[opensuse-factory] New Tumbleweed snapshot 20180404 released!
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20180404 When you reply to report some issues, make sure to change the subject. It is not helpful to keep the release announcement subject in a thread while discussing a specific problem. Packages changed: binutils glibc glibc gpm hdf5 ldb (1.2.3 -> 1.3.2) libisoburn nano (2.9.4 -> 2.9.5) rpcbind (0.2.3 -> 0.2.4) samba (4.7.6+git.54.6e3276c9872 -> 4.8.0+git.19.f53c6c0aa6f) talloc (2.1.10 -> 2.1.11) tevent (0.9.34 -> 0.9.36) yast2-schema (4.0.1 -> 4.0.2) === Details === ==== binutils ==== Subpackages: binutils-devel - riscv-relax-relocatable.patch: RISC-V: Don't enable relaxation in relocatable link ==== glibc ==== Subpackages: glibc-32bit glibc-locale-32bit - i386-memmove-sse2-unaligned.patch: Fix SSE2 memmove issue when crossing 2GB boundary (BZ #22644) - res-send-enomem.patch: Fix crash in resolver on memory allocation failure (bsc#1086690, BZ #23005) ==== glibc ==== Subpackages: glibc-devel glibc-extra glibc-info glibc-locale nscd - i386-memmove-sse2-unaligned.patch: Fix SSE2 memmove issue when crossing 2GB boundary (BZ #22644) - res-send-enomem.patch: Fix crash in resolver on memory allocation failure (bsc#1086690, BZ #23005) ==== gpm ==== Subpackages: libgpm2 - Use %license instead of %doc [bsc#1082318] ==== hdf5 ==== Subpackages: libhdf5-101 libhdf5_hl100 - Fix some typos, one trivial, two mispelled macros ==== ldb ==== Version update (1.2.3 -> 1.3.2) Subpackages: libldb1 libldb1-32bit python-ldb - Update to 1.3.2; + Expose the SHOW_BINARY, ENABLE_TRACING and DONT_CREATE_DB flag constants in the python api. + Don't load LDB_MODULESDIR as a module file. + Fix binary data in debug log (bug #13185). + Intersect the index from SCOPE_ONELEVEL with the index for the search expression (bso#13191) + GUID Index support. ==== libisoburn ==== Subpackages: libisoburn1 xorriso - Split out xorriso-tcltk from xorriso: The frontend is advertised as proof-of-concept by upstream. Additionally, we can save a dependency on Tcl/Tk on the main xorriso package. - Cleanup using spec-cleaner: + use SPDX3 license string. + Package licence files as license, not doc (boo#1082318). ==== nano ==== Version update (2.9.4 -> 2.9.5) Subpackages: nano-lang - GNU nano 2.9.5: * change the way the Scroll-Up and Scroll-Down commands work (M-- and M-+): instead of keeping the cursor in the same screen position they now keep the cursor in the same text position (if possible) * add a new color name, "normal", which gives the default foreground or background color, which is useful for reverting some overzealous painting by earlier syntax regexes * fix a segfault when trying to insert a file in restricted mode * fix the reading in of a new file being "undoable", * fix a slight miswrapping of help texts when --linenumbers was used * fix the shell syntax coloring the word "tar" in file names ==== rpcbind ==== Version update (0.2.3 -> 0.2.4) - Correctly rebase 0001-systemd-unit-files.patch: Since upstream now ships systemd service files, we must no longer create full unit files, but only correct the existing ones (adding EnvironmentFile statement). - Use %license instead of %doc [bsc#1082318] - Update to 0.2.4: + Memory corruption fix + Moved the default state directory to /var/run + Systemd unit files were added. - cleanup with spec-cleaner - don't ship NEWS or ChangeLog, these are not maintained - rebase 0001-systemd-unit-files.patch - remove upstreamed patches * drop 0002-handle_reply-Don-t-use-the-xp_auth-pointer-directly.patch * drop 0003-Delete-the-unix-socket-only-if-we-have-created-it.patch * drop 0004-Fix-memory-corruption-in-PMAP_CALLIT-code.patch * drop 0005-security.c-removed-warning.patch * drop 0006-don-t-use-svc_fdset.patch * drop 0012-Move-default-state-dir-to-a-subdirectory-of-var-run.patch ==== samba ==== Version update (4.7.6+git.54.6e3276c9872 -> 4.8.0+git.19.f53c6c0aa6f) Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-policy0 libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient-devel libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap2 libsmbldap2-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-doc samba-dsdb-modules samba-kdc samba-kdc-32bit samba-libs samba-libs-32bit samba-python samba-winbind samba-winbind-32bit - Specfile cleanup + Remove %if..%endif guards which don't affect the build + Remove redundant %clean section + Replace old $RPM_* shell vars with macros - BuildRequire pkgconfig(systemd) and pkgconfig(libsystemd) in place of systemd and systemd-devel: Allow OBS to optimize the workload by allowing the usage of the 'build-optimized' systemd packages. - Enable building samba with python3, and create a samba-python3 package. - Update to 4.8 + New GUID Index mode in sam.ldb for the AD DC + GPO support for samba KDC + Time machine support with vfs_fruit + Encrypted secrets + AD Replication visualization + Improved trust support - ability to not scan global trust list - AD external trusts have limited support - verbose trusted domain listing + VirusFilter VFS module + NT4-style replication removed + vfs_aio_linux removed ==== talloc ==== Version update (2.1.10 -> 2.1.11) Subpackages: libtalloc2 libtalloc2-32bit python-talloc python-talloc-32bit - Eliminate usage of %__cp and %__mkdir_p. - Update to version 2.1.11 + disable-python - fix talloc wscript if bundling disabled + Do not disclose the random talloc magic in free()'ed memory ==== tevent ==== Version update (0.9.34 -> 0.9.36) Subpackages: libtevent0 libtevent0-32bit python-tevent - Update to version 0.9.36; (bso#13291); + improve documentation of tevent_queue_add_optimize_empty() + add tevent_queue_entry_untrigger() + Minor cleanup. wakeup_fd can always be gotten from the event context. + Use smb_set_close_on_exec() in example code. - Use tirpc on newer sytems ==== yast2-schema ==== Version update (4.0.1 -> 4.0.2) - Fix several validation problems (bsc#1013047) - 4.0.2 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Dominique Leuenberger wrote:
==== samba ==== Version update (4.7.6+git.54.6e3276c9872 -> 4.8.0+git.19.f53c6c0aa6f) Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-policy0 libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient-devel libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap2 libsmbldap2-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-doc samba-dsdb-modules samba-kdc samba-kdc-32bit samba-libs samba-libs-32bit samba-python samba-winbind samba-winbind-32bit
- Specfile cleanup + Remove %if..%endif guards which don't affect the build + Remove redundant %clean section + Replace old $RPM_* shell vars with macros - BuildRequire pkgconfig(systemd) and pkgconfig(libsystemd) in place of systemd and systemd-devel: Allow OBS to optimize the workload by allowing the usage of the 'build-optimized' systemd packages. - Enable building samba with python3, and create a samba-python3 package. - Update to 4.8 + New GUID Index mode in sam.ldb for the AD DC + GPO support for samba KDC + Time machine support with vfs_fruit + Encrypted secrets + AD Replication visualization + Improved trust support - ability to not scan global trust list - AD external trusts have limited support - verbose trusted domain listing + VirusFilter VFS module + NT4-style replication removed + vfs_aio_linux removed After upgrading Samba 4.7.6 to 4.8.0 I could not authenticate anymore from Windows 10 and with mount.cifs. smbclient had no problems.
From /var/log/samba/log.smbd: [2018/04/09 21:26:50.820964, 2] ../source3/auth/auth.c:332(auth_check_ntlm_password) check_ntlm_password: Authentication for user [myusername] -> [myusername] FAILED with error NT_STATUS_LOGON_FAILURE, authoritative=1 [2018/04/09 21:26:50.821022, 2] ../auth/auth_log.c:760(log_authentication_event_human_readable) Auth: [SMB2,(null)] user []\[myusername] at [Mon, 09 Apr 2018 21:26:50.821006 CEST] with [NTLMv2] status [NT_STATUS_LOGON_FAILURE] workstation [] remote host [ipv4:192.168.111.11:54644] mapped to []\[myusername]. local host [ipv4:192.168.111.2:445]
I tried various combinations of the "mount.cifs" options "sec" and "vers" without luck. After downgrading to Samba 4.7.6 with "tumbleweed switch 20180401" the issue was resolved. Any ideas? Greetings, Björn -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
After upgrading Samba 4.7.6 to 4.8.0 I could not authenticate anymore from Windows 10 and with mount.cifs. smbclient had no problems.
From /var/log/samba/log.smbd: [2018/04/09 21:26:50.820964, 2] ../source3/auth/auth.c:332(auth_check_ntlm_password) check_ntlm_password: Authentication for user [myusername] -> [myusername] FAILED with error NT_STATUS_LOGON_FAILURE, authoritative=1 [2018/04/09 21:26:50.821022, 2] ../auth/auth_log.c:760(log_authentication_event_human_readable) Auth: [SMB2,(null)] user []\[myusername] at [Mon, 09 Apr 2018 21:26:50.821006 CEST] with [NTLMv2] status [NT_STATUS_LOGON_FAILURE] workstation [] remote host [ipv4:192.168.111.11:54644] mapped to []\[myusername]. local host [ipv4:192.168.111.2:445]
I tried various combinations of the "mount.cifs" options "sec" and "vers" without luck.
After downgrading to Samba 4.7.6 with "tumbleweed switch 20180401" the issue was resolved. I could fix my Samba 4.8.0 installation by removing the [global] option "domain logons" for NT4 domain logons. I do not know the reason, why
Bjoern Voigt wrote: this is necessary. Greetings, Björn -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Bjoern Voigt wrote:
After upgrading Samba 4.7.6 to 4.8.0 I could not authenticate anymore from Windows 10 and with mount.cifs. smbclient had no problems. I got exactly the same issue with my recently updated Tumbleweed and all Windows 7 laptops trying to connect. Windows 10 works and I can connect to other linux workstations, thus it hardly looks like the same issue. Log is same
From /var/log/samba/log.smbd: [2018/04/09 21:26:50.820964, 2] ../source3/auth/auth.c:332(auth_check_ntlm_password) check_ntlm_password: Authentication for user [myusername] -> [myusername] FAILED with error NT_STATUS_LOGON_FAILURE, authoritative=1 [2018/04/09 21:26:50.821022, 2] ../auth/auth_log.c:760(log_authentication_event_human_readable) Auth: [SMB2,(null)] user []\[myusername] at [Mon, 09 Apr 2018 21:26:50.821006 CEST] with [NTLMv2] status [NT_STATUS_LOGON_FAILURE] workstation [] remote host [ipv4:192.168.111.11:54644] mapped to []\[myusername]. local host [ipv4:192.168.111.2:445]
After downgrading to Samba 4.7.6 with "tumbleweed switch 20180401" the issue was resolved.
I don't want to roll back to an older tumbleweed since this will get me in other troubles with the graphics card
I could fix my Samba 4.8.0 installation by removing the [global] option "domain logons" for NT4 domain logons. I do not know the reason, why this is necessary.
I have no such entry in my smb.conf, the only entries connected to that topic are: [global] workgroup = XXX password server = xxx.xxx.xxx.xxx ... log level = 1 auth:10 winbind:10 ... usershare allow guests = No #kerberos method = secrets and keytab realm = XXX.XXX.XXX security = ADS ... #usershare max shares = 100 #client use spnego = yes #client signing = yes It doesn't matter if I comment those in/out, thus I am now a bit stuck between here and nowhere. Is there a simple way to downgrade only samba in order to further test? I didn't found a simple way yet to downgrade that package only, but I will if I can access the rpms. However, this should be only the final step to verify between which update of samba this happened (4.7.6->4.8.0->4.8.1) This email and any attachments are intended solely for the use of the individual or entity to whom it is addressed and may be confidential and/or privileged. If you are not one of the named recipients or have received this email in error, (i) you should not read, disclose, or copy it, (ii) please notify sender of your receipt by reply email and delete this email and all attachments, (iii) Dassault Systemes does not accept or assume any liability or responsibility for any use of or reliance on this email. For other languages, go to http://www.3ds.com/terms/email-disclaimer N�����r��y隊Z)z{.���r�+�맲��r��z�^�ˬz��N�(�֜��^� ޭ隊Z)z{.���r�+��0�����Ǩ�
participants (3)
-
Bjoern Voigt -
Dominique Leuenberger -
EMMEL Thomas