import samba-4.16.4-1.el8

2022-08-02 20:14:42 +00:00 · 2022-08-02 20:14:42 +00:00 · 08c3d81b25
parent e762bb8550
commit 08c3d81b25
6 changed files with 55 additions and 64 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/samba-4.16.2.tar.xz
+SOURCES/samba-4.16.4.tar.xz
 SOURCES/samba-pubkey_AA99442FB680B620.gpg
--- a/.samba.metadata
+++ b/.samba.metadata
@ -1,2 +1,2 @@
-7ee5776f92bbca2508da3d06d2d03a8e5ff5ed67 SOURCES/samba-4.16.2.tar.xz
+c943ec2e8b9413cd3465e39481b49872b4486e86 SOURCES/samba-4.16.4.tar.xz
 971f563c447eda8d144d6c9e743cd0f0488c0d9e SOURCES/samba-pubkey_AA99442FB680B620.gpg
--- a/SOURCES/samba-4.16.2.tar.asc
+++ b/SOURCES/samba-4.16.2.tar.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmKm3zUACgkQqplEL7aA
-tiC2LA/+LwNu8NfLoSSuq+OXTe6Ih0KhdT3RtIhknhe2s3ibBw7juNqUEmZupufH
-01M6p+sq1YyyRABW2k2M51tKF96wdjffDNFTNdpFOXYL5Hm1uL4Lzdf4ZiWY9MKp
-U04uZ1OwicIeFdqU3oUt9iLY5Z2KPz4pTfIOZL67OV8QDXxHdieHfseWVUmOaAjd
-YsZFQRl2c29OkOkAD5AYpNdquQAGvS34M5dPYItrJwgKs9RYMG6JX03oCpoFxXVn
-wjV74S1GB03Gec7tOI+BlAshUeAgUIcYjSrcxJ3MEDTXjJkoVcS9gOOezuWf6lei
-4uEmLYKaYKstF3qFriXJIWoGPAakzyumQOpjo84C0Z0mftSX0L3XbVGmsP48Ra58
-foz0iLka2/8AqxYa5QXkGwqg615icpLo2MmM2/wvMg0Mvx6D6zcb2yx5gIb+ITmh
-d1iN7Rzhk+V2fP7m7zua4IEs7jq8M3pXUF7+By2XdboaOuq80APwLfr37yMeQBPu
-NTVgOPCe+AQZliOWagxZ03yLSraCljIfMFLecDdl1W2Vi45IrtRxT2o2gqtnOgsL
-1+8OfmcvPYYSXNr3dreeH7UROVR6DEBWL1bUV2UFB5EFzUDB612EE6Z5IVbPoTWl
-GVAKedXrrQx+f2ucUFg5AvjCJkZ8wVlkMTBK/KJbENbdAe/680k=
-=fziY
-----END PGP SIGNATURE-----
--- a/SOURCES/samba-4.16.4.tar.asc
+++ b/SOURCES/samba-4.16.4.tar.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmLg520ACgkQqplEL7aA
+tiBsuA//ZqQhoz1unYEMk6tqu528xGweYd488gjdKkszWPCI5NmGbmvN/tbhUIc3
+WbJO8oPEFN81+a0b7nsKxpgDt8IR00rx4mA3A5rh+Z1PTbUWpjBxchTsXZsEaDaE
+dA/pRes+rzDpjLg2VWAd+5SDwy1d5ZfZ+gX/qntfpgYLqiBfJNJJPxCEFqnG1IUF
+xaWwKQNuduq89Wr3LabSCjx4IMQEABr8VN+WZG5JhmKBaad1I5tOBOFypLS0iKUX
+bGsMr3itdKFvYmAFM2ZbY/Q7DZb5GIUvNOqyRcBYQe33tqS2GYjEHS0tbXoNP5l2
+gQcs3FiebX6Bi4I6EoFL380LLG1zskCV5xRtGIvrW7SOKCnkaswuxlHEQSVWFc0A
+2aZmT7RaKYwtm+0kD+Fq3PWBwPvLBgiCP9oohfOgqrW9VnIJNbyCyJcBbK8snS0a
+KIfr+hM+ccNBVhmpFWRjA0WkVW9d9/tcDFN63nTQJkZg4cXZboMVO7fjmo4U1oJK
+qIVU5Xr0e5TXLNWguvr6t03CUvtfgBHMYFrHRX4HJTN7Z3m4WxAYt+jspIavQP/S
+muj4g/INYmjZmBG2f9mign6Tt3MtOtHlymMFAJ1t1e+9B5v1dkmO4T6ffqbDgvg5
+bnAFUM5+bzW81DGJNbITDSNBU7PokwP4cQBNTVtgK38DW4BiPO8=
+=6kYO
+-----END PGP SIGNATURE-----
--- a/SOURCES/samba-s4u.patch
+++ b/SOURCES/samba-s4u.patch
@ -1,7 +1,7 @@
-From 17eb98d3f8ebd0fe48e218bb03a3c0165b9b6e95 Mon Sep 17 00:00:00 2001
+From 5d7ec9a00b6f4c6768c606d37d235415f2006445 Mon Sep 17 00:00:00 2001
 From: Isaac Boukris <iboukris@gmail.com>
 Date: Fri, 27 Sep 2019 18:25:03 +0300
-Subject: [PATCH 1/4] mit-kdc: add basic loacl realm S4U support
+Subject: [PATCH 1/3] mit-kdc: add basic loacl realm S4U support

 Signed-off-by: Isaac Boukris <iboukris@gmail.com>
 Pair-Programmed-With: Andreas Schneider <asn@samba.org>
@ -236,7 +236,7 @@ index 793fe366c35..22534c09974 100644
 
 
 diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
-index 27b15828468..994dfed312b 100644
+index cb72b5de294..03c2c2ea1de 100644
 --- a/source4/kdc/mit_samba.c
 +++ b/source4/kdc/mit_samba.c
@@ -517,7 +517,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
@ -247,7 +247,7 @@ index 27b15828468..994dfed312b 100644
 				    krb5_db_entry *client,
 				    krb5_db_entry *server,
 				    krb5_db_entry *krbtgt,
-@@ -682,7 +681,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
+@@ -689,7 +688,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
 								  context,
 								  *pac,
 								  server->princ,
@ -256,7 +256,7 @@ index 27b15828468..994dfed312b 100644
 								  deleg_blob);
 		if (!NT_STATUS_IS_OK(nt_status)) {
 			DEBUG(0, ("Update delegation info failed: %s\n",
-@@ -1004,41 +1003,17 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
+@@ -1081,41 +1080,17 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
 }
 
 int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx,
@ -333,13 +333,13 @@ index 4431e82a1b2..9370ab533af 100644
 int mit_samba_kpasswd_change_password(struct mit_samba_context *ctx,
 				      char *pwd,
 -- 
-2.33.1
+2.37.1


-From f4fc23103f47b712baf3b4b0ebcb42d0f3f3fd42 Mon Sep 17 00:00:00 2001
+From 325912375cf54743ab8ea557172a72b870002e9f Mon Sep 17 00:00:00 2001
 From: Isaac Boukris <iboukris@gmail.com>
 Date: Fri, 27 Sep 2019 18:35:30 +0300
-Subject: [PATCH 2/4] krb5-mit: enable S4U client support for MIT build
+Subject: [PATCH 2/3] krb5-mit: enable S4U client support for MIT build

 Signed-off-by: Isaac Boukris <iboukris@gmail.com>
 Pair-Programmed-With: Andreas Schneider <asn@samba.org>
@ -350,10 +350,10 @@ Pair-Programmed-With: Andreas Schneider <asn@samba.org>
 3 files changed, 185 insertions(+), 13 deletions(-)

 diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
-index 61d651b4d5f..462acec90b6 100644
+index 4321f07ca09..3fd95e47fca 100644
 --- a/lib/krb5_wrap/krb5_samba.c
 +++ b/lib/krb5_wrap/krb5_samba.c
-@@ -2699,6 +2699,191 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
+@@ -2702,6 +2702,191 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx,
 
 	return 0;
 }
@ -611,20 +611,20 @@ index 544d9d853cc..c14d8c72d8c 100644
 				ret = smb_krb5_kinit_password_ccache(smb_krb5_context->krb5_context,
 								     ccache,
 -- 
-2.33.1
+2.37.1


-From 48d73d552f2fbbdb07bd9aff4d0294883b70417f Mon Sep 17 00:00:00 2001
+From a5713b1558192f24348f7794da84bf65cf78e6ec Mon Sep 17 00:00:00 2001
 From: Isaac Boukris <iboukris@gmail.com>
 Date: Sat, 19 Sep 2020 14:16:20 +0200
-Subject: [PATCH 3/4] wip: for canonicalization with new MIT kdc code
+Subject: [PATCH 3/3] wip: for canonicalization with new MIT kdc code

 ---
 source4/kdc/mit_samba.c | 3 +++
 1 file changed, 3 insertions(+)

 diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
-index 994dfed312b..9d039e5601b 100644
+index 03c2c2ea1de..30fade56531 100644
 --- a/source4/kdc/mit_samba.c
 +++ b/source4/kdc/mit_samba.c
@@ -232,6 +232,9 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
@ -638,33 +638,5 @@ index 994dfed312b..9d039e5601b 100644
 		      KRB5_KDB_FLAG_INCLUDE_PAC)) {
 		/*
 -- 
-2.33.1
-
-
-From f5f54026d151f6d899e8ff52d8829a2f9cf57f25 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@samba.org>
-Date: Tue, 21 Dec 2021 12:17:11 +0100
-Subject: [PATCH 4/4] s4:kdc: Also cannoicalize krbtgt principals when
- enforcing canonicalization
-
-Signed-off-by: Andreas Schneider <asn@samba.org>
---
- source4/kdc/db-glue.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
-index 8d17038cfe6..77c0c0e4746 100644
--- a/source4/kdc/db-glue.c
-+++ b/source4/kdc/db-glue.c
-@@ -946,7 +946,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
- 	if (ent_type == SAMBA_KDC_ENT_TYPE_KRBTGT) {
- 		p->is_krbtgt = true;
- 
-		if (flags & (SDB_F_CANON)) {
-+		if (flags & (SDB_F_CANON|SDB_F_FORCE_CANON)) {
- 			/*
- 			 * When requested to do so, ensure that the
- 			 * both realm values in the principal are set
-- 
-2.33.1
+2.37.1

--- a/SPECS/samba.spec
+++ b/SPECS/samba.spec
@ -136,11 +136,11 @@

 %global baserelease 1

-%global samba_version 4.16.2
+%global samba_version 4.16.4
 %global talloc_version 2.3.3
 %global tdb_version 1.4.6
 %global tevent_version 0.12.0
-%global ldb_version 2.5.1
+%global ldb_version 2.5.2
 # This should be rc1 or nil
 %global pre_release %nil

@ -365,12 +365,18 @@ BuildRequires: lmdb-devel
 %if %{with dc} || %{with testsuite}
 BuildRequires: bind
 BuildRequires: krb5-server >= %{required_mit_krb5}
-BuildRequires: ldb-tools
 BuildRequires: python3-gpg
 BuildRequires: python3-markdown
 BuildRequires: python3-setproctitle
 BuildRequires: python3-cryptography
+
+%if %{without includelibs}
 BuildRequires: tdb-tools
+BuildRequires: ldb-tools
+#endif without includelibs
+%endif
+
+#endif with dc || with testsuite
 %endif

 # filter out perl requirements pulled in from examples in the docdir.
@ -2097,6 +2103,7 @@ fi
 %{_libdir}/samba/bind9/dlz_bind9_12.so
 %{_libdir}/samba/bind9/dlz_bind9_14.so
 %{_libdir}/samba/bind9/dlz_bind9_16.so
+%{_libdir}/samba/bind9/dlz_bind9_18.so
 #endif with dc
 %endif

@ -2971,6 +2978,7 @@ fi
 %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_base_test.*.pyc
 %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tests.*.pyc
 %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tgs_tests.*.pyc
+%{python3_sitearch}/samba/tests/krb5/__pycache__/kpasswd_tests.*.pyc
 %{python3_sitearch}/samba/tests/krb5/__pycache__/ms_kile_client_principal_lookup_tests.*.pyc
 %{python3_sitearch}/samba/tests/krb5/__pycache__/pac_align_tests.*.pyc
 %{python3_sitearch}/samba/tests/krb5/__pycache__/raw_testcase.*.pyc
@ -2997,6 +3005,7 @@ fi
 %{python3_sitearch}/samba/tests/krb5/kdc_base_test.py
 %{python3_sitearch}/samba/tests/krb5/kdc_tests.py
 %{python3_sitearch}/samba/tests/krb5/kdc_tgs_tests.py
+%{python3_sitearch}/samba/tests/krb5/kpasswd_tests.py
 %{python3_sitearch}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
 %{python3_sitearch}/samba/tests/krb5/pac_align_tests.py
 %{python3_sitearch}/samba/tests/krb5/raw_testcase.py
@ -4155,6 +4164,16 @@ fi
 %endif

 %changelog
+* Thu Jul 28 2022 Andreas Schneider <asn@redhat.com> - 4.16.4-1
+- Rebase to version 4.16.4
+- resolves: rhbz#2108331 - Fix CVE-2022-32742
+
+* Mon Jul 18 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.16.3-0
+- related: rhbz#2077468 - Rebase Samba to 4.16.3
+- resolves: rhbz#2106672 - The pcap background queue process should not be stopped
+- resolves: rhbz#2106263 - Fix crash in rpcd_classic
+- resolves: rhbz#2100093 - Fix net ads info returns LDAP server and LDAP server name
+
 * Tue Jun 14 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.16.2-1
 - resolves: rhbz#2084162 - Fix printer displays only after 300 seconds timeout