEST 2000 - choeger@suse.de

- improvement for rcsmb
- fix for spec-file to compile with NIS netgroups

-------------------------------------------------------------------
Thu Jul 20 13:05:51 CEST 2000 - choeger@suse.de

- added smbfs initscript that has been removed
  by an error

-------------------------------------------------------------------
Tue Jul 11 11:56:14 MEST 2000 - choeger@suse.de

- split package into client and server parts
  client package name: smbclnt

-------------------------------------------------------------------
Wed Apr 26 14:22:19 MEST 2000 - choeger@suse.de

- new version, 2.0.7

-------------------------------------------------------------------
Thu Apr  6 02:12:06 CEST 2000 - ro@suse.de

- removed pam,cracklib from neededforbuild: build handles this

-------------------------------------------------------------------
Wed Apr  5 19:27:15 MEST 2000 - bk@suse.de

- s390 team added config.{sub,guess} update macro for s390

-------------------------------------------------------------------
Mon Mar 27 15:41:26 MEST 2000 - choeger@suse.de

- fixed bug in specfile
  the multilined configure call missed a "\" :-(

-------------------------------------------------------------------
Thu Mar  9 19:26:32 MET 2000 - choeger@suse.de

- fixed typo in specfile

-------------------------------------------------------------------
Wed Mar  1 12:34:09 MET 2000 - choeger@suse.de

- added %{_mandir}

-------------------------------------------------------------------
Tue Feb  8 09:19:58 MET 2000 - choeger@suse.de

- removed /sbin/init.d/smbfs because it is no longer needed

-------------------------------------------------------------------
Mon Jan  3 16:01:43 MET 2000 - choeger@suse.de

- bugfix for ipc.c
  to make roaming profiles work again.

-------------------------------------------------------------------
Tue Nov 30 11:17:55 CET 1999 - choeger@suse.de

- changed kernel oplocks = off to
  kernel oplocks = false

-------------------------------------------------------------------
Tue Nov 16 14:22:34 CET 1999 - choeger@suse.de

- added kernel oplocks = off in smb.conf

-------------------------------------------------------------------
Fri Nov 12 13:50:29 CET 1999 - choeger@suse.de

- new version, 2.0.6

-------------------------------------------------------------------
Fri Nov  5 11:57:52 CET 1999 - choeger@suse.de

- Fix for the smbmount lost-connection problem
  _seems_ to work...

-------------------------------------------------------------------
Fri Oct 29 16:46:29 CEST 1999 - choeger@suse.de

- removed comment sign in /etc/inetd.conf for swat

-------------------------------------------------------------------
Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de

- ran old prepare_spec on spec file to switch to new prepare_spec.

-------------------------------------------------------------------
Tue Aug 10 10:29:06 MEST 1999 - fehr@suse.de

- set execute permissions for mksmbpasswd.sh and changesmbpasswd.sh

-------------------------------------------------------------------
Thu Jul 29 11:49:12 MEST 1999 - fehr@suse.de

- fixed typo in /sbin/init.d/smbfs

-------------------------------------------------------------------
Thu Jul 22 11:39:26 MEST 1999 - fehr@suse.de

- changed to new version 2.0.5a

-------------------------------------------------------------------
Wed Jul 21 10:03:04 MEST 1999 - fehr@suse.de

- changed to new version 2.0.5

-------------------------------------------------------------------
Tue Jul 20 14:35:53 MEST 1999 - fehr@suse.de

- install /sbin/init.d/smbfs
- changed to new version 2.0.5pre4

-------------------------------------------------------------------
Mon Jul 19 16:20:58 MEST 1999 - fehr@suse.de

- add /sbin/init.d/smbfs
- changed to new version 2.0.5pre3

-------------------------------------------------------------------
Fri Jul  2 11:06:56 MEST 1999 - fehr@suse.de

- removed "umount -a -t smbfs" from start sscript

-------------------------------------------------------------------
Tue Jun 22 11:05:15 MEST 1999 - kukuk@suse.de

- 2.0.4b changed default values, enable PAM again

-------------------------------------------------------------------
Fri Jun 18 14:08:40 MEST 1999 - kukuk@suse.de

- changed to new version 2.0.4b

-------------------------------------------------------------------
Mon Jun 14 19:14:02 MEST 1999 - kukuk@suse.de

- Enable PAM, add samba.pamd

-------------------------------------------------------------------
Mon May  3 11:24:23 MEST 1999 - fehr@suse.de

- add umount -a -t smbfs to shutdown sequence of samba

-------------------------------------------------------------------
Thu Mar 11 16:49:16 MET 1999 - ro@suse.de

- smbmount: define NR_OPEN to 1024 if undefined (GLIBC-2.1)

-------------------------------------------------------------------
Wed Mar 10 15:19:44 MET 1999 - choeger@suse.de

- some enhancements for smb.conf

-------------------------------------------------------------------
Wed Mar 10 13:18:38 MET 1999 - choeger@suse.de

- new version 2.0.3 and smbmount now seems to work

-------------------------------------------------------------------
Tue Mar  9 02:33:08 MET 1999 - ro@suse.de

- use samba-2.0.2 for STABLE
- use smbfs-2.1 with kernel 2.2.2

-------------------------------------------------------------------
Sun Feb 28 11:11:27 MET 1999 - ro@suse.de

- for glibc-2.1 strncat uses strcat for one subcase, so don't
  redefine strcat to "ERROR" for glibc-2.1

-------------------------------------------------------------------
Mon Feb 15 15:06:28 CET 1999 - fehr@suse.de

- fix for umount problem from Volker

-------------------------------------------------------------------
Tue Feb  9 12:07:41 CET 1999 - fehr@suse.de

- changed to version 2.0.2 of samba

-------------------------------------------------------------------
Fri Jan 15 21:16:43 MET 1999 - bs@suse.de

- replaced /sbin/init.d/smb with newer style version (again)

-------------------------------------------------------------------
Fri Jan 15 16:28:53 MET 1999 - fehr@suse.de

- switched to new version 2.0.0

-------------------------------------------------------------------
Wed Jan 13 17:08:15 MET 1999 - bs@suse.de

- fixed entry in inetd.conf

-------------------------------------------------------------------
Wed Jan 13 15:21:20 MET 1999 - bs@suse.de

- replaced /sbin/init.d/smb with newer style version

-------------------------------------------------------------------
Mon Jan 11 17:38:03 MET 1999  - vl@suse.de

- make 2.0.0beta5 package of samba

-------------------------------------------------------------------
Mon Aug 24 12:16:30 MEST 1998 - vl@suse.de

- changed to version 1.9.18p10

-------------------------------------------------------------------
Mon Jun 29 11:10:10 MEST 1998 - vl@suse.de

- changed to version 1.9.18p8

-------------------------------------------------------------------
Mon Apr 20 14:32:25 MEST 1998 - vl@suse.de

- changed to version 1.9.18p4

-------------------------------------------------------------------
Thu Feb 19 11:22:51 MET 1998 - vl@suse.de

- changed to version 1.9.18p3

-------------------------------------------------------------------
Tue Feb  3 11:06:45 MET 1998 - vl@suse.de

- changed to version 1.9.18p2
- fixed some problems in spec-file, some files were missing :-(
- fixed smbfs-2.0.2/Makefile.Linux

-------------------------------------------------------------------
Tue Jan 13 10:00:58 MET 1998 - vl@suse.de

- changed to version 1.9.18p1

-------------------------------------------------------------------
Fri Jan  9 15:44:26 MET 1998 - vl@suse.de

- changed to version 1.9.18

-------------------------------------------------------------------
Tue Dec  2 10:23:50 MET 1997 - bs@suse.de

- disable samba by default in /etc/rc.config

-------------------------------------------------------------------
Mon Oct  6 16:55:35 MEST 1997 - fehr@suse.de

- package prepared for automatic building

-------------------------------------------------------------------
Mon Sep 29 13:31:55 MEST 1997 - fehr@suse.de

- updated to version 1.9.17p2 due to security hole.

-------------------------------------------------------------------
Wed Jul 16 08:20:29 MEST 1997 - fehr@suse.de

- add fillup-template for rc.config and install it in doinst.sh

-------------------------------------------------------------------
Fri Jun 27 14:54:45 CEST 1997 - bs@suse.de

- update to smbfs-2.0.2, due to security hole.

-------------------------------------------------------------------
Tue Jun 17 18:36:38 MEST 1997 - fehr@suse.de

- changed init-skript to recognize entry START_SMB of rc.config

-------------------------------------------------------------------
Mon Jun  2 08:18:20 MEST 1997 - vl@suse.de

- update to version 1.9.16p11
- Starting Samba from /sbin/init.d, not from inetd.conf

-------------------------------------------------------------------
Sun Feb  2 19:26:53 MET 1997 - vl@suse.de

- update to version 1.9.16p10
- Adapted /etc/smb.conf.sample to 4.4.1 manual

-------------------------------------------------------------------
Sat Nov  2 17:35:11 CET 1996 - florian@suse.de

- update to version 1.9.16p9
- configuration file is now /etc/smb.conf
- smbd and nmbd are now in /usr/sbin
- added start-script /sbin/init.d/smb and entry in /etc/rc.config

-------------------------------------------------------------------
Thu Oct 17 16:05:09 CEST 1996 - florian@suse.de

- Update auf neue Version 1.9.16p6.

openSUSE Build Service is sponsored by