Compare commits
No commits in common. "changed/a9/samba-4.18.6-102.el9_3.alma.1" and "c8" have entirely different histories.
changed/a9
...
c8
|
@ -1,45 +0,0 @@
|
|||
From ae476e1c28b797fe221172ed1066bf8efa476d8d Mon Sep 17 00:00:00 2001
|
||||
From: Jeremy Allison <jra@samba.org>
|
||||
Date: Tue, 25 Jul 2023 17:41:04 -0700
|
||||
Subject: [PATCH] CVE-2023-3961:s3:smbd: Catch any incoming pipe path that
|
||||
could exit socket_dir.
|
||||
|
||||
For now, SMB_ASSERT() to exit the server. We will remove
|
||||
this once the test code is in place.
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15422
|
||||
|
||||
Signed-off-by: Jeremy Allison <jra@samba.org>
|
||||
---
|
||||
source3/rpc_client/local_np.c | 18 ++++++++++++++++++
|
||||
1 file changed, 18 insertions(+)
|
||||
|
||||
diff --git a/source3/rpc_client/local_np.c b/source3/rpc_client/local_np.c
|
||||
index 0e912d0e35a..dfed7e7beb6 100644
|
||||
--- a/source3/rpc_client/local_np.c
|
||||
+++ b/source3/rpc_client/local_np.c
|
||||
@@ -542,6 +542,24 @@ struct tevent_req *local_np_connect_send(
|
||||
return tevent_req_post(req, ev);
|
||||
}
|
||||
|
||||
+ /*
|
||||
+ * Ensure we cannot process a path that exits
|
||||
+ * the socket_dir.
|
||||
+ */
|
||||
+ if (ISDOTDOT(lower_case_pipename) ||
|
||||
+ (strchr(lower_case_pipename, '/')!=NULL))
|
||||
+ {
|
||||
+ DBG_DEBUG("attempt to connect to invalid pipe pathname %s\n",
|
||||
+ lower_case_pipename);
|
||||
+ /*
|
||||
+ * For now, panic the server until we have
|
||||
+ * the test code in place.
|
||||
+ */
|
||||
+ SMB_ASSERT(false);
|
||||
+ tevent_req_error(req, ENOENT);
|
||||
+ return tevent_req_post(req, ev);
|
||||
+ }
|
||||
+
|
||||
state->socketpath = talloc_asprintf(
|
||||
state, "%s/np/%s", socket_dir, lower_case_pipename);
|
||||
if (tevent_req_nomem(state->socketpath, req)) {
|
|
@ -1,183 +0,0 @@
|
|||
From b1fd65694185c26f1e196d84ee8756300e631bd5 Mon Sep 17 00:00:00 2001
|
||||
From: Ralph Boehme <slow@samba.org>
|
||||
Date: Tue, 1 Aug 2023 12:30:00 +0200
|
||||
Subject: [PATCH] CVE-2023-4091: smbtorture: test overwrite dispositions on
|
||||
read-only file
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439
|
||||
|
||||
Signed-off-by: Ralph Boehme <slow@samba.org>
|
||||
---
|
||||
selftest/knownfail.d/samba3.smb2.acls | 1 +
|
||||
source4/torture/smb2/acls.c | 143 ++++++++++++++++++++++++++
|
||||
2 files changed, 144 insertions(+)
|
||||
create mode 100644 selftest/knownfail.d/samba3.smb2.acls
|
||||
|
||||
diff --git a/selftest/knownfail.d/samba3.smb2.acls b/selftest/knownfail.d/samba3.smb2.acls
|
||||
new file mode 100644
|
||||
index 00000000000..18df260c0e5
|
||||
--- /dev/null
|
||||
+++ b/selftest/knownfail.d/samba3.smb2.acls
|
||||
@@ -0,0 +1 @@
|
||||
+^samba3.smb2.acls.OVERWRITE_READ_ONLY_FILE
|
||||
diff --git a/source4/torture/smb2/acls.c b/source4/torture/smb2/acls.c
|
||||
index bbf201bcf4b..53f482c5541 100644
|
||||
--- a/source4/torture/smb2/acls.c
|
||||
+++ b/source4/torture/smb2/acls.c
|
||||
@@ -2989,6 +2989,148 @@ static bool test_mxac_not_granted(struct torture_context *tctx,
|
||||
return ret;
|
||||
}
|
||||
|
||||
+static bool test_overwrite_read_only_file(struct torture_context *tctx,
|
||||
+ struct smb2_tree *tree)
|
||||
+{
|
||||
+ NTSTATUS status;
|
||||
+ struct smb2_create c;
|
||||
+ const char *fname = BASEDIR "\\test_overwrite_read_only_file.txt";
|
||||
+ struct smb2_handle handle = {{0}};
|
||||
+ union smb_fileinfo q;
|
||||
+ union smb_setfileinfo set;
|
||||
+ struct security_descriptor *sd = NULL, *sd_orig = NULL;
|
||||
+ const char *owner_sid = NULL;
|
||||
+ int i;
|
||||
+ bool ret = true;
|
||||
+
|
||||
+ struct tcase {
|
||||
+ int disposition;
|
||||
+ const char *disposition_string;
|
||||
+ NTSTATUS expected_status;
|
||||
+ } tcases[] = {
|
||||
+#define TCASE(d, s) { \
|
||||
+ .disposition = d, \
|
||||
+ .disposition_string = #d, \
|
||||
+ .expected_status = s, \
|
||||
+ }
|
||||
+ TCASE(NTCREATEX_DISP_OPEN, NT_STATUS_OK),
|
||||
+ TCASE(NTCREATEX_DISP_SUPERSEDE, NT_STATUS_ACCESS_DENIED),
|
||||
+ TCASE(NTCREATEX_DISP_OVERWRITE, NT_STATUS_ACCESS_DENIED),
|
||||
+ TCASE(NTCREATEX_DISP_OVERWRITE_IF, NT_STATUS_ACCESS_DENIED),
|
||||
+ };
|
||||
+#undef TCASE
|
||||
+
|
||||
+ ret = smb2_util_setup_dir(tctx, tree, BASEDIR);
|
||||
+ torture_assert_goto(tctx, ret, ret, done, "smb2_util_setup_dir not ok");
|
||||
+
|
||||
+ c = (struct smb2_create) {
|
||||
+ .in.desired_access = SEC_STD_READ_CONTROL |
|
||||
+ SEC_STD_WRITE_DAC |
|
||||
+ SEC_STD_WRITE_OWNER,
|
||||
+ .in.file_attributes = FILE_ATTRIBUTE_NORMAL,
|
||||
+ .in.share_access = NTCREATEX_SHARE_ACCESS_READ |
|
||||
+ NTCREATEX_SHARE_ACCESS_WRITE,
|
||||
+ .in.create_disposition = NTCREATEX_DISP_OPEN_IF,
|
||||
+ .in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
|
||||
+ .in.fname = fname,
|
||||
+ };
|
||||
+
|
||||
+ status = smb2_create(tree, tctx, &c);
|
||||
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
|
||||
+ "smb2_create failed\n");
|
||||
+ handle = c.out.file.handle;
|
||||
+
|
||||
+ torture_comment(tctx, "get the original sd\n");
|
||||
+
|
||||
+ ZERO_STRUCT(q);
|
||||
+ q.query_secdesc.level = RAW_FILEINFO_SEC_DESC;
|
||||
+ q.query_secdesc.in.file.handle = handle;
|
||||
+ q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER;
|
||||
+
|
||||
+ status = smb2_getinfo_file(tree, tctx, &q);
|
||||
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
|
||||
+ "smb2_getinfo_file failed\n");
|
||||
+ sd_orig = q.query_secdesc.out.sd;
|
||||
+
|
||||
+ owner_sid = dom_sid_string(tctx, sd_orig->owner_sid);
|
||||
+
|
||||
+ sd = security_descriptor_dacl_create(tctx,
|
||||
+ 0, NULL, NULL,
|
||||
+ owner_sid,
|
||||
+ SEC_ACE_TYPE_ACCESS_ALLOWED,
|
||||
+ SEC_FILE_READ_DATA,
|
||||
+ 0,
|
||||
+ NULL);
|
||||
+
|
||||
+ ZERO_STRUCT(set);
|
||||
+ set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
|
||||
+ set.set_secdesc.in.file.handle = handle;
|
||||
+ set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
|
||||
+ set.set_secdesc.in.sd = sd;
|
||||
+
|
||||
+ status = smb2_setinfo_file(tree, &set);
|
||||
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
|
||||
+ "smb2_setinfo_file failed\n");
|
||||
+
|
||||
+ smb2_util_close(tree, handle);
|
||||
+ ZERO_STRUCT(handle);
|
||||
+
|
||||
+ for (i = 0; i < ARRAY_SIZE(tcases); i++) {
|
||||
+ torture_comment(tctx, "Verify open with %s dispostion\n",
|
||||
+ tcases[i].disposition_string);
|
||||
+
|
||||
+ c = (struct smb2_create) {
|
||||
+ .in.create_disposition = tcases[i].disposition,
|
||||
+ .in.desired_access = SEC_FILE_READ_DATA,
|
||||
+ .in.file_attributes = FILE_ATTRIBUTE_NORMAL,
|
||||
+ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
|
||||
+ .in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
|
||||
+ .in.fname = fname,
|
||||
+ };
|
||||
+
|
||||
+ status = smb2_create(tree, tctx, &c);
|
||||
+ smb2_util_close(tree, c.out.file.handle);
|
||||
+ torture_assert_ntstatus_equal_goto(
|
||||
+ tctx, status, tcases[i].expected_status, ret, done,
|
||||
+ "smb2_create failed\n");
|
||||
+ };
|
||||
+
|
||||
+ torture_comment(tctx, "put back original sd\n");
|
||||
+
|
||||
+ c = (struct smb2_create) {
|
||||
+ .in.desired_access = SEC_STD_WRITE_DAC,
|
||||
+ .in.file_attributes = FILE_ATTRIBUTE_NORMAL,
|
||||
+ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK,
|
||||
+ .in.create_disposition = NTCREATEX_DISP_OPEN_IF,
|
||||
+ .in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS,
|
||||
+ .in.fname = fname,
|
||||
+ };
|
||||
+
|
||||
+ status = smb2_create(tree, tctx, &c);
|
||||
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
|
||||
+ "smb2_create failed\n");
|
||||
+ handle = c.out.file.handle;
|
||||
+
|
||||
+ ZERO_STRUCT(set);
|
||||
+ set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
|
||||
+ set.set_secdesc.in.file.handle = handle;
|
||||
+ set.set_secdesc.in.secinfo_flags = SECINFO_DACL;
|
||||
+ set.set_secdesc.in.sd = sd_orig;
|
||||
+
|
||||
+ status = smb2_setinfo_file(tree, &set);
|
||||
+ torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
|
||||
+ "smb2_setinfo_file failed\n");
|
||||
+
|
||||
+ smb2_util_close(tree, handle);
|
||||
+ ZERO_STRUCT(handle);
|
||||
+
|
||||
+done:
|
||||
+ smb2_util_close(tree, handle);
|
||||
+ smb2_util_unlink(tree, fname);
|
||||
+ smb2_deltree(tree, BASEDIR);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
basic testing of SMB2 ACLs
|
||||
*/
|
||||
@@ -3017,6 +3159,7 @@ struct torture_suite *torture_smb2_acls_init(TALLOC_CTX *ctx)
|
||||
test_deny1);
|
||||
torture_suite_add_1smb2_test(suite, "MXAC-NOT-GRANTED",
|
||||
test_mxac_not_granted);
|
||||
+ torture_suite_add_1smb2_test(suite, "OVERWRITE_READ_ONLY_FILE", test_overwrite_read_only_file);
|
||||
|
||||
suite->description = talloc_strdup(suite, "SMB2-ACLS tests");
|
||||
|
|
@ -1,86 +0,0 @@
|
|||
From 3cf1beed5df7d8b5d854517de7de322c6a5bc7fa Mon Sep 17 00:00:00 2001
|
||||
From: Andrew Bartlett <abartlet@samba.org>
|
||||
Date: Tue, 12 Sep 2023 18:59:44 +1200
|
||||
Subject: [PATCH] CVE-2023-42669 s4-rpc_server: Disable rpcecho server by
|
||||
default
|
||||
|
||||
The rpcecho server is useful in development and testing, but should never
|
||||
have been allowed into production, as it includes the facility to
|
||||
do a blocking sleep() in the single-threaded rpc worker.
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474
|
||||
|
||||
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
||||
---
|
||||
docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml | 2 +-
|
||||
lib/param/loadparm.c | 2 +-
|
||||
selftest/target/Samba4.pm | 2 +-
|
||||
source3/param/loadparm.c | 2 +-
|
||||
source4/rpc_server/wscript_build | 3 ++-
|
||||
5 files changed, 6 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
|
||||
index 8a217cc7f118..c6642b795fd6 100644
|
||||
--- a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
|
||||
+++ b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml
|
||||
@@ -6,6 +6,6 @@
|
||||
<para>Specifies which DCE/RPC endpoint servers should be run.</para>
|
||||
</description>
|
||||
|
||||
-<value type="default">epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value>
|
||||
+<value type="default">epmapper, wkssvc, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value>
|
||||
<value type="example">rpcecho</value>
|
||||
</samba:parameter>
|
||||
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
|
||||
index 9a7ae4f95fe8..673b913e6e5a 100644
|
||||
--- a/lib/param/loadparm.c
|
||||
+++ b/lib/param/loadparm.c
|
||||
@@ -2730,7 +2730,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
|
||||
lpcfg_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default");
|
||||
lpcfg_do_global_parameter(lp_ctx, "max connections", "0");
|
||||
|
||||
- lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
|
||||
+ lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver");
|
||||
lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns");
|
||||
lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true");
|
||||
/* the winbind method for domain controllers is for both RODC
|
||||
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
|
||||
index 49e3c174b07e..5f1f1bfffad6 100755
|
||||
--- a/selftest/target/Samba4.pm
|
||||
+++ b/selftest/target/Samba4.pm
|
||||
@@ -783,7 +783,7 @@ sub provision_raw_step1($$)
|
||||
wins support = yes
|
||||
server role = $ctx->{server_role}
|
||||
server services = +echo $services
|
||||
- dcerpc endpoint servers = +winreg +srvsvc
|
||||
+ dcerpc endpoint servers = +winreg +srvsvc +rpcecho
|
||||
notify:inotify = false
|
||||
ldb:nosync = true
|
||||
ldap server require strong auth = yes
|
||||
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
|
||||
index 1c3644589126..e7f4bbe3995e 100644
|
||||
--- a/source3/param/loadparm.c
|
||||
+++ b/source3/param/loadparm.c
|
||||
@@ -883,7 +883,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
|
||||
|
||||
Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL);
|
||||
|
||||
- Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
|
||||
+ Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL);
|
||||
|
||||
Globals.tls_enabled = true;
|
||||
Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
|
||||
diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
|
||||
index 0e44a3c2baed..31ec4f60c9a6 100644
|
||||
--- a/source4/rpc_server/wscript_build
|
||||
+++ b/source4/rpc_server/wscript_build
|
||||
@@ -33,7 +33,8 @@ bld.SAMBA_MODULE('dcerpc_rpcecho',
|
||||
source='echo/rpc_echo.c',
|
||||
subsystem='dcerpc_server',
|
||||
init_function='dcerpc_server_rpcecho_init',
|
||||
- deps='ndr-standard events'
|
||||
+ deps='ndr-standard events',
|
||||
+ enabled=bld.CONFIG_GET('ENABLE_SELFTEST')
|
||||
)
|
||||
|
||||
|
|
@ -1,613 +0,0 @@
|
|||
From ced40c5a805dcfb06d5f3d68aa45a0aaa44bfdca Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Metzmacher <metze@samba.org>
|
||||
Date: Fri, 8 Sep 2023 13:57:26 +0200
|
||||
Subject: [PATCH 1/5] nsswitch: add test for pthread_key_delete missuse (bug
|
||||
15464)
|
||||
|
||||
This is based on https://bugzilla.samba.org/attachment.cgi?id=18081
|
||||
written by Krzysztof Piotr Oledzki <ole@ans.pl>
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
|
||||
|
||||
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
||||
Reviewed-by: Jeremy Allison <jra@samba.org>
|
||||
(cherry picked from commit 62af25d44e542548d8cdecb061a6001e0071ee76)
|
||||
---
|
||||
nsswitch/b15464-testcase.c | 77 +++++++++++++++++++++++++++
|
||||
nsswitch/wscript_build | 5 ++
|
||||
selftest/knownfail.d/b15464_testcase | 1 +
|
||||
source3/selftest/tests.py | 6 +++
|
||||
testprogs/blackbox/b15464-testcase.sh | 21 ++++++++
|
||||
5 files changed, 110 insertions(+)
|
||||
create mode 100644 nsswitch/b15464-testcase.c
|
||||
create mode 100644 selftest/knownfail.d/b15464_testcase
|
||||
create mode 100755 testprogs/blackbox/b15464-testcase.sh
|
||||
|
||||
diff --git a/nsswitch/b15464-testcase.c b/nsswitch/b15464-testcase.c
|
||||
new file mode 100644
|
||||
index 000000000000..decb474a81ee
|
||||
--- /dev/null
|
||||
+++ b/nsswitch/b15464-testcase.c
|
||||
@@ -0,0 +1,77 @@
|
||||
+#include "replace.h"
|
||||
+#include "system/wait.h"
|
||||
+#include "system/threads.h"
|
||||
+#include <assert.h>
|
||||
+
|
||||
+int main(int argc, const char *argv[])
|
||||
+{
|
||||
+ pid_t pid;
|
||||
+ int wstatus;
|
||||
+ pthread_key_t k1;
|
||||
+ pthread_key_t k2;
|
||||
+ pthread_key_t k3;
|
||||
+ char *val = NULL;
|
||||
+ const char *nss_winbind = (argc >= 2 ? argv[1] : "bin/plugins/libnss_winbind.so.2");
|
||||
+ void *nss_winbind_handle = NULL;
|
||||
+ union {
|
||||
+ int (*fn)(void);
|
||||
+ void *symbol;
|
||||
+ } nss_winbind_endpwent = { .symbol = NULL, };
|
||||
+
|
||||
+ /*
|
||||
+ * load and invoke something simple like
|
||||
+ * _nss_winbind_endpwent in order to
|
||||
+ * get the libnss_winbind internal going
|
||||
+ */
|
||||
+ nss_winbind_handle = dlopen(nss_winbind, RTLD_NOW);
|
||||
+ printf("%d: nss_winbind[%s] nss_winbind_handle[%p]\n",
|
||||
+ getpid(), nss_winbind, nss_winbind_handle);
|
||||
+ assert(nss_winbind_handle != NULL);
|
||||
+
|
||||
+ nss_winbind_endpwent.symbol = dlsym(nss_winbind_handle,
|
||||
+ "_nss_winbind_endpwent");
|
||||
+ printf("%d: nss_winbind_handle[%p] _nss_winbind_endpwent[%p]\n",
|
||||
+ getpid(), nss_winbind_handle, nss_winbind_endpwent.symbol);
|
||||
+ assert(nss_winbind_endpwent.symbol != NULL);
|
||||
+ (void)nss_winbind_endpwent.fn();
|
||||
+
|
||||
+ val = malloc(1);
|
||||
+ assert(val != NULL);
|
||||
+
|
||||
+ pthread_key_create(&k1, NULL);
|
||||
+ pthread_setspecific(k1, val);
|
||||
+ printf("%d: k1=%d\n", getpid(), k1);
|
||||
+
|
||||
+ pid = fork();
|
||||
+ if (pid) {
|
||||
+ free(val);
|
||||
+ wait(&wstatus);
|
||||
+ return WEXITSTATUS(wstatus);
|
||||
+ }
|
||||
+
|
||||
+ pthread_key_create(&k2, NULL);
|
||||
+ pthread_setspecific(k2, val);
|
||||
+
|
||||
+ printf("%d: Hello after fork, k1=%d, k2=%d\n", getpid(), k1, k2);
|
||||
+
|
||||
+ pid = fork();
|
||||
+
|
||||
+ if (pid) {
|
||||
+ free(val);
|
||||
+ wait(&wstatus);
|
||||
+ return WEXITSTATUS(wstatus);
|
||||
+ }
|
||||
+
|
||||
+ pthread_key_create(&k3, NULL);
|
||||
+ pthread_setspecific(k3, val);
|
||||
+
|
||||
+ printf("%d: Hello after fork2, k1=%d, k2=%d, k3=%d\n", getpid(), k1, k2, k3);
|
||||
+
|
||||
+ if (k1 == k2 || k2 == k3) {
|
||||
+ printf("%d: FAIL inconsistent keys\n", getpid());
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ printf("%d: OK consistent keys\n", getpid());
|
||||
+ return 0;
|
||||
+}
|
||||
diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build
|
||||
index 3247b6c2b7c3..4e62bb4c9461 100644
|
||||
--- a/nsswitch/wscript_build
|
||||
+++ b/nsswitch/wscript_build
|
||||
@@ -15,6 +15,11 @@ if bld.CONFIG_SET('HAVE_PTHREAD'):
|
||||
deps='wbclient pthread',
|
||||
for_selftest=True
|
||||
)
|
||||
+ bld.SAMBA_BINARY('b15464-testcase',
|
||||
+ source='b15464-testcase.c',
|
||||
+ deps='replace pthread dl',
|
||||
+ for_selftest=True
|
||||
+ )
|
||||
|
||||
# The nss_wrapper code relies strictly on the linux implementation and
|
||||
# name, so compile but do not install a copy under this name.
|
||||
diff --git a/selftest/knownfail.d/b15464_testcase b/selftest/knownfail.d/b15464_testcase
|
||||
new file mode 100644
|
||||
index 000000000000..94dd7db7c2a5
|
||||
--- /dev/null
|
||||
+++ b/selftest/knownfail.d/b15464_testcase
|
||||
@@ -0,0 +1 @@
|
||||
+^b15464_testcase.run.b15464-testcase
|
||||
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
|
||||
index 0c834ed48b5e..ea17ead3eda7 100755
|
||||
--- a/source3/selftest/tests.py
|
||||
+++ b/source3/selftest/tests.py
|
||||
@@ -67,6 +67,8 @@ except KeyError:
|
||||
samba4bindir = bindir()
|
||||
config_h = os.path.join(samba4bindir, "default/include/config.h")
|
||||
|
||||
+bbdir = os.path.join(srcdir(), "testprogs/blackbox")
|
||||
+
|
||||
# check available features
|
||||
config_hash = dict()
|
||||
f = open(config_h, 'r')
|
||||
@@ -936,6 +938,10 @@ if with_pthreadpool:
|
||||
[os.path.join(samba3srcdir,
|
||||
"script/tests/test_libwbclient_threads.sh"),
|
||||
"$DOMAIN", "$DC_USERNAME"])
|
||||
+ plantestsuite("b15464_testcase", "none",
|
||||
+ [os.path.join(bbdir, "b15464-testcase.sh"),
|
||||
+ binpath("b15464-testcase"),
|
||||
+ binpath("plugins/libnss_winbind.so.2")])
|
||||
|
||||
plantestsuite("samba3.test_nfs4_acl", "none",
|
||||
[os.path.join(bindir(), "test_nfs4_acls"),
|
||||
diff --git a/testprogs/blackbox/b15464-testcase.sh b/testprogs/blackbox/b15464-testcase.sh
|
||||
new file mode 100755
|
||||
index 000000000000..b0c88260d4cc
|
||||
--- /dev/null
|
||||
+++ b/testprogs/blackbox/b15464-testcase.sh
|
||||
@@ -0,0 +1,21 @@
|
||||
+#!/bin/sh
|
||||
+# Blackbox wrapper for bug 15464
|
||||
+# Copyright (C) 2023 Stefan Metzmacher
|
||||
+
|
||||
+if [ $# -lt 2 ]; then
|
||||
+ cat <<EOF
|
||||
+Usage: b15464-testcase.sh B15464_TESTCASE LIBNSS_WINBIND
|
||||
+EOF
|
||||
+ exit 1
|
||||
+fi
|
||||
+
|
||||
+b15464_testcase=$1
|
||||
+libnss_winbind=$2
|
||||
+shift 2
|
||||
+failed=0
|
||||
+
|
||||
+. $(dirname $0)/subunit.sh
|
||||
+
|
||||
+testit "run b15464-testcase" $VALGRIND $b15464_testcase $libnss_winbind || failed=$(expr $failed + 1)
|
||||
+
|
||||
+testok $0 $failed
|
||||
--
|
||||
2.34.1
|
||||
|
||||
|
||||
From 08728ee7847d7864d4c72a4ac1ddfeca78934326 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Metzmacher <metze@samba.org>
|
||||
Date: Thu, 7 Sep 2023 16:02:32 +0200
|
||||
Subject: [PATCH 2/5] nsswitch/wb_common.c: fix build without HAVE_PTHREAD
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
|
||||
|
||||
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
||||
Reviewed-by: Jeremy Allison <jra@samba.org>
|
||||
(cherry picked from commit 4faf806412c4408db25448b1f67c09359ec2f81f)
|
||||
---
|
||||
nsswitch/wb_common.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c
|
||||
index d569e761ebe4..c382a44c1209 100644
|
||||
--- a/nsswitch/wb_common.c
|
||||
+++ b/nsswitch/wb_common.c
|
||||
@@ -104,7 +104,6 @@ static void wb_thread_ctx_initialize(void)
|
||||
wb_thread_ctx_destructor);
|
||||
assert(ret == 0);
|
||||
}
|
||||
-#endif
|
||||
|
||||
static struct winbindd_context *get_wb_thread_ctx(void)
|
||||
{
|
||||
@@ -139,6 +138,7 @@ static struct winbindd_context *get_wb_thread_ctx(void)
|
||||
}
|
||||
return ctx;
|
||||
}
|
||||
+#endif /* HAVE_PTHREAD */
|
||||
|
||||
static struct winbindd_context *get_wb_global_ctx(void)
|
||||
{
|
||||
--
|
||||
2.34.1
|
||||
|
||||
|
||||
From d1f43cd4cc6aeb2ac9fcaee9aa512012ca92ecb3 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Metzmacher <metze@samba.org>
|
||||
Date: Fri, 8 Sep 2023 09:53:42 +0200
|
||||
Subject: [PATCH 3/5] nsswitch/wb_common.c: winbind_destructor can always use
|
||||
get_wb_global_ctx()
|
||||
|
||||
The HAVE_PTHREAD logic inside of get_wb_global_ctx() will do all
|
||||
required magic.
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
|
||||
|
||||
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
||||
Reviewed-by: Jeremy Allison <jra@samba.org>
|
||||
(cherry picked from commit 836823e5047d0eb18e66707386ba03b812adfaf8)
|
||||
---
|
||||
nsswitch/wb_common.c | 6 +-----
|
||||
1 file changed, 1 insertion(+), 5 deletions(-)
|
||||
|
||||
diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c
|
||||
index c382a44c1209..d56e48d9bdb8 100644
|
||||
--- a/nsswitch/wb_common.c
|
||||
+++ b/nsswitch/wb_common.c
|
||||
@@ -246,14 +246,10 @@ static void winbind_destructor(void)
|
||||
return;
|
||||
}
|
||||
|
||||
-#ifdef HAVE_PTHREAD_H
|
||||
- ctx = (struct winbindd_context *)pthread_getspecific(wb_global_ctx.key);
|
||||
+ ctx = get_wb_global_ctx();
|
||||
if (ctx == NULL) {
|
||||
return;
|
||||
}
|
||||
-#else
|
||||
- ctx = get_wb_global_ctx();
|
||||
-#endif
|
||||
|
||||
winbind_close_sock(ctx);
|
||||
}
|
||||
--
|
||||
2.34.1
|
||||
|
||||
|
||||
From 6e29ea5b9efe5cf166cc9d633c1dc4eb8f192736 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Metzmacher <metze@samba.org>
|
||||
Date: Fri, 8 Sep 2023 09:56:47 +0200
|
||||
Subject: [PATCH 4/5] nsswitch/wb_common.c: don't operate on a stale
|
||||
wb_global_ctx.key
|
||||
|
||||
If nss_winbind is loaded into a process that uses fork multiple times
|
||||
without any further calls into nss_winbind, wb_atfork_child handler
|
||||
was using a wb_global_ctx.key that was no longer registered in the
|
||||
pthread library, so we operated on a slot that was potentially
|
||||
reused by other libraries or the main application. Which is likely
|
||||
to cause memory corruption.
|
||||
|
||||
So we better don't call pthread_key_delete() in wb_atfork_child().
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
|
||||
|
||||
Reported-by: Krzysztof Piotr Oledzki <ole@ans.pl>
|
||||
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
|
||||
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
||||
Reviewed-by: Jeremy Allison <jra@samba.org>
|
||||
(cherry picked from commit 91b30a7261e6455d3a4f31728c23e4849e3945b9)
|
||||
---
|
||||
nsswitch/wb_common.c | 5 -----
|
||||
selftest/knownfail.d/b15464_testcase | 1 -
|
||||
2 files changed, 6 deletions(-)
|
||||
delete mode 100644 selftest/knownfail.d/b15464_testcase
|
||||
|
||||
diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c
|
||||
index d56e48d9bdb8..38f9f334016b 100644
|
||||
--- a/nsswitch/wb_common.c
|
||||
+++ b/nsswitch/wb_common.c
|
||||
@@ -76,11 +76,6 @@ static void wb_atfork_child(void)
|
||||
|
||||
winbind_close_sock(ctx);
|
||||
free(ctx);
|
||||
-
|
||||
- ret = pthread_key_delete(wb_global_ctx.key);
|
||||
- assert(ret == 0);
|
||||
-
|
||||
- wb_global_ctx.control = (pthread_once_t)PTHREAD_ONCE_INIT;
|
||||
}
|
||||
|
||||
static void wb_thread_ctx_destructor(void *p)
|
||||
diff --git a/selftest/knownfail.d/b15464_testcase b/selftest/knownfail.d/b15464_testcase
|
||||
deleted file mode 100644
|
||||
index 94dd7db7c2a5..000000000000
|
||||
--- a/selftest/knownfail.d/b15464_testcase
|
||||
+++ /dev/null
|
||||
@@ -1 +0,0 @@
|
||||
-^b15464_testcase.run.b15464-testcase
|
||||
--
|
||||
2.34.1
|
||||
|
||||
|
||||
From 61ca2c66e0a3c837f2c542b8d9321a8d8cd03382 Mon Sep 17 00:00:00 2001
|
||||
From: Stefan Metzmacher <metze@samba.org>
|
||||
Date: Thu, 7 Sep 2023 15:59:59 +0200
|
||||
Subject: [PATCH 5/5] nsswitch/wb_common.c: fix socket fd and memory leaks of
|
||||
global state
|
||||
|
||||
When we are called in wb_atfork_child() or winbind_destructor(),
|
||||
wb_thread_ctx_destructor() is not called for the global state
|
||||
of the current nor any other thread, which means we would
|
||||
leak the related memory and socket fds.
|
||||
|
||||
Now we maintain a global list protected by a global mutex.
|
||||
We traverse the list and close all socket fds, which are no
|
||||
longer used (winbind_destructor) or no longer valid in the
|
||||
current process (wb_atfork_child), in addition we 'autofree'
|
||||
the ones, which are only visible internally as global (per thread)
|
||||
context.
|
||||
|
||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15464
|
||||
|
||||
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
|
||||
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
||||
Reviewed-by: Jeremy Allison <jra@samba.org>
|
||||
|
||||
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
|
||||
Autobuild-Date(master): Thu Sep 14 18:53:07 UTC 2023 on atb-devel-224
|
||||
|
||||
(cherry picked from commit 4af3faace481d23869b64485b791bdd43d8972c5)
|
||||
---
|
||||
nsswitch/wb_common.c | 143 ++++++++++++++++++++++++++++++++++---------
|
||||
1 file changed, 113 insertions(+), 30 deletions(-)
|
||||
|
||||
diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c
|
||||
index 38f9f334016b..b7f84435a4ee 100644
|
||||
--- a/nsswitch/wb_common.c
|
||||
+++ b/nsswitch/wb_common.c
|
||||
@@ -26,6 +26,7 @@
|
||||
#include "replace.h"
|
||||
#include "system/select.h"
|
||||
#include "winbind_client.h"
|
||||
+#include "lib/util/dlinklist.h"
|
||||
#include <assert.h>
|
||||
|
||||
#ifdef HAVE_PTHREAD_H
|
||||
@@ -37,67 +38,112 @@ static __thread char client_name[32];
|
||||
/* Global context */
|
||||
|
||||
struct winbindd_context {
|
||||
+ struct winbindd_context *prev, *next;
|
||||
int winbindd_fd; /* winbind file descriptor */
|
||||
bool is_privileged; /* using the privileged socket? */
|
||||
pid_t our_pid; /* calling process pid */
|
||||
+ bool autofree; /* this is a thread global context */
|
||||
};
|
||||
|
||||
static struct wb_global_ctx {
|
||||
- bool initialized;
|
||||
#ifdef HAVE_PTHREAD
|
||||
pthread_once_t control;
|
||||
pthread_key_t key;
|
||||
+ bool key_initialized;
|
||||
+#ifdef PTHREAD_ERRORCHECK_MUTEX_INITIALIZER_NP
|
||||
+#define WB_GLOBAL_MUTEX_INITIALIZER PTHREAD_ERRORCHECK_MUTEX_INITIALIZER_NP
|
||||
#else
|
||||
- bool dummy;
|
||||
+#define WB_GLOBAL_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER
|
||||
#endif
|
||||
+#define WB_GLOBAL_LIST_LOCK do { \
|
||||
+ int __pret = pthread_mutex_lock(&wb_global_ctx.list_mutex); \
|
||||
+ assert(__pret == 0); \
|
||||
+} while(0)
|
||||
+#define WB_GLOBAL_LIST_UNLOCK do { \
|
||||
+ int __pret = pthread_mutex_unlock(&wb_global_ctx.list_mutex); \
|
||||
+ assert(__pret == 0); \
|
||||
+} while(0)
|
||||
+ pthread_mutex_t list_mutex;
|
||||
+#else /* => not HAVE_PTHREAD */
|
||||
+#define WB_GLOBAL_LIST_LOCK do { } while(0)
|
||||
+#define WB_GLOBAL_LIST_UNLOCK do { } while(0)
|
||||
+#endif /* not HAVE_PTHREAD */
|
||||
+ struct winbindd_context *list;
|
||||
} wb_global_ctx = {
|
||||
#ifdef HAVE_PTHREAD
|
||||
.control = PTHREAD_ONCE_INIT,
|
||||
+ .list_mutex = WB_GLOBAL_MUTEX_INITIALIZER,
|
||||
#endif
|
||||
+ .list = NULL,
|
||||
};
|
||||
|
||||
static void winbind_close_sock(struct winbindd_context *ctx);
|
||||
+static void winbind_ctx_free_locked(struct winbindd_context *ctx);
|
||||
+static void winbind_cleanup_list(void);
|
||||
|
||||
#ifdef HAVE_PTHREAD
|
||||
static void wb_thread_ctx_initialize(void);
|
||||
|
||||
+static void wb_atfork_prepare(void)
|
||||
+{
|
||||
+ WB_GLOBAL_LIST_LOCK;
|
||||
+}
|
||||
+
|
||||
+static void wb_atfork_parent(void)
|
||||
+{
|
||||
+ WB_GLOBAL_LIST_UNLOCK;
|
||||
+}
|
||||
+
|
||||
static void wb_atfork_child(void)
|
||||
{
|
||||
- struct winbindd_context *ctx = NULL;
|
||||
- int ret;
|
||||
+ wb_global_ctx.list_mutex = (pthread_mutex_t)WB_GLOBAL_MUTEX_INITIALIZER;
|
||||
|
||||
- ctx = (struct winbindd_context *)pthread_getspecific(wb_global_ctx.key);
|
||||
- if (ctx == NULL) {
|
||||
- return;
|
||||
- }
|
||||
+ if (wb_global_ctx.key_initialized) {
|
||||
+ int ret;
|
||||
|
||||
- ret = pthread_setspecific(wb_global_ctx.key, NULL);
|
||||
- assert(ret == 0);
|
||||
+ /*
|
||||
+ * After a fork the child still believes
|
||||
+ * it is the same thread as in the parent.
|
||||
+ * So pthread_getspecific() would return the
|
||||
+ * value of the thread that called fork().
|
||||
+ *
|
||||
+ * But we don't want that behavior, so
|
||||
+ * we just clear the reference and let
|
||||
+ * winbind_cleanup_list() below 'autofree'
|
||||
+ * the parent threads global context.
|
||||
+ */
|
||||
+ ret = pthread_setspecific(wb_global_ctx.key, NULL);
|
||||
+ assert(ret == 0);
|
||||
+ }
|
||||
|
||||
- winbind_close_sock(ctx);
|
||||
- free(ctx);
|
||||
+ /*
|
||||
+ * But we need to close/cleanup the global state
|
||||
+ * of the parents threads.
|
||||
+ */
|
||||
+ winbind_cleanup_list();
|
||||
}
|
||||
|
||||
static void wb_thread_ctx_destructor(void *p)
|
||||
{
|
||||
struct winbindd_context *ctx = (struct winbindd_context *)p;
|
||||
|
||||
- winbind_close_sock(ctx);
|
||||
- free(ctx);
|
||||
+ winbindd_ctx_free(ctx);
|
||||
}
|
||||
|
||||
static void wb_thread_ctx_initialize(void)
|
||||
{
|
||||
int ret;
|
||||
|
||||
- ret = pthread_atfork(NULL,
|
||||
- NULL,
|
||||
+ ret = pthread_atfork(wb_atfork_prepare,
|
||||
+ wb_atfork_parent,
|
||||
wb_atfork_child);
|
||||
assert(ret == 0);
|
||||
|
||||
ret = pthread_key_create(&wb_global_ctx.key,
|
||||
wb_thread_ctx_destructor);
|
||||
assert(ret == 0);
|
||||
+
|
||||
+ wb_global_ctx.key_initialized = true;
|
||||
}
|
||||
|
||||
static struct winbindd_context *get_wb_thread_ctx(void)
|
||||
@@ -123,9 +169,14 @@ static struct winbindd_context *get_wb_thread_ctx(void)
|
||||
*ctx = (struct winbindd_context) {
|
||||
.winbindd_fd = -1,
|
||||
.is_privileged = false,
|
||||
- .our_pid = 0
|
||||
+ .our_pid = 0,
|
||||
+ .autofree = true,
|
||||
};
|
||||
|
||||
+ WB_GLOBAL_LIST_LOCK;
|
||||
+ DLIST_ADD_END(wb_global_ctx.list, ctx);
|
||||
+ WB_GLOBAL_LIST_UNLOCK;
|
||||
+
|
||||
ret = pthread_setspecific(wb_global_ctx.key, ctx);
|
||||
if (ret != 0) {
|
||||
free(ctx);
|
||||
@@ -142,7 +193,8 @@ static struct winbindd_context *get_wb_global_ctx(void)
|
||||
static struct winbindd_context _ctx = {
|
||||
.winbindd_fd = -1,
|
||||
.is_privileged = false,
|
||||
- .our_pid = 0
|
||||
+ .our_pid = 0,
|
||||
+ .autofree = false,
|
||||
};
|
||||
#endif
|
||||
|
||||
@@ -150,9 +202,11 @@ static struct winbindd_context *get_wb_global_ctx(void)
|
||||
ctx = get_wb_thread_ctx();
|
||||
#else
|
||||
ctx = &_ctx;
|
||||
+ if (ctx->prev == NULL && ctx->next == NULL) {
|
||||
+ DLIST_ADD_END(wb_global_ctx.list, ctx);
|
||||
+ }
|
||||
#endif
|
||||
|
||||
- wb_global_ctx.initialized = true;
|
||||
return ctx;
|
||||
}
|
||||
|
||||
@@ -226,6 +280,30 @@ static void winbind_close_sock(struct winbindd_context *ctx)
|
||||
}
|
||||
}
|
||||
|
||||
+static void winbind_ctx_free_locked(struct winbindd_context *ctx)
|
||||
+{
|
||||
+ winbind_close_sock(ctx);
|
||||
+ DLIST_REMOVE(wb_global_ctx.list, ctx);
|
||||
+ free(ctx);
|
||||
+}
|
||||
+
|
||||
+static void winbind_cleanup_list(void)
|
||||
+{
|
||||
+ struct winbindd_context *ctx = NULL, *next = NULL;
|
||||
+
|
||||
+ WB_GLOBAL_LIST_LOCK;
|
||||
+ for (ctx = wb_global_ctx.list; ctx != NULL; ctx = next) {
|
||||
+ next = ctx->next;
|
||||
+
|
||||
+ if (ctx->autofree) {
|
||||
+ winbind_ctx_free_locked(ctx);
|
||||
+ } else {
|
||||
+ winbind_close_sock(ctx);
|
||||
+ }
|
||||
+ }
|
||||
+ WB_GLOBAL_LIST_UNLOCK;
|
||||
+}
|
||||
+
|
||||
/* Destructor for global context to ensure fd is closed */
|
||||
|
||||
#ifdef HAVE_DESTRUCTOR_ATTRIBUTE
|
||||
@@ -235,18 +313,18 @@ __attribute__((destructor))
|
||||
#endif
|
||||
static void winbind_destructor(void)
|
||||
{
|
||||
- struct winbindd_context *ctx;
|
||||
-
|
||||
- if (!wb_global_ctx.initialized) {
|
||||
- return;
|
||||
+#ifdef HAVE_PTHREAD
|
||||
+ if (wb_global_ctx.key_initialized) {
|
||||
+ int ret;
|
||||
+ ret = pthread_key_delete(wb_global_ctx.key);
|
||||
+ assert(ret == 0);
|
||||
+ wb_global_ctx.key_initialized = false;
|
||||
}
|
||||
|
||||
- ctx = get_wb_global_ctx();
|
||||
- if (ctx == NULL) {
|
||||
- return;
|
||||
- }
|
||||
+ wb_global_ctx.control = (pthread_once_t)PTHREAD_ONCE_INIT;
|
||||
+#endif /* HAVE_PTHREAD */
|
||||
|
||||
- winbind_close_sock(ctx);
|
||||
+ winbind_cleanup_list();
|
||||
}
|
||||
|
||||
#define CONNECT_TIMEOUT 30
|
||||
@@ -928,11 +1006,16 @@ struct winbindd_context *winbindd_ctx_create(void)
|
||||
|
||||
ctx->winbindd_fd = -1;
|
||||
|
||||
+ WB_GLOBAL_LIST_LOCK;
|
||||
+ DLIST_ADD_END(wb_global_ctx.list, ctx);
|
||||
+ WB_GLOBAL_LIST_UNLOCK;
|
||||
+
|
||||
return ctx;
|
||||
}
|
||||
|
||||
void winbindd_ctx_free(struct winbindd_context *ctx)
|
||||
{
|
||||
- winbind_close_sock(ctx);
|
||||
- free(ctx);
|
||||
+ WB_GLOBAL_LIST_LOCK;
|
||||
+ winbind_ctx_free_locked(ctx);
|
||||
+ WB_GLOBAL_LIST_UNLOCK;
|
||||
}
|
||||
--
|
||||
2.34.1
|
|
@ -18,6 +18,9 @@
|
|||
load printers = yes
|
||||
cups options = raw
|
||||
|
||||
# Install samba-usershares package for support
|
||||
include = /etc/samba/usershares.conf
|
||||
|
||||
[homes]
|
||||
comment = Home Directories
|
||||
valid users = %S, %D%w%S
|
||||
|
|
812
SPECS/samba.spec
812
SPECS/samba.spec
|
@ -138,7 +138,7 @@
|
|||
%define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
|
||||
|
||||
%global samba_version 4.18.6
|
||||
%global baserelease 102
|
||||
%global baserelease 1
|
||||
# This should be rc1 or %%nil
|
||||
%global pre_release %nil
|
||||
|
||||
|
@ -176,7 +176,7 @@
|
|||
%global tevent_version 0.14.1
|
||||
%global ldb_version 2.7.2
|
||||
|
||||
%global required_mit_krb5 1.20.1
|
||||
%global required_mit_krb5 1.18
|
||||
|
||||
# This is a network daemon, do a hardened build
|
||||
# Enables PIE and full RELRO protection
|
||||
|
@ -202,7 +202,7 @@
|
|||
|
||||
Name: samba
|
||||
Version: %{samba_version}
|
||||
Release: %{samba_release}%{?dist}.alma.1
|
||||
Release: %{samba_release}%{?dist}
|
||||
|
||||
%if 0%{?fedora}
|
||||
Epoch: 2
|
||||
|
@ -234,16 +234,6 @@ Source17: samba-usershares-systemd-sysusers.conf
|
|||
Source201: README.downgrade
|
||||
Source202: samba.abignore
|
||||
|
||||
# Patches were taken from upstream:
|
||||
# https://github.com/samba-team/samba/commit/ae476e1c28b797fe221172ed1066bf8efa476d8d
|
||||
Patch0: CVE-2023-3961.patch
|
||||
# https://github.com/samba-team/samba/commit/b1fd65694185c26f1e196d84ee8756300e631bd5
|
||||
Patch1: CVE-2023-4091.patch
|
||||
# https://github.com/samba-team/samba/commit/3cf1beed5df7d8b5d854517de7de322c6a5bc7fa
|
||||
Patch2: CVE-2023-42669.patch
|
||||
# https://github.com/samba-team/samba/commit/62af25d44e542548d8cdecb061a6001e0071ee76
|
||||
Patch3: nsswitch-add-test-for-pthread_key_delete-missuse.patch
|
||||
|
||||
Requires(pre): /usr/sbin/groupadd
|
||||
|
||||
Requires(pre): %{name}-common = %{samba_depver}
|
||||
|
@ -4338,596 +4328,404 @@ fi
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Mar 06 2024 Eduard Abdullin <eabdullin@almalinux.org> - 4.18.6-102.alma.1
|
||||
- nsswitch: add test for pthread_key_delete missuse (bug 15464)
|
||||
* Thu Aug 17 2023 Andreas Schneider <asn@redhat.com> - 4.18.6-1
|
||||
- related: rhbz#2190417 - Update to version 4.18.6
|
||||
- resolves: rhbz#2232564 - Fix the rpc dsgetinfo command
|
||||
|
||||
* Tue Nov 07 2023 Eduard Abdullin <eabdullin@almalinux.org> - 4.18.6-101.alma.1
|
||||
- CVE-2023-3961 CVE-2023-4091 CVE-2023-42669
|
||||
* Thu Jul 20 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.5-0
|
||||
- resolves: rhbz#2222894 - Fix CVE-2022-2127 CVE-2023-3347 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968
|
||||
|
||||
* Thu Aug 17 2023 Andreas Schneider <asn@redhat.com> - 4.18.6-100
|
||||
- related: rhbz#2190415 - Update to version 4.18.6
|
||||
- resolves: rhbz#2211617 - Fix the rpcclient dfsgetinfo command
|
||||
* Mon Jul 17 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.4-2
|
||||
- resolves: rhbz#2222884 - Fix trust relationship between workstation and DC
|
||||
|
||||
* Wed Jul 19 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.5-100
|
||||
- resolves: rhbz#2222895 - Fix CVE-2022-2127 CVE-2023-3347 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968
|
||||
* Mon Jul 10 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.4-1
|
||||
- resolves: rhbz#2221594 - Fix broken symlink for libwbclient
|
||||
- resolves: rhbz#2221600 - Fix segfault of winbind child when listing users with `winbind scan trusted domains = yes`
|
||||
- resolves: rhbz#2175385 - Fix access of Samba share with veto files = /.*/
|
||||
- resolves: rhbz#2218237 - Fix Python tarfile extraction to avoid a warning
|
||||
|
||||
* Mon Jul 17 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.4-102
|
||||
- resolves: rhbz#2222883 - Fix trust relationship between workstation and DC
|
||||
* Thu Jul 06 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.4-0
|
||||
- resolves: rhbz#2190417 - Update to version 4.18.4
|
||||
|
||||
* Mon Jul 10 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.4-101
|
||||
- resolves: rhbz#2216712 - Fix broken symlink for libwbclient
|
||||
- resolves: rhbz#2214327 - Fix segfault of winbind child when listing users with `winbind scan trusted domains = yes`
|
||||
- resolves: rhbz#2211605 - Fix access of Samba share with veto files = /.*/
|
||||
- resolves: rhbz#2207692 - Fix Python tarfile extraction to avoid a warning
|
||||
* Tue Jun 13 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.3-0
|
||||
- resolves: rhbz#2190417 - Update to version 4.18.3
|
||||
|
||||
* Thu Jul 06 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.4-100
|
||||
- resolves: rhbz#2190415 - Update to version 4.18.4
|
||||
* Tue Jun 06 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.2-2
|
||||
- resolves: rhbz#2190417 - Rebuild to trigger distrobaker sync
|
||||
|
||||
* Tue Jun 13 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.3-100
|
||||
- resolves: rhbz#2190415 - Update to version 4.18.3
|
||||
* Wed May 24 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.2-1
|
||||
- resolves: rhbz#2190417 - Add missing tests to fix osci.brew-build.tier0.functional
|
||||
|
||||
* Mon Jun 05 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.2-101
|
||||
- resolves: rhbz#2187313 - Fix weak dependencies in BaseOS
|
||||
* Mon May 22 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.2-0
|
||||
- resolves: rhbz#2190417 - Update to version 4.18.2
|
||||
|
||||
* Mon May 22 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.18.2-100
|
||||
- resolves: rhbz#2190415 - Update to version 4.18.2
|
||||
* Wed Feb 15 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.17.5-2
|
||||
- resolves: rhbz#2169339 - Fix winbind memory leak
|
||||
- resolves: rhbz#2152899 - Fix Samba shares not accessible issue
|
||||
|
||||
* Thu Apr 27 2023 Andreas Schneider <asn@redhat.com> - 4.17.5-104
|
||||
- related: rhbz#2182163 - Rebuild for liburing rebase to version 2.3
|
||||
* Mon Feb 13 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.17.5-1
|
||||
- resolves: rhbz#2167691 - Create package samba-tools
|
||||
|
||||
* Wed Feb 15 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.17.5-102
|
||||
- resolves: rhbz#2169980 - Fix winbind memory leak
|
||||
- resolves: rhbz#2156056 - Fix Samba shares not accessible issue
|
||||
* Fri Jan 27 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.17.5-0
|
||||
- related: rhbz#2132051 - Update to version 4.17.5
|
||||
|
||||
* Mon Feb 13 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.17.5-101
|
||||
- resolves: rhbz#2168534 - Create package samba-tools
|
||||
* Thu Dec 22 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.17.4-1
|
||||
- related: rhbz#2132051 - Create package dc-libs also for 'non-dc build'
|
||||
|
||||
* Fri Jan 27 2023 Pavel Filipenský <pfilipen@redhat.com> - 4.17.5-100
|
||||
- related: rhbz#2131993 - Update to version 4.17.5
|
||||
* Tue Dec 20 2022 Pavel Filipenský <pfilipenn@redhat.com> - 4.17.4-0
|
||||
- related: rhbz#2132051 - Update to version 4.17.4
|
||||
- resolves: rhbz#2154370 - Fix CVE-2022-38023
|
||||
- resolves: rhbz#2142331 - Fix %U include directive for share listing (netshareenum)
|
||||
- resolves: rhbz#2148943 - Fix Winbind to retrieve user groups from Active Directory
|
||||
|
||||
* Thu Dec 22 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.17.4-102
|
||||
- related: rhbz#2131993 - Create package dc-libs also for 'non-dc build'
|
||||
|
||||
* Wed Dec 21 2022 Pavel Filipenský <pfilipenn@redhat.com> - 4.17.4-101
|
||||
- related: rhbz#2131993 - Rebuild for MIT Kerberos 1.20.1
|
||||
|
||||
* Mon Dec 19 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.17.4-100
|
||||
- related: rhbz#2131993 - Update to version 4.17.4
|
||||
- resolves: rhbz#2154373 - Fix CVE-2022-38023
|
||||
- resolves: rhbz#2143196 - Fix %U include directive for share listing (netshareenum)
|
||||
- resolves: rhbz#2114884 - Fix id command to return new groups after successful user login
|
||||
- resolves: rhbz#2154885 - Fix Winbind to retrieve user groups from Active Directory
|
||||
|
||||
* Wed Nov 02 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.17.2-103
|
||||
* Wed Nov 02 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.17.2-2
|
||||
- Always add epoch to samba_depver to fix osci.brew-build.rpmdeplint.functional
|
||||
- related: rhbz#2131993
|
||||
- related: rhbz#2132051
|
||||
|
||||
* Wed Oct 26 2022 Andreas Schneider <asn@redhat.com> - 4.17.2-102
|
||||
- Fix CVE-2022-1615 GnuTLS gnutls_rnd() can fail and give predictable random values
|
||||
- resolves: rhbz#2126175
|
||||
* Wed Oct 26 2022 Andreas Schneider <asn@redhat.com> - 4.17.2-1
|
||||
- resolves: rhbz#2132051 - Update to version 4.17.2
|
||||
- resolves: rhbz#2126174 - Fix CVE-2022-1615
|
||||
- resolves: rhbz#2108487 - ctdb: Add dependency to samba-winbind-clients
|
||||
|
||||
* Wed Oct 26 2022 Andreas Schneider <asn@redhat.com> - 4.17.2-101
|
||||
- resolves: rhbz#2131993 - Update to version 4.17.2
|
||||
* Thu Aug 25 2022 Andreas Schneider <asn@redhat.com> - 4.16.4-2
|
||||
- resolves: rhbz#2120956 - Do not require samba package in python3-samba
|
||||
|
||||
* Thu Aug 25 2022 Andreas Schneider <asn@redhat.com> - 4.16.4-101
|
||||
- resolves: rhbz#2121317 - Do not require samba package in python3-samba
|
||||
|
||||
* Wed Jul 27 2022 Andreas Schneider <asn@redhat.com> - 4.16.4-100
|
||||
* Thu Jul 28 2022 Andreas Schneider <asn@redhat.com> - 4.16.4-1
|
||||
- Rebase to version 4.16.4
|
||||
- resolves: rhbz#2108332 - Fix CVE-2022-32742
|
||||
- resolves: rhbz#2108331 - Fix CVE-2022-32742
|
||||
|
||||
* Mon Jul 18 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.16.3-101
|
||||
- related: rhbz#2077487 - Rebase Samba to 4.16.3
|
||||
- resolves: rhbz#2097655 - The pcap background queue process should not be stopped
|
||||
- resolves: rhbz#2100105 - Fix net ads info LDAP server and LDAP server name
|
||||
* Mon Jul 18 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.16.3-0
|
||||
- related: rhbz#2077468 - Rebase Samba to 4.16.3
|
||||
- resolves: rhbz#2106672 - The pcap background queue process should not be stopped
|
||||
- resolves: rhbz#2106263 - Fix crash in rpcd_classic
|
||||
- resolves: rhbz#2100093 - Fix net ads info returns LDAP server and LDAP server name
|
||||
|
||||
* Wed Jul 13 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.16.2-102
|
||||
- resolves: rhbz#2106279 - Fix crash in rpcd_classic
|
||||
* Tue Jun 14 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.16.2-1
|
||||
- resolves: rhbz#2084162 - Fix printer displays only after 300 seconds timeout
|
||||
|
||||
* Tue Jun 14 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.16.2-101
|
||||
- resolves: rhbz#2093833 - Fix weak dependency on logrotate
|
||||
- resolves: rhbz#2096813 - Fix printer displays only after 300 seconds timeout
|
||||
|
||||
* Mon Jun 13 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.16.2-100
|
||||
* Mon Jun 13 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.16.2-0
|
||||
- Fix rpminspect abidiff
|
||||
- related: rhbz#2077487 - Rebase Samba to 4.16.2
|
||||
- related: rhbz#2077468 - Rebase Samba to 4.16.2
|
||||
|
||||
* Mon May 02 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.16.1-100
|
||||
- resolves: rhbz#2077487 - Rebase Samba to the the latest 4.16.x release
|
||||
* Mon May 02 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.16.1-0
|
||||
- Update to Samba 4.16.1
|
||||
- resolves: rhbz#2077468 Rebase Samba to the the latest 4.16.x release
|
||||
|
||||
* Wed Apr 27 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.15.5-108
|
||||
- resolves: rhbz#2078838 - Fix UPNs handling in lookup_name*() calls
|
||||
* Wed Apr 27 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.15.5-8
|
||||
- resolves: rhbz#2070522 - Fix UPNs handling in lookup_name*() calls
|
||||
|
||||
* Wed Apr 20 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.15.5-106
|
||||
- resolves: rhbz#2065376 - Fix 'create krb5 conf = yes` when a KDC has a single IP address.
|
||||
- resolves: rhbz#2076504 - PAM Kerberos authentication fails with a clock skew error
|
||||
* Wed Apr 20 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.15.5-7
|
||||
- resolves: rhbz#2076505 - PAM Kerberos authentication fails with a clock skew error
|
||||
|
||||
* Wed Apr 13 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.15.5-105
|
||||
- resolves: rhbz#2074891 - Fix username map for unix groups
|
||||
* Wed Apr 13 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.15.5-6
|
||||
- resolves: rhbz#2059151 - Fix username map for unix groups
|
||||
- resolves: rhbz#2065212 - Fix 'create krb5 conf = yes` when a KDC has a single IP address.
|
||||
|
||||
* Thu Feb 24 2022 Andreas Schneider <asn@redhat.com> - 4.15.5-104
|
||||
- resolves: rhbz#2057500 - Fix winbind kerberos ticket refresh
|
||||
* Thu Feb 24 2022 Andreas Schneider <asn@redhat.com> - 4.15.5-4
|
||||
- resolves: rhbz#2057503 - Fix winbind kerberos ticket refresh
|
||||
|
||||
* Mon Feb 21 2022 Andreas Schneider <asn@redhat.com> - 4.15.5-103
|
||||
- related: rhbz#2044231 - Fix typo in testparm output
|
||||
* Mon Feb 21 2022 Andreas Schneider <asn@redhat.com> - 4.15.5-3
|
||||
- related: rhbz#1979959 - Fix typo in testparm output
|
||||
|
||||
* Thu Feb 17 2022 Andreas Schneider <asn@redhat.com> - 4.15.5-102
|
||||
- resolves: rhbz#2044231 - Improve idmap autorid sanity checks and documentation
|
||||
* Thu Feb 17 2022 Andreas Schneider <asn@redhat.com> - 4.15.5-2
|
||||
- resolves: rhbz#1979959 - Improve idmap autorid sanity checks and documentation
|
||||
|
||||
* Mon Feb 14 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.15.5-101
|
||||
- resolves: #2050111 - [RFE] Change change password change prompt phrasing
|
||||
- resolves: #2054110 - virusfilter_vfs_openat: Not scanned: Directory or special file
|
||||
* Mon Feb 14 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.15.5-1
|
||||
- resolves: #1995849 - [RFE] Change change password change prompt phrasing
|
||||
- resolves: #2029417 - virusfilter_vfs_openat: Not scanned: Directory or special file
|
||||
|
||||
* Wed Feb 02 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.15.5-100
|
||||
- related: rhbz#2013578 - Rebase Samba to the the latest 4.15.x release
|
||||
- resolves: #2046129 - Fix CVE-2021-44141
|
||||
- resolves: #2046154 - Fix CVE-2021-44142
|
||||
- resolves: #2044405 - Fix printing no longer works on Windows 7
|
||||
- resolves: #2049485 - Fix systemd notifications
|
||||
- resolves: #2049604 - Disable NTLMSSP for ldap client connections
|
||||
* Wed Feb 02 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.15.5-0
|
||||
- Update to Samba 4.15.5
|
||||
- related: rhbz#2013596 - Rebase Samba to the the latest 4.15.x release
|
||||
- resolves: rhbz#2046127 - Fix CVE-2021-44141
|
||||
- resolves: rhbz#2046153 - Fix CVE-2021-44142
|
||||
- resolves: rhbz#2044404 - Printing no longer works on Windows 7
|
||||
- resolves: rhbz#2043154 - Fix systemd notifications
|
||||
- resolves: rhbz#2049602 - Disable NTLMSSP for ldap client connections (e.g. libads)
|
||||
|
||||
* Mon Jan 24 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.15.4-100
|
||||
- related: rhbz#2013578 - Rebase Samba to the the latest 4.15.x release
|
||||
- resolves: #2039154 - Fix CVE-2021-20316
|
||||
- resolves: #2044238 - Failed to authenticate users after upgrade samba package to release samba-4.14.5-7x
|
||||
- resolves: #2044239 - [smb] Segmentation fault when joining the domain
|
||||
- resolves: #2044241 - filename_convert_internal: open_pathref_fsp [xxx] failed: NT_STATUS_ACCESS_DENIED
|
||||
- resolves: #2044255 - Fix CVE-2021-43566
|
||||
* Fri Jan 21 2022 Pavel Filipenský <pfilipen@redhat.com> - 4.15.4-0
|
||||
- Update to Samba 4.15.4
|
||||
- related: rhbz#2013596 - Rebase Samba to the the latest 4.15.x release
|
||||
- resolves: rhbz#2039153 - Fix CVE-2021-20316
|
||||
- resolves: rhbz#1912549 - Winexe: Kerberos flag not invoking Kerberos Auth
|
||||
- resolves: rhbz#2039157 - Fix CVE-2021-43566
|
||||
- resolves: rhbz#2038148 - Failed to authenticate users after upgrade samba package to release samba-4.14.5-7
|
||||
- resolves: rhbz#2035528 - [smb] Segmentation fault when joining the domain
|
||||
- resolves: rhbz#2038796 - filename_convert_internal: open_pathref_fsp [xxx] failed: NT_STATUS_ACCESS_DENIED
|
||||
|
||||
* Wed Dec 15 2021 Pavel Filipenský <pfilipen@redhat.com> - 4.15.3-1
|
||||
- related: rhbz#2013578 - Rebase to Samba 4.15.3
|
||||
- resolves: rhbz#2028026 - Fix possible null pointer dereference in winbind
|
||||
- resolves: rhbz#2033317 - Winexe: Kerberos Auth is respected via --use-kerberos=desired
|
||||
* Thu Dec 16 2021 Pavel Filipenský <pfilipen@redhat.com> - 4.15.3-1
|
||||
- related: rhbz#2013596 - Rebase to version 4.15.3
|
||||
- resolves: rhbz#2028029 - Fix possible null pointer dereference in winbind
|
||||
- resolves: rhbz#1912549 - Winexe: Kerberos Auth is respected via --use-kerberos=desired
|
||||
|
||||
* Fri Dec 03 2021 Andreas Schneider <asn@redhat.com> - 4.15.2-3
|
||||
- related: rhbz#2013578 - Remove unneeded lmdb dependency
|
||||
* Fri Dec 03 2021 Andreas Schneider <asn@redhat.com> - 4.15.2-2
|
||||
- related: rhbz#2013596 - Remove unneeded lmdb dependency
|
||||
|
||||
* Wed Dec 01 2021 Pavel Filipenský <pfilipen@redhat.com> - 4.15.2-2
|
||||
- resolves: rhbz#2019675 - Fix CVE-2020-25717
|
||||
* Thu Nov 25 2021 Pavel Filipenský <pfilipen@redhat.com> - 4.15.2-1
|
||||
- resolves: rhbz#2013596 - Rebase to version 4.15.2
|
||||
- resolves: rhbz#1999294 - Remove noisy error message in winbindd
|
||||
- resolves: rhbz#1958881 - Don't require winbind being online for krb5 auth
|
||||
with one-way trusts
|
||||
- resolves: rhbz#2019461 - Fix deleting directories with dangling symlinks
|
||||
|
||||
* Wed Dec 01 2021 Pavel Filipenský <pfilipen@redhat.com> - 4.15.2-2
|
||||
- resolves: rhbz#2019669 - Fix CVE-2021-23192
|
||||
* Mon Nov 22 2021 Andreas Schneider <asn@redhat.com> - 4.14.5-14
|
||||
- related: rbhz#2019674 - Fix CVE-2020-25717
|
||||
- Fix running ktest (selftest)
|
||||
|
||||
* Wed Dec 01 2021 Pavel Filipenský <pfilipen@redhat.com> - 4.15.2-2
|
||||
- resolves: rhbz#2019663 - Fix CVE-2016-2124
|
||||
* Sat Nov 13 2021 Alexander Bokovoy <abokovoy@redhat.com> - 4.14.5-13
|
||||
- related: rbhz#2019674 - Fix CVE-2020-25717
|
||||
- Add missing checks for IPA DC server role
|
||||
|
||||
* Mon Nov 29 2021 Pavel Filipenský <pfilipen@redhat.com> - 4.15.2-1
|
||||
- resolves: rhbz#2013578 - Rebase to Samba 4.15.2
|
||||
* Wed Nov 10 2021 Andreas Schneider <asn@redhat.com> - 4.14.5-12
|
||||
- related: rbhz#2019674 - Fix regression with 'allow trusted domains = no'
|
||||
|
||||
* Tue Aug 31 2021 Andreas Schneider <asn@redhat.com> - 4.14.5-103
|
||||
- resolves: rhbz#1980356 - Fix winbind restart on package upgrade
|
||||
* Tue Nov 09 2021 Andreas Schneider <asn@redhat.com> - 4.14.5-11
|
||||
- resolves: rhbz#2021425 - Add missing PAC buffer types to krb5pac.idl
|
||||
|
||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 0:4.14.5-102
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
* Fri Nov 05 2021 Andreas Schneider <asn@redhat.com> - 4.14.4-3
|
||||
- resolves: rhbz#2019662 - Fix CVE-2016-2124
|
||||
- resolves: rhbz#2019668 - Fix CVE-2021-23192
|
||||
- resolves: rbhz#2019674 - Fix CVE-2020-25717
|
||||
|
||||
* Thu Jun 24 2021 Andreas Schneider <asn@redhat.com> - 4.14.5-101
|
||||
- related: rhbz#1975690 - Create a subpackage for vfs-iouring
|
||||
* Tue Jul 13 2021 Andreas Schneider <asn@redhat.com> - 4.14.4-2
|
||||
- related: rhbz#1980346 - Rebuild for libtalloc 0.11.0
|
||||
|
||||
* Tue Jun 22 2021 Andreas Schneider <asn@redhat.com> - 4.14.5-100
|
||||
- related: rhbz#1954531 - Make sure upgrades to RHEL9 will work
|
||||
* Thu Jun 24 2021 Andreas Schneider <asn@redhat.com> - 4.14.4-1
|
||||
- resolves: rhbz#1974792 - Create a subpackage for vfs-io-uring
|
||||
- resolves: rhbz#1965397 - Raise log level for dfs ENOENT debug message
|
||||
|
||||
* Tue Jun 01 2021 Andreas Schneider <asn@redhat.com> - 4.14.5-0
|
||||
- related: rhbz#1954531 - Update to Samba 4.14.5
|
||||
* Thu Jun 10 2021 Andreas Schneider <asn@redhat.com> - 4.14.4-0
|
||||
- related: rhbz#1944657 - Update to version 4.14.5
|
||||
- resolves: rhbz#1969787 - Fix memory leak in RPC server
|
||||
- resolves: rhbz#1954974 - Validate smb.conf option for domain members with testparm
|
||||
- resolves: rhbz#1963298 - Fix smbd trying to delete files with wrong permissions
|
||||
- resolves: rhbz#1890008 - Update rpcclient manpage to list all available commands
|
||||
- resolves: rhbz#1857254 - Update smbcacls manpage to document inhertance flags
|
||||
|
||||
* Thu May 20 2021 Andreas Schneider <asn@redhat.com> - 4.14.4-7
|
||||
- related: rhbz#1954531 - Fix build issues with gcc
|
||||
- resolves: rhbz#1959712 - Add iouring vfs module
|
||||
* Wed May 12 2021 Andreas Schneider <asn@redhat.com> - 4.14.4-4
|
||||
- related: rhbz#1944657 - Fix possible upgrade issues
|
||||
|
||||
* Mon May 03 2021 Andreas Schneider <asn@redhat.com> - 4.14.4-5
|
||||
* related: rhbz#1954531 - Add rpminspect.yaml
|
||||
* Tue May 11 2021 Andreas Schneider <asn@redhat.com> - 4.14.4-2
|
||||
- resolves: rhbz#1944657 - Update to version 4.14.4
|
||||
- resolves: rhbz#1949445 - Fix CVE-2021-20254
|
||||
- resolves: rhbz#1947945 - Fix libsmbldap.so.2 not being a symbolic link
|
||||
- resolves: rhbz#1908506 - Fix creating the gencache user directory
|
||||
- resolves: rhbz#1901029 - Build the vfs_io_uring module
|
||||
|
||||
* Fri Apr 30 2021 Andreas Schneider <asn@redhat.com> - 4.14.4-2
|
||||
- related: rhbz#1954531 - Remove obsolete /var/spool/samba
|
||||
* Thu Feb 04 2021 Andreas Schneider <asn@redhat.com> - 4.13.3-3
|
||||
- resolves: #1924615 - Fix a memcache bug when cache is full
|
||||
- resolves: #1924571 - Ensure that libwbclient has been updated before
|
||||
restarting services
|
||||
|
||||
* Thu Apr 29 2021 Andreas Schneider <asn@redhat.com> - 4.14.4-1
|
||||
- resolves: rhbz#1954531 - Update to Samba 4.14.4
|
||||
- resolves: rhbz#1949446 - Fix CVE-2021-20254
|
||||
- resolves: rhbz#1942378 - Disable nis support
|
||||
* Fri Jan 29 2021 Andreas Schneider <asn@redhat.com> - 4.13.3-2
|
||||
- resolves: #1909647 - Fix winbind in trust scenarios with connection issues
|
||||
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0:4.14.2-0.1
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
* Wed Dec 16 2020 Andreas Schneider <asn@redhat.com> - 4.13.3-1
|
||||
- related: #1878109 - Rebase Samba to version 4.13.3
|
||||
|
||||
* Thu Mar 25 2021 Guenther Deschner <gdeschner@redhat.com> - 4.14.2-0
|
||||
- Update to Samba 4.14.2
|
||||
- related: #1941400, #1942496 - Security fixes for CVE-2020-27840
|
||||
- related: #1941402, #1942497 - Security fixes for CVE-2021-20277
|
||||
* Fri Dec 04 2020 Andreas Schneider <asn@redhat.com> - 4.13.2-5
|
||||
- resolves: #1904174 - Fix ldap timeout with 'net ads join'
|
||||
|
||||
* Wed Mar 24 2021 Guenther Deschner <gdeschner@redhat.com> - 4.14.1-0
|
||||
- Update to Samba 4.14.1
|
||||
- resolves: #1941400, #1942496 - Security fixes for CVE-2020-27840
|
||||
- resolves: #1941402, #1942497 - Security fixes for CVE-2021-20277
|
||||
* Fri Nov 27 2020 Andreas Schneider <asn@redhat.com> - 4.13.2-4
|
||||
- resolves: #1902198 - Document weak crypto output of testparm
|
||||
|
||||
* Tue Mar 09 2021 Guenther Deschner <gdeschner@redhat.com> - 4.14.0-3
|
||||
- Update to Samba 4.14.0
|
||||
* Wed Nov 25 2020 Andreas Schneider <asn@redhat.com> - 4.13.2-3
|
||||
- resolves: #1899113 - Fix following dfs links with smb clients
|
||||
|
||||
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2:4.14.0-0.0.rc4.2
|
||||
- Rebuilt for updated systemd-rpm-macros
|
||||
See https://pagure.io/fesco/issue/2583.
|
||||
|
||||
* Mon Mar 01 2021 Guenther Deschner <gdeschner@redhat.com> - 4.14.0rc4-0
|
||||
- Update to Samba 4.14.0rc4
|
||||
|
||||
* Thu Feb 18 2021 Guenther Deschner <gdeschner@redhat.com> - 4.14.0rc3-0
|
||||
- Update to Samba 4.14.0rc3
|
||||
|
||||
* Thu Feb 04 2021 Guenther Deschner <gdeschner@redhat.com> - 4.14.0rc2-0
|
||||
- Update to Samba 4.14.0rc2
|
||||
|
||||
* Wed Jan 27 2021 Guenther Deschner <gdeschner@redhat.com> - 4.14.0rc1-0
|
||||
- Update to Samba 4.14.0rc1
|
||||
|
||||
* Tue Jan 26 2021 Guenther Deschner <gdeschner@redhat.com> - 4.13.4-0
|
||||
- Update to Samba 4.13.4
|
||||
|
||||
* Wed Dec 16 2020 Guenther Deschner <gdeschner@redhat.com> - 4.13.3-1
|
||||
- Rebuild against krb5-1.19
|
||||
- Resolves: rhbz#1915928
|
||||
|
||||
* Tue Dec 15 2020 Guenther Deschner <gdeschner@redhat.com> - 4.13.3-0
|
||||
- Update to Samba 4.13.3
|
||||
|
||||
* Wed Nov 25 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.13.2-2
|
||||
- rhbz#1892745, rhbz#1900232: smbclient mget crashes (upstream bug 14517)
|
||||
- Merge RHEL 8.4 patches:
|
||||
- FIPS-related enhancements
|
||||
- FreeIPA Global Catalog patches
|
||||
* Tue Nov 17 2020 Andreas Schneider <asn@redhat.com> - 4.13.2-2
|
||||
- related: #1869702 - Fix spoolss crash
|
||||
- resolves: #1896736 - Fix name lookups of FreeIPA users
|
||||
- resolves: #1899113 - Fix DFS links
|
||||
|
||||
* Tue Nov 03 2020 Andreas Schneider <asn@redhat.com> - 4.13.2-1
|
||||
- Create a python3-samba-devel package to avoid unnessary dependencies
|
||||
- resolves: #1878109 - Rebase Samba to version 4.13.2
|
||||
- resolves: #1872833 - Add samba-winexe subpackage
|
||||
- resolves: #1891688 - Fix CVE-2020-14323
|
||||
- resolves: #1892633 - Fix CVE-2020-14318
|
||||
- resolves: #1892639 - Fix CVE-2020-14383
|
||||
- resolves: #1879835 - Fix CVE-2020-1472
|
||||
- resolves: #1888990 - Update smb.conf manpages to describe how to apply
|
||||
config changes.
|
||||
- resolves: #1869702 - Fix %U substitution for 'valid users' option
|
||||
- resolves: #1818038 - Improve FIPS compliance
|
||||
|
||||
* Tue Nov 03 2020 Guenther Deschner <gdeschner@redhat.com> - 4.13.2-0
|
||||
- Update to Samba 4.13.2
|
||||
* Wed Aug 12 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.12.3-12
|
||||
- resolves: #1868558 - cannot create a directory in home over SMB2, mkdirat returns EBADF
|
||||
|
||||
* Wed Jul 22 2020 Andreas Schneider <asn@redhat.com> - 4.12.3-11
|
||||
- resolves: #1859277 - Allow a user to use gencache
|
||||
|
||||
* Wed Jul 15 2020 Isaac Boukris <iboukris@redhat.com> - 4.12.3-10
|
||||
- related: #1856315 - Fix net-ads-join with LDAP over TLS
|
||||
|
||||
* Tue Jul 14 2020 Andreas Schneider <asn@redhat.com> - 4.12.3-9
|
||||
- related: #1817557 - Move DECRPC mdssvc data files to correct package
|
||||
- resolves: #1856676 - Fix lookuprids in winbind
|
||||
|
||||
* Mon Jul 13 2020 Isaac Boukris <iboukris@redhat.com> - 4.12.3-8
|
||||
- resolves: #1856315 - Fix net-ads-join with LDAP over TLS
|
||||
|
||||
* Thu Oct 29 2020 Guenther Deschner <gdeschner@redhat.com> - 4.13.1-0
|
||||
- Update to Samba 4.13.1
|
||||
- resolves: #1892631, #1892634 - Security fixes for CVE-2020-14318
|
||||
- resolves: #1891685, #1892628 - Security fixes for CVE-2020-14323
|
||||
- resolves: #1892636, #1892640 - Security fixes for CVE-2020-14383
|
||||
* Fri Jul 10 2020 Andreas Schneider <asn@redhat.com> - 4.12.3-7
|
||||
- resolves: #1855711 - Fix 'require_membership_of' documentation in
|
||||
pam_winbind manpage
|
||||
|
||||
* Mon Oct 26 2020 Andreas Schneider <asn@redhat.com> - 4.13.0-14
|
||||
- Fixed dbcheck running in a release tarball
|
||||
- Updated internal resolv_wrapper copy to verison 1.1.7
|
||||
* Thu Jul 09 2020 Andreas Schneider <asn@redhat.com> - 4.12.3-6
|
||||
- related: #1842844 - Fix TLS connections with GnuTLS
|
||||
|
||||
* Sun Oct 25 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.13.0-13
|
||||
- Report 'samba' daemon status back to systemd
|
||||
- Support dnspython 2.0.0 or later in samba_dnsupdate
|
||||
* Wed Jul 01 2020 Andreas Schneider <asn@redhat.com> - 4.12.3-5
|
||||
- resolves: #1823612 - Fix segfault in 'net ads dns gethostbyname'
|
||||
- resolves: #1792553 - Fix 'net ads join createcomputer=OU'
|
||||
|
||||
* Fri Jun 26 2020 Isaac Boukris <iboukris@redhat.com> - 4.12.3-4
|
||||
- resolves: #1850980 - Add "additional dns hostname" to keytab
|
||||
- resolves: #1850981 - Add net-ads-join dnshostname=fqdn option
|
||||
|
||||
* Fri Jun 19 2020 Andreas Schneider <asn@redhat.com> - 4.12.3-1
|
||||
- resolves: #1666737 - Add a new smbc_readdirplus2() function to libsmbclient
|
||||
- resolves: #1842844 - Fix GnuTLS priority list for TLS connections
|
||||
|
||||
* Thu Oct 22 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.13.0-12
|
||||
- Add preliminary support for S4U operations in Samba AD DC
|
||||
resolves: #1836630 - Samba DC: Remote Desktop cannot access files
|
||||
- Fix lookup_unix_user_name to allow lookup of realm-qualified users and groups
|
||||
required for upcoming FreeIPA Global Catalog support
|
||||
* Tue Jun 02 2020 Andreas Schneider <asn@redhat.com> - 4.12.3-0
|
||||
- resolves: #1817557 - Rebase to version 4.12.3
|
||||
- resolves: #1813833 - Fix 'net ads join createupn='
|
||||
|
||||
* Tue Sep 22 2020 Guenther Deschner <gdeschner@redhat.com> - 4.13.0-11
|
||||
- Update to Samba 4.13.0
|
||||
* Fri May 29 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.2-14
|
||||
- Rebuild with krb5 1.18
|
||||
- Resolves: #1817578 - support krb5 1.18
|
||||
|
||||
* Fri Sep 18 2020 Guenther Deschner <gdeschner@redhat.com> - 4.13.0rc6-10
|
||||
- Update to Samba 4.13.0rc6
|
||||
- resolves: #1879822, #1880703 - Security fixes for CVE-2020-1472
|
||||
* Thu Feb 13 2020 Isaac Boukris <iboukris@redhat.com> - 4.11.2-13
|
||||
- resolves: #1802182 - Fix join using netbios name
|
||||
|
||||
* Wed Sep 16 2020 Guenther Deschner <gdeschner@redhat.com> - 4.13.0rc5-9
|
||||
- Update to Samba 4.13.0rc5
|
||||
* Wed Jan 29 2020 Andreas Schneider <asn@redhat.com> - 4.11.2-12
|
||||
- related: #1781232 - Improve debug output of smbclient
|
||||
- resolves: #1794461 - Do not return bogus inode numbers in
|
||||
cli_qpathinfo2()/cli_qpathinfo3() for SMB1
|
||||
- resolves: #1794442 - Fix segfault in smbd_do_qfilepathinfo()
|
||||
|
||||
* Mon Sep 07 2020 Guenther Deschner <gdeschner@redhat.com> - 4.13.0rc4-8
|
||||
- Update to Samba 4.13.0rc4
|
||||
* Thu Jan 23 2020 Isaac Boukris <iboukris@redhat.com> - 4.11.2-11
|
||||
- resolves: #1778130 - Remove usage of DES encryption types in krb5
|
||||
|
||||
* Fri Aug 28 2020 Neal Gompa <ngompa13@gmail.com> - 4.13.0rc3-6
|
||||
- Enable winexe by default everywhere
|
||||
* Fri Jan 17 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.2-10
|
||||
- resolves: #1790353 - Fix access check in DsRGetForestTrustInformation
|
||||
- resolves: #1791209 - Fix CVE-2019-14907
|
||||
|
||||
* Fri Aug 28 2020 Guenther Deschner <gdeschner@redhat.com> - 4.13.0rc3-5
|
||||
- Update to Samba 4.13.0rc3
|
||||
* Fri Jan 10 2020 Andreas Schneider <asn@redhat.com> - 4.11.2-9
|
||||
- resolves: #1785134 - Fix libwbclient manual alternative settings
|
||||
|
||||
* Fri Aug 14 2020 Guenther Deschner <gdeschner@redhat.com> - 4.13.0rc2-4
|
||||
- Update to Samba 4.13.0rc2
|
||||
* Fri Jan 10 2020 Andreas Schneider <asn@redhat.com> - 4.11.2-8
|
||||
- resolves: #1781232 - Fix smbclient debug message
|
||||
|
||||
* Wed Aug 12 2020 Andreas Schneider <asn@redhat.com> - 4.13.0rc1-3
|
||||
- resolves: #1865831 - Add missing /usr/lib64/samba/krb5 directory
|
||||
- resolves: #1866989 - Remove obsolete python3-crypto dependency
|
||||
* Thu Dec 12 2019 Andreas Schneider <asn@redhat.com> - 4.11.2-7
|
||||
- related: #1637861 - Fix trust creation if weak crypto is disallowed
|
||||
|
||||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.13.0-0.2.rc1.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
* Tue Dec 10 2019 Andreas Schneider <asn@redhat.com> - 4.11.2-6
|
||||
- resolves: #1637861 - Use GnuTLS for crypto
|
||||
|
||||
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 2:4.13.0-0.2.rc1
|
||||
- Use make macros
|
||||
https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||
* Thu Dec 05 2019 Andreas Schneider <asn@redhat.com> - 4.11.2-4
|
||||
- related: #1754409 - Add patch to avoid overlinking with libnsl and libsocket
|
||||
- related: #1754409 - Fix permissions for pidl
|
||||
- related: #1754409 - Fix logrotate script
|
||||
- related: #1754409 - Add missing README files
|
||||
|
||||
* Tue Jul 14 2020 Andreas Schneider <asn@redhat.com> - 4.13.0rc1-1
|
||||
- Move mdssvc data files to correct package
|
||||
* Mon Dec 02 2019 Andreas Schneider <asn@redhat.com> - 4.11.2-3
|
||||
- related: #1754409 - Fix pidl packaging
|
||||
|
||||
* Thu Jul 09 2020 Guenther Deschner <gdeschner@redhat.com> - 4.13.0rc1-0
|
||||
- Update to Samba 4.13.0rc1
|
||||
* Fri Nov 29 2019 Andreas Schneider <asn@redhat.com> - 4.11.2-1
|
||||
- resolves: #1754409 - Rebase to Samba version 4.11.2
|
||||
- resolves: #1776312 - Winbind is not restarted on upgrade
|
||||
- resolves: #1764469 - Fix CVE-2019-10218
|
||||
- resolves: #1746241 - Fix CVE-2019-10197
|
||||
- resolves: #1710980 - Add support for KCM ccache in pam_winbind
|
||||
|
||||
* Wed Jul 08 2020 Merlin Mathesius <mmathesi@redhat.com> - 4.12.5-1
|
||||
- Remove nonexistent --without-winexe option from configure
|
||||
* Wed Oct 23 2019 Andreas Schneider <asn@redhat.com> - 4.10.4-101
|
||||
- related: #1760824 - Removed additional issues with overlinking
|
||||
|
||||
* Thu Jul 02 2020 Guenther Deschner <gdeschner@redhat.com> - 4.12.5-0
|
||||
- Update to Samba 4.12.5
|
||||
* Fri Oct 11 2019 Andreas Schneider <asn@redhat.com> - 4.10.4-100
|
||||
- resolves: #1754575 - Avoid overlinking with librt and libpthread
|
||||
- resolves: #1755440 - Fix forest trusts enumeration
|
||||
- resolves: #1755445 - Fix CUPS username/password authentication with smbspool
|
||||
|
||||
* Thu Jul 02 2020 Guenther Deschner <gdeschner@redhat.com> - 4.12.4-0
|
||||
- Update to Samba 4.12.4
|
||||
- resolves: #1849489, #1853255 - Security fixes for CVE-2020-10730
|
||||
- resolves: #1849491, #1853256 - Security fixes for CVE-2020-10745
|
||||
- resolves: #1849509, #1853276 - Security fixes for CVE-2020-10760
|
||||
- resolves: #1851298, #1853259 - Security fixes for CVE-2020-14303
|
||||
* Wed Jun 19 2019 Andreas Schneider <asn@redhat.com> - 4.10.4-1
|
||||
- resolves: #1712378 - Fix smbspool CUPS backend
|
||||
- resolves: #1696612 - Fix 'net ads join -U admin@parentdomain'
|
||||
|
||||
* Sat Jun 27 2020 Jitka Plesnikova <jplesnik@redhat.com> - 2:4.12.3-1.1
|
||||
- Perl 5.32 re-rebuild updated packages
|
||||
* Thu May 23 2019 Andreas Schneider <asn@redhat.com> - 4.10.4-0
|
||||
- related: #1638001 - Rebase to Samba version 4.10.4
|
||||
- resolves: #1597298 - Build Samba with python3
|
||||
- resolves: #1658558 - Add 'net ads leave --keep-account' option
|
||||
- resolves: #1669004 - Fix systemd status notifications
|
||||
- resolves: #1672167 - Fix printing cache timeout in debug output
|
||||
- resolves: #1696525 - Fix CVE-2019-3880
|
||||
|
||||
* Thu Jun 25 2020 Guenther Deschner <gdeschner@redhat.com> - 4.12.3-1
|
||||
- Add BuildRequires for python3-setuptools
|
||||
* Fri May 17 2019 Andreas Schneider <asn@redhat.com> - 4.10.3-0
|
||||
- related: #1638001 - Rebase to Samba version 4.10.3
|
||||
|
||||
* Thu Jun 25 2020 Jitka Plesnikova <jplesnik@redhat.com> - 2:4.12.3-0.4
|
||||
- Perl 5.32 rebuild
|
||||
* Fri May 10 2019 Andreas Schneider <asn@redhat.com> - 4.10.2-1
|
||||
- related: #1638001 - Fix package upgrades
|
||||
|
||||
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 2:4.12.3-0.3
|
||||
- Rebuilt for Python 3.9
|
||||
* Mon May 06 2019 Andreas Schneider <asn@redhat.com> - 4.10.2-0
|
||||
- resolves: #1638001 - Rebase Samba to version 4.10
|
||||
|
||||
* Tue May 19 2020 Guenther Deschner <gdeschner@redhat.com> - 4.12.3-0
|
||||
- Update to Samba 4.12.3
|
||||
* Thu Jan 03 2019 Andreas Schneider <asn@redhat.com> - 4.9.1-8
|
||||
- resolves: #1663421 - Fix perl interpreter dependencies
|
||||
|
||||
* Fri May 15 2020 Pete Walter <pwalter@fedoraproject.org> - 2:4.12.2-1.2
|
||||
- Rebuild for ICU 67
|
||||
* Wed Dec 19 2018 Andreas Schneider <asn@redhat.com> - 4.9.1-7
|
||||
- resolves: #1658690 - Add smbc_setOptionProtocols()
|
||||
- resolves: #1658678 - Fix spoolss client operations against Windows
|
||||
|
||||
* Wed May 13 2020 Guenther Deschner <gdeschner@redhat.com> - 4.12.2-1
|
||||
- Add support for building the new experimental io_uring VFS module
|
||||
* Mon Dec 10 2018 Andreas Schneider <asn@redhat.com> - 4.9.1-6
|
||||
- resolves: #1642092 - Harden [homes] share export
|
||||
- resolves: #1648846 - Fix out of bound array access in ctdb
|
||||
- resolves: #1657266 - Fix tmp directory creation in /run
|
||||
|
||||
* Tue Apr 28 2020 Guenther Deschner <gdeschner@redhat.com> - 4.12.2-0
|
||||
- Update to Samba 4.12.2
|
||||
- resolves: #1825731, #1828870 - Security fixes for CVE-2020-10700
|
||||
- resolves: #1825734, #1828872 - Security fixes for CVE-2020-10704
|
||||
* Fri Nov 09 2018 Andreas Schneider <asn@redhat.com> - 4.9.1-5
|
||||
- resolves: #1644327 - Segfault if wrong 'passdb backend' is configured
|
||||
- resolves: #1647959 - Segfault in the debug system with hardended build
|
||||
|
||||
* Sun Apr 12 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.12.1-1
|
||||
- Revert POSIX stat tuning in libsmbclient
|
||||
- Resolves: rhbz#1801442
|
||||
* Fri Sep 28 2018 Andreas Schneider <asn@redhat.com> - 4.9.1-4
|
||||
- related: #1614232 - Fix some spec file issues detected by rpmdiff
|
||||
|
||||
* Tue Apr 07 2020 Guenther Deschner <gdeschner@redhat.com> - 4.12.1-0
|
||||
- Update to Samba 4.12.1
|
||||
* Wed Sep 26 2018 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.1-3
|
||||
- Temporarily remove smbtorture from samba-test due to Python 2 linkage
|
||||
- related: #1609661 - samba-test package cannot be installed due to unresolved dependencies
|
||||
|
||||
* Sat Mar 21 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.12.0-6
|
||||
- Fix samba_requires_eq macro definition
|
||||
- Resolves rhbz#1815739
|
||||
* Wed Sep 26 2018 Andreas Schneider <asn@redhat.com> - 4.9.1-2
|
||||
- related: #1614232 - Add CTDB examples with a config migration script
|
||||
|
||||
* Tue Mar 10 2020 Guenther Deschner <gdeschner@redhat.com> - 4.12.0-5
|
||||
- Add build requirement for perl-FindBin
|
||||
- resolves: #1661213 - Add winexe subpackage for remote windows command execution
|
||||
|
||||
* Tue Mar 03 2020 Guenther Deschner <gdeschner@redhat.com> - 4.12.0-3
|
||||
- Update to Samba 4.12.0
|
||||
|
||||
* Wed Feb 26 2020 Guenther Deschner <gdeschner@redhat.com> - 4.12.0rc4-2
|
||||
- Update to Samba 4.12.0rc4
|
||||
|
||||
* Wed Feb 19 2020 Guenther Deschner <gdeschner@redhat.com> - 4.12.0rc3-2
|
||||
- Update to Samba 4.12.0rc3
|
||||
|
||||
* Tue Feb 04 2020 Guenther Deschner <gdeschner@redhat.com> - 4.12.0rc2-2
|
||||
- Update to Samba 4.12.0rc2
|
||||
|
||||
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.12.0-0.1.rc1.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Fri Jan 24 2020 Alexander Bokovoy <abokovoy@redhat.com> - 4.12.0.rc1-1
|
||||
- Allow building against krb5 1.18 beta and require it for Rawhide
|
||||
|
||||
* Wed Jan 22 2020 Guenther Deschner <gdeschner@redhat.com> - 4.12.0rc1-0
|
||||
- Update to Samba 4.12.0rc1
|
||||
|
||||
* Tue Jan 21 2020 Guenther Deschner <gdeschner@redhat.com> - 4.11.5-0
|
||||
- Update to Samba 4.11.5
|
||||
- resolves: #1791201, #1793405 - Security fixes for CVE-2019-14902
|
||||
- resolves: #1791207, #1793407 - Security fixes for CVE-2019-14907
|
||||
- resolves: #1791204, #1793406 - Security fixes for CVE-2019-19344
|
||||
|
||||
* Mon Dec 16 2019 Guenther Deschner <gdeschner@redhat.com> - 4.11.4-0
|
||||
- Update to Samba 4.11.4
|
||||
|
||||
* Tue Dec 10 2019 Guenther Deschner <gdeschner@redhat.com> - 4.11.3-0
|
||||
- Update to Samba 4.11.3
|
||||
- resolves: #1778586, #1781542 - Security fixes for CVE-2019-14861
|
||||
- resolves: #1778589, #1781545 - Security fixes for CVE-2019-14870
|
||||
|
||||
* Thu Dec 05 2019 Andreas Schneider <asn@redhat.com> - 4.11.2-2
|
||||
- Restart winbindd on samba-winbind package upgrade
|
||||
|
||||
* Wed Nov 06 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.2-1
|
||||
- Update DES removal patch
|
||||
|
||||
* Tue Oct 29 2019 Guenther Deschner <gdeschner@redhat.com> - 4.11.2-0
|
||||
- Update to Samba 4.11.2
|
||||
- resolves: #1763137, #1766558 - Security fixes for CVE-2019-10218
|
||||
- resolves: #1764126, #1766559 - Security fixes for CVE-2019-14833
|
||||
|
||||
* Sun Oct 27 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.11.1-1
|
||||
- resolves: #1757071 - Deploy new samba DC fails
|
||||
|
||||
* Fri Oct 18 2019 Guenther Deschner <gdeschner@redhat.com> - 4.11.1-0
|
||||
- Update to Samba 4.11.1
|
||||
|
||||
* Tue Sep 17 2019 Guenther Deschner <gdeschner@redhat.com> - 4.11.0-3
|
||||
- Update to Samba 4.11.0
|
||||
|
||||
* Wed Sep 11 2019 Guenther Deschner <gdeschner@redhat.com> - 4.11.0rc4-2
|
||||
- Update to Samba 4.11.0rc4
|
||||
|
||||
* Tue Sep 03 2019 Guenther Deschner <gdeschner@redhat.com> - 4.11.0rc3-2
|
||||
- Update to Samba 4.11.0rc3
|
||||
- resolves: #1746225, #1748308 - Security fixes for CVE-2019-10197
|
||||
|
||||
* Tue Aug 27 2019 Guenther Deschner <gdeschner@redhat.com> - 4.11.0rc2-2
|
||||
- resolves: #1746014 - re-add pidl
|
||||
|
||||
* Mon Aug 26 2019 Lubomir Rintel <lkundrak@v3.sk> - 2:4.11.0-0.1.rc2
|
||||
- Move the NetworkManager dispatcher script out of /etc
|
||||
|
||||
* Wed Aug 21 2019 Guenther Deschner <gdeschner@redhat.com> - 4.11.0rc2-0
|
||||
- Update to Samba 4.11.0rc2
|
||||
|
||||
* Tue Aug 20 2019 Guenther Deschner <gdeschner@redhat.com> - 4.11.0rc1-0
|
||||
- Update to Samba 4.11.0rc1
|
||||
|
||||
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 2:4.10.6-1.1
|
||||
- Rebuilt for Python 3.8
|
||||
|
||||
* Fri Aug 16 2019 Alexander Bokovoy <abokovoy@redhat.com> - 2:4.10.6-1
|
||||
- Fix Samba bug https://bugzilla.samba.org/show_bug.cgi?id=14091
|
||||
- Fixes: Windows systems cannot resolve IPA users and groups over LSA RPC
|
||||
|
||||
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.10.6-0.2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Mon Jul 08 2019 Guenther Deschner <gdeschner@redhat.com> - 4.10.6-0
|
||||
- Update to Samba 4.10.6
|
||||
|
||||
* Mon Jul 01 2019 Guenther Deschner <gdeschner@redhat.com> - 4.10.5-2
|
||||
- resolves: #1718113 - Avoid deprecated time.clock in wafsamba
|
||||
- resolves: #1711638 - Update to latest waf version 2.0.17
|
||||
|
||||
* Thu Jun 20 2019 Guenther Deschner <gdeschner@redhat.com> - 4.10.5-1
|
||||
- resolves: #1602824 - Make vfs_fruit operable with other remote VFS modules
|
||||
- resolves: #1716455 - Avoid pathconf() in get_real_filename() VFS calls
|
||||
- resolves: #1706090, #1700791 - Fix smbspool
|
||||
|
||||
* Wed Jun 19 2019 Guenther Deschner <gdeschner@redhat.com> - 4.10.5-0
|
||||
- Update to Samba 4.10.5
|
||||
- resolves: #1711816, #1721872 - Security fixes for CVE-2019-12435
|
||||
- resolves: #1711837, #1721873 - Security fixes for CVE-2019-12436
|
||||
|
||||
* Fri May 31 2019 Jitka Plesnikova <jplesnik@redhat.com> - 2:4.10.4-1.1
|
||||
- Perl 5.30 rebuild
|
||||
|
||||
* Tue May 28 2019 Guenther Deschner <gdeschner@redhat.com> - 4.10.4-1
|
||||
- Add missing ctdb directories
|
||||
- resolves: #1656777
|
||||
|
||||
* Wed May 22 2019 Guenther Deschner <gdeschner@redhat.com> - 4.10.4-0
|
||||
- Update to Samba 4.10.4
|
||||
|
||||
* Tue May 14 2019 Guenther Deschner <gdeschner@redhat.com> - 4.10.3-0
|
||||
- Update to Samba 4.10.3
|
||||
- resolves: #1705877, #1709679 - Security fixes for CVE-2018-16860
|
||||
|
||||
* Mon Apr 15 2019 Andreas Schneider <asn@redhat.com> - 4.10.2-1
|
||||
- resolves: #1699230 - Rebuild for MIT Kerberos soname bump of libkadm5srv
|
||||
|
||||
* Mon Apr 08 2019 Guenther Deschner <gdeschner@redhat.com> - 4.10.2-0
|
||||
- Update to Samba 4.10.2
|
||||
- resolves: #1689010, #1697718 - Security fixes for CVE-2019-3870
|
||||
- resolves: #1691518, #1697717 - Security fixes for CVE-2019-3880
|
||||
|
||||
* Wed Apr 03 2019 Guenther Deschner <gdeschner@redhat.com> - 4.10.1-0
|
||||
- Update to Samba 4.10.1
|
||||
|
||||
* Mon Mar 25 2019 Andreas Schneider <asn@redhat.com> - 4.10.0-6
|
||||
- resolves: #1692347 - Add missing DC requirement for its python3 tools
|
||||
|
||||
* Wed Mar 20 2019 Guenther Deschner <gdeschner@redhat.com> - 4.10.0-5
|
||||
- Fix build failure (duplication during install)
|
||||
|
||||
* Tue Mar 19 2019 Guenther Deschner <gdeschner@redhat.com> - 4.10.0-4
|
||||
- Update to Samba 4.10.0
|
||||
|
||||
* Wed Mar 06 2019 Guenther Deschner <gdeschner@redhat.com> - 4.10.0rc4-2
|
||||
- Update to Samba 4.10.0rc4
|
||||
|
||||
* Fri Feb 22 2019 Guenther Deschner <gdeschner@redhat.com> - 4.10.0rc3-2
|
||||
- Update to Samba 4.10.0rc3
|
||||
|
||||
* Sun Feb 17 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2:4.10.0-0.2.rc2.1
|
||||
- Rebuild for readline 8.0
|
||||
|
||||
* Thu Feb 14 2019 Andreas Schneider <asn@redhat.com> - 4.10.0rc2-2
|
||||
- resolves: #1672231 - Fix public NDR API
|
||||
|
||||
* Tue Feb 12 2019 Guenther Deschner <gdeschner@redhat.com> - 4.10.0rc2-1
|
||||
- resolves: #1674547 - Move samba.xattr modules out of python3 test package
|
||||
|
||||
* Wed Feb 06 2019 Guenther Deschner <gdeschner@redhat.com> - 4.10.0rc2-0
|
||||
- Update to Samba 4.10.0rc2
|
||||
|
||||
* Tue Jan 15 2019 Guenther Deschner <gdeschner@redhat.com> - 4.10.0rc1-0
|
||||
- Update to Samba 4.10.0rc1
|
||||
|
||||
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 2:4.9.4-0.1
|
||||
- Rebuilt for libcrypt.so.2 (#1666033)
|
||||
|
||||
* Thu Dec 20 2018 Guenther Deschner <gdeschner@redhat.com> - 4.9.4-0
|
||||
- Update to Samba 4.9.4
|
||||
|
||||
* Tue Nov 27 2018 Guenther Deschner <gdeschner@redhat.com> - 4.9.3-0
|
||||
- Update to Samba 4.9.3
|
||||
- resolves: #1625449, #1654078 - Security fixes for CVE-2018-14629
|
||||
- resolves: #1642545, #1654082 - Security fixes for CVE-2018-16841
|
||||
- resolves: #1646377, #1654091 - Security fixes for CVE-2018-16851
|
||||
- resolves: #1646386, #1654092 - Security fixes for CVE-2018-16852
|
||||
- resolves: #1647246, #1654093 - Security fixes for CVE-2018-16853
|
||||
- resolves: #1649278, #1654095 - Security fixes for CVE-2018-16857
|
||||
|
||||
* Thu Nov 08 2018 Guenther Deschner <gdeschner@redhat.com> - 4.9.2-0
|
||||
- Update to Samba 4.9.2
|
||||
|
||||
* Wed Sep 26 2018 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.1-2
|
||||
- Package ctdb/doc/examples
|
||||
|
||||
* Mon Sep 24 2018 Andreas Schneider <asn@redhat.com> - 4.9.1-1
|
||||
- Update to Samba 4.9.1
|
||||
|
||||
* Thu Sep 13 2018 Guenther Deschner <gdeschner@redhat.com> - 4.9.0-4
|
||||
- Update to Samba 4.9.0
|
||||
* Tue Sep 25 2018 Andreas Schneider <asn@redhat.com> - 4.9.1-1
|
||||
- resolves: #1614232 - Update to Samba 4.9.1
|
||||
|
||||
* Thu Sep 06 2018 Andreas Schneider <asn@redhat.com> - 4.9.0rc5-3
|
||||
- Update to Samba 4.9.0rc5
|
||||
- related: #1614232 - Update to Samba 4.9.0rc5
|
||||
- resolves: #1610909 - Re-enable glubsterfs vfs module
|
||||
- resolves: #1624170 - Build with -fstack-protectore-strong if available
|
||||
- resolves: #1602685 - Fixed issues found by covscan
|
||||
|
||||
* Wed Aug 29 2018 Guenther Deschner <gdeschner@redhat.com> - 4.9.0rc4-3
|
||||
- Update to Samba 4.9.0rc4
|
||||
|
||||
* Thu Aug 16 2018 Andreas Schneider <asn@redhat.com> - 4.9.0rc3-3
|
||||
- Fix python3 packaging
|
||||
|
||||
* Wed Aug 15 2018 Guenther Deschner <gdeschner@redhat.com> - 4.9.0rc3-2
|
||||
- Update to Samba 4.9.0rc3
|
||||
- resolves: #1589651, #1617916 - Security fixes for CVE-2018-1139
|
||||
- resolves: #1580230, #1618613 - Security fixes for CVE-2018-1140
|
||||
- resolves: #1612805, #1618697 - Security fixes for CVE-2018-10858
|
||||
- resolves: #1610640, #1617910 - Security fixes for CVE-2018-10918
|
||||
- resolves: #1610645, #1617911 - Security fixes for CVE-2018-10919
|
||||
* Fri Aug 17 2018 Andreas Schneider <asn@redhat.com> - 4.9.0rc3-3
|
||||
- related: #1614232 - Update to Samba 4.9.0rc3
|
||||
- resolves: #1554753 - Fix CVE-2018-1050
|
||||
- resolves: #1617912 - Fix CVE-2018-10858
|
||||
- resolves: #1617913 - Fix CVE-2018-10918
|
||||
- resolves: #1617914 - Fix CVE-2018-10919
|
||||
- resolves: #1617915 - Fix CVE-2018-1139
|
||||
- resolves: #1612522 - Manpage fixes
|
||||
|
||||
* Wed Aug 01 2018 Andreas Schneider <asn@redhat.com> - 4.9.0rc2-2
|
||||
- Add some spec file cleanups
|
||||
|
||||
* Wed Aug 01 2018 Guenther Deschner <gdeschner@redhat.com> - 4.9.0rc2-0
|
||||
- Update to Samba 4.9.0rc2
|
||||
|
||||
* Thu Jul 12 2018 Guenther Deschner <gdeschner@redhat.com> - 4.9.0rc1-0
|
||||
* Fri Jul 27 2018 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.0rc1-2
|
||||
- Do not package Python 2 artefacts by default
|
||||
|
||||
* Sat Jul 21 2018 Alexander Bokovoy <abokovoy@redhat.com> - 4.9.0rc1-1
|
||||
- Don't build dns and dsdb-related modules without AD DC
|
||||
|
||||
* Fri Jul 13 2018 Guenther Deschner <gdeschner@redhat.com> - 4.9.0rc1-0
|
||||
- Update to Samba 4.9.0rc1
|
||||
|
||||
* Thu Jul 12 2018 Alexander Bokovoy <abokovoy@redhat.com> - 2:4.8.3-4.1
|
||||
- Scope to local __bss_start symbol (typo in a patch)
|
||||
- Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1600035
|
||||
|
||||
* Thu Jul 12 2018 Alexander Bokovoy <abokovoy@redhat.com> - 2:4.8.3-4
|
||||
- Change scope to local for symbols automatically added by upcoming binutils 2.31
|
||||
- Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1600035
|
||||
|
||||
* Wed Jul 11 2018 Alexander Bokovoy <abokovoy@redhat.com> - 2:4.8.3-3
|
||||
- Rebuild Samba against binutils 2.30.90-2.fc29
|
||||
- Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1600035
|
||||
- Add explicit BuildRequires for gcc
|
||||
|
||||
* Fri Jul 06 2018 Petr Pisar <ppisar@redhat.com>
|
||||
- Perl 5.28 rebuild
|
||||
|
||||
* Thu Jul 05 2018 Alexander Bokovoy <abokovoy@redhat.com> - 2:4.8.3-2
|
||||
- Fix rawhide build by explicitly using /usr/bin/python2
|
||||
|
||||
* Tue Jul 03 2018 Petr Pisar <ppisar@redhat.com>
|
||||
- Perl 5.28 rebuild
|
||||
|
||||
* Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 2:4.8.3-1.2
|
||||
- Rebuilt for Python 3.7
|
||||
|
||||
* Thu Jun 28 2018 Jitka Plesnikova <jplesnik@redhat.com> - 2:4.8.3-1.1
|
||||
- Perl 5.28 rebuild
|
||||
* Mon Jul 02 2018 Petr Viktorin <pviktori@redhat.com> - 4.8.3-2
|
||||
- Use %%{__python2}, not "python", as the Python2 interpreter
|
||||
- Add workaround to allow building with Python 2
|
||||
- Change unversioned python macros to python2
|
||||
- Disable gluster temporarily
|
||||
|
||||
* Tue Jun 26 2018 Andreas Schneider <asn@redhat.com> - 4.8.3-1
|
||||
- Update to Samba 4.8.3
|
||||
|
|
Loading…
Reference in New Issue