Mailinglist Archive: opensuse-factory (1009 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20170417 released!

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20170417

When you reply to report some issues, make sure to change the subject.
It is not helpful to keep the release announcement subject in a thread
while discussing a specific problem.

Packages changed:
Mesa
alsa
bogofilter
ebtables
emacs
ethtool (4.8 -> 4.10)
frameworkintegration
kdelibs4support
ktexteditor
kxmlgui
libcamgm
libglvnd
libgphoto2 (2.5.12.1 -> 2.5.13)
libidn
libmtp (1.1.12 -> 1.1.13)
libpciaccess (0.13.4 -> 0.13.5)
libsndfile (1.0.26 -> 1.0.28)
mjpegtools
pciutils-ids (20170215 -> 20170403)
perl-XML-SAX-Base (1.08 -> 1.09)
plasma5-desktop
plasma5-openSUSE
plasma5-workspace
postfix
qscintilla
samba (4.5.3 -> 4.6.2)
sddm
sqlite3 (3.17.0 -> 3.18.0)
talloc (2.1.8 -> 2.1.9)
v4l-utils (1.12.2 -> 1.12.3)
wayland
yast2-fonts (3.1.17 -> 3.2.0)

=== Details ===

==== Mesa ====
Subpackages: Mesa-dri-devel Mesa-dri-nouveau Mesa-libEGL-devel Mesa-libEGL1
Mesa-libGL-devel Mesa-libGL1 Mesa-libglapi0 Mesa-libglapi0-32bit Mesa-libva
libOSMesa8 libOSMesa8-32bit libgbm1 libvdpau_nouveau libvdpau_r300
libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon
libwayland-egl1 libxatracker2

- only reverse-apply 'U_draw-use-SoA-fetch-not-AoS-one.patch' on
s390x (bsc#1032272)
- build wayland on Leap >= 42.3
- separate package 'Mesa-dri-nouveau' on Leap
- removed broken locking patches for nouveau DRI driver
* N_01-WIP-nouveau-add-locking.patch
*
N_02-nouveau-more-locking-make-sure-that-fence-work-is-always-done-with-the-push-mutex-acquired.patch
* N_03-nv30-locking-fixes.patch
* N_04-nv50-Fix-double-lock-in-nv50_hw_sm_get_query_result.patch
* N_05-Use-nv50_render_condition-in-nv50_blitctx_post_blit.patch
- let Mesa require Mesa-libGL1 for a libglvnd build (bsc#1033708)
- U_draw-use-SoA-fetch-not-AoS-one.patch
* reverse-apply this patch to fix OpenGL support on s390x
(bsc#1032272)

==== alsa ====
Subpackages: alsa-devel libasound2 libasound2-32bit

- Disable dmix var_periodsize as default (boo#1033179)
0097-pcm-dmix-Disable-var_periodsize-as-default.patch
- Workaround for binary incompatibility of dmix shm (boo#1033080):
0098-dmix-Workaround-for-binary-incompatibility.patch
- Backport upstream fix patches, including the deadlock fix for
aplay/arecord (boo#1031525):
0001-ucm-Add-ATTRIBUTE_UNUSED-for-unused-parameters-of-ex.patch
0002-ucm-parser-needs-limits.h.patch
0003-pcm-direct-allow-users-to-configure-different-period.patch
0004-pcm-dshare-enable-silence.patch
0005-pcm-rate-fix-the-hw_ptr-update-until-the-boundary-av.patch
0006-plugin-dynamically-update-avail_min-on-slave.patch
0007-rate-dynamic-update-avail_min-on-slave.patch
0008-topology-fix-unused-const-variable-warning.patch
0009-seq-improve-documentation-about-new-get-pid-card-fun.patch
0010-pcm-direct-returning-semop-error-code-for-semaphore-.patch
0011-pcm-direct-Fix-for-sync-issue-on-xrun-recover.patch
0012-pcm-direct-check-state-before-enter-poll-on-timer.patch
0013-pcm-direct-don-t-return-bogus-buffer-levels-in-xrun-.patch
0014-conf-ucm-broxton-add-broxton-rt298-conf-files.patch
0015-pcm-direct-Fix-deadlock-in-poll_descriptors.patch
0016-ucm-Assure-the-user-input-card-name-not-to-exceed-ma.patch
0017-ucm-Load-device-specific-configuration-file-based-on.patch
0018-ucm-Add-command-get-_file-to-get-the-config-file-nam.patch
0019-topology-Fix-incorrect-license-in-source-comments.patch
0020-conf-cards-add-support-for-pistachio-card.patch
0021-pcm-multi-Drop-the-fixed-slave_map-in-snd_pcm_multi_.patch
0022-conf-Add-card-config-for-Intel-HDMI-DP-LPE-audio.patch
0023-pcm-Avoid-lock-for-snd_pcm_nonblock.patch
0024-pcm-Disable-locking-in-async-mode.patch
0025-pcm-dmix-Allow-disabling-x86-optimizations.patch
0026-pcm-dmix_rewind-corrupts-application-pointer-fix.patch
0027-pcm-direct-fix-race-on-clearing-timer-events.patch
0028-pcm-file-Enable-file-writing-for-capture-path.patch
0029-pcm-status-dump-fix-timestamp-formatting.patch
0030-pcm-extplug-refinement-of-masks-in-extplug.patch
0031-pcm-rate-Add-capability-to-pass-configuration-node-t.patch
0032-Drop-ppc64-specific-workaround-for-versioned-symbols.patch
0033-pcm_plugin-unify-the-snd_pcm_mmap_begin-result-value.patch
0034-always-handle-return-value-from-snd_config_get_id-co.patch
0035-pcm-file-plugin-handle-snd_pcm_mmap_begin-error-path.patch
0036-topology-coverity-remove-dead-code.patch
0037-ucm-parser-fix-possible-string-overflow-in-uc_mgr_im.patch
0038-dmix-plugin-fix-drain-for-nonblock-mode.patch
0039-dmix-plugin-drain-quickfix-for-the-previous-patch.patch
0040-rawmidi-virtual-fix-reading-into-a-small-buffer.patch
0041-conf-cards-add-VC4-HDMI-card.patch
0042-pcm-plug-save-converter-config.patch
0043-pcm-file-delegate-htimestamping-to-slave-instead-of-.patch

==== bogofilter ====
Subpackages: bogofilter-common bogofilter-db

- Small spec file cleanup
- Adjust usage of update-alternatives

==== ebtables ====

- cleanup with spec-cleaner
- get rid of %{name} macros in the patch names
- remove sysvinit support

==== emacs ====
Subpackages: emacs-info emacs-nox emacs-x11 etags

- build with ImageMagick 7 [bsc#1033077]
+ emacs-25.2-ImageMagick7.patch
- Check if "-no-pie" is known to the compiler/linker
- also pass "-no-pie" as linkerflag to disable PIE.

==== ethtool ====
Version update (4.8 -> 4.10)

- Update to new upstream release 4.10
* Fix: Fix the "advertise" parameter logic.
* Feature: Implement ETHTOOL_PHY_GTUNABLE/ETHTOOL_PHY_STUNABLE and PHY
downshift
* Feature: add register dump support for fjes driver (-d option)
- add keyring with John Linville's key for tarball verification

==== frameworkintegration ====
Subpackages: frameworkintegration-devel frameworkintegration-plugin libKF5Style5

- Enable AppStreamQt only for Leap 42.2+ and TW
- Enable cmake(packagekitqt5)

==== kdelibs4support ====
Subpackages: kdelibs4support-devel libKF5KDELibs4Support5

- Drop use-setFallbackSessionManagementEnabled-API-with-5.5.1.patch
as we don't build against Qt 5.5.1 any more

==== ktexteditor ====
Subpackages: ktexteditor-devel

- Enable editorconfig support only on TW and Leap >= 42.2
- Enable editorconfig support

==== kxmlgui ====
Subpackages: kxmlgui-devel libKF5XmlGui5

- Drop use-setFallbackSessionManagementEnabled-API-with-5.5.1.patch
as we don't build against Qt 5.5.1 any more

==== libcamgm ====
Subpackages: libcamgm100 perl-camgm

- libcamgm-gcc7.patch: fix build with GCC7

==== libglvnd ====
Subpackages: libglvnd-devel libglvnd0 libglvnd0-32bit

- Replace old $RPM_ shell vars by macros
- Converge on one style of using macros (drop curlies)
- RPM group correction

==== libgphoto2 ====
Version update (2.5.12.1 -> 2.5.13)
Subpackages: libgphoto2-6 libgphoto2-6-32bit libgphoto2-devel

- updated to 2.5.13 release
See below in 2.5.12.1 pre relase, also:
pentax:
* Now using the pktriggercord codebase
* lots of improvements
* Please report missing Pentax K USB ids that are supported by pktriggercord!

==== libidn ====
Subpackages: libidn-devel libidn11

- Add patches to build with gcc7:
* libidn-gcc7-part1.patch

==== libmtp ====
Version update (1.1.12 -> 1.1.13)
Subpackages: libmtp-devel libmtp-udev libmtp9

- updated to 1.1.13 release (bsc#1033830)
- lots of new USB id updates
- getpartialobject64 fixed for non x86_64
- some too strict bugflags removed for Galaxy S and Motorola G2

==== libpciaccess ====
Version update (0.13.4 -> 0.13.5)
Subpackages: libpciaccess-devel libpciaccess0

- Update to version 0.13.5:
This release includes musl build fixes, improvements to the
Solaris backend and allows parsing separate sysfs files rather
than reading the config file on newer kernels.

==== libsndfile ====
Version update (1.0.26 -> 1.0.28)
Subpackages: libsndfile-devel libsndfile1 libsndfile1-32bit

- Update to version 1.0.27:
* Fix a seek regression in 1.0.26
* Add metadata read/write for CAF and RF64
* FIx PAF endian-ness issue
- Update to version 1.0.28
* Fix buffer overruns in FLAC and ID3 handling code
(CVE-2017-7585, CVE-2017-7586, bsc#1033054, bsc#1033053)
* Reduce default header memory requirements
* Fix detection of Large File Support for 32 bit systems.
- Obsoleted patch:
libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch

==== mjpegtools ====
Subpackages: libmjpegutils-2_0-0

- mjpegtools-more-pie.patch: remove some -fno-PIC calls. They
do not seem to be necessary and break PIE builds.
(The compiler would warn if the assembler would not build.)

==== pciutils-ids ====
Version update (20170215 -> 20170403)

- Update to 20170403

==== perl-XML-SAX-Base ====
Version update (1.08 -> 1.09)

- updated to 1.09
see /usr/share/doc/packages/perl-XML-SAX-Base/Changes
1.09 2017-04-03 21:00:06+12:00 Pacific/Auckland
- fix test suite to work without '.' in @INC (RT#120435, pull request
from James E Keenan)

==== plasma5-desktop ====

- Add upstreamed patch to allow switching off baloo content indexing:
* 0001-kcm_baloofile-Add-option-to-disable-file-content-ind.patch
- Remove empty files in %_kf5_appstreamdir

==== plasma5-openSUSE ====
Subpackages: plasma5-defaults-openSUSE plasma5-theme-openSUSE
plasma5-workspace-branding-openSUSE sddm-theme-openSUSE

- Enable "only basic indexing" in /etc/xdg/baloofilerc
- Add fullscreenpreview.jpg to look-and-feel
- Specify default AnimationSpeed=2 in /etc/xdg/kwinrc.
Slightly faster than the default, appears "snappier".

==== plasma5-workspace ====
Subpackages: drkonqi5 plasma5-workspace-devel plasma5-workspace-libs

- Add patch to fix some logout UI issues:
* 0001-Some-UI-fixes-for-logout-dialog.patch
- Remove empty files in %_kf5_appstreamdir

==== postfix ====
Subpackages: postfix-doc

- Some cleanups
* Fix SUSE postfix-files to avoid chown errors (anyway this file
seems to be obsolete)
* Avoid installing shared libraries twice
* Refresh patch postfix-linux45.patch
- update postfix-master.cf.patch
* recover lost (with 3.2.0 update) submission, smtps sections
* merge with upstream update
- update config.postfix
* update master.cf generation for submission
- rebase patches against 3.2.0
* pointer_to_literals.patch
* postfix-no-md5.patch
* postfix-ssl-release-buffers.patch
* postfix-vda-v14-3.0.3.patch

==== qscintilla ====

- Implement single-spec version

==== samba ====
Version update (4.5.3 -> 4.6.2)
Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0
libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0
libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit
libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit
libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0
libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit
libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit
libsmbclient-devel libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap0
libsmbldap0-32bit libtevent-util0 libtevent-util0-32bit libwbclient0
libwbclient0-32bit samba-client samba-client-32bit samba-doc samba-libs
samba-libs-32bit samba-winbind samba-winbind-32bit

- Update to 4.6.2
+ remove bso#12721 patches now upstream
- Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622).
+ x86-64 and aarch64
- Enable librados CTDB lock helper for samba-ceph package; (fate#321622).
- Build and install the html man pages (bsc#1021907).
- Fix CVE-2017-2619 regression with "follow symlinks = no";
(bso#12721).
- Update to 4.6.1
+ symlink race permits opening files outside share directory;
CVE-2017-2619; (bso#12496); (bsc#1027147)
+ testparm checks for valid idmap parameters
+ add new krb client encryption types
+ support for printer driver upload from windows 10
+ inherit owner = 'unix only' for improved quota support
+ improved CTDB event support
+ new primary group support for idmap_ad
+ idmap_hash deprecated
+ mvxattr added to recursively rename extended attributes
- Remove chkconfig requirements for systemd systems
- Don't call insserv if systemd is used
- Fix check if we need to require insserv
- Force usage of ncurses6-config thru NCURSES_CONFIG env var;
(bsc#1023847).
- add missing patch for libnss_wins segfault; (bsc#995730).
- Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933).
- Add base Samba dependency to samba-ceph package.
- Update to 4.5.3
+ Heap-based Buffer Overflow Remote Code Execution Vulnerability;
CVE-2016-2123; (bso#12409); (bsc#1014437).
+ Don't send delegated credentials to all servers; CVE-2016-2125;
(bso#12445); (bsc#1014441).
+ denial of service due to a client triggered crash in the winbindd
parent process; CVE-2016-2126; (bso#12446); (bsc#1014442).
- 4.5.1 and 4.5.2 updates
+ various streams vfs fixes
+ various printing fixes
+ ntlm_auth: do not map explicitly empty domain
+ various stability fixes in smbd
+ match file compression ReFS behavior
- Include vfstest in samba-test; (bsc#1001203).
- s3/winbindd: using default domain with user@xxxxxxxxxx format
fails; (bsc#997833).
- Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730).
- Update to 4.5.0
+ NTLM1 Authentication disabled by default
+ SMB2.1 leases enabled by default
+ Support for OFD locks
+ ctdb tool rewritten
+ Added shadow copy snapshot prefix parameter
- Fix illegal memory access after memory has been deleted;
(bso#11836); (bsc#975299).
- Don't package man pages for VFS modules that aren't built;
(boo#993707).
- Fix population of ctdb sysconfig after source merge; (bsc#981566).
- Enable vfs_ceph builds for Factory (x86-64)
+ Package as samba-ceph to avoid Ceph dependency in base package.
- Update to 4.4.5
+ Prevent client-side SMB2 signing downgrade; CVE-2016-2119;
(bso#11860); (bsc#986869).
- Remove obsolete syslog.target; (bsc#983938).
- Honor smb.conf socket options in winbind; (bsc#975131).
- Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522).
- Update to 4.4.4
+ SMB3 multichannel: Add implementation of missing channel sequence
number verification; (bso#11809).
+ smbd:close: Only remove kernel share modes if they had been
taken at open; (bso#11919).
+ notifyd: Prevent NULL deref segfault in notifyd_peer_destructor;
(bso#11930).
+ s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796).
+ Fix case sensitivity issues over SMB2 or above; (bso#11438).
+ s3:smbd: Fix anonymous authentication if signing is mandatory.
(bso#11910)
+ Fix NTLM Authentication issue with squid; (bso#11914).
+ pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530).
+ Fix memory leak in share mode locking; (bso#11934).
- Update to 4.4.3
+ Various post-badlock regressions; (bso#11841); (bso#11850);
(bso#11858); (bso#11870); (bso#11872).
+ Only allow idmap_hash for default idmap config (bso#11786).
+ smbd: Avoid large reads beyond EOF; (bso#11878).
+ vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls"
is set; (bso#11806).
+ libads: Record session expiry for spnego sasl binds; (bso#11852).
- Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849);
(bsc#975962).
- Revert shared library packaging to comply with SLPP
- Update to 4.4.2
+ A man-in-the-middle can downgrade NTLMSSP authentication;
CVE-2016-2110; (bso#11688); (bsc#973031).
+ Domain controller netlogon member computer can be spoofed;
CVE-2016-2111; (bso#11749); (bsc#973032).
+ LDAP conenctions vulnerable to downgrade and MITM attack;
CVE-2016-2112; (bso#11644); (bsc#973033).
+ TLS certificate validation missing; CVE-2016-2113; (bso#11752);
(bsc#973034).
+ Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115;
(bso#11756); (bsc#973036).
+ "Badlock" DCERPC impersonation of authenticated account possible;
CVE-2016-2118; (bso#11804); (bsc#971965).
+ DCERPC server and client vulnerable to DOS and MITM attacks;
CVE-2015-5370; (bso#11344); (bsc#936862).
- Obsolete libsmbclient from libsmbclient0 while not providing it;
(bsc#972197).
- Update to 4.4.0.
+ Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686);
CVE-2016-0771.
+ Getting and setting Windows ACLs on symlinks can change permissions on link
target; (bso#11648); CVE-2015-7560.
+ Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543.
+ s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem
with no ACL support; (bso#10489).
+ docs: Add example for domain logins to smbspool man page; (bso#11643).
+ smbd: Show correct disk size for different quota and dfree block sizes;
(bso#11681).
+ docs: Add smbspool_krb5_wrapper manpage; (bso#11690).
+ winbindd: Return trust parameters when listing trusts; (bso#11691).
+ ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696).
+ Crypto.Cipher.ARC4 is not available on some platforms, fallback to
M2Crypto.RC4.RC4 then; (bso#11699).
+ s3:utils/smbget: Set default blocksize; (bso#11700).
+ Streamline 'smbget' options with the rest of the Samba utils; (bso#11700).
+ s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702).
+ s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703).
+ loadparm: Fix memory leak issue; (bso#11708).
+ lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
+ s3:vfs:glusterfs: Fix build after quota changes; (bso#11715).
+ ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719).
+ lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723).
+ smbd: Fix CID 1351215 Improper use of negative value; (bso#11724).
+ smbd: Fix CID 1351216 Dereference null return value; (bso#11725).
+ s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new
file; (bso#11727).
+ docs: Add manpage for cifsdd; (bso#11730).
+ param: Fix str_list_v3 to accept ; again; (bso#11732).
+ lib/socket: Fix improper use of default interface speed; (bso#11734).
+ lib:socket: Fix CID 1350009: Fix illegal memory accesses
(BUFFER_SIZE_WARNING); (bso#11735).
+ libcli: Fix debug message, print sid string for new_ace trustee;
(bso#11738).
+ Fix installation path of Samba helper binaries; (bso#11739).
+ Fix memory leak in loadparm; (bso#11740).
+ tevent: version 0.9.28: Fix memory leak when old signal action restored;
(bso#11742).
+ smbd: Ignore SVHDX create context; (bso#11753).
+ Fix net join; (bso#11755).
+ s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add;
(bso#11755).
+ passdb: Add linefeed to debug message; (bso#11763).
+ s3:utils/smbget: Fix option parsing; (bso#11767).
+ libnet: Make Kerberos domain join site-aware; (bso#11769).
+ Reset TCP Connections during IP failover; (bso#11770).
+ ldb: Version 1.1.26; (bso#11772).
+ s3:smbd: Add negprot remote arch detection for OSX; (bso#11773).
+ vfs_glusterfs: Fix use after free in AIO callback; (bso#11774).
+ mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780).
+ "trustdom_list_done: Got invalid trustdom response" message should be
avoided; (bso#11782).
+ Mismatch between local and remote attribute ids lets replication fail with
custom schema; (bso#11783).
+ Quota is not supported on Solaris 10; (bso#11788).
+ Talloc: Version 2.1.6; (bso#11789).
+ smbd: Enable multi-channel if 'server multi channel support = yes' in the
config; (bso#11796).
+ build: Fix build when '--without-quota' specified; (bso#11798).
+ lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802).
+ Access based share enum: handle permission set in configuration files;
(bso#8093).
+ See also WHATSNEW.txt from the samba-doc package.
- Update to 4.3.6.
+ Getting and setting Windows ACLs on symlinks can change permissions on link
target; CVE-2015-7560; (bso#11648); (bsc#968222).
+ Fix Out-of-bounds read in internal DNS server; CVE-2016-0771;
(bso#11128); (bso#11686); (bsc#968223).
- Upgrade on-disk FSRVP server state to new version; (bsc#924519).
- Only obsolete but do not provide gplv2/3 package names; (bsc#968973).
- Relocate existing lock files to /var/lib/samba/lock; (bsc#968963).
- Obsolete no longer existing samba-32bit package; (bsc#967625).
- Update to 4.3.5.
+ s3:utils/smbget: Fix recursive download; (bso#6482).
+ s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi
with no ACL support; (bso#10489).
+ s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks;
(bso#11400).
+ vfs_shadow_copy2: Fix case where snapshots are outside the share;
(bso#11580).
+ smbclient: Query disk usage relative to current directory; (bso#11662).
+ winbindd: Handle expired sessions correctly; (bso#11670).
+ smbd: Show correct disk size for different quota and dfree block sizes;
(bso#11681).
+ smbcacls: Fix uninitialized variable; (bso#11682).
+ s3:smbd: Ignore initial allocation size for directory creation;
(bso#11684).
+ s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).
+ s3-parm: Clean up defaults when removing global parameters; (bso#11693).
+ Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699).
+ s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703).
+ ctdb: Remove error messages after kernel security update; CVE-2015-8543;
(bso#11705).
+ loadparm: Fix memory leak issue; (bso#11708).
+ lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
+ ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ...";
(bso#11719).
+ s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new
file; (bso#11727).
+ param: Fix str_list_v3 to accept ";" again; (bso#11732).
- Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361).
- Simplify shared library packaging; (bsc#966956).
- Enable clustering (CTDB) support; (bsc#966271).
- s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703);
(bsc#964023).
- Add quotes around path of update-apparmor-samba-profile; (bnc#962177).
- Remove autoconf build-time requirement.
- Update to 4.3.4.
+ vfs_fruit: Enable POSIX directory rename semantics; (bso#11065).
+ Crash: Bad talloc magic value - access after free; (bso#11394).
+ Copying files with vfs_fruit fails when using vfs_streams_xattr without
stream prefix and type suffix; (bso#11466).
+ samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given;
(bso#11613).
+ Fix a typo in the smb.conf manpage, explanation of idmap config;
(bso#11619).
+ Correctly initialize the list head when keeping a list of primary followed
by DFS connections; (bso#11624).
+ Reduce the memory footprint of empty string options; (bso#11625).
+ lib/async_req: Do not install async_connect_send_test; (bso#11639).
+ Fix typos in man vfs_gpfs; (bso#11641).
+ Make "hide dot files" option work with "store dos attributes = yes";
(bso#11645).
+ Fix a corner case of the symlink verification; (bso#11647); (bnc#960249).
+ Do not disable "store dos attributes" on-the-fly; (bso#11649).
+ Update lastLogon and lastLogonTimestamp; (bso#11659).
- Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249).
- Update to 4.3.3.
+ Malicious request can cause Samba LDAP server to hang, spinning using CPU;
CVE-2015-3223; (bso#11325); (bnc#958581).
+ Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599);
(bnc#958586).
+ Insufficient symlink verification (file access outside the share);
CVE-2015-5252; (bso#11395); (bnc#958582).
+ No man in the middle protection when forcing smb encryption on the client
side; CVE-2015-5296; (bso#11536); (bnc#958584).
+ Currently the snapshot browsing is not secure thru windows previous version
(shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583).
+ Fix Microsoft MS15-096 to prevent machine accounts from being changed into
user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).
- Update to 4.3.2.
+ vfs_gpfs: Re-enable share modes; (bso#11243).
+ dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327).
+ s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute
type of zero; (bso#11452).
+ Add libreplace dependency to texpect, fixes a linking error on Solaris;
(bso#11511).
+ s4: Fix linking of 'smbtorture' on Solaris; (bso#11512).
+ s4:lib/messaging: Use correct path for names.tdb; (bso#11562).
+ Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins;
(bso#11563).
+ async_req: Fix non-blocking connect(); (bso#11564).
+ auth: gensec: Fix a memory leak; (bso#11565).
+ lib: util: Make non-critical message a warning; (bso#11566).
+ Fix winbindd crashes with samlogon for trusted domain user; (bso#11569).
+ smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).
+ ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577).
+ s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer;
(bso#11581).
+ s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581).
+ manpage: Correct small typo error; (bso#11584).
+ s3: smbd: If EAs are turned off on a share don't allow an SMB2 create
containing them; (bso#11589).
+ Backport some valgrind fixes from upstream master; (bso#11597).
+ auth: Consistent handling of well-known alias as primary gid; (bso#11608).
+ winbind: Fix crash on invalid idmap configs; (bso#11612).
+ s3: smbd: have_file_open_below() fails to enumerate open files below an
open directory handle; (bso#11615).
+ Changing log level of two entries to DBG_NOTICE; (bso#9912).
- Ensure samlogon fallback requests are rerouted after kerberos failure;
(bnc#953382); (bnc#953972).
- Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0.
- Always use the default optimization even on pre-9.2 systems.
- Remove redundant configure options while adding with-relro.
- Relocate the lockdir to the /var/lib/samba/lock directory.
- Cleanup and enhance the pidl sub package.
- Require renamed python-ldb-devel and python-talloc-devel at build-time.
- Requires python-ldb and python-talloc from the python subpackage.
- Update to 4.3.1.
+ s3: smbd: Fix our access-based enumeration on "hide unreadable" to match
Windows; (bso#10252).
+ nss_winbind: Fix hang on Solaris on big groups; (bso#10365).
+ smbd: Fix file name buflen and padding in notify repsonse; (bso#10634).
+ kerberos: Make sure we only use prompter type when available;
winbind: Fix 100% loop; (bso#11038).
+ source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053).
+ s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket;
(bso#11316).
+ s3: smbd: Fix mkdir race condition; (bso#11486).
+ pam_winbind: Fix a segfault if initialization fails; (bso#11502).
+ s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509).
+ s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related
subdirs; (bso#11515).
+ s3: smbd: Fix opening/creating :stream files on the root share directory;
(bso#11522).
+ lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526).
+ net: Fix a crash with 'net ads keytab create'; (bso#11528).
+ s3: smbd: Fix a crash in unix_convert(); (bso#11535).
+ s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix
(bso#11522); (bso#11535).
+ vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543).
+ vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547).
+ s3:locking: Initialize lease pointer in share_mode_traverse_fn();
(bso#11549).
+ s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550).
+ s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555).
+ s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names
is incorrect; (bso#11555).
- Fix 100% CPU in winbindd when logging in with "user must change password on
next logon"; (bso#11038).
- Relocate the tmpfiles.d directory to the client package; (bnc#947552).
- Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf
instead; (bnc#942716).
- Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051).
- Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502).
- Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15
systems; (bnc#945013).
- Update to 4.3.0.
+ Samba "map to guest = Bad uid" doesn't work; (bso#9862).
+ revert LDAP extended rule 1.2.840.113556.1.4.1941
LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493).
+ No objectClass found in replPropertyMetaData on ordinary objects
(non-deleted); (bso#10973).
+ Stream names with colon don't work with fruit:encoding = native;
(bso#11278).
+ NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291).
+ tevent_fd needs to be destroyed before closing the fd; (bso#11316).
+ "force group" with local group not working; (bso#11320).
+ strsep is not available on Solaris; (bso#11359).
+ smbtorture does not build when configured --with-system-mitkrb5;
(bso#11411).
+ Build with GPFS support is broken; (bso#11421).
+ Build broken with --disable-python; (bso#11424).
+ net share allowedusers crashes; (bso#11426).
+ nmbd incorrectly matches netbios names as own name; (bso#11427).
+ Python bindings don't check integer types; (bso#11429).
+ Python bindings don't check array sizes; (bso#11430).
+ CTDB's eventscript error handling is broken; (bso#11431).
+ Fix crash in nested ctdb banning; (bso#11432).
+ Cannot build ctdbpmda; (bso#11434).
+ samba-tool uncaught exception error; (bso#11436).
+ Crash in notify_remove caused by change notify = no; (bso#11444).
+ Poor SMB3 encryption performance with AES-GCM; (bso#11451).
+ Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451).
+ fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455).
+ --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and
install; (bso#11458).
+ xid2sid gives inconsistent results; (bso#11464).
+ ctdb: Fix the build on FreeBSD 10.1; (bso#11465).
+ Handling of 0 byte resource fork stream; (bso#11467).
+ AD samr GetGroupsForUser fails for users with "()" in their name;
(bso#11488).
- Configure with --bundled-libraries=NONE; (bso#11458).
- Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284).
- Remove libiniparser-devel build-time requirement.
- Update to 4.2.3.
+ s4:lib/tls: Fix build with gnutls 3.4; (bso#8780).
+ s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924).
+ winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991).
+ Logon via MS Remote Desktop hangs; (bso#11061).
+ s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068).
+ tevent: Add a note to tevent_add_fd(); (bso#11141).
+ s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170).
+ s3-unix_msg: Remove socket file after closing socket fd; (bso#11217).
+ smbd: Fix a use-after-free; (bso#11218); (bnc#919309).
+ s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces;
(bso#11245).
+ s3:smb2: Add padding to last command in compound requests; (bso#11277).
+ Add IPv6 support to ADS client side LDAP connects; (bso#11281).
+ Add IPv6 support for determining FQDN during ADS join; (bso#11282).
+ s3: IPv6 enabled DNS connections for ADS client; (bso#11283).
+ Fix invalid write in ctdb_lock_context_destructor; (bso#11293).
+ Excessive cli_resolve_path() usage can slow down transmission; (bso#11295).
+ vfs_fruit: Add option "veto_appledouble"; (bso#11305).
+ tstream: Make socketpair nonblocking; (bso#11312).
+ idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313).
+ Group creation: Add msSFU30Name only when --nis-domain was given;
(bso#11315).
+ tevent_fd needs to be destroyed before closing the fd; (bso#11316).
+ Build fails on Solaris 11 with "?PTHREAD_MUTEX_ROBUST? undeclared";
(bso#11319).
+ smbd/trans2: Add a useful diagnostic for files with bad encoding;
(bso#11323).
+ Change sharesec output back to previous format; (bso#11324).
+ Robust mutex support broken in 1.3.5; (bso#11326).
+ Kerberos auth info3 should contain resource group ids available from
pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info
exists in PAC; (bso#11328); (bnc#912457).
+ s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329).
+ tevent: Fix CID 1035381 Unchecked return value; (bso#11330).
+ tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331).
+ s3: smbd: Use separate flag to track become_root()/unbecome_root() state;
(bso#11339).
+ s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342).
+ pidl: Make the compilation of PIDL producing the same results if the
content hasn't change; (bso#11356).
+ winbindd: Disconnect child process if request is cancelled at main
process; (bso#11358).
+ vfs_fruit: Check offset and length for AFP_AfpInfo read requests;
(bso#11363).
+ docs: Overhaul the description of "smb encrypt" to include SMB3
encryption; (bso#11366).
+ s3:auth_domain: Fix talloc problem in connect_to_domain_password_server();
(bso#11367).
+ ncacn_http: Fix GNUism; (bso#11371).
- Disable rpath usage; (bnc#902421).
- Make the winbind package depend on the matching libwbclient version and
vice versa; (bnc#936909).
- Backport changes to use resource group sids obtained from pac logon_info;
(bso#11328); (bnc#912457).
- Order winbind.service Before and Want nss-user-lookup target.
- Remove fam-devel build-time dependency for post-6 RHEL systems.
- Update to 4.2.2.
+ s3:smbXsrv: refactor duplicate code into
smbXsrv_session_clear_and_logoff(); (bso#11182).
+ gencache: don't fail gencache_stabilize if there were records to delete;
(bso#11260).
+ s3: libsmbclient: After getting attribute server, ensure main srv pointer
is still valid; (bso#11186).
+ s4: rpc: Refactor dcesrv_alter() function into setup and send steps;
(bso#11236).
+ s3: smbd: Incorrect file size returned in the response of
"FILE_SUPERSEDE Create"; (bso#11240).
+ Mangled names do not work with acl_xattr; (bso#11249).
+ nmbd rewrites browse.dat when not required; (bso#11254).
+ vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff;
(bso#11213).
+ s3:smbd: Add missing tevent_req_nterror; (bso#11224).
+ vfs: kernel_flock and named streams; (bso#11243).
+ vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244).
+ s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses
are used; (bso#11284).
+ ctdb: check for talloc_asprintf() failure; (bso#11201).
+ spoolss: purge the printer name cache on name change; (bso#11210);
(bnc#901813).
+ CTDB statd-callout does not scale; (bso#11204).
+ vfs_fruit: also map characters below 0x20; (bso#11221).
+ ctdb: Coverity fix for CID 1291643; (bso#11201).
+ Multiplexed RPC connections are not handled by DCERPC server; (bso#11225).
+ Fix terminate connection behavior for asynchronous endpoint with PUSH
notification flavors; (bso#11226).
+ ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007).
+ ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201).
+ SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the
directory is deleted; (bso#11257).
+ s3:winbindd: make sure we remove pending io requests before closing client
sockets; (bso#11141); (bnc#931854).
+ Fix panic triggered by smbd_smb2_request_notify_done() ->
smbXsrv_session_find_channel() in smbd; (bso#11182).
+ 'sharesec' output no longer matches input format; (bso#11237).
+ waf: Fix systemd detection; (bso#11200).
+ CTDB: Fix portability issues; (bso#11202).
+ CTDB: Fix some IPv6-related issues; (bso#11203).
+ CTDB statd-callout does not scale; (bso#11204).
+ 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you
enter invalid values; (bso#11234).
+ libads: record service ticket endtime for sealed ldap connections;
(bso#11267).
+ lib/util: Include DEBUG macro in internal header files before samba_util.h;
(bso#11033).
- Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854).
- Remove the independently built libraries ldb, talloc, tdn, and tevent and
the post-10.3 renamed libsmbclient from baselibs.conf.
- Drop redundant doc attribute from man pages.
- Update to 4.2.1.
+ s3:winbind:grent: Don't stop group enumeration when a group has no gid;
(bso#8905).
+ Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791).
+ s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with
servers that don't send the 2 unused fields; (bso#10016).
+ build:wafadmin: Fix use of spaces instead of tabs; (bso#10476).
+ waf: Fix the build on openbsd; (bso#10476).
+ s3: client: "client use spnego principal = yes" code checks wrong name;
(bso#10888).
+ spoolss: Retrieve published printer GUID if not in registry; (bso#11018).
+ s3: lib: libsmbclient: If reusing a server struct, check every cli->timout
miliseconds if it's still valid before use; (bso#11079).
+ vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125).
+ backupkey: Explicitly link to gnutls and gcrypt; (bso#11135).
+ replace: Remove superfluous check for gcrypt header; (bso#11135).
+ Backport subunit changes; (bso#11137).
+ libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with
implementation; (bso#11140).
+ s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143).
+ talloc: Version 2.1.2; (bso#11144).
+ Update libwbclient version to 0.12; (bso#11149).
+ brlock: Use 0 instead of empty initializer list; (bso#11153).
+ s4:auth/gensec_gssapi: Let gensec_gssapi_update() return
NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164).
+ docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169);
(bnc#913304).
+ s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev
fails in the SMB1 case; (bso#11173).
+ backupkey: Use ndr_pull_struct_blob_all(); (bso#11174).
+ Fix lots of winbindd zombie processes on Solaris platform; (bso#11175).
+ s3: libsmbclient: Add missing talloc stackframe; (bso#11177).
+ s4-process_model: Do not close random fds while forking; (bso#11180).
+ s3-passdb: Fix 'force user' with winbind default domain; (bso#11185).
- Prevent samba package updates from disabling samba kerberos printing.
- Add sparse file support for samba; (fate#318424).
- Purge printer name cache on spoolss SetPrinter change; (bso#11210);
(bnc#901813).
- Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374).
- Simplify libxslt build requirement and README.SUSE install.
- Remove no longer required cleanup steps while populating the build root.
- Remove deprecated base_rid example from idmap_rid manpage; (bso#11169);
(bnc#913304).
- Update to 4.2.0.
+ smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115).
+ pam_winbind: fix warn_pwd_expire implementation; (bso#9056).
+ nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).
+ Make 'profiles' work again; (bso#9629).
+ s3:smb2_server: protect against integer wrap with
"smb2 max credits = 65535"; (bso#9702).
+ Make validate_ldb of String(Generalized-Time) accept millisecond format
".000Z"; (bso#9810).
+ Use -R linker flag on Solaris, not -rpath; (bso#10112).
+ vfs: Add glusterfs manpage; (bso#10240).
+ Make 'smbclient' use cached creds; (bso#10279).
+ pdb: Fix build issues with shared modules; (bso#10355).
+ s4-dns: Add support for BIND 9.10; (bso#10620).
+ idmap: Return the correct id type to *id_to_sid methods; (bso#10720).
+ printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808).
+ Don't build vfs_snapper on FreeBSD; (bso#10834).
+ nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835).
+ idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837).
+ s3: smb2cli: query info return length check was reversed; (bso#10848).
+ s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849).
+ lib: uid_wrapper: Fix setgroups and syscall detection on a system without
native uid_wrapper library; (bso#10851).
+ winbind3: Fix pwent variable substitution; (bso#10852).
+ Improve samba-regedit; (bso#10859).
+ registry: Don't leave dangling transactions; (bso#10860).
+ Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861).
+ build: Do not install 'texpect' binary anymore; (bso#10862).
+ Fix testparm to show hidden share defaults; (bso#10864).
+ libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1
max=PROTOCOL_SMB2_02; (bso#10866).
+ Integrate CTDB into top-level Samba build; (bso#10892).
+ samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895).
+ s3-nmbd: Fix netbios name truncation; (bso#10896).
+ spoolss: Fix handling of bad EnumJobs levels; (bso#10898).
+ Fix smbclient loops doing a directory listing against Mac OS X 10 server
with a non-wildcard path; (bso#10904).
+ Fix print job enumeration; (bso#10905); (bnc#898031).
+ samba-tool: Create NIS enabled users and unixHomeDirectory attribute;
(bso#10909).
+ Add support for SMB2 leases; (bso#10911).
+ btrfs: Don't leak opened directory handle; (bso#10918).
+ s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920).
+ s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921).
+ pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).
+ s3-keytab: fix keytab array NULL termination; (bso#10933).
+ s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940).
+ Cleanup add_string_to_array and usage; (bso#10942).
+ dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942).
+ Fix RootDSE search with extended dn control; (bso#10949).
+ Fix 'samba-tool dns serverinfo <server>' for IPv6; (bso#10952).
+ libcli/smb: only force signing of smb2 session setups when binding a new
session; (bso#10958).
+ s3-smbclient: Return success if we listed the shares; (bso#10960).
+ s3-smbstatus: Fix exit code of profile output; (bso#10961).
+ socket_wrapper: Add missing prototype check for eventfd; (bso#10965).
+ libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows
client does; (bso#10966).
+ vfs_streams_xattr: Check stream type; (bso#10971).
+ s3: smbd: Fix *allocate* calls to follow POSIX error return convention;
(bso#10982).
+ vfs_fruit: Add support for AAPL; (bso#10983).
+ Fix spoolss IDL response marshalling when returning error without clearing
info; (bso#10984).
+ dsdb-samldb: Check for extended access rights before we allow changes to
userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).
+ Fix IPv6 support in CTDB; (bso#10996).
+ ctdb-daemon: Use correct tdb flags when enabling robust mutex support;
(bso#11000).
+ vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005).
+ s3-util: Fix authentication with long hostnames; (bso#11008).
+ ctdb-build: Fix build without xsltproc; (bso#11014).
+ packaging: Include CTDB man pages in the tarball; (bso#11014).
+ pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords;
(bso#11016).
+ Make Sharepoint search show user documents; (bso#11022).
+ nss_wrapper: check for nss.h; (bso#11026).
+ Enable mutexes in gencache_notrans.tdb; (bso#11032).
+ tdb_wrap: Make mutexes easier to use; (bso#11032).
+ lib/util: Avoid collision which alread defined consumer DEBUG macro;
(bso#11033).
+ winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034).
+ s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037).
+ vfs_fruit: Fix base_fsp name conversion; (bso#11039).
+ vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040).
+ Fix authentication using Kerberos (not AD); (bso#11044).
+ net: Fix sam addgroupmem; (bso#11051).
+ vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055);
(bnc#913238).
+ cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058).
+ utils: Fix 'net time' segfault; (bso#11058).
+ libsmb: Provide authinfo domain for encrypted session referrals;
(bso#11059).
+ s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066).
+ vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069).
+ vfs/glusterfs: Change xattr key to match gluster key; (bso#11069).
+ vfs_glusterfs: Implement AIO support; (bso#11069).
+ s3-vfs: Fix developer build of vfs_ceph module; (bso#11070).
+ s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer;
(bso#11077); CVE-2015-0240; (bnc#917376).
+ vfs: Add a brief vfs_ceph manpage; (bso#11088).
+ s3: smbclient: Allinfo leaves the file handle open; (bso#11094).
+ Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain;
(bso#11097).
+ debug: Set close-on-exec for the main log file FD; (bso#11100).
+ s3: smbd: leases - losen paranoia check. Stat opens can grant leases;
(bso#11102).
+ s3: smbd: SMB2 close. If a file has delete on close, store the return info
before deleting; (bso#11104).
+ doc:man:vfs_glusterfs: improve the configuration section; (bso#11117).
+ snprintf: Try to support %j; (bso#11119).
+ ctdb-io: Do not use sys_write to write to client sockets; (bso#11124).
+ doc-xml: Add 'sharesec' reference to 'access based share enum';
(bso#11127).
- Update to 4.2.0rc5.
+ Ensure we don't call talloc_free on an uninitialized pointer;
CVE-2015-0240; (bso#11077); (bnc#917376).
- Fix usage of freed memory on server exit; (bso#11218); (bnc#919309).
- Fix tdb_store_flag_to_ntdb() gcc5 build failure.
- Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238).
- Update to 4.1.16.
+ dsdb-samldb: Check for extended access rights before we allow changes to
userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).
- Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.
- Fix libsmbclient DFS referral handling.
+ Reuse connections derived from DFS referrals; (bso#10123); (fate#316512).
+ Set domain/workgroup based on authentication callback value; (bso#11059).
- Update to 4.2.0rc4.
- Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and
libhttp to the libs package; (boo#913547).
- Rename libpdb packages to libsamba-passdb.
- Drop libsmbsharemodes packages.
- Enable avahi support on post-12.2 systems.
- Update to 4.1.15.
+ pam_winbind: Fix warn_pwd_expire implementation; (bso#9056).
+ nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).
+ Fix profiles tool; (bso#9629).
+ s3-lib: Do not require a password with --use-ccache; (bso#10279).
+ s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control;
(bso#10949).
+ s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952).
+ s3:smb2_server: Allow reauthentication without signing; (bso#10958).
+ s3-smbclient: Return success if we listed the shares; (bso#10960).
+ s3-smbstatus: Fix exit code of profile output; (bso#10961).
+ libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows
client does; (bso#10966).
+ s3: smbd/modules: Fix *allocate* calls to follow POSIX error return
convention; (bso#10982).
+ Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute
'supported_extensions'; (bso#11006).
+ idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo;
(bso#11006).
+ winbind: Retry LogonControl RPC in ping-dc after session expiration;
(bso#11034).
- yast2-samba-client should be able to specify osName and osVer on
AD domain join; (bnc#873922).
- Lookup FSRVP share snums at runtime rather than storing them persistently;
(bnc#908627).
- Specify soft dependency for network-online.target in Winbind systemd service
file; (bnc#889175).
- Fix spoolss error response marshalling; (bso#10984).
- Update to 4.1.14.
+ pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/
Tools/perl.py back to upstream state; (bso#10472).
+ s4-dns: Add support for BIND 9.10; (bso#10620).
+ nmbd fails to accept "--piddir" option; (bso#10711).
+ nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835).
+ S3: source3/smbd/process.c::srv_send_smb() returns true on the error path;
(bso#10880).
+ vfs_glusterfs: Remove "integer fd" code and store the glfs pointers;
(bso#10889).
+ s3-nmbd: Fix netbios name truncation; (bso#10896).
+ spoolss: Fix handling of bad EnumJobs levels; (bso#10898).
+ s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set
STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904).
+ spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905).
+ s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920).
+ s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921).
+ pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).
+ s3-keytab: Fix keytab array NULL termination; (bso#10933).
+ Cleanup add_string_to_array and usage; (bso#10942).
- Remove and cleanup shares and registry state associated with
externally deleted snaphots exposed as shadow copies; (bnc#876312).
- Use the upstream tar ball, as signature verification is now able to handle
compressed archives.
- Fix leak when closing file descriptor returned from dirfd; (bso#10918).
- Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031).
+ Fix handling of bad EnumJobs levels; (bso#10898).
- Remove dependency on gpg-offline as signature checking is implemented in the
source validator.
- Update to 4.1.13.
+ s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984).
+ s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984).
+ s3-libads: Add all machine account principals to the keytab; (bso#9985).
+ s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to
be NULL. Ensure this is safe with modern AD-DCs; (bso#10717).
+ Fix unstrcpy; (bso#10735).
+ pthreadpool: Slightly serialize jobs; (bso#10779).
+ s3: smbd: streams - Ensure share mode validation ignores internal opens
(op_mid == 0); (bso#10797).
+ s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809).
+ vfs_media_harmony: Fix a crash bug; (bso#10813).
+ docs: Mention incompatibility between kernel oplocks and streams_xattr;
(bso#10814).
+ nmbd: Send waiting status to systemd; (bso#10816).
+ libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL;
(bso#10817).
+ nsswitch: Skip groups we were not able to map; (bso#10824).
+ s3-winbindd: Use correct realm for trusted domains in idmap child;
(bso#10826).
+ s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830).
+ s3: lib: Signal handling - ensure smbrun and change password code save and
restore existing SIGCHLD handlers; (bso#10831).
+ idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837).
+ s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call;
(bso#10838).
+ s3: smb2cli: Query info return length check was reversed; (bso#10848).
+ registry: Don't leave dangling transactions; (bso#10860).
- Update to 4.2.0rc2.
- Rebase File Server Remote VSS Protocol (FSRVP) server against 4.2.0rc1;
(fate#313346).
- Backport upstream master fixes for samba-regedit; (bnc#896536).
- BuildRequire python-xml on SUSE systems only.
- BuildRequire python-xml.
- Exclude unwanted texpect binary and libhttp, libsamba-cluster-support,
libsamba-debug, and libsocket-blocking shared libs.
- Add vfs_fruit and vfs_worm man pages and ndr_dcerpc, smb2_lease_struct,
tstream_smbXcli_np, idtree, and idtree_random header files.
- Remove nmblookup and smbclient4 binary and nmblookup4 man page.
- Update to 4.2.0rc1.
- Fix small memory-leak in the background print process; (bnc#899558).
- Modify samba-regedit so it displays correctly (related to ncurses).
Changed code to use menu sub windows, seems to fix problems with display not
refreshing; explicitly BuildRequire ncurses-devel; (bnc#896536).
- Exclude unwanted libdnsserver_common and libdfs_server_ad shared libs and
the man page of the unused findsmb script.
- Skip groups that aren't mapped by idmap_ad; (bso#10824); (bnc#897969).
- Update to 4.1.12.
+ s3: winbindd: On new client connect, prune idle or hung connections older
than "winbind request timeout". Add new parameter "winbind request
timeout". Please see smb.conf man page for details; (bso#3204);
(bnc#872912).
+ Fix smbd crashes when filename contains non-ascii character; (bso#10716).
+ s4-rpc: dnsserver: Handle updates of tombstoned dnsNode objects;
(bso#10749).
+ passdb: Fix NT_STATUS_NO_SUCH_GROUP; (bso#9570).
+ s4:setup/dns_update_list: make use of the new substitution variables;
(bso#9831).
+ build: Fix configure to honour '--without-dmapi'; (bso#10369).
+ provision: Correctly provision the SOA record minimum TTL; (bso#10466).
+ s3: Enforce a positive allocation_file_size for non-empty files;
(bso#10543).
+ lib: tevent: make TEVENT_SIG_INCREMENT atomic; (bso#10640).
+ Make "case sensitive = True" option working with "max protocol = SMB2" or
higher in large directories; (bso#10650).
+ Samba 4 consuming a lot of CPU when re-reading printcap info; (bso#10652).
+ lib: strings: Simplify strcasecmp; (bso#10716).
+ Allow netr_ServerReqChallenge() and netr_ServerAuthenticate3() on different
connections; (bso#10723).
+ 'net time': Fix usage and core dump; (bso#10728).
+ sys_poll_intr: Fix timeout arithmetic; (bso#10731).
+ s3:idmap: Don't log missing range config if range checking not requested;
(bso#10737).
+ Fix flapping VFS gpfs offline bit; (bso#10741).
+ s4-rpc: dnsserver: Allow . to be specified for @ record; (bso#10742).
+ s4-rpc: dnsserver: return DNS_RANK_NS_GLUE recors when explicitly asked
for; (bso#10751).
+ samba: Retain case sensitivity of cifs client; (bso#10755).
+ lib: Remove unused nstrcpy; (bso#10758).
+ Fix a memory leak in cli_set_mntpoint(); (bso#10759).
+ docs: Fix typos in smb.conf (inherit acls); (bso#10761).
+ libcli/security: Add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in
get_sec_info(); (bso#10773).
+ s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in
incoming security_information flags in posix_get_nt_acl_common();
(bso#10773).
+ Don't discard result of checking grouptype; (bso#10777).
+ s3:libsmb: Set a max charge for SMB2 connections; (bso#10778).
+ smbd: Properly initialize mangle_hash; (bso#10782).
+ dosmode: Fix FSCTL_SET_SPARSE request validation; (bso#10787).
+ vfs_dirsort: Fix an off-by-one error that can cause uninitialized memory
read; (bso#10794).
- Wait for network-online.target to prevent caching of
pre-network failures; (bnc#889175).
- Use domain name if search by domain SID fails to send SIDHistory
lookups to correct idmap backend; (bnc#773464).
- Prune idle or hung connections older than "winbind request timeout";
(bso#3204); (bnc#872912).
- fix FSCTL_SET_SPARSE request validation; (bso#10787); (bnc#893774).
- Remove pre-11.2 patch which by default uses the smbpasswd passdb backend.
- build: disable mmap on s390 systems; (bso#10765); (bnc#886193);
(bnc#882356).
- Create the cups smb backend as sym link pointing to smbspool; (bnc#891220).
- Fix winbind service parameter usage; (bnc#890005).
- lib/param: change the default for "winbind expand groups" to "0";
(bnc#890008).
- Update to 4.1.11.
+ A malicious browser can send packets that may overwrite the heap of the
target nmbd NetBIOS name services daemon; CVE-2014-3560; (bnc#889429).
- Fix "net time" segfault; (bso#10728); (bnc#889539).
- Update to 4.1.10.
+ net/doc: Make clear that net vampire is for NT4 domains only; (bso#3263).
+ dbcheck: Add check and test for various invalid userParameters values;
(bso#8077).
+ s4:dsdb/samldb: Don't allow 'userParameters' to be modified over LDAP for
now; (bso#8077).
+ Simple use case results in "no talloc stackframe around, leaking memory"
error; (bso#8449).
+ s4:dsdb/repl_meta_data: Make sure objectGUID can't be deleted; (bso#9763).
+ dsdb: Always store and return the userParameters as a array of LE 16-bit
values; (bso#10130).
+ s4:repl_meta_data: fix array assignment in
replmd_process_linked_attribute(); (bso#10294).
+ ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory();
(bso#10469).
+ dbchecker: Verify and fix broken dn values; (bso#10536).
+ dsdb: Rename private_data to rootdse_private_data in rootdse; (bso#10582).
+ s3: libsmbclient: Work around bugs in SLES cifsd and Apple smbx SMB1
servers; (bso#10587).
+ Fix "PANIC: assert failed at ../source3/smbd/open.c(1582): ret";
(bso#10593).
+ rid_array used before status checked - segmentation fault due to null
pointer dereference; (bso#10627).
+ Samba won't start on a machine configured with only IPv4; (bso#10653).
+ msg_channel: Fix a 100% CPU loop; (bso#10663).
+ s3: smbd: Prevent file truncation on an open that fails with share mode
violation; (bso#10671); (bnc#884056).
+ s3: SMB2: Fix leak of blocking lock records in the database; (bso#10673).
+ samba-tool: Add --site parameter to provision command; (bso#10674).
+ smbstatus: Fix an uninitialized variable; (bso#10680).
+ SMB1 blocking locks can fail notification on unlock, causing client
timeout; (bso#10684).
+ s3: smbd: Locking, fix off-by one calculation in brl_pending_overlap();
(bso#10685).
+ 'RW2' smbtorture test fails when -N <numprocs> is set to 2 due to the
invalid status check in the second client; (bso#10687).
+ wbcCredentialCache fails if challenge_blob is not first; (bso#10692).
+ Backport ldb-1.1.17 + changes from master; (bso#10693).
+ Fix SEGV from improperly formed SUBSTRING/PRESENCE filter; (bso#10693).
+ ldb: Add a env variable to disable RTLD_DEEPBIND; (bso#10693).
+ ldb: Do not build libldb-cmdline when using system ldb; (bso#10693).
+ ldb: Fix 1138330 Dereference null return value, fix CIDs 241329, 240798,
1034791, 1034792 1034910, 1034910); (bso#10693).
+ ldb: make the successful ldb_transaction_start() message clearer;
(bso#10693).
+ ldb:pyldb: Add some more helper functions for LdbDn; (bso#10693).
+ ldb: Use of NULL pointer bugfix; (bso#10693).
+ lib/ldb: Fix compiler warnings; (bso#10693).
+ pyldb: Decrement ref counters on py_results and quiet warnings;
(bso#10693).
+ s4-openldap: Remove use of talloc_reference in ldb_map_outbound.c;
(bso#10693).
+ dsdb: Return NO_SUCH_OBJECT if a basedn is a deleted object; (bso#10694).
+ s4:dsdb/extended_dn_in: Don't force DSDB_SEARCH_SHOW_RECYCLED; (bso#10694).
+ Backport autobuild/selftest fixes from master; (bso#10696).
+ Backport drs-crackname fixes from master; (bso#10698).
+ smbd: Avoid double-free in get_print_db_byname; (bso#10699).
+ Backport access check related fixes from master; (bso#10700).
+ Backport provision fixes from master; (bso#10703).
+ s3:smb2_read: let smb2_sendfile_send_data() behave like send_file_readX();
(bso#10706).
+ s3: Fix missing braces in nfs4_acls.c.
- Reduce printer_list.tdb lock contention during printcap update;
(bso#10652); (bnc#883870).
+ Only update the printer share inventory when needed.
- Add missing newline to debug message in daemon_ready(); (bnc#865627).
- BuildRequire systemd-devel, configure --with-systemd, and modify the service
files accordingly on post-12.2 systems; (bso#10517); (bnc#865627).
- Prevent file truncation on an open that fails with share mode violation;
(bso#10671); (bnc#884056).
- Update to 4.1.9.
+ Fix nmbd denial of service; CVE-2014-0244; (bnc#880962).
+ Fix segmentation fault in smbd_marshall_dir_entry()'s SMB_FIND_FILE_UNIX
handler; CVE-2014-3493; (bnc#883758).
- BuildRequire krb5-devel, libiniparser-devel, and python-devel in any case.
- BuildRequire libxslt and perl-ExtUtils-MakeMaker and BuildIgnore libtevent
on CentOS, Fedora, and RHEL systems.
- Update to 4.1.8.
+ dns: Don't reply to replies; CVE-2014-0239; (bso#10609).
+ Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response; CVE-2014-0178;
(bso#10549).
+ s3: smb2: Fix 'xcopy /d' with samba shares; (bso#3124).
+ Extra ':' in msg for Waf Cross Compile Build System with Cross-answers
command; (bso#10151).
+ s3: nmbd: Reset debug settings after reading config file; (bso#10239).
+ Fix empty body in if-statement in continue_domain_open_lookup; (bso#10348).
+ script/autobuild: Make use of '--with-perl-{arch,lib}-install-dir';
(bso#10472).
+ wafsamba: Fix the installation on FreeBSD; (bso#10472).
+ Use exit_daemon() to communicate status of startup to systemd; (bso#10517).
+ Fix adding NetApps; (bso#10524).
+ s3: lib/util: Fix logic inside set_namearray loops; (bso#10544).
+ s3: lib/util: set_namearray reads across end of namelist; (bso#10544).
+ idmap_autorid: Fix failure in reverse lookup if ID is from domain range
index #0; (bso#10547).
+ build: Fix ordering problems with lib-provided and internal RPATHs;
(bso#10548).
+ Fix read of deleted memory in reply_writeclose()'; (bso#10554).
+ lib-util: Rename memdup to smb_memdup and fix all callers; (bso#10556).
+ Fix lock order violation and file lost; (bso#10564).
+ dsdb: Do checks for invalid renames in samldb, before repl_meta_data;
(bso#10569).
+ Fix wildcard unlink to fail if we get an error rather than trying to
continue; (bso#10577).
+ byteorder: Do not assume PowerPC is big-endian; (bso#10590).
+ printing: Fix purge of all print jobs; (bso#10612).
- examples/libsmbclient: avoid some compiler warnings; (bso#10624).
- Fix printer job purging; (bso#10612); (bnc#879390).
- Update samba-pubkey_6568B7EA.asc which will expire 2016-01-17.
- Fix byte-order macros on little endian Power8; (bso#10590); (bnc#871701).
- Pass through vfs_btrfs snapshot manipulation requests when
"btrfs: manipulate snapshots = no" is configured; (bnc#874180).
- Clone the base share security descriptor when exposing a snapshot share;
(bnc#874656).
- Use appropriate HRESULT return codes; (bnc#875046).
- Update to 4.1.7.
+ Make "force user" work as expected; (bso#9878).
+ Fix build on AIX with IBM XL C/C++ (gettext detection issues); (bso#9911).
+ Fix problem with server taking too long to respond to a
MSG_PRINTER_DRVUPGRADE message; (bso#9942).
+ s3-printing: Fix obvious memory leak in printer_list_get_printer();
(bso#9993).
+ doc: Add "spoolss: architecture" parameter usage; (bso#10188).
+ Make 'smbclient' support DFS shares with SMB2/3; (bso#10200).
+ Make (lib)smbclient work with NetApp; (bso#10230).
+ SessionLogoff on a signed connection with an outstanding notify request
crashes smbd; (bso#10344).
+ dfs: Always call create_conn_struct with root privileges; (bso#10378).
+ 'net ads search' on high latency networks can return a partial list with
no error indication; (bso#10387).
+ max xmit > 64kb leads to segmentation fault; (bso#10422).
+ Fix STATUS_NO_MEMORY response from Query File Posix Lock request;
(bso#10431).
+ Increase max netbios name components; (bso#10439).
+ smbd_server_connection_terminate("CTDB_SRVID_RELEASE_IP") panics from
within ctdbd_migrate() with invalid lock_order; (bso#10444).
+ Fix 'wbinfo -i' with one-way trust; (bso#10458).
+ samba4 services not binding on IPv6 addresses causing connection delays;
(bso#10464).
+ s3-vfs: Fix stream_depot vfs module on btrfs; (bso#10467).
+ Don't respond with NXDOMAIN to records that exist with another type;
(bso#10471).
+ pidl: waf should have an option for the dir to install perl files and do
not glob; (bso#10472).
+ s3-spoolssd: Don't register spoolssd if epmd is not running; (bso#10474).
+ s3-rpc_server: Fix handling of fragmented rpc requests; (bso#10481).
+ Initial FSRVP rpcclient requests fail with NT_STATUS_PIPE_NOT_AVAILABLE;
(bso#10484).
+ lsa.idl: Define lsa.ForestTrustCollisionInfo and ForestTrustCollisionRecord
as public structs; (bso#10504).
+ Make 'smbreadline' build with readline 6.3; (bso#10506).
+ smbd: Correctly add remote users into local groups; (bso#10508).
+ rpcclient FSRVP request UNCs should include a trailing backslash;
(bso#10521).
+ Cleanup messages.tdb record after unclean smbd shutdown; (bso#10534).
+ s3:rpc_server: Minor refactoring of process_request_pdu().
- Create a new DBus connection for every vfs_snapper request, to ensure
correct snapper UID detection; (bnc#866354).
- Fix "Invalid read" in method reply_writeclose; (bso#10554); (bnc#873658).
- Fix minor compiler warnings in snapshot code-path; (bnc#873177).
- Remove references to the obsolete samba-krb-printing package and
get_printing_ticket binary.
- Fix malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response; CVE-2014-0178;
(bso#10549); (bnc#872396).
- User error strings instead of hex codes where possible for FSRVP
errors; (bnc#866927).
- Fix remote share shadow copy request UNCs; (bso#10521); (bnc#870957).
- Add krb5rcache directory to the winbind package; (bnc#870607).
- Cleanup and consolidate the sysconfig and systemd service files.
- Extend vfs_snapper man page to cover permissions; (bnc#870570).
- Fix RPC server handling of fragmented requests; (bso#10481); (bnc#869707).
- Default with the cache and lock directory to the same path to have both
non-persistent and persistent data at one location; (bnc#846586).
- Depend only on %version with all manual Provides and Requires; (bnc#844307).
- Update to 4.1.6.
+ Password lockout not enforced for SAMR password changes; CVE-2013-4496;
(bnc#849224).
+ smbcacls can remove a file or directory ACL by mistake; CVE-2013-6442;
(bnc#855866).
- Password lockout not enforced for SAMR password changes;
CVE-2013-4496; (bnc#849224).
- Call update-apparmor-samba-profile via ExecStartPre too; (bnc#867665).
- samba4 smbcalcs --chown | --chgrp dacl regression; CVE-2013-6442;
(bnc#855866).
- Retry named pipe open requests on STATUS_PIPE_NOT_AVAILABLE; (bso#10484);
(bnc#865095).
- Propagate snapshot enumeration permissions errors to SMB clients;
(bnc#865641).
- Properly handle empty 'requires_membership_of' entries in
/etc/security/pam_winbind.conf; (bnc#865771).
- Fix problem with server taking too long to respond to a
MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748).
- Fix memory leak in printer_list_get_printer(); (bso#9993); (bnc#865561).
- Fix stream_depot VFS module on Btrfs; (bso#10467); (bnc#865397).
- Use libarchive to provide improved smbclient tarmode functionality;
(bso#9667); (bnc#861135).
- Depend on %version-%release with all manual Provides and Requires;
(bnc#844307).
- Update to 4.1.5.
+ Fix 100% CPU utilization in winbindd when trying to free memory in
winbindd_reinit_after_fork; (bso#10358); (bnc#786677).
+ smbd: Fix memory overwrites; (bso#10415).
+ s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done();
(bso#2191).
+ ntlm_auth sometimes returns the wrong username to mod_ntlm_auth_winbind;
(bso#10087).
+ s3: smbpasswd: Fix crashes on invalid input; (bso#10320).
+ s3: vfs_dirsort module: Allow dirsort to work when multiple simultaneous
directories are open; (bso#10406).
+ Add support for Heimdal's unified krb5 and hdb plugin system, cope with
first element in hdb_method having a different name in different heimdal
versions and fix INTERNAL ERROR: Signal 11 in the kdc pid; (bso#10418).
+ vfs_btrfs: Fix incorrect zero length server-side copy request handling;
(bso#10424).
+ s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we
can't cope with a symlink when lp_posix_pathnames() is true; (bso#10429).
+ smbd: Fix an ancient oplock bug; (bso#10436).
+ Fix crash bug in smb2_notify code; (bso#10442).
- Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293).
- Migrate @GMT token parsing functionality into vfs_snapper; (bnc#863079).
+ Improve vfs_snapper documentation.
- Fix Winbind 100% CPU utilization caused by domain list corruption;
(bso#10358); (bnc#786677).
- Fix memory overwrite in FSCTL_VALIDATE_NEGOTIATE_INFO handler; (bso#10415);
(bnc#862370).
- Streamline the vendor suffix handling and add support for SLE 12.
- Fix zero length server-side copy request handling; (bso#10424);
(bnc#862558).
- Set the PID directory to /run/samba on post-12.2 systems.
- Make use of the tmpfilesdir macro while calling systemd-tmpfiles.
- Make winbindd print the interface version when it gets an INTERFACE_VERSION
request; (bnc#726937).
- Fix vfs_btrfs build on older platforms with duplicate WRITE_FLUSH
definitions; (bnc#860832).
- Check for NULL gensec_security in gensec_security_by_auth_type();
(bnc#860809).
- Ensure ndr table initialization; (bnc#860648).
- Add File Server Remote VSS Protocol (FSRVP) server for SMB share
shadow-copies; (fate#313346).
- s3-dir: Fix the DOS clients against 64-bit smbd's; (bso#2662).
- shadow_copy2: module "Previous Version" not working in Windows 7;
(bso#10259).
- s3-passdb: Fix string duplication to pointers; (bso#10367).
- vfs/glusterfs: in case atime is not passed, set it to the current atime;
(bso#10384)
- s3: winbindd: Move calling setup_domain_child() into add_trusted_domain();
(bso#10358); (bnc#786677).
- Default sysconfig daemon options to -D; (bso#10388); (bnc#857454).
- Add /var/cache/samba to the client file list; (bnc#846586).
- Really add the WINBINDDOPTIONS sysconfig variable on install; (bnc#857454).
- Correct sysconfig variable names by adding the missing D char; (bnc#857454).
- Update to 4.1.4.
+ Fix segfault in smbd; (bso#10284).
+ Fix SMB2 server panic when a smb2 brlock times out; (bso#10311).
- Call stop_on_removal from preun and restart_on_update and insserv_cleanup
from postun on pre-12.3 systems only; (bnc#857454).
- BuildRequire gamin-devel instead of unmaintained fam-devel package on
post-12.1 systems.
- smbd: allow updates on directory write times on open handles; (bso#9870).
- lib/util: use proper include for struct stat; (bso#10276).
- s3:winbindd fix use of uninitialized variables; (bso#10280).
- s3-winbindd: Fix DEBUG statement in winbind_msg_offline(); (bso#10285).
- s3-lib: Fix %G substitution for domain users in smbd; (bso#10286).
- smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a
path for open; (bso#10297).
- smb2_server processing overhead; (bso#10298).
- ldb: bad if test in ldb_comparison_fold(); (bso#10305).
- Fix AIO with SMB2 and locks; (bso#10310).
- smbd: Fix a panic when a smb2 brlock times out; (bso#10311).
- vfs_glusterfs: Enable per client log file; (bso#10337).
- Add /etc/sysconfig/samba to the main and winbind package; (bnc#857454).
- Create /var/run/samba with systemd-tmpfiles on post-12.2 systems;
(bnc#856759).
- Fix broken rc{nmb,smb,winbind} sym links which should point to the service
binary on post-12.2 systems; (bnc#856759).
- Add Snapper VFS module for snapshot manipulation; (fate#313347).
+ dbus-1-devel required at build time.
- Add File Server Remote VSS Protocol (FSRVP) client for SMB share
shadow-copies; (fate#313345).
- Do not BuildRequire perl ExtUtils::MakeMaker and Parse::Yapp as they're part
of the minimum build environment.
- Update to 4.1.3.
+ DCE-RPC fragment length field is incorrectly checked; CVE-2013-4408;
(bnc#844720).
+ pam_winbind login without require_membership_of restrictions;
CVE-2012-6150; (bnc#853347).
- Make use of the full gpg pub key file name including the key ID.
- Add transparent file compression support; (fate#316266).
+ Implement FSCTL_GET_COMPRESSION and FSCTL_SET_COMPRESSION handlers.
+ Add FILE_ATTRIBUTE_COMPRESSED and FILE_NO_COMPRESSION support.
+ Extend vfs_btrfs VFS module to utilize get/set compression hooks.
- Add support for FSCTL_SRV_COPYCHUNK_WRITE; (fate#314770).
- Remove bogus libsmbclient0 package description and cleanup the libsmbclient
line from baselibs.conf; (bnc#853021).
- BuildRequire systemd on post-12.2 systems.
- Update to 4.1.2.
+ s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled; (bso#9091).
+ dfs_server: Use dsdb_search_one to catch 0 results as well as
NO_SUCH_OBJECT errors; (bso#10052).
+ Missing talloc_free can leak stackframe in error path; (bso#10187).
+ Fix memset used with constant zero length parameter; (bso#10190).
+ s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName';
(bso#10193).
+ Make offline logon cache updating for cross child domain group membership;
(bso#10194).
+ nsswitch: Fix short writes in winbind_write_sock; (bso#10195).
+ RW Deny for a specific user is not overriding RW Allow for a group;
(bso#10196).
+ vfs_glusterfs: Fix excessive debug output from vfs_gluster_open();
(bso#10224).
+ vfs_glusterfs: Implement proper mashalling/unmarshalling of ACLs;
(bso#10224).
+ VFS plugin was sending the actual size of the volume instead of the total
number of block units because of which windows was getting the wrong
volume capacity; (bso#10224).
+ libcli/smb: Fix smb2cli_ioctl*() against Windows 2008; (bso#10232).
+ xattr: Fix listing EAs on *BSD for non-root users; (bso#10247).
+ Fix the build of vfs_glusterfs; (bso#10253).
+ s3-winbindd: Fix cache_traverse_validate_fn failure for NDR cache entries;
(bso#10264).
+ util: Remove 32bit macros breaking strict aliasing; (bso#10269).
- Let gpg verify execution condition not fail on non SUSE systems.
- Add systemd support for post-12.2 systems.
- Allow smbcacls to take a '--propagate-inheritance' flag to indicate that
the add, delete, modify and set operations now support automatic
propagation of inheritable ACE(s); (FATE#316474).
- Unconditionally create the CUPS smb backend sym link pointing to smbspool;
(bnc#850656).
- Update to 4.1.1.
+ ACLs are not checked on opening an alternate data stream on a file or
directory; CVE-2013-4475; (bso#10229); (bnc#848101).
+ Private key in key.pem world readable; CVE-2013-4476; (bnc#848103).
- Private key in key.pem world readable; CVE-2013-4476; (bnc#848103).
- ACLs are not checked on opening an alternate data stream on a file or
directory; CVE-2013-4475; (bso#10229); (bnc#848101).
- Update to 4.1.0.
+ pam_winbindd: Support the KEYRING ccache type; (bso#10132).
+ Fix PAC parsing failure; (bso#10178).
- Unify the defattr lines in the pidl, python, test and test-devel files
section by removing the optional directory mode.
- Verify source tar ball gpg signature.
- Update to 4.1.0rc4.
+ dsdb: Convert the full string from UTF16 to UTF8, including embedded
NULLs; (bso#8077).
+ python-samba-tool fsmo: Do not give an error on a successful role
transfer; (bso#9461).
+ dbwrap_ctdb: Treat empty records as non-existing; (bso#10008).
+ Raise the level of a debug when unable to open a printer; (bso#10118).
+ Add "acl allow execute always" parameter; (bso#10134).
+ vfs_shadow_copy2: Display previous versions correctly over SMB2;
(bso#10137).
+ smbd: Always clean up share modes after hard crash; (bso#10138).
+ Valid utf8 filenames cause "invalid conversion error" messages;
(bso#10139).
+ libcli/smb: Use SMB1 MID=0 for the initial Negprot; (bso#10144).
+ Samba SMB2 client code reads the wrong short name length in a directory
listing reply; (bso#10145).
+ libcli/smb: Only check the SMB2 session setup signature if required and
valid; (bso#10146).
+ Better document potential implications of a globally used "valid users";
(bso#10147).
+ cli_smb2_get_ea_list_path() failed to close file on exit; (bso#10149).
+ Not all OEM servers support the ALTNAME info level; (bso#10150).
+ Regression causes replication failure with Windows 2008R2 and deletes
Deleted Objects; (bso#10157).
+ Netbios related samba process consumes 100% CPU; (bso#10158).
+ Fix POSIX ACL mapping when setting DENY ACE's from Windows; (bso#10162).
- Require libndr-standard-devel due to gen_ndr/lsa.h from libpdb-devel.
- Add libdcerpc0, libdcerpc-atsvc0, libdcerpc-binding0, libdcerpc-samr0,
libgensec0, libndr0, libndr-krb5pac0, libndr-nbt0, libndr-standard0,
libpdb0, libregistry0, libsamba-credentials0, libsamba-hostconfig0,
libsamba-policy0, libsamba-util0, libsamdb0, libsmbclient-raw0, libsmbconf0,
libsmbldap0, and libtevent-util0 to baselibs.conf.
- Add or polish the shared library package summaries and descriptions.
- Update to 4.1.0rc3.
+ Fix working on site with Read Only Domain Controller; (bso#5917).
+ Add man page for vfs_syncops; (bso#7364).
+ Add man page for vfs_linux_xfs_sgid; (bso#7490).
+ When replicating DNS for bind9_dlz we need to create the server-DNS
account remotely; (bso#9091).
+ Winbind unable to retrieve user information from AD; (bso#9615).
+ winbind_lookup_names() fails because of NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
(bso#9899).
+ Build Samba 4.0.x on AIX with IBM XL C/C++; (bso#9911).
+ Add SMB2 and SMB3 support for smbclient; (bso#9974).
+ Add man pages for ntdb tools; (bso#10000).
+ Add man page for samba-regedit tool; (bso#10001).
+ ::1 added to nameserver on join; (bso#10030).
+ Fix memory leak in source3/lib/util.c:1493; (bso#10063).
+ Fix segmentation fault in 'net ads join'; (bso#10073).
+ Fix variable list in vfs_crossrename man page; (bso#10076).
+ s3-winbind: Fix a segfault passing NULL to a fstring argument; (bso#10082).
+ smbd: Fix async echo handler forking; (bso#10086).
+ MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba;
(bso#10097).
+ Honour output buffer length set by the client for SMB2 GetInfo requests;
(bso#10106).
+ Fix Winbind crashes on DC with trusted AD domains; (bso#10107).
+ Handle Dropbox (write-only-directory) case correctly in pathname lookup;
(bso#10114).
+ Masks incorrectly applied to UNIX extension permission changes;
(bso#10121).
- Implement shared library packaging guidelines.
- Correct interpackage dependencies; (bso#10129).
- Define the source URL differently in the case of a release candidate.
- Update to 4.1.0rc2.
+ Add vfs_btrfs module.
+ Add support for server-side copy operations via the
SMB2 FSCTL_SRV_COPYCHUNK request.
+ Fix replication with --domain-crictical-only to fill in backlinks;
(bso#9029).
+ Windows 8 Roaming profiles fail; (bso#9678).
+ Fix crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol";
(bso#9820).
+ Windows error 0x800700FE when copying files with xattr names containing
":"; (bso#9992).
+ Do not delete an existing valid credential cache (s3-winbind); (bso#9994).
+ Fix segfault while reading incomplete session info; (bso#10003).
+ Missing integer wrap protection in EA list reading can cause server to
loop with DOS (CVE-2013-4124); (bso#10010).
+ Fix a 100% loop at shutdown time (smbd); (bso#10013).
+ Fix/improve debug options; (bso#10015).
+ Rename regedit to samba-regedit; (bso#10040).
+ Remove obsolete swat manpage and references; (bso#10041).
+ Fix crashes in socket_get_local_addr(); (bso#10042).
+ Allow to change the default location for Kerberos credential caches;
(bso#10043).
+ Remove a redundant inlined substitution of ACLs; (bso#10045).
+ nsswitch: Add OPT_KRB5CCNAME to avoid an error message; (bso#10048).
+ dsdb improvements; (bso#10056).
+ Linux kernel oplock breaks can miss signals; (bso#10064).
- BuildRequire pyldb-devel.
- Add libnetapi0 and samba-libs to baselibs.conf.
- Update to 4.0.9.
+ Fix crash of Winbind after "ls -l /usr/local/samba/var/locks/sysvol";
(bso#9820).
+ s3-lib: Fix segmentation fault while reading incomplete session info;
(bso#10003).
+ smbd: Fix a 100% loop at shutdown time; (bso#10013).
+ Windows 8 Roaming profiles fail; (bso#9678).
+ Add UPN enumeration to passdb internal API; (bso#9779).
+ smbd: Cleanup disonnected durable handles; (bso#9930).
+ vfs_streams_xattr: Do not attempt to write empty attribute twice;
(bso#9970).
+ Fix Windows error 0x800700FE when copying files with xattr names
containing ":"; (bso#9992).
+ s3-winbind: Do not delete an existing valid credential cache; (bso#9994).
+ Fix excessive RID allocation; (bso#10014).
+ Add debugclass for DNS server; (bso#10015).
+ Fix/improve debug options; (bso#10015).
+ Allow to change the default location for Kerberos credential caches;
(bso#10043).
+ Linux kernel oplock breaks can miss signals; (bso#10064).
+ net ads join: Fix segmentation fault in
create_local_private_krb5_conf_for_domain; (bso#10073).
- Update to 4.0.8.
+ Samba 3.0.x to 4.0.7 are affected by a denial of service attack on
authenticated or guest connections; CVE-2013-4124; (bnc#829969).
- Require krb5 and not the non existing krb5-libs package.
- Update to 4.1.0rc1.
+ Directory database replication (AD DC mode)
+ Server-Side Copy Support
+ Btrfs Filesystem Integration
- BuildRequire perl ExtUtils::MakeMaker and Parse::Yapp.
- BuildRequire libxslt, libxslt1, or libxslt-tools depending on SUSE version.
- Require perl-base on SUSE systems only.
- Adjust group setting of the test-devel subpackage.
- Require perl-base from the pidl subpackage.
- Remove libdir/samba/ldb after install if we're building Samba without
Active Directory Domain Controller support.
- Remove unused ccache switch from the spec file.
- BuildRequire docbook-xsl-stylesheets and libxslt-tools to build the
man pages and add them to the package again.
- Build from the package from the top level directory; (bnc#794744).
- BuildRequire pytalloc-devel, python-tdb, and python-tevent.
- Also use out of tree builds of talloc, tdb, tevent, and ldb for pre-12.1
SUSE systems.
- Remove the empty data dir from the doc package filelist.
- Explicitly use samba instead of the name macro to define the docbook dir.
- Update to 4.0.7.
+ Fix a core dump with invalid lock order while opening/editing
or copying MS files; (bso#9794).
+ Fix crash bug from search of mail=; (bso#9967).
+ s3-rpc_server: Ensure we are root when starting and using gensec;
(bso#9465).
+ Add support for MX queries; (bso#9485).
+ dns: Delete dnsNode objects when they are empty; (bso#9559).
+ dns: Support larger queries when asking forwarder; (bso#9632).
+ s3:lib/server_mutex: Open mutex.tdb with CLEAR_IF_FIRST; (bso#9805).
+ Use of wrong RFC2307 primary group field; (bso#9880).
+ Check for system libtevent; (bso#9881).
+ is_printer_published GUID retrieval; (bso#9900).
+ Doc fixes for 4.0; (bso#9906).
+ Build fixes for 4.0 found during autoconf or debian packaging work;
(bso#9907).
+ build: Add missing new line to replaced python shebang line; (bso#9909).
+ PIE builds not supported; (bso#9910).
+ s4:winbind: Don't leak libnet_context into the main event context;
(bso#9929).
+ Fix a bug of drvupgrade of smbcontrol; (bso#9941).
+ Check for netbios aliases in ad_get_referrals; (bso#9947).
+ Fix tevent_poll on 32-bit machines (Coverity ID 989236); (bso#9953).
+ docs: Avoid mentioning a possibly misleading option; (bso#9964).
+ Fix build with system Heimdal of samba4kgetcred; (bso#9968).
- Use SLE as product prefix for SUSE Linux Enterprise, oS for openSUSE, and
OBS for any other operating system to define the vendor string while build.
- Remove ldapsmb from the main spec file.
- Adjust ldapsmb and nmbstatus man page syntax required by a newer pod2man.
- Don't bzip2 the main tar ball, use the upstream gziped one instead.
- Explicitly BuildRequire cyrus-sasl-devel, libattr-devel, and
libopenssl-devel.
- Fix libreplace license ambiguity; (bso#8997); (bnc#765270).
- Update to 4.0.6.
+ Fix crash during Win8 sync; (bso#9822).
+ Fix segfault when loging in with wrong password from w2k8r2; (bso#9834).
+ Fix the username map optimization; (bso#9139).
+ Add support for PFC_FLAG_OBJECT_UUID when parsing packets; (bso#9382).
+ SMB2 server doesn't support recvfile; (bso#9412).
+ Fix the build of vfs_notify_fam; (bso#9545).
+ Fix adding case sensitive spn; (bso#9699).
+ Properly handle oplock breaks in compound requests; (bso#9722).
+ Properly handle oplock breaks in compound requests; (bso#9722).
+ Cache name_to_sid/sid_to_name correctly; (bso#9766).
+ Fix 'net ads join' when called via stdin; (bso#9767).
+ Fix segfault for "artificial" conn_structs in vfs_fake_perms; (bso#9775).
+ vfs_dirsort uses non-stackable calls, dirfd(), malloc instead of talloc and
doesn't cope with directories being modified whilst reading; (bso#9777).
+ Fix panic when running 'smbtorture smb.base'; (bso#9782).
+ Use specified python for runtime installation of Samba; (bso#9785).
+ Change '--with-dmapi' to 'default=auto' to match the autoconf build;
(bso#9803).
+ wafsamba: Display the default value in help for SAMBA3_ADD_OPTION;
(bso#9804).
+ wbinfo: Fix segfault in wbinfo_pam_logon; (bso#9807).
+ Package new dbwrap_tool man page; (bso#9809).
+ Old DOS SMB CTEMP request uses a non-VFS function to access
the filesystem; (bso#9811).
+ Fix 'map untrusted to domain' with NTLMv2; (bso#9817).
+ SMB signing and the async echo responder don't work together; (bso#9824).
+ Fix panic in nt_printer_publish_ads; (bso#9830).
+ talloc use after free in winbind4; (bso#9832).
+ Function called in unix_convert() path can overwrite errno; (bso#9833).
+ Fix NULL pointer dereference in Winbind; (bso#9854).
+ Fix making LIBNDR_PREG_OBJ; (bso#9868).
- Remove disabled and anyhow obsoleted net-report and net_rpc_migrate patches.
- Update to 4.0.5.
+ Fix large reads/writes from some Linux clients; (bso#9706).
+ Add 'samba-tool dbcheck --reset-well-known-acls'; (bso#9740).
+ Can't delegate adding computers to domain; (bso#9267).
+ Fix GNU ld version detection with old gcc releases; (bso#7825).
+ Never try to map global SAM name; (bso#9039).
+ Certain xattrs cause Windows error 0x800700FF; (bso#9130).
+ Samba returns unexpected error on SMB posix open; (bso#9519).
+ Fix build on AIX; (bso#9557).
+ libnss-winbindd does not provide pass struct for groups mapped with
ID_TYPE_BOTH and vice versa; (bso#9617).
+ Reauth-capable client fails to access shares on Windows member; (bso#9625).
+ PIDL: Fix parsing linemarkers in preprocessor output; (bso#9636).
+ Rename internal subsystem pdb_ldap to pdb_ldapsam; (bso#9639).
+ Fix the build of vfs_afsacl; (bso#9642).
+ Fix the build with --fake-kaserver; (bso#9643).
+ Fix compile of source3/lib/afs.c; (bso#9644).
+ Make SMB2_GETINFO multi-volume aware; (bso#9646).
+ idmap_autorid: Fix freeing of non-talloced memory; (bso#9653).
+ Work around FreeBSD's getaddrinfo() underscore issue; (bso#9656).
+ 'make test' hangs; (bso#9663).
+ Fix correct linking of libreplace with cmdline-credentials; (bso#9664).
+ Fix filtering of link-local addresses; (bso#9666).
+ Fix crash in 'net rpc join' against a Samba 3.0.33 PDC; (bso#9669).
+ Samba denies owner Read Control when there is a DENY entry while W2K08
does not; (bso#9674).
+ Fix several resource (fd) leaks; (bso#9683).
+ Fix a memory leak in spoolss rpc server; (bso#9685).
+ Fix a possible buffer overrun in pdb_smbpasswd; (bso#9686).
+ Fix several possible null pointer dereferences; (bso#9687).
+ Make sure that domain joins work correctly when the DC disallows NTLM
auth; (bso#9689).
+ Backport tevent changes to bring library to version 0.9.18; (bso#9695).
+ Remove incomplete samba_dnsupdate IPv6 link-local address check;
(bso#9696).
+ DsReplicaGetInfo fails due to sendto() EMSGSIZE error on UNIX
domain socket; (bso#9697).
+ Fix vfs_catia and update documentation; (bso#9701); (bnc#824833).
+ Fix build on solaris8: Do not force a specific perl on pod2man; (bso#9703).
+ Fix nss_winbind name on FreeBSD; (bso#9704).
+ s4:winbindd: Do not drop the workgroup name in the getgrnam, getgrent and
getgrgid calls; (bso#9711).
+ Set LD_LIBRARY_PATH in install_with_python.sh; (bso#9717).
+ s4-idmap: Remove requirement that posixAccount or posixGroup be set for
rfc2307; (bso#9718).
+ Allow forcing an override of an old @MODULES record; (bso#9719).
+ Do not print the admin password during 'samba-tool classicupgrade';
(bso#9720).
+ Make samba_upgradedns more robust (do not guess addresses when just
changing roles); (bso#9721).
+ Add a tool to migrate latin1 printing tdbs to registry; (bso#9723).
+ is_encrypted_packet() function incorrectly used inside server; (bso#9724).
+ upgradeprovision and 'samba-tool dbcheck' patches for 4.0.NEXT; (bso#9725).
+ Fix NULL pointer dereference; (bso#9727).
+ DO NOT install samba_upgradeprovision in 4.0.x; (bso#9728).
+ Fix 'smbcontrol close-share'; (bso#9733).
+ Fix Winbind separator in upn to username conversion; (bso#9735).
+ Change to smbd/dir.c code gives significant performance increases on large
directory listings; (bso#9736).
+ PIDL: Build fixes for hosts without CPP (Solaris 11); (bso#9739).
+ Make sure that we only propogate the INHERITED flag when we are allowed
to; (bso#9747).
+ Remove unneeded fstat system call from hot read path; (bso#9748).
+ Don't leak the epm_Map policy handle; (bso#9758).
+ Fix incorrect parsing of SMB2 command codes; (bso#9760).
- Update to 4.0.4.
+ Remove forced set of 'create mask' to 0777; CVE-2013-1863; (bnc#809624).
- Fix periodic printcap cache reloads; (bso#9650); (bnc#807334).
- No longer use the cifs- or smbfstab named configuration file on post-12.2
systems; (bnc#804822); (bnc#821889).
- Shift the smbfs init script nfs dependency from Required to Should.
- Fix SMB1 Session Setup AndX handling with a large krb PAC;
(bso#9658); (bnc#802031).
- Point LD_LIBRARY_PATH to the just-built libraries while calling testparm to
generate the default share snippets on pre-12.2 systems.
- Explicitly configure --with-ads.
- Fix smbclient recursive mget EPERM handling; (bso#9633); (bnc#786350).
- Remove superfluous quotation marks while setting the
SAMBA_VERSION_VENDOR_SUFFIX string.
- Do not restart the smbfs service on pre-11.3 systems during dhcp lease
renewal when the IP address remains the same; (bnc#800782).
- Update to 4.0.3.
+ Fix ACL problem with delegation of privileges and deletion of accounts
over LDAP interface; add documentation; (bso##8909).
+ check_password_quality: Handle non-ASCII characters properly; (bso##9105).
+ Fix 'smbd' panic triggered by unlink after open; (bso##9571).
+ smbd: Fix memleak in the async echo handler; (bso##9549).
+ defer_open is triggered multiple times on the same request; (bso#9196).
+ Add extra attributes for AD printer publishing; (bso#9378).
+ FSMO seize of naming role fails: NT_STATUS_IO_TIMEOUT; (bso#9461).
+ Downgrade v4 printer driver requests to v3; (bso#9474).
+ samba_upgradeprovision: fix the nTSecurityDescriptor on more containers;
(bso#9481).
+ s3:smb2_negprot: set the 'remote_proto' value; (bso#9499).
+ waf assumes that pythonX.Y-config is a Python script; (bso#9503).
+ s4:drsuapi: Make sure we report the meta data from the cycle start;
(bso#9508).
+ wafsamba: Use additional xml catalog file; (bso#9512).
+ samba_dnsupdate: Set KRB5_CONFIG for nsupdate command; (bso#9517).
+ conn->share_access appears not be be reset between users; (bso#9518).
+ Remove superfluous bracket in samba.8.xml; (bso#9528).
+ Fix typo in vfs_tsmsm.8.xml; (bso#9530).
+ terminate the irpc_servers_byname() result with
server_id_set_disconnected(); (bso#9540).
+ Make use of posix_openpt; (bso#9541).
+ Fix build of vfs_commit and plug in async pwrite support; (bso#9544).
+ Fix aio_suspend detection on FreeBSD; (bso#9546).
+ Correctly detect O_DIRECT; (bso#9548).
+ sigprocmask does not work on FreeBSD to stop further signals in a signal
handler; (bso#9550).
+ smb.conf(5): Update list of available protocols; (bso#9552).
+ s4-resolve: Fix parsing of IPv6/AAAA in dns_lookup; (bso#9555).
+ Fix compilation of Solaris ACL module; (bso#9564).
+ Adding additional Samba 4.0 DC to W2k8 srv AD domain (in win200 functional
level) produces dbcheck errors; (bso#9565).
+ Add dbwrap_tool.1 manual page; (bso#9568).
+ Document the command line options in dbwrap_tool(1); (bso#9568).
+ ntlm_auth(1): Fix format and make examples visible; (bso#9569).
+ Fix file corruption during SMB1 read by Mac OSX 10.8.2 clients;
(bso#9572).
+ Fix a possible null pointer dereference in spoolss; (bso#9574).
+ Duplicate flags defined in the winbindd protocol; (bso#9575).
+ gensec: Allow login without a PAC by default; (bso#9581).
+ smbd: disk_free: sys_popen() failed" message logged in /var/log/message
many times; (bso#9586).
+ Archive flag is always set on directories; (bso#9587).
+ ACLs are not inherited to directories for DFS shares; (bso#9588).
+ Correct meta data in ldb manpages; (bso#9591).
+ s3-winbind: Fix the build of idmap_ldap; (bso#9595).
+ Linked attribute handling should be by GUID; (bso#9596).
+ Fix timeouts of some IRPC calls; (bso#9598).
+ Use pid,task_id as cluster_id in process_single just like process_prefork;
(bso#9598).
+ Add 'ldbdump' tool; general code and documentation cleanup; (bso#9609).
+ dsdb: Make secrets_tdb_sync cope with -H secrets.ldb; (bso#9610).
- Update to 4.0.2.
+ Address SWAT security issues CVE-2013-0213 and CVE-2013-0214 which both
don't apply to any SUSE Samba post-3.6.10 as it isn't longer built.
+ Don't build and package static libraries.
- Drop separate build-source-timestamp file as it led to a second, incorrect
Source Timestamp line.
- Add server-side copy support; (fate#314770).
+ Implement FSCTL_SRV_COPYCHUNK and FSCTL_SRV_REQUEST_RESUME_KEY handlers.
+ Add vfs_btrfs VFS module for optimized Btrfs clone-range ioctl usage.
- Add filter against shlib-policy-name-error for /lib*/libnss_wins.so.2.
- Disable SWAT during configure and don't package it any longer.
- Remove dangling references to Heimdal from the spec file.
- Remove /lib/samba prefix from the localstatedir configure option.
- Update to 4.0.1.
+ Samba 4.0.0 as an AD DC may provide authenticated users with write access
to LDAP directory objects; CVE-2013-0172; (bnc#798364).
- Add the missing get_printing_ticket binary path while calling the
set_permissions macro; (bnc#783375).
- Use the version macro while definition of the branch macro.
- Remove references to no longer used devel macros.
- Update to 4.0.0.
+ Honor password complexity settings; (bso#9414).
+ Install SWAT *.msg files with waf; (bso#9415).
+ Fix netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon AES;
(bso#9438).
+ developer-build: Fix panic when acl_xattr fails with access denied;
(bso#9456).
+ Fix "map username script" with "security=ads" and Winbind; (bso#9457).
+ Install manpages only if we install the target; (bso#9459).
+ Respond correctly to FILE_STREAM_INFO requests; (bso#9460).
+ Users can not be given write permissions any more by default; (bso#9462).
+ Fix MMC crashes; (bso#9470).
+ Fix SEGV when using second vfs module; (bso#9471).
+ Support FIPS mode when building Samba; (bso#9479).
+ Fix ACL on "cn=partitions,cn=configuration"; (bso#9481).
- netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon AES broken;
(bso#9438).
- s3:auth: fix create_token_from_sid() to not fail in the winbindd case;
(bso#9457).
- s4:dsdb/acl_read: return the nTSecurityDescriptor attr if the sd_flags
control is given; (bso#9470).
- Support FIPS mode when building Samba; (bso#9479).
- s4:provision: set the correct nTSecurityDescriptor; (bso#9481).
- SEGV when using second vfs module; (bso#9471).
- Update to 3.6.10.
+ Respond correctly to FILE_STREAM_INFO requests; (bso#9460).
+ Fix segfault when "default devmode" is disabled; (bso#9433).
+ Fix segfaults in "log level = 10" on Solaris; (bso#9390).
- s3:smbd:vfs_acl: fix a PANIC when setting an ACL fails with ACCESS_DENIED;
(bso#9456).
- Install manpages only if we install the target; (bso#9459).
- Users can not be given write permissions any more by default; (bso#9462).
- Fix MD5 detection in the autoconf build; (bso#9037); (bso#9086); (bso#9094);
(bso#9418).
- Use work around for 'winbind use default domain' only if it is set;
(bso#9367).
- Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend;
(bso#9374).
- large read requests cause server to issue malformed reply; (bso#9422).
- s3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(); (bso#9426).
- Fix ncacn_ip_tcp reconnection code for lsa lookups; (bso#9439).
- Allow to force DNS updates using net; (bso#9451).
- Respond correctly to FILE_STREAM_INFO requests; (bso#9460).
- Update to 4.0.0rc6.
See WHATSNEW.txt from the samba-doc package.
- On uninstall remove winbind from the pam configuration, invalidate the nscd
passwd and group cache and only recommend the install of nscd; (bnc#792340).
- BuildRequire libnscd-devel once.
- Remove obsoleted references to pre-9.4 SUSE systems; (bnc#792294).
- Add SUSE version depending pkg-config requires macro; (bnc#792294).
- Define library names and use it instead of libldb1, libnetapi0,
libsmbclient0, libsmbsharemodes0, libtalloc2, libtdb1, libtevent0, and
libwbclient0; (bnc#792294).
- Provide and obsolete libsmbsharemodes for post-10.3 SUSE systems.
- Don't clutter the spec file diff view; (bnc#783384).
- Fix fd leak causing 100% CPU in winbind on certain dc connection
failures; (bso#9436); (bnc#786677).
- Fix spoolss segfault when default devmode is disabled; (bso#9433);
(bnc#791183).
- Update to 4.0.0rc5.
See WHATSNEW.txt from the samba-doc package.
- ACL masks incorrectly applied when setting ACLs; (bso#9236).
- s3-kerberos: also try with AES keys, when decrypting tickets; (bso#9272).
- lib/replace: replace all *printf function if we replace snprintf; (bso#9390).
- lib/addns: don't depend on the order in resp->answers[]; (bso#9402).
- s4:torture/smb2: improve the smb2.create.blob tes; (bso#9209).
- lib/krb5_wrap: request enc_types in the correct order; (bso#9272).
- Fix net ads join message for the dns domain; (bso#9326).
- docs-xml: fix use of <smbconfoption> tag; (bso#9345).
- s3-aio_pthread: Optimize aio_pthread_handle_completion; (bso#9359).
- s3:winbind: Failover if netlogon pipe is not available; (bso#9386).
- Execute the run_permissions macro on pre-11.4 systems and else the
set_permission one if available.
- Ensure adding the winbind group never can fail.
- Create ntadmin group only if it doesn't yet exist.
- Update to 3.6.9.
+ When setting a non-default ACL, don't forget to apply masks to
SMB_ACL_USER and SMB_ACL_GROUP entries; (bso#9236).
+ Winbind can't fetch user or group info from AD via LDAP; (bso#9147).
+ Fix segfault in smbd if user specified ports out for range; (bso#9218).
- quota: Don't force the block size to 512; (bso#3272).
- Fix poll replacement to become a msleep replacement; (bso#8107).
- Fix wrong test == syntax in configure; (bso#8146).
- Fix --with(out)-sendfile-support option handling in autoconf; (bso#8344).
- Fix builtin forms order to match Windows again; (bso#8632).
- Fix RAW printing for normal users; (bso#8769); (bnc#790741).
- Initialise ticket to ensure we do not invalid memory; (bso#8788).
- Fix 'net rpc share allowedusers' to work with 2008r2; (bso#8966).
- Fix crash on null pam change pw response; (bso#9013).
- Connection to outbound trusted domain goes offline; (bso#9016).
- Increase debug level for info that the db is empty; (bso#9112).
- 'smbclient' can't connect to a Windows 7 server using NTLMv2; (bso#9117).
- Winbind can't fetch user or group info from AD via LDAP; (bso#9147).
- Open printers with the right access mask; (bso#9154).
- Fix makerpms.sh on RHEL; (bso#9165).
- Remove non-existent option '-Y' from winbindd manpage; (bso#9171).
- Add quota support for gfs2; (bso#9172).
- Make SMB2 compound request create/delete_on_close/close work as Windows;
(bso#9173).
- Empty SPNEGO packet can cause smbd to crash; (bso#9174).
- pam_winbind: Match more return codes when wbcGetPwnam has failed;
(bso#9177).
- Fix crash bug in idmap_hash; (bso#9188); (bnc#788159).
- SMB2 Create doesn't return correct MAX ACCESS access mask in blob;
(bso#9189).
- Fix service control for non-internal services; (bso#9192).
- Don't take 'state->te' as indication for "was_deferred"; (bso#9196).
- Parse of invalid SMB2 create blob can cause smbd crash; (bso#9209).
- Bad ASN.1 NegTokenInit packet can cause invalid free; (bso#9213).
- Fix segfault in smbd if user specified ports out for range; (bso#9218).
- Signing cannot be disabled for SMB2 by design, so fix the documentation
instead; (bso#9222).
- Fix NT_STATUS_IO_TIMEOUT during slow import of printers into registry;
(bso#9231).
- When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER
and SMB_ACL_GROUP entries; (bso#9236).
- lib-addns: ensure that allocated buffer are pre set to 0; (bso#9259).
- Make tdb robust against shrinking tdbs and improper CLEAR_IF_FIRST restart;
(bso#9268).
- Add support for reloading systemd services; (bso#9280).
- Warn via the smbd log if AppArmor and "wide links" are in use; (bnc#783719).
- Do not write the build date into the header of the default smb.conf as this
causses superfluous rebuilds of packages depending on samba; (bnc#781601).
- Do not prerequire SuSEconfig.permissions as it's already enough and more
generic to depend on the permissions package; (bnc#782293).
- Update to 3.6.8.
+ Fix crash bug in smbd caused by a blocking lock followed by close;
(bso#9084).
+ Fix Winbind panic if we couldn't find the domain; (bso#9135).
- Backport FSCTL codes and fix segfault in smbstatus from master; (bso#9058).
- Fix bad call to memcpy source3/registry/regfio.c; (bso#9065).
- "Domain Users" incorrectly added as additional group on domain members;
(bso#9066).
- Use correct RID for "Domain Guests" primary group; (bso#9067).
- Fix crash bug in smbd caused by a blocking lock followed by close;
(bso#9084).
- Fix smbclient/tarmode panic when connecting to Windows 2000 clients;
(bso#9088).
- Fix refreshing of Kerberos tickets in Winbind; (bso#9098).
- Fix identification of idle clients in Winbind to avoid crashes and NDR
parsing errors; (bso#9104).
- Fix compilation with newer MIT Kerberos which hides internal symbols;
(bso#9111).
- Fix flooding the logs with records we don't find in pcap; (bso#9112).
- Initialize the print backend after we setup winreg; (bso#9122).
- Fix lprng job tracking errors; (bso#9123).
- Fix setting of "inherited" bit on inherited ACE's; (bso#9124).
- Fix Winbind panic if we couldn't find the domain; (bso#9135).
- Make 'smbclient allinfo' show the snapshot list; (bso#9137).
- Fix nfs quota support with Linux nfs4 mounts; (bso#9144).
- Valid open requests can cause smbd assert due to incorrect oplock handling
on delete requests; (bso#9150).
- NMB registration for a duplicate workstation fails with registration
refuse; (bso#9085); (bnc#770056).
- Remove backup files caused by running configure in examples/VFS.
- Update to 3.6.7.
+ Fix resolving our own "Domain Local" groups; (bso#9052); (bnc#779269).
+ Fix migrating printers while upgrading from 3.5.x; (bso#9026).
- Correct documentation of "case sensitive"; (bso#8552).
- Printing fails in function cups_job_submit; (bso#8719).
- Fix kernel oplocks when uid(file) != uid(process); (bso#8974).
- Send correct responses to NT Transact Secondary when no data and no params
for the Trans2 calls are set; (bso#8989).
- Fix build without ads support; (bso#8996).
- Don't turn negative cache entries into valid idmappings; (bso#9002).
- Fix posix acl on gpfs; (bso#9003).
- Make vfs_gpfs less verbose in get/set_xattr functions; (bso#9022).
- Fix migrating printers while upgrading from 3.5.x; (bso#9026).
- Fix typo in set_re_uid() call when USE_SETRESUID selected in configure;
(bso#9034).
- Using asynchronous IO with SMB2 can return NT_STATUS_FILE_CLOSED in error
instead ofNT_STATUS_FILE_LOCK_CONFLICT; (bso#9040).
- Fix resolving our own "Domain Local" groups; (bso#9052); (bnc#779269).
- Fix build against CUPS 1.6; (bso#9055).
- Fix bugs in SMB2 credit handling code; (bso#9057).
- rpcclient: Fix bad call to data_blob_const; (bso#9062).
- Create missing doc directories while install.
- Remove no longer existing Manifest file from install.
- Don't creat a link to non existend html man pages for swat.
- Don't call the no longer existing libsmbclient testsuit while build.
- Configure with option --mandir instead --with-mandir.
- Remove obsoleted --with-rootsbindir, --with-nmbdsocketdir, and
- -with-swatdir configure options.
- Update to 4.0.0beta4.
See WHATSNEW.txt from the samba-doc package.
- BuildRequire gcc, make, and patch; (bnc#771516).
- ndr: fix push/pull DATA_BLOB with NDR_NOALIGN; (bso#9026); (bnc#770262).
- Fix shell syntax in dhcpcd hook script; (bnc#769957).
- Add missing int declaration to the net kdc lookup patch.
- Update to 4.0.0beta2.
See WHATSNEW.txt from the samba-doc package.
- Update to 3.6.6.
+ Fix possible memory leaks in the Samba master process; (bso#8970).
+ Fix uninitialized memory read in talloc_free(); (bnc#764577).
+ Fix joining of XP Pro workstations to 3.6 DCs; (bso#8373); (bnc#787983).
- resolve_ads() code can return zero addresses and miss valid DC IP addresses;
(bso#8910).
- Can't join XP Pro workstations to 3.6.1 DC; (bso#8373); (bnc#787983).
- winbind can hang as nbt_getdc() has no timeout; (bso#8953).
- Fix crash bug in dns_create_probe when dns_create_update fails; (bso#8627)
- s3-pid: Catch with pid filename's change when config file is not smb.conf;
(bso#8714).
- Possible memory leaks in the main Samba process; (bso#8970).
- s3: Fix uninitialized memory read in talloc_free(); (bnc#764577).
- Treat exit_server_cleanly() as a "clean" shutdown; (bso#8971).
- Avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute(); (bso#8988).
- Winzip occasionally can not read files out of an open winzip dialog;
(bso#8311).
- s3-winbindd: call dump_core_setup after command line option has been parsed;
(bso#8975).
- Directory group write permission bit is set if unix extensions are enabled;
(bso#8972).
- s3: remove dependency on automake for "make everything"; (bso#8978).
- sd_has_inheritable_components segfaults on an SD that se_access_check
accepts; (bso#8811).
- smbclient's tarmode insists on listing excluded directories; (bso#8922).
- Notify code can miss a ChDir; (bso#8998).
- s3:smbd: add a fsp_persistent_id() function; (bso#8995).
- Call autogen.sh even on post-12.1 SUSE systems.
- Don't call autogen.sh on post-12.1 SUSE and post-14 Fedora systems.
- Recompile all IDL in any case.
- BuildIgnore libtalloc and libtdb to prevent a package conflict on Fedora
systems.
- Install talloc.pc only on pre-12.2 and non SUSE systems.
- BuildRequire libldb-devel, libtalloc-devel, libtdb-devel, and
libtevent-devel on post-12.1 systems.
- s3: Fix a segfault with debug level 3 on Solaris; (bso#8861).
- s3: wbinfo --lookup-sids "" crashes winbind; (bso#8904).
- smbd crashes when deleting directory and veto files are enabled; (bso#8837).
- winbind_krb5_locator only returns one IP address; (bso#8897).
- Wrong assertion/comparison: Compare value not pointer; (bso#8859).
- Inconsistent (with manpage) command-line switch for "help" in smbtree;
(bso#8831).
- Fix incorrect debug statement.
- Setting traverse rights fails to enable directory traversal when acl_xattr
in use; (bso#8857).
- Syslog broken owing to mistyping of debug_settings.syslog; (bso#8877).
- s3/ldap: remove outdated netscape ds 5 schema file; (bso#8869).
- s3-docs: fixes several typos; (bso#7938).
- s3-VFS: Fix building out-of-tree modules; (bso#8822).
- s3-docs: Add hint that setting "profile acls = yes" on normal shares can
cause trouble; (bso#7930).
- s3-pam_winbind: Fix the build with a newer iniparser library; (bso#8915).
- Avoid null dereference in initialize_password_db(); (bso#8920).
- s3:registry: implement values_need_update and subkeys_need_update in the
smbconf backend.
- s3:registry:reg_api: fix reg_queryvalue to not fail when values are
modified while it runs.
- s4:torture:rpc:spoolss: also initialize driverName before checking it in
test_PrinterData_DsSpooler().
- s3:registry: multiple cleanups, fixes, and optimisations.
- s3:auth/server_info: the primary rid should be in the groups rid array;
(bso#8798).
- s3-printing: Add new printers to registry; (bso#8554); (bso#8612);
(bso#8748).
- Fix the overwriting of errno before use in a DEBUG statement and use the
return value from store_acl_blob_fsp rather than ignoring it; (bso#8945).
- s3-auth: Don't lookup the system user in pdb; (bso#8944).
- s3-passdb: Fix negative SID->uid/gid cache handling; (bso#8952).
- Fix typo in pam_winbindd code; (bso#8957).
- Fix remove_duplicate_addrs2 previously it could leave zero addresses in the
list; (bso#8910).
- Slow but responsive DC can lock up winbindd; (bso#8943).
- Broken processing of %U with vfs_full_audit when force user is set;
(bso#8882).
- Disable included build of ldb, talloc, tdb, and tevent on post-12.1 systems.
- BuildRequire libldb1-devel, libtalloc2-devel, libtdb1-devel, and
libtevent0-devel on post-12.1 systems.
- Add PreReq /etc/init.d/nscd to the winbind package; (bnc#759731).
- docs-xml: fix default name resolve order; (bso#7564).
- s3-aio-fork: Fix a segfault in vfs_aio_fork; (bso#8836).
- docs: remove whitespace in example samba.ldif; (bso#8789).
- s3-smbd: move print_backend_init() behind init_system_info(); (bso#8845);
(bnc#730769).
- s3-docs: Prepend '/' to filename argument; (bso#8826).
- Update to 3.6.5.
- Restrict self granting privileges where security=ads for Samba post-3.3.16;
CVE-2012-2111; (bnc#757576).
- Remove all precompiled idl output to ensure any pidl changes take effect;
(bnc#757080).
- Update to 3.6.4.
- Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe-
cution as the "root" user; PIDL based autogenerated code allows overwriting
beyond of allocated array; CVE-2012-1182; (bso#8815); (bnc#752797).
- s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys;
(bso#8599).
- Correctly handle DENY ACEs when privileges apply; (bso#8797).
- s3:smb2_server: fix a logic error, we should sign non guest sessions;
(bso8749).
- Allow vfs_aio_pthread to build as a static module; (bso#8723).
- s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for
persistent dbs; (#bso8527).
- s3: segfault in dom_sid_compare(bso#8567).
- Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER;
(bso#8768).
- s3-winbindd: Close netlogon connection if the status returned by the
NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771).
- s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599).
- Fix problem when calculating the share security mask, take priviliges into
account for the connecting user; (bso#8784).
- Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups;
(bso#8807); (bnc#751454).
- Remove obsoleted Authors lines from spec file for post-11.2 systems.
- Make ldapsmb build with Fedora 15 and 16; (bso#8783).
- BuildRequire libuuid-devel for post-11.0 and other systems.
- Define missing python macros for non SUSE systems.
- PreReq to fillup_prereq and insserv_prereq only on SUSE systems.
- Always use cifstab instead of smbfstab on non SUSE systems.
- Ensure AndX offsets are increasing strictly monotonically in pre-3.4
versions; CVE-2012-0870; (bnc#747934).
- Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760); (bnc#741854).
- s3-printing: fix crash in printer_list_set_printer(); (bso#8762);
(bnc#746825).
- s3:winbindd fix a return code check; (bso#8406).
- s3: Add rmdir operation to streams_depot; (bso#8733).
- s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used();
(bso#8738); CVE-2013-0454; (bnc#811975).
- s3:auth: fill the sids array of the info3 in
wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739).
- s3:client: ignore SMBecho errors (the server may not support it);
(bso#8139).
- Be more strict when using PAM_AUTH API from winbind if Kerberos auth is
enabled and don't unintentionally use a bogus domain name; (bso#8734).
- smbclient fails with posix large reads; (bso#8727).
- Use the smbfs init script on versions pre-11.3, or cifs in later versions;
(bnc#744614).
- s3: Compile IDL files in autogen, some configure tests need this.
- Fixes various deadlocks in if-up.d / if-down.d when running under
systemd; (bnc#732395).
- Update to 3.6.3.
+ Fix memory leak in parent smbd on connection; CVE-2012-0817; (bso#8724);
(bnc#743986).
- Use spdx.org compliant license names for all packages.
- Update to 3.6.2.
+ Make Winbind receive user/group information (bug #8371).
+ Several SMB2 fixes.
+ Fix a crash bug in the spoolss code.
+ Add new contributing FAQ announcing acceptance of corporate (C).
+ DeletePrinterDriverEx deletes files in use; (bso#4942); (bnc#742504).
+ Fix cli_write_and_x() against OS/2 print shares; (bso#5326).
+ Fix 'smbclient tar' for files greater than 8GB on BE machines; (bso#563);
(bnc#726145).
+ Remove pointless use_memory_krb5_ccache; (bso#7465).
+ Fix perl path; (bso#8176).
+ Grant credits in async interim responses (SMB2); (bso#8357).
+ Make Winbind receive user/group information; (bso#8371).
+ Fix Windows XP clients crashing smbd process every once in a while;
(bso#8384); (bnc#731571).
+ Make VFS op "streaminfo" stackable; (bso#8419).
+ Add an allocation pool to idmap_autorid; (bso#8444).
+ Fix SEGFAULT from net registry export on not zero terminated REG_SZ
values; (bso#8528).
+ Make DSO_EXPORTS_CMD more portable; (bso#8531).
+ readlink() on Linux clients fails if the symlink target is outside of the
share; (bso#8541).
+ smbclient posix_open command fails to return correct info on open file;
(bso#8542).
+ winbind_samlogon_retry_loop ignores logon_parameters flags; (bso#8548).
+ Fix setting the machine account password; (bso#8550).
+ Make SMB2 handle compound request headers in the same way as Windows;
(bso#8560).
+ Password change settings not fully observed; (bso#8561).
+ Fix double free error in talloc; (bso#8562).
+ Fix alignment in the non-extended-security negprot; (bso#8573).
+ Add systemd service files; (bso#8575).
+ Add systemd service files; (bso#8575).
+ smb2_flush: Don't send uninitialized memory; (bso#8579).
+ Enable inotify if sys or kernel inotify is available; (bso#8580).
+ Increase a debug level; (bso#8585).
+ libsmb: Only align unicode pipe_name; (bso#8586).
+ Fix marshalling of samr_ChangePasswordUser3; (bso#8591).
+ Don't limit the number of open dptrs for SMB2; (bso#8592).
+ Fix a crash bug in cldap_socket_recv_dgram(); (bso#8593).
+ Make cldap work over IPv6; (bso#8600).
+ Fix intermittent print job failures caused by character conversion errors;
(bso#8606).
+ Improve configure.in so it can be used outside the Samba source tree;
(bso#8607).
+ Winbind: Don't fail on users without a uid; (bso#8608).
+ Ensure we correctly calculate reply credits over all returned SMB2
replies; (bso#8614).
+ Fix migrate printer code; (bso#8618).
+ Fix crash bug when trying to browse Samba printers; (bso#8623).
+ libsmb: Don't duplicate Kerberos service tickets; (bso#8628).
+ POSIX ACE x permission becomes rx following mapping to and from a DACL;
(bso#8631).
+ When returning an ACL without SECINFO_DACL requested, we still set
SEC_DESC_DACL_PRESENT in the type field; (bso#8636).
+ Fix the vfs_commit module; (bso#8639).
+ Add an update function for Winbind cache; (bso#8643).
+ vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries
on a directory with no stored ACL; (bso#8644).
+ Document the "ignore system acls" option of vfs_acl_xattr and vfs_acl_tdb
vfs modules; (bso#8652).
+ Fix deleting a symlink if the symlink target is outside of the share;
(bso#8663).
+ Fix renaming a symlink if the symlink target is outside of the share;
(bso#8664).
+ Fix NT ACL issue; (bso#8673).
+ Fix buffer overflow issue with AES encryption in samba traffic analyzer;
(bso#8674).
+ Fix Winbind segfault if we can't map the last user; (bso#8678).
+ recvfile code path using splice() on Linux leaves data in the pipe on
short write; (bso#8679).
+ Try ctdbd_init_connection() as root; (bso#8684).
+ Packet validation checks can be done before length validation causing
uninitialized memory read; (bso#8686).
+ Fix typo in 'net memberships' usage; (bso#8687).
+ libads: Fix malloc/talloc mismatch in ads_keytab_verify_ticket();
(bso#8692).
+ Make DeletePrinterDriverEx remove printer driver files; (bso#8697)
(bnc#740810).
+ Fix major leak with SMB2 in connections.tdb; (bso#8710).
- s3-spoolss: Pass the right pointer type; (bso#4942); (bnc#742504).
- Use correct license, LGPLv3+ for libwbclient packages.
- When returning an ACL without SECINFO_DACL requested, we still set
SEC_DESC_DACL_PRESENT in the type field; (bso#8636).
- Fix incorrect types in the full_audit VFS module. Add null terminators to
audit log enums; (bnc#742885).
- Prefix print$ path on driver file deletion; (bso#8697); (bnc#740810).
- Fix printer_driver_files_in_use() call ordering; (bso#4942); (bnc#742504).
- Buffer overflow issue with AES encryption in samba traffic analyzer;
(bso#8674).
- NT ACL issue; (bso#8673).
- Deleting a symlink fails if the symlink target is outside of the share;
(bso#8663).
- connections.tdb - major leak with SMB2; (bso#8710).
- Renaming a symlink fails if the symlink target is outside of the share;
(bso#8664).
- Intermittent print job failures caused by character conversion errors;
(bso#8606).
- ads_keytab_verify_ticket mixes talloc allocation with malloc free;
(bso#8692).
- libcli/cldap: fix a crash bug in cldap_socket_recv_dgram(); (bso#8593).
- s3:lib/ctdbd_conn: try ctdbd_init_connection() as root; (bso#8684).
- s3-printing: fix migrate printer code; (bso#8618).
- Packet validation checks can be done before length validation causing
uninitialized memory read; (bso#8686).
- net memberships usage info was wrong; (bso#8687).
- s3-libsmb: Don't duplicate kerberos service tickets; (bso#8628).
- Recvfile code path using splice() on Linux leaves data in the pipe on short
write; (bso#8679).
- s3-winbind: Fix segfault if we can't map the last user; (bso#8678).
- vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on
a directory with no stored ACL; (bso#8644).
- s3/doc: document the ignore system acls option of vfs_acl_xattr and
vfs_acl_tdb; (bso#8652).
- Winbind can't receive any user/group information; (bso#8371).
- s3-winbind: Add an update function for winbind cache; (bso#8643).
- s3: Attempt to fix the vfs_commit module.
- POSIX ACE x permission becomes rx following mapping to and from a DACL;
(#bso#8631).
- s3:libsmb: only align unicode pipe_name; (bso#8586).
- s3-winbind: Don't fail on users without a uid; (bso#8608).
- Crash when trying to browse samba printers; (bso#8623).
- talloc: double free error; (bso#8562).
- cldap doesn't work over ipv6; (bso#8600).
- s3:libsmb: fix cli_write_and_x() against OS/2 print shares; (bso#5326).
- SMB2: not granting credits for all requests in a compound request;
(bso#8614).
- smb2_flush sends uninitialized memory; (bso#8579).
- Password change settings not fully observed; (bso#8561).
- s3:smb2_server: grant credits in async interim responses; (bso#8357).
- s3:smbd: don't limit the number of open dptrs for smb2; (bso#8592).
- samr_ChangePasswordUser3 IDL incorrect; (bso#8591).
- idmap_autorid does not have allocation pool; (bso#8444).
- Add systemd service files.
- s3:libsmb: the workgroup in the non-extended-security negprot is not
aligned; (bso#8573).
- s3-build: Fix inotify detection; (bso#8580).
- SMB2 doesn't handle compound request headers in the same way as Windows;
(#bso8560).
- Disconnecting clients swamp the logs; (bso#8585).
- s3-netlogon: Fix setting the machinge account password; (bso#8550).
- winbind_samlogon_retry_loop ignores logon_parameters flags; (#bso8548).
- smbclient posix_open command fails to return correct info on open file;
(bso#8542).
- readlink() on Linux clients fails if the symlink target is outside of the
share; (bso#8541).
- s3-netapi: remove pointless use_memory_krb5_ccache; (bso#7465).
- s3:Makefile: make DSO_EXPORTS_CMD more portable; (bso#8531).
- s3:registry: fix the test for a REG_SZ blob possibly being a zero terminated
ucs2 string; (bso#8528).
- Make VFS op "streaminfo" stackable; (bso#8419).
- Fix incorrect perfcount array length calculations; (bnc#739258).
- BuildRequire autoconf to avoid implicit dependency for post-11.4 systems.
- Remove call to suse_update_config macro for post-11.4 systems.
- Use samba.org for the ldapsmb source location.
- Fixing libsmbsharemode dependency on ldap and krb5 libs in Makefile;
(bnc #729516).
- Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES;
(bso#8631); (bnc#732572).
- Add ldap to Should-Start and Stop of the smb init script; (bnc#730046).
- Fix smbd srv_spoolss_replycloseprinter() segfault; (bso#8384); (bnc#731571).
- Fix pam_winbind.so segfault in pam_sm_authenticate(); (bso#8564).
- Fix smbclient >8GB tars on big endian machines; (bso#563); (bnc#726145).
- Fix typo in net ads join output; (bnc#713135).
- Ignore a potentially missing AppArmor snippet helper script; (bnc#725256).
- Update to 3.6.1.
+ Fix smbd crashes triggered by Windows XP clients; (bso#8384).
+ Fix a Winbind race leading to 100% CPU load; (bso#8409).
+ Several SMB2 fixes.
+ The VFS ACL modules are no longer experimental but production-ready.
+ Fix 'net ads join -k' when KRB5CCNAME is not set; (bso#7465).
+ smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509).
+ Return error of cli_push when 'put - /some/file' is used; (bso#7551).
+ Fix usage of cli_errstr(); (bso#7864).
+ Fix 'widelinks' regression; (bso#8229).
+ Empty notify servername; (bso#8236).
+ Add man vfs_aio_fork; (bso#8256).
+ smb2: smbd logs "Invalid SMB packet: first request: 0x0008" and crashes;
(bso#8334).
+ Add a fallback for missing open&x support in MAC OS/X Lion; (bso#8338).
+ While migrating forms, don't fail if the form already exists; (bso#8351).
+ OS/2 sends an unexpected write&x/read&x chain; (bso#8360).
+ Fix build of vfs_prealloc on SLES8; (bso#8363).
+ Fix the build of gpfs.c on RHEL 6.0 with gpfs 3.4.0-4; (bso#8364).
+ Fix the fallback to the deprecated spelling idmap:script; (bso#8368).
+ Fix vfs_chown_fsp; (bso#8370).
+ Fix smbd crashes triggered by Windows XP clients; (bso#8384).
+ Fix smbclient access to NT4 shares; (bso#8385).
+ Optimize serverid_exists() for Solaris; (bso#8395).
+ registry/reg_format.c must include includes.h; (bso#8401).
+ SMB2 server can return requests out-of-order when processing a compound
request; (bso#8407).
+ Fix a Winbind race leading to 100% CPU load; (bso#8409).
+ Fix "saving as" of MS Office 2007 (Word) documents on Samba shares with
SMB2; (bso#8412).
+ Fix 'getent group' if trusted domains are not reachable; (bso#8420).
+ Fix infinite loop in ACL module code; (bso#8422).
+ Fix wrong reply to DHnC (durable handle reconnect); (bso#8428).
+ Compound SMB2 requests on an IPC connection can corrupt the reply stream;
(bso#8429).
+ Fix segfault in iconv.c; (bso#8433).
+ NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames;
(bso#8442).
+ Be smarter about setting default permissions when a ACL_USER_OBJ isn't
given; (bso#8443).
+ Check the wct of the incoming SMBnegprot responses; (bso#8452).
+ Fix smbclient segfaults when dialect option -m is used for legacy
dialects; (bso#8453).
+ Fix uninitialized memory problem in group_sids_to_info3; (bso#8455).
+ Samba PDC is looking up only primary user group; (bso#8455).
+ IE9 on Windows 7 cannot download files to samba 3.5.11 share; (bso#8458).
+ smb2_find uses a hard coded max reply size of 0x10000 instead of
smb2_max_trans; (bso#8473).
+ SMB2 create doesn't cope with an Apple client using NULL blob in create;
(bso#8474).
+ Don't call smbd_terminate_connection in smb2_validate_message_id();
(bso#8476).
+ Samba asserts when SMB2 client breaks the crediting rules; (bso#8476).
+ Map to guest can return uninitialized blob of data; (bso#8477).
+ acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480).
+ DFS breaks zip file extracting unless "follow symlinks = no" set;
(bso#8493).
+ Remove "experimental" label on VFS ACL modules; (bso#8494).
+ SMB2_OP_CANCEL requests don't have to be signed; (bso#8503).
+ smbd doesn't correctly honor the "force create mode" bits from a cifsfs
create; (bso#8507).
+ Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER;
(bso#8509).
+ Disallow "." in can_set_delete_on_close(); (bso#8515).
+ SMB2 create call returns incorrect file allocation size; (bso#8518).
+ Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements;
(bso#8520).
+ Winbind cache timeout expiry test was reversed; (bso#8521).
- s3/doc: add man page for aio_fork vfs module.
- Fix uninitialized memory problem in group_sids_to_info3; (bso#8455).
- s3: Samba PDC is looking up only primary user group; (bso#8455).
- Add script to create or update an AppArmor sniplet with permissions for all
Samba shares; (bnc#688040).
- Add "ldapsam:login cache" parameter to allow explicit disabling
of the login cache; (bnc#723261).
- Retain the smbd startproc return value for correct startup status reporting.
unset was incorrectly being called prior to rc_status; (bnc#723724).
- Prevent deadlock in systemd triggered by if-down.d handler on shutdown;
(bnc#721598).
- smb2_find uses a hard coded max reply size of 0x10000 instead of
smb2_max_trans; changed defaults and documentation (bso8473).
- Empty CIFS share can be blocked for other clients by deleting it via empty
path (DELETE_PENDING until the last client); (bso#8515).
- winbindd cache timeout expiry test was reversed; (bso#8521).
- Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements; (bso#8520).
- s3:smb2_create: fix allocation size return value when opening existing
files; (bso#8518).
- SMB2 create doesn't cope with an Apple client using NULL blob in create;
(bso#8474).
- NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames;
(bso#8442).
- s3-docs: Fix bug (bso#7908) and typo.
- Return error of cli_push when 'put - /some/file' is used; (bso#7551).
- Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER; (bso#8509).
- smbd doesn't correctly honor the "force create mode" bits from a cifsfs
create; (bso#8507).
- Default user entry is set to minimal permissions on incoming ACL change with
no user specified; (bso#8443).
- smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509).
- Handle the SECINFO_LABEL flag in the same was as Win2k3; enable Microsoft
Internet Explorer 9 on Windows 7 to download files; (bso#8458).
- DFS breaks zip file extracting unless "follow symlinks = no" set;
(bso#8493).
- s3-docs: Fix typos.
- s3:smb2_server: SMB2_OP_CANCEL requests don't have to be signed; (bso#8503).
- Remove "experimental" label on VFS ACL modules; (bso#8494).
- acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480).
- s3-smbd: asserts when SMB2 client breaks the crediting rules; (bso#8476).
- s3-libnet: allow to use default krb5 ccache in libnet_Join/libnet_Unjoin;
(bso#7465).
- smb2_find uses a hard coded max reply size of 0x10000 instead of
smb2_max_trans; (bso#8473).
- s3-netapi: allow to use default krb5 credential cache for libnetapi users.
- s3-docs: document -k switch in net manpage.
- Map to guest can return uninitialized blob of data; (bso#8477).
- s3-registry: registry/reg_format.c must include includes.h; (bso#8401).
- smbclient segfaults when option -m is used for legacy dialects; (bso#8453).
- Fix 'widelinks' regression intro'd in 3.2; (bso#8229).
- Compound SMB2 requests on an IPC connection can corrupt the reply stream;
(bso#8429).
- s3-spoolss: Fix bug forms migration; (bso#8351).
- s3:libsmb: check the wct of the incoming SMBnegprot responses; (bso#8452).
- s3: Do not fork the echo handler for smb2; (bso#8334).
- s3-spoolss: Fix bug empty notify servername; (bso#8236).
- SMB2 server can return requests out-of-order when processing a compound
request; (bso#8407).
- Remove smb child crash fix. The issue had been fixed upstream differently.
- BuildRequire ctdb-devel version greater than 1.0.105 for post-10.0 systems.
- Fix samba duplicates file content on appending. Move posix case semantics
out from under the VFS; (bso#6898); (bnc#681208).
- Make winbind child reconnect when remote end has closed, fix
failing sudo; (bso#7295); (bnc#569721).
- Spec file cleanup as suggested by the spec-cleaner tool.
+ Make all BuildRequires, PreReq, and Provides a separate line.
+ Use %{buildroot} instead of ${RPM_BUILD_ROOT}.
+ Use straight commands instead of macros (make, install).
+ Use -p in post and postun if we only call one command.
+ Use %{_localstatedir} instead of %{_var} in the filelist.
+ Remove superfluous AutoReqProv on lines.
- Remove %release from all Provides.
- Fix segfault in iconv.c which caused a null pointer dereference; (bso#8433).
- Use /var/run for the cifs state file in the init script too; (bnc#710304).
- Microsoft Word from Microsoft Office 2007 fails to save as on a share with
SMB2; (bso#8412).
- Use sys_write and sys_read in fork_domain_child to fix a winbind race
leading to 100% CPU usage; (bso#8409).
- Fix wrong reply to smb2 durable handle reconnect (DHnC) request; (bso#8428).
- Fix infinite loop in ACL module code; (bso#8422).
- Fix getent group if trusted domains are not reachable; (bso#8420).
- smbclient can't access a NT4 share since 3.6.0; (bso#8385).
- Optimize serverid_exists() for Solaris; (bso#8395).
- talloc:
+ check block count after references test.
+ added test suite for talloc_free_children().
+ license info erratum in the manpage.
+ fix typos and better differentiation between versions 1 and 2.
+ preserve context name on talloc_free_children().
+ ensure the sibling linked list remains valid during a free.
- vfs_chown_fsp returned in the wrong directory; (bso#8370).
- Remove irritating "." targets when recent system libs exist; (bso#8369).
- Correctly initialize "idmap config * : script" with NULL; (bso#8368).
- Add missing include to suppress compiler warnings; (bso#8365).
- Point the chain offset beyond the current request; (bso#8360).
- Fix gpfs vfs module build; (bso#8364).
- Make vfs_prealloc even build on older systems; (bso#8363).
- Do central cli_set_error and return the actual NTSTATUS; (bso#7864).
- Add a fallback for missing open&x support in OS/X Lion; (bso#8338).
- Update to 3.6.0.
+ BUG 7462: Make SA_RESETHAND conditional on its existance.
+ BUG 8303: db_ctdb_send_schedule_for_deletion() is not defined.
+ BUG 8324: smbclient cannot list directories from a big-endian machine.
+ BUG 8326: WinXP cannot join a Samba3 domain with a 'even' hostname.
+ BUG 8327: Fix the reload of the configuration, also reload activated
registry shares.
+ BUG 8328: Cleanup of idmap_tdb2 code.
+ BUG 8330: Fix NFSv4 ACL merging logic.
+ BUG 8335: File copy aborts with smb2_validate_message_id: bad message_id.
+ BUG 8341: Fix segfault in libsmbclient.
+ BUG 8343: Fix SMB2 crash reading with aio_fork beyond the end of file.
+ BUG 8347: Fix regression for HP-UX, AIX and OSF.
+ BUG 8357: Make sure we grant credits on async read/write operations.
+ BUG 8358: Fix a bug in run_poll_events().
+ BUG 8362: Fix build issue on old glibc systems.
- Remove references to disabled vscan build.
- Add missing define, includes, and initialization to get_printing_ticket.
- Use /var/run for the cifs state file; (bnc#710304).
- Fix #ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION issue; (bso#8303).
- File copy aborts with smb2_validate_message_id: bad message_id; (bso#8335).
- Fix reload of the configuration and also reload activated registry shares;
(bso#8327).
- WinXP cannot join a Samba3 domain with a 'even' hostname; (bso#8326).
- smbclient cannot list directories from a big-endian machine; (bso#8324).
- Update to 3.6.0rc3.
+ BUG 7841: Explicitly pass domain_sid to wbint_LookupRids().
+ BUG 7888: Deal with buggy 3.0 based PDCs.
+ BUG 8083: Fix "inherit owner = yes" with vfs_acl_xattr or vfs_acl_tdb
module.
+ BUG 8102: Do not allow to change file ACLs from normal domusers.
+ BUG 8102: Do not allow to change file ACLs from normal domusers.
+ BUG 8193: Add new command 'enumerate_recursive'.
+ BUG 8195: Make rpc client code working against NT4 servers.
+ BUG 8211: Fix "inherit owner = yes" when "inherit permissions = yes" is
set.
+ BUG 8213: Fixes in idmap_autorid.
+ BUG 8214: Fix smbd crash on printer driver upgrade.
+ BUG 8215: Fix Winbind unix username lookup.
+ BUG 8216: Make Winbind returning correct results with 'sids2xids'.
+ BUG 8217: Do not stat-check the share path in 'net conf addshare'.
+ BUG 8219: Fix SMB Panic from Windows 7 client.
+ BUG 8224: Fix the build on FreeBSD.
+ BUG 8226: Use c99 initializers which are supported by old gcc 2.95
compilers.
+ BUG 8230: Move .nmbd socket directory to non-hidden name PREFIX/var/nmbd.
+ BUG 8231: Fix crash bug in 'net cache get'.
+ BUG 8235: Fix smbd crash on startup caused by migrate_printer().
+ BUG 8240: Fix Valgrind warnings in winreg/spoolss code.
+ BUG 8244: Fix copying files larger than 2 GB to a Samba share.
+ BUG 8247: Fix Coverity ID 2582: FORWARD_NULL.
+ BUG 8253: Fix Winbind panic if verify_idpool() fails.
+ BUG 8254: Fix "acl check permissions = no".
+ BUG 8260: Fix DCERPC responses with fragments larger than 1024 bytes.
+ BUG 8262: Fix build of vfs_commit.
+ BUG 8263: Fix build with --with-fake-kaserver or --with-vfs-afsacl.
+ BUG 8264: Fix Valgrind bugs in svcctl.
+ BUG 8276: Close all sockets attached to a subnet in close_subnet().
+ BUG 8278: Fix smbd panic when CTDB is unhealthy.
+ BUG 8281: Fix build of examples/VFS/*.
+ BUG 8286: Fix smbd crash on premature end of smb2 conn.
+ BUG 8292: Fix a major architectural flaw in the SMB2 server code.
+ BUG 8293: Fix log file rotating in SMB2.
+ BUG 8304: Fix uninitialized variable in error path.
+ BUG 8305: Fix segfault in nmbd when using 'smbtree ...'..
+ BUG 8307: brl_close_fnum does not call SMB_VFS_BRL_UNLOCK_WINDOWS on all
locks.
+ BUG 8310: toupper_ascii() is broken on big-endian systems.
+ BUG 8314: Fix smbd crash with unknown user.
+ Mark 'time offset' parameter as deprecated.
- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are
affected by a cross-site scripting vulnerability; CVE-2011-2694; (bso#8289);
(bnc#708503).
- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are
affected by a cross-site request forgery; CVE-2011-2522; (bso#8290);
(bnc#705241).
- Fixed the DFS referral response for msdfs root; (bnc#703655).
- Fix CUPS print job IDs; (bso#7288); (bnc#701257).
- Make use of the actual library version as part of the package name on
post-11.3 systems only.
- Fix winbind internal error; (bso#7636); (bnc#659424).
- Improve ctdb vacuuming performance with use of SCHEDULE_FOR_DELETION;
(bnc#705170).
- Specify nmbdsocketdir at configure time; (bnc#700953).
- Build the tdb, talloc, and tevent libraries ahead of anything else.
- Update to 3.6.0rc2.
+ BUG 6911: Fix Kerberos authentication from Vista to Samba.
+ BUG 8166: Don't lockout users when offline.
+ BUG 8200: Add support for multiple writeable ldap idmap domains.
+ BUG 8148: Default to protocol version 2 for SMB Traffic Analyzer.
+ BUG 7054: Fix X account flag when "pwdlastset" is "0".
+ BUG 8144: Fix setting timestamp when touching files with CIFS clients.
+ BUG 8153: Fix setting up getaddrinfo on IPv6-only machines.
+ BUG 8156: Fix 'net ads join' using the user's Kerberos ticket.
+ BUG 8157: Fix parsing a cups printcap file.
+ BUG 8175: Fix smbd deadlock.
+ BUG 8189: Support shadow copy display over SMB2.
+ BUG 8197: Winbind does not properly detect when a DC connection is dead.
+ BUG 8203: Winbind needs to reset the DC connection if an RPC times out.
- Make cupsaddsmb fill printers location; (bso#8132); (bnc#698209).
- Add "winbind max clients" parameter to remove 200-client
limit; (bnc#697461).
- Disable logon cache for password lockout consistency when
running in a cluster; (bnc#694836).
- Fix logon of AD users with many group memberships; (bso#6911);
(bnc#657026).
- Don't lockout users while offline; (bso#8166); (bnc#692607).
- Update to 3.6.0rc1.
+ BUG 8111: CIFS VFS: Fix unexpected error on SMB posix open.
+ BUG 8112: POSIX extension opens of a directory are denied with EISDIR.
+ BUG 8132: Fix filling printers location field when using cups.
+ Remove fstrings from client struct.
+ BUGFIX when converting from safe_strcpy to strlcpy.
+ Fix off-by-one calculations with strlcpy.
+ Ensure we always write the correct incoming mid into the share mode table
entries.
+ Fix the SMB2 oplock showstopper.
+ Convert user-specified domain to uppercase in libsmb.
+ Fix Coverity CID #2302: FORWARD_NULL.
+ Fix cups_pull_comment_location().
+ Fix double free of cups request.
+ Make cups_pull_comment_location() work again.
+ Fix potential crash bug in display_print_driver3().
+ Properly clean up in pthreadpool_init in case of failure.
+ Make plaintext session setup async.
+ Reduce fd load in Winbind children.
+ Avoid a potential 100% CPU loop in Winbind.
+ Tune broadcast namequeries for unique names.
+ Properly deal with exited winbind children.
+ Fix dup_smb2_vec3.
+ Fix return check in nss_wins.
- Fix to renew the kerberos ticket in samba after expiry; (bnc#669949).
- Fix a 100% CPU loop when ctdbd dies during a traverse; (bnc#693945).
- Make dhcpcd hook BOOTPROTO check cover dhcp6 too; (bnc#691969).
- Handling of large (> 256 bytes) ntlmv2 blobs in winbind; (bnc#529946).
- Package static libraries with 0644 permissions.
- Add Requires libtalloc-devel to libldb-devel and libtevent-devel.
- Rename libldb0 to libldb1 as 1 is the current major version of the library.
- Add libldb1 and libtevent0 to baselibs.conf.
- Don't call the suse_update_config macro before building lib ldb and tevent.
- Update to 3.6.0pre3.
+ Listen on IPv6 addresses with IPV6_ONLY; (bso#7383).
+ Fix wrong output in 'smbget'; (bso#8066).
+ "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or
vfs_acl_tdb module; (bso#8083).
+ rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs are null;
(bso#8088).
+ setpwent() actually does endpwent() and vice versa on FreeBSD; (bso#8099).
+ Fix the build of 'smbget' on HP NonStop; (bso#8106).
+ Fix build of tdb2.
+ Correctly detect and deny symlinks anywhere in a path (not just the last
component) if "follow symlinks = no".
+ Fix timeout in rpc_pipe_open_tcp_port().
+ Fix the build of "--with-profiling-data".
+ Fix Coverity IDs 986, 1340, 2047, 2299, 2307, 2325, 2335, 2336, 2470,
2471, 2478.
+ nsswitch: Add 'wbinfo --lookup-sids'.
+ nsswitch: Add 'wbinfo --sids-to-unix-ids'.
+ Fix smbd with the async echo responder.
+ Fix the build of vfs_gpfs.c.
+ Add a 10-second timeout for the 445 or netbios connection to a DC.
+ Many pthreadpool fixes.
+ Fix transaction recovery area for converted tdbs.
- Add PreReq permissions to the krb-printing package.
- Remove _libdir ldb and tevent from file list.
- Explicitly state not to bundle talloc or tdb while ldb and tevent build.
- Always use the actual library version as part of the package name.
- Exclude shared python modules.
- Fix printing from Windows 7 clients; (bso#7567); (bnc#687535).
- Update pidl and always compile IDL at build time; (bnc#688810).
- Update to 3.6.0pre2.
+ ID Mapping changes.
+ Implement SMB2 support.
+ Add an Endpoint Mapper daemon.
+ Make "rlimit_max below minimum Windows limit" notification less scary;
(bso#6837).
+ Quota only shown when logged as root; (bso#7080).
+ Fix printing from Windows 7; (bso#7567).
+ Retry DNS updates when connection to one nameserver has failed; (bso#7690).
+ Unlink may unlink wrong file when hardlinks are involved; (bso#7863).
+ Fix 'nmbd --port'; (bso#7875).
+ cmd_spoolss_deletedriver() returned without checking all architectures;
(bso#7880).
+ Don't return "-1" on success in 'net rpc vampire keytab'; (bso#7899).
+ Fix cups pcap reload with no printers; (bso#7915).
+ Fix bug in chain_reply; (bso#7917).
+ Fix problems with "kernel oplocks" option set to "no"; (bso#7928).
+ Fall back for utimes calls; (bso#7940).
+ Catch lookup_names/sids schannel errors over ncacn_ip_tcp; (bso#7944).
+ Let winbind try to use samlogon validation level 6; (bso#7945).
+ Sgid bit lost on folder rename; (bso#7996).
+ Fix getting username in 'net rap session'; (bso#8009).
+ Fix inode generation so nautilus can count total dir size correctly;
(bso#8010).
+ Use jenkins hash for str_checksum; (bso#8010).
+ Add explicit configure option whether or not to enable dmapi support;
(bso#8033).
+ Fix smbclient segfault with Cyrillic netbios names; (bso#8040).
+ Fix file creation on OS/X; (bso#8042).
+ Add "--option" to 'testparm'.
+ Fix crash bug on smbd shutdown when using FOPENDIR().
+ Ensure we don't return an incorrect access mask.
+ Fix bug against the new Mac client.
+ Fix leak in error path.
+ Fix error where Windows client spoolss returns WERR_INVALID_DATA.
+ Fix a segfault in the krb5 locator plugin.
+ Enable sharesec for registry shares.
+ Fix memory leak in "security=share" and "force user".
+ Add "net idmap check", a check and repair tool for the
id mapping database.
+ Add new 'net idmap delete' command.
+ Fix segfault on missing input file in 'net idmap restore'.
+ Fix 'net usersidlist' not to skip every other user.
+ Fix potential crash bug in spoolss_PrinterEnumValues push path.
+ Internal restructuring.
+ Don't wipe out all printer drivers when only one should be deleted.
+ Fix winbindd_dual_pam_auth_samlogon() for NT4 domains.
+ Fix memory leak in print_cups.c.
+ Remove duplicate cups response processing code.
+ Follow force user/group for driver IO.
+ Initiate pcap reload from parent smbd.
+ Reload shares after pcap cache fill.
+ Fix numerous Coverity IDs (2041 and others).
+ Fix a memory leak in check_sam_security_info3.
+ Fix a segfault in the nss wrapper when libnss_winbind.so is not loadable.
+ Make "net sam list [users|workstations]" list only the right things.
+ Fix a potential memleak in secrets_fetch_trusted_domain_password.
+ Use the right credentials in check_netlogond_security.
+ Add support for AF_NETLINK addr notifications.
+ Fork multiple Winbind children per domain.
+ Fix a deadlock between smbd and ctdbd.
+ Add 'wbinfo --dc-info'.
+ Make "nmbd socket dir" configurable.
+ Fixed valgrind errors.
+ Fix a memleak in receive_getdc_response.
+ Don't grant SEC_STD_DELETE always to the owner of a file.
+ Fix segfaults on addrchange errors in Winbind.
+ Allow machine accounts as members in groupdb.
+ Add IPv6 support for the endpoint mapper.
+ Free unused memory in the rpc server.
+ Fix possible segfaults in svcctl server.
+ Fix possible segfault with client_id in rpc server.
+ Add a 'svcctl shutdown' function to rpc server.
+ Fix a resource leak in net_afs.
+ Fix a resource leak in smbta-util.
+ Fix possible resource leak in net_usershare.
+ Fix possible resource leak in 'smbget'.
+ Fix possible resource leak in 'smbfilter'.
+ Fix a possible null pointer dereference in smbd.
+ Ensure we send the direct levelII oplock break to the correct fid.
+ Fix private libdir and codepages paths.
- Add RFC 3454 to the vendor files.
- Fix idmap_tdb for big-endian systems such as ppc and s390;
(bso#6901); (bnc#675978).
- Fix smbclient -M NT_STATUS_PIPE_BROKEN failure; (bso#7635); (bnc#681913).
- Replace jobs by _smp_mflags macro while calling make on post-11.4 systems.
- Don't crash when publishing a single printer; (bnc#643119).
- Carry error status in printer list IPC message, do not refresh printers if
cups is unavailable; (bso#7994); (bnc#675478).
- Define the libwbclient packages ahead of packages with a different version.
- Use %_smp_mflags for parallel building.
- Update to 3.5.8.
+ Fix Winbind crash bug when no DC is available; (bso#7730).
+ Fix finding users on domain members; (bso#7743).
+ Fix memory leaks in Winbind; (bso#7879).
+ Fix printing with Windows 7 clients; (bso#7567).
+ Fix 'testparm' return code when EOF in encountered in param name;
(bso#3185).
+ Make "rlimit_max below minimum Windows limit" notification less scary;
(bso#6837).
+ Fix "Your Password expires today" message for users of trusted domains;
(bso#7066).
+ Fix maintaining of users' groups via UsrMgr; (bso#7262).
+ Fix 'net ads dns register' in Windows 2008 R2 domains; (bso#7356).
+ Raise debug level for "reduce_name: couldn't get realpath" messages;
(bso#7409).
+ Fix updating the time on close in vfs_gpfs; (bso#7498).
+ Fix "log=>ndr_pull_error" in 'wbinfo -u' and 'wbinfo -g'; (bso#7594).
+ Handle Windows 9x adddriver calls without config file; (bso#7641).
+ Fix scalability problem with hundreds of printers; (bso#7656).
+ Fix memory leak in the netapi routines; (bso#7665).
+ Store unmodified copies of security descriptors in acl_xattr and acl_tdb
modules; (bso#7716).
+ Fix incorrect unix mode_t caused by invalid client DOS attributes on
create; (bso#7733).
+ Apply appropriate create masks when creating files with "inherit ACLs" set
to true; (bso#7734).
+ Fix "dfree cache time" parameter; (bso#7744).
+ Fix a getgrent crash with many groups; (bso#7774).
+ Fix requesting lookups for BUILTIN sids; (bso#7777).
+ Fix smbd crash caused by expand_msdfs; (bso#7779).
+ Fix atime limit; (bso#7785).
+ vfs_scannedonly: Switch from mtime to ctime which is more reliable;
(bso#7789).
+ Fix copying files from a SMB share using Gnome vfs and SMB signing;
(bso#7791).
+ Make Winbind recover from a signing error; (bso#7800).
+ ACL inheritance cannot be disabled in vfs_acl_xattr/vfs_acl_tdb;
(bso#7812).
+ Fix "force group" with ntlmssp guest session setup; (bso#7817).
+ vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on;
(bso#7835).
+ Make WINBINDD_LOOKUPRIDS asking the right domain; (bso#7841).
+ Make WINBINDD_LOOKUPRIDS returning the domain name; (bso#7842).
+ Expand the local SAMs aliases; (bso#7843).
+ ntlm_auth: Support clients which offer a spnego mechs we don't support;
(bso#7855).
+ Fix 'net ads dns register' in cluster setups; (bso#7871).
+ Fix 'nmbd --port'; (bso#7875).
+ Make 'rpcclient deldriver' delete drivers for all architectures;
(bso#7880).
+ Fix flaky Winbind against Windows 2008; (bso#7881).
+ Fix SMB session setups with Kerberos against some closed source SMB
servers; (bso#7883).
+ Fix stale lock in open_file_fchmod(); (bso#7892).
+ Fix sporadic Winbind panic in rpc query_user_list; (bso#7894).
+ Don't set SAMR_FIELD_FULL_NAME if we just want to set the account name;
(bso#7896).
+ Don't return "-1" on success in 'net rpc vampire keytab'; (bso#7899).
+ Fix connections from WinCE; (bso#7917).
+ Fix opening MS Powerpoint files; (bso#7940).
+ Fix endless loops caused by inotify; (bso#7942).
+ Catch lookup_names/sids schannel errors over ncacn_ip_tcp; (bso#7944).
+ Let Winbind try to use samlogon validation level 6; (bso#7945).
+ Revalidate the pathname once re-constructed from a root fsp; (bso#7950).
- Require a particular library version even if the major version is part of
the package name. Using the same major version does not guarantee forward
compatibility.
- Fix a fd-leak in libwbclient at dlclose-time; (bso#7684); (bnc#668773).
- Update to 3.5.7
+ Protect against possible denial of service caused by memory corruption;
CVE-2011-0719; (bso#7949); (bnc#670431).
- Disable separate build of samba-doc for post-11.1 systems.
- Protect against possible denial of service caused by memory corruption;
CVE-2011-0719; (bso#7949); (bnc#670431).
- Increase the log level for missing PIDs on SIGCHLD, printcap child processes
are not added to the children PID list; (bnc#666460).
- Do not require a particular library version if the major version is part of
the package name.
- Use the actual version numbers of the ldb, talloc, tdb, and tevent libraries
on post-11.3 systems.
- Abide by print$ share 'force user' & 'force group' settings when handling
AddprinterDriver and DeletePrinterDriver requests; (bso#7921); (bnc#653353).
- Remove pcap_cache_loaded asserts from (re)load_printers. pcap_cache_loaded()
returns false if the pcap cache contains no printer entries. correct call
ordering is already enforced. (bso#7836); (bnc#625936).
- No longer force activation of the cifs service on post-11.3 systems.
- Add X-UnitedLinux-Default-Enabled to the cifs init script on pre-11.4
systems.
- Move the cifs init script nfs dependencies from Required to Should.
- Recommend to install samba-krb-printing from samba-winbind on post-10.3
systems; (bnc#661845).
- Fix error paths in cups_async_callback(), an empty cups printer list should
not be treated as an error; (bnc#661842).
- Abide by printcap cache time, reload parent smbd pcap cache on expiry;
(bso#7836); (bnc#625936).
- Fix race in cups async printer services reload; (bso#7836); (bnc#625936).
- Don't tweak with baselibs.conf during %post if not present; (bnc#652620).
- Don't make use of baselibs.conf on SUSE Linux Enterprise 10; (bnc#652620).
- Don't use --tmpdir as this option isn't known by mktemp of SUSE Linux
Enterprise 10; (bnc#652620).
- vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on;
(bso#7835).
- Replace Requires samba-client by samba-gplv3-client in the gplv3 packages;
(bnc#652620).
- Fix Dolphin SMB share IO with SMB signing enabled; (bso#7791); (bnc#656112).
- Add Conflicts to the samba-gplv3 main, client, doc, krb-printing, winbind,
client-gplv2, and doc-gplv2 packages; (bnc#652620).
- Add Provides samba-client-gplv2 and samba-doc-gplv2 to pre-3.2 versions;
(bnc#652620).
- Obsolete samba-client-gplv2 and samba-doc-gplv2; (bnc#652620).
- Remove Provides samba-client:/usr/sbin/winbindd from the samba-gplv3-winbind
package to avoide an accidental install trigger; (bnc#652620).
- Add Provides samba-client to the samba-gplv3-client package; (bnc#652620).
- Remove all Obsoletes from the samba-gplv3 packages and only keep the
Provides samba; (bnc#652620).
- Add fitting Conflicts to all samba-gplv3 packages; (bnc#652620).
- Reduce unnecessary ldap round trips and eliminate invalid DN
messages; (bnc#654719).
- Exclude cifs-mount and ldapsmb from the samba-gplv3 build of SUSE Linux
Enterprise 10 SP 3 and 4.
- Add the _build_arch at the end of the vendor version suffix.
- Provide and Obsolete samba-gplv3 to replace potentially installed packages.
- Change package base name to samba-gplv3 for SUSE Linux Enterprise 10 SP 4.
- Do not package libsmbclient and libsmbsharemodes.
- Update to 3.5.6
+ Fix auto printers with registry config; (bso#7280); (bnc#617153).
+ Fix SPNEGO auth when contacting Win7 system using Microsoft Live
Sign-in Assistant; (bso#7577).
+ Fix 'net idmap restore' setting HWM to avoid duplicates; (bso#7578).
+ Fix "admin users" when using vfs_acl_xattr; (bso#7581).
+ Fix using cached credentials in ntlm_auth; (bso#7589).
+ Fix Winbind offline login; (bso#7590).
+ Fix Winbind internal error; (bso#7636).
+ Fix mknod/mkfifo failing with "No such file or directory"; (bso#7651).
+ Fix smbd changing mode of files on rename; (bso#7693).
+ Fix crash bug with invalid SPNEGO token; (bso#7694).
+ Fix smbd panic on invalid NetBIOS session request; (bso#7698).
+ Fix smbd crash caused by "%D" in "printer admin"; (bso#7541).
+ Fix 'smbclient -M'; (bso#7635).
+ Fix scalability problem with hundreds of printers; (bso#7656).
+ Fix crash bug in rpcclient; (bso#7688).
+ Fix file corruption when setting Samba "write wache wize"; (bso#7715).
- Let startproc wait for nmb, smb and winbind pid files getting created on
post-11.1 systems; (bnc#520036).
- Include the reviewed french translation for pam_winbind; (bnc#499233).
- Fix smbd crash with CUPS printers and no [printers] share defined;
(bso#7297); (bnc#637755).
- Fix printing from 64-bit windows clients; (bso#6888); (bnc#640870).
- Fix baselibs.conf for libtalloc.
- Fix buffer overflow in sid_parse() to correctly check the input lengths when
reading a binary representation of a Windows Security ID (SID);
CVE-2010-3069; (bso#7669); (bnc#637218).
- Use cached ntlm password in libsmbclient. Prevent lockouts
when kerberos tickets are lost; (bnc#602418); (bnc#606304).
- Add a dependency on nfs to the smbfs/ cifs init scripts as they require the
en_US locale and /usr might be on NFS.
- Complete fix for trusts with Windows 2008R2 DCs.
- Fix authentication dialogs when connecting to older systems;
(bnc#632055).
- Adjust position of conditional ldapsmb %package and %files definition.
- Create the /var/run/samba directory on the fly and package it as %ghost.
- Fix preexec scripts; (bso#7104); (bnc#632852).
- Add missing netapi, smbclient, smbsharemodes, talloc, tevent, and wbclient
pkgconfig files and BuildRequire pkgconfig; (bnc#632770).
- BuildRequire python-devel for post-9.3 systems.
- Only create precompiled headers for post-10.2 systems.
- Remove mkinitrd scriptlets.
- Add vfs_crossrename man page.
- Call make basic and remove conditional proto target.
- Increase libtevent version to 0.9.9.
- Remove wbc_async header from the file list.
- Remove remaining cifs-mount pieces from the spec file.
- Fix printers not auto loading with registry config; (bso#7280);
(bnc#617153).
- Update to 3.6.0pre1.
+ SMB2 support is fully functional despite managing quota using the
Microsoft management tools.
+ Internal Winbind passdb changes to use samr and lsa rpc pipe to get local
user and group information.
+ The spoolss and the old RAP printing code have been completely overhauled
and refactored.
+ The SMB Traffic Analyzer (SMBTA) VFS module got added.
- Intilize workgroup of nmblookup as empty string.
- Fix net ads join when using parent domain users; (bso#6364);
(bnc#630812).
- cifs: do not restart during dhcp lease renewal when IPaddress remains
the same; (bnc#573246).
- Fix "Too many open files" when trying to access large number of files;
(bso#6837); (bnc#619787).
- Update to 3.5.4.
+ Fix smbd crash when sambaLMPassword and sambaNTPassword entries missing
from ldap (bug #7448).
+ Fix init_sam_from_ldap storing group in sid2uid cache (bug #7507).
+ Allow previous password to be stored and use it to check tickets;
(bso#7099).
+ Make ea data checks identical for trans2open and trans2mkdir; (bso#7188).
+ Fix editing users' groups via UsrMgr; (bso#7262).
+ Fix Winbind over IPv6; (bso#7341).
+ Samba sends "raw" inode number as uniqueid with unix extensions;
(bso#7410).
+ Fix printing large formats; (bso#7423).
+ Fix spnego returning incorrect mechListMIC string; (bso#7449).
+ Fix some crash bugs and missing error codes in AddDriver paths;
(bso#7459).
+ Fix crash bug in _samr_QueryUserInfo{2} level 18; (bso#7479).
+ Fix 'not a string literal' warning in netdomjoin-gui; (bso#7500).
+ Fix calculation of st_blocks in vfs_streams_xattr; (bso#7503).
+ Fix numerous build issues; (bso#7504).
+ Fix session setup from linux kernel cifs clients with "sec=ntlmv2";
(bso#7517).
- Remove all provides and obsoletes samba3 from the spec file. Packages with
this base name have not been offered as part of a product.
- Fix a NULL pointer dereference in smbd of the 3.4 code base;
CVE-2010-1635; (bso#7229); (bnc#605935).
- Address possible buffer overrun in chain_reply code of pre-3.4 versions;
CVE-2010-2063; (bso#7494); (bnc#611927).
- Update of the SMB Traffic Analyzer v2 VFS module
- Fix trusts with Windows 2008R2 DCs; (bnc#613459); (bnc#599873);
(bnc#592198); (bso#6697).
- Update to 3.5.3.
+ Fix MS-DFS functionality; (bso#7339).
+ Fix a Winbind crash when scanning trusts; (bso#7389).
+ Fix problems with SIGCHLD handling in Winbind; (bso#7317).
+ Add replacement for IPV6_V6ONLY on linux systems with broken headers;
(bso#7196).
+ Fix cups encryption setting; (bso#7263).
+ Fix exporting printers via 'cupsaddsmb' command; (bso#7277).
+ Fix SMB job IDs in CUPS job names; (bso#7288).
+ Fix segfault in mount.cifs; (bso#7315).
+ Make TIME_T_MAX defines consistent; (bso#7352).
+ Re-fix a bug with smbd serving a windows terminal server; (bso#7357).
+ Display an error on 'net conf import' failures; (bso#7378).
+ Fix bitmap leak in dptr_Close; (bso#7384).
+ Fix rename problems with full_audit VFS module; (bso#7398).
+ Fix setting of passwords via 'net rpc user password' command; (bso#7417).
+ Fix 'net rpc printer list' command; (bso#7418).
+ Rename mod_name to module_name; (bso#7421).
- Fix unnecessary traversing winbindd_cache.tdb in SIGHUP handler.
- Added EN ISO 216, A0 and A1 to builtin forms; (bso#7423).
- Winbind not working over IPv6; (bso#7341).
- Honor "interfaces" list in net ad dns register; (bnc#606947).
- Exclude the RPM release from the vendor tag for openSUSE Factory;
(bnc#604049).
- Enable the build of the idmap tdb2 module; (bnc#600822).
- BuildRequire keyutils-libs-devel for Fedora and post-RHEL4.
- BuildRequire pkg-config for post-10.2 systems and else pkgconfig.
- Add "net conf import" error messages; (bso#7378, bnc#598189).
- Define cups_lib_dir %{_prefix}/lib/cups for post-11.2 systems; (bnc#575544).
- Update to 3.5.2.
+ Fix smbd segfaults in _netr_SamLogon for clients sending null domain;
(bso#7237).
+ Fix smbd segfaults in "waiting for connections" message; (bso#7251).
+ Fix an uninitialized variable read in smbd; (bso#7254); (bnc#605935);
CVE-2010-1642.
+ Fix a memleak in Winbind; (bso#7278).
+ Fix Winbind reconnection to it's own domain; (bso#7295).
+ Fix segfault if hide files or veto files has no ".AppleDouble";
(bso#1206).
+ Fix parsing of the gecos field; (bso#5198).
+ Fix several printing issues; (bso#6727).
+ Fix valgrind warning; (bso#6814).
+ Fix race condition in mount.cifs that allows user to replace mountpoint
with a symlink; (bso#6853).
+ Fix bug in vfs_scannedonly rmdir implementation; (bso#7075).
+ Fix handling of bad server data returns in client rpc_transport;
(bso#7159).
+ Never mark external domains as internal in Winbind; (bso#7170).
+ Fix access by multi-threaded applications; (bso#7202).
+ Fix 'net share' command; (bso#7203).
+ Fix DN parsing name was always null; (bso#7204).
+ Signals are processed twice in child; (bso#7206).
+ Fix returning of group members with 'getent group'; (bso#7212).
+ Fix the build of net_afs.c with --fake-kaserver=yes; (bso#7216).
+ Make Winbind logs more verbose for troubleshooting; (bso#7225).
+ Fix a NULL pointer dereference in smbd; CVE-2010-1635; (bso#7229);
(bnc#605935).
+ Fix automatic building of vfs_tsmsm if gpfs and dmapi are present;
(bso#7231).
+ Fix race conditions in CTDB persistent transactions; (bso#7232).
+ Symlink delete fails but incorrectly reports success to client;
(bso#7234).
+ Fix "printer admin" functionality; (bso#7255).
+ Fix value-needed calculation in_spoolss_EnumPrinterData(); (bso#7256).
+ Fix _winreg_QueryValue crash bugs and implement Windows behavior;
(bso#7258).
+ Fix job management commands for CUPS queues; (bso#7269).
+ Fix smbd segfault if using vfs_acl_tdb; (bso#7283).
+ Fix core dump in 'ntlm_auth' with "gss-spnego" helper; (bso#7290).
+ Fix smbd crashes with CUPS printers and no [printers] share defined;
(bso#7297).
+ Fix DOS attribute inconsistency with MS Office; (bso#7310).
+ Many disconnecting clients render clustered Samba unusuable for some time;
(bso#7312).
+ Make 'net conf addshare' atomic; (bso#7313).
+ Eliminate race condition in creating/scanning sorted subkeys in the
registry backend; (bso#7314).
+ Winbind possibly segfaults when trying a trusted domain without inbound
trust; (bso#7316).
- Add SMB Traffic Analyzer v2 VFS module.
- Document "wide links" defaults to "no" in the smb.conf man page for versions
pre-3.4.6; (bnc#577868).
- Fix workgroup enumeration, for client printer and file share
selection; (bso#6880); (bnc#586215).
- Fix tdb validation for offline auth; (bnc#587014).
- Fix "printer admin" functionality; (bso#7255).
- An uninitialized variable read could cause an smbd crash; (bso#7254);
(bnc#605935); CVE-2010-1642.
- Ensure to have a valid talloc stackframe; (bso#7251).
- _netr_SamLogon segfaults for clients sending NULL domain; (bso#7237).
- Merge missing pam_winbind message translations; (bnc#499233).
- Remove cifs-mount subpackage for post-11.2 systems as the tools are now part
of the independent cifs-utils package.
- Fix join of Windows 2008 domains; (bnc#567013).
- Update to 3.5.1 and 3.4.7.
+ Fix security flaw on Linux platforms if built with libcap support allowing
file system access even when permissions should have denied it;
CVE-2010-0728; (bso#7222); (bnc#586683).
- Fixed libldb.so link in libldb-devel.
- Fix argc handling in net_share, making the command "net share"
work again; (bso#7203); (bnc#584253).
- Update to 3.5.0.
+ Fix duplicate sam and unix accounts; (bso#7145).
+ Keep the the correct negotiate_flags on the cli->dc structure; (bso#7160).
+ Avoid calling cli_alloc_mid twice in cli_smb_req_iov_send; (bso#7166).
+ Fix 'net ads dns' usage calls; (bso#7181).
+ Fix uninitialized variable in wkssvc_enumerateusers; (bso#7182).
- Update to 3.4.6.
+ Change parameter "wide links" to default to "no"; it's also incompatible
with "unix extensions"; (bso#7104); (bnc#577868).
+ Fix printing with 64 bit clients (bso#6888).
+ Fix core dump on 64 bit Linux (bso#7063).
+ Fix failing of smbd to respond to a read or a write caused by Linux
asynchronous IO (aio) (bso#7067).
+ Fix string buffer overflow causing heap corruption in smbd (bso#7096).
+ Fix bogus ip address in SWAT; (bso#5885).
+ Fix vfs_full_audit; (bso#6557).
+ Use the first "uid" value; (bso#6157).
+ Fix large paged search with DirX LDAP servers; (bso#6981).
+ Fix crash bug in 'cifs.upcall'; (bso#6868).
+ Add cross option to samba_cv_linux_getgrouplist_ok; (bso#7047).
+ Fix DFS on AIX (maybe others); (bso#7052).
+ Fix pdb_search crash as non-root user; (bso#7068).
+ Fix unlocking of accounts from ldap; (bso#7072).
+ Fix vfs_expand_msdfs; (bso#7081).
+ Fix results of 'smbclient -L' with a large browse list; (bso#7098).
+ Normalize "Changing password for" msg IDs and STRs; (bso#7102).
+ Fix malformed require_membership_of_sid; (bso#7106).
+ Fix reading of large browselist; (bso#7122).
+ "mangling method = hash" can crash storing a name containing a '.';
(bso#7154).
+ Valgrind Conditional jump or move depends on uninitialised value(s) error
when "mangling method = hash"; (bso#7155).
+ Fix listing of printjobs in Windows 7; (bso#7130).
+ Spoolss getprinterdriver2 level 101 marshalling is bad; (bso#7136).
+ Make idmap cache persistent for "ldapsam:trusted".
+ Also fill the memcache with sid<->id mappings in ldapsam_sid_to_id() not
only the persistent idmap cache.
+ Shortcut uid_to_sid when "ldapsam:trusted = yes".
+ Make pdb_copy_sam_account also copy the group sid.
+ Shortcut gid_to_sid when "ldapsam:trusted = yes".
+ Speed up pdb_get_group_sid().
+ Try to build the full unix_pw structure with ldapsam:trusted support.
+ Optimize ldapsam_alias_memberships() and cache ldap searches.
- Update to 3.5.0rc3.
+ Change parameter "wide links" to default to "no"; it's also incompatible
with "unix extensions"; (bso#7104); (bnc#577868).
+ Fix vfs_full_audit; (bso#6557).
+ Fix crash bug in 'cifs.upcall'; (bso#6868).
+ Fix duplicate initializer in the rmdir module; (bso#6876).
+ Fix printing with 64 bit clients; (bso#6888).
+ Add cross option to samba_cv_linux_getgrouplist_ok; (bso#7047).
+ Fix core dump on Ubuntu 8.04 64 bit; (bso#7063).
+ Fix failing of smbd to respond to a read or a write caused by Linux
asynchronous IO (aio); (bso#7067).
+ Fix 'smbget' error status; (bso#7069).
+ Fix build of 'smbfilter'; (bso#7071).
+ Fix unlocking of accounts from ldap; (bso#7072).
+ Cliconnect gets realm wrong with trusted domains; (bso#7079).
+ Fix vfs_expand_msdfs; (bso#7081).
+ Fix storing of create time on directories in an EA in new create time
code; (bso#7084).
+ Fix an early release of the global lock that can cause data corruption in
libtdb; (bso#7085).
+ Fix string buffer overflow causing heap corruption in smbd; (bso#7096).
+ Fix results of 'smbclient -L' with a large browse list; (bso#7098).
+ Normalize "Changing password for" msg IDs and STRs; (bso#7102).
+ Fix malformed require_membership_of_sid; (bso#7106).
+ Add pdb_ldap performance fixes; (bso#7116).
+ Change ldap filter to what really was intended; (bso#7116).
+ Add new "nmbd bind explicit broadcast" parameter; (bso#7118).
+ Fix nmbd problems with socket address; (bso#7118).
+ Support large browselist; (bso#7119).
+ Fix reading of large browselist; (bso#7122).
+ Fix listing of printjobs in Windows 7; (bso#7130).
+ Owner of file not available with Kerberos; (bso#7139).
+ Fix IPv4/IPv6 problems; (bso#7140).
+ Fix get_acl_blob in the acl_tdb VFS module; (bso#7148).
+ "mangling method = hash" can crash storing a name containing a '.';
(bso#7154).
+ Valgrind Conditional jump or move depends on uninitialised value(s) error
when "mangling method = hash"; (bso#7155).
+ Fix some wrong newlines in de translation strings.
- Take extra care that a mount point of mount.cifs isn't changed during mount
and don't allow it to be run as setuid root program; CVE-2010-0787;
(bso#6853); (bnc#550002).
- Check in mount.cifs for invalid characters in device name and mountpoint;
CVE-2010-0547; (brc#562156); (bnc#577925).
- Don't invalidate cache for uninitialized domains; (bnc#538923).
- Signals are processed twice in child; (bnc#538923).
- Allow forced pw change even with min pw age; (bnc#561894).
- Change parameter "wide links" to default to "no"; it's also incompatible
with "unix extensions"; CVE-2010-0926; (bso#7104); (bnc#577868).
- Fix enumerate domain local groups for primary domain; (bnc#573813).
- Fix malformed require_membership_of_sid; (bnc#525123); (bso#7106).
- Normalize "Changing password for" msg IDs and STRs; (bnc#499233).
- Build libtevent and libldb and put them into separate subpackages.
- Update to 3.5.0rc2.
+ The Using Samba HTML book has been removed.
+ 'net', 'smbclient' and libsmbclient can use logon credentials cached by
Winbind; (bso#7062).
+ New vfs_scannedonly module has been added; (bso#7028).
+ Check password history before increasing "badPasswordCount"; (bso#4347).
+ Fix changing of ACLs on writable file with "dos filemode=yes"; (bso#5202).
+ Restore Samba 3.0.x behavior and use the first "uid" value in pdb_ldap;
(bso#6157).
+ Fix deletion of an object whose parent folder does not have delete rights
fails even if the delete right is set on the object in vfs_acl_xattr and
vfs_acl_tdb; (bso#6876).
+ Fix large paged search with DirX LDAP servers; (bso#6981).
+ Fix a segfault in winbindd_dual_ccache_ntlm_auth(); (bso#7027).
+ Disable sanity check in NetShareEnum for better compatibility with
Windows; (bso#7029).
+ Fix SMBrmdir error message when deleting a directory fails; (bso#7033).
+ Fix segfault in vfs_cap; (bso#7034).
+ Fix 'net rpc getsid' in hardened Windows environments; (bso#7036).
+ Fix a Winbind segfault in "trusted_domains"; (bso#7037).
+ Complete and improve some German translation of 'net'; (bso#7039).
+ Fix compile error with WITH_DNS_UPDATE. Update .po files; (bso#7039).
+ Fix crash bug in libsmbclient; (bso#7043).
+ Fix bad (non memory copying) interfaces in smbc_setXXXX calls; (bso#7045).
+ Fix libsmbclient crash against OpenSolaris CIFS server; (bso#7046).
+ Lock down some srvsvc calls according to what w2k3 seems to do.
- Update to 3.4.5.
+ Fix memory leak in smbd (bug #7020).
+ Fix changing of ACLs on writable files with "dos filemode=yes"
(bug #5202).
+ BUG 6642: Fix opening the quota magic file.
+ BUG 6919: Fix remote quota management.
+ BUG 7034: Fix internal error caused by vfs_cap.
+ BUG 7036: Fix 'net rpc getsid' in hardened Windows environments.
+ BUG 7043: Fix crash bug in "SMBC_parse_path".
+ BUG 7045: Fix bad (non memory copying) interfaces in smbc_setXXXX calls.
+ BUG 7046: Fix a crash in libsmbclient used against the OpenSolaris CIFS
server.
- Free unused memory after a packet got processed; (bso#7020).
- Add timeout to rpc call to prevent infinite loop when network is
down; (bnc#538923).
- Update to 3.5.0rc1.
+ BUG 6837: Fix "Too many open files" when trying to access large number of
files with Windows 7; (bnc#619787).
+ BUG 6939: Fix long filenames when "mangling method" is set to "hash".
+ BUG 6991: Create symbol links to shared libraries.
+ BUG 6992: make test for getgrouplist cacheable.
+ BUG 7014: Fix Winbind crash when retrieving empty group members.
+ BUG 7020: Fix smbd using 2G memory.
+ Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned
attributes by protocol level.
+ Vector correctly through reply_openerror() (which uses the same logic).
+ Fix bugs with the full Windows ACL support.
+ Add a few missing gettext calls to the 'net' command.
+ Fix up a share type translation and translate some more strings in 'net'.
+ Allow to call "pdbedit -N description -u user" without specifiyng "-r".
+ Add spoolss_DriverInfo7.
+ Fix rpcclient after setprinter IDL fixes.
+ Use generated krb5.conf in 'net ads testjoin'.
+ Add some German translations for the 'net' command.
+ Update mount.cifs man page with nounix option.
+ Fix _samr_GetAliasMembership for results with 0 rids.
+ Fix an error case in cli_negprot.
+ Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc.
+ Restore correct timeouts for SMB requests.
+ Fix a 64-bit error in libsmb.
+ Replace IS_DOMAIN_OFFLINE by a function in Winbind.
+ Simplify/cleanup Winbind code.
+ Fix write behind memory block in libtalloc.
+ Fix result check for getaddrinfo().
+ Add tsocket_address_bsd_sockaddr() and tsocket_address_bsd_from_sockaddr()
to tsocket.
+ Always set tdb->tracefd to -1 to be safe on goto fail in libtdb.
+ Add TDB_DISALLOW_NESTING and make TDB_ALLOW_NESTING the default behavior.
+ Fix standalone 'make installdocs'.
+ Output %p as unsigned in snprintf replacement.
+ New attempt at TDB transaction nesting allow/disallow.
+ Remove swig stuff from libtdb.
+ Reset tdb->fd to -1 in tdb_close() in libtdb.
+ Change the way mksysms work in libtalloc.
+ Also build and install tdb manpages from standalone tdb.
+ Fix infinite loop in NCACN_IP_TCP as there is no timeout.
+ Make winbindd_cache.c aware of domain offline to avoid unnecessary backend
query.
+ List trusted domains from wcache when domain is offline.
- Update to 3.4.4.
+ Fix interdomain trust relationships with Win2008R2 (bug #6697).
+ Fix Winbind crashes when queried from nss (bug #6889).
+ Fix Winbind crash when retrieving empty group members (bug #7014).
+ Fix "UID range full" error in Winbind (bug #6901).
+ Fix multiple LDAP servers in "idmap backend" and "idmap alloc
backend" (bug #6910).
+ BUG 4832: Fix iconv checks.
+ BUG 6338: Do not always display "none" in 'net rpc trustdom list'.
+ BUG 6851: Add pdbedit --kickoff-time/-K to set the user's kickoff time.
+ BUG 6828: Fix infinite timeout when byte lock held outside of samba.
+ BUG 6837: Fix "Too many open files" message when trying to access a large
number of files with Windows 7; (bnc#619787).
+ BUG 6841: Fix "map acl inherit = yes".
+ BUG 6850: Fix shadow copy display on Windows 7.
+ BUG 6867: Fix listing of directories with a lot of files.
+ BUG 6868: Support building with Heimdal we well as with MIT.
+ BUG 6875: Fix DOS attributes on OS/2 clients.
+ BUG 6880: Fix listing of workgroup servers in libsmbclient.
+ BUG 6898: Samba duplicates file content on appending.
+ BUG 6918: Fix krb5 build problem on Ubuntu karmic.
+ BUG 6929: Fix build with recent heimdal.
+ BUG 6939: Fix long filenames with "mangling method = hash".
+ BUG 6967: Fix 'net ads join' with OU.
+ BUG 6981: Fix paged search with DirX LDAP server.
+ BUG 6982: Remove erroneous out of memory error path in lookup_sid.
+ BUG 6997: Fix _samr_GetAliasMembership for results with 0 rids.
+ BUG 7005: Fix "mangle method = hash" truncates files with dot "."
character.
+ Fix the build of the winbind krb5 locator plugin.
+ Fix enumprinter key client and server.
- Readjust the _libdir/cups/backend/smb sym link only on uninstall of the
samba-krb-printing package; (bnc#568603).
- Add BuildRequires to fam-devel; (bnc#564260).
- Prevent winbind crash; (bso#7014); (bnc#566119).
- Fix processing of open modes in POSIX open; (bnc#530683).
- Add baselibs.conf as a source.
- Update to 3.5.0pre2.
+ BUG 2350: Add LDAP Alias Dereferencing support.
+ BUG 6288: SWAT adds a second share when changing parameters of an existing
share.
+ BUG 6435: Fix minor memory corruption.
+ BUG 6710: Only install the cifs.upcall man page if CIFSUPCALL_PROGS was
set while configure.
+ BUG 6802: A created folder does not properly inherit permissions from
parent in vfs_acl_xattr.
+ BUG 6837: "Too many open files" when trying to access large number of
files from Windows 7; (bnc#619787).
+ BUG 6860: Fix shared library build on QNX.
+ BUG 6879: Fix crash in Winbind.
+ BUG 6929: Fix build with recent heimdal.
+ BUG 6938 : No hook exists to check creation rights when using acl_xattr
module.
+ BUG 6967: Prevent glibc error on 'net ads join'.
+ Fix vfs_acl_xattr which was failing to call the NEXT connect function.
+ Restructure the ACL code.
+ Refactor reply_rmdir to use handle based code.
+ Fix the build when no external talloc and tdb are installed.
+ Fix detection of CTDB headers on systems without system-libtalloc.
+ Fix several printing issues.
+ Fix the build on Mac OS X 10.6.2.
+ Fix net and rpcclient after setprinterdataex changes.
+ Add full support for level 8 printer drivers.
+ Add more spoolss architectures to IDL.
+ Fix enumprinter key client and server.
+ Fix crash in EnumPrinterDataEx.
+ Prefer posix_fallocate for doing "strict allocate".
+ Restore "fake directory create times" as a share parameter.
+ Fix explicit stat64 support.
+ Add support for NetWkstaGetInfo 101 and 102.
+ Add rpcclient wkssvc_enumerateusers.
+ De-deprecate "write cache size" to prevent its removal without a proper
alternative.
+ Allow more than 1000 users in BUILTIN\Users.
+ Complete support for NetWkstaGetInfo/NetWkstaEnumUsers.
+ Fix the build of the example VFS modules.
+ Fix crash in free_file_list().
+ Give the user a chance to change password when password will expire soon.
- Store the smbfs service state if enabled and restore it for cifs while
upgrade on post-11.2 systems.
- Prevent cifstab from being overwritten while upgrade on post-11.2 systems.
- Give the user a chance to change password when password will expire soon;
(FATE#302414).
- Rename smbfs init script to cifs for post-11.2 systems.
- Allow Windows 7 to connection to samba domain controllers and
member servers; (bnc#551811); (bso#6099); (bso#6100); (bso#6680).
- Error on joining windows domain (invalid pointer); (bso#6967);
(bnc#553622).
- Add PreReq /usr/sbin/groupadd to the winbind package; (bnc#559165).
- Simplify the winbind package %pre script and suppress stdout only.
- Update to 3.5.0pre1
+ Add support for full Windows timestamp resolution.
+ Experimental implementation of SMB2.
+ Add encryption support for connections to a CUPS server.
+ Major windbind asynchronous refactoring.
- Remove using_samba from the doc package.
- Increase major version of libtalloc to 2.
- Fix kerberos refresh chain; (bnc#546162); (bso#6872).
- Hardlink duplicate files on post-11.1 systems.
- Add BuildArch noarch to samba-doc on post-11.1 systems.
- Use full 16byte session key in make_user_info_netlogon_interactive();
(bnc#551811).
- Update to 3.4.3.
+ Fix trust relationships to windows 2008 (2008 r2) (bug #6711).
+ Fix file corruption using smbclient with NT4 server (bug #6606).
+ Fix Windows 7 share access (which defaults to NTLMv2) (bug #6680).
+ BUG 4675: mount.cifs: Do not attempt to update /etc/mtab if it is a
symbolic link.
+ BUG 6529: Offline files conflict with Vista and Office 2003.
+ BUG 6532: Fix domain enumeration if master browser has space in name.
+ BUG 6606: Fix file corruption using smbclient with NT4 server.
+ BUG 6690: Fix wrong error check in profile.
+ BUG 6703: Allow smbstatus as non-root.
+ BUG 6704: Fix syntax error in avahi configure test.
+ BUG 6707: Fix an occasional segfault in config file parsing.
+ BUG 6710: Adjust regex to match variable names including underscores.
+ BUG 6711: Fix trust relationships to windows 2008 (2008 r2).
+ BUG 6726: SIVAL should have been an SVAL.
+ BUG 6728: BSD needs sys/sysctl.h included to build properly.
+ BUG 6731: Fix reading beyond the end of a named stream in xattr_streams.
+ BUG 6735: Don't overwrite password in pam_winbind, subsequent pam modules
might use the old password and new password.
+ BUG 6764: Fix timeval calculation.
+ BUG 6765: Add a "hidden" parameter "share:fake_fscaps".
+ BUG 6769: Fix symlink unlink.
+ BUG 6772: Allow outstanding_aio_calls to be decremented.
+ BUG 6774: smbd crashes if "aio write behind" is set.
+ BUG 6776: Fix core dump caused by running overlapping Byte Lock test.
+ BUG 6781: Fix renaming subfolders in Explorer view.
+ BUG 6791: Fix linking order in cifs.upcall.
+ BUG 6793: Fix Winbind crash with "INTERNAL ERROR: Signal 6".
+ BUG 6793: Fix segfault in winbindd_pam_auth.
+ BUG 6796: Deleting an event context on shutdown can cause smbd to crash.
+ BUG 6797: Fix a memleak in libwbclient.
+ BUG 6804: Fix hpux compiler issue.
+ BUG 6805: Correctly handle aio_error() and errno.
+ BUG 6807: Fix a segfault in "net rpc trustdom list" for long domain names.
+ BUG 6810: Add support for finding alternate credcaches to cifs.upcall.
+ BUG 6811: Fix reference to freed memory in pam_winbind.
+ BUG 6815: Fix Windows 2008 R2 SPNEGO negTokenTarg parsing failure.
+ BUG 6824: Fix avahi activation.
+ BUG 6826: Don't fail authentication when one or some group of
require-membership-of is invalid.
+ BUG 6828: Fix infinite timeout when byte lock held outside of Samba.
+ BUG 6829: Fix displaying of multibyte characters in smbclient.
+ BUG 6840: Fix crash in pam_winbind.
+ Fix an uninitialized variable.
+ Only ever handle one event after a select call.
+ Conditional install of the cifs.upcall man page.
+ Fix warning occuring when building the manpages.
- Let smbclient show special characters properly; (bso#6829); (bnc#544204).
- Don't fail authentication when one or some group of require-membership-of
is invalid; (bnc#525123); (bso#6826).
- Allow winbind to ignore certain domains; (bnc#539506).
- Update to 3.4.2.
+ Fix unresolved home path; CVE-2009-2813; (bso#6763); (bnc#539517).
+ Fix potential denial of service; CVE-2009-2906; (bso#6768); (bnc#543115).
+ Fix potential mount.cifs password leaks; CVE-2009-2948; (bnc#542150).
- Fix potential denial of service; CVE-2009-2906; (bnc#543115).
- Fix potential mount.cifs password leaks; CVE-2009-2948; (bnc#542150).
- Fix unresolved home path; CVE-2009-2813; (bnc#539517).
- Don't overwrite password in pam_winbind; (bnc#515444).
- mods for winbind (when used with squid - ntlm_auth)
o winbind adds group 'winbind'
o permission 0750,root,winbind LOCKDIR/winbindd_privileged
- Merge two fixes from 3.2.8 and 3.3.1.
+ Adjust regex to match variable names including underscores.
+ Conditional install of the cifs.upcall man page.
- Remove supplements from baselibs.conf while %clean for pre-11.1 systems;
(bnc#520579).
- Update to 3.4.1.
+ Fix authentication on member servers without Winbind (bug #6650).
+ Nautilus fails to copy files from an SMB share (bug #6649).
+ Fix connections of Win98 clients (bug #6551).
+ Fix interdomain trusts with Windows 2008 R2 DCs (bug #6697).
+ Fix Winbind authentication issue (bug #6646).
+ BUG 5879: Update LDAP schema for Netscape DS 5.
+ BUG 5886: Fix password change propagation with ldapsam.
+ BUG 6105: Make linking of cifs.upcall and rpcclient --as-needed safe.
+ BUG 6222: Default to DRSUAPI replication for net rpc vampire keytab.
+ BUG 6437: Make open_udp_socket() IPv6 clean.
+ BUG 6496: MS-DFS cannot follow multibyte char link name in libsmbclient.
+ BUG 6506: Smbd server doesn't set EAs when a file is overwritten in
NT_TRANSACT_CREATE.
+ BUG 6532: Fix the build with external talloc.
+ BUG 6538: Cancel all locks that are made before the first failure.
+ BUG 6560: Fix lookupname.
+ BUG 6564: SetPrinter fails (panics) as non root.
+ BUG 6568: Fix _spoolss_GetPrintProcessorDirectory() implementation.
+ BUG 6585: Fix unqualified "net join".
+ BUG 6593: Correctly implement SMB_INFO_STANDARD setfileinfo.
+ BUG 6601: Avoid global fd limits.
+ BUG 6607: Fix crash bug in spoolss_addprinterex_level_2.
+ BUG 6611: Fix a valgrind error in chain_reply.
+ BUG 6615: Fix browsing of DFS when using kerberos in libsmbclient.
+ BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds.
+ BUG 6650: Fix authentication on member servers without Winbind.
+ BUG 6651: Fix smbd SIGSEGV when breaking oplocks.
+ BUG 6655: Fix 'smbcontrol smbd ping'.
+ BUG 6620: Fix a bug in renames of directories.
+ BUG 6664: Fix truncation of the session key.
+ BUG 6673: Fix 'smbpasswd' with "unix password sync = yes".
+ BUG 6680: Fix authentication failure from Windows 7 when domain joined.
+ BUG 6688: Fix crash in 'net usershare list'.
+ BUG 6693: Check we read off the complete event from inotify.
+ BUG 6700: Use dns domain name when needing to guess server principal.
- Update to 3.2.14.
+ Fix SAMR access checks (e.g. bugs #6089 and #6112).
+ Fix 'force user' (bug #6291).
+ Improve Win7 support (bug #6099).
+ Fix posix ACLs when setting an ACL without explicit ACE for the
owner (bug #2346).
+ BUG 6387: Fix Winbind crash when multiple IDmappings exist in the
LDAP directory.
+ BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache().
+ BUG 6089: Fix SAMR access checks.
+ BUG 6112: Fix SAMR access checks.
+ BUG 6279: Fix Winbind crash.
+ BUG 6291: Fix 'force user'.
+ BUG 6099: Try to fix domain join of Win7 Beta.
+ BUG 6386: Groupdb mapping fix.
+ BUG 6421: Fix POSIX read-only open on read-only shares.
+ BUG 6476: Fix more smbd-zombies in memory.
+ BUG 6488: acl_group_override() call in posix acls references an
uninitialized variable.
+ BUG 6504: Fix SAMR server for Winbind access.
+ BUG 6520: Fix time stamps.
+ BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit.
+ BUG 6340: Don't segfault when cleartext trustdom pwd could not be
retrieved.
+ BUG 6372: Fix usermanager only displaying 1024 groups and aliases.
+ BUG 6465: Fix enum_aliasmem in ldb branch.
+ BUG 6484: Fix searching for users while adding them to groups via
Windows usermanager.
+ BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the
owner.
+ BUG 6526: Let parent_dirname() correctly return toplevel filenames.
+ BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds.
+ BUG 5798: Preserve CFLAGS info in configure.
+ BUG 6382: Case insensitive access to DFS links broken.
+ BUG 6481: Don't require "Modify property" perms to unjoin.
+ BUG 6628: 'smbpasswd -a' uses algorithmic rid base with
'passdb backend = tdbsam'.
+ BUG 6560: Lookupname failed, cannot find domain when attempt to change
password.
+ Prevent creation of keys containing the '/' character.
+ Fix join of Windows 7 RC to a Samba3 DC.
+ Fix bug in processing of open modes in POSIX open.
+ Fix the negotiate flags.
+ Protect netlogon_creds_server_step() against NULL creds.
+ Also handle DirX return codes.
+ Fix a crash bug if we timeout in net rpc trustdom list.
+ Add '--request-timeout' option to 'net'.
+ Fix a race condition in Winbind leading to a panic.
+ Add workaround for MS KB932762.
+ 5945: Fix out of memory error with Winbind idmap.
+ Avoid duplicate ACEs.
+ Fix profile ACLs in some corner cases.
+ Zero an uninitialized array.
- Unable to browse DFS when using kerberos in libsmbclient; (bnc#528271);
(bso#6615).
- check in .po files for pam_winbind; (bnc#499233); (bso#6602).
- Add ntp and network-remotefs as Should-Start dependency to the winbind init
script; (bnc#515629).
- Update to 3.0.36.
+ Fix Winbind crash on 'getent group' (bug #5906).
+ Excel save operation corrupts file ACLs (bug #4308).
+ Prevent segmentation fault on joining a very long domain name.
+ BUG 4308: Excel save operation corrupts file ACLs.
+ BUG 4370: Clean-up entries in /etc/mtab after unmount.
+ BUG 4640: Fix guest mounts in mount-cifs.
+ BUG 5906: Fix Winbind crash on 'getent group'.
+ BUG 6066: netinet/ip.h present but cannot be compiled on Solaris.
+ BUG 6099: In order to allow Win7 to connect to a Samba NT style.
+ BUG 6279: Fix Winbind crash.
PDC we set the flags before we know if it's an error or not.
+ BUG 6085: Fix build of vfs_default.
+ BUG 6098: When the DNS server is invalid, the ads_find_dc() does not work
correctly.
+ Fix logic error in try_chown.
+ Correctly use chroot().
+ Fix bug in processing of open modes in POSIX open.
+ Don't install the cifs.upcall binary twice.
+ Fix mount.cifs handling of -V option.
+ Prevent segmentation fault on joining a very long domain name.
+ Don't try and delete a default ACL from a file.
+ Add workaround for MS KB932762.
+ Add fakemount (-f) and nomtab (-n) flags to mount.cifs.
+ Fix a crash during name resolution when log level >= 10
and libc segfaults if printf is passed NULL for a "%s" arg.
- Use a conditional suse_version macro in front of the SUSE_ASNEEDED export.
- lookupname failed, cannot find domain when attempt to change password;
(bnc#520645); (bso#6560).
- Don't link with --as-needed flag on post-11.1 systems.
- Stop the smbfs service if an interface goes down; (bnc#517768).
- Disable build of static libraries on post-11.1 systems; (bnc#509945).
- Fix missing zlibs for cifs.upcall and test_shlibs.
- Update to 3.4.0.
+ BUG 6431: Local groups from 3.0 setups no longer found.
+ BUG 6459: Fix build of pam_smbpass on some distributions.
+ BUG 6481: 'net ads leave' needs to try account deletion, NetUnjoinDomain
not.
+ BUG 6497: Fix calling of 'test' in configure.
+ BUG 6498: Add workaround for MS KB932762.
+ BUG 6499: Fix building of pam_smbpass.
+ BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache().
+ BUG 6512: Fix support for enumerating user forms.
+ BUG 6514: Improve error message in 'net' when smb.conf is not available.
+ BUG 6520: Fix time stamps when "unix extensions = yes".
+ BUG 6521: Fix building tevent_ntstatus without config.h.
+ BUG 6526: Fix notifies in the share root directory.
+ BUG 6531: Fix pid file name.
- Package /etc/samba/smbpasswd as %ghost on post-11.1 systems.
- Fix net ads leave; (bnc#511695).
- Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164).
- Supplement glibc-32bit/glibc-64bit in baselibs.conf (bnc#354164).
- Update to 3.2.13, 3.3.6.
+ In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with
file names treat user input as a format string to asprintf. With a
maliciously crafted file name smbclient can be made to execute code
triggered by the server; CVE-2009-1886; (bnc#513360); (bso#6478).
- Update to 3.0.35.
+ In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
data value can potentially affect access control when "dos filemode"
is set to "yes"; CVE-2009-1888; (bnc#515479).
- Uninitialized read of a data value; CVE-2009-1888 (bnc#515479).
- Update to 3.4.0rc1.
+ BUG 4699: Remove pidfile on clean shutdown.
+ BUG 5456: Fix "net ads testjoin".
+ BUG 6081: Make it possible to change machine account sids.
+ BUG 6253: Use correct value for password expiry calculation in
pam_winbind.
+ BUG 6297: Owner of sticky directory cannot delete files created by others.
+ BUG 6305: Correctly prompt for a password when a username was given.
+ BUG 6328: Add support for multiple rights to
"net sam rights grant/revoke".
+ BUG 6333: Consolidate create/delete account paths in pdbedit.
+ BUG 6449: 'net rap user add' crashes without -C option.
+ BUG 6451: net/libnetapi user rename using wrong access bits.
+ BUG 6458: Fix uninitialized variable in local_password_change().
+ BUG 6465: Fix enumeration of empty aliases.
+ BUG 6476: Fix smbd-zombies in memory when using [x]inetd.
+ BUG 6487: Add missing DFS call in trans2 mkdir call.
+ BUG 6488: acl_group_override() call in posix acls references an
uninitialized variable.
+ Improve pam_winbind documentation.
- Install a vendor copy of samba-common.dhcp as dhcpcd-hook-samba-functions.
- Samba 3.2.0 - 3.2.12 smbclient commands dealing with file names treat user
input as a format string to asprintf; CVE-2009-1886; (bnc#513360).
- Fix a bad memleak in vfs_full_audit; (bnc#510035).
- Update to 3.3.5.
+ Fix SAMR and LSA checks (bug #6089, #6289)
+ Fix posix acls when setting an ACL without explicit ACE for the
owner (bug #2346).
+ Fix joining of Win7 into Samba domain (bug #6099).
+ Fix joining of Win2000 SP4 clients (bug #6301).
+ BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the
owner.
+ BUG 5832: Fix build on RHEL when ccache is not available.
+ BUG 5853: Add keyutils-devel to build requires to fix build on RHEL.
+ BUG 5897: Fix shutdown script example in the smb.conf manpage.
+ BUG 6089: Revert the extra SAMR and LSA checks.
+ BUG 6099: Fix joining of Win7 into Samba domain.
+ BUG 6157: Fix handling of multi-value attribute "uid".
+ BUG 6289: Revert the extra SAMR and LSA checks.
+ BUG 6297: Owner of sticky directory cannot delete files created by others.
+ BUG 6301: Fix joining of Win2000 SP4 clients.
+ BUG 6309: Support remote unjoining of Windows 2003 or greater.
+ BUG 6315: smbd crashes doing vfs_full_audit on IPC$ close event.
+ BUG 6320: Handle registry config source in file_list.
+ BUG 6330: Fix DFS on AIX.
+ BUG 6336: Fix 'net groupmap set' segfault.
+ BUG 6361: Make --rcfile work in smbget.
+ BUG 6365: Re-Add the "dropbox" functionality with -wx rights on a
directory.
+ BUG 6372: Fix usermanager only displaying 1024 groups and aliases.
+ BUG 6382: Fix case insensitive access to DFS links.
+ BUG 6415: Filter out of range mappings in default idmap config in
idmap_tdb.
+ BUG 6416: Filter out of range mappings in default idmap config in
idmap_tdb2.
+ BUG 6417: Filter out of range mappings in default idmap config in
idmap_ldap.
+ BUG 6441: Fix the compile with --enable-dnssd.
+ BUG 6449: 'net rap user add' crashes without -C option.
+ BUG 6465: Fix enumeration of empty aliases (ldb backend).
+ Prevent infinite include nesting.
+ Mark registry shares without path unavailable.
+ Also handle DirX return codes.
+ Fix Coverity ID 897.
+ Do not crash in ctdbd_traverse if ctdbd is not around.
+ Fix a race condition in winbind leading to a panic.
+ Some man pam_winbind improvements.
+ Zero an uninitialized array.
- Update to 3.2.12.
+ Fix SAMR and LSA checks (bug #6089, #6289)
+ Fix posix acls when setting an ACL without explicit ACE for the
owner (bug #2346).
+ Fix "force user" (bug #6291).
+ Fix Winbind crash (bug #6279).
+ Fix joining of Win7 into Samba domain (bug #6099).
+ BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the
owner.
+ BUG 5798: CFLAGS info lost in configure.
+ BUG 5832: Fix build on RHEL when ccache is not available.
+ BUG 5835: Add keyutils-devel to build requires.
+ BUG 5945: Fix out of memory error with Winbind idmap.
+ BUG 6089: Revert the extra SAMR and LSA checks.
+ BUG 6099: Fix joining of Win7 into Samba domain.
+ BUG 6279: Fix Winbind crash.
+ BUG 6289: Revert the extra SAMR and LSA checks.
+ BUG 6291: Fix "force user".
+ BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit.
+ BUG 6372: Fix usermanager only displaying 1024 groups and aliases.
+ BUG 6386: Groupdb mapping fix.
+ BUG 6382: Fix case insensitive access to DFS links.
+ BUG 6465: Fix enumeration of empty aliases (ldb backend).
+ Prevent creation of keys containing the '/' character.
+ Fix bug in processing of open modes in POSIX open.
+ Protect netlogon_creds_server_step() against NULL creds.
+ Also handle DirX return codes.
+ Fix a race condition in winbind leading to a panic.
+ Fix a crash bug if we timeout in net rpc trustdom list.
+ Fix profile acls in some corner cases.
- Default with passdb backend to smbpasswd for SUSE products older than 11.2.
- Explicitly use 'tdbsam' as passdb backend in the default smb.conf file.
- Update to 3.4.0pre2.
+ The default passdb backend has been changed to 'tdbsam'!
+ Samba4 and Samba3 sources are included in the tarball.
+ Changed the way smbd handles untrusted domain names given during user
authentication.
+ Various fixes including printer change notificiation for Samba spoolss
print servers.
+ The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog
and spoolss) were replaced by autogenerated code based on PIDL.
+ Samba3 and Samba4 do now share a common tevent library.
+ The code has been cleaned up and the major basic interfaces are shared
with Samba4 now.
+ An asynchronous API has been added.
+ Made parameter syntax of the net command more consistent.
+ BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the
owner.
+ BUG 4271: testparm should not print includes.
+ BUG 4831: Don't call openlog() or closelog() from pam_smbpass.
+ BUG 5681: Do not limit the number of network interfaces.
+ BUG 5859: Fix renaming of samr objects failed due to samr setuserinfo
access checks.
+ BUG 6099: Fix NETLOGON credential chain.
+ BUG 6136: New AFS syscall conventions.
+ BUG 6157: Fix handling of multi-value attribute "uid".
+ BUG 6253: Use correct value for password expiry calculation.
+ BUG 6291: Fix 'force user'.
+ BUG 6292: Update config.guess from gnu.org.
+ BUG 6302: Give the VFS a chance to read from 0-byte files.
+ BUG 6309: Support remote unjoining of Windows 2003 or greater.
+ BUG 6313: ldapsam_update_sam_account() crashes while doing talloc_free on
malloced memory.
+ BUG 6315: Fix smbd crashes when doing vfs_full_audit on IPC$ close event.
+ BUG 6320: Handle registry config source in file_list.
+ BUG 6330: Fix DFS on AIX.
+ BUG 6336: Fix segfault in 'net groupmap set'.
+ BUG 6340: Don't segfault when cleartext trustdom pwd could not be
retrieved.
+ BUG 6357: Use Samba default command line arguments in 'net'.
+ BUG 6359: smbclient -L does not list workgroup for hosts with both IPv4
and IPv6 addresses
+ BUG 6361: Make --rcfile work in smbget.
+ BUG 6371: Unsuccessful 'net conf setparm' leaves empty share.
+ BUG 6372: usermanager only displaying 1024 groups and aliases.
+ BUG 6387: Fix a crash bug in idmap_ldap_unixids_to_sids.
+ BUG 6415: Filter out of range mappings in default idmap config
(idmap_tdb).
+ BUG 6416: Filter out of range mappings in default idmap config
(idmap_tdb2).
+ BUG 6417: Filter out of range mappings in default idmap config
(idmap_ldap).
+ Change the way smbd handles untrusted domain names given during user
authentication.
+ Replace the hand-marshalled DCE/RPC services ntsvcs, svcctl, eventlog and
spoolss by autogenerated code based on PIDL.
+ Fix several printing issues and improve support for printer change
notificiations.
+ Add 'net eventlog'.
+ Add asynchronous API.
+ Make Samba3 and Samba4 share a tevent library.
+ Add two new parameters to control how we verify kerberos tickets.
+ Add 'net rpc service' subcommands 'create' and 'delete'.
+ Fix the core of the SAMR access functions.
+ Fix SAMR server for winbindd access.
+ Add dbwrap_tool - a tdb tool that is CTDB-aware.
+ Hide "config backend" from swat.
+ Fix linking with --disable-shared-libs.
+ Fix issue with missing entries when enumerating directories.
+ Map NULL domains to our global sam name.
+ Fix driver upload for Xerox 4110 PS printer driver.
+ Add "net dom renamecomputer" to rename machines in a domain.
+ Inspect the correct computername string before enabling/disabling the
change button in netdomjoin-gui.
+ Fix join prompt dialog test in netdomjoin-gui.
+ Only gray out labels when not root and not connecting to remote
machines (netdomjoin-gui).
+ Allow to switch between workgroups/domains with the same name
(netdomjoin-gui).
+ Add NetShutdownInit and NetShutdownAbort.
+ Fix samr access checks.
+ Add a security model to LSA.
+ Also handle DirX return codes.
+ Do not crash in ctdbd_traverse if ctdbd is not around.
+ Fix Coverity ID 897.
+ Fix a race condition in vfs_aio_fork with gpfs share modes.
+ Fix bug disclosed by lock8 torture test.
+ Fix a race condition in winbind leading to a panic.
+ Detect tight loop in tdb_find().
+ Fix chained sesssetupAndX/tconn messages.
+ Fix strict locking with chained reads.
+ Fix two bugs in sendfile.
+ Fix memory leak.
+ Fix file descriptor leak.
+ Fallback to the legacy sid_to_(uid|gid) instead of returning NULL.
+ Always allocate memory in dptr_ReadDirName.
+ Fix 'net' crash during domain join.
+ Zero an uninitialized array.
+ Allow child processes to exit gracefully if we are out of fds.
- Enable cifs.upcall on versions newer than SUSE 10.0.
- Add BuildRequires to keyutils-devel.
- Remove redundant Requires to keyutils-libs for cifs-mount.
- Detect tight loop in tdb_find(); (bnc#450974).
- Fix lp printing with kerberos; (bnc#476913).
- Add BuildRequires to ctdb-devel for systems newer than SUSE 10.0 and all
other build targets.
- Update to 3.4.0pre1.
+ Samba4 and Samba3 sources are included in the tarball
+ Changed the way smbd handles untrusted domain names given during user
authentication.
+ Various fixes including printer change notificiation for Samba spoolss
print servers.
+ The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog
and spoolss) were replaced by autogenerated code based on PIDL.
+ Samba3 and Samba4 do now share a common tevent library.
+ The code has been cleaned up and the major basic interfaces are shared
with Samba4 now.
+ An asynchronous API has been added.
+ Change the way smbd handles untrusted domain names given during user
authentication.
+ Replace the hand-marshalled DCE/RPC services ntsvcs, svcctl, eventlog and
spoolss by autogenerated code based on PIDL.
+ Fix several printing issues and improve support for printer change
notificiations.
+ Add 'net eventlog'.
+ Add asynchronous API.
+ Make Samba3 and Samba4 share a tevent library.
+ Add two new parameters to control how we verify kerberos tickets.
+ Add 'net rpc service' subcommands 'create' and 'delete'.
+ Make merged build possible.
+ Move common libraries to the shared lib/ directory.
- Update to 3.3.4.
+ Fix domain logins for WinXP clients pre SP3 (bug #6263).
+ Fix samr_OpenDomain access checks (bug #6089).
+ Fix usrmgr.exe creating a user (bug #6243).
+ BUG 6089: Fix samr_OpenDomain access checks.
+ BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with
"msdfs root" set to "yes".
+ BUG 6279: Fix Winbind crash.
+ BUG 5329: Add "net rpc service delete/create".
+ BUG 6238: Make sure wbcLogoffUserParams are properly initialized before
freed.
+ BUG 6263: Fix domain logins for WinXP clients pre SP3.
+ BUG 6286: Call init function for builtin idmap modules before probing for
them as shared modules.
+ BUG 6243: Fix usrmgr.exe creating a user.
+ net conf: Save share name as given, not as lower case only.
+ Prevent creation of registry keys containing the '/' character.
+ Allow pdbedit to change a user rid/sid.
+ When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid.
+ Don't access a freed structure when logging off and re-using a vuid.
+ Try to to fix password_expired flag handling.
+ Make sure to grey out change fields in the netdomjoin-gui when not
running as root.
+ Don't look up local user for remote changes, even when root.
+ Use procid_str in debug messages for better cluster-debuggability.
+ Use cluster-aware procid_is_me instead of comparing pids.
+ Fix smbd crash for close_on_completion.
+ Fix a memleak in an unlikely error path in change_notify_create().
+ Do not use the file system GET_REAL_FILENAME for mangled names.
+ Fix a crash bug if we timeout in net rpc trustdom list.
+ Add '--request-timeout' option to net.
+ In net_conf_import, start a transaction when importing a single share.
+ Fix writing of roaming profiles with "profile acls" set to "yes".
- Update to 3.2.11.
+ Fix domain logins for WinXP clients pre SP3 (bug #6263).
+ Fix samr_OpenDomain access checks (bug #6089).
+ Fix smbd crash for close_on_completion.
+ BUG 6089: Fix samr_OpenDomain access checks.
+ BUG 6205: Correct sample smb.conf share configuration.
+ BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with
"msdfs root" set to "yes".
+ BUG 6263: Fix domain logins for WinXP clients pre SP3.
+ Allow pdbedit to change a user rid/sid.
+ When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid.
+ Fix resume command typo for "printing = vlp".
+ Fix smbd crash for close_on_completion.
+ Fix a memleak in an unlikely error path in change_notify_create().
+ Don't look up local user for remote changes, even when root.
- Don't lookup local user for remote password changes; (bnc#493507).
- Update to 3.3.3.
+ Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb
correctly (bug #6195).
+ Fix serving of files with colons to CIFS/VFS client (bug #6196).
+ Fix "map readonly" (bug #6186).
+ BUG 6195: Don't let smbd child processes panic.
+ Add backend_requires_messaging() method to libsmbconf.
+ Add methods is_writeable() and wrapper smbconf_is_writeable() to libsmbconf.
+ Fall back to file backend when no valid backend was found.
+ Fix a memleak in dbwrap_rbt.
+ Provide transaction_start|commit|cancel fns for the registry tdb.
+ Speed up "net conf drop".
+ Speed up "net conf import".
+ Add transactions to the libsmbconf API.
+ Reduce memory usage of "net conf import".
+ Registry cleanup.
+ Fix handling of SAMBA_VERSION_VENDOR_PATCH.
+ Fix build of pam_winbind.so with static linking.
+ Tidy up some convert_string_internal error cases.
+ BUG 6224: nmbd waits 5 minutes at startup before checking if it needs to
run elections.
+ Allow DFS client paths to work when POSIX pathnames have been selected.
+ Try and fix the build farm RAW-STREAMS errors.
+ Ensure files starting with multiple dots are hidden.
+ BUG 6102: NetQueryDisplayInformation could return wrong information.
+ BUG 6193: Avoid messing with sync_context in libnet_samsync_delta().
+ Fix notify_printer_status_byname.
+ Fix Coverity IDs 722, 762, 774, 775, 776.
+ Fix build on old Heimdal based systems.
+ Fix compile warning.
+ Use parentheses in if condition to make negation clear.
+ Add dirsort module.
+ BUG 6147: Fix detection of the GNU ld version.
+ BUG 6097: Fix smbd segfault.
+ BUG 6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped
members.
+ BUG 6139: Add missing whitespace in mount.cifs error message.
+ Fix a malloc/talloc mismatch when cli_initialise() fails.
+ Fix a valgrind error.
+ Speed up "net conf list".
+ Add sorted subkey cache.
+ Use StrCaseCmp in the dirsort module.
+ Document the dirsort module.
+ Disable dns_sd by default.
+ Add avahi detection to configure.
+ Add event avahi binding.
+ Use avahi to register _smb._tcp in smbd.
+ Fix two memleaks in the encryption code.
+ Fix a scary "fill_share_mode_lock failed" message.
+ BUG 6228: Fix SMBC_open_ctx failure due to path resolve failure doesn't set
errno.
+ Don't use reserved words in smbconftort.
+ Fix smb signing for fragmented trans/trans2/nttrans requests.
+ Parse_packet can return NULL which is then dereferenced in
match_mailslot_name.
+ Format the header check for netinet/ip.h more nicely.
+ Missing break in conversion function prevents tdb password database
update.
- Update to 3.2.10.
+ BUG #6195: Don't let smbd child processes panic.
- BUG 6195: Fix crash on passdb conversion.
- Update to 3.2.9.
+ BUG 5920: The length of the memcpy was calculated wrong.
+ BUG 6097: Fix smbd segfault.
+ BUG 6098: Fix ads_find_dc() with "security = domain" when the DNS
server is invalid.
+ BUG 6099: Samba returns incurrate capabilities list.
+ BUG 6100: Implement _netr_LogonGetCapabilities() with
NT_STATUS_NOT_IMPLEMENTED.
+ BUG 6102: NetQueryDisplayInformation could return wrong information.
+ BUG 6130: Fix crash in winbindd_rpc lookup_groupmem() on unmapped
members.
+ BUG 6133: Cannot delete non-ACL files on NFSv4 ACL filesystem.
+ BUG 6161: smbclient corrupts source path in tar mode.
+ BUG 6193: Avoid messing with sync_context in fetch_database_to_ldif().
+ BUG 6196: Unable to serve files with colons to Linux CIFS/VFS client.
+ BUG 6224: nmbd waits 5 minutes before checking to run elections.
+ BUG 6228: Fix SMBC_open_ctx failure when path failure doesn't set errno.
+ Numerous Coverity fixes
+ Fix double free caused by incorrect talloc_steal usage.
+ Backport delete semantics of alternate data streams on a file truncate.
+ Allow set attributes on a stream fnum to redirect to the base filename.
+ Fix use of streams modules with CIFSFS client.
+ Fix more POSIX path lstat calls.
+ Allow DFS client paths to work with POSIX pathnames.
+ Ensure files starting with multiple dots are hidden.
+ Fix guest auth when Winbind is running.
+ Fix memleak in get_remote_printer_publishing_data().
+ cifs mount fix for handling -V parameter.
+ Fix guest mounts.
+ Clean-up entries in /etc/mtab after unmount.
+ Add fakemount (-f) and nomtab (-n) flags to mount.cifs.
+ Enable total anonymization in vfs_smb_traffic_analyzer.
+ Don't try and delete a default ACL from a file.
+ Fix remotely adding a share via MMC.
+ Fix resume handle for _samr_EnumDomainGroups.
+ Fix a buffer handling bug when adding lots of registry keys.
+ Fix a O(n^2) algorithm in regdb_fetch_keys().
+ Fix a valgrind error / segfault in dns_register_smbd().
+ Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog.
+ Fix a malloc/talloc mismatch when cli_initialise() fails.
+ Fix two memleaks in the encryption code.
+ Fix "fill_share_mode_lock failed" message.
+ Add S-1-22-X-Y sids to the local token.
+ Fix smb signing for fragmented trans/trans2/nttrans requests.
+ Don't miss an absolute pathname as a kerberos keytab path.
+ Have nmbd check all available interfaces for WINS before failing.
+ Initialize the id_map status in idmap_ldap to avoid surprise.
- Obsolete change from 2008-03-05 by removing the needless examples cleanup.
- Update to 3.3.2.
+ Fix "force group" (bug #6155).
+ Fix saving of files on Samba share using MS Office 2007 (bug #6160).
+ Fix guest authentication in setups with "security = share" and "guest ok =
yes" when Winbind is running.
+ Fix corruptions of source path in tar mode of smbclient (bug #6161).
+ BUG 6082: Fix renaming and deleting of directories using Windows clients.
+ BUG 6154: Make ZFS honor admin users.
+ BUG 6155: Fix "force group".
+ BUG 6160: Fix saving of files on Samba share using MS Office 2007.
+ BUG 6161: Fix corruptions of source path in tar mode of smbclient.
+ Fix some NetBSD warnings.
+ Fix bug in processing of open modes in POSIX open.
+ Fix use of streams modules with CIFSFS client.
+ Ensure ACL modules work with POSIX paths.
+ Use fsp->posix_open in preference if we have it.
+ Fix more POSIX path lstat calls.
+ Fix a bug in message handling for the change notify code.
+ Fix guest authentication in setups with "security = share" and "guest ok =
yes" when Winbind is running.
+ BUG 4640: Fix guest mounts in mount.cifs.
+ Fix displaying the version string properly when no other parameters passed
in in mount.cifs.
+ Prefer gssapi header files from subdirectory.
+ BUG 6176: winbindd -n should disable the winbind idmap cache.
+ Add a vfs_preopen module to hide fs latencies.
+ Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog.
+ Fix a valgrind error / segfault in dns_register_smbd().
+ Fix build on SLES8.
+ Decremented by 1 for ntcancel requests.
+ Fix creation of core files.
+ Fix first mapping of uids/gids in Winbind.
+ Initialize the id_map status in idmap_ldap to avoid surprise.
+ Fix initialization of idmap status.
- Only call '%find_lang pam_winbind' in the samba spec file, not samba-doc.
- Ignore return value from subshell to fix build.

==== sddm ====
Subpackages: sddm-branding-openSUSE

- Use default tty (tty7) in systemd unit as specified in sddm.conf:
* 0001-Systemd-service-unit-Use-tty7-by-default.patch
- Add patch from upstream to allow setting QT_IM_MODULE in sddm.conf:
* 0001-Also-set-QT_IM_MODULE-in-non-testing-mode.patch
- Revert calling plymouth quit with --retain-splash. It is possible
that this prevents logging in on tty1.

==== sqlite3 ====
Version update (3.17.0 -> 3.18.0)
Subpackages: libsqlite3-0 libsqlite3-0-32bit sqlite3-devel sqlite3-doc

- Update to 3.18.0
* Added the PRAGMA optimize command
* The SQLite version identifier returned by the sqlite_source_id()
SQL function and the sqlite3_sourceid() C API and found in the
SQLITE_SOURCE_ID macro is now a 64-digit SHA3-256 hash instead
of a 40-digit SHA1 hash.
* Added the json_patch() SQL function to the JSON1 extension.
* Enhance the LIKE optimization so that it works for arbitrary
expressions on the left-hand side as long as the LIKE pattern
on the right-hand side does not begin with a digit or minus sign.
* Added the sqlite3_set_last_insert_rowid() interface and use the
new interface in the FTS3, FTS4, and FTS5 extensions to ensure
that the sqlite3_last_insert_rowid() interface always returns
reasonable values.
* Enhance PRAGMA integrity_check and PRAGMA quick_check so that
they verify CHECK constraints.
* Enhance the query plans for joins to detect empty tables early
and halt without doing unnecessary work.
* Enhance the sqlite3_mprintf() family of interfaces and the
printf SQL function to put comma separators at the thousands
marks for integers, if the "," format modifier is used in
between the "%" and the "d" (example: "%,d").
* Added the -DSQLITE_MAX_MEMORY=N compile-time option.
* Added the .sha3sum dot-command and the .selftest dot-command
to the command-line shell
* Begin enforcing SQLITE_LIMIT_VDBE_OP. This can be used,
for example, to prevent excessively large prepared statements
in systems that accept SQL queries from untrusted users.
* Various performance improvements.
* Ensure that indexed expressions with collating sequences are
handled correctly. Fix for ticket eb703ba7b50c1a5.
* Fix a bug in the 'start of ...' modifiers for the date and
time functions. Ticket 6097cb92745327a1
* Fix a potential segfault in complex recursive triggers,
resulting from a bug in the OP_Once opcode introduced as part
of a performance optimization in version 3.15.0. Ticket 06796225f59c057c
* In the RBU extension, add extra sync operations to avoid the
possibility of corruption following a power failure.
* The sqlite3_trace_v2() output for nested SQL statements should
always begin with a "--" comment marker.

==== talloc ====
Version update (2.1.8 -> 2.1.9)
Subpackages: libtalloc2 libtalloc2-32bit python-talloc python-talloc-32bit

- sle11-remove-unknown-compiler-options.patch: build SLE11 and earlier
without -Wno-format-length.
- Update to version 2.1.9; (bsc#1032915).
+ fix some coverity defects
+ fix TALLOC_VERSION_MINOR and talloc_version_minor()
+ add new tests
+ add pytalloc_get_type()
+ add pytalloc_GenericObject_{steal,reference}[_ex]()

==== v4l-utils ====
Version update (1.12.2 -> 1.12.3)
Subpackages: libv4l libv4l-devel libv4l1-0 libv4l1-0-32bit libv4l2-0
libv4l2-0-32bit libv4l2rds0 libv4lconvert0 libv4lconvert0-32bit

- Update to version 1.12.3:
* dvb-sat: fix rangeswitch logic
* dvb-sat: add verbose options for LNBf settings
* dvb-sat: add support for Invacom QPH-031 LNBf
* pt_BR: update translation file to reflect latest changes

==== wayland ====
Subpackages: libwayland-client0 libwayland-cursor0 libwayland-server0

- wayland support in Mesa 17 requires wayland >= 1.11 [fate#321223]

==== yast2-fonts ====
Version update (3.1.17 -> 3.2.0)

- fix regression introduced in 3.1.17: installed families table
was not filled correctly
- add UTF-8 encoding to ruby string [bsc#1006510]
- 3.2.0

--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages