From 48288365c38c8198d2764612a02fbae3e9c6a04b Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 2 Aug 2022 20:14:57 +0000 Subject: [PATCH] Auto sync2gitlab import of samba-4.16.4-1.el8.src.rpm --- .gitignore | 1 + samba-4.16.2.tar.asc | 16 ------------ samba-4.16.4.tar.asc | 16 ++++++++++++ samba-s4u.patch | 58 ++++++++++++-------------------------------- samba.spec | 25 ++++++++++++++++--- sources | 2 +- 6 files changed, 55 insertions(+), 63 deletions(-) delete mode 100644 samba-4.16.2.tar.asc create mode 100644 samba-4.16.4.tar.asc diff --git a/.gitignore b/.gitignore index 24c4dd3..57b461d 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ /samba-pubkey_AA99442FB680B620.gpg /samba-4.16.1.tar.xz /samba-4.16.2.tar.xz +/samba-4.16.4.tar.xz diff --git a/samba-4.16.2.tar.asc b/samba-4.16.2.tar.asc deleted file mode 100644 index 62daa21..0000000 --- a/samba-4.16.2.tar.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmKm3zUACgkQqplEL7aA -tiC2LA/+LwNu8NfLoSSuq+OXTe6Ih0KhdT3RtIhknhe2s3ibBw7juNqUEmZupufH -01M6p+sq1YyyRABW2k2M51tKF96wdjffDNFTNdpFOXYL5Hm1uL4Lzdf4ZiWY9MKp -U04uZ1OwicIeFdqU3oUt9iLY5Z2KPz4pTfIOZL67OV8QDXxHdieHfseWVUmOaAjd -YsZFQRl2c29OkOkAD5AYpNdquQAGvS34M5dPYItrJwgKs9RYMG6JX03oCpoFxXVn -wjV74S1GB03Gec7tOI+BlAshUeAgUIcYjSrcxJ3MEDTXjJkoVcS9gOOezuWf6lei -4uEmLYKaYKstF3qFriXJIWoGPAakzyumQOpjo84C0Z0mftSX0L3XbVGmsP48Ra58 -foz0iLka2/8AqxYa5QXkGwqg615icpLo2MmM2/wvMg0Mvx6D6zcb2yx5gIb+ITmh -d1iN7Rzhk+V2fP7m7zua4IEs7jq8M3pXUF7+By2XdboaOuq80APwLfr37yMeQBPu -NTVgOPCe+AQZliOWagxZ03yLSraCljIfMFLecDdl1W2Vi45IrtRxT2o2gqtnOgsL -1+8OfmcvPYYSXNr3dreeH7UROVR6DEBWL1bUV2UFB5EFzUDB612EE6Z5IVbPoTWl -GVAKedXrrQx+f2ucUFg5AvjCJkZ8wVlkMTBK/KJbENbdAe/680k= -=fziY ------END PGP SIGNATURE----- diff --git a/samba-4.16.4.tar.asc b/samba-4.16.4.tar.asc new file mode 100644 index 0000000..96aba0e --- /dev/null +++ b/samba-4.16.4.tar.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmLg520ACgkQqplEL7aA +tiBsuA//ZqQhoz1unYEMk6tqu528xGweYd488gjdKkszWPCI5NmGbmvN/tbhUIc3 +WbJO8oPEFN81+a0b7nsKxpgDt8IR00rx4mA3A5rh+Z1PTbUWpjBxchTsXZsEaDaE +dA/pRes+rzDpjLg2VWAd+5SDwy1d5ZfZ+gX/qntfpgYLqiBfJNJJPxCEFqnG1IUF +xaWwKQNuduq89Wr3LabSCjx4IMQEABr8VN+WZG5JhmKBaad1I5tOBOFypLS0iKUX +bGsMr3itdKFvYmAFM2ZbY/Q7DZb5GIUvNOqyRcBYQe33tqS2GYjEHS0tbXoNP5l2 +gQcs3FiebX6Bi4I6EoFL380LLG1zskCV5xRtGIvrW7SOKCnkaswuxlHEQSVWFc0A +2aZmT7RaKYwtm+0kD+Fq3PWBwPvLBgiCP9oohfOgqrW9VnIJNbyCyJcBbK8snS0a +KIfr+hM+ccNBVhmpFWRjA0WkVW9d9/tcDFN63nTQJkZg4cXZboMVO7fjmo4U1oJK +qIVU5Xr0e5TXLNWguvr6t03CUvtfgBHMYFrHRX4HJTN7Z3m4WxAYt+jspIavQP/S +muj4g/INYmjZmBG2f9mign6Tt3MtOtHlymMFAJ1t1e+9B5v1dkmO4T6ffqbDgvg5 +bnAFUM5+bzW81DGJNbITDSNBU7PokwP4cQBNTVtgK38DW4BiPO8= +=6kYO +-----END PGP SIGNATURE----- diff --git a/samba-s4u.patch b/samba-s4u.patch index f447b86..5d3cb55 100644 --- a/samba-s4u.patch +++ b/samba-s4u.patch @@ -1,7 +1,7 @@ -From 17eb98d3f8ebd0fe48e218bb03a3c0165b9b6e95 Mon Sep 17 00:00:00 2001 +From 5d7ec9a00b6f4c6768c606d37d235415f2006445 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Fri, 27 Sep 2019 18:25:03 +0300 -Subject: [PATCH 1/4] mit-kdc: add basic loacl realm S4U support +Subject: [PATCH 1/3] mit-kdc: add basic loacl realm S4U support Signed-off-by: Isaac Boukris Pair-Programmed-With: Andreas Schneider @@ -236,7 +236,7 @@ index 793fe366c35..22534c09974 100644 diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c -index 27b15828468..994dfed312b 100644 +index cb72b5de294..03c2c2ea1de 100644 --- a/source4/kdc/mit_samba.c +++ b/source4/kdc/mit_samba.c @@ -517,7 +517,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx, @@ -247,7 +247,7 @@ index 27b15828468..994dfed312b 100644 krb5_db_entry *client, krb5_db_entry *server, krb5_db_entry *krbtgt, -@@ -682,7 +681,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx, +@@ -689,7 +688,7 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx, context, *pac, server->princ, @@ -256,7 +256,7 @@ index 27b15828468..994dfed312b 100644 deleg_blob); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Update delegation info failed: %s\n", -@@ -1004,41 +1003,17 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx, +@@ -1081,41 +1080,17 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx, } int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx, @@ -333,13 +333,13 @@ index 4431e82a1b2..9370ab533af 100644 int mit_samba_kpasswd_change_password(struct mit_samba_context *ctx, char *pwd, -- -2.33.1 +2.37.1 -From f4fc23103f47b712baf3b4b0ebcb42d0f3f3fd42 Mon Sep 17 00:00:00 2001 +From 325912375cf54743ab8ea557172a72b870002e9f Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Fri, 27 Sep 2019 18:35:30 +0300 -Subject: [PATCH 2/4] krb5-mit: enable S4U client support for MIT build +Subject: [PATCH 2/3] krb5-mit: enable S4U client support for MIT build Signed-off-by: Isaac Boukris Pair-Programmed-With: Andreas Schneider @@ -350,10 +350,10 @@ Pair-Programmed-With: Andreas Schneider 3 files changed, 185 insertions(+), 13 deletions(-) diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c -index 61d651b4d5f..462acec90b6 100644 +index 4321f07ca09..3fd95e47fca 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c -@@ -2699,6 +2699,191 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx, +@@ -2702,6 +2702,191 @@ krb5_error_code smb_krb5_kinit_s4u2_ccache(krb5_context ctx, return 0; } @@ -611,20 +611,20 @@ index 544d9d853cc..c14d8c72d8c 100644 ret = smb_krb5_kinit_password_ccache(smb_krb5_context->krb5_context, ccache, -- -2.33.1 +2.37.1 -From 48d73d552f2fbbdb07bd9aff4d0294883b70417f Mon Sep 17 00:00:00 2001 +From a5713b1558192f24348f7794da84bf65cf78e6ec Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Sat, 19 Sep 2020 14:16:20 +0200 -Subject: [PATCH 3/4] wip: for canonicalization with new MIT kdc code +Subject: [PATCH 3/3] wip: for canonicalization with new MIT kdc code --- source4/kdc/mit_samba.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c -index 994dfed312b..9d039e5601b 100644 +index 03c2c2ea1de..30fade56531 100644 --- a/source4/kdc/mit_samba.c +++ b/source4/kdc/mit_samba.c @@ -232,6 +232,9 @@ int mit_samba_get_principal(struct mit_samba_context *ctx, @@ -638,33 +638,5 @@ index 994dfed312b..9d039e5601b 100644 KRB5_KDB_FLAG_INCLUDE_PAC)) { /* -- -2.33.1 - - -From f5f54026d151f6d899e8ff52d8829a2f9cf57f25 Mon Sep 17 00:00:00 2001 -From: Andreas Schneider -Date: Tue, 21 Dec 2021 12:17:11 +0100 -Subject: [PATCH 4/4] s4:kdc: Also cannoicalize krbtgt principals when - enforcing canonicalization - -Signed-off-by: Andreas Schneider ---- - source4/kdc/db-glue.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c -index 8d17038cfe6..77c0c0e4746 100644 ---- a/source4/kdc/db-glue.c -+++ b/source4/kdc/db-glue.c -@@ -946,7 +946,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context, - if (ent_type == SAMBA_KDC_ENT_TYPE_KRBTGT) { - p->is_krbtgt = true; - -- if (flags & (SDB_F_CANON)) { -+ if (flags & (SDB_F_CANON|SDB_F_FORCE_CANON)) { - /* - * When requested to do so, ensure that the - * both realm values in the principal are set --- -2.33.1 +2.37.1 diff --git a/samba.spec b/samba.spec index 83c3053..2aab083 100644 --- a/samba.spec +++ b/samba.spec @@ -136,11 +136,11 @@ %global baserelease 1 -%global samba_version 4.16.2 +%global samba_version 4.16.4 %global talloc_version 2.3.3 %global tdb_version 1.4.6 %global tevent_version 0.12.0 -%global ldb_version 2.5.1 +%global ldb_version 2.5.2 # This should be rc1 or nil %global pre_release %nil @@ -365,12 +365,18 @@ BuildRequires: lmdb-devel %if %{with dc} || %{with testsuite} BuildRequires: bind BuildRequires: krb5-server >= %{required_mit_krb5} -BuildRequires: ldb-tools BuildRequires: python3-gpg BuildRequires: python3-markdown BuildRequires: python3-setproctitle BuildRequires: python3-cryptography + +%if %{without includelibs} BuildRequires: tdb-tools +BuildRequires: ldb-tools +#endif without includelibs +%endif + +#endif with dc || with testsuite %endif # filter out perl requirements pulled in from examples in the docdir. @@ -2097,6 +2103,7 @@ fi %{_libdir}/samba/bind9/dlz_bind9_12.so %{_libdir}/samba/bind9/dlz_bind9_14.so %{_libdir}/samba/bind9/dlz_bind9_16.so +%{_libdir}/samba/bind9/dlz_bind9_18.so #endif with dc %endif @@ -2971,6 +2978,7 @@ fi %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_base_test.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/kdc_tgs_tests.*.pyc +%{python3_sitearch}/samba/tests/krb5/__pycache__/kpasswd_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/ms_kile_client_principal_lookup_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/pac_align_tests.*.pyc %{python3_sitearch}/samba/tests/krb5/__pycache__/raw_testcase.*.pyc @@ -2997,6 +3005,7 @@ fi %{python3_sitearch}/samba/tests/krb5/kdc_base_test.py %{python3_sitearch}/samba/tests/krb5/kdc_tests.py %{python3_sitearch}/samba/tests/krb5/kdc_tgs_tests.py +%{python3_sitearch}/samba/tests/krb5/kpasswd_tests.py %{python3_sitearch}/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py %{python3_sitearch}/samba/tests/krb5/pac_align_tests.py %{python3_sitearch}/samba/tests/krb5/raw_testcase.py @@ -4155,6 +4164,16 @@ fi %endif %changelog +* Thu Jul 28 2022 Andreas Schneider - 4.16.4-1 +- Rebase to version 4.16.4 +- resolves: rhbz#2108331 - Fix CVE-2022-32742 + +* Mon Jul 18 2022 Pavel Filipenský - 4.16.3-0 +- related: rhbz#2077468 - Rebase Samba to 4.16.3 +- resolves: rhbz#2106672 - The pcap background queue process should not be stopped +- resolves: rhbz#2106263 - Fix crash in rpcd_classic +- resolves: rhbz#2100093 - Fix net ads info returns LDAP server and LDAP server name + * Tue Jun 14 2022 Pavel Filipenský - 4.16.2-1 - resolves: rhbz#2084162 - Fix printer displays only after 300 seconds timeout diff --git a/sources b/sources index 0b139a8..4bd5877 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (samba-4.16.2.tar.xz) = f29a49b119b55db063bf69a6df57fd29667bb3ee7a22f3af7ea9cafa88b05ce21cae11464de073c1f0c963e46b571c94a5ccaed3f364f851fe8a4b5d5064e794 +SHA512 (samba-4.16.4.tar.xz) = 263c33f202462c50ba9205232cc59f17eef6526bbe97cc1c6be6606e5e2fa8e235f24693da5ef00106ed126c5e2e1d83e2cfc0d2a690303ac94a8737e6760e95 SHA512 (samba-pubkey_AA99442FB680B620.gpg) = 4a13414888fae9776a8edfb629e7002689f01cc482df9686c91eaec793b5e2afa2e1afe6ffeb424093a12259594676d40b4343e844a00499888840f7fe96a199