diff --git a/0068-ipa-kdb-support-Samba-4.20-private-libraries.patch b/0068-ipa-kdb-support-Samba-4.20-private-libraries.patch new file mode 100644 index 0000000..f4386b6 --- /dev/null +++ b/0068-ipa-kdb-support-Samba-4.20-private-libraries.patch @@ -0,0 +1,51 @@ +From b514e16495b7b2d65f02f95bfa1a21531bc37b3a Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Tue, 30 Jan 2024 19:58:05 +0200 +Subject: [PATCH] ipa-kdb: support Samba 4.20 private libraries + +Samba 4.20 will change name extension of the private libraries from +'samba4' to 'private-samba'. Detect private extension through configure +step and make sure to use the right library name in Makefile. + +Signed-off-by: Alexander Bokovoy +Reviewed-By: Florence Blanc-Renaud +--- + daemons/ipa-kdb/Makefile.am | 2 +- + server.m4 | 8 ++++++++ + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/daemons/ipa-kdb/Makefile.am b/daemons/ipa-kdb/Makefile.am +index 777c6b4bd6b9399d12860c1577534b6505361bb4..ca1593bc801ab1942a6a31f4c79bfdc897dc447d 100644 +--- a/daemons/ipa-kdb/Makefile.am ++++ b/daemons/ipa-kdb/Makefile.am +@@ -116,7 +116,7 @@ ipa_kdb_tests_LDADD = \ + $(top_builddir)/util/libutil.la \ + -lkdb5 \ + -lsss_idmap \ +- -lsamba-security-samba4 \ ++ -l$(SAMBA_SECURITY_LIBS)\ + -lsamba-errors \ + $(NULL) + +diff --git a/server.m4 b/server.m4 +index 2ee2cf5191d74c8b82a55b7a62be08c00944e399..f97ceddea0388067f4353fd9a03a5e5d27b1672b 100644 +--- a/server.m4 ++++ b/server.m4 +@@ -182,6 +182,14 @@ AC_CHECK_LIB([smbldap],[smbldap_set_bind_callback], + [AC_DEFINE([HAVE_SMBLDAP_SET_BIND_CALLBACK], [1], [struct smbldap_state is opaque])], + [AC_MSG_WARN([libsmbldap is not opaque, not using smbldap_set_bind_callback])], + [$SAMBA40EXTRA_LIBPATH]) ++AC_CHECK_LIB([samba-security-private-samba],[dom_sid_string], ++ [SAMBA_SECURITY_LIBS=samba-security-private-samba], ++ [AC_CHECK_LIB([samba-security-samba4],[dom_sid_string], ++ [SAMBA_SECURITY_LIBS=samba-security-samba4], ++ [AC_MSG_ERROR([Cannot find private samba-security library])], ++ [$SAMBA40EXTRA_LIBPATH])], ++ [$SAMBA40EXTRA_LIBPATH]) ++AC_SUBST(SAMBA_SECURITY_LIBS) + + dnl --------------------------------------------------------------------------- + dnl Check for libunistring +-- +2.44.0 + diff --git a/freeipa.spec b/freeipa.spec index 3582077..7674161 100644 --- a/freeipa.spec +++ b/freeipa.spec @@ -70,7 +70,7 @@ %global krb5_kdb_version 9.0 # 0.7.16: https://github.com/drkjam/netaddr/issues/71 %global python_netaddr_version 0.7.19 -%global samba_version 4.17.4-101 +%global samba_version 4.20.0-103 %global slapi_nis_version 0.56.4 %global python_ldap_version 3.1.0-1 %if 0%{?rhel} < 9 @@ -223,7 +223,7 @@ Name: %{package_name} Version: %{IPA_VERSION} -Release: 10%{?rc_version:.%rc_version}%{?dist} +Release: 11%{?rc_version:.%rc_version}%{?dist} Summary: The Identity, Policy and Audit system License: GPL-3.0-or-later @@ -314,6 +314,7 @@ Patch0064: 0064-ipa-pwd-extop-add-MFA-note-in-case-of-a-successful-L.patch Patch0065: 0065-ipa-pwd-extop-declare-operation-notes-support-from-3.patch Patch0066: 0066-dcerpc-invalidate-forest-trust-info-cache-when-filte.patch Patch0067: 0067-ipatests-Fixes-for-test_ipahealthcheck_ipansschainva.patch +Patch0068: 0068-ipa-kdb-support-Samba-4.20-private-libraries.patch Patch1001: 1001-Change-branding-to-IPA-and-Identity-Management.patch %endif %endif @@ -1806,6 +1807,9 @@ fi %endif %changelog +* Tue Apr 30 2024 Florence Blanc-Renaud - 4.11.0-11 +- Resolves: RHEL-33645 - Update samba to version 4.20.0 + * Fri Mar 29 2024 Florence Blanc-Renaud - 4.11.0-10 - Resolves: RHEL-23377 Enforce OTP for ldap bind (in some scenarios) - Resolves: RHEL-29745 Unable to re-add broken AD trust - NT_STATUS_INVALID_PARAMETER