SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for samba-winbind-libs-4.17.5+git.320.c38ca0f84a-1.2.x86_64.rpm :

* Tue Feb 14 2023 Samuel Cabrero - Update to 4.17.5
* smbc_getxattr() return value is incorrect; (bso#14808);
* Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled correctly; (bso#15172);
* synthetic_pathref AFP_AfpInfo failed errors; (bso#15210);
* samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC when there is only an AAAA record for the DC in DNS; (bso#15226);
* smbd crashes if an FSCTL request is done on a stream handle; (bso#15236);
* DFS links don\'t work anymore on Mac clients since 4.17; (bso#15277);
* vfs_virusfilter segfault on access, directory edgecase (accessing NULL value); (bso#15283);
* CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) based SChannel on NETLOGON (additional changes); (bso#15240);
* %U for include directive doesn\'t work for share listing (netshareenum); (bso#15243);
* Shares missing from netshareenum response in samba 4.17.4; (bso#15266);
* ctdb: use-after-free in run_proc; (bso#15269);
* irpc_destructor may crash during shutdown; (bso#15280);
* auth3_generate_session_info_pac leaks wbcAuthUserInfo; (bso#15286);
* smbclient segfaults with use after free on an optimized build; (bso#15268);
* smbstatus leaking files in msg.sock and msg.lock; (bso#15282);
* Leak in wbcCtxPingDc2; (bso#15164);
* Access based share enum does not work in Samba 4.16+; (bso#15265);
* Crash during share enumeration; (bso#15267);
* rep_listxattr on FreeBSD does not properly check for reads off end of returned buffer; (bso#15271);
* Avoid relying on C89 features in a few places; (bso#15281);- named crashes on DLZ zone update; (bso#14030); (bsc#1206996);- Drop libnsl build requirement; (bsc#1208220);
* Mon Jan 23 2023 Noel Power - libdsdb-module-samba4 should be packaged as part of samba-libs and not samba-ad-dc-libs. Additionally no need for it to be removed conditionally.
* Thu Jan 12 2023 Noel Power - Clean up logic for PAM migration settings in spec file.
* Wed Jan 04 2023 Stefan Schubert - Migration of PAM settings to /usr/lib/pam.d.
* Wed Dec 21 2022 Noel Power - Change with_dc default to 0 (for non TW builds).
* Thu Dec 15 2022 Samuel Cabrero - Update to 4.17.4
* CVE-2022-44640 Upstream Heimdal free of user-controlled pointer in FAST; (bsc#14929);
* CVE-2021-20251 Bad password count not incremented atomically; (bsc#14611);
* CVE-2022-42898 krb5_pac_parse() buffer parsing vulnerability; (bsc#15203);
* CVE-2022-37966 rc4-hmac Kerberos session keys issued to modern servers; (bso#15237);
* CVE-2022-37967 Kerberos constrained delegation ticket forgery possible against Samba AD DC; (bso#15231);
* CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided; (bso#15240);
* pam_winbind uses time_t and pointers assuming they are of the same size; (bso#15224);
* Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219);
* filter-subunit is inefficient with large numbers of knownfails; (bso#15258);
* smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories; (bso#15252);
* The KDC logic arround msDs-supportedEncryptionTypes differs from Windows; (bso#13135);
* libnet: change_password() doesn\'t work with dcerpc_samr_ChangePasswordUser4(); (bso#15206);
* Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219);
* Memory leak in snprintf replacement functions; (bso#15230);
* RODC doesn\'t reset badPwdCount reliable via an RWDC (CVE-2021-20251 regression); (bso#15253);
* Prevent EBADF errors with vfs_glusterfs; (bso#15198);
* %U for include directive doesn\'t work for share listing (netshareenum); (bso#15243);
* Stack smashing in net offlinejoin requestodj; (bso#15257);
* Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue; (bso#15197);
* Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219);- Remove deprecated if-{down,up} scripts; (bsc#1206444);- Adjust the systemd drop-in file for named service; (bsc#1201689);
* Paths are additive so do not repeat paths from named.service
* Prefix the samba DLZ directory with \"-\" to ignore this path if it does not exists
* Mon Dec 12 2022 Stefan Schubert - Migration PAM settings to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update.
* Thu Dec 01 2022 David Mulder - Introduce without-smb1-server spec flag; (bsc#1205104);
* Tue Nov 15 2022 Samuel Cabrero - Update to 4.17.3
* CVE-2022-42898: Samba buffer overflow vulnerabilities on 32-bit systems; (bsc#1205126); (bso#15203);
* Tue Nov 08 2022 Ben Greiner - Replace obsolete python-gpgme with python-gpg
* Upstream replaced it in v4.9.5 -- bso#13728
* Tue Oct 25 2022 Noel Power - Update to 4.17.2
* CVE-2022-3592 [SECURITY] samba: Wide links protection broken; (bso#15207); (bsc#1204499).
* CVE-2022-3437 [SECURITY] samba: Buffer overflow in Heimdal unwrap_des3();(bso#15134); (bsc#1204254).
* Wed Oct 19 2022 Noel Power - Update to 4.17.1
* CVE-2021-20251 [SECURITY] Bad password count not incremented atomically; (bso#14611).
* smbXsrv_connection_shutdown_send result leaked; (bso#15174).
* Flush on a named stream never completes; (bso#15182).
* Permission denied calling SMBC_getatr when file not exists; (bso#15195).
* Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC; (bso#15189).
* pytest: add file removal helpers for TestCaseInTempDir; (bso#15191).
* CVE-2021-20251 [SECURITY] Bad password count not incremented atomically; (bso#14611).
* Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC; (bso#15189).
* Flush on a named stream never completes; (bso#15182).
* vfs_gpfs silently garbles timestamps > year 2106; (bso#15151).
* CVE-2021-20251 [SECURITY] Bad password count not incremented atomically; (bso#14611).
* multi-channel socket passing may hit a race if one of the involved processes already existed; (bso#15200).
* memory leak on temporary of struct imessaging_post_state and struct tevent_immediate on struct imessaging_context (in rpcd_spoolss and maybe others); (bso#15201).
* Since popt1.19 various use after free errors using result of poptGetArg are now exposed; (bso#15205); (boo#1204279).
* Remove special case for O_CREAT in SMB_VFS_OPENAT from vfs_glusterfs; (bso#15192).
* GETPWSID in memory cache grows indefinetly with each NTLM auth; (bso#15169).
* CVE-2021-20251 [SECURITY] Bad password count not incremented atomically; (bso#14611).- Install a systemd drop-in file for named service to allow read/write access to the DLZ directory; (bsc#1201689);
* Fri Oct 14 2022 Noel Power - Fix use after free errors resulting from using return of poptGetArg exposed since popt-1.19; (boo#1204279); (bso#15205).
* Mon Sep 26 2022 Noel Power - s3: smbd: Fix memory leak in smbd_server_connection_terminate_done(); (bso#15174).
* Mon Sep 26 2022 Noel Power - Disable SMB1 for tumbleweed builds.
* Fri Sep 23 2022 Noel Power - Update to 4.17.0
* acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr; (bso#15126).
* Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1; (bso#15153).
* assert failed: !is_named_stream(smb_fname)\") at ../../lib/util/fault.c:197; (bso#15161).
* acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr; (bso#15126).
* assert failed: !is_named_stream(smb_fname)\") at ../../lib/util/fault.c:197; (bso#15161).
* Cross-node multi-channel reconnects result in SMB2 Negotiate returning NT_STATUS_NOT_SUPPORTED; (bso#15159).
* winbind at info level debug can coredump when processing wb_lookupusergroups; (bso#15160).
* Make use of glfs_
*at() API calls in vfs_glusterfs; (bso#15157).
* Possible use after free of connection_struct when iterating smbd_server_connection->connections; (bso#15128).
* `net usershare add` fails with flag works with --long but fails with -l; (bso#15145).
* acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr; (bso#15126).
* Performance regression on contended path based operations; (bso#15125).
* Missing READ_LEASE break could cause data corruption; (bso#15148).
* libsamba-errors uses a wrong version number; (bso#15141).
* SMB1 negotiation can fail to handle connection errors; (bso#15152).
* New filename parser doesn\'t check veto files smb.conf parameter; (bso#15143).
* 4.17.rc1 still uses symlink-race prone unix_convert(); (bso#15144).
* Backport fileserver related changed to 4.17.0rc2; (bso#15146).
* Manpage for smbstatus json is missing; (bso#15147).
* Backport fileserver related changed to 4.17.0rc2; (bso#15146).
* Performance regression on contended path based operations; (bso#15125).
* Backport fileserver related changed to 4.17.0rc2; (bso#15146).
* Fix issues found by coverity in smbstatus json code; (bso#15140).
* Backport fileserver related changed to 4.17.0rc2; (bso#15146).
* Thu Sep 01 2022 Stefan Schubert - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update.
* Thu Jul 28 2022 Samuel Cabrero - Update to 4.16.4
* CVE-2022-2031: Samba AD users can bypass certain restrictions associated with changing passwords; (bsc#1201495); (bso#15047);
* CVE-2022-32744: Samba AD users can forge password change requests for any user; (bsc#1201493); (bso#15074);
* CVE-2022-32745: Samba AD users can crash the server process with an LDAP add or modify request; (bsc#1201492); (bso#15008);
* CVE-2022-32746: Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request; (bsc#1201490); (bso#15009);
* CVE-2022-32742: Server memory information leak via SMB1; (bsc#1201496); (bso#15085);
* Tue Jul 19 2022 Samuel Cabrero - Update to 4.16.3
* Using vfs_streams_xattr and deleting a file causes a panic; (bso#15099);
* Add support for bind 9.18; (bso#14986);
* logging dsdb audit to specific files does not work; (bso#15076);
* Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224);
* Samba with new lorikeet-heimdal fails to build on gcc 12.1 in developer mode; (bso#15095);
* Crash in streams_xattr because fsp->base_fsp->fsp_name is NULL; (bso#15105);
* Crash in rpcd_classic - NULL pointer deference in mangle_is_mangled(); (bso#15118);
* smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556);
* Fix check for chown when processing NFSv4 ACL; (bso#15120);
* The pcap background queue process should not be stopped; (bso#15082);
* testparm: Fix typo in idmap rangesize check; (bso#15097);
* net ads info returns LDAP server and LDAP server name as null; (bso#15106);
* ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108);
* CTDB child process logging does not work as expected; (bso#15090);
* Tue Jul 12 2022 Samuel Cabrero - Update spec file to fix the optional Heimdal DC build- Fix external trusts with MIT Kerberos 1.20- Add missing samba-client requirement to samba-winbind package; (bsc#1198255);- Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255);- Add sysuser-shadow requirement for packages using systemd-sysusers- Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979);
* Tue Jun 21 2022 Stefan Schubert - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d.
* Mon Jun 13 2022 Samuel Cabrero - Update to 4.16.2
* Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042);
* vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069);
* Reintroduce netgroups support; (bso#15087);
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674);
* Update from 4.15 to 4.16 breaks discovery of [homes] on standalone server from Win and IOS; (bso#15062);
* waf produces incorrect names for python extensions with Python 3.11; (bso#15071);
* smbclient -E doesn\'t work as advertised; (bso#15075);
* The samba background daemon doesn\'t refresh the printcap cache on startup; (bso#15081);
* Out-by-4 error in smbd read reply max_send clamp; (bso#14443);- Fix samba4.blackbox.net_ads_dns_async test with bind9 >= 9.17.7- Support building with MIT Kerberos 1.20- Bronze bit and S4U support with MIT Kerberos 1.20 for Samba AD DC; (CVE-2020-17049);- Resource Based Constrained Delegation (RBCD) for Samba AD DC- Support building with gcc 12.1
* Wed May 11 2022 Samuel Cabrero - Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362);
* Tue May 03 2022 Samuel Cabrero - Update to 4.16.1
* Share and server swapped in smbget password prompt; (bso#14831);
* Durable handles won\'t reconnect if the leased file is written to; (bso#15022);
* rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023);
* SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; (bso#15038);
* Need to describe --builtin-libraries= better (compare with - -bundled-libraries); (bso#8731);
* vfs_shadow_copy2 breaks \"smbd async dosmode\" sync fallback; (bso#14957);
* shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035);
* PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046);
* Username map - samba erroneously applies unix group memberships to user account entries; (bso#15041);
* KVNO off by 100000; (bso#14951);
* Uninitialized litemask in variable in vfs_gpfs module; (bso#15027);
* vfs_gpfs recalls=no option prevents listing files; (bso#15055);
* smbd doesn\'t handle UPNs for looking up names; (bso#15054);
* Wed Apr 20 2022 Noel Power - Update update-apparmor-samba-profile script, replace non-printable delimiter with more human readable separator as sed can accept separators that can appear in the input data.
* Wed Apr 13 2022 Noel Power - Fix update-apparmor-samba-profile script, sed doesn\'t like multibyte separators; (bsc#1198309).
* Thu Mar 24 2022 Samuel Cabrero - Update to 4.16.0
* New samba-dcerpcd binary to provide DCERPC in the member server setup
* Certificate Auto Enrollment
* Ability to add ports to dns forwarder addresses in internal DNS backend
* No longer using Linux mandatory locks for sharemodes
* SMB1 protocol has been deprecated, particularly older dialects
* SMB1 protocol SMBCopy command removed
* SMB1 server-side wildcard expansion removed- Add python3-dnspython to samba-ad-dc recommens; (bsc#1187101);- Use systemd-sysusers to create system users; (bsc#1182847);
* Tue Mar 15 2022 Samuel Cabrero - Update to 4.15.6
* Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169);
* Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key; (bso#14737);
* NT error code is not set when overwriting a file during rename in libsmbclient; (bso#14938);
* Fix ldap simple bind with TLS auditing; (bso#14996);
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674);
* Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224);
* pam_winbind will not allow gdm login if password about to expire; (bso#8691);
* virusfilter_vfs_openat: Not scanned: Directory or special file; (bso#14971);
* DFS fix for AIX broken; (bso#13631);
* Solaris and AIX acl modules: wrong function arguments; (bso#14974);
* Function aixacl_sys_acl_get_file not declared / coredump; (bso#7239);
* Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; (bso#14900);
* Fix a use-after-free in SMB1 server; (bso#14989);
* smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2; (bso#14968);
* Changing the machine password against an RODC likely destroys the domain join; (bso#14984);
* authsam_make_user_info_dc() steals memory from its struct ldb_message
*msg argument; (bso#14993);
* Use Heimdal 8.0 (pre) rather than an earlier snapshot; (bso#14995);
* Samba autorid fails to map AD users if id rangesize fits in the id range only once; (bso#14967);
* Mon Mar 07 2022 David Mulder - Fix mismatched version of libldb2; (bsc#1196788).- Drop obsolete SuSEfirewall2 service files.
* Fri Mar 04 2022 David Disseldorp - Drop obsolete Samba fsrvp v0->v1 state upgrade functionality; (bsc#1080338).
* Wed Feb 23 2022 Noel Power - Fix ntlm authentications with \"winbind use default domain = yes\"; (bso#13126); (bsc#1173429); (bsc#1196308).
* Mon Feb 14 2022 David Mulder - Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; (bsc#1195896); (bso#14947).
* Mon Feb 07 2022 David Mulder - libldb version mismatch in Samba dsdb component; (bsc#1118508);
* Mon Jan 31 2022 Noel Power - Update to 4.15.5
* CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target of a symlink exists; (bso#14911); (bsc#1193690).
* CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module; (bso#14914); (bsc#1194859).
* CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks; bso#14950); (bsc#1195048).
* Wed Jan 26 2022 Samuel Cabrero - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690);- CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859);- CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048);
* Fri Jan 21 2022 Samuel Cabrero - Update to 4.15.4
* Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928);
* Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932);
* kill_tcp_connections does not work; (bso#14934);
* Can\'t connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935);
* smbclient -L doesn\'t set \"client max protocol\" to NT1 before calling the \"Reconnecting with SMB1 for workgroup listing\" path; (bso#14939);
* Cross device copy of the crossrename module always fails; (bso#14940);
* symlinkat function from VFS cap module always fails with an error; (bso#14941);
* Fix possible fsp pointer deference; (bso#14942);
* Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944);
* \"smbd --build-options\" no longer works without an smb.conf file; (bso#14945);
* Tue Jan 18 2022 Dominique Leuenberger - Use pkgconfig(krb5) as dependency for the -devel package: allow OBS to pick the right flavor of krb5-devel (full vs mini).- Do not require the \'krb5\' symbol by samba-client-libs: this package has an automatic dependency due to linkage on libgssapi_krb5.so.2. Automatic deps are always better.- Do not require the \'krb5\' symbol from samba-libs: samba-libs requires samba-client-libs, which in turn requires krb5 libraries. Samba-libs itself has no need for krb5 (but get it indirectly anyway).
* Thu Jan 13 2022 Samuel Cabrero - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel.- Rename package samba-core-devel to samba-devel- Add python-rpm-macros to build requirements- Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba
* Fri Dec 10 2021 Samuel Cabrero - Update to 4.15.3
* Recursive directory delete with veto files is broken in 4.15.0; (bso#14878);
* A directory containing dangling symlinks cannot be deleted by SMB2 alone when they are the only entry in the directory; (bso#14879);
* SIGSEGV in rmdir_internals/synthetic_pathref - dirfsp is used uninitialized in rmdir_internals(); (bso#14892);
* MaxQueryDuration not honoured in Samba AD DC LDAP; (bso#14694);
* The CVE-2020-25717 username map [script] advice has undesired side effects for the local nt token; (bso#14901); (bsc#1192849);
* User with multiple spaces (eg FredNurk) become un-deletable; (bso#14902);
* Avoid storing NTTIME_THAW (-2) as value on disk; (bso#14127);
* smbXsrv_client_global record validation leads to crash if existing record points at non-existing process; (bso#14882);
* Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call; (bso#14890);
* Samba process doesn\'t log to logfile; (bso#14897);
* set_ea_dos_attribute() fallback calling get_file_handle_for_metadata() triggers locking.tdb assert; (bso#14907);
* Kerberos authentication on standalone server in MIT realm broken; (bso#14922);
* Segmentation fault when joining the domain; (bso#14923);
* Support for ROLE_IPA_DC is incomplete; (bso#14903);
* rpcclient cannot connect to ncacn_ip_tcp services anymore; (bso#14767);
* winexe crashes since 4.15.0 after popt parsing; (bso#14893);
* net ads status -P broken in a clustered environment; (bso#14908);
* Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before smbd_smb2_ioctl_send; (bso#14788);
* winbindd doesn\'t start when \"allow trusted domains\" is off; (bso#14899);
* smbclient login without password using \'-N\' fails with NT_STATUS_INVALID_PARAMETER on Samba AD DC; (bso#14883);
* A schannel client incorrectly detects a downgrade connecting to an AES only server; (bso#14912);
* Possible null pointer dereference in winbind; (bso#14921);
* Fix -k legacy option for client tools like smbclient, rpcclient, net, etc.; (bso#14846);
* Add Debian 11 CI bootstrap support; (bso#14872);
* Crash in recycle_unlink_internal(); (bso#14888);
* Thu Nov 18 2021 Samuel Cabrero - Fix dependency problem upgrading from libndr0 to libndr2 and from libsamba-credentials0 to libsamba-credentials1; (bsc#1192684);
* Wed Nov 10 2021 Samuel Cabrero - Fix regression introduced by CVE-2020-25717 patches, winbindd does not start when \'allow trusted domains\' is off; (bso#14899);- Update to 4.15.2
* CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication; (bso#12444); (bsc#1014440);
* CVE-2020-25717: A user on the domain can become root on domain members; (bso#14556); (bsc#1192284);
* CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC; (bso#14558); (bsc#1192246);
* CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets; (bso#14561); (bsc#1192247);
* CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers (eg objectSid); (bso#14557); (bsc#1192505);
* CVE-2020-25722: Samba AD DC did not do suffienct access and conformance checking of data stored; (bso#14564); (bsc#1192283);
* CVE-2021-3738: Use after free in Samba AD DC RPC server; (bso#14468); (bsc#1192215);
* CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability; (bso#14875); (bsc#1192214);- Update to 4.15.1
* vfs_shadow_copy2: core dump in make_relative_path; (bso#14682);
* Log clutter from filename_convert_internal; (bso#14685);
* MacOSX compilation fixes; (bso#14862);
* rodc_rwdc test flaps; (bso#14868);
* Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] \'Bronze bit\' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal; (bso#14642);
* Python ldb.msg_diff() memory handling failure; (bso#14836);
* \"in\" operator on ldb.Message is case sensitive; (bso#14845);
* Release LDB 2.4.1 for Samba 4.15.1; (bso#14848);
* samldb_krbtgtnumber_available() looks for incorrect string; (bso#14854);
* Fix Samba support for UF_NO_AUTH_DATA_REQUIRED; (bso#14871);
* Allow special chars like \"AATT\" in samAccountName when generating the salt; (bso#14874);
* Correctly ignore comments in CTDB public addresses file; (bso#14826);
* Fix transit path validation; (bso#12998);
* Fix that child winbindd logs to log.winbindd instead of log.wb-; (bso#14852);
* SMB3 cancel requests should only include the MID together with AsyncID when AES-128-GMAC is used; (bso#14855);
* Prepare to operate with MIT krb5 >= 1.20; (bso#14870);
* Heimdal prefers RC4 over AES for machine accounts; (bso#14864);
* Wed Oct 13 2021 David Mulder - Enable samba-tool without ad dc.
* Thu Sep 30 2021 Noel Power - Adjust spec to use pam macros; (bsc#1191046).
* Wed Sep 29 2021 Noel Power - Adjust spec for size
* allow some Recommends instead Requires to be configured for cifs-utils, samba-libs-python3 & samba-gpupdate; (bsc#1182847).
* remove fam, undocumented and unneeded.
* Thu Sep 23 2021 Samuel Cabrero - Add missing build dependency on bison when building with the embedded Heimdal Kerberos
* Mon Sep 20 2021 Samuel Cabrero - Update to 4.15.0
* Removed SMB development dialects SMB2_22, SMB2_24 and SMB3_10
* VFS layer modernized.
* Add the ability to set allow/deny lists for zone transfer clients in Bind DLZ plugin
* Server multi-channel support no longer experimental
* Improved command line user experience, unifying the options in different commands
* Winbindd no longer scans trusted domains on startup and will use enterprise principals by default.
* The net utility is now able to support the offline domain join feature
* New options for \'samba-tool dns zoneoptions\' for aging control and to mark old records as static or dynamic
* DNS tombstones are now deleted as appropriate and use a consistent timestamp format
* The \'samba-tool dns update\' command validates and rejects now malformed IPv4 and IPv6 addresses
* The \'samba-tool domain backup\' command correctly takes out locks against concurrent modification during backup when using the LMDB backend
* TruACL support has been removed
* NIS support has been removed
* Thu Sep 16 2021 Samuel Cabrero - Update to 4.14.7
* smbd panic on force-close share during offload write; (bso#14769);
* smbd should support copy_file_range() for FSCTL_SRV_COPYCHUNK; (bso#12033);
* Fix returned attributes on fake quota file handle and avoid hitting the VFS; (bso#14731);
* vfs_shadow_copy2 fix inodes not correctly updating inode numbers; (bso#14756);
* Fix build on Solaris; (bso#14774);
* Make dos attributes available for unreadable files; (bso#14654);
* Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7; (bso#14607);
* Start the SMB encryption as soon as possible; (bso#14793);
* Tue Aug 17 2021 David Mulder - Add Certificate Auto Enrollment Policy; (jsc#SLE-18457).
* Fri Jul 23 2021 David Mulder - Update to 4.14.6
* s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722).
* smbd: Fix pathref unlinking in create_file_unixpath(); (bso#14732).
* s3: VFS: default: Add proc_fd\'s fallback for vfswrap_fchown(); (bso#14734).
* s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path; (bso#14736).
* NT_STATUS_FILE_IS_A_DIRECTORY error messages when using glusterfs VFS module; (bso#14730).
* s3/modules: fchmod: Fallback to path based chmod if pathref; (bso#14734).
* Spotlight RPC service doesn\'t work with vfs_glusterfs; (bso#14740).
* gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750).
* smbXsrv_{open,session,tcon}: protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records; (bso#14752).
* samba-tool domain backup offline doesn\'t work against bind DLZ backend; (bso#14027).
* netcmd: Use next_free_rid() function to calculate a SID for restoring a backup; (bso#14669).
* Tue Jun 01 2021 Samuel Cabrero - Update to 4.14.5
* s3: smbd: SMB1 SMBsplwr doesn\'t send a reply packet on success; (bso#14696);
* s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles; (bso#14708);
* s3: smbd: Fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2(); (bso#14721);
* docs: Expand the \"log level\" docs on audit logging; (bso#14689);
* smbd: Correctly initialize close timestamp fields; (bso#14714);
* Fix gcc11 compiler issues; (bso#14699);
* docs-xml: Update smbcacls manpage; (bso#14718);
* docs: Update list of available commands in rpcclient; (bso#14719);
* ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475);
* s3:winbind: For \'security = ADS\' require realm/workgroup to be set; (bso#14695);
* lib:replace: Do not build strndup test with gcc 11 or newer; (bso#14699);
* Thu Apr 29 2021 Noel Power - Update to 4.14.4
* CVE-2021-20254: Fix buffer overrun in sids_to_unixids(); (bso#14571); (bsc#1184677).- Update to 4.14.3
* s3:modules:vfs_virusfilter: Recent New_VFS changes break vfs_virusfilter_openat; (bso#14671).
* build: Notice if flex is missing at configure time; (bso#14586).
* Fix smbd panic when two clients open same file; (bso#14672).
* Fix memory leak in the RPC server; (bso#14675).
* s3: smbd: fix deferred renames; (bso#14679).
* s3-iremotewinspool: Set the per-request memory context; (bso#14675)
* Fix memory leak in the RPC server; (bso#14675).
* third_party: Update socket_wrapper to version 1.3.2; (bso#11899).
* third_party: Update socket_wrapper to version 1.3.3; (bso#14640).
* samba-gpupdate: Test that sysvol paths download in case-insensitive way; (bso#14665).
* smbd: Ensure errno is preserved across fsp destructor; (bso#14662).
* idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid conflict; (bso#14663).
* build: Only add -Wl,--as-needed when supported; (bso#14288).
* Wed Mar 31 2021 Samuel Cabrero - Update to 4.14.2
* Release with dependency on ldb version 2.3.0.- Update to 4.14.1
* CVE-2021-20277: Fix out of bounds read in ldb_handler_fold; (bso#14655);
* CVE-2020-27840: Fix unauthenticated remote heap corruption via bad DNs; (bso#14595);- Update to 4.14.0
* VFS layer modernized.
* Printers publishing in AD improved.
* Client group policies support for sudoers configuration and cron jobs.
* Improved consistency of samba-tool subcommands.
* CTDB now uses the terms leader and follower instead of master and slave. Configuration options have changed accordingly.
* The ctdb isnotrecmaster command is removed.
* For details on all items see WHATSNEW.txt in samba-doc package.
* Mon Mar 01 2021 Samuel Cabrero - Spec file fixes around systemd and requires; (bsc#1182830);- Align systemd service unit files with upstream provided ones.
* Tue Jan 26 2021 Samuel Cabrero - Update to 4.13.4
* Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7; (bso#14607);
* Temporary DFS share setup doesn\'t set case parameters in the same way as a regular share definition does; (bso#14612);
* lib: Avoid declaring zero-length VLAs in various messaging functions; (bso#14605);
* Do not create an empty DB when accessing a sam.ldb; (bso#14579);
* vfs_fruit may close wrong backend fd; (bso#14596);
* Temporary DFS share setup doesn\'t set case parameters in the same way as a regular share definition does; (bso#14612);
* vfs_virusfilter: Allocate separate memory for config char
*; (bso#14606);
* vfs_fruit may close wrong backend fd; (bso#14596);
* Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7; (bso#14607);
* The cache directory for the user gencache should be created recursively; (bso#14601);
* Be more flexible with repository names in CentOS 8 test environments; (bso#14594);
* Mon Dec 28 2020 Samuel Cabrero - Uninstalling samba-client: Failed to disable unit, cifs.service does not exists; (bsc#1180388);
* Wed Dec 16 2020 Samuel Cabrero - Update to 4.13.3 + libcli: smb2: Never print length if smb2_signing_key_valid() fails for crypto blob; (bso#14210); + s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function; (bso#14486); + s3: smbd: Don\'t overwrite contents of fsp->aio_requests[0] with NULL via TALLOC_FREE(); (bso#14515); + s3: spoolss: Make parameters in call to user_ok_token() match all other uses; (bso#14568); + s3: smbd: Quiet log messages from usershares for an unknown share; (bso#14590); + samba process does not honor max log size; (bso#14248); + vfs_zfsacl: Add missing inherited flag on hidden \"magic\" everyoneAATT ACE; (bso#14587); + s3-libads: Pass timeout to open_socket_out in ms; (bso#13124); + s3-vfs_glusterfs: Always disable write-behind translator; (bso#14486); + smbclient: Fix recursive mget; (bso#14517); + clitar: Use do_list()\'s recursion in clitar.c; (bso#14581); + manpages/vfs_glusterfs: Mention silent skipping of write-behind translator; (bso#14486); + vfs_shadow_copy2: Preserve all open flags assuming ROFS; (bso#14573); + interface: Fix if_index is not parsed correctly; (bso#14514);
* Mon Nov 16 2020 Samuel Cabrero - Update to 4.13.2 + s3: modules: vfs_glusterfs: Fix leak of char
*
*lines onto mem_ctx on return; (bso#14486); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471); + smb.conf.5: Add clarification how configuration changes reflected by Samba; (bso#14538); + daemons: Report status to systemd even when running in foreground; (bso#14552); + DNS Resolver: Support both dnspython before and after 2.0.0; (bso#14553); + s3-vfs_glusterfs: Refuse connection when write-behind xlator is present; (bso#14486); + provision: Add support for BIND 9.16.x; (bso#14487); + ctdb-common: Avoid aliasing errors during code optimization; (bso#14537); + libndr: Avoid assigning duplicate versions to symbols; (bso#14541); + docs: Fix default value of spoolss:architecture; (bso#14522); + winbind: Fix a memleak; (bso#14388); + s4:dsdb:acl_read: Implement \"List Object\" mode feature; (bso#14531); + docs-xml/manpages: Add warning about write-behind translator for vfs_glusterfs; (bso#14486); + nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h. + vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530); + third_party: Update resolv_wrapper to version 1.1.7; (bso#14547); + examples:auth: Do not install example plugin; (bso#14550); + ctdb-recoverd: Drop unnecessary and broken code; (bso#14513); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471);
* Thu Nov 05 2020 Noel Power - Adjust smbcacls \'--propagate-inheritance\' feature to align with upstream; (bsc#1178469).
* Tue Oct 06 2020 Samuel Cabrero - Update to samba 4.13.1 + CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records; (bsc#1177613); (bso#14472); + CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994); (bso#14436); + CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify; (bsc#1173902); (bso#14434);- Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba; (bsc#1177355);
* Mon Oct 05 2020 David Disseldorp - Fix vfs_ceph query_directory regression; (bso#14519)- Drop liburing-devel for SLE15-SP2; (bsc#1177245)
* Thu Sep 24 2020 David Disseldorp - Register CTDB recovery lock holder with ceph-mgr- Add liburing-devel dependency
* Tue Sep 22 2020 David Disseldorp - Update to samba 4.13.0 + Require Python 3.6 + Move wide links functionality into VFS module + Deprecate NT4-like \'classic\' Samba domain controllers + Deprecate SMBv1 only protocol options + Remove deprecated \"ldap ssl ads\" option + Unify asynchronous DCE-RPC server; (jsc#SES-645) + Replay multichannel lease break requests; (bso#11897); (jsc#SES-655) + Drop internal byteorder.h header from util-devel package + Remove final code for the AD DC LDAP backend + Add AD DC Group Policy Scripts + Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14; (bso#14399) + Fix %U substitutions if it contains a domain name; (bso#14467) + Fix krb5.conf creation for \'net ads join\'; (bso#14479) + Fix build problem if libbsd-dev is not installed; (bso#14482) + Toggle vfs_snapper using \"--with-shared-modules\"; (bso#14437) + Fix idmap_ad RFC4511 response handling; (bso#14465) + Fix panic in get_lease_type(); (bso#14428)
* Fri Sep 18 2020 Samuel Cabrero - Update to samba 4.12.7 + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect netr_ServerPasswordSet2 against unencrypted passwords; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support \"server require schannel:WORKSTATION$ = no\" about unsecure configurations; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client challenge; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in netlogon_creds_server_init() \"server require schannel:WORKSTATION$ = no\"; (bsc#1176579); (bso#14497);- Update to samba 4.12.6 + s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403). + dsdb: Allow \"password hash userPassword schemes = CryptSHA256\" to work on RHEL7; (bso#14424). + dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450). + lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL; (bso#14426). + PANIC: Assert failed in get_lease_type(); (bso#14428). + util: Fix build on AIX by fixing the order of replace.h include; (bso#14422). + srvsvc_NetFileEnum asserts with open files; (bso#14355). + KDC breaks with DES keys still in the database and msDS-SupportedEncryptionTypes 31 indicating support for it; (bso#14354). + s3:smbd: Make sure vfs_ChDir() always sets conn->cwd_fsp->fh->fd = AT_FDCWD; (bso#14427). + PANIC: Assert failed in get_lease_type(); (bso#14428). + docs: Fix documentation for require_membership_of of pam_winbind.conf; (bso#14358). + ctdb-scripts: Use nfsconf utility for variable values in CTDB NFS scripts; (bso#14444). + s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal; (bso#14425).
* Tue Jul 28 2020 Thorsten Kukuk - Don\'t install SuSEfirewall2 services, we don\'t have that package anymore
* Thu Jul 02 2020 Noel Power - Update to samba 4.12.5 + Fix smbd panic on force-close share during async io; (bso#14301). + Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name; (bso#14374) + Fix DFS links; (bso#14391). + Can\'t use DNS functionality after a Windows DC has been in domain; (bso#14310). + ldapi search to FreeIPA crashes; (bso#14413). + Add net-ads-join dnshostname=fqdn option; (bso#14396) + Fix adding msDS-AdditionalDnsHostName to keytab with Windows DC; (bso#14406). + docs-xml: Update list of posible VFS operations for vfs_full_audit; (bso#14386). + winbindd: Fix a use-after-free when winbind clients exit; (bso#14382). + Client tools are not able to read gencache anymore; (bso#14370).
* Thu Jul 02 2020 Noel Power - Update to samba 4.12.4 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159) + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (bsc#1173161) + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359).
* Sat May 30 2020 Marcus Meissner - add libnetapi-devel to baselibs conf, for wine usage (bsc#1172307)
* Thu May 28 2020 Samuel Cabrero - Add system-user-nobody to samba package requirements
* Wed May 20 2020 Samuel Cabrero - Update to samba 4.12.3 + Fix smbd panic on force-close share during async io; (bso#14301); + s3: vfs_full_audit: Add missing fcntl entry in vfs_op_names[] array; (bso#14343); + vfs_io_uring: Fix data corruption with Windows clients; (bso#14361); + Fix smbd crashes when MacOS Catalina connects if iconv initialization fails; (bso#14372); + Exporting from macOS Adobe Illustrator creates multiple copies; (bso#14150); + smbd does a chdir() twice per request; (bso#14256); + smbd mistakenly updates a file\'s write-time on close; (bso#14320); + vfs_shadow_copy2: implement case canonicalisation in shadow_copy2_get_real_filename(); (bso#14350); + Fix Windows 7 clients problem after upgrading samba file server; (bso#14375); + s3: Pass DCE RPC handle type to create_policy_hnd; (bso#14359); + Fix uxsuccess test with new MIT krb5 library 1.18; (bso#14155); + mit-kdc: Explicitly reject S4U requests; (bso#14342); + dbwrap_watch: Set rec->value_valid while returning nested share_mode_do_locked(); (bso#14352); + lib:util: Fix smbclient -l basename dir; (bso#14345); + s3:libads: Fix ads_get_upn(); (bso#14336); + ctdb: Fix a memleak; (bso#14348); + Malicous SMB1 server can crash libsmbclient; (bso#14366); + ldb: Bump version to 2.1.3, LMDB databases can grow without bounds; (bso#14330); + vfs_io_uring: Fix data corruption with Windows clients; (bso#14361); + s3/librpc/crypto: Fix double free with unresolved credential cache; (bso#14344); + docs-xml: Fix usernames in pam_winbind manpages; (bso#14358);
* Mon May 11 2020 David Mulder - Installing: samba - samba-ad-dc.service does not exist and unit not found; (bsc#1171437);
* Mon May 04 2020 Samuel Cabrero - libsmb: Don\'t try to find posix stat info in SMBC_getatr(); (bso#14101); (bsc#1169242);
* Wed Apr 29 2020 Noel Power - Move libdcerpc-server-core.so to samba-libs package, this was initially erroneously located in samba-ad-dc.
* Tue Apr 28 2020 Noel Power - Update to samba 4.12.2 + CVE-2020-10700: A client combining the \'ASQ\' and \'Paged Results\' LDAP controls can cause a use-after-free in Samba\'s AD DC LDAP server;(bso#14331); (bsc#1169850) + CVE-2020-10704: A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server\'s stack memory causing a SIGSEGV; (bso#14334); (bsc#1169851).
* Mon Apr 13 2020 Samuel Cabrero - Update to samba 4.12.1 + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14295); + samba-tool group: Handle group names with special chars correctly; (bso#14296); + Add missing check for DMAPI offline status in async DOS attributes; (bso#14293); + Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs; (bso#14307); + vfs_recycle: Prevent flooding the log if we\'re called on non-existant paths; (bso#14316); + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313); + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred; (bso#14327); + fruit:time machine max size is broken on arm; (bso#13622); + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294); + s3/utils: Fix double free error with smbtree; (bso#14332); + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294); + Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); + CTDB recovery daemon can crash due to dereference of NULL pointer; (bso#14324);
* Wed Mar 25 2020 Noel Power - s3: libsmbclient.h: add missing time.h include to fix ffmpeg build and make it compatible with -std=c99.
* Mon Mar 16 2020 Noel Power - ndrdump tests: Make the tests less fragile- python/samba/gp_parse: Fix test errors with python3.8
* Fri Mar 13 2020 Noel Power - Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680).
* Fri Mar 06 2020 Noel Power - Update to samba 4.12.0 + For details on all items see WHATSNEW.txt in samba-doc package. + Samba 4.12 raises this minimum version to Python 3.5. + Samba now requires GnuTLS 3.4.7 to be installed. + New Spotlight backend for Elasticsearch. + Retiring DES encryption types in Kerberos. With this release, support for DES encryption types has been removed from Samba, and setting DES_ONLY flag for an account will cause Kerberos authentication to fail for that account (see RFC-6649). + Samba-DC: DES keys no longer saved in DB. + The netatalk VFS module has been removed. + The BIND9_FLATFILE DNS backend is deprecated in this release and will be removed in the future. + CTDB changes + The ctdb_mutex_fcntl_helper periodically re-checks the lock file. + Bugs + Retire DES encryption types in Kerberos; (bso#14202); bsc#(1165574). + dsdb: Correctly handle memory in objectclass_attrs; (bso#14258). + s3: DFS: Don\'t allow link deletion on a read-only share; (bso#14269). + pidl/wscript: configure should insist on Parse::Yapp::Driver; (bso#14284). + smbd fails to handle EINTR from open(2) properly; (bso#14285). + ldb: version 2.1.1; (bso#14270)). + vfs: Set getting and setting of MS-DFS redirects on the filesystem to go through two new VFS functions SMB_VFS_CREATE_DFS_PATHAT() and SMB_VFS_READ_DFS_PATHAT(); (bso#14282). + bootstrap: Remove un-used dependency python3-crypto; (bso#14255) + Fix CID 1458418 and 1458420; (bso#14247). + lib: Fix a shutdown crash with \"clustering = yes\"; (bso#14281). + Winbind member (source3) fails local SAM auth with empty domain name; (bso#14247). + winbindd: Handle missing idmap in getgrgid(); (bso#14265). + Don\'t use forward declaration for GnuTLS typedefs; (bso#14271). + Add io_uring vfs module; (bso#14280). + libcli:smb: Improve check for gnutls_aead_cipher_(en|de)cryptv2; (bso#14250). + s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239); + lib:util: Log mkdir error on correct debug levels; (bso#14253).
* Sun Feb 02 2020 Thorsten Kukuk - Remove unused pwdutils buildrequires
* Thu Jan 30 2020 Samuel Cabrero - Update to samba 4.11.6 + pygpo: Use correct method flags; (bso#14209); + Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero; (bso#14209); + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h; (bso#14218); + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc; (bso#14122); + smbd: Fix the build with clang; (bso#14251); + upgradedns: Ensure lmdb lock files linked; (bso#14199); + s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir; (bso#14182); + smbc_stat() doesn\'t return the correct st_mode and also the uid/gid is not filled (SMBv1) file; (bso#14101); + librpc: Fix string length checking in ndr_pull_charset_to_null(); (bso#14219); + ctdb-scripts: Strip square brackets when gathering connection info; (bso#14227);
* Tue Jan 21 2020 Samuel Cabrero - Fix nmbstatus not reporting detailed information about workgroups; (bsc#1159464);- Fix querying all names registered within broadcast area; (bso#8927);
* Tue Jan 21 2020 Noel Power - Update to samab 4.11.5 + CVE-2019-14902: Replication of ACLs down subtree on AD Directory is not automatic; (bso#12497); (bsc#1160850). + CVE-2019-19344: Fix server crash with dns zone scavenging = yes; (bso#14050); (bsc#1160852). + CVE-2019-14907: server-side crash after charset conversion failure (eg during NTLMSSP processing); (bso#14208); (bsc#1160888).- Update to samba 4.11.4 + Ensure SMB1 cli_qpathinfo2() doesn\'t return an inode number; (bso#14161). + Ensure we don\'t call cli_RNetShareEnum() on an SMB1 connection; (bso#14174). + NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in SMBC_opendir_ctx; (bso#14176). + SMB2 - Ensure we use the correct session_id if encrypting an interim response; (bso#14189). + Prevent smbd crash after invalid SMB1 negprot; (bso#14205). + printing: Fix %J substition; (bso#13745). + Remove now unneeded call to cmdline_messaging_context(); (bso#13925). + Fix incomplete conversion of former parametric options; (bso#14069). + Fix sync dosmode fallback in async dosmode codepath; (bso#14070). + vfs_fruit returns capped resource fork length; (bso#14171). + libnet_join: Add SPNs for additional-dns-hostnames entries; (bso#14116). + smbd: Increase a debug level; (bso#14211). + Prevent azure ad connect from reporting discovery errors reference-value-not-ldap-conformant; (bso#14153). + krb5_plugin: Fix developer build with newer heimdal system library; (bso#14179). + replace: Only link libnsl and libsocket if required; (bso#14168); + ctdb: Incoming queue can be orphaned causing communication; breakdown; (bso#14175). + ldb: Release ldb 2.0.8. Cross-compile will not take cross-answers or cross-execute; (bso#13846). + heimdal-build: Avoid hard-coded /usr/include/heimdal in asn1_compile-generated code; (bso#13856).
  
ICM